diff --git a/CHANGELOG b/CHANGELOG index 3c7951a11..4edcc7b1e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -25,21 +25,27 @@ o Chagned the interesting ports array from a 65K-member array of some cases, and should also give a slight runtime performance boost. This patch was written by Paul Tarjan (ptarjan(a)gmail.com). -o Integrated a bunch of nmap-service-probes fingerprints from Doug +o Integrated a ton of nmap-service-probes fingerprints from Doug Hoyte (doug(a)hcsw.org) -o The OS fingerprint is now provided in XML output if debugging is - enabled (-d) or verbosity is at least 2 (-v -v). This patch was - sent by Okan Demirmen (okan(a)demirmen.com) +o Integrated many nmap-service-probes changes from Bo Jiang + (jiangbo(a)brandeis.edu) o Added a stripped-down version of Dug Song's excellent libdnet networking library (v. 1.10). This allows Nmap to send raw ethernet frames for the new ARP ping feature. +o The OS fingerprint is now provided in XML output if debugging is + enabled (-d) or verbosity is at least 2 (-v -v). This patch was + sent by Okan Demirmen (okan(a)demirmen.com) + o Fixed the way tcp connect scan (-sT) respons to ICMP network unreachable responses (patch by Richard Moore (rich(a)westpoint.ltd.uk). +o Changed routethrough() to use libdnet rather than all of my custom + code. + o Fixed a crash problem related to non-portable varargs (vsnprintf) usage. Reports of this crash came from Alan William Somers (somers(a)its.caltech.edu) and Christophe (chris.branch(a)gmx.de). @@ -94,6 +100,11 @@ o ultra_scan() now sets pseudo-random ACK values (rather than 0) for o Added a bunch of RPC numbers from nmap-rpc maintainer Eilon Gishri (eilon(a)aristo.tau.ac.il) +o Added 'leet ASCII art to the confugrator! ARTIST NOTE: If you think + the ASCII art sucks, feel free to send me alternatives. Note that + only people compiling the UNIX source code get this. (ASCII artist + unknown). + o Added a distcc probes and a bunch of smtp matches from Dirk Mueller (mueller(a)kde.org) to nmap-service-probes. Also added AFS version probe and matches from Lionel Cons (lionel.cons(a)cern.ch). And @@ -126,11 +137,6 @@ o Changed from CVS to Subversion source control system (which change users will see is that "Id" tags in file headers use the SVN format for version numbering and such. -o Added 'leet ASCII art to the confugrator! ARTIST NOTE: If you think - the ASCII art sucks, feel free to send me alternatives. Note that - only people compiling the UNIX source code get this. (ASCII artist - unknown). - Nmap 3.81 o Nmap now ships with and installs (in the same directory as other diff --git a/Makefile.in b/Makefile.in index 9385337d6..dbf3bae84 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -export NMAP_VERSION = 3.83 +export NMAP_VERSION = 3.83.SOC1 NMAP_NAME= nmap NMAP_URL= http://www.insecure.org/nmap/ NMAP_PLATFORM=@host@ diff --git a/NmapOps.cc b/NmapOps.cc index 0a8890ee4..7e68537cc 100644 --- a/NmapOps.cc +++ b/NmapOps.cc @@ -190,6 +190,7 @@ void NmapOps::Initialize() { debugging = DEBUGGING; verbose = DEBUGGING; randomize_hosts = 0; + sendpref = PACKET_SEND_NOPREF; spoofsource = 0; device[0] = '\0'; interactivemode = 0; @@ -328,6 +329,13 @@ void NmapOps::ValidateOptions() { fatal("Ping scan is not valid with any other scan types (the other ones all include a ping scan"); } + if (sendpref == PACKET_SEND_NOPREF) { +#ifdef WIN32 + sendpref = PACKET_SEND_ETH_STRONG; +#else + sendpref = PACKET_SEND_IP_WEAK; +#endif + } /* We start with stuff users should not do if they are not root */ if (!isr00t) { diff --git a/NmapOps.h b/NmapOps.h index 058955026..f30955808 100644 --- a/NmapOps.h +++ b/NmapOps.h @@ -122,6 +122,9 @@ class NmapOps { int TimeSinceStartMS(struct timeval *now=NULL); struct in_addr v4source(); const struct in_addr *v4sourceip(); + + + bool TCPScan(); /* Returns true if at least one chosen scan type is TCP */ bool UDPScan(); /* Returns true if at least one chosen scan type is UDP */ @@ -138,6 +141,26 @@ class NmapOps { user). */ int isr00t; int debugging; + +#define PACKET_SEND_NOPREF 1 +#define PACKET_SEND_ETH_WEAK 2 +#define PACKET_SEND_ETH_STRONG 4 +#define PACKET_SEND_ETH 6 +#define PACKET_SEND_IP_WEAK 8 +#define PACKET_SEND_IP_STRONG 16 +#define PACKET_SEND_IP 24 + + /* How should we send raw IP packets? Nmap can generally use either + ethernet or raw ip sockets. Which is better depends on platform + and goals. A _STRONG preference means that Nmap should use the + preferred method whenever it is possible (obviously it isn't + always possible -- sending ethernet frames won't work over a PPP + connection). This is useful when the other type doesn't work at + all. A _WEAK preference means that Nmap may use the other type + where it is substantially more efficient to do so. For example, + Nmap will still do an ARP ping scan of a local network even when + the pref is SEND_IP_WEAK */ + int sendpref; bool packetTrace() { return (debugging >= 3)? true : pTrace; } bool versionTrace() { return packetTrace()? true : vTrace; } // Note that packetTrace may turn on at high debug levels even if diff --git a/Target.cc b/Target.cc index cae3f0ebc..a5edd5e4e 100644 --- a/Target.cc +++ b/Target.cc @@ -119,17 +119,21 @@ void Target::Initialize() { osscan_performed = 0; wierd_responses = flags = 0; memset(&to, 0, sizeof(to)); - device[0] = '\0'; memset(&targetsock, 0, sizeof(targetsock)); memset(&sourcesock, 0, sizeof(sourcesock)); - targetsocklen = sourcesocklen = 0; + memset(&nexthopsock, 0, sizeof(nexthopsock)); + targetsocklen = sourcesocklen = nexthopsocklen = 0; + directly_connected = -1; targetipstring[0] = '\0'; nameIPBuf = NULL; memset(&MACaddress, 0, sizeof(MACaddress)); memset(&SrcMACaddress, 0, sizeof(SrcMACaddress)); - MACaddress_set = SrcMACaddress_set = false; + memset(&NextHopMACaddress, 0, sizeof(NextHopMACaddress)); + MACaddress_set = SrcMACaddress_set = NextHopMACaddress_set = false; htn.msecs_used = 0; htn.toclock_running = false; + interface_type = devt_other; + devname[0] = devfullname[0] = '\0'; } void Target::Recycle() { @@ -177,7 +181,8 @@ void Target::GenerateIPString() { /* Fills a sockaddr_storage with the AF_INET or AF_INET6 address information of the target. This is a preferred way to get the address since it is portable for IPv6 hosts. Returns 0 for - success. */ + success. ss_len must be provided. It is not examined, but is set + to the size of the sockaddr copied in. */ int Target::TargetSockAddr(struct sockaddr_storage *ss, size_t *ss_len) { assert(ss); assert(ss_len); @@ -307,6 +312,41 @@ const char *Target::NameIP() { return NameIP(nameIPBuf, MAXHOSTNAMELEN + INET6_ADDRSTRLEN); } + /* Returns the next hop for sending packets to this host. Returns true if + next_hop was filled in. It might be false, for example, if + next_hop has never been set */ +bool Target::nextHop(struct sockaddr_storage *next_hop, size_t *next_hop_len) { + if (nexthopsocklen <= 0) + return false; + assert(nexthopsocklen <= sizeof(*next_hop)); + if (next_hop) + memcpy(next_hop, &nexthopsock, nexthopsocklen); + if (next_hop_len) + *next_hop_len = nexthopsocklen; + return true; +} + + /* If the host is directly connected on a network, set and retrieve + that information here. directlyConnected() will abort if it hasn't + been set yet. */ +void Target::setDirectlyConnected(bool connected) { + directly_connected = connected? 1 : 0; +} + +bool Target::directlyConnected() { + assert(directly_connected == 0 || directly_connected == 1); + return directly_connected; +} + +/* Note that it is OK to pass in a sockaddr_in or sockaddr_in6 casted + to sockaddr_storage */ +void Target::setNextHop(struct sockaddr_storage *next_hop, size_t next_hop_len) { + assert(next_hop_len > 0 && next_hop_len <= sizeof(nexthopsock)); + memcpy(&nexthopsock, next_hop, next_hop_len); + nexthopsocklen = next_hop_len; +} + + /* Starts the timeout clock for the host running (e.g. you are beginning a scan). If you do not have the current time handy, you can pass in NULL. When done, call stopTimeOutClock (it will @@ -360,6 +400,22 @@ int Target::setSrcMACAddress(const u8 *addy) { return 0; } +int Target::setNextHopMACAddress(const u8 *addy) { + if (!addy) return 1; + memcpy(NextHopMACaddress, addy, 6); + NextHopMACaddress_set = 1; + return 0; +} + +/* Set the device names so that they can be returned by deviceName() + and deviceFullName(). The normal name may not include alias + qualifier, while the full name may include it (e.g. "eth1:1"). If + these are non-null, they will overwrite the stored version */ +void Target::setDeviceNames(const char *name, const char *fullname) { + if (name) Strncpy(devname, name, sizeof(devname)); + if (fullname) Strncpy(devfullname, fullname, sizeof(devfullname)); +} + /* Returns the 6-byte long MAC address, or NULL if none has been set */ const u8 *Target::MACAddress() { return (MACaddress_set)? MACaddress : NULL; @@ -368,3 +424,7 @@ const u8 *Target::MACAddress() { const u8 *Target::SrcMACAddress() { return (SrcMACaddress_set)? SrcMACaddress : NULL; } + +const u8 *Target::NextHopMACAddress() { + return (NextHopMACaddress_set)? NextHopMACaddress : NULL; +} diff --git a/Target.h b/Target.h index 41ac66316..2d2015a9c 100644 --- a/Target.h +++ b/Target.h @@ -122,7 +122,8 @@ class Target { /* Fills a sockaddr_storage with the AF_INET or AF_INET6 address information of the target. This is a preferred way to get the address since it is portable for IPv6 hosts. Returns 0 for - success. */ + success. ss_len must be provided. It is not examined, but is set + to the size of the sockaddr copied in. */ int TargetSockAddr(struct sockaddr_storage *ss, size_t *ss_len); /* Note that it is OK to pass in a sockaddr_in or sockaddr_in6 casted to sockaddr_storage */ @@ -159,6 +160,27 @@ class Target { /* This next version returns a STATIC buffer -- so no concurrency */ const char *NameIP(); + /* If the host is directly connected on a network, set and retrieve + that information here. directlyConnected() will abort if it hasn't + been set yet. */ + void setDirectlyConnected(bool connected); + bool directlyConnected(); + + /* If the host is NOT directly connected, you can set the next hop + value here. It is OK to pass in a sockaddr_in or sockaddr_in6 + casted to sockaddr_storage*/ + void setNextHop(struct sockaddr_storage *next_hop, size_t next_hop_len); + /* Returns the next hop for sending packets to this host. Returns true if + next_hop was filled in. It might be false, for example, if + next_hop has never been set */ + bool nextHop(struct sockaddr_storage *next_hop, size_t *next_hop_len); + + /* Sets the interface type to one of: + devt_ethernet, devt_loopback, devt_p2p, devt_other + */ + void setIfType(devtype iftype) { interface_type = iftype; } + /* Returns -1 if it has not yet been set with setIfType() */ + devtype ifType() { return interface_type; } /* Starts the timeout clock for the host running (e.g. you are beginning a scan). If you do not have the current time handy, you can pass in NULL. When done, call stopTimeOutClock (it will @@ -177,9 +199,20 @@ class Target { /* Takes a 6-byte MAC address */ int setMACAddress(const u8 *addy); int setSrcMACAddress(const u8 *addy); + int setNextHopMACAddress(const u8 *addy); // this should be the target's own MAC if directlyConnected() + /* Returns a pointer to 6-byte MAC address, or NULL if none is set */ const u8 *MACAddress(); const u8 *SrcMACAddress(); + const u8 *NextHopMACAddress(); + +/* Set the device names so that they can be returned by deviceName() + and deviceFullName(). The normal name may not include alias + qualifier, while the full name may include it (e.g. "eth1:1"). If + these are non-null, they will overwrite the stored version */ + void setDeviceNames(const char *name, const char *fullname); + const char *deviceName() { return *devname? devname : NULL; } + const char *deviceFullName() { return *devfullname? devfullname : NULL; } struct seq_info seq; FingerPrintResults *FPR; @@ -191,26 +224,27 @@ class Target { int wierd_responses; /* echo responses from other addresses, Ie a network broadcast address */ unsigned int flags; /* HOST_UP, HOST_DOWN, HOST_FIREWALLED, HOST_BROADCAST (instead of HOST_BROADCAST use wierd_responses */ struct timeout_info to; - char device[64]; /* The device we transmit on -- make sure to adjust some str* calls if I ever change this size*/ - private: + + private: char *hostname; // Null if unable to resolve or unset void Initialize(); void FreeInternal(); // Free memory allocated inside this object // Creates a "presentation" formatted string out of the IPv4/IPv6 address void GenerateIPString(); - struct sockaddr_storage targetsock, sourcesock; - size_t targetsocklen, sourcesocklen; + struct sockaddr_storage targetsock, sourcesock, nexthopsock; + size_t targetsocklen, sourcesocklen, nexthopsocklen; + int directly_connected; // -1 = unset; 0 = no; 1 = yes #ifndef INET6_ADDRSTRLEN #define INET6_ADDRSTRLEN 46 #endif char targetipstring[INET6_ADDRSTRLEN]; char *nameIPBuf; /* for the NameIP(void) function to return */ - u8 MACaddress[6]; - bool MACaddress_set; - u8 SrcMACaddress[6]; - bool SrcMACaddress_set; + u8 MACaddress[6], SrcMACaddress[6], NextHopMACaddress[6]; + bool MACaddress_set, SrcMACaddress_set, NextHopMACaddress_set; struct host_timeout_nfo htn; + devtype interface_type; + char devname[32], devfullname[32]; }; #endif /* TARGET_H */ diff --git a/docs/nmap.dtd b/docs/nmap.dtd index 12ed78f9d..235e45153 100644 --- a/docs/nmap.dtd +++ b/docs/nmap.dtd @@ -177,6 +177,9 @@ + hostname CDATA #IMPLIED + ostype CDATA #IMPLIED + devicetype CDATA #IMPLIED diff --git a/docs/nmap.usage.txt b/docs/nmap.usage.txt index 8e51e930b..a28baf97c 100644 --- a/docs/nmap.usage.txt +++ b/docs/nmap.usage.txt @@ -1,4 +1,4 @@ -Nmap 3.83.DC1 Usage: nmap [Scan Type(s)] [Options] +Nmap 3.83.SOC1 Usage: nmap [Scan Type(s)] [Options] Some Common Scan Types ('*' options require root privileges) * -sS TCP SYN stealth port scan (default if privileged (root)) -sT TCP connect() port scan (default for unprivileged users) diff --git a/idle_scan.cc b/idle_scan.cc index 8f6871416..2b48313de 100644 --- a/idle_scan.cc +++ b/idle_scan.cc @@ -149,6 +149,8 @@ struct idle_proxy_info { initialize_idleproxy) listens for TCP packets from the probe_port of the proxy box */ int rawsd; /* Socket descriptor for sending probe packets to the proxy */ + struct eth_nfo eth; // For when we want to send probes via raw IP instead. + struct eth_nfo *ethptr; // points to eth if filled out, otherwise NULL }; @@ -189,7 +191,7 @@ int ipid_proxy_probe(struct idle_proxy_info *proxy, int *probes_sent, gettimeofday(&tv_sent[tries], NULL); /* Time to send the pr0be!*/ - send_tcp_raw(proxy->rawsd, proxy->host.v4sourceip(), + send_tcp_raw(proxy->rawsd, proxy->ethptr, proxy->host.v4sourceip(), proxy->host.v4hostip(), o.ttl, base_port + tries, proxy->probe_port, seq_base + (packet_send_count++ * 500) + 1, ack, @@ -281,7 +283,6 @@ void initialize_idleproxy(struct idle_proxy_info *proxy, char *proxyName, char *p, *q; char *endptr = NULL; int seq_response_num; - char *dev; int newipid; int i; char filter[512]; /* Libpcap filter string */ @@ -297,6 +298,7 @@ void initialize_idleproxy(struct idle_proxy_info *proxy, char *proxyName, int distance; u16 ipids[NUM_IPID_PROBES]; u8 probe_returned[NUM_IPID_PROBES]; + struct route_nfo rnfo; assert(proxy); assert(proxyName); @@ -330,47 +332,66 @@ void initialize_idleproxy(struct idle_proxy_info *proxy, char *proxyName, fatal("Could not resolve idlescan zombie host: %s", name); } proxy->host.setTargetSockAddr(&ss, sslen); - + /* Lets figure out the appropriate source address to use when sending the pr0bez */ + proxy->host.TargetSockAddr(&ss, &sslen); + if (!route_dst(&ss, &rnfo)) + fatal("Unable to find appropriate source address and device interface to use when sending packets to %s", proxyName); + if (o.spoofsource) { o.SourceSockAddr(&ss, &sslen); proxy->host.setSourceSockAddr(&ss, sslen); - Strncpy(proxy->host.device, o.device, sizeof(proxy->host.device)); + proxy->host.setDeviceNames(o.device, o.device); } else { - struct sockaddr_in *sin = (struct sockaddr_in *)&ss; - sslen = sizeof(*sin); - memset(sin, 0, sslen); - dev = routethrough(proxy->host.v4hostip(), &(sin->sin_addr)); - if (!dev) fatal("Unable to find appropriate source address and device interface to use when sending packets to %s", proxyName); - Strncpy(proxy->host.device, dev, sizeof(proxy->host.device)); - sin->sin_family = AF_INET; -#if HAVE_SOCKADDR_SA_LEN - sin->sin_len = sslen; -#endif - proxy->host.setSourceSockAddr((struct sockaddr_storage *) sin, sslen); + proxy->host.setDeviceNames(rnfo.ii.devname, rnfo.ii.devfullname); + proxy->host.setSourceSockAddr(&rnfo.srcaddr, sizeof(rnfo.srcaddr)); } + if (rnfo.direct_connect) { + proxy->host.setDirectlyConnected(true); + } else { + proxy->host.setDirectlyConnected(false); + proxy->host.setNextHop(&rnfo.nexthop, + sizeof(rnfo.nexthop)); + } + proxy->host.setIfType(rnfo.ii.device_type); + if (rnfo.ii.device_type == devt_ethernet) + proxy->host.setSrcMACAddress(rnfo.ii.mac); + /* Now lets send some probes to check IPID algorithm ... */ /* First we need a raw socket ... */ - if ((proxy->rawsd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0 ) - pfatal("socket trobles in get_fingerprint"); - unblock_socket(proxy->rawsd); - broadcast_socket(proxy->rawsd); + if ((o.sendpref & PACKET_SEND_ETH) && proxy->host.ifType() == devt_ethernet) { + if (!setTargetNextHopMAC(&proxy->host)) + fatal("%s: Failed to determine dst MAC address for Idle proxy", + __FUNCTION__); + memcpy(proxy->eth.srcmac, proxy->host.SrcMACAddress(), 6); + memcpy(proxy->eth.dstmac, proxy->host.NextHopMACAddress(), 6); + proxy->eth.ethsd = eth_open(proxy->host.deviceName()); + proxy->rawsd = -1; + proxy->ethptr = &proxy->eth; + } else { + if ((proxy->rawsd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0 ) + pfatal("socket trobles in get_fingerprint"); + unblock_socket(proxy->rawsd); + broadcast_socket(proxy->rawsd); #ifndef WIN32 - sethdrinclude(proxy->rawsd); + sethdrinclude(proxy->rawsd); #endif + proxy->eth.ethsd = NULL; + proxy->ethptr = NULL; + } /* Now for the pcap opening nonsense ... */ /* Note that the snaplen is 152 = 64 byte max IPhdr + 24 byte max link_layer * header + 64 byte max TCP header. */ - proxy->pd = my_pcap_open_live(proxy->host.device, 152, (o.spoofsource)? 1 : 0, 50); + proxy->pd = my_pcap_open_live(proxy->host.deviceName(), 152, (o.spoofsource)? 1 : 0, 50); p = strdup(proxy->host.targetipstr()); q = strdup(inet_ntoa(proxy->host.v4source())); snprintf(filter, sizeof(filter), "tcp and src host %s and dst host %s and src port %hu", p, q, proxy->probe_port); free(p); free(q); - set_pcap_filter(&(proxy->host), proxy->pd, flt_icmptcp, filter); + set_pcap_filter(proxy->host.deviceName(), proxy->pd, flt_icmptcp, filter); /* Windows nonsense -- I am not sure why this is needed, but I should get rid of it at sometime */ @@ -391,7 +412,7 @@ void initialize_idleproxy(struct idle_proxy_info *proxy, char *proxyName, a response with the exact request for timing purposes. So I think I'll use TH_SYN, although it is a tough call. */ /* We can't use decoys 'cause that would screw up the IPIDs */ - send_tcp_raw(proxy->rawsd, proxy->host.v4sourceip(), + send_tcp_raw(proxy->rawsd, proxy->ethptr, proxy->host.v4sourceip(), proxy->host.v4hostip(), o.ttl, o.magic_port + probes_sent + 1, proxy->probe_port, sequence_base + probes_sent + 1, 0, TH_SYN|TH_ACK, @@ -428,7 +449,6 @@ void initialize_idleproxy(struct idle_proxy_info *proxy, char *proxyName, continue; if (ip->ip_p == IPPROTO_TCP) { - /* readtcppacket((char *) ip, ntohs(ip->ip_len)); */ tcp = ((struct tcphdr *) (((char *) ip) + 4 * ip->ip_hl)); if (ntohs(tcp->th_dport) < (o.magic_port+1) || ntohs(tcp->th_dport) - o.magic_port > NUM_IPID_PROBES || ntohs(tcp->th_sport) != proxy->probe_port || ((tcp->th_flags & TH_RST) == 0)) { if (o.debugging > 1) error("Received unexpected response packet from %s during initial ipid zombie testing", inet_ntoa(ip->ip_src)); @@ -508,7 +528,8 @@ void initialize_idleproxy(struct idle_proxy_info *proxy, char *proxyName, if (first_target) { for (probes_sent = 0; probes_sent < 4; probes_sent++) { if (probes_sent) usleep(50000); - send_tcp_raw(proxy->rawsd, first_target, proxy->host.v4hostip(), + send_tcp_raw(proxy->rawsd, proxy->ethptr, first_target, + proxy->host.v4hostip(), o.ttl, o.magic_port, proxy->probe_port, sequence_base + probes_sent + 1, 0, TH_SYN|TH_ACK, ack, NULL, 0, NULL, 0); @@ -634,6 +655,7 @@ int idlescan_countopen2(struct idle_proxy_info *proxy, int sleeptime; int lasttry = 0; int dotry3 = 0; + struct eth_nfo eth; if (seq == 0) seq = get_random_u32(); @@ -643,6 +665,15 @@ int idlescan_countopen2(struct idle_proxy_info *proxy, if (sent_time) memset(sent_time, 0, sizeof(*sent_time)); if (rcv_time) memset(rcv_time, 0, sizeof(*rcv_time)); + if (proxy->rawsd < 0) { + if (!setTargetNextHopMAC(target)) + fatal("%s: Failed to determine dst MAC address for Idle proxy", + __FUNCTION__); + memcpy(eth.srcmac, target->SrcMACAddress(), 6); + memcpy(eth.dstmac, target->NextHopMACAddress(), 6); + eth.ethsd = eth_open(target->deviceName()); + } else eth.ethsd = NULL; + /* I start by sending out the SYN pr0bez */ for(pr0be = 0; pr0be < numports; pr0be++) { if (o.scan_delay) enforce_scan_delay(NULL); @@ -652,7 +683,8 @@ int idlescan_countopen2(struct idle_proxy_info *proxy, but doing it the straightforward way (using the same decoys as we use in probing the proxy box is risky. I'll have to think about this more. */ - send_tcp_raw(proxy->rawsd, proxy->host.v4hostip(), target->v4hostip(), + send_tcp_raw(proxy->rawsd, eth.ethsd? ð : NULL, proxy->host.v4hostip(), + target->v4hostip(), o.ttl, proxy->probe_port, ports[pr0be], seq, 0, TH_SYN, 0, NULL, 0, o.extra_payload, o.extra_payload_length); } @@ -739,6 +771,7 @@ int idlescan_countopen2(struct idle_proxy_info *proxy, if (rcv_time) *rcv_time = latestchange; } if (newipid > 0) proxy->latestid = newipid; + if (eth.ethsd) { eth_close(eth.ethsd); eth.ethsd = NULL; } return openports; } diff --git a/libdnet-stripped/Makefile b/libdnet-stripped/Makefile index 8485e7da4..eff85618e 100644 --- a/libdnet-stripped/Makefile +++ b/libdnet-stripped/Makefile @@ -91,7 +91,7 @@ AUTOMAKE = ${SHELL} /home/fyodor/nmap/libdnet-stripped/config/missing --run auto AWK = gawk CC = gcc CCDEPMODE = depmode=none -CFLAGS = -g -O2 -Wall +CFLAGS = -g -Wall CHECKINC = CHECKLIB = CPP = gcc -E diff --git a/libdnet-stripped/src/Makefile b/libdnet-stripped/src/Makefile index ed936fe8e..43ca4db94 100644 --- a/libdnet-stripped/src/Makefile +++ b/libdnet-stripped/src/Makefile @@ -96,7 +96,7 @@ AUTOMAKE = ${SHELL} /home/fyodor/nmap/libdnet-stripped/config/missing --run auto AWK = gawk CC = gcc CCDEPMODE = depmode=none -CFLAGS = -g -O2 -Wall +CFLAGS = -g -Wall CHECKINC = CHECKLIB = CPP = gcc -E diff --git a/libdnet-stripped/src/intf.c b/libdnet-stripped/src/intf.c index e523054ca..faa416760 100644 --- a/libdnet-stripped/src/intf.c +++ b/libdnet-stripped/src/intf.c @@ -119,12 +119,16 @@ intf_t * intf_open(void) { intf_t *intf; - + int one = 1; + if ((intf = calloc(1, sizeof(*intf))) != NULL) { intf->fd = intf->fd6 = -1; if ((intf->fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) return (intf_close(intf)); + + setsockopt(intf->fd, SOL_SOCKET, SO_BROADCAST, + (const char *) &one, sizeof(one)); #ifdef SIOCGIFNETMASK_IN6 if ((intf->fd6 = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) { # ifdef EPROTONOSUPPORT @@ -472,6 +476,7 @@ static int _intf_get_aliases(intf_t *intf, struct intf_entry *entry) { struct ifreq *ifr, *lifr; + struct ifreq tmpifr; struct addr *ap, *lap; char *p; @@ -492,12 +497,15 @@ _intf_get_aliases(intf_t *intf, struct intf_entry *entry) if ((p = strchr(ifr->ifr_name, ':')) != NULL) *p = '\0'; - if (strcmp(ifr->ifr_name, entry->intf_name) != 0) + if (strcmp(ifr->ifr_name, entry->intf_name) != 0) { + if (p) *p = ':'; continue; + } + if (p) *p = ':'; /* Fix the name back up */ if (addr_ston(&ifr->ifr_addr, ap) < 0) continue; - + /* XXX */ if (ap->addr_type == ADDR_TYPE_ETH) { memcpy(&entry->intf_link_addr, ap, sizeof(*ap)); @@ -506,6 +514,11 @@ _intf_get_aliases(intf_t *intf, struct intf_entry *entry) if (ap->addr_ip == entry->intf_addr.addr_ip || ap->addr_ip == entry->intf_dst_addr.addr_ip) continue; + strlcpy(tmpifr.ifr_name, ifr->ifr_name, + sizeof(tmpifr.ifr_name)); + if (ioctl(intf->fd, SIOCGIFNETMASK, &tmpifr) == 0) + addr_stob(&tmpifr.ifr_addr, &ap->addr_bits); + } #ifdef SIOCGIFNETMASK_IN6 else if (ap->addr_type == ADDR_TYPE_IP6 && intf->fd6 != -1) { @@ -547,16 +560,28 @@ intf_get(intf_t *intf, struct intf_entry *entry) static int _match_intf_src(const struct intf_entry *entry, void *arg) { + int matched = 0; + int cnt; struct intf_entry *save = (struct intf_entry *)arg; - if (entry->intf_addr.addr_type == ADDR_TYPE_IP && - entry->intf_addr.addr_ip == save->intf_addr.addr_ip) { - /* XXX - truncated result if entry is too small. */ - if (save->intf_len < entry->intf_len) - memcpy(save, entry, save->intf_len); - else - memcpy(save, entry, entry->intf_len); - return (1); + if (entry->intf_addr.addr_type == ADDR_TYPE_IP && + entry->intf_addr.addr_ip == save->intf_addr.addr_ip) + matched = 1; + + for (cnt = 0; !matched && cnt < (int) entry->intf_alias_num; cnt++) { + if (entry->intf_alias_addrs[cnt].addr_type != ADDR_TYPE_IP) + continue; + if (entry->intf_alias_addrs[cnt].addr_ip == save->intf_addr.addr_ip) + matched = 1; + } + + if (matched) { + /* XXX - truncated result if entry is too small. */ + if (save->intf_len < entry->intf_len) + memcpy(save, entry, save->intf_len); + else + memcpy(save, entry, entry->intf_len); + return (1); } return (0); } @@ -678,14 +703,18 @@ intf_loop(intf_t *intf, intf_handler callback, void *arg) if ((p = strchr(ifr->ifr_name, ':')) != NULL) *p = '\0'; - if (pifr != NULL && strcmp(ifr->ifr_name, pifr->ifr_name) == 0) + if (pifr != NULL && strcmp(ifr->ifr_name, pifr->ifr_name) == 0) { + if (p) *p = ':'; continue; + } memset(ebuf, 0, sizeof(ebuf)); strlcpy(entry->intf_name, ifr->ifr_name, sizeof(entry->intf_name)); entry->intf_len = sizeof(ebuf); + /* Repair the alias name back up. */ + if (p) *p = ':'; if (_intf_get_noalias(intf, entry) < 0) return (-1); if (_intf_get_aliases(intf, entry) < 0) diff --git a/mswin32/winip/winip.c b/mswin32/winip/winip.c index fa90c4736..17bc9a003 100644 --- a/mswin32/winip/winip.c +++ b/mswin32/winip/winip.c @@ -653,126 +653,7 @@ static void winip_list_interfaces() } } -// Find a route to dest. Fill in source, return device - -// I will fail this if no raw, so nmap will still work - typedef DWORD (__stdcall *PGBI)(IPAddr, PDWORD); -char *routethrough(const struct in_addr *dest, struct in_addr *source) -{ - /* - In theory, GetBestInterface is ideal. But we need - the source address. Even though GetBestInterface - is still the fastest way to get the name, - ipaddr2devname is fast enough. So we use - SIO_ROUTING_INTERFACE_QUERY. - */ - - // the raw senders tend to iterate this - // so we cache the results - static DWORD last_dest = 0; - static DWORD last_source; - static char dev[128]; - struct sockaddr_in sin_dest, sin_source; - - winip_test(0); - if(inited == 3) - { - static int warned = 0; - if(!warned) - printf("routethrough: failing due to lack of any raw support\n"); - warned = 1; - } - - if(last_dest == dest->s_addr) - { - source->s_addr = last_source; - return dev; - } - - ZeroMemory(&sin_dest, sizeof(sin_dest)); - sin_dest.sin_family = AF_INET; - sin_dest.sin_addr = *dest; - - if(wo.nt4route) - { - MIB_IPFORWARDROW ir; - int ifi; - - if(0 != get_best_route(sin_dest.sin_addr.s_addr, &ir)) - { - if(o.debugging > 1) - printf("get_best_route failed, so routethrough will fail\n"); - - return NULL; - } - - if(-1 == (ifi = winif2ifi(ir.dwForwardIfIndex))) - fatal("routethrough: got unmappable (new?) interface\n"); - - if(0 != ifi2ipaddr(ifi, &sin_source.sin_addr)) - fatal("routethrough: no IP for device %s\n", ifi2name(ifi)); - - if(!rawsock_avail && !iftable[ifi].pcapname) return NULL; - - strcpy(dev, ifi2name(ifi)); - } - else - { - SOCKET s; - DWORD br; - - s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); - if(s == INVALID_SOCKET) - fatal("failed to create socket\n"); - - if(0 != WSAIoctl(s, SIO_ROUTING_INTERFACE_QUERY, - &sin_dest, sizeof(sin_dest), - &sin_source, sizeof(sin_source), &br, 0, 0)) - { - if(o.debugging) - printf("SIO_ROUTING_INTERFACE_QUERY(%s) failed (%d)\n", inet_ntoa(*dest), WSAGetLastError()); - closesocket(s); - return NULL; - } - - closesocket(s); - } - - // localhost scan (fake) support - // this allows localhost, but not 127.0.0.1, scans to seem to work - if(sin_source.sin_addr.s_addr == htonl(INADDR_LOOPBACK)) - sin_source.sin_addr.s_addr = dest->s_addr; - - if(0 != ipaddr2devname(dev, &sin_source.sin_addr)) - { - if(o.debugging) - { - printf("routethrough: %s routes through ", inet_ntoa(*dest)); - printf("%s, but inaddr2devname failed\n", - inet_ntoa(sin_source.sin_addr)); - } - - return 0; - } - - if(!rawsock_avail && - !iftable[ipaddr2ifi(sin_source.sin_addr.s_addr)].pcapname) - return NULL; - - last_dest = dest->s_addr; - last_source = sin_source.sin_addr.s_addr; - *source = sin_source.sin_addr; - - if(o.debugging > 1) - { - printf("%s will use interface ", inet_ntoa(*(struct in_addr*)&last_dest)); - printf("%s\n", inet_ntoa(*(struct in_addr*)&last_source)); - } - - return dev; -} - // socket and sendto replacements int win32_sendto(int sd, const char *packet, int len, @@ -816,7 +697,7 @@ void win32_pcap_close(pcap_t *pd) else rawrecv_close(pd); } -pcap_t *my_pcap_open_live(char *device, int snaplen, int promisc, int to_ms) +pcap_t *my_pcap_open_live(const char *device, int snaplen, int promisc, int to_ms) { int ifi = name2ifi(device); if(ifi == -1) @@ -856,7 +737,7 @@ void sethdrinclude(int sd) } } -void set_pcap_filter(Target *target, +void set_pcap_filter(const char *device, pcap_t *pd, PFILTERFN filter, char *bpf, ...) { va_list ap; @@ -871,7 +752,7 @@ void set_pcap_filter(Target *target, return; } - if (pcap_lookupnet(target->device, &localnet, &netmask, err0r) == -1) + if (pcap_lookupnet(device, &localnet, &netmask, err0r) == -1) ; /* fatal("Failed to lookup device subnet/netmask: %s", err0r);*/ va_start(ap, bpf); @@ -884,10 +765,6 @@ void set_pcap_filter(Target *target, if (o.debugging) log_write(LOG_STDOUT, "Packet capture filter: %s\n", buf); - /* Due to apparent bug in libpcap */ - if (islocalhost(target->v4hostip())) - buf[0] = '\0'; - if (pcap_compile(pd, &fcode, buf, 0, netmask) < 0) fatal("Error compiling our pcap filter: %s\n", pcap_geterr(pd)); if (pcap_setfilter(pd, &fcode) < 0 ) diff --git a/mswin32/winip/winip.h b/mswin32/winip/winip.h index 8b9dd0a97..1220319eb 100644 --- a/mswin32/winip/winip.h +++ b/mswin32/winip/winip.h @@ -126,7 +126,7 @@ typedef int (*PFILTERFN)(const char *packet, unsigned int len); /* 1 to keep */ // Makes gcc happy // One wonders why VC doesn't complain... class Target; -EXTERNC void set_pcap_filter(Target *target, pcap_t *pd, PFILTERFN filter, char *bpf, ...); +EXTERNC void set_pcap_filter(const char *device, pcap_t *pd, PFILTERFN filter, char *bpf, ...); typedef struct _IPNODE { @@ -173,7 +173,7 @@ EXTERNC int get_best_route(DWORD dest, PMIB_IPFORWARDROW r); // pcapsend interface EXTERNC void pcapsend_init(); -EXTERNC pcap_t *my_real_pcap_open_live(char *device, int snaplen, int promisc, int to_ms); +EXTERNC pcap_t *my_real_pcap_open_live(const char *device, int snaplen, int promisc, int to_ms); EXTERNC int pcapsendraw(const char *packet, int len, struct sockaddr *to, int tolen); diff --git a/nmap-os-fingerprints b/nmap-os-fingerprints index 65131fd21..db044eff3 100644 --- a/nmap-os-fingerprints +++ b/nmap-os-fingerprints @@ -3951,7 +3951,7 @@ PU(Resp=N) # Brocade Fibre Switch, Firmware 2.6.0 # Cisco Aironet 340 WAP running v 12.03T of the firmware (and VxWorks OS) Fingerprint Cisco Aironet WAP, Brocade Fibre Switch, or Sun Remote System Console -Class Cisco | vxworks || WAP +Class Cisco | VxWorks || WAP Class Brocade | embedded || switch Class Sun | embedded || remote management TSeq(Class=64K%IPID=I%TS=U) @@ -10791,19 +10791,6 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=) T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=N) -# Microsoft Windows Longhorn Preview, Version 6.0 Build 4051.idx 02.031001-1340 -Fingerprint Microsoft Windows Longhorn Preview -Class Microsoft | Windows | Windows Longhorn | general purpose -TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ) -T1(DF=Y%W=0%ACK=S++%Flags=AR%Ops=) -T2(Resp=N) -T3(Resp=N) -T4(DF=Y%W=0%ACK=O%Flags=R%Ops=) -T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=) -T6(DF=Y%W=0%ACK=O%Flags=R%Ops=) -T7(Resp=N) -PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) - # Microsoft Windows Server 2003, Enterprise Edition, Build 3790 # Microsoft .NET Enterprise Server RC2 (Version 5.2 build 3718.dnsrv.021114-1947) Fingerprint Microsoft Windows .NET Enterprise Server RC2 (Version 5.2, build 3718.dnsrv.021114-1947) @@ -12388,6 +12375,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=) T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E) +# Microsoft Windows Longhorn Preview, Version 6.0 Build 4051.idx 02.031001-1340 +Fingerprint Microsoft Windows Longhorn Preview +Class Microsoft | Windows | Windows Longhorn | general purpose +TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ) +T1(DF=Y%W=0%ACK=S++%Flags=AR%Ops=) +T2(Resp=N) +T3(Resp=N) +T4(DF=Y%W=0%ACK=O%Flags=R%Ops=) +T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=) +T6(DF=Y%W=0%ACK=O%Flags=R%Ops=) +T7(Resp=N) +PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) + # Windows 2000 Pro, Build 2195 SP4 Fingerprint Microsoft Windows 2000 Pro SP4 Class Microsoft | Windows || general purpose diff --git a/nmap-service-probes b/nmap-service-probes index e2ce38004..8061ab612 100644 --- a/nmap-service-probes +++ b/nmap-service-probes @@ -40,166 +40,177 @@ Probe TCP NULL q|| # smtp services have lately been instituting an artificial pause (see # FEATURE('greet_pause') in Sendmail, for example) totalwaitms 6000 -match acap m|^\* ACAP \(IMPLEMENTATION \"CommuniGate Pro ACAP (\d[-.\w]+)\"\) | p/CommuniGate Pro ACAP server/ i/for mail client preference sharing/ +match acap m|^\* ACAP \(IMPLEMENTATION \"CommuniGate Pro ACAP (\d[-.\w]+)\"\) | p/CommuniGate Pro ACAP server/ i/for mail client preference sharing/ v/$1/ match aim m|^\*\x01..\0\x04\0\0\0\x01$|s p/Pyboticide AIM chat filter/ # AMANDA index server 2.4.2p2 on Linux 2.4 -match amanda m|^220 [-.\w]+ AMANDA index server \((\d[-.\w ]+)\) ready\.\r\n| p/Amanda backup system index server/ v/$1/ +match amanda m|^220 ([-.\w]+) AMANDA index server \((\d[-.\w ]+)\) ready\.\r\n| p/Amanda backup system index server/ v/$2/ h/$1/ o/Unix/ # arkstats (part of arkeia-light 5.1.12 Backup server) on Linux 2.4.20 match arkstats m|^\0`\0\x03\0\0\0\x1810\x000\x000\x00852224\0\0\0\0\0\0\0\0\0\0\0| p/Arkeia arkstats/ - match backdoorjeam m|^220 jeem\.mail\.pv ESMTP\r\n| p/Jeem backdoor/ i/**BACKDOOR**/ # Bittorrent Client 3.2.1b on Linux 2.4.X match bittorent m|^\x13BitTorrent protocol\0\0\0\0\0\0\0\0| p/Bittorrent P2P client/ - # BMC Software Patrol Agent 3.45 match bmc-softwarepatrol m|^\0\0\0\x17i\x02\x03..\0\x05\x02\0\x04\x02\x04\x03..\0\x03\x04\0\0\0\0\x01\x01\0| p/BMC Software Patrol Agent/ -match chargen m|^!"#\$%\&'\(\)\*\+,-\./0123456789:;<=>\?\@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\\\]\^_`abcdefgh\r\n"#\$%\&'\(\)\*\+,-\./0123456789:;<=>\?\@ABCDEF| p/Linux chargen/ +match chargen m|^!"#\$%\&'\(\)\*\+,-\./0123456789:;<=>\?\@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\\\]\^_`abcdefgh\r\n"#\$%\&'\(\)\*\+,-\./0123456789:;<=>\?\@ABCDEF| p/Linux chargen/ o/Linux/ # Redhat 7.2, xinetd 2.3.7 chargen -match chargen m|^\*\+,-\./0123456789:;<=>\?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\\\]\^_`abcdefghijklmnopq\r\n\+,-\./| p/xinetd chargen/ +match chargen m|^\*\+,-\./0123456789:;<=>\?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\\\]\^_`abcdefghijklmnopq\r\n\+,-\./| p/xinetd chargen/ o/Unix/ # Sun Solaris 9; Windows match chargen m|^\ !"#\$%&'\(\)\*\+,-\./0123456789:;<=>\?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\\\]\^_| # Mandrake Linux 9.2, xinetd 2.3.11 chargen -match chargen m|NOPQRSTUVWXYZ\[\\\]\^_`abcdefghijklm| - +match chargen m|NOPQRSTUVWXYZ\[\\\]\^_`abcdefghijklm| p/xinetd chargen/ o/Unix/ # Citrix, Metaframe XP on Windows -match citrix-ica m|^\x7f\x7fICA\0\x7f\x7fICA\0| p/Citrix Metaframe XP ICA/ +match citrix-ica m|^\x7f\x7fICA\0\x7f\x7fICA\0| p/Citrix Metaframe XP ICA/ o/Windows/ match concertosendlog m|^Concerto Software\r\n\r\nEnsemblePro SendLog Server - Version (\d[-.\w]+)\r\n\r\nEnter Telnet Password\r\n#> | p/Concerto Software EnsemblePro CRM software SendLog Server/ v/$1/ match concertotimesync m|^Concerto Software\r\n\r\nContactPro TimeSync Server - Version (\d[-.\w]+)\r\n\r\nEnter Telnet Password\r\n#> | p/Concerto Software EnsemblePro CRM software TimeSync Server/ v/$1/ - # CompTek AquaGateKeeper (Telephony package) http://aqua.comptek.ru match H.323/Q.931 m|^\x03\0\0.*@| p/CompTek AquaGateKeeper/ - match cvspserver m|^no repository configured in /| p/CVS pserver/ i/broken/ match cvspserver m|^/usr/sbin/cvs-pserver: line \d+: .*cvs: No such file or directory\n| p/CVS pserver/ i/broken/ match cvsup m|^OK \d+ \d+ ([-.\w]+) CVSup server ready\n| p/CVSup/ v/$1/ - -match damewaremr m|^0\x11\0\0\0..\0......\r@\0\0\0\0\0\0\0\0\x01\0\0\0\x01\0\0\0\0\0\0\0.\0\0\0$|s p/DameWare Mini Remote Control/ i/Windows/ +match damewaremr m|^0\x11\0\0\0..\0......\r@\0\0\0\0\0\0\0\0\x01\0\0\0\x01\0\0\0\0\0\0\0.\0\0\0$|s p/DameWare Mini Remote Control/ o/Windows/ # Linux match daytime m|^[0-3]\d [A-Z][A-Z][A-Z] 20\d\d \d\d:\d\d:\d\d \S+\r\n| # OpenBSD 3.2 match daytime m|^[A-Z][a-z]{2} [A-Z][a-z]{2} +\d{1,2} +\d\d:\d\d:\d\d 20\d\d\r\n| # Solaris 8,9 -match daytime m|^[A-Z][a-z]{2} [A-Z][a-z]{2} +\d{1,2} +\d\d:\d\d:\d\d 20\d\d\n\r| p/Sun Solaris daytime/ +match daytime m|^[A-Z][a-z]{2} [A-Z][a-z]{2} +\d{1,2} +\d\d:\d\d:\d\d 20\d\d\n\r| p/Sun Solaris daytime/ o/Solaris/ # Windows daytime -match daytime m|^\d+:\d\d:\d\d [AP]M \d+/\d+/200\d\n$| p/Microsoft Windows USA daytime/ +match daytime m|^\d+:\d\d:\d\d [AP]M \d+/\d+/200\d\n$| p/Microsoft Windows USA daytime/ o/Windows/ # Windows daytime - UK english I think (no AM/PM) -match daytime m|^\d{1,2}:\d{1,2}:\d{1,2} \d{1,2}/\d{1,2}/200\d\n$| p/Microsoft Windows daytime/ +match daytime m|^\d\d:\d\d:\d\d \d\d.\d\d.200\d\n$| p/Microsoft Windows International daytime/ o/Windows/ +# daytime on Windows 2000 Server +match daytime m|^.... \d{1,2}:\d{1,2}:\d{1,2} 200\d-\d{1,2}-\d{1,2}\n$| p/Microsoft Windows daytime/ o/Windows/ +# Windows NT daytime +match daytime m|^[A-Z][a-z]+day, [A-Z][a-z]+ \d{1,2}, 200\d \d{1,2}:\d\d:\d\d\n\0$| p/Microsoft Windows daytime/ o/Windows/ +# Windows 2000 Adv Server sp-4 daytime +match daytime m|^[A-Z][a-z][a-z] [A-Z][a-z][a-z] \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} 200\d\n| p/Microsoft Windows daytime/ o/Windows/ +# Windows 2003 Server daytme +match daytime m|^\d{1,2}\.\d{1,2}\.\d{1,2} \d\d/\d\d/200\d\n| p/Microsoft Windows daytime/ o/Windows/ +# Windows 2000 Prof. Central European format +match daytime m|^\d{1,2}:\d\d:\d\d \d{1,2}\.\d{1,2}\.200\d\n$| p/Microsoft Windows daytime/ o/Windows/ # Windows International daytime -match daytime m|^\d\d:\d\d:\d\d \d\d.\d\d.200\d\n$| p/Microsoft Windows International daytime/ +match daytime m|^\d\d:\d\d:\d\d \d\d.\d\d.200\d\n$| p/Microsoft Windows International daytime/ o/Windows/ # New Zealand format daytime - Windows 2000 -match daytime m|^[01]\d:\d\d:\d\d [AP]M [0-3]\d/[01]\d/0\d\n$| p/Microsoft Windows daytime/ i/New Zealand style/ +match daytime m|^[01]\d:\d\d:\d\d [AP]M [0-3]\d/[01]\d/0\d\n$| p/Microsoft Windows daytime/ i/New Zealand style/ o/Windows/ # HP-UX B.11.00 A inetd daytime -match daytime m|^[A-Z][a-z]{2} [A-Z][a-z]{2} +\d{1,2} \d\d:\d\d:\d\d [A-Z]+ 200\d\r\n$| p/HP-UX daytime/ +match daytime m|^[A-Z][a-z]{2} [A-Z][a-z]{2} +\d{1,2} \d\d:\d\d:\d\d [A-Z]+ 200\d\r\n$| p/HP-UX daytime/ o/HP-UX/ # Tardis 2000 v1.4 on NT match daytime m|^^[A-Z][a-z]{2} [A-Z][a-z]{2} +\d{1,2} \d\d:\d\d:\d\d 200\d $| p/Tardis 2000 daytime/ -match dict m|^530 access denied\r\n$| p/dictd/ i/access denied/ -match dict m|^220 [-.\w]+ dictd ([-.\w/]+) on ([-.+ \w]+) | p/dictd/ v/$1/ i/on $2/ -match directconnect m/^\$MyNick ([-.\w]+)|\$Lock/ p/Direct Connect P2P/ i/User: $1/ +# TrueTime nts100 running WxWorks +match daytime m|^[A-Z][a-z]{2}, [A-Z][a-z]{2} \d{1,2}, 200\d, \d\d:\d\d:\d\d-UTC$| p/Truetime nts100/ +# Cisco router daytime +match daytime m|^[A-Z][a-z]+day, [A-Z][a-z]+ \d{1,2}, 200\d \d\d:\d\d:\d\d-MET(-DST)?\r\n| p/Cisco router daytime/ o/IOS/ + +match dict m|^530 access denied\r\n$| p/dictd/ i/access denied/ +match dict m|^220 ([-.\w]+) dictd ([-.\w/]+) on ([-.+ \w]+) | p/dictd/ h/$1/ v/$2/ o/$3/ +match directconnect m/^\$MyNick ([-.\w]+)|\$Lock/ p/Direct Connect P2P/ i/User: $1/ o/Windows/ match eggdrop m=^\r\n\r\n([-`|.\w]+) \(Eggdrop v(\d[-.\w]+) +\([cC]\) *1997.*\r\n\r\n= p/Eggdrop irc bot console/ v/$2/ i/botname: $1/ # This fallback is because many people customize their eggdrop # banners. This rule should always be well below the detailed rule # above. match eggdrop m|Copyright \(C\) 1997 Robey Pointer\r\n.*Eggheads| p/Eggdrop IRC bot console/ -match finger m|\r\n {4}Line {5,8}User {6,8}Host\(s\) {13,18}Idle +Location\r\n| p/Cisco fingerd/ - -match ftp m|^220 [-/.+\w]+ FTP server \(SecureTransport (\d[-.\w]+)\) ready\.\r\n| p/Tumbleweed SecureTransport ftpd/ v/$1/ +match finger m|\r\n {4}Line {5,8}User {6,8}Host\(s\) {13,18}Idle +Location\r\n| p/Cisco fingerd/ o/IOS/ d/router/ +match ftp m|^220 ([-/.+\w]+) FTP server \(SecureTransport (\d[-.\w]+)\) ready\.\r\n| p/Tumbleweed SecureTransport ftpd/ h/$1/ v/$2/ match ftp m|^220 3Com 3CDaemon FTP Server Version (\d[-.\w]+)\r\n| p/3Com 3CDaemon ftpd/ v/$1/ # GuildFTP 0.999.9 on Windows -match ftp m|^220-GuildFTPd FTP Server \(c\) 1997-2002\r\n220-Version (\d[-.\w]+)\r\n220 Please enter your name:\r\n| p/Guild ftpd/ v/$1/ i/Windows/ +match ftp m|^220-GuildFTPd FTP Server \(c\) 1997-2002\r\n220-Version (\d[-.\w]+)\r\n220 Please enter your name:\r\n| p/Guild ftpd/ v/$1/ o/Windows/ # Medusa Async V1.21 [experimental] on Linux 2.4 -match ftp m|^220 [-/.+\w]+ FTP server \(Medusa Async V(\d[^\)]+)\) ready\.\r\n| p/Medusa Async ftpd/ v/$1/ -match ftp m|^220 [-/.+\w]+\((\d[-.\w]+)\) FTP server \(EPSON ([^\)]+)\) ready\.\r\n| p/Epson printer ftpd/ v/$1/ i/Epson $2/ -match ftp m|^220 [-/.+\w]+ IBM TCP/IP for OS/2 - FTP Server ver \d+:\d+:\d+ on [A-Z]| p|IBM OS/2 ftpd| -match ftp m|^220 [-/.+\w]+ Lexmark ([-/.+\w]+) FTP Server (\d[-.\w]+) ready\.\r\n| p/Lexmark printerftpd/ v/$2/ i/Lexmark $1/ +match ftp m|^220 ([-/.+\w]+) FTP server \(Medusa Async V(\d[^\)]+)\) ready\.\r\n| p/Medusa Async ftpd/ h/$1/ v/$2/ +match ftp m|^220 ([-/.+\w]+)\((\d[-.\w]+)\) FTP server \(EPSON ([^\)]+)\) ready\.\r\n| p/Epson printer ftpd/ h/$1/ v/$2/ i/Epson $3/ d/printer/ +match ftp m|^220 ([-/.+\w]+) IBM TCP/IP for OS/2 - FTP Server ver \d+:\d+:\d+ on [A-Z]| p|IBM OS/2 ftpd| h/$1/ o|OS/2| +match ftp m|^220 ([-/.+\w]+) Lexmark ([-/.+\w]+) FTP Server (\d[-.\w]+) ready\.\r\n| p/Lexmark printer ftpd/ v/$2/ i/Lexmark $3/ h/$1/ d/printer/ match ftp m|^220 Internet Rex (\d[-.\w ]+) \(([-/.+\w]+)\) FTP server awaiting your command\.\r\n| p/Internet Rex ftpd/ v/$1/ i/$2/ -match ftp m|^220 [-.+\w]+ FTP server \(Version (\d[-.\w]+)\(([^\)]+)\) [A-Z][a-z][a-z] [A-Z].*200\d\) ready\.\r\n| p/HP-UX ftpd/ v/$1/ i/$2/ -match ftp m|^530 Connection refused, unknown IP address\.\r\n$| p/Microsoft IIS ftpd/ i/IP address rejected/ +match ftp m|^220 ([-.+\w]+) FTP server \(Version (\d[-.\w]+)\(([^\)]+)\) [A-Z][a-z][a-z] [A-Z].*200\d\) ready\.\r\n| p/HP-UX ftpd/ h/$1/ v/$2/ i/$3/ o/HP-UX/ +match ftp m|^530 Connection refused, unknown IP address\.\r\n$| p/Microsoft IIS ftpd/ i/IP address rejected/ o/Windows/ match ftp m|^220 PizzaSwitch FTP server ready\r\n| p/Xylan PizzaSwitch ftpd/ -match ftp m|^220 [-.+\w]+ IronPort FTP server \(V(\d[-.\w]+)\) ready\.\r\n| p/IronPort mail appliance ftpd/ -match ftp m|^220 WFTPD (\d[-.\w]+) service \(by Texas Imperial Software\) ready for new user\r\n| p/Texas Imperial Software WFTPD/ v/$1/ -match ftp m|^220 [-.+\w]+ FTP server \(Version (MICRO-[-.\w:#+ ]+)\) ready\.\r\n| p/Bay Networks MicroAnnex terminal server ftpd/ v/$1/ -match ftp m|^220 [-.+\w]+ FTP server \(Digital UNIX Version (\d[-.\w]+)\) ready\.\r\n| p/Digital UNIX ftpd/ v/$1/ -match ftp m|^220 [-.+\w]+ FTP server \(Version [\d.]+\+Heimdal (\d[-+.\w ]+)\) ready\.\r\n| p/Heimdal Kerberized ftpd/ v/$1/ -match ftp m|^500 OOPS: (could not bind listening IPv4 socket)\r\n$| p/vsftpd/ i/broken: $1/ -match ftp m|^500 00PS: vsftpd: (.*)\r\n| p/vsftpd/ i/broken: $1/ -match ftp m|^220-QTCP at [-.\w]+\r\n220| p|IBM OS/400 FTPd| -match ftp m|^220-FileZilla Server version (\d[-.\w ]+)\r\n| p/FileZilla ftpd/ v/$1/ +match ftp m|^220 ([-.+\w]+) IronPort FTP server \(V(\d[-.\w]+)\) ready\.\r\n| p/IronPort mail appliance ftpd/ h/$1/ v/$2/ +match ftp m|^220 WFTPD (\d[-.\w]+) service \(by Texas Imperial Software\) ready for new user\r\n| p/Texas Imperial Software WFTPD/ v/$1/ o/Windows/ +match ftp m|^220 ([-.+\w]+) FTP server \(Version (MICRO-[-.\w:#+ ]+)\) ready\.\r\n| p/Bay Networks MicroAnnex terminal server ftpd/ h/$1/ v/$2/ d/terminal server/ +match ftp m|^220 ([-.+\w]+) FTP server \(Digital UNIX Version (\d[-.\w]+)\) ready\.\r\n| p/Digital UNIX ftpd/ h/$1/ v/$2/ o/Unix/ o/DIGITAL UNIX/ +match ftp m|^220 ([-.+\w]+) FTP server \(Version [\d.]+\+Heimdal (\d[-+.\w ]+)\) ready\.\r\n| p/Heimdal Kerberized ftpd/ h/$1/ v/$2/ o/Unix/ +match ftp m|^500 OOPS: (could not bind listening IPv4 socket)\r\n$| p/vsftpd/ i/broken: $1/ o/Unix/ +match ftp m|^500 00PS: vsftpd: (.*)\r\n| p/vsftpd/ i/broken: $1/ o/Unix/ +match ftp m|^220-QTCP at ([-.\w]+)\r\n220| p|IBM OS/400 FTPd| o|OS/400| h/$1/ +match ftp m|^220-FileZilla Server version (\d[-.\w ]+)\r\n| p/FileZilla ftpd/ v/$1/ o/Windows/ # Netgear RP114 switch with integrated ftp server # Netgear RP114 -match ftp m|^220 ([-\w]+)? FTP version 1\.0 ready at | p/Netgear broadband router ftpd/ v/1.0/ -match ftp m|^220 [-.\w]+ FTP server \(GNU inetutils (\d[-.\w ]+)\) ready\.\r\n| p/GNU Inetutils FTPd/ v/$1/ -match ftp m|^220 .* \(glftpd (\d[-.0-9a-zA-Z]+)_(\w+)(\+TLS)?\) ready\.\r\n| p/glFtpD/ v/$1/ i/$2/ -match ftp m|^220 [-.\w]+ FTP server \(FirstClass v(\d[-.\w]+)\) ready\.\r\n| p/FirstClass FTP server/ v/$1/ -match ftp m|^220 [-.\w]+ FTP server \(Compaq Tru64 UNIX Version (\d[-.\w]+)\) ready\.\r\n| p/Compaq Tru64 ftp server/ v/$1/ -match ftp m|^220 AXIS ([-.\w]+) FTP Network Print Server V(\d[-.\w]+) [A-Z][a-z]| p/Axis network print server ftpd/ v/$2/ i/Model $1/ -match ftp m|^220 AXIS ([\d\w]+)V(\d\S+) (.*?) ready\.\n| p/AXIS $1 Webcam/ v/$2/ i/$3/ -match ftp m|^220 Axis (\d+) Network Camera (\d\S+) (.*?) ready\.\n| p/Axis $1 Webcam/ v/$2/ i/$3/ +match ftp m|^220 ([-\w]+)? FTP version 1\.0 ready at | p/Netgear broadband router ftpd/ v/1.0/ d/router/ +match ftp m|^220 ([-.\w]+) FTP server \(GNU inetutils (\d[-.\w ]+)\) ready\.\r\n| p/GNU Inetutils FTPd/ v/$2/ h/$1/ +match ftp m|^220 .* \(glftpd (\d[-.0-9a-zA-Z]+)_(\w+)(\+TLS)?\) ready\.\r\n| p/glFtpD/ v/$1/ i/$2/ o/Unix/ +match ftp m|^220 ([-.\w]+) FTP server \(FirstClass v(\d[-.\w]+)\) ready\.\r\n| p/FirstClass FTP server/ h/$1/ v/$2/ +match ftp m|^220 ([-.\w]+) FTP server \(Compaq Tru64 UNIX Version (\d[-.\w]+)\) ready\.\r\n| p/Compaq Tru64 ftp server/ h/$1/ v/$2/ o/Tru64 UNIX/ +match ftp m|^220 AXIS ([-.\w]+) FTP Network Print Server V(\d[-.\w]+) [A-Z][a-z]| p/Axis network print server ftpd/ v/$2/ i/Model $1/ d/print server/ +match ftp m|^220 AXIS ([\d\w]+)V(\d\S+) (.*?) ready\.\n| p/AXIS $1 Webcam/ v/$2/ i/$3/ d/webcam/ +match ftp m|^220 Axis (\d+) Network Camera (\d\S+) (.*?) ready\.\n| p/Axis $1 Webcam/ v/$2/ i/$3/ d/webcam/ match ftp m|^220 AXIS (\d+) Video Server (\d\S+) (.*?) ready\.| p/AXIS $1 Video Server/ v/$2/ i/$3/ -match ftp m|^220-Cerberus FTP Server Personal Edition\r\n220-UNREGISTERED\r\n| p/Cerberus FTP Server/ i/Personal Edition; Unregistered/ -match ftp m|^220-GuildFTPd FTP Server \(c\) 2001\r\n220-Version (\d[-.\w]+)\r\n220 Please enter your name:\r\n| p/GuildFTPd/ v/$1/ -match ftp m|^220 FTP print service:V-(\d[-.\w]+)/Use the network password for the ID if updating\.\r\n| p/Brother printer ftpd/ v/$1/ -match ftp m|^220- APC FTP server ready\.\r\n220 \r\n$| p|APC ftp server| i|UPS/Power device| -match ftp m|^220 [-\w]+ FTP server \(Version (\d.[.\d]+) ([A-Z][a-z]{2} [A-Z][a-z]{2} [0-9]+ [0-9:]+ .* [21][0-9]+)\) ready\.\r\n| p/HP-UX 10.x ftpd/ v/$1/ -match ftp m|^220 [-\w]+ FTP server \(Version (\d[-.\w]+) [A-Z][a-z]{2} [A-Z][a-z]{2} .*\) ready\.\r\n| p/AIX ftpd/ v/$1/ +match ftp m|^220-Cerberus FTP Server Personal Edition\r\n220-UNREGISTERED\r\n| p/Cerberus FTP Server/ i/Personal Edition; Unregistered/ o/Windows/ +match ftp m|^220-GuildFTPd FTP Server \(c\) 2001\r\n220-Version (\d[-.\w]+)\r\n220 Please enter your name:\r\n| p/GuildFTPd/ v/$1/ o/Windows/ +match ftp m|^220 FTP print service:V-(\d[-.\w]+)/Use the network password for the ID if updating\.\r\n| p/Brother printer ftpd/ v/$1/ d/printer/ +match ftp m|^220- APC FTP server ready\.\r\n220 \r\n$| p/APC ftp server/ d/power device/ +match ftp m|^220 ([-\w]+) FTP server \(Version (\d.[.\d]+) ([A-Z][a-z]{2} [A-Z][a-z]{2} [0-9]+ [0-9:]+ .* [21][0-9]+)\) ready\.\r\n| p/HP-UX 10.x ftpd/ h/$1/ v/$2/ o/HP-UX/ i/$3/ +match ftp m|^220 ([-\w]+) FTP server \(Version (\d[-.\w]+) [A-Z][a-z]{2} [A-Z][a-z]{2} .*\) ready\.\r\n| p/AIX ftpd/ h/$1/ v/$2/ o/AIX/ match ftp m|^220[- ]Roxen FTP server running on Roxen (\d[-.\w]+)/Pike (\d[-.\w]+)\r\n| p/Roxen ftp server/ v/$1/ i/Pike $2/ # Debian packaged oftpd 0.3.6-51 on Linux 2.6.0-test4 Debian -match ftp m|^220 Service ready for new user\.\r\n| p/oftpd/ +match ftp m|^220 Service ready for new user\.\r\n| p/oftpd/ o/Unix/ # ProFTPd 1.2.5 -match ftp m|^220 Server \(ProFTPD\) \[[-.\w]+\]\r\n| p/ProFTPd/ +match ftp m|^220 Server \(ProFTPD\) \[([-.\w]+)\]\r\n| p/ProFTPd/ h/$1/ o/Unix/ # Mac OS X Client 10.2.6 built-in ftpd match ftp m|^220[ -].*FTP server \(lukemftpd (\d[-. \w]+)\) ready\.\r\n|s p/LukemFTPD/ v/$1/ i/Mac OS X uses lukemftpd derivative/ -match ftp m/^220.*Microsoft FTP Service \(Version (\d[^)]+)/ p/Microsoft ftpd/ v/$1/ +match ftp m/^220.*Microsoft FTP Service \(Version (\d[^)]+)/ p/Microsoft ftpd/ v/$1/ o/Windows/ # This lame version doesn't give a version number # Windows 2003 -match ftp m/^220[ -]Microsoft FTP Service\r\n/ p/Microsoft ftpd/ -match ftp m/^220 Serv-U FTP Server v(\d\S+) for WinSock ready/ p/Serv-U ftpd/ v/$1/ -match ftp m/^220 Serv-U FTP-Server v(\d\S+) for WinSock ready/ p/Serv-U ftpd/ v/$1/ +match ftp m/^220[ -]Microsoft FTP Service\r\n/ p/Microsoft ftpd/ o/Windows/ +match ftp m/^220 Serv-U FTP Server v(\d\S+) for WinSock ready/ p/Serv-U ftpd/ v/$1/ o/Windows/ +match ftp m/^220 Serv-U FTP-Server v(\d\S+) for WinSock ready/ p/Serv-U ftpd/ v/$1/ o/Windows/ match ftp m/^220-Sambar FTP Server Version (\d\S+)\x0d\x0a/ p/Sambar ftpd/ v/$1/ # Sambar server V5.3 on Windows NT match ftp m|^220-FTP Server ready\r\n220-Use USER user@host for native FTP proxy\r\n220 Your FTP Session will expire after 300 seconds of inactivity\.\r\n| p/Sambar ftpd/ -match ftp m/^220 JD FTP Server Ready/ p/HP JetDirect ftpd/ -match ftp m/^220.*Check Point FireWall-1 Secure FTP server running on/s p/Check Point Firewall-1 ftpd/ -match ftp m/^220[- ].*FTP server \(Version (wu-[-.\w]+)/s p/WU-FTPD/ v/$1/ -match ftp m|^220-\r\n220 [-.\w]+ FTP server \(Version ([-.+\w()]+)\) ready\.\r\n$| p/WU-FTPD/ v/$1/ -match ftp m|^220 [-.\w]+ FTP server \(Version ([-.+\w()]+)\) ready\.\r\n$| p/WU-FTPD/ v/$1/ -match ftp m/^220 ProFTPD (\d\S+) Server/ p/ProFTPD/ v/$1/ -match ftp m/^220.*ProFTP[dD].*Server ready/ p/ProFTPD/ -match ftp m/^220.*NcFTPd Server / p/NcFTPd/ -match ftp m/^220.*FTP server \(SunOS 5\.([789])\) ready/ p/Sun Solaris $1 ftpd/ -match ftp m/^220.*FTP server \(SunOS (\S+)\) ready/ p/Sun SunOS ftpd/ v/$1/ -match ftp m/^220-[-.\w]+ IBM FTP.*(V\d+R\d+)/ p|IBM OS/390 ftpd| v|$1| -match ftp m/^220 VxWorks \((\d[^)]+)\) FTP server ready/ p/VxWorks ftpd/ v/$1/ -match ftp m/^220 VxWorks \(VxWorks(\d[^)]+)\) FTP server ready/ p/VxWorks ftpd/ v/$1/ +match ftp m/^220 JD FTP Server Ready/ p/HP JetDirect ftpd/ d/print server/ +match ftp m/^220.*Check Point FireWall-1 Secure FTP server running on/s p/Check Point Firewall-1 ftpd/ d/firewall/ +match ftp m/^220[- ].*FTP server \(Version (wu-[-.\w]+)/s p/WU-FTPD/ v/$1/ o/Unix/ +match ftp m|^220-\r\n220 ([-.\w]+) FTP server \(Version ([-.+\w()]+)\) ready\.\r\n$| p/WU-FTPD/ h/$1/ v/$2/ o/Unix/ +match ftp m|^220 ([-.\w]+) FTP server \(Version ([-.+\w()]+)\) ready\.\r\n$| p/WU-FTPD/ h/$1/ v/$2/ o/Unix/ +match ftp m/^220 ProFTPD (\d\S+) Server/ p/ProFTPD/ v/$1/ o/Unix/ +match ftp m/^220.*ProFTP[dD].*Server ready/ p/ProFTPD/ o/Unix/ +match ftp m/^220.*NcFTPd Server / p/NcFTPd/ o/Unix/ +match ftp m/^220.*FTP server \(SunOS 5\.([789])\) ready/ p/Sun Solaris $1 ftpd/ o/Solaris/ +match ftp m/^220.*FTP server \(SunOS (\S+)\) ready/ p/Sun SunOS ftpd/ v/$1/ o/Solaris/ +match ftp m/^220-([-.\w]+) IBM FTP.*(V\d+R\d+)/ p|IBM OS/390 ftpd| h/$1/ v/$2/ o|OS/390| +match ftp m/^220 VxWorks \((\d[^)]+)\) FTP server ready/ p/VxWorks ftpd/ v/$1/ o/VxWorks/ +match ftp m/^220 VxWorks \(VxWorks(\d[^)]+)\) FTP server ready/ p/VxWorks ftpd/ v/$1/ o/VxWorks/ match ftp m/^220.*Welcome to .*Pure-?FTPd (\d\S+\s*)/ p/PureFTPd/ v/$1/ match ftp m/^220.*Welcome to .*Pure-?FTPd[^(]+\r\n/ p/PureFTPd/ match ftp m/^220.*Bienvenue sur .*Pure-?FTPd (\d[-.\w]+)/ p/PureFTPd/ v/$1/ -match ftp m/^220 ready, dude \(vsFTPd (\d[0-9.]+): beat me, break me\)\r\n/ p/vsFTPd/ v/$1/ -match ftp m/^220 \(vsFTPd ([-.\w]+)\)\r\n$/ p/vsFTPd/ v/$1/ -match ftp m/^220 TYPSoft FTP Server (\d\S+) ready\.\.\.\r\n/ p/TYPSoft ftpd/ v/$1/ +match ftp m/^220 ready, dude \(vsFTPd (\d[0-9.]+): beat me, break me\)\r\n/ p/vsFTPd/ v/$1/ o/Unix/ +match ftp m/^220 \(vsFTPd ([-.\w]+)\)\r\n$/ p/vsFTPd/ v/$1/ o/Unix/ +match ftp m/^220 TYPSoft FTP Server (\d\S+) ready\.\.\.\r\n/ p/TYPSoft ftpd/ v/$1/ o/Windows/ match ftp m/^220-MegaBit Gear (\S+).*FTP server ready/ p/MegaBit Gear ftpd/ v/$1/ -match ftp m/^220.*WS_FTP Server (\d\S+)/ p/WS FTPd/ v/$1/ -match ftp m/^220 Features: a p \.\r\n$/ p/Publicfile ftpd/ -match ftp m/^220 [-.\w]+ FTP server \(Version (\S+) VFTPD, based on Version (\S+)\) ready\.\r\n$/ p/Virtual FTPD/ v/$1/ i/based on $2/ -match ftp m|220 [-.\w]+ FTP server \(Version (\S+)/OpenBSD, linux port (\S+)\) ready\.\r\n| p/OpenBSD ftpd/ v/$1/ i/Linux port $2/ -match ftp m|^220 [-.\w]+ FTP server \(Version (\S+)/OpenBSD/Linux-ftpd-([-.\w]+)\) ready.\r\n$| p/OpenBSD ftpd/ v/$1/ i/Linux port $2/ +match ftp m/^220.*WS_FTP Server (\d\S+)/ p/WS FTPd/ v/$1/ o/Windows/ +match ftp m/^220 Features: a p \.\r\n$/ p/Publicfile ftpd/ o/Unix/ +match ftp m/^220 ([-.\w]+) FTP server \(Version (\S+) VFTPD, based on Version (\S+)\) ready\.\r\n$/ p/Virtual FTPD/ h/$1/ v/$2/ i/based on $2/ o/Unix/ +match ftp m|220 ([-.\w]+) FTP server \(Version (\S+)/OpenBSD, linux port (\S+)\) ready\.\r\n| p/OpenBSD ftpd/ h/$1/ v/$2/ i/Linux port $2/ o/Linux/ +match ftp m|^220 ([-.\w]+) FTP server \(Version (\S+)/OpenBSD/Linux-ftpd-([-.\w]+)\) ready.\r\n$| p/OpenBSD ftpd/ h/$1/ v/$2/ i/Linux port $2/ o/Linux/ match ftp m/^220 Interscan Version ([-\w.]+)/i p/Interscan Viruswall ftpd/ v/$1/ -match ftp m|^220 InterScan FTP VirusWall NT (\d[-.\w]+) \(([-.\w]+) Mode\), Virus scan (\w+)\r\n$| p/Interscan VirusWall NT/ v/$1/ i/Virus scan $3; $2 mode/ -match ftp m|^220 [-.\w]+ FTP server \(Version ([-.\w]+)/OpenBSD\) ready\.\r\n$| p/OpenBSD ftpd/ v/$1/ -match ftp m|^220-Welcome to [A-Z]+ FTP Service\.\r\n220 All unauthorized access is logged\.\r\n$| p/FileZilla ftpd/ -match ftp m|^220 [-.\w]+ FTP server \(Version (6.0\w+)\) ready.\r\n| p/FreeBSD ftpd/ v/$1/ +match ftp m|^220 InterScan FTP VirusWall NT (\d[-.\w]+) \(([-.\w]+) Mode\), Virus scan (\w+)\r\n$| p/Interscan VirusWall NT/ v/$1/ i/Virus scan $3; $2 mode/ o/Windows/ +match ftp m|^220 ([-.\w]+) FTP server \(Version ([-.\w]+)/OpenBSD\) ready\.\r\n$| p/OpenBSD ftpd/ h/$1/ v/$2/ o/OpenBSD/ +match ftp m|^220-Welcome to ([A-Z]+) FTP Service\.\r\n220 All unauthorized access is logged\.\r\n$| p/FileZilla ftpd/ h/$1/ +match ftp m|^220 ([-.\w]+) FTP server \(Version (6.0\w+)\) ready.\r\n| p/FreeBSD ftpd/ h/$1/ v/$2/ o/FreeBSD/ # OpenBSD 3.4 beta running Pure-FTPd 1.0.16 with SSL/TLS -match ftp m|^220---------- Welcome to Pure-FTPd \[privsep\] \[TLS\] ----------\r\n220-You are user number| p|Pure-FTPd| i|with SSL/TLS| +match ftp m|^220---------- Welcome to Pure-FTPd \[privsep\] \[TLS\] ----------\r\n220-You are user number| p/Pure-FTPd/ i|with SSL/TLS| match ftp m|^220---------- .* Pure-FTPd ----------\r\n220-| p/Pure-FTPd/ # Trolltech Troll-FTPD 1.28 (Only runs on Linux) -match ftp m|^220-Setting memory limit to 1024\+1024kbytes\r\n220-Local time is now \d+:\d+ and the load is [.\d]+\.\r\n220 You will be disconnected after \d+ seconds of inactivity.\r\n$| p/Trolltech Troll-FTPd/ i/on Linux/ +match ftp m|^220-Setting memory limit to 1024\+1024kbytes\r\n220-Local time is now \d+:\d+ and the load is [.\d]+\.\r\n220 You will be disconnected after \d+ seconds of inactivity.\r\n$| p/Trolltech Troll-FTPd/ o/Linux/ match ftp m|^220 FTP server \(Hummingbird Ltd\. \(HCLFTPD\) Version (7.1.0.0)\) ready\.\r\n$| p/Hummingbird FTP server/ v/$1/ -match ftp m|^220- .*\n220 [-.\w]+ FTP server \(Version (.*)\) ready\.\r\n|s p/BSD ftpd/ v/$1/ -match ftp m|^220 ArGoSoft FTP Server for Windows NT/2000/XP, Version [\d.]+ \(([\d.]+)\)\r\n| p/ArGoSoft ftpd/ v/$1/ i/Win32/ +match ftp m|^220- .*\n220 ([-.\w]+) FTP server \(Version (.*)\) ready\.\r\n|s p/BSD ftpd/ h/$1/ v/$2/ +match ftp m|^220 ArGoSoft FTP Server for Windows NT/2000/XP, Version [\d.]+ \(([\d.]+)\)\r\n| p/ArGoSoft ftpd/ v/$1/ o/Windows/ +# Xitami FTPd +match ftp m|^220- \r\n.*www\.imatix\.com --\r\n|s p/Xitami ftpd/ +match ftp m|^220- Welcome to this Xitami FTP server, running version ([\d\w.]+) of Xitami\. \n You are user number (\d+) of a permitted (\d+) users\.| p/Xitami ftpd/ v/$1/ i|$2/$3 users| # Xitami FTPd match ftp m|^220- \r\n.*www\.imatix\.com --\r\n|s p/Xitami ftpd/ match ftp m|^220- Welcome to this Xitami FTP server, running version ([\d\w.]+) of Xitami\. \n You are user number (\d+) of a permitted (\d+) users\.| p/Xitami ftpd/ v/$1/ i|$2/$3 users| @@ -207,95 +218,108 @@ match ftp m|^220- Welcome to this Xitami FTP server, running version ([\d\w.]+) # Netware 6 - NWFTPD.NLM FTP Server Version 5.01w match ftp m|^220 Service Ready for new User\r\n$| p/Netware NWFTPD/ match ftp m|^220-LRN\r\n220 Service Ready for new User\r\n| p/Netware NWFTPD/ -match ftp m|^220 ([-\w]+) FTP server \(NetWare (v[\d.]+)\) ready\.\r\n$| p/Novell Netware ftpd/ v/$2/ +match ftp m|^220 ([-\w]+) FTP server \(NetWare (v[\d.]+)\) ready\.\r\n$| p/Novell Netware ftpd/ h/$1/ v/$2/ o/NetWare/ match ftp m|220 FTP Server for NW 3.1x, 4.xx \((v1.10)\), \(c\) 199[0-9] HellSoft\.\r\n$| p/HellSoft FTP server for Netware 3.1x, 4.x/ v/$1/ -match ftp m|^220 [-.\w]+ MultiNet FTP Server Process V(\S+) at .+\r\n$| p/DEC OpenVMS MultiNet FTPd/ v/$1/ -match ftp m|^220-\r\n220 [-.\w]+ FTP server \(NetBSD-ftpd ([-.\w]+)\) ready.\r\n$| p/NetBSD ftpd/ v/$1/ -match ftp m|^220 ([-.\w]+) Network Management Card AOS v([-.\w]+) FTP server ready.\r\n$| p/APC AOS ftpd/ v/$2/ i/on APC $1 network management card/ +match ftp m|^220 ([-.\w]+) MultiNet FTP Server Process V(\S+) at .+\r\n$| p/DEC OpenVMS MultiNet FTPd/ h/$1/ v/$2/ +match ftp m|^220-\r\n220 ([-.\w]+) FTP server \(NetBSD-ftpd ([-.\w]+)\) ready.\r\n$| p/NetBSD ftpd/ h/$1/ v/$2/ o/NetBSD/ +match ftp m|^220 ([-.\w]+) Network Management Card AOS v([-.\w]+) FTP server ready.\r\n$| p/APC AOS ftpd/ v/$2/ i/on APC $1 network management card/ d/power device/ o/AOS/ # G-Net BB0060 ADSL Modem - the ftpd might be by "GlobespanVirata" as that # is what the telnetd on this device said. -match ftp m|^220 FTP Server \(Version 1.0\) ready.\r\n$| p/G-Net DSL Modem ftpd/ v/1.0/ +match ftp m|^220 FTP Server \(Version 1.0\) ready.\r\n$| p/G-Net DSL Modem ftpd/ v/1.0/ d/broadband router/ # HP-UX B.11.00 -match ftp m|^220 [-.\w ]+ FTP server \(Version (1.1.2[.\d]+) [A-Z][a-z]{2} [A-Z][a-z]{2} .*\) ready.\r\n| p/HP-UX ftpd/ v/$1/ +match ftp m|^220 ([-.\w ]+) FTP server \(Version (1.1.2[.\d]+) [A-Z][a-z]{2} [A-Z][a-z]{2} .*\) ready.\r\n| p/HP-UX ftpd/ h/$1/ v/$2/ o/HP-UX/ # 220 mirrors.midco.net FTP server ready. match ftp m|^220-.*\r\n WarFTPd (\d[-.\w]+) \([\w ]+\) Ready\r\n|s p/WarFTPd/ v/$1/ match ftp m|^220 Welcome to Windows FTP Server| p|Windows Ftp Server| i|Not from Microsoft - http://srv.nease.net/| # UnixWare 7.11 match ftp m|^220 ([\w-_.]+) FTP server \(BSDI Version ([\w.]+)\) ready\.\r\n| p|BSDI/Unixware ftpd| v/$2/ h/$1/ +match ftp m|^220 FTP server \(Hummingbird Ltd\. \(HCLFTPD\) Version ([\d.]+)\) ready\.\r\n| p/Hummingbird ftpd/ v/$1/ +match ftp m|^220 OpenFTPD server ready\. .*\.\r\n| p/OpenFTPD/ +match ftp m|^220 ([\w\d-_.]+) FTP server \(NetBSD-ftpd 200\d+\) ready\.\r\n| p/NetBSD ftpd/ o/NetBSD/ +match ftp m|^220 CommuniGate Pro FTP Server ([\d.]+) ready\r\n| p/Communigate Pro ftpd/ v/$1/ +match ftp m|^220 CommuniGate Pro FTP Server ready\r\n| p/Communigate Pro ftpd/ +match ftp m|^421 Sorry you are not welcomed on this server\.\r\n$| p/BulletProof ftpd/ i/Banned/ o/Windows/ +match ftp m|^(220.*\r\n)?220 [Ee]valine FTP server \(Version: Mac OS X|s p/Evaline ftpd/ o/Mac OS X/ + match ftp-proxy m|^220 Ftp service of Jana-Server ready\r\n| p/JanaServer ftp proxy/ -match ftp-proxy m|^220 [-.\w]+ FTP proxy \(Version (\d[-.\w]+)\) ready\.\r\n| p/Guantlet FTP proxy/ v/$1/ +match ftp-proxy m|^220 ([-.\w]+) FTP proxy \(Version (\d[-.\w]+)\) ready\.\r\n| p/Guantlet FTP proxy/ v/$1/ # Frox FTP Proxy (frox-0.6.5) on Linux 2.2.X - http://frox.sourceforge.net/ match ftp-proxy m|^220 Frox transparent ftp proxy\. Login with username\[@host\[:port\]\]\r\n| p/Frox ftp proxy/ match ftp-proxy m|^501 Proxy unable to contact ftp server\r\n| p/Frox ftp proxy/ -match ftp-proxy m|^220 [-.+\w]+ FTP AnalogX Proxy (\d[-.\w]+) \(Release\) ready\r\n| p/AnalogX FTP proxy/ v/$1/ -match ftp-proxy m|^220 Secure Gateway FTP server ready\.\r\n| p/Symantec Enterprise Firewall FTP proxy/ +match ftp-proxy m|^220 ([-.+\w]+) FTP AnalogX Proxy (\d[-.\w]+) \(Release\) ready\r\n| p/AnalogX FTP proxy/ h/$1/ v/$2/ +match ftp-proxy m|^220 Secure Gateway FTP server ready\.\r\n| p/Symantec Enterprise Firewall FTP proxy/ d/firewall/ match ftp-proxy m/^220-Sidewinder ftp proxy\. You must login to the proxy first/ p/Sidewinder FTP proxy/ match ftp-proxy m/^220-\r\x0a220-Sidewinder ftp proxy/s p/Sidewinder FTP proxy/ +match ftp-proxy m|^220 webshield2 FTP proxy ready\.\r\n| p/Webshield2 FTP proxy/ o/Windows/ # TODO kerio? #match ftp m|^421 Service not available \(The FTP server is not responding\.\)\n$| v/unknown FTP server//service not responding/ -match vdr m|220 \S+ SVDRP VideoDiskRecorder (\d[^\;]+);| p/VDR/ v/$1/ +match vdr m|220(\S+) SVDRP VideoDiskRecorder (\d[^\;]+);| p/VDR/ h/$1/ v/$2/ d/media device/ softmatch ftp m/^220 [-.\w ]+ftp.*\r\n$/i softmatch ftp m/^220-[-.\w ]+ftp.*\r\n220/i softmatch ftp m/^220[- ].*ftp server.*\r\n/i softmatch ftp m/^220-\r?\n220 - ftp/i -match fw1-rlogin m|^\0Check Point FireWall-1 authenticated RLogin server running on [-.\w]+\r\n\r| p/Check Point FireWall-1 authenticated RLogin server/ -match gnats m|^200 [-.\w]+ GNATS server (\d[-.\w]+) ready\.\r\n| p/GNATS bugtracking system/ v/$1/ +match fw1-rlogin m|^\0Check Point FireWall-1 authenticated RLogin server running on ([-.\w]+)\r\n\r| p/Check Point FireWall-1 authenticated RLogin server/ i/$1/ +match gnats m|^200 ([-.\w]+) GNATS server (\d[-.\w]+) ready\.\r\n| p/GNATS bugtracking system/ h/$1/ v/$2/ # Returns ASCII data in the following format: # |HardDrive1DevName|HardDrive1HardwareID|HardDrive1Temp|TempUnit| # |HardDrive2DevName|HardDrive2HardwareID|HardDrive2Temp|TempUnit| match hddtemp m+^\|/dev/hd\w\|+ p/hddtemp hard drive info server/ # And now for some SORRY web servers that just blurt out an http "response" upon connection!!! match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nExpires: .*\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\nJAP\n| p/Java Anonymous Proxy/ -match http m|^HTTP/1.0 500\r\nContent-type: text/plain\r\n\r\nNo Scan Capable Devices Found\r\n| p/HP Embedded Web Server remote scan service/ i/no scanner found/ +match http m|^HTTP/1.0 500\r\nContent-type: text/plain\r\n\r\nNo Scan Capable Devices Found\r\n| p/HP Embedded Web Server remote scan service/ i/no scanner found/ d/printer/ # SMC Barricade 7004ABR -match http m|^HTTP/1\.0 301 Moved\r\nLocation: http://\d+\.\d+\.\d+\.\d+:88\r\n| p/SMB Barricade broadband router/ i/simply redirects to real web admin port 88/ -match hp-gsg m|^220 JetDirect GGW server \(version (\d[.\d]+)\) ready\r\n| p/HP JetDirect Generic Scan Gateway/ v/$1/ -match hylafax m|^220 [-.\w]+ server \(HylaFAX \(tm\) Version (\d[-.\w]+)\) ready\.\r\n$| p/HylaFAX/ v/$1/ +match http m|^HTTP/1\.0 301 Moved\r\nLocation: http://\d+\.\d+\.\d+\.\d+:88\r\n| p/SMB Barricade broadband router/ i/simply redirects to real web admin port 88/ d/router/ +match hp-gsg m|^220 JetDirect GGW server \(version (\d[.\d]+)\) ready\r\n| p/HP JetDirect Generic Scan Gateway/ v/$1/ d/printer/ +match hylafax m|^220 ([-.\w]+) server \(HylaFAX \(tm\) Version (\d[-.\w]+)\) ready\.\r\n$| p/HylaFAX/ h/$1/ v/$2/ d/printer/ # Hylafax 4.1.6 on Linux 2.4 -match hylafax m|^130 Warning, client address \"[\d.]+\" is not listed for host name \"[-.\w]+\"\.\r\n| p/HylaFAX/ i/IP unauthorized/ +match hylafax m|^130 Warning, client address \"[\d.]+\" is not listed for host name \"([-.\w]+)\"\.\r\n| p/HylaFAX/ i/IP unauthorized/ h/$1/ match ichat m|^\r\n Welcome To\r\n ichat ROOMS (\d[-.\w]+)\r\n==| p|^iChat Rooms| v|$1| match ident m|^flock\(\) on closed filehandle .*midentd| p/midentd/ i/broken/ match ident m|^nullidentd -- version (\d[-.\w]+)\nCopyright | p/Nullidentd/ v/$1/ i/broken/ -match imap m|^\* OK [-/.+\w]+ Solstice \(tm\) Internet Mail Server \(tm\) (\d[-.\w]+) IMAP4 service - at | p/Sun Solstice Internet Mail Server imapd/ v/$1/ -match imap m|^\* OK GroupWise IMAP4rev1 Server Ready\r\n| p/Novell GroupWise imapd/ +match imap m|^\* OK ([-/.+\w]+) Solstice \(tm\) Internet Mail Server \(tm\) (\d[-.\w]+) IMAP4 service - at | p/Sun Solstice Internet Mail Server imapd/ h/$1/ v/$2/ o/Unix/ +match imap m|^\* OK GroupWise IMAP4rev1 Server Ready\r\n| p/Novell GroupWise imapd/ o/Unix/ match imap m|^\* OK dbmail imap \(protocol version 4r1\) server (\d[-.\w]+) ready to run\r\n| p/DBMail imapd/ v/$1/ i/imapd version may differ from overal dbmail version number/ -match imap m|^\* OK [-.+\w]+ NetMail IMAP4 Agent server ready | p/Novell NetMail imapd/ +match imap m|^\* OK ([-.+\w]+) NetMail IMAP4 Agent server ready | p/Novell NetMail imapd/ h/$1/ o/Unix/ match imap m|^\* OK IMAP4 Server \(IMail (\d[-.\w]+)\)\r\n| p/IMail imapd/ v/$1/ -match imap m|^\* OK Merak (\d[-.\w]+) IMAP4rev1 | p/Merak Mail Server imapd/ v/$1/ i/Windows/ -match imap m|^\* OK [-.+\w]+ IMAP4rev1 Mercury/32 v(\d[-.\w]+) server ready\.\r\n| p|Mercury/32 imapd| v|$1| i|Win32| -match imap m|^\* OK [-.\w]+ IMAP4 service \(Netscape Messaging Server (\d[-.\w ]+) \(built ([\w ]+)\)\)\r\n| p/Netscape Messaging Server Imapd/ v/$1/ i/built $2/ -match imap m|^\* OK \[CAPABILITY .*\] [-.\w]+ IMAP4rev1 (20[\w.]+) at | p/UW imapd/ v/$1/ +match imap m|^\* OK Merak (\d[-.\w]+) IMAP4rev1 | p/Merak Mail Server imapd/ v/$1/ o/Windows/ +match imap m|^\* OK ([-.+\w]+) IMAP4rev1 Mercury/32 v(\d[-.\w]+) server ready\.\r\n| p|Mercury/32 imapd| h/$1/ v/$2/ o/Windows/ +match imap m|^\* OK ([-.\w]+) IMAP4 service \(Netscape Messaging Server (\d[-.\w ]+) \(built ([\w ]+)\)\)\r\n| p/Netscape Messaging Server Imapd/ h/$1/ v/$2/ i/built $3/ +match imap m|^\* OK \[CAPABILITY .*\] ([-.\w]+) IMAP4rev1 (20[\w.]+) at | p/UW imapd/ h/$1/ v/$2/ match imap m|^\* OK eXtremail V(\d[-.\w]+) release (\d+) IMAP4 server started\r\n| p/eXtremail IMAP server/ v/$1.$2/ -match imap m|^\* OK [-.\w]+ NetMail IMAP4 Agent server ready <.*>\r\n| p/Novell Netmail imapd/ +match imap m|^\* OK ([-.\w]+) NetMail IMAP4 Agent server ready <.*>\r\n| p/Novell Netmail imapd/ h/$1/ o/Unix/ # Alt-N MDaemon 6.5.1 imap server on Windows XP -match imap m|^\* OK [-.\w]+ IMAP4rev1 MDaemon (\d[-.\w]+) ready\r\n| p/Alt-N MDaemon imapd/ v/$1/ +match imap m|^\* OK ([-.\w]+) IMAP4rev1 MDaemon (\d[-.\w]+) ready\r\n| p/Alt-N MDaemon imapd/ v/$2/ h/$1/ # Dovecot IMAP Server - http://dovecot.procontrol.fi/ match imap m|^\* OK dovecot ready\.\r\n| p/Dovecot imapd/ match imap m|^\* OK.*?Courier-IMAP ready\. Copyright 1998-(\d+) Double Precision, Inc\. See COPYING for distribution information\.\r\n| p/Courier Imapd/ i/released $1/ match imap m|^\* OK \[CAPABILITY IMAP4rev1 .*?Courier-IMAP ready\. Copyright 1998-(\d+) Double Precision, Inc\. See COPYING for distribution information\.\r\n| p/Courier IMAP4rev1 Imapd/ i/released $1/ -match imap m|^\* OK CommuniGate Pro IMAP Server ([-.\w]+) at [-.\w]+ ready\r\n$| p/CommuniGate Pro imapd/ v/$1/ +match imap m|^\* OK CommuniGate Pro IMAP Server ([-.\w]+) at ([-.\w]+) ready\r\n$| p/CommuniGate Pro imapd/ h/$1/ v/$2/ # W-Imapd-SSL v2001adebian-6 -match imap m|^\* OK \[CAPABILITY IMAP4REV1 X-NETSCAPE LOGIN-REFERRALS STARTTLS AUTH=LOGIN\] \S+ IMAP4rev1 ([-.\w]+) at| p/UW-Imapd-SSL/ v/$1/ +match imap m|^\* OK \[CAPABILITY IMAP4REV1 X-NETSCAPE LOGIN-REFERRALS STARTTLS AUTH=LOGIN\](\S+) IMAP4rev1 ([-.\w]+) at| p/UW-Imapd-SSL/ h/$1/ v/$2/ match imap m|^\* OK Domino IMAP4 Server Release (\d[-.\w]+) +ready| p/Lotus Domino imapd/ v/$1/ -match imap m|^\* OK Microsoft Exchange IMAP4rev1 server version ([-.\w]+) | p/Microsoft Exchange IMAP4rev1 server/ v/$1/ -match imap m|^\* OK Microsoft Exchange 2000 IMAP4rev1 server version (\d[-.\w]+) \([-.\w]+\) ready\.\r\n| p/Microsoft Exchange 2000 IMAP4rev1 server/ v/$1/ +match imap m|^\* OK Microsoft Exchange IMAP4rev1 server version ([-.\w]+) | p/Microsoft Exchange IMAP4rev1 server/ v/$1/ o/Windows/ +match imap m|^\* OK Microsoft Exchange 2000 IMAP4rev1 server version (\d[-.\w]+) \([-.\w]+\) ready\.\r\n| p/Microsoft Exchange 2000 IMAP4rev1 server/ v/$1/ o/Windows/ match imap m|^\* OK \[CAPABILITY IMAP4REV1 .*IMAP4rev1 (200\d\.[-.\w]+) at| p/UW Imapd/ v/$1/ -match imap m|^\* OK [-.\w]+ Cyrus IMAP4 v([-.\w\+]+) server ready\r\n| p/Cyrus IMAP4/ v/$1/ -match imap m|^\* OK [-.\w]+ Cyrus IMAP4 Murder v([-.\w]+) server ready\r\n| p/Cyrus IMAP4 Murder/ v/$1/ +match imap m|^\* OK ([-.\w]+) Cyrus IMAP4 v([-.\w\+]+) server ready\r\n| p/Cyrus IMAP4/ h/$1/ v/$2/ +match imap m|^\* OK ([-.\w]+) Cyrus IMAP4 Murder v([-.\w]+) server ready\r\n| p/Cyrus IMAP4 Murder/ h/$1/ v/$2/ match imap m|^\* OK Welcome to Binc IMAP v(\d[-.\w]+)| p/Binc IMAPd/ v/$1/ -match imap m|^\* OK [-.\w]+ IMAP4rev1 AppleMailServer (\d[-.\w]+) ready\r\n| p/AppleMailServer imapd/ v/$1/ -match imap m|^\* BYE Connection refused\r\n| p/Microsoft Exchange IMAP server/ i/refused/ +match imap m|^\* OK ([-.\w]+) IMAP4rev1 AppleMailServer (\d[-.\w]+) ready\r\n| p/AppleMailServer imapd/ h/$1/ v/$2/ +match imap m|^\* BYE Connection refused\r\n| p/Microsoft Exchange IMAP server/ i/refused/ o/Windows/ +match imap m/^\* OK IMAP4rev1 Server Classic Hamster (Vr.|Version) [\d.]+ \(Build ([\d.]+)\) greets you!\r\n/ p/Classic Hamster imapd/ v/$2/ o/Windows/ + softmatch imap m/^\* OK [-.\w,:+ ]+imap[-.\w,:+ ]+\r\n$/i # Cyrus IMSPD match imsp m|^\* OK Cyrus IMSP version (\d[-.\w]+) ready\r\n$| p/Cyrus IMSPd/ v/$1/ -match imap m|^\* OK Microsoft Exchange Server ([\d]+) IMAP4rev1 server version (\d[-.\w]+) \([-.\w]+\) ready\.\r\n| p/Microsoft Exchange Server $1/ v/$2/ +match imap m|^\* OK Microsoft Exchange Server ([\d]+) IMAP4rev1 server version (\d[-.\w]+) \([-.\w]+\) ready\.\r\n| p/Microsoft Exchange Server $1/ v/$2/ o/Windows/ # ircd-hybrid 7 on Linux match irc m|^NOTICE AUTH :\*\*\* Looking up your hostname\.\.\.\r\nNOTICE AUTH :\*\*\* Checking Ident\r\nNOTICE AUTH :\*\*\* Got Ident response\r\nNOTICE AUTH :\*\*\* Couldn't look up your hostname\r\n$| p/Hybrid ircd/ +match irc m|^NOTICE AUTH :\*\*\* Looking up your hostname\.\.\.\r\nNOTICE AUTH :\*\*\* Checking Ident\r\nNOTICE AUTH :\*\*\* Found your hostname\r\n$| p/Hybrid ircd/ + # Hybrid6/PTlink6.15.0 ircd on Linux match irc m|^NOTICE AUTH :\*\*\* Looking up your hostname\.\.\.\r\nNOTICE AUTH :\*\*\* Found your hostname\r\n$| p/Hybrid ircd/ # ircd 2.8/hybrid-6.3.1 on Linux @@ -309,27 +333,27 @@ match irc-proxy m|^:dircproxy NOTICE AUTH :Looking up your hostname\.\.\.\r\n:di # dirkproxy (modificated dircproxy) match irc-proxy m|^:dirkproxy NOTICE AUTH :Looking up your hostname\.\.\.\r\n:dirkproxy NOTICE AUTH :Got your hostname\.\r\n| p/dirkproxy/ # Unreal IRCD Server version 3.2 beta 17 -match irc m|^:[-.\w]+ NOTICE AUTH :\*\*\* Looking up your hostname\.\.\.\r\n| p/Unreal ircd/ +match irc m|(^:[-.\w]+) NOTICE AUTH :\*\*\* Looking up your hostname\.\.\.\r\n| p/Unreal ircd/ h/$1/ # dancer-ircd 1.0.31+maint8-1 match irc m|^NOTICE AUTH :\*\*\* Looking up your hostname\.\.\.\r\nNOTICE AUTH :\*\*\* Checking ident\r\nNOTICE AUTH :\*\*\* No identd \(auth\) response\r\nNOTICE AUTH :\*\*\* Found your hostname\r\n$| p/Dancer ircd/ match irc m|^NOTICE AUTH :\*\*\* Looking up your hostname\.\.\.\r\nNOTICE AUTH :\*\*\* Found your hostname, welcome back\r\nNOTICE AUTH :\*\*\* Checking ident\r\nNOTICE AUTH :\*\*\* No identd \(auth\) response\r\n| p/Dancer ircd/ match irc m|^NOTICE AUTH :\*\*\* Checking Ident\r\nNOTICE AUTH :\*\*\* Got ident response\r\n| p/ircu Undernet IRCd/ # Bitlbee ircd 0.80 -match irc m|^:[-.\w]+ NOTICE AUTH :BitlBee-IRCd initialized, please go on\r\n| p/BitlBee IRCd/ +match irc m|(^:[-.\w]+) NOTICE AUTH :BitlBee-IRCd initialized, please go on\r\n| p/BitlBee IRCd/ h/$1/ # PTlink6.15.2 on Linux 2.4 match irc m|^NOTICE AUTH :\*\*\* Hostname lookup disabled, using your numeric IP\r\nNOTICE AUTH :\*\*\* Checking Ident\r\n| p/PTlink ircd/ -match irc m|^:[-.+\w]+ NOTICE AUTH :\*\*\* Looking up your hostname\.\.\.\n:[-.+\w]+ NOTICE AUTH :\*\*\* Checking Ident\n:[-.+\w]+ NOTICE AUTH :\*\*\* Found your hostname\n| p/Bahamut Dalnet ircd/ i/derived from DreamForge and Hybrid/ +match irc m|(^:[-.+\w]+) NOTICE AUTH :\*\*\* Looking up your hostname\.\.\.\n:[-.+\w]+ NOTICE AUTH :\*\*\* Checking Ident\n:[-.+\w]+ NOTICE AUTH :\*\*\* Found your hostname\n| p/Bahamut Dalnet ircd/ i/derived from DreamForge and Hybrid/ h/$1/ match irc-proxy m|^:Welcome!psyBNC@lam3rz\.de NOTICE \* :psyBNC([-.\w]+)\r\n| p/psyBNC/ v/$1/ # ISS RealSecure Server Sensor for Windows 6.5 on Windows NT 4.0 Server SP6a # ISS RealSecure ServerSensor 7.0 on Windows 2000 Server # ISS RealSecure Server Sensor 6.0 on Windows NT 4.0 Server SP6a # ISS RealSecure Server Sensor 7.0 issdaemon on Microsoft Windows NT Workstation with SP6a -match issrealsecure m|^\0\0\0.\x08\x01\x03\x01\0.\x02\0\0..\0\0.\0\0\0..\0\0\x80\x04..\0.\0\xa0|s p/ISS RealSecure IDS/ i/Windows/ -match issrealsecure m|^\0\0\0.\x08\x01\x04\x01\0..\0\0..\0\0.\0\0\0..\0\0\x80\x04..\0.\0\xa0\0\0\0\0\0.\0\0\xa4\0\0|s p/ISS RealSecure IDS ServerSensor/ v/6.0 - 7.0/ i/Windows/ +match issrealsecure m|^\0\0\0.\x08\x01\x03\x01\0.\x02\0\0..\0\0.\0\0\0..\0\0\x80\x04..\0.\0\xa0|s p/ISS RealSecure IDS/ o/Windows/ +match issrealsecure m|^\0\0\0.\x08\x01\x04\x01\0..\0\0..\0\0.\0\0\0..\0\0\x80\x04..\0.\0\xa0\0\0\0\0\0.\0\0\xa4\0\0|s p/ISS RealSecure IDS ServerSensor/ v/6.0 - 7.0/ o/Windows/ # I've only seen 1 example of the following. Probably not general enough -match issrealsecure m|^\0\0\x01/\x08\x01\x03\x01\x01'\x04\0\0\0\x18\0\0\xa4\0\0\0f\x02\0\0\x80\x04\x06\0\0\x80\0\xa05Microsoft Enhanced RSA and AES Cryptographic Provider|s p/ISS Realsecure Workgroup Manager/ +match issrealsecure m|^\0\0\x01/\x08\x01\x03\x01\x01'\x04\0\0\0\x18\0\0\xa4\0\0\0f\x02\0\0\x80\x04\x06\0\0\x80\0\xa05Microsoft Enhanced RSA and AES Cryptographic Provider|s p/ISS Realsecure Workgroup Manager/ o/Windows/ match klogin m|^\x01klogind: (All authentication systems disabled; connection refused)\.\.\r\n| p/MIT Kerberos klogin/ i/broken - $1/ -match lmtp m|^220 [-.\w]+ LMTP Cyrus v(\d[-.\w]+) ready\r\n| p/Cyrus Imap Daemon LMTP/ v/$1/ +match lmtp m|^220 ([-.\w]+) LMTP Cyrus v(\d[-.\w]+) ready\r\n| p/Cyrus Imap Daemon LMTP/ h/$1/ v/$2/ # LSMS VPN Firewall GUI admin port # LSMS Redundancy port match lucent-fwadm m|^0001;2$| p/Lucent Secure Management Server/ @@ -348,7 +372,7 @@ match mldonkey m|^\xff\xfd\x1fWelcome to MLdonkey\n\x1b\[34mWelcome on mldonkey # Microsoft ActiveSync Version 3.7 Build 3083 (It's used for syncing # my ipaq it disapears when you remove the ipaq.) -match msactivesync m|^\x16\0\x01\0\$\0U\0P\0T\0O\0D\0A\0T\0E\0\$\0\0\0$| p/Microsoft ActiveSync/ +match msactivesync m|^\x16\0\x01\0\$\0U\0P\0T\0O\0D\0A\0T\0E\0\$\0\0\0$| p/Microsoft ActiveSync/ o/Windows/ match mud m|^\n\r\xff\xfbUDo you want ANSI color\? \(Y/n\) $| p|ROM-based MUD| i|http://rrp.rom.org/| match mysql m/^.\0\0\0\xffj\x04Host .* is not allowed to connect to this MySQL server$/ p/MySQL/ i/unauthorized/ @@ -357,46 +381,50 @@ match mysql m|^.\0\0\0\xffi\x04Host .* is blocked because of many connection err match mysql m/^.\0\0\0...Al sistema '[-.\w]+' non e` consentita la connessione a questo server MySQL$/ p/MySQL/ match mysql m/^.\0\0\0.(3\.[-.\w]+)\0.*\x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0$/s p/MySQL/ v/$1/ match mysql m/^.\0\0\0\n(3\.[-.\w]+)\0...\0/s p/MySQL/ v/$1/ -# r(NULL,2B,"'\0\0\0\n4.0.13\0\xdf\xbc\x02\0SC7)fHu5\0, \x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0") +# r(null,2B,"'\0\0\0\n4.0.13\0\xdf\xbc\x02\0SC7)fHu5\0, \x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0") match mysql m/^.\0\0\0\n(4\.[-.\w]+)\0...\0/s p/MySQL/ v/$1/ -match ncacn_http m|^ncacn_http/([\d.]+)$| p/Microsoft Windows RPC over HTTP/ v/$1/ +match ncacn_http m|^ncacn_http/([\d.]+)$| p/Microsoft Windows RPC over HTTP/ v/$1/ o/Windows/ # NCD Thinstar 300 running NCD Software 2.31 build 6 match ncd-diag m|^WinCE/WBT Diagnostic port\n\rSerial Number: (\w+) MAC Address: 0000(\w+)\s+.*CPU info: ([ -.+\w/ ]+)\r\n.*(Windows CE Kernel[-.+:\w ]+)\r|s p|NCD Thinster Terminal Diagnostic port| i|Serial# $1; MAC: $2; CPU: $3; $4| -match netdevil m|^pass_pleaz$| p/Net-Devil backdoor/ i/Windows **TROJAN**/ +match netdevil m|^pass_pleaz$| p/Net-Devil backdoor/ i/**TROJAN**/ o/Windows/ match netsaint m|^Sorry, you \(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\) are not among the allowed hosts\.\.\.\n$| p/Netsaint status daemon/ # I love this service: -match netstat m|^Active Internet connections \(.*\)\nProto Recv-Q Send-Q Local Address Foreign Address State \n| p/Linux Netstat/ -match netstat m|^netstat: invalid option -- f\nusage: netstat \[-veenNcCF\]| p/Linux netstat/ i/broken/ +match netstat m|^Active Internet connections \(.*\)\nProto Recv-Q Send-Q Local Address Foreign Address State \n| o/Linux/ +match netstat m|^netstat: invalid option -- f\nusage: netstat \[-veenNcCF\]| p/Linux netstat/ i/broken/ o/Linux/ + +match netbus m|^NetBus ([\d.]+).*\r$| p/NetBus trojan/ v/$1/ o/Windows/ match nntp m|^nnrpd: invalid option -- S\nUsage error\.\n| p/INN NNTPd/ i/broken/ match nntp m|^502 You have no permission to talk\. Goodbye.\r\n$| p/INN NNTPd/ i/unauthorized/ -match nntp m|^200 [-.\w]+ NNTP Service Ready - ([-.\w]+@[-.\w]+) \(DIABLO (\d[-.\w ]+)\)\r\n| p/Diablo NNTP service/ v/$2/ i/Admin: $1/ -match nntp m|^200 NNTP Service (\d[-.\w ]+) Version: (\d[-.\w ]+) Posting Allowed \r\n| p/Microsoft NNTP Service/ v/$2/ i/posting ok/ -match nntp m|^200 [-.\w]+ DNEWS Version (\d[-.\w]+).*posting OK \r\n| p/Netwinsite DNEWS/ v/$1/ i/posting OK/ +match nntp m|^200 ([-.\w]+) NNTP Service Ready - ([-.\w]+@[-.\w]+) \(DIABLO (\d[-.\w ]+)\)\r\n| p/Diablo NNTP service/ h/$1/ v/$3/ i/Admin: $2/ +match nntp m|^200 NNTP Service (\d[-.\w ]+) Version: (\d[-.\w ]+) Posting Allowed \r\n| p/Microsoft NNTP Service/ v/$2/ i/posting ok/ o/Windows/ +match nntp m|^200 ([-.\w]+) DNEWS Version (\d[-.\w]+).*posting OK \r\n| p/Netwinsite DNEWS/ h/$1/ v/$2/ i/posting OK/ match nntp m|^200 Leafnode NNTP Daemon, version (\d[-.\w]+) running at| p/Leafnode NNTPd/ v/$1/ -match nntp m|^200 Lotus Domino NNTP Server for ([-./\w]+) \(Release (\d[-.\w]+), .*\) - Not OK to post\r\n$| p/Lotus Domino nntpd/ v/$2/ i/on $1; posting denied/ -match nntp m|^200 Lotus Domino NNTP Server for ([-./\w]+) \(Release (\d[-.\w]+), .*\) - OK to post\r\n$| p/Lotus Domino nntpd/ v/$2/ i/on $1; posting ok/ -softmatch nntp m|^200 [-\[\]\(\)!,/+:<>@.\w ]*nntp[-\[\]\(\)!,/+:<>@.\w ]*\r\n$| -# Windows 2000 Server read: -match nntp m|^200 NNTP Service 5\.00\.0984 Version: (5\.0\.2159.1) Posting Allowed \r\n| p/Microsoft NNTP Service/ v/$1/ i/posting OK/ -match nntp m|^200 NNTP Service Microsoft\xae Internet Services \d[-.\w]+ Version: (\d[-.\w]+) Posting Allowed \r\n| p/Microsoft NNTP Service/ v/$1/ i/posting OK/ -match nntp m|^502 Connection refused\r\n| p/Microsoft NNTP Service/ i/refused/ +match nntp m|^200 Lotus Domino NNTP Server for ([-./\w]+) \(Release (\d[-.\w]+), .*\) - Not OK to post\r\n$| p/Lotus Domino nntpd/ v/$2/ i/posting denied/ o/$1/ +match nntp m|^200 Lotus Domino NNTP Server for ([-./\w]+) \(Release (\d[-.\w]+), .*\) - OK to post\r\n$| p/Lotus Domino nntpd/ v/$2/ i/posting ok/ o/$1/ + +match nntp m|^200 NNTP Service 5\.00\.0984 Version: (5\.0\.2159.1) Posting Allowed \r\n| p/Microsoft NNTP Service/ v/$1/ i/posting OK/ o/Windows 2000/ +match nntp m|^200 NNTP Service Microsoft\xae Internet Services (\d[-.\w]+) Version: (\d[-.\w]+) Posting Allowed \r\n| p/Microsoft NNTP Service $1/ v/$2/ i/posting OK/ o/Windows/ +match nntp m|^502 Connection refused\r\n| p/Microsoft NNTP Service/ i/refused/ o/Windows/ # Windows NT 4.0 SP5-SP6 -match nntp m|^200 Microsoft Exchange Internet News Service Version (5\.5\.[.\d]+) \(posting allowed\)\r\n| p/Microsoft Exchange Internet News Service/ v/$1/ i/posting allowed/ -#match nntp m|^200 [-.\w]+ InterNetNews NNRP server INN (\d[-.\w]+) ready \(posting ok\)\.\r\n| v/InterNetNews (INN)/$1/posting ok/ -match nntp m|^200 [-.\w]+ InterNetNews NNRP server INN (\d[-.\w ]+) ready \(posting ok\)\.\r\n| p/InterNetNews (INN)/ v/$1/ i/posting ok/ -match nntp m|^200 NNTP-Server Classic Hamster Vr\. \d[-.\w ]+ \(Build (\d[-.\w ]+)\) \(post ok\) says: Hi!\r\n| p/Classic Hamster NNTPd/ v/$1/ i/for Windows; posting ok/ -match nntp m|^200 ArGoSoft News Server for WinNT/2000/XP v ([\d.]+) ready\r\n| p/ArGoSoft nntpd/ v/$1/ i/Win32/ +match nntp m|^200 Microsoft Exchange Internet News Service Version (5\.5\.[.\d]+) \(posting allowed\)\r\n| p/Microsoft Exchange Internet News Service/ v/$1/ i/posting allowed/ o/Windows/ +#match nntp m|^200 ([-.\w]+) InterNetNews NNRP server INN (\d[-.\w]+) ready \(posting ok\)\.\r\n| v/InterNetNews (INN)/$2/posting ok/ h/$1/ +match nntp m|^200 ([-.\w]+) InterNetNews NNRP server INN (\d[-.\w ]+) ready \(posting ok\)\.\r\n| p/InterNetNews (INN)/ h/$1/ v/$2/ i/posting ok/ +match nntp m|^200 ArGoSoft News Server for WinNT/2000/XP v ([\d.]+) ready\r\n| p/ArGoSoft nntpd/ v/$1/ o/Windows/ +match nntp m|^400 No space left on device writing SMstore file -- throttling\r\n| p/InterNetNews (INN)/ i/HDD full/ +match nntp m/^200 NNTP-Server Classic Hamster (Vr\.|Version) \d[-.\w ]+ \(Build (\d[-.\w ]+)\) \(post ok\) says: Hi!\r\n/ p/Classic Hamster NNTPd/ v/$2/ i/posting ok/ o/Windows/ # Netware News Server match nntp m|^200 ([\w.-_]+) NetWare-News-Server/([\d.]+) 'LDNUM' NNRP ready \(posting ok\)\.\r\n| p/NetWare nntpd/ v/$2/ h/$1/ +match nntp m|^200 Leafnode NNTP daemon, version ([\w.]+) at ([\w-_.]+) \r\n| p/Leafnode nntpd/ v/$1/ h/$2/ +softmatch nntp m|^200 [-\[\]\(\)!,/+:<>@.\w ]*nntp[-\[\]\(\)!,/+:<>@.\w ]*\r\n$| # Windows 2000 Server Windows Media Unicast Service (NsUnicast) - Nsum.exe -match nsunicast m|^4\0\0\0V4\x12\0\0\0\0\0\0\0\0\x004\0\0\0\x04\0\xf0\0\xd3\x07\t\0.\0.\0.\0.\0.\0..\0\0\0\0.\0\0\0.\0\0\0\x02\0|s p/Microsoft Windows Media Unicast Service/ i/nsum.exe/ -match nsunicast m|^[4f]\0\0\0V4\x12\0\0\0\0\0\0\0\0\x00[4f]\0\0\0.\0\xf0\0\xd3\x07\t\0.\0.\0.\0.\0.\0..\0\0\0\0.\0\0\0..\0\0.\0|s p/Microsoft Windows Media Unicast Service/ i/nsum.exe/ +match nsunicast m|^4\0\0\0V4\x12\0\0\0\0\0\0\0\0\x004\0\0\0\x04\0\xf0\0\xd3\x07\t\0.\0.\0.\0.\0.\0..\0\0\0\0.\0\0\0.\0\0\0\x02\0|s p/Microsoft Windows Media Unicast Service/ i/nsum.exe/ o/Windows/ +match nsunicast m|^[4f]\0\0\0V4\x12\0\0\0\0\0\0\0\0\x00[4f]\0\0\0.\0\xf0\0\xd3\x07\t\0.\0.\0.\0.\0.\0..\0\0\0\0.\0\0\0..\0\0.\0|s p/Microsoft Windows Media Unicast Service/ i/nsum.exe/ o/Windows/ -match pcanywheredata m/^\0X\x08\0\}\x08\r\n\0\.\x08.*\.\.\.\r\n/s p/PCAnywhere/ +match pcanywheredata m/^\0X\x08\0\}\x08\r\n\0\.\x08.*\.\.\.\r\n/s p/PCAnywhere/ o/Windows/ match pbmasterd m|^pbmasterd(\d[-.\w]+)@[-.+\w]+: | p/Symark Power Broker pbmasterd/ v/$1/ i/privilege separation software/ match pblocald m|^pblocald(\d[-.\w]+)@[-.+\w]+: | p/Symark Power Broker pblocald/ v/$1/ i/privilege separation software/ @@ -408,88 +436,100 @@ match pop2 m|^\+ POP2 [-\[\].\w]+ v(20[-.\w]+) server ready\r\n$| p/UW POP2 serv match pop3 m|^\+OK POP3 AnalogX Proxy (\d[-.\w]+) \(Release\) ready\.\n$| p/AnalogX POP3 proxy/ v/$1/ # Novell Groupwise 6.0.1 -match pop3 m|^\+OK GroupWise POP3 server ready\r\n$| p/Novell GroupWise pop3d/ +match pop3 m|^\+OK GroupWise POP3 server ready\r\n$| p/Novell GroupWise pop3d/ o/Unix/ match pop3 m|^\+OK Ready when you are <200\d+\.| p/Hotmail Popper hotmail to pop3 gateway/ match pop3 m|^\+OK Internet Rex POP3 server ready <| p/Internet Rex Pop3 server/ match pop3 m|^\+OK DBMAIL pop3 server ready to rock <| p/DBMail pop3d/ match pop3 m|^\+OK POP3 POPFile \(v(\d[-.\w]+)\) server ready\r\n| p/popfile pop3d/ v/$1/ # Dots in Revision to prevent MY CVS from screwing it up -match pop3 m|^\+OK [-.+\w]+ NetMail POP3 Agent \$Re..sion: ([\d.]+) \$\r\n| p/Novell NetMail pop3d/ i/File revision: $1/ -match pop3 m|^\+OK [-.+\w]+ Merak (\d[-.\w]+) POP3 | p/Merak mail server pop3d/ v/$1/ +match pop3 m|^\+OK ([-.+\w]+) NetMail POP3 Agent \$Re..sion: ([\d.]+) \$\r\n| p/Novell NetMail pop3d/ h/$1/ v/$2/ o/Unix/ +match pop3 m|^\+OK ([-.+\w]+) Merak (\d[-.\w]+) POP3 | p/Merak mail server pop3d/ h/$1/ v/$2/ # Mercury/32 3.32 pop3 Server module on Windows XP -match pop3 m|^\+OK <\d{6,10}\.\d{4,6}@[-.+\w]+>, POP3 server ready\.\r\n| p|Mercury/32 pop3d| i|Win32| +match pop3 m|^\+OK <\d{6,10}\.\d{4,6}@([-.+\w]+)>, POP3 server ready\.\r\n| p|Mercury/32 pop3d| o|Windows| h|$1| # gnu/mailutils pop3d 0.3.2 on Linux -match pop3 m|^\+OK POP3 Ready <\d{3,6}\.1[012]\d{8}@[-.\w]+>\r\n| p|GNU mailutils pop3d| +match pop3 m|^\+OK POP3 Ready <\d{3,6}\.1[012]\d{8}@([-.\w]+)>\r\n| p|GNU mailutils pop3d| h|$1| # Solid POP3 Server 0.15 on Linux 2.4 -match pop3 m|^\+OK Solid POP3 server ready <\d{3,6}\.1[012]\d{8}@[-.\w]+>\r\n| p/Solid pop3d/ +match pop3 m|^\+OK Solid POP3 server ready\r\n| p/Solid pop3d/ +match pop3 m|^\+OK Solid POP3 server ready <\d{3,6}\.1[012]\d{8}@([-.\w]+)>\r\n| p/Solid pop3d/ h/$1/ # Cyrus POP3 v2.0.16 -match pop3 m|^\+OK [-.\w]+ Cyrus POP3 v(\d[-.\w\+]+) server ready ?\r\n| p/Cyrus POP3/ v/$1/ -match pop3 m|^\+OK [-.\w]+ Cyrus POP3 Murder v(\d[-.\w\+]+) server ready ?\r\n| p/Cyrus POP3 Murder/ v/$1/ +match pop3 m|^\+OK ([-.\w]+) Cyrus POP3 v(\d[-.\w\+]+) server ready ?\r\n| p/Cyrus POP3/ h/$1/ v/$2/ +match pop3 m|^\+OK ([-.\w]+) Cyrus POP3 Murder v(\d[-.\w\+]+) server ready ?\r\n| p/Cyrus POP3 Murder/ h/$1/ v/$2/ +# pop3d (GNU Mailutils 0.3) on Linux 2.4 +match pop3 m|^\+OK POP3 Ready <\d{3,6}\.1[012]\d{8}@(\w+)>\r\n| p/GNU Mailutils pop3d/ h/$1/ +# Solid POP3 Server 0.15_1 on FreeBSD +match pop3 m|^\+OK ([\w\d-_]+\.[\w\d-_.]+) POP3 <\d{3,6}\.1[012]\d{8}@[-.\w]+>\r\n| p/Solid pop3d/ h/$1/ # pop3d (GNU Mailutils 0.3) on Linux 2.4 match pop3 m|^\+OK POP3 Ready <\d{3,6}\.1[012]\d{8}@\w+>\r\n| p/GNU Mailutils pop3d/ # dovecot 0.99.10 on Linux 2.4 match pop3 m|^\+OK dovecot ready\.\r\n| p/Dovecot pop3d/ # teapop 0.3.5 on Linux 2.4 -match pop3 m|^\+OK Teapop \[v(\d[-.\w ]+)\] - Teaspoon stirs around again .*\r\n| p/Teapop pop3d/ v/$1/ +match pop3 m|^\+OK Teapop \[v?(\d[-.\w ]+)\] - Teaspoon stirs around again .*\r\n| p/Teapop pop3d/ v/$1/ # Qpopper v4.0.5 on Linux 2.4.19 match pop3 m|^\+OK ready \r\n$| p/Qpopper pop3d/ # Jana Server 1.45 on WIn98 -match pop3 m|^\+OK POP3 server ready \r\n| p/Jana POP3 server/ i/Windows/ -match pop3 m|^\+OK AppleMailServer (\d[-.\w]+) POP3 server at [-.\w]+ ready <\d| p/AppleMailServer pop3d/ v/$1/ -match pop3 m|\+OK <10\d+\.\d+@[-.\w]+> \[XMail (\d[-.\w]+) \(([-./\w]+)\) POP3 Server\] service ready; | p/XMail pop3 server/ v/$1/ i/on $2/ +match pop3 m|^\+OK POP3 server ready \r\n| p/Jana POP3 server/ o/Windows/ +match pop3 m|^\+OK AppleMailServer (\d[-.\w]+) POP3 server at ([-.\w]+) ready <\d| p/AppleMailServer pop3d/ h/$1/ v/$2/ +match pop3 m|\+OK <10\d+\.\d+@([-.\w]+)> \[XMail (\d[-.\w]+) \(([-./\w]+)\) POP3 Server\] service ready; | p/XMail pop3 server/ h/$1/ v/$2/ o/$3/ # Mail-Enable pop3 server 1.704 match pop3 m|^\+OK Welcome to MailEnable POP3 Server\r\n| p/MailEnable POP3 Server/ -match pop3 m|^\+OK [-.\w]+ running Eudora Internet Mail Server (\d[-.\w]+) <.*>\r\n| p/Eudora Internet Mail Server pop3d/ v/$1/ +match pop3 m|^\+OK ([-.\w]+) running Eudora Internet Mail Server (\d[-.\w]+) <.*>\r\n| p/Eudora Internet Mail Server pop3d/ h/$1/ v/$2/ # Qpopper 4.0.3 on Linux # QPopper 4.0.4 FreeBSD -match pop3 m|^\+OK ready <\d{1,5}\.10\d{8}@[-.\w]+>\r\n| p/Qualcomm Qpopper pop3d/ +match pop3 m|^\+OK ready <\d{1,5}\.10\d{8}@([-.\w]+)>\r\n| p/Qualcomm Qpopper pop3d/ h/$1/ match pop3 m|^\+OK POP3 Welcome to GNU POP3 Server Version (\d[-.\w]+) <.*>\r\n| p/GNU POP3 Server/ v/$1/ match pop3 m|^\+OK eXtremail V(\d[-.\w]+) release (\d+) POP3 server ready <.*>\r\n| p/eXtremail pop3d/ v/$1.$2/ match pop3 m|^\+OK POP3 Welcome to vm-pop3d (\d[-.\w]+) <.*>\r\n| p/vm-pop3d/ v/$1/ i/derived from gnu-pop3d/ # tpop3d v1.4.2 on Linux - http://www.ex-parrot.com/~chris/tpop3d/ -match pop3 m|^\+OK <[\da-f]{32}@[-.\w]+>\r\n| p/tpop3d/ +match pop3 m|^\+OK <[\da-f]{32}@([-.\w]+)>\r\n| p/tpop3d/ h/$1/ match pop3 m|^\+OK UCB based pop server \(version (\d[-.\w]+) at sionisten\) starting\.\r\n| p/Heimdal kerberized pop3/ v/$1/ i/UCB-pop3 derived/ # VPOP3 (Virtual POP3 server) 2.0.0d on Windows 2000 match pop3 m|^\+OK VPOP3 Server Ready <.*>\r\n| p/PSCS VPop3/ match pop3 m|^\+OK Lotus Notes POP3 server version ([-.\w]+) ready .* on ([^/]+)/([^\.]+)\.\r\n| p/Lotus Domino POP3 server/ v/$1/ i/CN=$2;Org=$3/ match pop3 m|^\+OK Lotus Notes POP3 server version ([-.\w]+) ready on | p/Lotus Domino POP3 server/ v/$1/ match pop3 m|^\+OK POP3 hotwayd v(\d[-.\w]+) -> The POP3-HTTPMail Gateway\.| p/hotwayd pop3d/ v/$1/ -match pop3 m|^\+OK [-.\w]+ POP3 service \(Netscape Messaging Server (\d[^(]+) \(built ([\w ]+)\)\)\r\n| p/Netscape Messenging Server pop3/ v/$1/ i/built on $2/ -match pop3 m/^\+OK [-.\w]+ Cyrus POP3 v(\d[-.\w]+) server ready \r\n$/ p/qmail-pop3d/ +match pop3 m/^\+OK <\d{1,5}\.10\d{8}@[-.\w]+>\r\n$/ p/qmail-pop3d/ o/Unix/ # Courier Pop3 courier-pop3d-0.42.0-1.7.3 match pop3 m|^\+OK Hello there\.\r\n$| p/Courier pop3d/ -match pop3 m/^\+OK [-.\w]+ VisNetic.MailServer.v([-.\w]+) POP3 / p/VisNetic MailServer pop3d/ v/$1/ -match pop3 m/^\+OK [-.\w]+ POP3 server \(Post\.Office v([-.\w]+) release ([-.\w]+) with ZPOP version ([-.\w]+)\) ready / p|Post.Office pop3d| v|$1 release $2| i|w/ZPOP $3| +match pop3 m/^\+OK ([-.\w]+) VisNetic.MailServer.v([-.\w]+) POP3 / p/VisNetic MailServer pop3d/ h/$1/ v/$2/ +match pop3 m/^\+OK ([-.\w]+) POP3 server \(Post\.Office v([-.\w]+) release ([-.\w]+) with ZPOP version ([-.\w]+)\) ready / p|Post.Office pop3d| h|$1| v|$2 release $3| i|w/ZPOP $4| match pop3 m/^\+OK CommuniGate Pro POP3 Server ([-.\w]+) ready/ p/CommuniGate Pro/ v/$1/ match pop3 m/^\+OK\r\n$/ p/Openwall popa3d/ -match pop3 m|^\+OK [-.\w]+ MultiNet POP3 Server Process V(\S+) at| p/DEC OpenVMS MultiNet pop3d/ v/$1/ -match pop3 m|^\+OK <.*>, MercuryP/NLM v(\d[-.\w]+) ready.\r\n$| p/Mercury POP3 server/ v/$1/ i/on Novell Netware/ -match pop3 m|^\+OK Microsoft Windows POP3 Service Version 1.0 <| p/Microsoft Windows 2003 POP3 Service/ v/1.0/ -match pop3 m|^\+OK POP3 [-.\w]+ v?(200\d\.[-.\w]+) server ready\r\n| p/UW Imap pop3 server/ v/$1/ +match pop3 m|^\+OK ([-.\w]+) MultiNet POP3 Server Process V(\S+) at| p/DEC OpenVMS MultiNet pop3d/ h/$1/ v/$2/ +match pop3 m|^\+OK <.*>, MercuryP/NLM v(\d[-.\w]+) ready.\r\n$| p/Mercury POP3 server/ v/$1/ o/Netware/ +match pop3 m|^\+OK Microsoft Windows POP3 Service Version 1.0 <| p/Microsoft Windows 2003 POP3 Service/ v/1.0/ o/Windows 2000/ +match pop3 m|^\+OK POP3 ([-.\w]+) v?(200\d\.[-.\w]+) server ready\r\n| p/UW Imap pop3 server/ h/$1/ v/$2/ match pop3 m|^\+OK POP3 server ready <\w{11}>\r\n$| p/WebSTAR pop-3 server/ -match pop3 m|^\+OK TrendMicro IMSS (\d[-.\w ]+) POP3 Proxy at [-.\w]+\r\n| p/TrendMicro IMSS virus scanning POP3 proxy/ v/$1/ +match pop3 m|^\+OK TrendMicro IMSS (\d[-.\w ]+) POP3 Proxy at ([-.\w]+)\r\n| p/TrendMicro IMSS virus scanning POP3 proxy/ h/$1/ v/$2/ match pop3 m|^\+OK Kerio MailServer (\d[-.\w]+) POP3 server ready <([-.\w@:]+)>\r\n$| p/Kerio MailServer POP3 Server/ v/$1/ i/$2/ +match pop3 m/^\+OK POP3-Server Classic Hamster (Vr\.|Version) [\d.]+ \(Build ([\d.]+)\) greets you! <.*>\r\n/ p/Classic Hamster pop3d/ v/$2/ o/Windows/ +match pop3 m|^\+OK Stalker POP3 Server ([\w.]+) at ([\w-_.]+) ready <.*>\r\n| p/Stalker pop3d/ v/$1/ h/$2/ o/Mac OS/ +match pop3 m|^\+OK ([\w-_.]+) POP3 service \(iPlanet Messaging Server ([\w-_.\s]+) \(built .*\)\)\r\n| p/iPlanet pop3d/ v/$2/ h/$2/ +match pop3 m|^\+OK Messaging Multiplexor \(iPlanet Messaging Server ([\w-_.\s]+) \(built .*\)\)\r\n| p/iPlanet messaging multiplexor/ v/$1/ + + softmatch pop3 m|^\+OK [-\[\]\(\)!,/+:<>@.\w ]+\r\n$| # http://echelon.pl/pubs/poppassd.html @@ -497,17 +537,20 @@ softmatch pop3 m|^\+OK [-\[\]\(\)!,/+:<>@.\w ]+\r\n$| # it changes the password of the user. # poppassd 1.8.1 match pop3pw m|^200 ([-.\w]+ )?poppassd v(\d[-.\w]+) hello, who are you\?\r\n| p|Poppassd| v|$2| i|http://echelon.pl/pubs/poppassd.html| +match pop3pw m|^200 poppassd hello, who are you\?\r\n| p/poppassd/ match pop3pw m|^200 courierpassd v(\d[-.\w]+) hello, who are you\?\r\n| p/Courierpassd pop3 password change daemon/ -match pop3pw m|^200 [-.+\w]+ MercuryW PopPass server ready\.\r\n| p|Mercury/32 poppass service| i|Win32| -match pop3pw m|^200 X1 NT-PWD Server [-.+\w]+ \(IMail (\d[-.\w]+)\)\r\n| p/IPSwitch Imail pop3 password change daemon/ v/$1/ i/Windows/ +match pop3pw m|^200 ([-.+\w]+) MercuryW PopPass server ready\.\r\n| p|Mercury/32 poppass service| o|Windows| h|$1| +match pop3pw m|^200 X1 NT-PWD Server ([-.+\w]+) \(IMail (\d[-.\w]+)\)\r\n| p/IPSwitch Imail pop3 password change daemon/ h/$1/ v/$2/ o/Windows/ match pop3pw m|^200 CommuniGate Pro PWD Server (\d[-.\w]+) ready <| p/CommuniGate Pro pop3 password change daemon/ v/$1/ match pop3pw m|^\+OK ApplePasswordServer (\d[-.\w]+) password server at | p/ApplePasswordServer pop3 password change daemon/ v/$1/ +match pop3pw m|^200 Stalker Internet Password Server ready\. V\.([\w.]+)\r\n| p/Stalker Mail Server password change daemon/ v/$1/ o/Mac OS/ + match pmud m|^pmud (\d[-.\w]+) \d+\n| p|pmud| i|http://sf.net/projects/apmud| -match printer m|^lpd \[@[-.\w]+\]: Print-services are not available to your host \([-.\w]+\)\.\n| p/BSD lpd/ i/Unauthorized host/ +match printer m|^lpd \[@([-.\w]+)\]: Print-services are not available to your host \([-.\w]+\)\.\n| p/BSD lpd/ i/Unauthorized host/ h/$1/ # BSD lpr/lpd line printer spooling system (lpr v1:2000.05.07) on Linux 2.6.0-test5 -match printer m|[-.\w]+: lpd: Your host does not have line printer access\n| p|BSD/Linux lpd| i|access denied| +match printer m|([-.\w]+): lpd: Your host does not have line printer access\n| p|BSD/Linux lpd| h|$1| i|access denied| # Linux 2.4.18 lpr 2000.05.07-4.2 -match printer m|^lpd: Host name for your address \(\d+\.\d+\.\d+\.\d+\) unknown\n$| p/Linux lpd/ i/client IP must resolve/ +match printer m|^lpd: Host name for your address \(\d+\.\d+\.\d+\.\d+\) unknown\n$| p/Linux lpd/ i/client IP must resolve/ o/Linux/ match printer m|^([/\w]+/)?lpd: (.*)\n| p/lpd/ i/error: $2/ # Windows QOTD service only has 12 quotes. Found on Windows XP in @@ -516,9 +559,9 @@ match qotd m/^"(My spelling is Wobbly\.|Man can climb to the highest summits,|In match qotd m/^"(Mi ortograf\xeda tiembla\. Es bueno revisarla,|un hombre puede escalar a las m\xe1s altas cumbre|Algo maravilloso a poner de manifiesto:|Cuando un necio hace algo de lo que se aveg\xfcenza,|En el cielo, un \xe1ngel no es nadie en concreto|Traigamos unos cuantos locos ahora\.|Era tan verdad como los impuestos\. Y no|Hay libros cortos que, para entenderlos como se merecen,|La prosperidad hace amistades, y la adversidad las|El uso principal de un PC es confirmar la ley de|Quedarse en lo conocido por miedo a lo desconocido,|Cuando las leyes son injustas, no obligan en el fuero|Magia equivale a cualquier avance en la ciencia\.|Vale mejor consumir vanidades de la vida,)/ p/Windows qotd/ i/Spanish/ o/Windows/ # Some Italian qotds start with a space instead of a " match qotd m/^.(Voce dal sen fuggita|Semel in anno licet insanire|Cosa bella e mortal passa e non dura|Quando uno stupido compie qualcosa di cui si vergogna,|Se tu pagare come dici tu,|Fatti non foste a viver come bruti,|Sperare senza far niente e` come)/ p/Windows qotd/ i/Italian/ o/Windows/ -match qotd m/^"(Prazos longos sao f\xa0ceis de subscrever\.|Deus, para a felicidade do homem, inventou a f\x82 e o amor\.|Ao vencido, \xa2dio ou compaixao, ao vencedor, as batatas\.|Quem nao sabe que ao p\x82 de cada bandeira p\xa3blica,|Nao te irrites se te pagarem mal um benef\xa1cio; antes cair|A vida, como a antiga Tebas, tem cem portas\.)/ p/Windows qotd/ i/Portugese/ +match qotd m/^"(Prazos longos sao f\xa0ceis de subscrever\.|Deus, para a felicidade do homem, inventou a f\x82 e o amor\.|Ao vencido, \xa2dio ou compaixao, ao vencedor, as batatas\.|Quem nao sabe que ao p\x82 de cada bandeira p\xa3blica,|Nao te irrites se te pagarem mal um benef\xa1cio; antes cair|A vida, como a antiga Tebas, tem cem portas\.)/ p/Windows qotd/ i/Portugese/ o/Windows/ # The German version doesn't start with " -match qotd m/^(Wer wirklich Autorit\xe4t hat, wird sich nicht scheuen,|Moral ist immer die Zuflucht der Leute,|Beharrlichkeit wird zuweilen mit Eigensinn|Wer den Tag mit Lachen beginnt, hat ihn|Wenn uns keine Ausweg mehr bleibt,|Gesichter sind die Leseb\xfccher des Lebens|Grosse Ereignisse werfen mitunter ihre Schatten|Dichtung ist verpflichtet, sich nach den|Ohne Freihet geht das Leben|Liebe ist wie ein Verkehrsunfall\. Man wird angefahren)/ p/Windows qotd/ i/German/ +match qotd m/^(Wer wirklich Autorit\xe4t hat, wird sich nicht scheuen,|Moral ist immer die Zuflucht der Leute,|Beharrlichkeit wird zuweilen mit Eigensinn|Wer den Tag mit Lachen beginnt, hat ihn|Wenn uns keine Ausweg mehr bleibt,|Gesichter sind die Leseb\xfccher des Lebens|Grosse Ereignisse werfen mitunter ihre Schatten|Dichtung ist verpflichtet, sich nach den|Ohne Freihet geht das Leben|Liebe ist wie ein Verkehrsunfall\. Man wird angefahren)/ p/Windows qotd/ i/German/ o/Windows/ match qotd m/^"(Clovek ma tri cesty, jak moudre jednat\. Nejprve premyslenim|Co je vubec hodno toho, aby to bylo vykonano,|Fantazie je dulezitejsi nez vedeni\.|Potize narustaji, cim vice se clovek blizi|Kdo nezna pristav, do ktereho se chce plavit,|Lidske mysleni ztraci smysl,|Nikdo nevi, co muze vykonat,|Nic neprekvapi lidi vice nez zdravy rozum|Zadny cil neni tak vysoky,)/ p/Windows qotd/ o/Windows/ i/Czech/ match quagga m|^\r\nHello, this is quagga \(version (\d[-.\w]+)\)\.\r\nCopyright 1996-200| p/Quagga routing software/ v/$1/ i/Derivative of GNU Zebra/ @@ -529,9 +572,9 @@ match razor2 m|^sn=\w&srl=\d+&ep4=[-\w]+&a=\w&a=\w+\r\n$| p/Vipul's Razor2 anti- # 2036 (secure) by default but can be changed. # The unknown token looks like it might be signifigant but I can't # find any protocol descriptions. -Doug -match rconj m|^\0.\0\x01\0\0\0\0.*\x0b\0\0\0\0([\w-_]+)\x00437|s p/Novell rconj/ i/Unknown token: $1/ +match rconj m|^\0.\0\x01\0\0\0\0.*\x0b\0\0\0\0([\w-_]+)\x00437|s p/Novell rconj/ i/Unknown token: $1/ o/Unix/ -match resvc m|^\{0000004c\} NODEINFO \(5\) \{38\}Version: (\d[-.\w ]+) Microsoft Routing Server ready\r\n | p/Microsoft Exchange routing server/ v/$1/ +match resvc m|^\{0000004c\} NODEINFO \(5\) \{38\}Version: (\d[-.\w ]+) Microsoft Routing Server ready\r\n | p/Microsoft Exchange routing server/ v/$1/ o/Windows/ # RedHat 7.3 - rsync server version 2.5.4 protocol version 26 # Redhat Linux 7.1 @@ -540,145 +583,147 @@ match rsync m|^@RSYNCD: (\d+)| i/protocol version $1/ # Simple Asynchronous File Transfer (SAFT) -match saft m|^220 ([\w-.]+) SAFT server \(sendfiled ([\w.]+) on ([\w]+)\) ready\.\r\n| p/sendfiled/ v/$2/ i/Host $1; $3/ +match saft m|^220 ([\w-.]+) SAFT server \(sendfiled ([\w.]+) on ([\w]+)\) ready\.\r\n| p/sendfiled/ v/$2/ h/$1/ o/$3/ -match sdmsvc m|^[\xaa\xff]$| p/LANDesk Software Distribution/ i/sdmsvc.exe/ +match sdmsvc m|^[\xaa\xff]$| p/LANDesk Software Distribution/ i/sdmsvc.exe/ o/Windows/ # http://www.ietf.org/internet-drafts/draft-martin-managesieve-04.txt match sieve m|^NO Fatal error: Error initializing actions\r\n$| p|Cyrus timsieved| i|included w/cyrus imap| match sieve m|^\"IMPLEMENTATION\" \"Cyrus timsieved v(\d[-.\w]+)\"\r\n| p|Cyrus timsieved| i|included w/cyrus imap| match sftp m|^\+Shiva SFTP Service\0$| p/Shiva LanRover SFTP service/ # HP-UX B.11.00 A 9000/785 -match shell m|^\x01remshd: getservbyname\n$| p/HP-UX Remshd/ +match shell m|^\x01remshd: getservbyname\n$| p/HP-UX Remshd/ o/HP-UX/ # good SMTP banner regexps can be found here: # http://www.tty1.net/smtp-survey/measurement_en.html - -match smtp m|^220 [-/.+\w]+ SMTP AnalogX Proxy (\d[-.\w]+) \(Release\) ready\r\n| p/AnalogX SMTP proxy/ v/$1/ - -match smtp m|^220 [-/.+\w]+ MailGate ready for ESMTP on | p/MailGate smtpd/ i/Windows/ -match smtp m|^220 [-/.+\w]+ SMTP ready to roll\r\n| p/Hotmail Popper hotmail to smtp gateway/ -match smtp m|^220 [-/.+\w]+ AvMailGate-(\d[-.\w]+)\r\n| p/AvMailGate smtp anti-virus mail gateway/ v/$1/ -match smtp m|^220 ([-/.+\w]+) Internet Rex ESMTP daemon at your service\.\r\n| p/Internet Rex smtpd/ -match smtp m|^220 [-.+\w]+ ESMTP NetIQ MailMarshal \(v(\d[-.\w]+)\) Ready\r\n| p/MailMarshal/ v/$1/ +match smtp m|^220 ([-/.+\w]+) SMTP AnalogX Proxy (\d[-.\w]+) \(Release\) ready\r\n| p/AnalogX SMTP proxy/ h/$1/ v/$2/ +match smtp m|^220 ([-/.+\w]+) MailGate ready for ESMTP on | p/MailGate smtpd/ h/$1/ o/Windows/ +match smtp m|^220 ([-/.+\w]+) SMTP ready to roll\r\n| p/Hotmail Popper hotmail to smtp gateway/ h/$1/ +match smtp m|^220 ([-/.+\w]+) AvMailGate-(\d[-.\w]+)\r\n| p/AvMailGate smtp anti-virus mail gateway/ h/$1/ v/$2/ +match smtp m|^220 ([-/.+\w]+) Internet Rex ESMTP daemon at your service\.\r\n| p/Internet Rex smtpd/ h/$1/ +match smtp m|^220 ([-.+\w]+) ESMTP NetIQ MailMarshal \(v(\d[-.\w]+)\) Ready\r\n| p/MailMarshal/ h/$1/ v/$2/ # I think the revision number is different than the official product version number # Dots in Revision to prevent MY CVS from screwing it up -match smtp m|^220 [-.+\w]+ Novonyx SMTP ready \$Re..sion: ([\d.]+) \$\r\n| p|Novonyx Novell NetMail smtpd| i|Revision $1| -match smtp m|^554-[-.+\w]+\.us\r\n554 Access denied\r\n$| p/IronPort appliance mail rejector/ -match smtp m|^220 eSafe@[-.+\w]+ Service ready\r\n| p/eSafe mail gateway/ +match smtp m|^220 ([-.+\w]+) Novonyx SMTP ready \$Re..sion: *([\d.]+) *\$\r\n| p|Novonyx Novell NetMail smtpd| h|$1| v|$2| +match smtp m|^554-([-.+\w]+)\.us\r\n554 Access denied\r\n$| p/IronPort appliance mail rejector/ h/$1/ +match smtp m|^220 eSafe@([-.+\w]+) Service ready\r\n| p/eSafe mail gateway/ h/$1/ +match smtp m|^220 (\S+) ESMTP Merak (\d[^;]+);| p/Merak Mail Server smtpd/ h/$1/ v/$2/ o/Windows/ +match smtp m|^220.*?MERCUR SMTP[\s-]Server \(v([^)]+)\) for ([-.\w ]+) ready at | p/LAN-ACES MERCUR smtp server/ v/$1/ o/$2/ +match smtp m|^220 ([-.+\w]+) MasqMail (\d[-.\w]+) ESMTP\r\n| p/MasqMail smtpd/ h/$1/ v/$2/ +# Cisco NetWorks ESMTP server IOS (tm) 5300 Software (C5300-IS-M) on Cisco 5300 Access Server +match smtp m|^220 ([-.+\w]+) Cisco NetWorks ESMTP server\r\n| p/Cisco IOS NetWorks smtp server/ h/$1/ d/terminal server/ o/IOS/ +match smtp m|^220 ([-.+\w]+) Mercury/32 v(\d[-.\w]+) ESMTP server ready\.\r\n| p|Mercury/32 smtpd| h|$1| v|$2| o|Windows| +# Canon ImageRunner SMTP server (network scanner/copier/printer) +match smtp m|^220 Canon[-.\w]+ ESMTP Ready\r\n| p/Canon printer smtp server/ d/printer/ match smtp m|^220 .*?eSafe E?SMTP Service (\d\S+) ready| p/eSafe mail gateway/ v/$1/ match smtp m|^220 .*?eSafe E?SMTP Service ready| p/eSafe mail gateway/ -match smtp m|^220 \S+ ESMTP Merak (\d[^;]+);| p/Merak Mail Server smtpd/ v/$1/ i/Windows/ -match smtp m|^220.*?MERCUR SMTP[\s-]Server \(v([^)]+)\) for ([-.\w ]+) ready at | p/LAN-ACES MERCUR smtp server/ v/$1/ i/$2/ -match smtp m|^220 [-.+\w]+ MasqMail (\d[-.\w]+) ESMTP\r\n| p/MasqMail smtpd/ v/$1/ -# Cisco NetWorks ESMTP server IOS (tm) 5300 Software (C5300-IS-M) on Cisco 5300 Access Server -match smtp m|^220 [-.+\w]+ Cisco NetWorks ESMTP server\r\n| p/Cisco IOS NetWorks smtp server/ -match smtp m|^220 [-.+\w]+ Mercury/32 v(\d[-.\w]+) ESMTP server ready\.\r\n| p|Mercury/32 smtpd| v|$1| i|Win32| match smtp m|^520 Connection not authorised from this address\.\r\n| p|Mercury smtpd| i|Connection not authorised| -# Canon ImageRunner SMTP server (network scanner/copier/printer) -match smtp m|^220 Canon[-.\w]+ ESMTP Ready\r\n| p/Canon printer smtp server/ # Exim 3.36 on Linux 2.4 blocking the given IP match smtp m|^554 SMTP service not available\r\n$| p/Exim smtpd/ i/Serviced refused (IP block)/ # Jana Server 1.45 on Win98 -match smtp m|^220 Jana-Server Simple Mail Transfer Service ready\r\n| p/Jana mail server/ i/Windows/ -match smtp m|^220 <10\d+\.\d+@[-.\w]+> \[XMail (\d[-.\w]+) \(([-./\w]+)\) ESMTP Server\] service ready; | p/XMail SMTP server/ v/$1/ i/on $2/ -match smtp m|^220 [-.\w]+ FirstClass ESMTP Mail Server v(\d[-.\w]+) ready\r\n| p/FirstClass SMTP server/ v/$1/ -match smtp m|^220 [-.\w]+ AppleMailServer (\d[-.\w]+) SMTP Server Ready\r\n| p/AppleMailServer/ v/$1/ -match smtp m|^220 [-.\w]+ ESMTP CommuniGate Pro (\d[-.\w]+)\r\n| p/Communigate Pro SMTP/ v/$1/ -match smtp m|^220[- ][-.\w]+ MailSite ESMTP Receiver Version (\d[-.\w]+) Ready\r\n| p/Rockliffe MailSite/ v/$1/ -match smtp m|^220 [-.\w]+ eXtremail V(\d[-.\w]+) release (\d+) ESMTP server ready \.\.\.\r\n| p/eXtremail smtpd/ v/$1.$2/ -match smtp m|^220 Welcome to [-.\w]+ - VisNetic MailScan ESMTP Server BUILD (\d[-.\w]+)\r\n| p/VisNetic MailScan ESMTP server/ v/$1/ +match smtp m|^220 Jana-Server Simple Mail Transfer Service ready\r\n| p/Jana mail server/ o/Windows/ +match smtp m|^220 <10\d+\.\d+@([-.\w]+)> \[XMail (\d[-.\w]+) \(([-./\w]+)\) ESMTP Server\] service ready; | p/XMail SMTP server/ h/$1/ v/$2/ i/on $3/ +match smtp m|^220 ([-.\w]+) FirstClass ESMTP Mail Server v(\d[-.\w]+) ready\r\n| p/FirstClass SMTP server/ h/$1/ v/$2/ +match smtp m|^220 ([-.\w]+) AppleMailServer (\d[-.\w]+) SMTP Server Ready\r\n| p/AppleMailServer/ h/$1/ v/$2/ +match smtp m|^220 ([-.\w]+) ESMTP CommuniGate Pro (\d[-.\w]+)\r\n| p/Communigate Pro SMTP/ h/$1/ v/$2/ +match smtp m|^220[- ]([-.\w]+) MailSite ESMTP Receiver Version (\d[-.\w]+) Ready\r\n| p/Rockliffe MailSite/ h/$1/ v/$2/ +match smtp m|^220 ([-.\w]+) eXtremail V(\d[-.\w]+) release (\d+) ESMTP server ready \.\.\.\r\n| p/eXtremail smtpd/ h/$1/ v/$2.$3/ +match smtp m|^220 Welcome to ([-.\w]+) - VisNetic MailScan ESMTP Server BUILD (\d[-.\w]+)\r\n| p/VisNetic MailScan ESMTP server/ h/$1/ v/$2/ # HP Service Desk 4.5 SMTP Server -match smtp m|^220 [-.\w]+ service desk (\d[-.\w]+) SMTP Service Ready for input\.\r\n| p/HP Service Desk SMTP server/ v/$1/ +match smtp m|^220 ([-.\w]+) service desk (\d[-.\w]+) SMTP Service Ready for input\.\r\n| p/HP Service Desk SMTP server/ h/$1/ v/$2/ # VPOP3 SMTP server 2.0.0d -match smtp m|^220 [-.\w]+ VPOP3 SMTP Server Ready\r\n| p/PSCS VPOP3 mail server/ +match smtp m|^220 ([-.\w]+) VPOP3 SMTP Server Ready\r\n| p/PSCS VPOP3 mail server/ h/$1/ # CommuniGate Pro 4.1.3 on Mac OS X 10.2.6 -match smtp m|^220 [-.\w]+ ESMTP CommuniGate Pro (\d[-.\w]+) is glad to see you!\r\n| p/CommuniGate Pro mail server/ v/$1/ -match smtp m|^220[ -][-.\w]+ ESMTP MDaemon (\d[-.\w]+); | p/Alt-N MDaemon mail server/ v/$1/ -match smtp m/^220 [-.+\w]+ \(IMail ([^)]+)\) NT-ESMTP Server/ p/IMail NT-ESMTP/ v/$1/ -match smtp m/^220 X1 NT-ESMTP Server [-.+\w]+ \(IMail ([^)]+)\)\r\n/ p/IMail NT-ESMTP/ v/$1/ -match smtp m/^220-[-.+\w]+ Microsoft SMTP MAIL ready at.*Version: ([-\w.]+)\r\n/ p/Microsoft SMTP/ v/$1/ -match smtp m/^220 [-.+\w]+ Microsoft ESMTP MAIL Service, Version: ([-\w.]+) ready/ p/Microsoft ESMTP/ v/$1/ -match smtp m/^220 [-.+\w]+ ESMTP Server \(Microsoft Exchange Internet Mail Service ([-\w.]+)\) ready/ p/Microsoft Exchange/ v/$1/ -match smtp m|^220[\s-]\S+ E?SMTP Sendmail (\d[^; ]+)| p/Sendmail/ v/$1/ -match smtp m|^220[\s-]\S+ Sendmail (SMI-\S+) ready at .*\r\n$| p/Sendmail/ v/$1/ -match smtp m/^220[- ][^\r\n]+ ESMTP Exim (V?\d\S+)/ p/Exim smtpd/ v/$1/ +match smtp m|^220 ([-.\w]+) ESMTP CommuniGate Pro (\d[-.\w]+) is glad to see you!\r\n| p/CommuniGate Pro mail server/ h/$1/ v/$2/ +match smtp m|^220[ -]([-.\w]+) ESMTP MDaemon (\d[-.\w]+); | p/Alt-N MDaemon mail server/ h/$1/ v/$2/ +match smtp m/^220 ([-.+\w]+) \(IMail ([^)]+)\) NT-ESMTP Server/ p/IMail NT-ESMTP/ h/$1/ v/$2/ o/Windows/ +match smtp m/^220 X1 NT-ESMTP Server ([-.+\w]+) \(IMail ([^)]+)\)\r\n/ p/IMail NT-ESMTP/ h/$1/ v/$2/ o/Windows/ +match smtp m/^220-([-.+\w]+) Microsoft SMTP MAIL ready at.*Version: ([-\w.]+)\r\n/ p/Microsoft SMTP/ h/$1/ v/$2/ o/Windows/ +match smtp m/^220 ([-.+\w]+) Microsoft ESMTP MAIL Service, Version: ([-\w.]+) ready/ p/Microsoft ESMTP/ h/$1/ v/$2/ o/Windows/ +match smtp m/^220 ([-.+\w]+) ESMTP Server \(Microsoft Exchange Internet Mail Service ([-\w.]+)\) ready/ p/Microsoft Exchange/ h/$1/ v/$2/ o/Windows/ +match smtp m|^220([\s-]\S+) E?SMTP Sendmail (\d[^; ]+)| p/Sendmail/ h/$1/ v/$2/ o/Unix/ +match smtp m|^220([\s-]\S+) Sendmail (SMI-\S+) ready at .*\r\n$| p/Sendmail/ h/$1/ v/$2/ o/Unix/ +match smtp m/^220([- ][^\r\n]+) ESMTP Exim (V?\d\S+)/ p/Exim smtpd/ h/$1/ v/$2/ +match smtp m/^220 CheckPoint FireWall-1 secure ESMTP server\r\n$/ p/Checkpoint FireWall-1 smtpd/ d/firewall/ +match smtp m/^220 CheckPoint FireWall-1 secure SMTP server\r\n$/ p/Checkpoint FireWall-1 smtpd/ d/firewall/ +match smtp m|^220 ([-.+\w]+) running IBM AS/400 SMTP V([\w]+)| p|IBM AS/400 smtpd| h|$1| v|$2| +match smtp m|^220 ([-.+\w]+) ESMTP MailEnable Service, Version: (\d[.\w]+)-- ready at | p/MailEnable smptd/ h/$1/ v/$2/ +match smtp m/^220 ([-.+\w]+) ESMTP Mail Enable SMTP Service, Version: (\d[\w.]+)-- ready at/ p/MailEnable smptd/ h/$1/ v/$2/ +match smtp m/^220 ([-.+\w]+) ESMTP CPMTA-([-.+\w]+) - NO UCE\r\n/ p/CPMTA/ h/$1/ v/$2/ i/qmail-derived/ +match smtp m|^220 ([-.+\w]+) SMTP/smap Ready\.\r\n| p/Smap/ i/from firewall toolkit/ h/$1/ +match smtp m|^220 ([-.+\w]+) ESMTP service \(Netscape Messaging Server ([-.+ \w]+) \(built| p/Netscape Messaging Server/ h/$1/ v/$2/ +match smtp m|^220-InterScan Version (\S+) .*Ready\r\n220 ([-.+\w]+) NTMail \(v([-.+\w]+)/.* ready| p/Trend Micro InterScan/ h/$1/ v/$2/ i/on NTMail $3/ o/Windows/ +match smtp m|^220 ([-.\w]+) InterScan VirusWall NT ESMTP (\d[-.\w]+) \(build (\d+)\) ready at | p/Trend Micro InterScan VirusWall SMTP/ h/$1/ v/$2 build $3/ o/Windows/ +match smtp m|^220 ([-.+\w]+) GroupWise Internet Agent (\S+) .*Novell, Inc\..*Ready\r\n| p/Novell GroupWise/ h/$1/ v/$2/ match smtp m|^220 \S+ \S+ ESMTP receiver fssmtpd(\d+) ready| p/fssmtpd/ v/$1/ match smtp m/Failed to open configuration file.*exim/ p/Exim smtpd/ i/broken/ -match smtp m/^220 CheckPoint FireWall-1 secure ESMTP server\r\n$/ p/Checkpoint FireWall-1 smtpd/ -match smtp m/^220 CheckPoint FireWall-1 secure SMTP server\r\n$/ p/Checkpoint FireWall-1 smtpd/ -match smtp m|^220 [-.+\w]+ running IBM AS/400 SMTP V([\w]+)| p|IBM AS/400 smtpd| v|$1| match smtp m/^220 Trend Micro ESMTP ([-.+\w]+) ready\.\r\n$/ p/Trend Micro ESMTP/ v/$1/ -match smtp m|^220 [-.+\w]+ ESMTP MailEnable Service, Version: (\d[.\w]+)-- ready at | p/MailEnable smptd/ v/$1/ -match smtp m/^220 [-.+\w]+ ESMTP Mail Enable SMTP Service, Version: (\d[\w.]+)-- ready at/ p/MailEnable smptd/ v/$1/ -match smtp m/^220 [-.+\w]+ ESMTP CPMTA-([-.+\w]+) - NO UCE\r\n/ p/CPMTA/ v/$1/ i/qmail-derived/ -match smtp m|^220 [-.+\w]+ SMTP/smap Ready\.\r\n| p/Smap/ i/from firewall toolkit/ -match smtp m|^220 [-.+\w]+ ESMTP service \(Netscape Messaging Server ([-.+ \w]+) \(built| p/Netscape Messaging Server/ v/$1/ -match smtp m|^220-InterScan Version (\S+) .*Ready\r\n220 [-.+\w]+ NTMail \(v([-.+\w]+)/.* ready| p/Trend Micro InterScan/ v/$1/ i/on NTMail $2/ -match smtp m|^220 [-.\w]+ InterScan VirusWall NT ESMTP (\d[-.\w]+) \(build (\d+)\) ready at | p/Trend Micro InterScan VirusWall SMTP/ v/$1 build $2/ -match smtp m|^220 [-.+\w]+ GroupWise Internet Agent (\S+) .*Novell, Inc\..*Ready\r\n| p/Novell GroupWise/ v/$1/ match smtp m|^220 Matrix SMTP Mail Server v([\w.]+) on Simple Mail Transfer Service Ready\r\n| p/Matrix SMTP Mail Server/ v/$1/ i/on Matrix $2/ -match smtp m|^220 \S+ WebShield SMTP V(\d\S.*?) Network Associates, Inc\. Ready at| p/Network Associates WebShield/ v/$1/ -match smtp m|^220 \S+ WebShielde250/SMTP Ready.| p/WebShielde250 smtpd/ -match smtp m|^220 [-.+\w]+ ESMTP MailMasher ready to boogie\r\n| p/MailMasher smtpd/ + +match smtp m|^220(\S+) WebShield SMTP V(\d\S.*?) Network Associates, Inc\. Ready at| p/Network Associates WebShield/ h/$1/ v/$2/ +match smtp m|^220(\S+) WebShielde(\w+)/SMTP Ready.| p/WebShielde$2 smtpd/ h/$1/ +match smtp m|^220 ([-.+\w]+) ESMTP MailMasher ready to boogie\r\n| p/MailMasher smtpd/ h/$1/ # 220 example.com ESMTP Postfix (2.0.13) (Mandrake Linux) -match smtp m|^220 [-.\w]+ ESMTP Postfix \(([-.\w]+)\) \(([-.\w ]+)\)| p/Postfix smtpd/ v/$1/ i/$2/ +match smtp m|^220 ([-.\w]+) ESMTP Postfix \(([-.\w]+)\) \(([-.\w ]+)\)| p/Postfix smtpd/ h/$1/ v/$2/ i/$3/ # postfix 1.1.11-0.woody2 -match smtp m|^220[\s-]\S+ ESMTP Postfix| p/Postfix smtpd/ -match smtp m|^220 [\*\d\ ]{10,300}\r\n| p|Cisco PIX sanatized smtpd| -match smtp m|^220 ArGoSoft Mail Server Pro for WinNT/2000/XP, Version [-.\w]+ \(([-.\w]+)\)\r\n| p/ArGoSoft Mail Server Pro/ v/$1/ i/Win32/ -match smtp m|^220 ([\w-.]+) ArGoSoft Mail Server Pro for WinNT/2000/XP, Version [\d.]+ \(([\d.]+)\)\r\n| p/ArGoSoft Mail Server Pro/ v/$2/ i/Host $1; Win32/ -match smtp m|^220 ([\w-.]+) ArGoSoft Mail Server, Version [\d.]+ \(([\d.]+)\)\r\n| p/ArGoSoft Mail Server/ v/$2/ i/Host $1/ -match smtp m|^220 [-.\w]+ ESMTP server \(Post.Office v([-.\w]+) release ([-.\w]+) ID# | p/Post.Office/ v/$1 release $2/ -match smtp m|^220 [-.\w]+ ESMTP VisNetic.MailServer.v([-.\w]+); | p/VisNetic MailServer/ v/$1/ +match smtp m|^220([\s-]\S+) ESMTP Postfix| p/Postfix smtpd/ h/$1/ +match smtp m|^220 [\*\d\ ]{10,300}\r\n| p|Cisco PIX sanatized smtpd| d|firewall| +match smtp m|^220 ArGoSoft Mail Server Pro for WinNT/2000/XP, Version ([-.\w]+) \(([-.\w]+)\)\r\n| p/ArGoSoft Mail Server Pro/ v/$1/ i/$2/ o/Windows/ +match smtp m|^220 ([\w-.]+) ArGoSoft Mail Server Pro for WinNT/2000/XP, Version [\d.]+ \(([\d.]+)\)\r\n| p/ArGoSoft Mail Server Pro/ v/$2/ h/$1/ o/Windows/ +match smtp m|^220 ([\w-.]+) ArGoSoft Mail Server, Version [\d.]+ \(([\d.]+)\)\r\n| p/ArGoSoft Mail Server/ v/$2/ h/$1/ +match smtp m|^220 ([-.\w]+) ESMTP server \(Post.Office v([-.\w]+) release ([-.\w]+) ID# | p/Post.Office/ h/$1/ v/$2 release $3/ +match smtp m|^220 ([-.\w]+) ESMTP VisNetic.MailServer.v([-.\w]+); | p/VisNetic MailServer/ h/$1/ v/$2/ # CommuniGate Pro 4.0.5 -match smtp m|^220 [-.\w]+ ESMTP Service. Welcome.\r\n$| p/CommuniGate Pro smtpd/ -match smtp m|^220 [-.\w]+ Process Software ESMTP service V([-.\w]+) ready| p/Process Software smtpd/ v/$1/ i/on OpenVMS/ -match smtp m|^220 [-.\w]+ Mercury (\d[-.\w]+) ESMTP server ready\.\r\n$| p/Mercury Mail smtpd/ v/$1/ -match smtp m|^220 [-.\w]+ ESMTP Service \(Lotus Domino Release (\d[-.\w]+)\) ready at | p/Lotus Domino smtpd/ v/$1/ +match smtp m|^220 ([-.\w]+) ESMTP Service. Welcome.\r\n$| p/CommuniGate Pro smtpd/ h/$1/ +match smtp m|^220 ([-.\w]+) Process Software ESMTP service V([-.\w]+) ready| p/Process Software smtpd/ h/$1/ v/$2/ o/OpenVMS/ +match smtp m|^220 ([-.\w]+) Mercury (\d[-.\w]+) ESMTP server ready\.\r\n$| p/Mercury Mail smtpd/ h/$1/ v/$2/ +match smtp m|^220 ([-.\w]+) ESMTP Service \(Lotus Domino Release (\d[-.\w]+)\) ready at | p/Lotus Domino smtpd/ h/$1/ v/$2/ +match smtp m|^220 ([-.\w]+) WebSTAR Mail Simple Mail Transfer Service Ready\r\n| p/WebSTAR SMTP server/ h/$1/ +match smtp m|^220 ([-.\w]+) Lotus SMTP MTA Service Ready\r\n$| p/Lotus Notes SMTP/ h/$1/ +match smtp m|^220 ([-.\w]+) SMTP NAVGW (\d[-.\w]+);| p/Norton Antivirus Gateway NAVGW/ h/$1/ v/$2/ +match smtp m|^220 ([-.\w]+) Kerio MailServer (\d[-.\w]+) ESMTP ready\r\n$| p/Kerio MailServer/ h/$1/ v/$2/ +match smtp m|^220 YSmtp(\S+) ESMTP service ready| p/Yahoo! smtpd/ h/$1/ +match smtp m|^220(\S+) GMX Mailservices ESMTP| p/GMX smtpd/ h/$1/ +match smtp m|^220(\S+) ESMTP MailMax (\d[-.\w\d]+)| p/MailMax smtpd/ h/$1/ v/$2/ +match smtp m|^220(\S+) ESMTP WEB.DE V([^\s\;]+)| p/Web.de smtpd/ h/$1/ v/$2/ match smtp m|^relaylock: Error: PRODUCT_ROOT_D not defined\nrelaylock: Error: PRODUCT_ROOT_D not defined\n1\n$| p/Plesk relaylock smtp wrapper/ i/broken/ -match smtp m|^220 [-.\w]+ WebSTAR Mail Simple Mail Transfer Service Ready\r\n| p/WebSTAR SMTP server/ -match smtp m|^220 [-.\w]+ Lotus SMTP MTA Service Ready\r\n$| p/Lotus Notes SMTP/ -match smtp m|^220 [-.\w]+ SMTP NAVGW (\d[-.\w]+);| p/Norton Antivirus Gateway NAVGW/ v/$1/ -match smtp m|^220 [-.\w]+ Kerio MailServer (\d[-.\w]+) ESMTP ready\r\n$| p/Kerio MailServer/ v/$1/ -match smtp m|^220 YSmtp \S+ ESMTP service ready| p/Yahoo! smtpd/ match smtp m|^220 Compuserve Office Mail Service \(lnxc-(\d+)\) ESMTP| p/Compuserve smtpd/ v/$1/ -match smtp m|^220 \S+ GMX Mailservices ESMTP| p/GMX smtpd/ -match smtp m|^220 \S+ ESMTP MailMax (\d[-.\w\d]+)| p/MailMax smtpd/ v/$1/ -match smtp m|^220 \S+ ESMTP WEB.DE V([^\s\;]+)| p/Web.de smtpd/ v/$1/ match smtp m|^220 Welcome to Nemesis ESMTP server on \S+| p/Nemesis smtpd/ match smtp m|^220 Welcome to the INDY SMTP Server\r\n$| p/INDY smtpd/ match smtp m|^220 Postini E?SMTP (\d+) [\w\d_\+-]+ ready| p/Postini smtpd/ v/$1/ -match smtp m|^220 [\w\d-]+\.hotmail\.com Sending unsolicited commercial| p/Hotmail smtpd/ -match smtp m|^220[-\s]\S+ \(IntraStore TurboSendmail\) E?SMTP Service ready| p/TurboSendmail smtpd/ -match smtp m|^220[-\s]\S+ E?SMTP Mirapoint (\d[^\;]+);| p/Mirapoint smtpd/ v/$1/ -match smtp m|^220[-\s]\S+ Trend Micro InterScan Messaging Security Suite, Version: (\d\S+) ready| p/Trend Micro InterScan smtpd/ v/$1/ -match smtp m|^220[-\s]\S+.*?Server ESMTP \(iPlanet Messaging Server (\d[^\(\)]+)| p/Sun iPlanet smtdp/ v/$1/ -match smtp m|^220[-\s]\S+ running Eudora Internet Mail Server X (\d\S+)| p/Eudora smtpd/ v/$1/ -match smtp m|^220 \S+ - Maillennium E?SMTP| p/Maillennium smtpd/ -match smtp m|^220 \S+.*?SMTP \(Sun Internet Mail Server sims.(\d[^\)]+)\)| p/Sun sims smtpd/ v/$1/ -match smtp m|^220 \S+ ESMTP qpsmtpd (\d\S+) ready;| p/qpsmtpd/ v/$1/ -match smtp m|^220 \S+ ESMTP XWall v(\d\S+)| p/XWall smtpd/ v/$1/ -match smtp m|^220 \S+ ESMTP Service \(Worldmail (\d[^\)]+)\) ready| p/Worldmail smtpd/ v/$1/ -match smtp m|^220 \S+ eMail Sentinel (\d+) ESMTP Service ready| p/eMail Sentinel smtpd/ v/$1/ -match smtp m|^220 \S+ ESMTP mxl_mta-(\d[^\;]+);| p/mxl smtpd/ v/$1/ -match smtp m|^220 \S+ -- Server ESMTP \(SUN JES MTA 6\.x\)| p/SUN JES smtpd/ v/6.x/ -match smtp m|^220 \S+ Service ready by DvISE PostMan \((\d+)\) ESMTP Server| p/DvISE PostMan smtpd/ v/$1/ -match smtp m|^220 \S+ F-Secure Anti-Virus for Internet Mail ready| p/F-Secure AV SMTP Proxy/ -match smtp m|^220 \S+ Welcome to SpamFilter for ISP SMTP Server v(\d\S+)| p/LogSat SMTP Proxy/ v/$1/ +match smtp m|^220 ([\w\d-]+)\.hotmail\.com Sending unsolicited commercial| p/Hotmail smtpd/ h/$1/ +match smtp m|^220([-\s]\S+) \(IntraStore TurboSendmail\) E?SMTP Service ready| p/TurboSendmail smtpd/ h/$1/ +match smtp m|^220([-\s]\S+) E?SMTP Mirapoint (\d[^\;]+);| p/Mirapoint smtpd/ h/$1/ v/$2/ +match smtp m|^220([-\s]\S+) Trend Micro InterScan Messaging Security Suite, Version: (\d\S+) ready| p/Trend Micro InterScan smtpd/ h/$1/ v/$2/ +match smtp m|^220([-\s]\S+).*?Server ESMTP \(iPlanet Messaging Server (\d[^\(\)]+)| p/Sun iPlanet smtpd/ h/$1/ v/$2/ +match smtp m|^220([-\s]\S+) running Eudora Internet Mail Server X (\d\S+)| p/Eudora smtpd/ h/$1/ v/$2/ +match smtp m|^220(\S+) - Maillennium E?SMTP| p/Maillennium smtpd/ h/$1/ +match smtp m|^220 (\S+).*?SMTP \(Sun Internet Mail Server sims.(\d[^\)]+)\)| p/Sun sims smtpd/ h/$1/ v/$2/ +match smtp m|^220(\S+) ESMTP qpsmtpd (\d\S+) ready;| p/qpsmtpd/ h/$1/ v/$2/ +match smtp m|^220(\S+) ESMTP XWall v(\d\S+)| p/XWall smtpd/ h/$1/ v/$2/ +match smtp m|^220(\S+) ESMTP Service \(Worldmail (\d[^\)]+)\) ready| p/Worldmail smtpd/ h/$1/ v/$2/ +match smtp m|^220(\S+) eMail Sentinel (\d+) ESMTP Service ready| p/eMail Sentinel smtpd/ v/$1/ +match smtp m|^220(\S+) ESMTP mxl_mta-(\d[^\;]+);| p/mxl smtpd/ h/$1/ v/$2/ +match smtp m|^220(\S+) -- Server ESMTP \(SUN JES MTA 6\.x\)| p/SUN JES smtpd/ h/$1/ v/6.x/ +match smtp m|^220(\S+) Service ready by DvISE PostMan \((\d+)\) ESMTP Server| p/DvISE PostMan smtpd/ h/$1/ v/$2/ +match smtp m|^220(\S+) F-Secure Anti-Virus for Internet Mail ready| p/F-Secure AV SMTP Proxy/ h/$1/ +match smtp m|^220(\S+) Welcome to SpamFilter for ISP SMTP Server v(\d\S+)| p/LogSat SMTP Proxy/ h/$1/ v/$2/ match smtp m|^220-TrendMicro IMSS SMTP proxy\r\n| p/TrendMicro SMTP Proxy/ -match smtp m|^220 \S+ ESMTP server \(InterMail v(\S+)| p/InterMail smtpd/ v/$1/ -match smtp m|^220 \S+ -- Server ESMTP \(Sun Java System Messaging Server (\d[^\(\)]+)| p/SUN JSMS smtpd/ v/$1/ +match smtp m|^220(\S+) ESMTP server \(InterMail v(\S+)| p/InterMail smtpd/ h/$1/ v/$2/ +match smtp m|^220(\S+) -- Server ESMTP \(Sun Java System Messaging Server (\d[^\(\)]+)| p/SUN JSMS smtpd/ h/$1/ v/$2/ match smtp m|^220 jMailer SMTP Server\r\n$| p/jMailer smtpd/ match smtp m/^220[- ][^ ]+ Smail-([^ ]+) .*ESMTP/s p/Smail-ESMTP/ v/$1/ match smtp m/^220[- ][^ ]+ Smail-([^ ]+) / p/Smail/ v/$1/ -match smtp m|^220 ([\w.-_]+) Novonyx SMTP ready \$Revision$\r\n| p/Novell Novonyx smtpd/ v/$2/ h/$1/ match smtp m|^220 \[([\w-_.]+)\] ESMTP amavisd-new service ready\r\n| p/amavisd smtpd/ h/$1/ +match smtp m/^220 SMTP-Server Classic Hamster (Vr\.|Version) [\d.]+ \(Build ([\d.]+)\)\r\n/ p/Classic Hamster smtpd/ v/$2/ o/Windows/ +match smtp m|^220-Stalker Internet Mail Server V.([\w.]+) is ready\.\r\n| p/Stalker smtpd/ v/$1/ o/Mac OS/ +match smtp m|^220 ([\w-_.]+) ESMTP MailMax ([\d.]+) [A-Z][a-z][a-z].*\r\n| p/MailMax smtpd/ v/$2/ h/$1/ o/Windows/ + softmatch smtp m|^220[\s-].*?E?SMTP[^\r]*\r\n| -match snpp m|^220 [-.\w]+ SNPP server \(HylaFAX \(tm\) Version ([-.\w]+)\) ready.\r\n| p/HylaFAX SNPP/ v/$1/ +match snpp m|^220 ([-.\w]+) SNPP server \(HylaFAX \(tm\) Version ([-.\w]+)\) ready.\r\n| p/HylaFAX SNPP/ h/$1/ v/$2/ match snpp m|^220 QuickPage v(\d[-.\w]+) SNPP server ready at | p/QuickPage SNPP/ v/$1/ match sourceoffice m|^200\r\nProtocol-Version:(\d[.\d]+)\r\nMessage-ID:\d+\r\nDatabase .*\r\nContent-Length:\d+\r\n\r\n(\w:\\.*ini)\r\n\r\n| p/Sourcegear SourceOffSite/ i/Protocol $1; INI file: $2/ @@ -704,76 +749,78 @@ match ssh m|^SSH-(\d[.\d]+)-VShell_(\d[._\d]+) VShell\r\n$| p/VanDyke VShell/ v/ match ssh m/^SSH-([.\d]+)-(\d[-.\w]+) sshlib: WinSSHD (\d[-.\w]+)\r\n/ p/Bitvise WinSSHD/ v/$3/ i/protocol $1/ # Cisco VPN 3000 Concentrator # Cisco VPN Concentrator 3005 - Cisco Systems, Inc./VPN 3000 Concentrator Version 4.0.1.B Jun 20 2003 -match ssh m/^SSH-([.\d]+)-OpenSSH\n$/ p/OpenSSH/ i/protocol $1/ -match ssh m/^SSH-([.\d]+)-([.\d]+) Radware\n$/ p/Radware Linkproof SSH/ v/$2/ i/protocol $1/ -match ssh m|^SSH-1\.5-X\n| p/Cisco VPN Concentrator SSHd/ i/protocol 1.5/ +match ssh m/^SSH-([.\d]+)-OpenSSH\n$/ p/OpenSSH/ i/protocol $1/ d/terminal server/ +match ssh m/^SSH-([.\d]+)-([.\d]+) Radware\n$/ p/Radware Linkproof SSH/ v/$2/ i/protocol $1/ d/terminal server/ +match ssh m|^SSH-1\.5-X\n| p/Cisco VPN Concentrator SSHd/ i/protocol 1.5/ d/terminal server/ softmatch ssh m/^SSH-([.\d]+)-/ # Redhat Linux 7.1 - HAHAHAHAHAHA!!!! I love this service :) -match systat m|^USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND\n| p/Linux systat/ +match systat m|^USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND\n| p/Linux systat/ o/Linux/ # Draytek Vigor 2600 aDSL router -match telnet m|^\xff\xfd\x18\xff\xfb\x01\n\r\n\rPassword: | p/Draytek Vigor aDSL router telnetd/ +match telnet m|^\xff\xfd\x18\xff\xfb\x01\n\r\n\rPassword: | p/Draytek Vigor aDSL router telnetd/ d/broadband router/ # IBM Infoprint 12 printer with JetDirect -match telnet m|^\xff\xfc\x01\r\nPlease type \[Return\] two times, to initialize telnet configuration\r\nFor HELP type \"\?\"\r\n> | p/HP JetDirect printer telnetd/ +match telnet m|^\xff\xfc\x01\r\nPlease type \[Return\] two times, to initialize telnet configuration\r\nFor HELP type \"\?\"\r\n> | p/HP JetDirect printer telnetd/ d/printer/ +# HP JetDirect 300X print server +match telnet m|^\xff\xfc\x01\r\nHP JetDirect\r\n\r\nPassword:$| p/HP JetDirect printer telnetd/ d/printer/ # IBM High Performace Switch - Model 8275-416, Software version 1.1, Manufacturer IBM068 match telnet m|^\x1b\[1;1H\x1b\[2J\x1b\[8;38H\x1b\[1;1H\x1b\[2;1H\(C\) Copyright IBM Corp\. 1999\x1b\[3;1HAll Rights Reserved\.| p/IBM switch telnetd/ match telnet m|^\x1b\[H\x1b\[2JYou have connected to a FirstClass System\. Please login\.\.\.\r\nUserID: | p/FirstClass messaging system telnetd/ # Cisco Catalyst management console # 3Com 3Com SuperStack II Switch 3300 -match telnet m|^\xff\xfd\x03\xff\xfb\x03\xff\xfb\x01| i|Usually a Cisco/3com switch| -match telnet m|^\xff\xfb\x03\xff\xfb\x01\r\nSun\(tm\) Advanced Lights Out Manager (\d[-.\w]+) \(v(\d+)\)\r\n\r\nPlease login: | p/Sun Advanced Lights Out Manager/ v/$1/ i/on Sun v$2; for remote system control/ +match telnet m|^\xff\xfd\x03\xff\xfb\x03\xff\xfb\x01| i|Usually a Cisco/3com switch| d|switch| +match telnet m|^\xff\xfb\x03\xff\xfb\x01\r\nSun\(tm\) Advanced Lights Out Manager (\d[-.\w]+) \(v(\d+)\)\r\n\r\nPlease login: | p/Sun Advanced Lights Out Manager/ v/$1/ i/on Sun v$2; for remote system control/ d/remote management/ # Epson Stylus Color 900N telnet -match telnet m|^\xff\xfb\x01\xff\xfb\x01Connected to [-/.+\w]+!\r\n\r\nPassword: | p/Epson printer telnetd/ +match telnet m|^\xff\xfb\x01\xff\xfb\x01Connected to [-/.+\w]+!\r\n\r\nPassword: | p/Epson printer telnetd/ d/printer/ # This one may not technically be considered telnet protocol, but you seem to use it via telnet match telnet m|^220 SL4NT viewer service ready\r\n250 Currently connected channels: | p/Netal SLANT viewer/ match telnet m|^\xff\xfb\x03\xff\xfb\0\xff\xfb\0\xff\xfd\0\xff.*\r\rFrontDoor (\d[-.\w]+)/|s p/FrontDoor FIDONet Mailer telnetd/ v/$1/ -match telnet m|^\xff\xfb\x01\xff\xfb\x03\r\nOK\r\n$| p/Motorola Vanguard router telnetd/ +match telnet m|^\xff\xfb\x01\xff\xfb\x03\r\nOK\r\n$| p/Motorola Vanguard router telnetd/ d/router/ match telnet m|^\xff\xfb\x03\xff\xfd\x03\xff\xfc\x06.*\nPrecidia Technologies\r\n([-.+\w]+) Remote Configuration\r\n\nPassword\? |s p/Precidia serial2ethernet gateway telnetd/ i/model $1/ -match telnet m|^\xff\xfb\x01.*\n\rWelcome to the Xylan PizzaSwitch! Version (\d[-.\w]+)\n\rlogin : |s p/Xylan PizzaSwitch telnetd/ v/$1/ +match telnet m|^\xff\xfb\x01.*\n\rWelcome to the Xylan PizzaSwitch! Version (\d[-.\w]+)\n\rlogin : |s p/Xylan PizzaSwitch telnetd/ v/$1/ d/switch/ # Bay Networks Accelar 1100 (version 2.0.5.5) switch -match telnet m|^\xff\xfb\x01\r\n\r\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\n\r\r\* Bay Networks,Inc\..*(Accelar [-.+\w]+).*Software Release (\d[-.\w]+) |s p/Bay Networks Accelar switch telnetd/ v/$2/ i/$1/ -match telnet m|^\xff\xfb\x01\r\n\r\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\n\r\r\* Nortel Networks,Inc\..*\n\r\r\* Passport ([-.\w]+) .*\r\* Software Release (\d[-.\w]+) |s p/Nortel Networks Passport switch telnetd/ v/$2/ i/Passport $1/ +match telnet m|^\xff\xfb\x01\r\n\r\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\n\r\r\* Bay Networks,Inc\..*(Accelar [-.+\w]+).*Software Release (\d[-.\w]+) |s p/Bay Networks Accelar switch telnetd/ v/$2/ i/$1/ d/switch/ +match telnet m|^\xff\xfb\x01\r\n\r\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\n\r\r\* Nortel Networks,Inc\..*\n\r\r\* Passport ([-.\w]+) .*\r\* Software Release (\d[-.\w]+) |s p/Nortel Networks Passport switch telnetd/ v/$2/ i/Passport $1/ d/switch/ # NCD Thinstar 300 running NCD Software 2.31 build 6 -match telnet m|^\xff\xfb\x03\xff\xfd\x03\xff\xfb\x01WinCE/WBT Command Shell Version (\d[-.\w]+)\r\nSerial Number: (\w+) MAC Address: 0000(\w+)\r\nUUID: [-\w]+\r\nPassword: | p/NCD Thinster terminal command shell/ v/$1/ i/Serial# $2; MAC $3/ +match telnet m|^\xff\xfb\x03\xff\xfd\x03\xff\xfb\x01WinCE/WBT Command Shell Version (\d[-.\w]+)\r\nSerial Number: (\w+) MAC Address: 0000(\w+)\r\nUUID: [-\w]+\r\nPassword: | p/NCD Thinster terminal command shell/ v/$1/ i/Serial# $2; MAC $3/ d/terminal/ # Netopia 4542 aDSL router telnetd -match telnet m|^\xff\xfb\x01\xff\xfd\x03\xff\xfb\x03\x1b\[2J\x1b\[Hname:| p/Netopia aDSL router telnetd/ +match telnet m|^\xff\xfb\x01\xff\xfd\x03\xff\xfb\x03\x1b\[2J\x1b\[Hname:| p/Netopia aDSL router telnetd/ d/broadband router/ # NetportExpress PRO/100 3 port print server -match telnet m|^\xff\xfb\x01\r\nNetportExpress\(tm\) ([-/.+\w]+)\r\n.*\r\n\r\nlogin: | p/Intel NetportExpress print server telnetd/ i/Model $1/ +match telnet m|^\xff\xfb\x01\r\nNetportExpress\(tm\) ([-/.+\w]+)\r\n.*\r\n\r\nlogin: | p/Intel NetportExpress print server telnetd/ i/Model $1/ d/print server/ # 3Com OfficeConnect 812 Router telnetd -match telnet m|^login: \xff\xfd\x03\xff\xfb\x03\xff\xfb\x01| p/3Com OfficeConnect router telnetd/ +match telnet m|^login: \xff\xfd\x03\xff\xfb\x03\xff\xfb\x01| p/3Com OfficeConnect router telnetd/ d/router/ # Nortel Networks Instant Internet 100 -match telnet m|^\xff\xfb\x01\r\npassword: | p/Nortel Networks Instant Internet broadband router telnetd/ +match telnet m|^\xff\xfb\x01\r\npassword: | p/Nortel Networks Instant Internet broadband router telnetd/ d/broadband router/ # Network Appliance ONTAP 6.3.3 telnet match telnet m|^\xff\xfb\x01\xff\xfd\x18\xff\xfd#| p/Network Appliance Ontap telnetd/ # Netgear RP114 broadband router -match telnet m|^\xff\xfb\x03\xff\xfb\x01\r\nPassword: | p/Netgear broadband router admin telnetd/ +match telnet m|^\xff\xfb\x03\xff\xfb\x01\r\nPassword: | p/Netgear broadband router admin telnetd/ d/broadband router/ match telnet m|\xff\xfd\x18\xff\xfb\x01\x1b\[2J\x1b\[\?7l\x1b.*HP ([-.\w]+) ProCurve Switch ([-.\w]+)\r\n\rFirmware revision ([-.\w]+)\r\n\r\r| p/HP ProCurve Switch telnetd/ i/Model: $2; Firmware: $3/ match telnet m|^Check Point FireWall-1 Client Authentication Server running on [-.\w]+\r\n\r\xff\xfb\x01\xff\xfe\x01\xff\xfb\x03User: | p/Check Point FireWall-1 Client Authenticaton Server/ # Enterasys XP-8600 running E9.0.5.0 -match telnet m|^\xff\xfb\x03\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x05\xff\xfd!| p/Enterasys XSR Security Router telnetd/ +match telnet m|^\xff\xfb\x03\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x05\xff\xfd!| p/Enterasys XSR Security Router telnetd/ d/router/ # Windows 2000 telnetd -match telnet m|^\xff\xfd%\xff\xfb\x01\xff\xfd\x03\xff\xfd\x1f\xff\xfd\0\xff\xfb\0$| p/Microsoft Windows 2000 telnetd/ -match telnet m|^\xff\xfb\x01\xff\xfd\x03\xff\xfd\x1f\xff\xfd\0\xff\xfb\0Microsoft \(R\) Windows \(TM\) Version (\d[-.\w]+) \(Build (\d+)\)\r\nWelcome to Microsoft Telnet Service \r\nTelnet Server Build (\d[-.\w]+)\n\rlogin: | p/Microsoft Windows telnetd/ v/$3/ i/OS version $1 build $2/ +match telnet m|^\xff\xfd%\xff\xfb\x01\xff\xfd\x03\xff\xfd\x1f\xff\xfd\0\xff\xfb\0$| p/Microsoft Windows 2000 telnetd/ o/Windows 2000/ +match telnet m|^\xff\xfb\x01\xff\xfd\x03\xff\xfd\x1f\xff\xfd\0\xff\xfb\0Microsoft \(R\) Windows \(TM\) Version (\d[-.\w]+) \(Build (\d+)\)\r\nWelcome to Microsoft Telnet Service \r\nTelnet Server Build (\d[-.\w]+)\n\rlogin: | p/Microsoft Windows telnetd/ v/$3/ i/OS version $1 build $2/ o/Windows/ # Windows XP telnetd -match telnet m|^\xff\xfd%\xff\xfb\x01\xff\xfb\x03\xff\xfd'\xff\xfd\x1f\xff\xfd\0\xff\xfb\0| p/Microsoft Windows XP telnetd/ +match telnet m|^\xff\xfd%\xff\xfb\x01\xff\xfb\x03\xff\xfd'\xff\xfd\x1f\xff\xfd\0\xff\xfb\0| p/Microsoft Windows XP telnetd/ o/Windows XP/ # IRIX 6.5.18f telnetd -match telnet m|^\xff\xfd\x18\xff\xfd \xff\xfd#\xff\xfd\$| p/IRIX telnetd/ v/6.X/ +match telnet m|^\xff\xfd\x18\xff\xfd \xff\xfd#\xff\xfd\$| p/IRIX telnetd/ v/6.X/ o/IRIX/ # OS 400 V4R4M0 # OS/400 V5R1M0 -match telnet m|^\xff\xfd'\xff\xfd\x18$| p/IBM OS 400 telnetd/ +match telnet m|^\xff\xfd'\xff\xfd\x18$| p|IBM OS/400 telnetd| o|OS/400| # JetDirect Model: J4169A Firmware: L.21.11 -match telnet m|^\xff\xfb\x03\xff\xfb\x01\x07HP JetDirect\r\nPassword is not set\r\n| p/HP JetDirect printer telnetd/ i/No password/ +match telnet m|^\xff\xfb\x03\xff\xfb\x01\x07HP JetDirect\r\nPassword is not set\r\n| p/HP JetDirect printer telnetd/ i/No password/ d/printer/ # HP Jetdirect telnet with password protection -match telnet m|^\xff\xfb\x03\xff\xfb\x01\x07HP JetDirect\r\n\r\nEnter username: | p/HP JetDirect printer telnetd/ +match telnet m|^\xff\xfb\x03\xff\xfb\x01\x07HP JetDirect\r\n\r\nEnter username: | p/HP JetDirect printer telnetd/ d/printer/ # HP MPE/iX 5.5 on HP 3000 telnet service match telnet m|^\xff\xfd\x03\xff\xfb\x01\xff\xfd!| p|HP MPE/iX telnetd| # Brother 1870N Printer -match telnet m|^\x1b\[2J\x1b\[1;1f\xff\xfb\x01\xff\xfb\x03\xff\xfd\x03| p/Brother printer telnetd/ +match telnet m|^\x1b\[2J\x1b\[1;1f\xff\xfb\x01\xff\xfb\x03\xff\xfd\x03| p/Brother printer telnetd/ d/printer/ # AIX 4.3.3.0 -match telnet m|^\xff\xfe%\xff\xfd\x18$| p/AIX telnetd/ -match telnet m|^\r\nEfficient ([-.\w ]+) Router \(([-.\d/]+)\) v(\d[-.\w]+) Ready\r\n\xff\xfb\x01\xff\xfb\x03\xff\xfd\x01\xff\xfe\x01Login: | p/Efficient router telnetd/ v/$3/ i/Model $1 - $2/ +match telnet m|^\xff\xfe%\xff\xfd\x18$| p/AIX telnetd/ o/AIX/ +match telnet m|^\r\nEfficient ([-.\w ]+) Router \(([-.\d/]+)\) v(\d[-.\w]+) Ready\r\n\xff\xfb\x01\xff\xfb\x03\xff\xfd\x01\xff\xfe\x01Login: | p/Efficient router telnetd/ v/$3/ i/Model $1 - $2/ d/router/ # http://mldonkey.berlios.de/ # mldonkey-2.5-3 telnet port match telnet m|^\xff\xfd\x1f\n\n\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\n\n Welcome to MLdonkey \n| p/MLdonkey multi-network P2P admin port/ @@ -785,51 +832,51 @@ match telnet m|^\xff\xfb\x01\n\r\n.*Bay Networks (Bay[-.: \w]+)\n\r|s p/Bay Netw match telnet m/^Check Point FireWall-1 authenticated Telnet server running on/ p/Check Point Firewall-1 telnetd/ match telnet m/^\r\nSpeedStream ([^(\r\n]+) \(.*\) v(\S+) Ready\r\n\xff\xfb\x01\xff\xfb\x03\xff\xfd/ p/SpeedStream $1/ v/$2/ # Alcatel SpeedTouch 510 ADSL router - Admin Interface, version 4.0.2.0.0 -match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfb\x01\xff\xfb\x03Username : | p/Alcatel SpeedTouch DSL router admin interface/ d/router/ +match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfb\x01\xff\xfb\x03Username : | p/Alcatel SpeedTouch DSL router admin interface/ d/broadband router/ match telnet m/^\r\nRaptor Firewall Secure Gateway\.\r\n\r\nAccess denied\.\r\n/ p/Symantec Raptor Firewall Secure Gateway telnetd/ i/Access Denied/ match telnet m/^\*\*\*\*\*\*\* System Image Boot \*\*\*\*\*\*\*\n\r\n\rVina Technologies (.*) \((\d[-.\w]+ build \d+)\)\n\r/ p/Vina Technologies $1 telnetd/ v/$2/ match telnet m/^\xff\xfb\x01\xff\xfd\x03\xff\xfb\x03\x1b\[0m\x1b\[2J\x1b\[01;00H\r\0Gigalink ([-+ \w]+)/ p/Gigalink telnetd/ i/on $1/ match telnet m/^\xff\xfb\x03\xff\xfb.*D-Link.*Telnet Console.*Model\s+: ([-+\w]+)/s p/D-Link telnetd/ i/on $1/ match telnet m|^\xff\xfb\x01\x1b\[0m\x1b\[2J\x1b\[0m\x1b\[9;20HCopyright\(C\) 1995-99 D-Link Systems Inc\.\x1b\[13;30HUser Name\x1b\[14;30HPassword\x1b\[23;10HMAC Address:\x1b\[8;29H([-.\w]+) Console Program\x1b\[13;41H| p/D-Link switch admin interface/ i/D-Link $1/ -match telnet m/^\xff\xfa\x18\x01\xff\xf0\xff\xfb\x01\xff\xfb\x03Ambit Cable Router\r\n\r\nLogin: / p/Ambit Cable Router telnetd/ -match telnet m|^\xff\xfc\x01\r\nHP JetDirect\r\n\r\nPlease type \"?\" for HELP, or \"/\" for current settings\r\n> $| p/HP JetDirect telnetd/ +match telnet m/^\xff\xfa\x18\x01\xff\xf0\xff\xfb\x01\xff\xfb\x03Ambit Cable Router\r\n\r\nLogin: / p/Ambit Cable Router telnetd/ d/broadband router/ +match telnet m|^\xff\xfc\x01\r\nHP JetDirect\r\n\r\nPlease type \"?\" for HELP, or \"/\" for current settings\r\n> $| p/HP JetDirect telnetd/ d/printer/ match telnet m/^\n\rVina Technologies (.*) \((\d[-.\w]+ build \d+)\)/ p/Vina Technologies $1 telnetd/ v/$2/ match telnet m/^\xff\xfd\x03\xff\xfb\x03\xff\xfb\x01\x1b\[0m\x1b\[1;1H\x1b\[2J\rD\r \n\r (DES-.*) Command Line Interface\n\r\n/ p/D-Link $1 telnetd/ -match telnet m/^\xff\xfb\x01\xff\xfb\x03\xff\xfc\x1f\n\r\n\rUser Access Verification\n\r\n\r\n\r\n\r\n\rShell version (\d\S+).*Maipu Communication Technology Co\./ p/Maipu Router/ i/shell v$1/ +match telnet m/^\xff\xfb\x01\xff\xfb\x03\xff\xfc\x1f\n\r\n\rUser Access Verification\n\r\n\r\n\r\n\r\n\rShell version (\d\S+).*Maipu Communication Technology Co\./ p/Maipu Router/ i/shell v$1/ d/router/ match telnet m/^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x03\x1b.*Intel Corporation, ([-+. \w()]+)/s p/Intel telnetd/ i/on $1/ match telnet m|^\r\nFlowPoint/(.*) Ready\r\n.*\xff\xfb\x01\xff\xfb| p/Flowpoint telnet/ i/on $1/ match telnet m/Welcome to Tenor Multipath Switch Telnet Server.*Type: (\S+)/s p/Tenor telnetd/ v/$1/ i/on Multipath Switch/ match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x01\x0d\x0a\x0d\x0aCisco\x20Systems.*Console/Telnet Access of the ([-. \w]+) for Configuration Purposes|s p/Cisco $1 telnetd/ # Cisco 350 Series Wireless AP 11.05 -match telnet m|^\xff\xfb\x01\n\r\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08 \x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08| p/Cisco WAP telnetd/ +match telnet m|^\xff\xfb\x01\n\r\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08 \x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08| p/Cisco WAP telnetd/ d/WAP/ # Cisco 678 DSL router -match telnet m|^\r\n\r\nUser Access Verification\r\nPassword:\xff\xfb\x01$| p/Cisco DSL router telnetd/ +match telnet m|^\r\n\r\nUser Access Verification\r\nPassword:\xff\xfb\x01$| p/Cisco DSL router telnetd/ d/broadband router/ # Cisco 2900 Catalyst switch, IOS 12.0(5)XU # Cisco 3600 router running IOS 12.X # Cisco 2600 IOS 12.0 -match telnet m/^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18\xff\xfd\x1f.*User Access Verification\r\n\r\n(Username|Password): $/s p/Cisco telnetd/ i/IOS 12.X/ +match telnet m/^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18\xff\xfd\x1f.*User Access Verification\r\n\r\n(Username|Password): $/s p/Cisco telnetd/ o/IOS 12.X/ d/switch/ # Cisco Pix 501 PIX IOS 6.3(1) telnet -match telnet m/^\xff\xfb\x03\xff\xfb\x01\xff\xfb\x03\xff\xfb\x01.*\r\nUser Access Verification\r\n\r\nPassword: /s p/Cisco telnetd/ i/IOS 6.X/ +match telnet m/^\xff\xfb\x03\xff\xfb\x01\xff\xfb\x03\xff\xfb\x01.*\r\nUser Access Verification\r\n\r\nPassword: /s p/Cisco telnetd/ o/IOS 6.X/ d/firewall/ # Cisco Catalyst 6509 - WS-C6509 Software, Version NmpSW: 5.5(1) -match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x01\r\n\r\nCisco Systems Console\r\n| p/Cisco Catalyst switch telnetd/ -match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18\xff\xfd\x1f\r\n\r\nPassword required, but none set\r\n| p/Cisco router telnetd/ i/password required but not set/ -match telnet m|^Access not permitted\. Closing connection\.\.\.\n$|s p/Cisco catalyst switch telnetd/ i/access denied/ -match telnet m|^\xff\xfd\x18$| p/Cisco microswitch telnetd/ +match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x01\r\n\r\nCisco Systems Console\r\n| p/Cisco Catalyst switch telnetd/ d/switch/ +match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18\xff\xfd\x1f\r\n\r\nPassword required, but none set\r\n| p/Cisco router telnetd/ i/password required but not set/ d/router/ +match telnet m|^Access not permitted\. Closing connection\.\.\.\n$|s p/Cisco catalyst switch telnetd/ i/access denied/ d/switch/ +match telnet m|^\xff\xfd\x18$| p/Cisco microswitch telnetd/ d/switch/ # OpenBSD 2.3 # FreeBSD 5.1 match telnet m|^\xff\xfd%$| p/BSD-derived telnetd/ # Solaris 9 -match telnet m|^\xff\xfd\x18\xff\xfd\x1f\xff\xfd#\xff\xfd'\xff\xfd\$$| p/Sun Solaris telnetd/ +match telnet m|^\xff\xfd\x18\xff\xfd\x1f\xff\xfd#\xff\xfd'\xff\xfd\$$| p/Sun Solaris telnetd/ o/Solaris/ # Redhat Linux 7.3 telnet -match telnet m|\xff\xfd\x18\xff\xfd \xff\xfd#\xff\xfd'$| p/Linux telnetd/ -match telnet m|^\xff\xfb\x01\n\rUser Name : $| p/APC network management card telnetd/ -match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x03\n\rUser Name : | p|APC telnetd| i|Power/UPS device| +match telnet m|\xff\xfd\x18\xff\xfd \xff\xfd#\xff\xfd'$| p/Linux telnetd/ o/Linux/ +match telnet m|^\xff\xfb\x01\n\rUser Name : $| p/APC network management card telnetd/ d/power device/ +match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x03\n\rUser Name : | p|APC telnetd| i|Power/UPS device| d|power device| # G-Net BB0060 ADSL Modem -match telnet m|^\xff\xfb\x01\xff\xfd\x03\xff\xfb\x03\n\r \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\n\r.*GlobespanVirata Inc\., Software Release ([-.\w]+)\n\r|s p/GlobespanVirata telnetd/ v/$1/ i/on broadbrand router/ +match telnet m|^\xff\xfb\x01\xff\xfd\x03\xff\xfb\x03\n\r \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\n\r.*GlobespanVirata Inc\., Software Release ([-.\w]+)\n\r|s p/GlobespanVirata telnetd/ v/$1/ d/broadbrand router/ # HP-UX B.11.00 A -match telnet m|^\xff\xfd\$$| p/HP-UX telnetd/ +match telnet m|^\xff\xfd\$$| p/HP-UX telnetd/ o/HP-UX/ # Cayman-DSL Model 3220-H, DMT-ADSL (Alcatel) OS version 6.3.0 -match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfe\x01\n\rlogin: $| p/Cayman-DSL router telnetd/ +match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfe\x01\n\rlogin: $| p/Cayman-DSL router telnetd/ d/broadband router/ # Blue Coat Port 80 Security Appliance Model: Blue Coat SG400 Software Version: SGOS 2.1.6044 Software Release id: 19480 Service Pack 4 # Maybe I should call this SGOS telnetd instead match telnet m|^\xff\xfb\x03\xff\xfb\x01\xff\xfd\x1f\r\n\r\nUsername: $| p/Blue Coat telnetd/ @@ -837,8 +884,8 @@ match telnet m|^\xff\xfb\x01@ Userid: | p/Shiva LanRover telnetd/ # Netscreen ScreenOS 4.0.1r1.0 telnetd on a netscreen 5XT running firmware 4.0.1r1.0 match telnet m|^\xff\xfd\x18\xff\xfb\x01\xff\xfe\x01Remote Management Console\r\n\r\nlogin: $| p/Netscreen ScreenOS telnetd/ # Note that openwall telnetd is derived from OpenBSD telnetd -match telnet m|^\xff\xfd\x18\xff\xfd \xff\xfd#\xff\xfd'\xff\xfd\$$| p|Openwall GNU/*/Linux telnetd| -match telnet m|^\xff\xfc\x01\r\nHP JetDirect\r\n\r\nPlease type \"\?\" for HELP, or \"/\" for current settings\r\n> $| p/HP Jet Direct printer telnetd/ +match telnet m|^\xff\xfd\x18\xff\xfd \xff\xfd#\xff\xfd'\xff\xfd\$$| p|Openwall GNU/*/Linux telnetd| o|Linux| +match telnet m|^\xff\xfc\x01\r\nHP JetDirect\r\n\r\nPlease type \"\?\" for HELP, or \"/\" for current settings\r\n> $| p/HP Jet Direct printer telnetd/ d/printer/ match telnet m|^\xff\xfb\x01\xff\xfb\x03\r\nAXIS (\S+) TELNET| p/AXIS Webcam/ v/$1/ match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18\xff\xfd\x1f\r\n\r\nTelebit\'s NetBlazer Version (\S+)\r\n| p/Telebit NetBlazer/ v/$1/ match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x03.*?FORE\x20Systems,\x20FORE\x20ES-2810.*?Version (\d[\d\.-]+)| p/FORE Systems ES-2810/ v/$1/ @@ -849,6 +896,10 @@ match telnet m|^\xff\xfb\x01login:\x20$| p/telnet/ i/generic/ match telnet m|^\xff\xfb\x01\xff\xfd\x01\xff\xfb\x03\xff\xfd\x03\xff\xfb\x05\xff\xfd\x05Welcome to ([\w-_]+) Debug Terminal - \d*\n\r\n\r\n\rlogin:| p/hp StorageWorks SSL1016 tape autoloader/ i/Name: $1/ match telnet m|^\xff\xfb\x01\xff\xfd\x03\xff\xfb\x03\r\n\r\nWelcome to Print Server\r\n\r\nPS>| p/Micronet SP733/ d/Print Server/ match telnet m|^\x1b\[0m\x1b\[2J\x1b\[01;28HCONEXANT SYSTEMS, INC\.\x1b\[02;19H ACCESS RUNNER ADSL CONSOLE PORT\x1b\[24;01H>>>\x1b\[24;01HLOGON PASSWORD>\x1b\[02;53H3\.27\x1b\[24;17H\x1b\[24;17H\x1b\[24;17H\x1b\[24;17H| p/MICRONET SP3356/ d/router/ +match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18\xff\xfd\x1f\r\n\r\nWelcome on (.*)\r\n\r\n\r\nUsername: | p/Cisco Router 2621/ i/Banner: $1/ +match telnet m|^\xff\xfb\x01\xff\xfd\x18\nTelnet Service on the PrintServer\n\n\rPassword: | p/Hawking Print Server telnetd/ d/print server/ +match telnet m|^\xff\xfb\x01\xff\xfb\x03\r\n\r\n Welcome to OpenVMS \(TM\) Alpha Operating System, Version V([\d.]+) \r\n\r\n\rUsername: | p/OpenVMS telnetd/ o/OpenVMS $1/ +match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x01\x1b\[0;37;40m\x1b\[2J\x1b\[0;37;40m\x1b\[1m\x1b\[5;27HVertical Horizon Stack Manager\x1b\[0;37;40m\x1b\[1m\x1b\[10;26HEnterasys Networks, Incorporated| p/Enterasys Vertical Horizon Manager/ d/switch/ # tinc 1.0.2-2 on Linux match tinc m|^0 \w+ 17\n| p/tinc vpn daemon/ @@ -871,7 +922,7 @@ match vtun m|^VTUN server ver \. (\d[-.\w /]+)\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 # http://www.3w.net/lan/faq.html match websense-eim m|^\x96\xfeS\xab$| p/Websense EIM/ -match winshell m/^Microsoft Windows ((2000)|(XP)|(NT 4\.0)) \[Version ([\d.]+)\]\r\n\(C\) Copyright 1985-20\d\d Microsoft Corp\.\r\n\r\n/ p/Microsoft Windows $1 $5 cmd.exe/ +match winshell m/^Microsoft Windows ((2000)|(XP)|(NT 4\.0)) \[Version ([\d.]+)\]\r\n\(C\) Copyright 1985-20\d\d Microsoft Corp\.\r\n\r\n/ p/Microsoft Windows $1 $5 cmd.exe/ o/Windows/ # CcXstream Media Server 1.0.15 on Linux - Uses XBMSP (X-Box Media Streaming Protocol) match xbmsp m|^XBMSP-1\.0 1\.0 CcXstream Media Server (\d[-.\w]+)\n| p/CcXstream Media Server/ v/$1/ @@ -897,53 +948,57 @@ match smtp m|^220 PostCast SMTP server.*\r\n$| p/PostCast SMTP server/ match omapi m|^\0\0\0d\0\0\0\x18$| p/ISC (BIND|DHCPD) OMAPI/ match svnserve m|^\(\x20success\x20\(\x201\x202\x20\(\x20ANONYMOUS\x20\)\x20\(\x20edit-pipeline\x20\)\x20\)\x20\)\x20$| p/Subversion/ match icecreamd m|^[\x14-\x1f]\0\0\0$| p/icecreamd/ - -match apc-agent m|^\xac\xed\0\x05$| p/APC PowerChute agent/ +match apc-agent m|^\xac\xed\0\x05$| p/APC PowerChute agent/ d/power device/ +# OpenH323 Gatekeeper 2.0.3 +match afs3-fileserver m|^\xff\xfd\x03\xff\xfb\x05Version:\r\nGatekeeper\(GNU\) Version\(([\d.]+)\) Ext\(.*\) Build\(.*\) Sys\(Linux .*\)\r\n\r\n| p/OpenH323 Gatekeeper/ v/$1/ o/Linux/ ##############################NEXT PROBE############################## Probe TCP GenericLines q|\r\n\r\n| -ports 21,23,43,98,110,113,119,199,505,540,628,1040,1248,1467,1501,2010,3333,5432,5555,6112,6667-6670,8000,11965,30444 +ports 21,23,43,98,110,113,119,199,505,540,628,1040,1248,1467,1501,2010,3128,3333,5432,5555,6112,6667-6670,8000,11965,30444 # bnetd (PvPGN BnetD Mod version 1.5.0) on Debian GNU/Linux (sid) match bnetd m|^BOT or Telnet Connection from \[127\.0\.0\.1\]\r\n\r\nEnter your account name and password\.\r\nSorry, there is no guest account\.\r\n\r\nUsername: | p/PvPGN BnetD Mod/ v/1.5.0/ match bnetd m|^Username: $| p/bnetd open source Blizzard Battlenet server/ # bnetd server 0.4.25 on Linux # Cisco PIX 501 running PIX IOS 6.3(1) -match ciscopsdm m|^\xc0\0\x01\0....\0\0\0\x03| p/Cisco PIX Secure Database Manager/ +match ciscopsdm m|^\xc0\0\x01\0....\0\0\0\x03| p/Cisco PIX Secure Database Manager/ d/firewall/ o/IOS/ match crossmatchverifier m|^Idle\r\n$| p/Cross Match Technologies Verifier fingerprint capture control port/ # I think this type of eggdrop banner is only used when customized or such. match eggdrop m|^\r\nNickname\.\r\nSorry, that nickname format is invalid\.\r\n$| p/Eggdrop irc bot console/ # Alcatel Speedtouch ADSL Router -match ftp m|^220 Inactivity timer = \d+ seconds\. Use 'site idle ' to change\.\r\n221 Goodbye \(badly formated command seen\)\. You uploaded 0 and downloaded 0 kbytes\.\r\n221 Goodbye \(badly formated command seen\)\. You uploaded 0 and downloaded 0 kbytes\.\r\n$| p/Alcatel Speedtouch aDSL router ftpd/ d/router/ +match ftp m|^220 Inactivity timer = \d+ seconds\. Use 'site idle ' to change\.\r\n221 Goodbye \(badly formated command seen\)\. You uploaded 0 and downloaded 0 kbytes\.\r\n221 Goodbye \(badly formated command seen\)\. You uploaded 0 and downloaded 0 kbytes\.\r\n$| p/Alcatel Speedtouch aDSL router ftpd/ d/broadband router/ # bftpd 1.0.22 on Linux 2.4 match ftp m|^220 \r\n500 Unknown command: \"\"\r\n500 Unknown command: \"\"\r\n$| p/bftpd/ # Multitech MultiVoip 410 VoIP gateway -match ftp m|^220 Service ready\r\n500 Unsupported command\r\n$| p/Multitech MultiVoip 410 VoIP gateway ftpd/ +match ftp m|^220 Service ready\r\n500 Unsupported command\r\n$| p/Multitech MultiVoip 410 VoIP gateway ftpd/ d/VoIP adapter/ # NetportExpress PRO/100 3 port print server -match ftp m|^220 FTP server ready\.\r\n530 access denied\.\r\n| p/Intel NetportExpress print server ftpd/ +match ftp m|^220 FTP server ready\.\r\n530 access denied\.\r\n| p/Intel NetportExpress print server ftpd/ d/print server/ # D-Link Print Server internal FTP daemon (Firmware version 1.38) - D-Link Print Server DP-101 -match ftp m|^220 FTP server ready\.\r\n501 Command not supported\.\r\n$| p/D-Link Printer Server ftpd/ -match ftp m|^220 [-.\w]+ FTP server ready\.\r\n530 Please login with USER and PASS\.\r\n530 Please login with USER and PASS\.\r\n$| p/Solaris ftpd/ +match ftp m|^220 FTP server ready\.\r\n501 Command not supported\.\r\n$| p/D-Link Printer Server ftpd/ d/print server/ +match ftp m|^220 ([-.\w]+) FTP server ready\.\r\n530 Please login with USER and PASS\.\r\n530 Please login with USER and PASS\.\r\n$| p/Solaris ftpd/ h/$1/ o/Solaris/ # vsftpd (Very Secure FTP Daemon) 1.0.0 on linux with custom ftpd_banner # We'll have to see if this match is unique enough match ftp m|^220 .*\r\n530 Please login with USER and PASS\.\r\n530 Please login with USER and PASS\.\r\n|s p/vsFTPd/ i/customized banner/ -match ftp m|^220 [-.\w]+ FTP Server ready \.\.\.\r\n530 \r : User not logged in\. Please login with USER and PASS first\.\r\n530 \r : User not logged in\. Please login with USER and PASS first\.\r\n$| p/Bulletproof ftp server/ i/Windows/ +match ftp m|^220 ([-.\w]+) FTP Server ready \.\.\.\r\n530 \r : User not logged in\. Please login with USER and PASS first\.\r\n530 \r : User not logged in\. Please login with USER and PASS first\.\r\n$| p/Bulletproof ftp server/ o/Windows/ h/$1/ # BulletProof FTP 2.21 on Windows 2000 Server -match ftp m|^220 ftp\r\n$| p/Bulletproof ftp server/ i/Windows/ +match ftp m|^220 ftp\r\n$| p/Bulletproof ftp server/ o/Windows/ # WarFTP Daemon 1.70 on Win2K -match ftp m|^220 [-.+\w]+ FTP SERVICE ready\r\n500 Please enter a command\. Dunno how to interperet empty lines\.\.\.\r\n500 Please enter a command\. Dunno how to interperet empty lines\.\.\.\r\n$| p/WarFTPd/ i/Windows/ +match ftp m|^220 ([-.+\w]+) FTP SERVICE ready\r\n500 Please enter a command\. Dunno how to interperet empty lines\.\.\.\r\n500 Please enter a command\. Dunno how to interperet empty lines\.\.\.\r\n$| p/WarFTPd/ h/$1/ o/Windows/ # GKrellM System Monitor 2.1.15 on Linux match gkrellm m|^\nBad connect string!| p/GKrellM System Monitor/ -# Some web servers don't gie a 'Server: ' line for the Get request, but do for this probe. -match http m|^HTTP/1\.1 400 .*\r\nServer: Microsoft-IIS/(\d[-.\w]+)\r\n| p/Microsoft IIS webserver/ v/$1/ +# Some web servers don't give a 'Server: ' line for the Get request, but do for this probe. +match http m|^HTTP/1\.1 400 .*\r\nServer: Microsoft-IIS/(\d[-.\w]+)\r\n| p/Microsoft IIS webserver/ v/$1/ o/Windows/ # Icecast version: 1.9+2.0alphasn match http m|^HTTP/1\.0 401 Authentication Required\r\nWWW-Authenticate: Basic realm=\"Icecast2 Server\"\r\n\r\nYou need to authenticate\r\n| p/Icecast streaming media server/ # Network Flight Recorder v3.2 on Solaris 8 (sparc) match http m|^HTTP/1\.0 400 Bad request\r\n\r\n$| p/Network Flight Recorder IDS/ # Cisco 350 Series 802.11 AP -match http m|^HTTP/1\.0 400 Bad Request\r\nServer: thttpd/(\d[-.\w ]+)\r\n| p/thttpd/ v/$1/ +match http m|^HTTP/1\.0 400 Bad Request\r\nServer: thttpd/(\d[-.\w ]+)\r\n| p/thttpd/ v/$1/ d/WAP/ +# OpenPGP Public Key Server 0.9.6 +match http m|^HTTP/1\.0 400 Bad Request\r\nServer: pks_www/([\d.]+)\r\nContent-type: text/html\r\n\r\n400 Bad Request\r\n| p/OpenPGP Public Key Server/ v/$1/ + match icecast m|^HTTP/1\.0 200 OK\r\nServer: icecast/(\d[-.\w]+)\r\n| p|Shoutcast/Icecast streaming audio| v|$1| # slident 0.0.19 @@ -952,9 +1007,9 @@ match ident m|^0, 0: ERROR: UNKNOWN-ERROR\n$| p/slident/ match ident m|^0,0:ERROR:UNKNOWN-ERROR\r\n$| p/mlidentd/ # OpenBSD 3.2 identd # May apply to Linux too -- need to investigate further. -match ident m|^0 , 0 : ERROR : UNKNOWN-ERROR\r\n$| p/OpenBSD identd/ +match ident m|^0 , 0 : ERROR : UNKNOWN-ERROR\r\n$| p/OpenBSD identd/ o/OpenBSD/ # FreeBSD 4.8-RC inetd internal identd -match ident m|^0 , 0 : ERROR : INVALID-PORT\r\n$| p/FreeBSD identd/ +match ident m|^0 , 0 : ERROR : INVALID-PORT\r\n$| p/FreeBSD identd/ o/FreeBSD/ # pidentd-3.1a19-157 match ident m|^ : ERROR : UNKNOWN-ERROR\r\n$| p/pidentd/ match ident m|^0, 0 : ERROR : X-INVALID-REQUEST\r\n$| p/Minidentd/ @@ -972,7 +1027,7 @@ match inetd m|^<\d+>[A-Z][a-z][a-z] +\d+ \d+:\d+:\d+ inetd\[\d+\]: execv (/[-.\\ # Diverse IRC bot match ircbot m|^ \r\nSorry, that nickname format is invalid\.\r\r\n$| p/Diverse IRC bot/ # Part of Linux net-snmp-5.0.6-17 -match linuxconf m|^500 access denied: Check networking/linuxconf network access\r\n$| p/Linuxconf/ i/Access denied/ +match linuxconf m|^500 access denied: Check networking/linuxconf network access\r\n$| p/Linuxconf/ i/Access denied/ o/Linux/ # Linuxconf 1.26r4 match linuxconf m|^500 access denied: Check config/networking/misc/linuxconf network access\r\n

\r\nBy default,| p/Linuxconf/ i/Access denied/ # Netsaint Status Daemon 2.15 @@ -982,17 +1037,17 @@ match nsclient m|^ERROR:Wrong password$| p/Netsaint Windows Client/ match omniback m|^HP OpenView OmniBack II ([-.\w]+): INET, | p/HP OpenView OmniBack/ v/$1/ # Mercury/32 3.32 PH Server module on Windows XP -match ph-addressbook m|^598::Command not recognized\.\r\n598::Command not recognized\.\r\n$| p|Mercury/32 PH addressbook server| i|Win32| +match ph-addressbook m|^598::Command not recognized\.\r\n598::Command not recognized\.\r\n$| p|Mercury/32 PH addressbook server| o|Windows| -match pop3 m|^\+OK POP3 [-.+\w]+ v(\d[-.\w]+) server ready\r\n| p/ipop3d/ v/$1/ +match pop3 m|^\+OK POP3 ([-.+\w]+) v(\d[-.\w]+) server ready\r\n| p/ipop3d/ h/$1/ v/$2/ # iopd 2003debian0.0304182231-1 -match pop3 m|^\+OK POP3 \[[-.\w]+\] v(200[-.\w]+) server ready\r\n-ERR Null command\r\n-ERR Null command\r\n| p/ipopd/ v/$1/ +match pop3 m|^\+OK POP3 \[([-.\w]+)\] v(200[-.\w]+) server ready\r\n-ERR Null command\r\n-ERR Null command\r\n| p/ipopd/ h/$1/ v/$2/ # Solid POP3d 0.15 match pop3 m|^\+OK Solid POP3 server ready\r\n-ERR unknown command\r\n-ERR unknown command\r\n$| p/Solid POP3d/ # OS 400 V4R4M0 -match pop3 m|^\+OK POP3 server ready\r\n-ERR invalid command\r\n$| p/IBM OS 400 pop3d/ +match pop3 m|^\+OK POP3 server ready\r\n-ERR invalid command\r\n$| p/IBM OS 400 pop3d/ o|OS/400| # mailgate v3.5.177 on Win2K -match pop3 m|^\+OK pop server ready\r\n$| p/MailGate pop3d/ i/Windows/ +match pop3 m|^\+OK pop server ready\r\n$| p/MailGate pop3d/ o/Windows/ # Postgres 7.1.3 match postgresql m|^EInvalid packet length\0$| p/PostgreSQL DB/ # postgresql-7.2.3-5.73; linux 2.4.20-18.7 redhat 7.3 @@ -1002,11 +1057,13 @@ match qmqp m|^58:Dnetstring format error while receiving QMQP packet header,$| p # Ximian Red Carpet Daemon 1.4.4 on RedHat Linux 9.0 match redcarpet m|^Status: 400 Bad Request\r\nContent-Length: 0\r\n\r\n| p/Ximian Red Carpet Daemon/ -match smux m|^A\x01\x02$| p/Linux SNMP multiplexer/ +match smux m|^A\x01\x02$| p/Linux SNMP multiplexer/ o/Linux/ # Solaris 9 -match uucp m|^login: Please enter user name: Password: $| p/Solaris uucpd/ -match ups m|^32\r $| p/Cyber Power PowerPanelPlus UPS Server/ i/Windows/ +match uucp m|^login: Please enter user name: Password: $| p/Solaris uucpd/ o/Solaris/ +match ups m|^32\r $| p/Cyber Power PowerPanelPlus UPS Server/ o/Windows/ match whois m|^% No entries found for the selected source\(s\)\.\n$| p/Merit IRRD whoisd/ +match whois m|^Process query: ''\nQuery recognized as IP\.\nQuerying ([\w\d-_.]+):(\d+) with whois\.\n\n| p/gwhois/ i/Uses $1:$2/ +match whois m|^Process query: ''\nQuery recognized as IP\.\n| p/gwhois/ match zebedee m|^\x02\x01$| p/Zebedee encrypted tunnel/ match bmc-perform-service m|^SDPACK$| p/BMC Perform Service Daemon/ @@ -1021,17 +1078,21 @@ match nntp m|^200 Coruscant BBS News \(Synchronet NNTP Service v(\d[-.\w ]+)\)\r # wesnotd multiplayer network daemon (http://www.wesnoth.org/) match wesnotd m|^\0\0\0\x16\0\0\0\x1f\x02version\0\x040\..\..\0\0\x02mustlogin\0x05\x01\0| p/wesnotd/ - - - # SHOUTcast Distributed Network Audio: www.shoutcast.com match shoutcast m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/([\w\d]+).v([\d.]+).*icy-name:(.*?)\r\n|s p/SHOUTcast server ($1)/ v/$2/ i/Name: $3/ match shoutcast m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/([\w\d]+).v([\d.]+)|s p/SHOUTcast server ($1)/ v/$2/ match shoutcast m|^ICY 401 Service Unavailable\r\n.*SHOUTcast Distributed Network Audio Server/([\w\d]+) v([\d.]+)|s p/SHOUTcast server ($1)/ v/$2/ +match bitkeeper m|^ERROR-Try help\nERROR-Try help\n$| p/Bitkeeper/ +match webcache m|^HTTP/1\.0 400 Bad Request\r\nExpires: .*\r\nContent-Type: text/html\r\n\r\n\nBad formed request or url\n| p/webcache/ +# Novell ZENworks for Desktops Imaging Proxy 4.01.03 +# Not sure if this is netware specific (linux too?) -Doug +match zenimaging m|^\xff\xff\xfb&$| p/Novell ZENworks Imaging Proxy/ + + ##############################NEXT PROBE############################## Probe TCP GetRequest q|GET / HTTP/1.0\r\n\r\n| -ports 70,79,80-85,88,113,139,143,280,497,515,540,554,631,783,993,995,1220,1503,2030,3052,3128,3372,3531,3689,5000,5432,5800-5803,5900,6699,7070,8000-8010,8080-8085,8880-8888,9090,9999,10000,10005,11371,13722,15000,40193,4711 +ports 70,79,80-85,88,113,139,143,280,497,515,540,554,620,631,783,993,995,1220,1503,2030,3052,3128,3372,3531,3689,5000,5432,5800-5803,5900,6699,7070,8000-8010,8080-8085,8880-8888,9090,9999,10000,10005,11371,13722,15000,40193,4711 sslports 443 # Kerio PF 4.0.11 unregistered - Service process (Port 44xxx?) on MS W2K SP4+ @@ -1043,32 +1104,32 @@ match dantzretrospect m|^\0\xca\0\0\0\0\0\x04\0\0\0\0$| p/Dantz Retrospect/ v/6. match dnet-keyproxy m|^HTTP/1\.0 302 Found\r\nLocation: http://www\.distributed\.net/\r\n\r\n$| p/Distributed.Net HTTP Keyproxy/ # Digital UNIX 5.6 -match finger m|^Login name: / \t\t\tIn real life: \?\?\?\r\n\r\nLogin name: GET \t\t\tIn real life: \?\?\?\r\n\r\nLogin name: HTTP/1\.0 \t\t\tIn real life: \?\?\?\r\n$| p/Digital UNIX fingerd/ +match finger m|^Login name: / \t\t\tIn real life: \?\?\?\r\n\r\nLogin name: GET \t\t\tIn real life: \?\?\?\r\n\r\nLogin name: HTTP/1\.0 \t\t\tIn real life: \?\?\?\r\n$| p/Digital UNIX fingerd/ o/DIGITAL UNIX/ # Internet Rex v2.67 Beta 1a match finger m|^No such user No such user N\n$| p/Internet Rex finger server/ # FreeBSD 4.9-STABLE /usr/libexec/fingerd/ -match finger m|^finger: /: no such user\nfinger: GET: no such user\nfinger: HTTP/1\.0: no such user\n$| p/FreeBSD fingerd/ +match finger m|^finger: /: no such user\r?\nfinger: GET: no such user\r?\nfinger: HTTP/1\.0: no such user\r?\n$| p/FreeBSD fingerd/ o/FreeBSD/ # Bay Networks Micro Annex Comm. Server R10.0 match finger m|^No such activity\.\r\n$| p/Bay Networks Micro Annex terminal server fingerd/ # Mercury/32 3.32 Finger Server module on Windows XP -match finger m|^GET / HTTP/1\.0 is not known at this site\.\r\n$| p|Mercury/32 fingerd| i|Win32| +match finger m|^GET / HTTP/1\.0 is not known at this site\.\r\n$| p|Mercury/32 fingerd| o|Windows| # ffingerd 1.28 match finger m|^That user does not want to be fingered\.\n$| p/ffingerd/ # Finger 0.17 from debian linux (which is from Linux netkit I believe) # OpenBSD 2.3 match finger m|^finger: GET: no such user\.\nfinger: /: no such user\.\nfinger: HTTP/1\.0: no such user\.\n$| p|BSD/Linux fingerd| # Linux port of in.fingerd from OpenBSD network tools - started with -w to show welcome banner -match finger m|^\r\nWelcome to Linux version (\d[-.\w]+) at [-.\w]+ !\r\n\n.*(\d+) user.*\n\r\nfinger: GET: no such user\.\nfinger: /: no such user\.\nfinger: HTTP/1\.0: no such user\.\n| p/OpenBSD fingerd/ i/ported to Linux; Linux version $1; $2 users logged in/ +match finger m|^\r\nWelcome to Linux version (\d[-.\w]+) at ([-.\w]+) !\r\n\n.*(\d+) user.*\n\r\nfinger: GET: no such user\.\nfinger: /: no such user\.\nfinger: HTTP/1\.0: no such user\.\n| p/OpenBSD fingerd/ i/ported to Linux; $2 users logged in/ o/Linux version $1/ h/$2/ o/Linux/ # Redhat Linux from finger-server-0.17-9 RPM -match finger m|^finger: GET: no such user.\r\nfinger: /: no such user.\r\nfinger: HTTP/1.0: no such user.\r\n$| p/Linux fingerd/ +match finger m|^finger: GET: no such user.\r\nfinger: /: no such user.\r\nfinger: HTTP/1.0: no such user.\r\n$| p/Linux fingerd/ o/Linux/ # NetBSD 1.6ZA (berkeley fingerd 8.1 sibling) match finger m|^finger: GET: no such user\nfinger: /: no such user\nfinger: HTTP/1\.0: no such user\n$| p/NetBSD fingerd/ # Solaris 9 -match finger m|^Login Name TTY Idle When Where\r\nGET \?\?\?\r\n/ \?\?\?\r\nHTTP/1\.0 \?\?\?\r\n$| p/Sun Solaris fingerd/ +match finger m|^Login Name TTY Idle When Where\r\nGET \?\?\?\r\n/ \?\?\?\r\nHTTP/1\.0 \?\?\?\r\n$| p/Sun Solaris fingerd/ o/Solaris/ # mlfingerd 1.1 match finger m|^Information for user 'GET\+20\+2F\+20HTTP\+2F1\.0':\r\nUnknown user\.\r\n$| p/mlfingerd/ # SGI IRIX 6.5.18f finger -match finger m|^Login name: GET \t\t\tIn real life: \?\?\?\r\n$| p/SGI IRIX fingerd/ +match finger m|^Login name: GET \t\t\tIn real life: \?\?\?\r\n$| p/SGI IRIX fingerd/ o/IRIX/ match gnutella m|^HTTP/1\.[01] 404 Not Found\r\nServer: gtk-gnutella/(\d[-.\w]+) \(([^\)\r\n]+)\)\r\n| p/gtk-gnutella P2P client/ v/$1/ i/$2/ # LimeWire 3.5.8 on Suse Linux 8.1 @@ -1078,7 +1139,7 @@ match gnutella m|^HTTP/1\.1 404 Not Found\r\nServer: giFT-Gnutella/(\d[-.\w]+)\r match gnutella m|^HTTP/1\.1 200 OK\r\n.*\r\nServer: Shareaza (\d\S+)|s p/Shareaza/ v/$1/ match gopher m|^HTTP/1\.0 200 Ok\r\nMIME-Version: 1\.0\r\nServer: GopherWEB/(\d[-.\w]+)\r\n| p/Internet Gopher Server/ i/Gopher+ protocol; GopherWeb $1/ -match http m|^HTTP/1\.0 401 Unauthorized\r\nPragma: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Login to the Router Web Configurator\"\r\n\r\n\n \n 401 Unauthorized\n \n\n\n

| p/Draytek Vigor aDSL router webadmin/ +match http m|^HTTP/1\.0 401 Unauthorized\r\nPragma: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Login to the Router Web Configurator\"\r\n\r\n\n \n 401 Unauthorized\n \n\n\n
| p/Draytek Vigor aDSL router webadmin/ d/broadband router/ match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: webfs/(\d[-.\w]+)\r\n| p/WebFS httpd/ v/$1/ match http m|^HTTP/1\.0 200 OK\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n\n\n\n\n\n\n\n.*PhaserLink| p/Tektronix Phaser printer webadmin/ i/Ebedded Spyglass MicroServer $1/ +match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: Tue, 07 Oct 2003 12:26:05 GMT\r\nAllow: GET, HEAD\r\nServer: Spyglass_MicroServer/(\d[-.\w]+)\r\n\r\n<html>\n\n<head>\n\n<title>.*PhaserLink| p/Tektronix Phaser printer webadmin/ i/Ebedded Spyglass MicroServer $1/ d/printer/ match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: 3Com/v(\d[-.\w]+)\r\nWWW-Authenticate:Basic realm=\"device\"\r\n| p/3Com switch webadmin/ v/$1/ -match http m|^HTTP/1\.0 401 Unauthorized\nDate: .*\nServer: Acme\.Serve/v(\d[-.\w ]+)\nConnection: close\nExpires: .*\nWWW-Authenticate: Basic realm=\"PowerChute network shutdown\"\n|s p/APC Powerchute UPS web management/ i/Embedded Acme.Serv $1/ -match http m|^HTTP/1\.0 302 Found\r\nLocation: /index\.htm\r\n\r\n| p/Alcatal Speedtouch aDSL router webadmin/ +match http m|^HTTP/1\.0 401 Unauthorized\nDate: .*\nServer: Acme\.Serve/v(\d[-.\w ]+)\nConnection: close\nExpires: .*\nWWW-Authenticate: Basic realm=\"PowerChute network shutdown\"\n|s p/APC Powerchute UPS web management/ i/Embedded Acme.Serv $1/ d/power device/ +match http m|^HTTP/1\.0 302 Found\r\nLocation: /index\.htm\r\n\r\n| p/Alcatal Speedtouch aDSL router webadmin/ d/broadband router/ match http m|^HTTP/1\.0 404 Not Found\r\nServer: pks_www/(\d[-.\w]+)\r\n| p/OpenPGP public key server/ v/$1/ -match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Apache/0\.6\.5\r\nPragma: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"System Setup\"\r\n| p/BenQ AWL wireless router webadmin/ +match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Apache/0\.6\.5\r\nPragma: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"System Setup\"\r\n| p/BenQ AWL wireless router webadmin/ d/broadband router/ # Orinoco bg-2000 Access Point match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Agranat-EmWeb/R5_2_6\r\nWWW-Authenticate: Basic realm=\"gateway\"\r\n| p/Orinoco WAP webadmin/ i/Embedded webserver: Agranat-EmWeb 5.2.6/ # ORiNOCO AP-600 @@ -1105,89 +1166,97 @@ match http-mgmt m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R6_0_1\r\n-ransfer-E match http-mgmt m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Virata-EmWeb/R6_2_1\r\nLocation: https://([\d.]+)/\r\nContent-Type: text/html\r\nContent-Length: 90\r\n\r\n<HEAD><TITLE>Moved| p/HP Color LaserJet 3500/ i/Virata embedded httpd 6.2.1/ d/printer/ match http m|^HTTP/1\.1 301 Resource Moved\r\nCONTENT-LENGTH: 0\r\nEXPIRES: .*\r\nLocation: /hp/device/this\.LCDispatcher\r\nCACHE-CONTROL: no-cache\r\nSERVER: HP-ChaiSOE/([\d.]+)\r\n-ONNECTION: Keep-Alive\r\n\r\n| p/hp color LaserJet 4650/ i/HP-ChaiSOE $1/ d/printer/ + +# HP Printers +match http-mgmt m|^HTTP/1\.1 200 OK\r\nServer: Agranat-EmWeb/R5_2_6\r\nContent-Type: text/html;charset=ISO-8859-1\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n \n\n | p/HP LaserJet/ i/Embedded webserver: Agranat-EmWeb 5.2.6/ d/printer/ +match http-mgmt m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R6_2_1\r\nContent-Type: text/html;charset=ISO-8859-1\r\nExpires: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n<!DOCTYPE html\nPUBLIC | p/HP LaserJet/ i/Embedded webserver: Agranat-EmWeb 6.2.1/ d/printer/ +match http-mgmt m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R6_2_1\r\nContent-Type: text/html;charset=utf-8\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n<!-- DOCTYPE tag is included to support the XHTML -->\n<!DOCTYPE html\n PUBLIC | p/HP LaserJet/ i/Embedded webserver: Agranat-EmWeb 6.2.1/ d/printer/ +match http-mgmt m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R6_0_1\r\n-ransfer-Encoding: chunked\r\nContent-Type: text/html\r\nExpires: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n\n\n<!DOCTYPE html\nPUBLIC| p/HP JetDirect/ i/Embedded webserver: Virata-EmWeb 6.0.1/ d/printer/ +match http-mgmt m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Virata-EmWeb/R6_2_1\r\nLocation: https://([\d.]+)/\r\nContent-Type: text/html\r\nContent-Length: 90\r\n\r\n<HEAD><TITLE>Moved| p/HP Color LaserJet 3500/ i/Virata embedded httpd 6.2.1/ d/printer/ +match http m|^HTTP/1\.1 301 Resource Moved\r\nCONTENT-LENGTH: 0\r\nEXPIRES: .*\r\nLocation: /hp/device/this\.LCDispatcher\r\nCACHE-CONTROL: no-cache\r\nSERVER: HP-ChaiSOE/([\d.]+)\r\n-ONNECTION: Keep-Alive\r\n\r\n| p/hp color LaserJet 4650/ i/HP-ChaiSOE $1/ d/printer/ + match http m|^HTTP/1\.0 200 OK\nServer: stats\.mod/(\d[-.\w]+)\n| p/Eggdrop stats.mod web statistics module/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\nServer: PPR-httpd/(\d[-.\w]+)\r\n| p/PPR print spooling daemon ppradmin/ v/$1/ -match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: RAC_ONE_HTTP (\d[-.\w]+)\r\n| p/Dell Embedded Remote Access card webserver/ v/$1/ -match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n\r\n\r\nEpsonNet WebAssist Rev\.(\d[-.\w]+)| p/EpsonNet WebAssist printer configuration/ v/$1/ -match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n\r\nLexmark ([-/.+\w]+)| p/Lexmark printer webadmin/ i/Lexmark $1/ +match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: RAC_ONE_HTTP (\d[-.\w]+)\r\n| p/Dell Embedded Remote Access card webserver/ v/$1/ d/terminal server/ +match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n\r\n\r\nEpsonNet WebAssist Rev\.(\d[-.\w]+)| p/EpsonNet WebAssist printer configuration/ v/$1/ d/printer/ +match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n\r\nLexmark ([-/.+\w]+)| p/Lexmark printer webadmin/ i/Lexmark $1/ d/printer/ match http m|^HTTP/1\.0 200 OK\nServer: III (\d[-.\w]+)\n| p/Innovative Interfaces Innopac httpd/ v/$1/ -match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"CISCO_WEB\"\r\n| p/Cisco DSL router webadmin/ -match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n.*Server: Allegro-Software-RomPager/([\w.]+)\r\n\r\n\n\nCisco Systems, Inc\..*Cisco IP Phone (\d+)|s p/Cisco IP Phone $2/ i/Allegro RomPager $1/ +match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"CISCO_WEB\"\r\n| p/Cisco DSL router webadmin/ d/broadband router/ +match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n.*Server: Allegro-Software-RomPager/([\w.]+)\r\n\r\n\n\nCisco Systems, Inc\..*Cisco IP Phone (\d+)|s p/Cisco IP Phone $2/ i/Allegro RomPager $1/ d/VoIP phone/ match http m|^HTTP/1\.0 \d\d\d .*\r\nRAKeepAliveHeader: \.\r\n| p/RemotelyAnywhere remote PC management webserver/ match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Ipswitch-IMail/(\d[-.\w]+)\r\n| p/IPSwitch IMail web service/ match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\nAuthentication Form

Client Authentication Remote Service| p/Check Point Firewall-1 Client Authentication webserver/ match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nServer: Check Point SVN foundation\r\n| p/Check Point Firewall-1 SVN foundation service/ -match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: HP-UX_Apache-based_Web_Server/(\d[-.\w]+) (.*)\r\n| p/HP-UX httpd/ v/$1/ i/Apache derived; $2/ +match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: HP-UX_Apache-based_Web_Server/(\d[-.\w]+) (.*)\r\n| p/HP-UX httpd/ v/$1/ i/Apache derived; $2/ o/HP-UX/ match http m|^HTTP/1\.1 302 Moved\r\nContent-type: text/html\r\nConnection: close\r\nLocation: /1[012]\d{8}/l\r\n\r\n

Document| p/Novell NetMail ModWeb webmail/ match http m/^GIF89a\xa8\0-\0\xf7\0\0\x03\x03\x03\x83\x83\x83\xc4\xc4\xc4\xfe\x02\x02\xc9\x85c\x85|\xb5\xe2\xe2\xe2\xca\xa2\x8e\xd4RRCCC\xdeb\"\xa5\xa5\xa5\xe7\xc5/ p/Tweak XP web advertisement blocker/ # Management interface for Xerox Phaser printers. -match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nExpires: .*\r\nLast-Modified: .*\r\nPragma: no-cache\r\nServer: Allegro-Software-RomPager/(\d[-.\w]+)\r\n\r\n\n|s p/HP Web Jetwebadmin/ v/$1/ i/framework.ini: $2/ -match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: HP Web Jetadmin/(\d[-.\w]+) (.*)\r\n| p/HP Web Jetadmin print server/ v/$1/ i/$2/ -match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: HP-Web-JetAdmin-(\d[-.\w]+)\r\n| p/HP Web Jetadmin print server/ v/$1/ +match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: HP Web Jetadmin/(\d[-.\w]+) (.*)\r\n| p/HP Web Jetadmin print server/ v/$1/ i/$2/ d/print server/ +match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: HP-Web-JetAdmin-(\d[-.\w]+)\r\n| p/HP Web Jetadmin print server/ v/$1/ d/print server/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Tomcat Web Server/(\d[-.\w ]+) \( ([^)]+) \)\r\n|s p/Apache Tomcat webserver/ v/$1/ i/$2/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Tomcat Web Server/(\d[-.\w ]+)\r\n\r\n|s p/Apache Tomcat webserver/ v/$1/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServlet-Engine: Tomcat Web Server/(\d[-.\w]+) \(([^\)]+)\)\r\n|s p/Apache Tomcat webserver/ v/$1/ i/$2/ @@ -1270,26 +1343,26 @@ match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Apache/(\d[-.\w]+)\r\n|s p/Apache h match http m|^HTTP/1\.[01] \d\d\d.*\r\nDate: .*\r\nServer: Apache\r\n| p/Apache httpd/ match http m|^HTTP/1\.[01] \d\d\d.*\r\nDate: .*\r\nServer: Apache +\(([^\r\n\)]+)\)\r\n| p/Apache httpd/ i/$1/ match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: IBM_HTTP_Server/(\d[-.\w]+) (Apache/.*)\r\n| p/IBM HTTP Server/ v/$1/ i/Based on $2/ -match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Apache-AdvancedExtranetServer/(\d[-.\w]+) \(Mandrake Linux/[-.\w]+\) (.*)\r\n| p/Apache Advanced Extranet Server httpd/ v/$1/ i/Mandrake Linux; $2/ -match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Apache-AdvancedExtranetServer/(\d[-.\w]+) \(Mandrake Linux/[-.\w]+\)\r\n| p/Apache Advanced Extranet Server httpd/ v/$1/ i/Mandrake Linux/ -match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Apache-AdvancedExtranetServer/(\d[-.\w]+) \(Linux-Mandrake/[-.\w]+\)\r\n| p/Apache Advanced Extranet Server httpd/ v/$1/ i/Mandrake Linux/ -match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Apache-AdvancedExtranetServer/(\d[-.\w]+)\r\n| p/Apache Advanced Extranet Server httpd/ v/$1/ i/Mandrake Linux/ +match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Apache-AdvancedExtranetServer/(\d[-.\w]+) \(Mandrake Linux/[-.\w]+\) (.*)\r\n| p/Apache Advanced Extranet Server httpd/ v/$1/ o/Mandrake Linux/ i/$2/ +match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Apache-AdvancedExtranetServer/(\d[-.\w]+) \(Mandrake Linux/[-.\w]+\)\r\n| p/Apache Advanced Extranet Server httpd/ v/$1/ o/Mandrake Linux/ +match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Apache-AdvancedExtranetServer/(\d[-.\w]+) \(Linux-Mandrake/[-.\w]+\)\r\n| p/Apache Advanced Extranet Server httpd/ v/$1/ o/Mandrake Linux/ +match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Apache-AdvancedExtranetServer/(\d[-.\w]+)\r\n| p/Apache Advanced Extranet Server httpd/ v/$1/ o/Mandrake Linux/ match http m|^HTTP/1.[10] \d\d\d.*\r\nDate:.*\r\nServer: Stronghold/([-.\w]+) Apache/([-.\w]+)| p/Apache Stronghold httpd/ v/$1/ i/based on Apache $2/ match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Apache Tomcat/(\d[-.\w]+)|s p/Apache Tomcat/ v/$1/ match http m|^HTTP/1\.1 \d\d\d.*\r\nServer: Apache[- ]Coyote/(\d[-\d.]+)\r\n|s p|Apache Tomcat/Coyote JSP engine| v|$1| match http m|^HTTP/1\.1.*\r\nServer: Netscape-Enterprise/([-.\w]+)\r\n| p/Netscape Enterprise httpd/ v/$1/ # Citrix NFuse 2.0 on MS IIS 5.0 -match http m|^HTTP/1\.[01].*\r\nServer: Microsoft-IIS/([-.\w]+)\r\n.*\r\nContent-Location: http://[^/]+/nfuse.htm\r\n.*\r\n---- NFuse ([-.\w]+) \(Build |s p/Citrix NFuse/ v/$2/ i/Microsoft IIS $1/ -match http m|^HTTP/1\.[01].*\r\nServer: Microsoft-IIS/([-.\w]+)\r\n|s p/Microsoft IIS webserver/ v/$1/ -match http m|^HTTP/1\.0 200 OK\r\nDate: .+\r\nServer: Tomcat/([-.\w]+)\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServlet-Engine: Tomcat/[-.\w]+ \(Java ([-.\w]+); SunOS ([-.\w]+) (\w+); java\.vendor=Sun Microsystems Inc\.\)\r\n| p/Solaris management console server/ i/SunOS $3 $4; Java $2; Tomcat $1/ +match http m|^HTTP/1\.[01].*\r\nServer: Microsoft-IIS/([-.\w]+)\r\n.*\r\nContent-Location: http://[^/]+/nfuse.htm\r\n.*\r\n---- NFuse ([-.\w]+) \(Build |s p/Citrix NFuse/ v/$2/ i/Microsoft IIS $1/ o/Windows/ +match http m|^HTTP/1\.[01].*\r\nServer: Microsoft-IIS/([-.\w]+)\r\n|s p/Microsoft IIS webserver/ v/$1/ o/Windows/ +match http m|^HTTP/1\.0 200 OK\r\nDate: .+\r\nServer: Tomcat/([-.\w]+)\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServlet-Engine: Tomcat/[-.\w]+ \(Java ([-.\w]+); SunOS ([-.\w]+) (\w+); java\.vendor=Sun Microsystems Inc\.\)\r\n| p/Solaris management console server/ i/Java $2; Tomcat $1/ o/SunOS $3 $4/ match http m|^HTTP/1\.1 200 OK\r\n.+Server: CommuniGatePro/([-.\w]+)\r\n|s p/CommuniGate Pro httpd/ v/$1/ match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: DSS ([-.\w]+) Admin Server/([-.\w]+)| p/DarwinStreamingServer/ v/$1/ i/Admin Server $2/ match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: QTSS (\d[-.\w]+) Admin Server/(\d[-.\w]+)\r\n| p/Apple QTSS Admin Server/ v/$2/ i/from QTSS $2/ match http m|^HTTP/1\.0 200 OK\r\nServer: fnord/(\d[-.\w]+)\r\n| p/Fnord httpd/ v/$1/ match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nConnection: close\r\n\r\nNot FoundThis host is not served here\.$| p/Fnord httpd/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: MiniServ/0.01\r\n|s p/Webmin httpd/ -match http m|^HTTP/1.1 200 OK\r\nServer: NetWare-Enterprise-Web-Server/([-.\w]+)\r\n| p/Novell Netware enterprise web server/ v/$1/ -match http m|^HTTP/1.1 302 Object Moved Temporarily\r\nServer: NetWare HTTP Stack\r\n| p/Novell Netware HTTP Stack/ i/HTTPSTK.NLM/ +match http m|^HTTP/1.1 200 OK\r\nServer: NetWare-Enterprise-Web-Server/([-.\w]+)\r\n| p/Novell Netware enterprise web server/ v/$1/ o/NetWare/ +match http m|^HTTP/1.1 302 Object Moved Temporarily\r\nServer: NetWare HTTP Stack\r\n| p/Novell Netware HTTP Stack/ i/HTTPSTK.NLM/ o/NetWare/ match http m|^HTTP/1.1 \d\d\d [\w ]+\r\nServer: NetWare HTTP Stack\r\n| p/Novell Netware HTTP Stack/ i/HTTPSTK.NLM/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: HTTPd-WASD/([-.\w]+) OpenVMS/VAX\r\n| p|HTTPd-WASD| v|$1| i|on OpenVMS/VAX)| @@ -1301,10 +1374,10 @@ match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Lotus-Domino(/0)?\r\n| p/Lotus Domi # what the telnetd on this device said). match http m|^HTTP/1.1 302 Document Follows\r\nLocation: /hag/pages/home.ssi\r\n\r\n$| p/GlobespanVirata httpd/ i/on broadband router/ match http m|^HTTP/1.0 200 OK\r\nServer:HTTP/1.0\r\n.*Hewlett Packard|s p/HP Jetdirect httpd/ -match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: EHTTP/([.\d]+)\r\nWWW-Authenticate: Basic realm=\"HP ([-.\w]+)\"\r\n| p/HP printer EHTTP admin server/ v/$1/ i/HP $2 printer/ -match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Virata-EmWeb/([-.\w]+)\r\n.*\r\n\r\n\n