forked from rapid7/recog
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathoperating_system.xml
732 lines (646 loc) · 36.4 KB
/
operating_system.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
<?xml version='1.0' encoding='UTF-8'?>
<fingerprints matches="operating_system.name" database_type="util.os" preference="0.80">
<!--
Patterns for common names of various operating systems.
-->
<!-- Windows begin -->
<fingerprint pattern="(?i)^(?:Microsoft )?(Windows (?:[a-z]+\s[a-z]+\s|[a-z]+\s)?Server (?:\d{4} R2|\d{4}))(?:,\s|\s)?([a-z]+)?(?: Evaluation)?(?: Edition)?(?:\s|\swith(?:out)? Hyper-V\s)?(SP\d|SP \d|Service Pack \d)?$">
<description>Windows Server 2003 and later</description>
<example os.product="Windows Compute Cluster Server 2003">Windows Compute Cluster Server 2003</example>
<example os.product="Windows Server 2003" os.edition="Standard">Windows Server 2003, Standard Edition</example>
<example os.product="Windows Server 2012 R2" os.edition="Standard">Windows Server 2012 R2 Standard Evaluation</example>
<example os.product="Windows Server 2003 R2" os.edition="Datacenter">Windows Server 2003 R2, Datacenter Edition</example>
<example os.product="Windows Small Business Server 2003 R2">Windows Small Business Server 2003 R2</example>
<example os.product="Windows Server 2008" os.edition="Enterprise">Windows Server 2008 Enterprise Edition</example>
<example os.product="Windows Small Business Server 2008">Windows Small Business Server 2008</example>
<example os.product="Windows Storage Server 2012 R2">Windows Storage Server 2012 R2</example>
<example os.product="Windows Server 2008" os.edition="Enterprise" os.version="Service Pack 2">Windows Server 2008 Enterprise without Hyper-V Service Pack 2</example>
<example os.product="Windows Server 2008" os.edition="Enterprise" os.version="SP1">Windows Server 2008 Enterprise with Hyper-V SP1</example>
<example os.product="Windows Server 2012 R2" os.edition="Foundation">Windows Server 2012 R2 Foundation Edition</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="1" name="os.product"/>
<param pos="2" name="os.edition"/>
<param pos="3" name="os.version"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Microsoft )?Windows 10 Mobile(?:\s([a-z]+))??(?: Edition)?$">
<description>Windows 10 Mobile</description>
<example os.product="Windows 10 Mobile">Windows 10 Mobile Edition</example>
<example os.product="Windows 10 Mobile" os.edition="Enterprise">Windows 10 Mobile Enterprise Edition</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows 10 Mobile"/>
<param pos="1" name="os.edition"/>
<param pos="0" name="os.device" value="Mobile"/>
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10_mobile:-"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Microsoft )?(Windows (?:XP|Vista|7|8|8.1|10))(?:\s)?((?:[a-z]+|[a-z]+, )?(?:[a-z]+|[a-z]+\s[a-z]+)?)?(?: Edition)?(?:\s)?(SP\d|SP \d|Service Pack \d)?$">
<description>Windows Desktop XP and later</description>
<example os.product="Windows XP" os.edition="Professional">Windows XP Professional</example>
<example os.product="Windows XP" os.edition="Tablet PC">Windows XP Tablet PC Edition</example>
<example os.product="Windows Vista" os.version="SP1">Windows Vista SP1</example>
<example os.product="Windows Vista" os.edition="Business N">Windows Vista Business N Edition</example>
<example os.product="Windows 7" os.edition="Home, Premium N">Windows 7 Home, Premium N Edition</example>
<example os.product="Windows 8" os.edition="Enterprise">Windows 8 Enterprise Edition</example>
<example os.product="Windows 8.1">Windows 8.1</example>
<example os.product="Windows 10" os.edition="Professional">Windows 10 Professional Edition</example>
<example os.product="Windows 10" os.edition="Enterprise LTSB">Windows 10 Enterprise LTSB</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="1" name="os.product"/>
<param pos="2" name="os.edition"/>
<param pos="3" name="os.version"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Microsoft )?Windows 2000(?:\s)?([a-z]+|[a-z]+\s[a-z]+)?(?:\s)?(SP\d|SP \d|Service Pack \d)?$">
<description>Windows 2000</description>
<example os.edition="Professional">Windows 2000 Professional</example>
<example os.edition="Professional" os.version="Service Pack 1">Windows 2000 Professional Service Pack 1</example>
<example os.edition="Advanced Server">Windows 2000 Advanced Server</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows 2000"/>
<param pos="1" name="os.edition"/>
<param pos="2" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:{os.version}"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Microsoft )?Windows NT (\d.\d{1,2})?(?:\s)?([a-z]+|[a-z]+\s[a-z]+)?$">
<description>Windows NT</description>
<example os.version="3.51" os.edition="Server">Windows NT 3.51 Server</example>
<example os.edition="Workstation">Windows NT Workstation</example>
<example os.version="4.0" os.edition="Workstation">Windows NT 4.0 Workstation</example>
<example os.edition="Advanced Server">Windows NT Advanced Server</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="NT"/>
<param pos="1" name="os.version"/>
<param pos="2" name="os.edition"/>
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:{os.version}"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Microsoft )?Windows Phone (\d|\d\.\d)?$">
<description>Windows Phone 7 and later</description>
<example os.version="7.5">Windows Phone 7.5</example>
<example os.version="8">Windows Phone 8</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows Phone"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.device" value="Mobile"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Microsoft )?(Windows\s?(?:95|98|98SE|98 SE|98 Second Edition|ME|Millenium Edition))$">
<description>Windows 9x</description>
<example os.product="Windows 98 SE">Windows 98 SE</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="1" name="os.product"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Microsoft )?Windows(?:\sNT)? 6.1$">
<description>Windows version 6.1 (Windows 7 or Windows Server 2008 R2)</description>
<example>Windows 6.1</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows 7 or Windows Server 2008 R2"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Microsoft )?Windows(?:\sNT)? 6.2$">
<description>Windows version 6.2 (Windows 8 or Windows Server 2012)</description>
<example>Windows 6.2</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows 8 or Windows Server 2012"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Microsoft )?Windows(?:\sNT)? 6.3$">
<description>Windows version 6.3 (Windows 8.1 or Windows Server 2012 R2)</description>
<example>Windows 6.3</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows 8.1 or Windows Server 2012 R2"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Microsoft )?Windows(?:\sNT)? 10.0$">
<description>Windows version 10.0 (Windows 10 or Windows Server 2016)</description>
<example>Windows 10.0</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows 10 or Windows Server 2016"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Microsoft )?Windows.*$">
<description>Windows catch-all</description>
<example>Windows for Workgroups 3.11</example>
<example>Microsoft Windows</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows"/>
<param pos="0" name="os.certainty" value="0.5"/>
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
</fingerprint>
<!-- Windows end -->
<!-- Liunx begin -->
<fingerprint pattern="(?i)^Alpine Linux\s?(?:v)?(\d+?(?:\.\d+?)*?(?:\src\d+?)?)?$">
<description>Alpine Linux</description>
<example os.version="3.4.0">Alpine Linux v3.4.0</example>
<example os.version="2.7.0 rc6">Alpine Linux 2.7.0 rc6</example>
<param pos="0" name="os.vendor" value="Alpine"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:alpinelinux:alpine_linux:{os.version}"/>
</fingerprint>
<!-- Arch uses rolling releases where the version name just the date of an ISO release. -->
<fingerprint pattern="(?i)^Arch Linux\s?(\d+?(?:\.\d+?)*?)?$">
<description>Arch Linux</description>
<example os.version="2016.04.01">Arch Linux 2016.04.01</example>
<param pos="0" name="os.vendor" value="Arch"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
</fingerprint>
<!-- Red Hat Enterprise Linux derivative -->
<fingerprint pattern="(?i)^Amazon Linux(?: AMI)?\s?(\d+?(?:\.\d+?)*?)?$">
<description>Amazon Linux AMI</description>
<example os.version="5.11">Amazon Linux AMI 5.11</example>
<example os.version="6.7">Amazon Linux 6.7</example>
<example os.version="7">Amazon Linux AMI 7</example>
<param pos="0" name="os.vendor" value="Amazon"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux AMI"/>
<param pos="1" name="os.version"/>
</fingerprint>
<!-- Red Hat Enterprise Linux derivative -->
<fingerprint pattern="(?i)^CentOS(?: Linux)?(?: [a-z]+)?\s?(\d+?(?:\.\d+?)*?)?(?:\s.*?)?$">
<description>Centos Linux</description>
<example os.version="5.11">Centos Linux 5.11</example>
<example os.version="6.7">CentOS 6.7</example>
<example os.version="7">CentOS 7</example>
<example os.version="6.7">CentOS release 6.7 (Final)</example>
<param pos="0" name="os.vendor" value="CentOS"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:{os.version}"/>
</fingerprint>
<fingerprint pattern="(?i)^Debian(?: (?:GNU\/)?Linux)?\s?((?:\d+?(?:\.\d+?)*?)|(?:\w+?\/sid\s?))?(?:\s[a-z\(\)]+)?$">
<description>Debian Linux</description>
<example os.version="6.0">Debian 6.0</example>
<example os.version="7">Debian 7 (Wheezy)</example>
<example os.version="8">Debian Linux 8</example>
<example os.version="stretch/sid">Debian GNU/Linux stretch/sid</example>
<param pos="0" name="os.vendor" value="Debian"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
</fingerprint>
<fingerprint pattern="(?i)^Fedora(?: Core)?(?: Linux)?(?: release)?\s?(\d+?)?(?:\s.*)?$">
<description>Fedora Linux</description>
<example os.version="6">Fedora Core 6</example>
<example os.version="25">Fedora 25</example>
<example os.version="26">Fedora release 26 (Twenty Six)</example>
<param pos="0" name="os.vendor" value="Red Hat"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:{os.version}"/>
</fingerprint>
<!-- Gentoo currently uses rolling releases with no version, but older versions were typically based on the year of release. -->
<fingerprint pattern="(?i)^Gentoo(?: Linux)\s?(\d+?(?:\.\d+?)*?)?$">
<description>Gentoo Linux</description>
<example>Gentoo Linux</example>
<example os.version="1.0">Gentoo Linux 1.0</example>
<param pos="0" name="os.vendor" value="Gentoo"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:gentoo:linux:{os.version}"/>
</fingerprint>
<!-- Kali switched to rolling release in January 2016. -->
<fingerprint pattern="(?i)^Kali(?: Linux)?\s?(\d+?(?:\.\d+?)+?(?:[a-z])?|\d+?)?$">
<description>Kali Linux</description>
<example os.version="1.0.0">Kali Linux 1.0.0</example>
<example os.version="1.1.0a">Kali 1.1.0a</example>
<example os.version="2.0">Kali 2.0</example>
<example os.version="2016.1">Kali 2016.1</example>
<param pos="0" name="os.vendor" value="Kali"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
</fingerprint>
<!-- Ubuntu derivative -->
<fingerprint pattern="(?i)^Kubuntu(?: Linux)?\s(\d+?(?:\.\d+?)*?)?\s?(LTS)?$">
<description>Kubuntu Linux</description>
<example os.version="12.04.4" os.edition="LTS">Kubuntu 12.04.4 LTS</example>
<example os.version="14.04">Kubuntu Linux 14.04</example>
<example os.version="16.04" os.edition="LTS">Kubuntu 16.04 LTS</example>
<param pos="0" name="os.vendor" value="Kubuntu"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="2" name="os.edition"/>
</fingerprint>
<!-- Red Hat Enterprise Linux derivative -->
<fingerprint pattern="(?i)^Oracle(?: Enterprise)? Linux\s?(?:Server\s?)?(\d+?(?:\.\d+?)*?)?$">
<description>Oracle Enterprise Linux</description>
<example os.version="5.11">Oracle Enterprise Linux 5.11</example>
<example os.version="6.7">Oracle Linux 6.7</example>
<param pos="0" name="os.vendor" value="Oracle"/>
<param pos="0" name="os.family" value="Enterprise Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:linux:{os.version}"/>
</fingerprint>
<fingerprint pattern="(?i)^OpenSUSE(?: Linux)?(?: [a-z]+?)??\s?(\d+?(?:\.\d+?)*?)?(?:\s\(.*)?$">
<description>OpenSUSE Linux</description>
<example os.version="10.1">OpenSUSE Linux 10.1</example>
<example os.version="13.2">OpenSUSE 13.2</example>
<example os.version="42.1">OpenSUSE Leap 42.1</example>
<param pos="0" name="os.vendor" value="OpenSUSE"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Red Hat|RedHat|Red-Hat|RHEL)(?: Enterprise)?(?: Linux)?(?: [a-z]+)?\s?(\d+?(?:\.\d+?)*?)?$">
<description>Red Hat Enterprise Linux</description>
<example>Red Hat Enterprise Linux AS</example>
<example os.version="5.11">Red Hat Enterprise Linux 5.11</example>
<example os.version="6.7">RedHat 6.7</example>
<example os.version="7">Red Hat Linux 7</example>
<example os.version="7.1">RHEL 7.1</example>
<param pos="0" name="os.vendor" value="Red Hat"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Enterprise Linux"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:enterprise_linux:{os.version}"/>
</fingerprint>
<!-- Red Hat Enterprise Linux derivative -->
<fingerprint pattern="(?i)^Scientific(?: Linux)?\s?(\d+?(?:\.\d+?)*?)?$">
<description>Scientific Linux</description>
<example os.version="5.11">Scientific Linux 5.11</example>
<example os.version="6.7">Scientific 6.7</example>
<example os.version="7">Scientific Linux 7</example>
<param pos="0" name="os.vendor" value="Scientific"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
</fingerprint>
<fingerprint pattern="(?i)^Slackware(?: Linux)\s?(\d+?(?:\.\d+?)*?)?$">
<description>Slackware Linux</description>
<example os.version="14.1">Slackware Linux 14.1</example>
<param pos="0" name="os.vendor" value="Slackware"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
</fingerprint>
<fingerprint pattern="(?i)^SUSE(?: SLED)?(?: Linux Enterprise Desktop)?\s?(\d+?(?:\.\d+?)*?)?$">
<description>SUSE Linux Enterprise Desktop</description>
<example os.version="11">SUSE SLED 11</example>
<example os.version="12">SUSE Linux Enterprise Desktop 12</example>
<param pos="0" name="os.vendor" value="SUSE"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux Enterprise Desktop"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:suse:linux_enterprise_desktop:{os.version}"/>
</fingerprint>
<fingerprint pattern="(?i)^SUSE(?: SLES)?(?: Linux Enterprise Server)?\s?(\d+?(?:\.\d+?)*?)?$">
<description>SUSE Linux Enterprise Server</description>
<example os.version="11">SUSE SLES 11</example>
<example os.version="12">SUSE Linux Enterprise Server 12</example>
<param pos="0" name="os.vendor" value="SUSE"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux Enterprise Server"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:suse:linux_enterprise_server:{os.version}"/>
</fingerprint>
<fingerprint pattern="(?i)^SLES(?: Linux Enterprise Server)?\s?(\d+?(?:\.\d+?)*?)?$">
<description>SLES Linux Enterprise Server</description>
<example os.version="11">SLES 11</example>
<example os.version="12">SLES Linux Enterprise Server 12</example>
<param pos="0" name="os.vendor" value="SUSE"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux Enterprise Server"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:suse:linux_enterprise_server:{os.version}"/>
</fingerprint>
<fingerprint pattern="(?i)^Ubuntu(?: Linux)?(?:\s|-)(\d+?(?:\.\d+?)*?)?\s?(LTS)?$">
<description>Ubuntu Linux</description>
<example os.version="12.04.4" os.edition="LTS">Ubuntu 12.04.4 LTS</example>
<example os.version="14.04">Ubuntu Linux 14.04</example>
<example os.version="16.04" os.edition="LTS">Ubuntu 16.04 LTS</example>
<example os.version="16.04" os.edition="LTS">Ubuntu-16.04 LTS</example>
<param pos="0" name="os.vendor" value="Ubuntu"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="2" name="os.edition"/>
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:{os.version}"/>
</fingerprint>
<!-- Ubuntu derivative -->
<fingerprint pattern="(?i)^Xubuntu(?: Linux)?\s(\d+?(?:\.\d+?)*?)?\s?(LTS)?$">
<description>Xubuntu Linux</description>
<example os.version="12.04.4" os.edition="LTS">Xubuntu 12.04.4 LTS</example>
<example os.version="14.04">Xubuntu Linux 14.04</example>
<example os.version="16.04" os.edition="LTS">Xubuntu 16.04 LTS</example>
<param pos="0" name="os.vendor" value="Xubuntu"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="2" name="os.edition"/>
</fingerprint>
<fingerprint pattern="(?i)^VMWare Photon(?:\/)?(?:\s?Linux)?\s?(?:v)?(\d+?(?:\.\d+?)*?)?$">
<description>Photon Linux</description>
<example>VMware Photon Linux</example>
<example os.version="1.0">VMWare Photon 1.0</example>
<param pos="0" name="os.vendor" value="VMware"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Photon Linux"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:vmware:photon_os:{os.version}"/>
</fingerprint>
<!-- Vendor-based distribution catch-call -->
<fingerprint pattern="(?i)^(\S{0,256})\s{1,8}Linux\s+([\w.-]*)$">
<description>Vendor-based Linux catch-all</description>
<example os.vendor="Aurox" os.version="10.2">Aurox Linux 10.2</example>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="0" name="os.certainty" value="0.6"/>
<param pos="1" name="os.vendor"/>
<param pos="2" name="os.version"/>
</fingerprint>
<!-- Linux catch-all goes at the bottom-->
<fingerprint pattern="(?i)^.{0,1000}Linux?\s?(\d+?(?:\.\d+?)*?)?$">
<description>Linux catch-all</description>
<example os.version="2.42.6">Linux 2.42.6</example>
<param pos="0" name="os.vendor" value="Linux"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="0" name="os.certainty" value="0.5"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
</fingerprint>
<!-- Linux end -->
<!-- Mac begin -->
<!-- Match Mac OS Classic first due to weak matching on Mac OS X -->
<fingerprint pattern="(?i)^(?:Apple )?Mac OS ([7-9](?:\.\d+?)*?)$">
<description>Mac OS 9</description>
<example os.version="9">Mac OS 9</example>
<example os.version="9.0.5">Mac OS 9.0.5</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS"/>
<param pos="0" name="os.product" value="Mac OS"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:macos:{os.version}"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Apple OS X|Apple Mac OS X|Mac OS X|OS X|Mac OS)\s?(\d+?(?:\.\d+?)*?)?$">
<description>Mac OS X with version number</description>
<example os.version="10.10.5">Mac OS X 10.10.5</example>
<example os.version="10">Mac OS X 10</example>
<example os.version="10.10">Mac OS 10.10</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Apple )?Mac OS X Cheetah$">
<description>Mac OS X Cheetah</description>
<example os.version="10.0">Mac OS X Cheetah</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.0"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.0"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Apple )?Mac OS X Puma$">
<description>Mac OS X Puma</description>
<example os.version="10.1">Mac OS X Puma</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.1"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.1"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Apple )?Mac OS X Jaguar$">
<description>Mac OS X Jaguar</description>
<example os.version="10.2">Mac OS X Jaguar</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.2"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.2"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Apple )?Mac OS X Panther$">
<description>Mac OS X Panther</description>
<example os.version="10.3">Mac OS X Panther</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.3"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.3"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Apple )?Mac OS X Tiger$">
<description>Mac OS X Tiger</description>
<example os.version="10.4">Mac OS X Tiger</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.4"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.4"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Apple )?Mac OS X Leopard$">
<description>Mac OS X Leopard</description>
<example os.version="10.5">Mac OS X Leopard</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.5"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.5"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Apple )?Mac OS X Snow Leopard$">
<description>Mac OS X Snow Leopard</description>
<example os.version="10.6">Mac OS X Snow Leopard</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.6"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.6"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Apple )?Mac OS X Lion$">
<description>Mac OS X Lion</description>
<example os.version="10.7">Mac OS X Lion</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.7"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.7"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Apple )?Mac OS X Mountain Lion$">
<description>Mac OS X Mountain Lion</description>
<example os.version="10.8">Mac OS X Mountain Lion</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.8"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.8"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Apple )?Mac OS X Mavericks$">
<description>Mac OS X Mavericks</description>
<example os.version="10.9">Mac OS X Mavericks</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.9"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.9"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Apple )?Mac OS X Yosemite$">
<description>Mac OS X Yosemite</description>
<example os.version="10.10">Mac OS X Yosemite</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.10"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.10"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Apple )?Mac OS X El Capitan$">
<description>Mac OS X El Capitan</description>
<example os.version="10.11">Mac OS X El Capitan</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.11"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.11"/>
</fingerprint>
<!-- This can also match Cisco IOS if the vendor name is not present. -->
<fingerprint pattern="(?i)^(?:Apple )?iOS\s?(\d+?(?:\.\d+?)*?)?$">
<description>Apple iOS for iPhone and iPad</description>
<example os.version="7.1.2">iOS 7.1.2</example>
<example os.version="8">iOS 8</example>
<example os.version="9.3">Apple iOS 9.3</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Apple iOS"/>
<param pos="0" name="os.product" value="iOS"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.device" value="Mobile"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:iphone_os:{os.version}"/>
</fingerprint>
<!-- Mac end -->
<!-- BSD begin -->
<fingerprint pattern="(?i)^(.{0,256}?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?$">
<description>Many BSD family OSes</description>
<example os.version="10.3-RELEASE" os.product="FreeBSD" os.vendor="FreeBSD" os.family="FreeBSD">FreeBSD 10.3-RELEASE</example>
<example os.version="10.3-RELEASE-p4" os.product="FreeBSD" os.vendor="FreeBSD" os.family="FreeBSD">FreeBSD 10.3-RELEASE-p4</example>
<example os.version="7.0" os.product="NetBSD" os.vendor="NetBSD" os.family="NetBSD">NetBSD 7.0</example>
<example os.version="5.9" os.product="OpenBSD" os.vendor="OpenBSD" os.family="OpenBSD">OpenBSD 5.9</example>
<example os.product="PC-BSD" os.vendor="PC-BSD" os.family="PC-BSD">PC-BSD</example>
<param pos="1" name="os.vendor"/>
<param pos="1" name="os.family"/>
<param pos="1" name="os.product"/>
<param pos="2" name="os.version"/>
</fingerprint>
<!-- BSD end -->
<!-- Other Unix-likes begin -->
<fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?OpenSolaris\s?(\d+?(?:\.\d+?)*?)?$">
<description>OpenSolaris</description>
<example os.version="2009.06">OpenSolaris 2009.06</example>
<param pos="0" name="os.vendor" value="Sun"/>
<param pos="0" name="os.family" value="Solaris"/>
<param pos="0" name="os.product" value="Solaris"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?Solaris\s?(1[1-9]?(?:\.\d+?)*?)?$">
<description>Solaris 11 and up</description>
<example os.version="11.3">Solaris 11.3</example>
<example os.version="11">Solaris 11</example>
<param pos="0" name="os.vendor" value="Oracle"/>
<param pos="0" name="os.family" value="Solaris"/>
<param pos="0" name="os.product" value="Solaris"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?Solaris\s?((?:[789]|10)+?(?:\.\d+?)*?)?$">
<description>Solaris 7-10</description>
<example os.version="7">Solaris 7</example>
<example os.version="7.3">Solaris 7.3</example>
<example os.version="10">Solaris 10</example>
<example os.version="10.3">Solaris 10.3</example>
<param pos="0" name="os.vendor" value="Sun"/>
<param pos="0" name="os.family" value="Solaris"/>
<param pos="0" name="os.product" value="Solaris"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?SunOS\s?5.([789]|10)?$">
<description>SunOS/Solaris 5.7-5.10</description>
<example os.version="7">SunOS 5.7</example>
<example os.version="10">SunOS 5.10</example>
<param pos="0" name="os.vendor" value="Sun"/>
<param pos="0" name="os.family" value="Solaris"/>
<param pos="0" name="os.product" value="Solaris"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?SunOS\s?5.(1[1-9])?$">
<description>Oracle/Solaris 5.11 and upwards</description>
<example os.version="11">SunOS 5.11</example>
<param pos="0" name="os.vendor" value="Oracle"/>
<param pos="0" name="os.family" value="Solaris"/>
<param pos="0" name="os.product" value="Solaris"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:IBM\s?)?(AIX|MVS|OS/(?:\d{1,3})|VM/CMS|VM/ESA|z/OS)\s?(\d+?(?:\.\d+?)*?)?$">
<description>IBM OSes</description>
<example os.product="AIX" os.family="AIX">AIX</example>
<example os.product="MVS" os.family="MVS">IBM MVS</example>
<example os.product="OS/2" os.family="OS/2">IBM OS/2</example>
<example os.product="OS/390" os.family="OS/390">IBM OS/390</example>
<example os.product="OS/400" os.family="OS/400">OS/400</example>
<example os.product="VM/CMS" os.family="VM/CMS">IBM VM/CMS</example>
<example os.product="VM/ESA" os.family="VM/ESA">IBM VM/ESA</example>
<example os.product="z/OS" os.family="z/OS">IBM z/OS</example>
<example os.product="z/OS" os.family="z/OS" os.version="1.0">IBM z/OS 1.0</example>
<param pos="0" name="os.vendor" value="IBM"/>
<param pos="1" name="os.family"/>
<param pos="1" name="os.product"/>
<param pos="2" name="os.version"/>
</fingerprint>
<fingerprint pattern="(?i)^(?:HP\s?)?(Digital UNIX|HP-UX|iLO|OpenVMS|ProLiant|Tru64 UNIX)\s?V?(\d+(?:\.\d+)*(?:-[\dA-Z]+)?)?$">
<description>HP OSes</description>
<example os.product="HP-UX" os.family="HP-UX">HP-UX</example>
<example os.product="OpenVMS" os.family="OpenVMS">OpenVMS</example>
<example os.product="OpenVMS" os.family="OpenVMS" os.version="6.2">OpenVMS 6.2</example>
<example os.product="OpenVMS" os.family="OpenVMS" os.version="7.3-2">OpenVMS V7.3-2</example>
<example os.product="OpenVMS" os.family="OpenVMS" os.version="8.2-1">OpenVMS V8.2-1</example>
<example os.product="OpenVMS" os.family="OpenVMS" os.version="8.3">OpenVMS V8.3</example>
<example os.product="OpenVMS" os.family="OpenVMS" os.version="8.3-1H1">OpenVMS V8.3-1H1</example>
<example os.product="OpenVMS" os.family="OpenVMS" os.version="8.4-2L1">OpenVMS V8.4-2L1</example>
<param pos="0" name="os.vendor" value="HP"/>
<param pos="1" name="os.family"/>
<param pos="1" name="os.product"/>
<param pos="2" name="os.version"/>
</fingerprint>
<!-- Other Unix-likes end -->
<!-- Network equipment begin -->
<fingerprint pattern="(?i)^(?:Juniper\s?)?(Junos|Junos OS|ScreenOS)\s?(\d+(?:\.\d+?)*(?:X\d{2})?)?$">
<description>Juniper</description>
<example os.family="Junos" os.product="Junos">Junos</example>
<example os.family="Junos" os.product="Junos" os.version="4.4">Junos 4.4</example>
<example os.family="Junos" os.product="Junos" os.version="12.1X44">Junos 12.1X44</example>
<example os.family="ScreenOS" os.product="ScreenOS">ScreenOS</example>
<param pos="0" name="os.vendor" value="Juniper"/>
<param pos="1" name="os.family"/>
<param pos="1" name="os.product"/>
<param pos="2" name="os.version"/>
</fingerprint>
<!-- This needs to be improved if it's not how one would generally present a Cisco OS version. -->
<fingerprint pattern="(?i)^(?:Cisco\s?)?(ASA|Adaptive Security Appliance|IOS|IOS-XE|IOS-XR|NX-OS|PIX-OS|SAN-OS)\s?(?:Version (\d+(?:\.\d+)*(?:\(\d+(?:\.\d+)*\))?))?$">
<description>Cisco</description>
<example os.family="ASA" os.product="ASA">Cisco ASA</example>
<example os.family="IOS" os.product="IOS">Cisco IOS</example>
<example os.family="ASA" os.product="ASA" os.version="7.0(1)">Cisco ASA Version 7.0(1)</example>
<example os.family="ASA" os.product="ASA" os.version="8.2(4.4)">Cisco ASA Version 8.2(4.4)</example>
<example os.family="ASA" os.product="ASA" os.version="8.3(2.25)">Cisco ASA Version 8.3(2.25)</example>
<example os.family="ASA" os.product="ASA" os.version="9.5(2.200)">Cisco ASA Version 9.5(2.200)</example>
<param pos="0" name="os.vendor" value="Cisco"/>
<param pos="1" name="os.family"/>
<param pos="1" name="os.product"/>
<param pos="2" name="os.version"/>
</fingerprint>
<!-- Network equipment end -->
</fingerprints>