fingerprints, regex tweaks (#359)

rapid7 · May 12, 2021 · 94c2576 · 94c2576
1 parent c79463e
commit 94c2576
Show file tree

Hide file tree

Showing 5 changed files with 54 additions and 3 deletions.
diff --git a/cpe-remap.yaml b/cpe-remap.yaml
@@ -43,6 +43,9 @@ mappings:
       apic: application_policy_infrastructure_controller
       pix: pix_firewall_software
       telepresence: telepresence_video_communication_server_software
+  cpanel:
+    products:
+      cpanel_service_daemon: cpanel
   crushftp:
     products:
       crushftp_web_interface: crushftp

diff --git a/xml/dns_versionbind.xml b/xml/dns_versionbind.xml
@@ -427,7 +427,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:powerdns:authoritative_server:{service.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?[^ ]*) \(built [\w\s:]+ by [\w]+\@[\w.-:-]*\)$">
+  <fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?[^ ]*) \(built [\w\s:]+ by [\w]+\@[\w.:-]*\)$">
     <description>PowerDNS Authoritative Server: format 2</description>
     <example service.version="4.0.4">PowerDNS Authoritative Server 4.0.4 (built Jul 26 2017 15:04:27 by root@FreeBSD:11:amd64-default-job-03)</example>
     <example service.version="4.0.0-rc2">PowerDNS Authoritative Server 4.0.0-rc2 (built Jul  4 2016 15:44:39 by [email protected])</example>

diff --git a/xml/html_title.xml b/xml/html_title.xml
@@ -136,16 +136,43 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Apache Tomcat/(\S+)$">
+  <fingerprint pattern="^Apache Tomcat/(\S+)(?: - Error report)?$">
     <description>Apache tomcat with minimal version information</description>
     <example service.version="8.0.32">Apache Tomcat/8.0.32</example>
+    <example service.version="5.5.29">Apache Tomcat/5.5.29 - Error report</example>
     <param pos="0" name="service.vendor" value="Apache"/>
     <param pos="0" name="service.product" value="Tomcat"/>
     <param pos="0" name="service.family" value="Tomcat"/>
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:{service.version}"/>
   </fingerprint>
 
+  <fingerprint pattern="^Apache Tomcat/(\S+) \(Ubuntu\) - Error report$">
+    <description>Apache Tomcat - Error report on Ubuntu</description>
+    <example service.version="8.0.32">Apache Tomcat/8.0.32 (Ubuntu) - Error report</example>
+    <param pos="0" name="service.vendor" value="Apache"/>
+    <param pos="0" name="service.product" value="Tomcat"/>
+    <param pos="0" name="service.family" value="Tomcat"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Ubuntu"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Apache Tomcat/(\S+) \(Debian\) - Error report$">
+    <description>Apache Tomcat - Error report on Debian</description>
+    <example service.version="7.0.56">Apache Tomcat/7.0.56 (Debian) - Error report</example>
+    <param pos="0" name="service.vendor" value="Apache"/>
+    <param pos="0" name="service.product" value="Tomcat"/>
+    <param pos="0" name="service.family" value="Tomcat"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Debian"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^AiCloud">
     <description>ASUS AiCloud</description>
     <example>AiCloud</example>

diff --git a/xml/http_servers.xml b/xml/http_servers.xml
@@ -97,6 +97,15 @@
     <param pos="0" name="service.vendor" value="cPanel"/>
     <param pos="0" name="service.product" value="cPanel Service Daemon"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:cpanel:cpanel:{service.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^sw-cp-server$">
+    <description>Plesk Control Panel Server</description>
+    <example>sw-cp-server</example>
+    <param pos="0" name="service.vendor" value="Parallels"/>
+    <param pos="0" name="service.product" value="Plesk"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:parallels:parallels_plesk_panel:-"/>
   </fingerprint>
 
   <!-- CentOS Web Panel is not part of the CentOS project and runs on CentOS,
@@ -2712,6 +2721,18 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:twistedmatrix:twistedweb:{service.version}"/>
   </fingerprint>
 
+  <fingerprint pattern="^Twisted/([\d.]+) TwistedWeb/([\d.]+)$">
+    <description>Twisted Matrix Labs - TwistedWeb - verbose variant</description>
+    <example service.version="13.0.0">Twisted/13.0.0 TwistedWeb/9.0.0</example>
+    <example service.version.version="9.0.0">Twisted/17.9.0 TwistedWeb/9.0.0</example>
+    <param pos="0" name="service.vendor" value="TwistedMatrix"/>
+    <param pos="0" name="service.product" value="Twisted Web"/>
+    <param pos="0" name="service.family" value="Twisted Web"/>
+    <param pos="1" name="service.version"/>
+    <param pos="2" name="service.version.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:twistedmatrix:twistedweb:{service.version}"/>
+  </fingerprint>
+
   <fingerprint pattern="^mini_httpd/((?:\d+\.)*\d+) \S*$">
     <description>ACME mini_httpd with version and date</description>
     <example>mini_httpd/1.14 23jun2000</example>

diff --git a/xml/telnet_banners.xml b/xml/telnet_banners.xml
@@ -1018,7 +1018,7 @@
     <param pos="5" name="os.version.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^Model name\s+: (MiiNePort [\w-]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Device name\s+: [\w:-_\&amp;]+(?:\r|\n|\x00)+Firmware version\s+: ([\d.]+) Build (\d+)(?:\r|\n|\x00)+Ethernet MAC address: ([\w:]+)(?:\r|\n|\x00)+">
+  <fingerprint pattern="^Model name\s+: (MiiNePort [\w-]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Device name\s+: [\w:\&amp;-]+(?:\r|\n|\x00)+Firmware version\s+: ([\d.]+) Build (\d+)(?:\r|\n|\x00)+Ethernet MAC address: ([\w:]+)(?:\r|\n|\x00)+">
     <description>Moxa MiiNePort Series Embedded device server</description>
     <!-- Model name          : MiiNePort E2\r\nSerial No.          : 9999\r\nDevice name         : MiiNePort_E2_4064\r\nFirmware version    : 1.3.36 Build 15031615\r\nEthernet MAC address: 00:90:E8:5A:92:FF\r\n\r\nPlease keyin your password: -->