x.509 related updates (#357)

* x.509 related updates

* add VMware/Win Media Player

* Add CPE for Amazon S3

* Update Netscaler

* akamai and google improvements

cpe-remap.yaml

@@ -3,6 +3,9 @@ mappings:
     vendor: alpinelinux
     products:
       linux: alpine_linux
+  amazon:
+    products:
+      s3: web_services_simple_storage_service
   apache:
     products:
       httpd: http_server
@@ -71,6 +74,9 @@ mappings:
       big-ip_ltm: big-ip_local_traffic_manager
   fedora_project:
     vendor: fedoraproject
+  google:
+    products:
+      google_web_services: web_server
   hp:
     products:
       ilo: integrated_lights_out
@@ -95,6 +101,9 @@ mappings:
       junos_os: junos
   kibana:
     vendor: elasticsearch
+  kubernetes:
+    products:
+      nginx_ingress_controller: ingress-nginx
   kodi:
     products:
       media_server: kodi
@@ -201,6 +210,10 @@ mappings:
       desktop: tightvnc
   tor_project:
     vendor: torproject
+  traefik_labs:
+    vendor: containous
+    products:
+      traefik_proxy: traefik
   twistedmatrix:
     products:
       twisted_web: twistedweb

identifiers/hw_family.txt

@@ -46,7 +46,9 @@ My Book
 NE
 NPort
 NetVanta
+Netscaler
 Network Audio
+Network Security Appliance
 Network Video Door Station
 Optra
 Orbi

identifiers/hw_product.txt

@@ -210,9 +210,11 @@ NPort
 NetScreen
 NetVR
 Netbox
+Netscaler Gateway
 Network Camera
 Network Gateway
 Network Node
+Network Security Appliance
 Nexus 1000V
 Nexus Player
 OfficeConnect Switch

identifiers/os_product.txt

@@ -157,6 +157,7 @@ NetScaler Gateway
 NetScaler SDX Gateway
 NetVanta
 NetWare
+Netscaler Gateway Firmware
 Network Gateway
 Network Scanner
 Network Storage Router

identifiers/service_family.txt

@@ -95,6 +95,7 @@ JetDirect
 Jetty
 Joom!Fish
 Knot
+Kubernetes
 ListManager
 Lotus Domino
 Lotus Expeditor
@@ -128,6 +129,7 @@ NetWare Enterprise Web Server
 NetWare HTTP Server
 NetWare HTTP Stack
 NetWeaver
+Netscaler
 Network Printer Manager
 Niagara
 OpenAdStream
@@ -188,6 +190,7 @@ TippingPoint
 Tivoli
 Tomcat
 Tornado
+Traefik
 Twisted
 Twisted Web
 UPnP
@@ -208,6 +211,7 @@ VoiP Gateway
 WS_FTP
 WeOnlyDo
 Web PN Server
+Web Services
 WebGUI
 WebLogic
 WebServer

identifiers/service_product.txt

@@ -228,6 +228,7 @@ Kestrel web server
 Kibana
 Kiwi Syslog
 Knot DNS
+Kubernetes
 LDAP Agent for eDirectory
 LDAP Server
 LLBServer
@@ -280,6 +281,7 @@ Multicraft
 Munin
 MySQL
 MySQL Proxy
+NGINX Ingress Controller
 NNTP
 NQ
 NTMail
@@ -308,6 +310,7 @@ NetWeaver Application Server
 NetWeaver Application Server Java
 NetWeaver Internet Communication Manager
 NetWeaver Web AS
+Netscaler
 Network Monitor
 Network Printer Manager
 Nexpose
@@ -464,6 +467,7 @@ Tivoli Storage Manager
 Tomcat
 Tor
 Tornado
+Traefik Proxy
 Twisted FTPD
 Twisted Web
 Twonky Media Server
@@ -481,6 +485,7 @@ VShell
 Varnish
 Vault
 VcXsrv
+View
 Vignette
 Virtual Directory Server
 Virtual Environment
@@ -513,6 +518,7 @@ WinRoute
 WinSSHD
 WinWebMail
 Windows CE Web Server
+Windows Media Player
 Windows Media Server
 Wing FTP Server
 Work Server

identifiers/vendor.txt

@@ -695,6 +695,7 @@ Tokutek
 Tor Project
 TornadoWeb
 Toshiba
+Traefik Labs
 Treck
 Tridium
 Troy

xml/favicons.xml

@@ -1065,7 +1065,9 @@
     <param pos="0" name="os.vendor" value="SonicWall"/>
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.family" value="SonicOS"/>
+    <param pos="0" name="os.product" value="SonicOS"/>
     <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
   </fingerprint>
 
   <fingerprint pattern="^e4fd990b4b8a5d61bd5ddb98cdfc7190$">

xml/html_title.xml

@@ -338,6 +338,8 @@
     <param pos="0" name="os.vendor" value="SonicWall"/>
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.family" value="SonicOS"/>
+    <param pos="0" name="os.product" value="SonicOS"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
   </fingerprint>
 
   <fingerprint pattern="^(.*).nbsp;-.nbsp;Synology.nbsp;DiskStation$">

xml/http_servers.xml

@@ -1870,7 +1870,7 @@
     <param pos="0" name="service.family" value="SSL-VPN"/>
     <param pos="0" name="os.vendor" value="SonicWall"/>
     <param pos="0" name="os.device" value="VPN"/>
-    <param pos="0" name="os.family" value="SSL-VPN"/>
+    <param pos="0" name="os.family" value="SonicOS"/>
     <param pos="0" name="os.product" value="SonicOS"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
     <param pos="0" name="hw.vendor" value="SonicWall"/>
@@ -2958,30 +2958,35 @@
 
   <!-- Service provider equipment (CDNs, etc) -->
 
-  <fingerprint pattern="^AkamaiGHost$">
+  <fingerprint pattern="^(?:Akamai)?GHost$">
     <description>Akamai Global Host</description>
     <example>AkamaiGHost</example>
+    <example>GHost</example>
     <param pos="0" name="service.vendor" value="Akamai"/>
     <param pos="0" name="service.product" value="GHost"/>
     <param pos="0" name="os.vendor" value="Akamai"/>
+    <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.device" value="Web Proxy"/>
   </fingerprint>
 
+  <!-- Banner used for many Google services such as search, Gmail, etc. -->
+
   <fingerprint pattern="^gws$">
     <description>Google Web Services</description>
     <example>gws</example>
     <param pos="0" name="service.vendor" value="Google"/>
-    <param pos="0" name="service.product" value="Google Web Services"/>
     <param pos="0" name="service.family" value="Google Web Server"/>
+    <param pos="0" name="service.product" value="Google Web Services"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:google:web_server:-"/>
   </fingerprint>
 
   <fingerprint pattern="^GFE/((?:\d+\.)*\d+)$">
     <description>Google Front End for apps running on Google services.</description>
     <example>GFE/1.3</example>
     <example>GFE/1</example>
     <param pos="0" name="service.vendor" value="Google"/>
-    <param pos="0" name="service.product" value="Google Front End"/>
     <param pos="0" name="service.family" value="Google Web Server"/>
+    <param pos="0" name="service.product" value="Google Front End"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
 
@@ -3004,7 +3009,9 @@
     <description>Amazon S3 (Simple Cloud Storage Service)</description>
     <example>AmazonS3</example>
     <param pos="0" name="service.vendor" value="Amazon"/>
+    <param pos="0" name="service.family" value="Web Services"/>
     <param pos="0" name="service.product" value="S3"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:amazon:web_services_simple_storage_service:-"/>
   </fingerprint>
 
   <fingerprint pattern="^Amazon SimpleDB$">

xml/http_wwwauth.xml

@@ -203,6 +203,9 @@
     <description>Kubernetes master nodes</description>
     <example>Basic realm="kubernetes-master"</example>
     <param pos="0" name="service.vendor" value="Kubernetes"/>
+    <param pos="0" name="service.family" value="Kubernetes"/>
+    <param pos="0" name="service.product" value="Kubernetes"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
   </fingerprint>
 
   <fingerprint pattern="(?i)^(?:Basic|Digest) realm=&quot;RUIJIE(?:-CPE)?&quot;.*$">

xml/snmp_sysdescr.xml

@@ -6167,6 +6167,7 @@ Copyright (c) 1995-2005 by Cisco Systems
     <param pos="0" name="os.vendor" value="SonicWall"/>
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.product" value="SonicOS"/>
+    <param pos="0" name="hw.vendor" value="SonicWall"/>
     <param pos="1" name="hw.product"/>
     <param pos="2" name="hw.model"/>
     <param pos="3" name="os.version"/>
@@ -6180,6 +6181,7 @@ Copyright (c) 1995-2005 by Cisco Systems
     <param pos="0" name="os.vendor" value="SonicWall"/>
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.product" value="SonicOS"/>
+    <param pos="0" name="hw.vendor" value="SonicWall"/>
     <param pos="1" name="hw.product"/>
     <param pos="2" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:{os.version}"/>
@@ -6199,6 +6201,7 @@ Copyright (c) 1995-2005 by Cisco Systems
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.product" value="SonicOS"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
+    <param pos="0" name="hw.vendor" value="SonicWall"/>
     <param pos="1" name="hw.family"/>
     <param pos="2" name="hw.product"/>
   </fingerprint>

xml/x509_issuers.xml

@@ -174,4 +174,24 @@
     <param pos="0" name="hw.device" value="NAS"/>
   </fingerprint>
 
+  <fingerprint pattern="^CN=default(?: [A-Z]+)?,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US$">
+    <description>Citrix Netscaler (later renamed to Citrix ADC)</description>
+    <example>CN=default,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
+    <example>CN=default UYENMB,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
+    <param pos="0" name="service.vendor" value="Citrix"/>
+    <param pos="0" name="service.family" value="Netscaler"/>
+    <param pos="0" name="service.product" value="Netscaler"/>
+    <param pos="0" name="service.device" value="Network Management Device"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
+    <param pos="0" name="os.vendor" value="Citrix"/>
+    <param pos="0" name="os.family" value="Netscaler"/>
+    <param pos="0" name="os.product" value="Netscaler Gateway Firmware"/>
+    <param pos="0" name="os.device" value="Network Management Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
+    <param pos="0" name="hw.vendor" value="Citrix"/>
+    <param pos="0" name="hw.family" value="Netscaler"/>
+    <param pos="0" name="hw.product" value="Netscaler Gateway"/>
+    <param pos="0" name="hw.device" value="Network Management Device"/>
+  </fingerprint>
+
 </fingerprints>