From 0d47952611198ef6b1163f366dc03922d20b1475 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 17 Apr 2024 09:42:04 +0200 Subject: Adding upstream version 7.94+git20230807.3be01efb1+dfsg. Signed-off-by: Daniel Baumann --- nselib/data/http-fingerprints.lua | 12859 ++++++++++++++++++++++++++++++++++++ 1 file changed, 12859 insertions(+) create mode 100644 nselib/data/http-fingerprints.lua (limited to 'nselib/data/http-fingerprints.lua') diff --git a/nselib/data/http-fingerprints.lua b/nselib/data/http-fingerprints.lua new file mode 100644 index 0000000..e8d2c84 --- /dev/null +++ b/nselib/data/http-fingerprints.lua @@ -0,0 +1,12859 @@ +local io = require "io" +local string = require "string" +local table = require "table" + +---HTTP Fingerprint files, compiled by Ron Bowes with a special thanks to... +-- o Kevin Johnson (@secureideas) for the fingerprints that come with Yokoso +-- http://yokoso.inguardians.com +-- o Jason H. (@jhaddix) for helping out with a whole pile of fingerprints he's +-- collected +-- o Bob Dooling +-- o Robert Rowley for the awesome open source cms and README checks +-- http://www.irvineunderground.org +-- +-- This file is released under the Nmap license; see: +-- https://nmap.org/book/man-legal.html +-- +-- @args http-fingerprints.nikto-db-path Looks at the given path for nikto database. +-- The database is expected to be a CSV file structured as nikto "db_tests". +-- It then converts the records in nikto's database into our Lua table format +-- and adds them to our current fingerprints if they don't exist already. +-- Unfortunately, our current implementation has some limitations: +-- * It doesn't support records with more than one 'dontmatch' patterns for +-- a probe. +-- * It doesn't support logical AND for the 'match' patterns. +-- * It doesn't support sending additional headers for a probe. +-- That means, if a nikto fingerprint needs one of the above features, it +-- won't be loaded. At the time of writing this, 6546 out of the 6573 Nikto +-- fingerprints are being loaded successfully. This runtime Nikto fingerprint integration was suggested by Nikto co-author Chris Sullo as described at http://seclists.org/nmap-dev/2013/q4/292 +-- +-- Although this format was originally modeled after the Nikto format, that ended +-- up being too restrictive. The current format is a simple Lua table. There are many +-- advantages to this technique; it's powerful, we don't need to write custom parsing +-- code, anybody who codes in Lua can easily add checks, and we can write converters +-- to read Nikto and other formats if we want to. +-- +-- The 'fingerprints' table is the key. It's an array of checks that will be run in the +-- order they're given. Each check consists of a path, zero or more matches, output text, +-- and other optional fields. Here are all the currently defined fields: +-- +-- fingerprint.probes +-- A list of one or more probes to send to the server. Each probe is either a table containing +-- the key 'path' (and potentially others), or it's a string indicating the path. +-- +-- fingerprint.probes[i].path +-- The URI to check, optionally containing GET arguments. This should start with a '/' +-- and, if it's a directory, end with a '/'. +-- +-- fingerprint.probes[i].method [optional; default: 'GET'}}] +-- The HTTP method to use when making requests ('GET'}}, 'POST', 'HEAD', 'PUT', 'DELETE', etc +-- +-- fingerprint.probes[i].nopipeline [optional; default: false] +-- Do not use HTTP pipelining to send this request. +-- +-- fingerprint.probes[i].options [optional] +-- An options table as defined in http.lua. Can be used to provide POST data or +-- override defaults. Note that when HTTP pipelining is used, not all of these +-- options will be used. +-- +-- fingerprint.ignore_404 [optional; default: false] +-- If set, the automatic checks for 404 and custom 404 pages are disabled for that check. +-- Every page will be included unless fingerprint.matches.dontmatch excludes it. +-- +-- fingerprint.severity [optional; default: 1] +-- Give a severity rating, if it's a vulnerability. The scale is: +-- 1 - Info +-- 2 - Low priority +-- 3 - Warning +-- 4 - Critical +-- +-- fingerprint.matches +-- An array of tables, each of which contains three fields. These will be checked, starting +-- from the first, until one is matched. If there is no 'match' text, it will fire as long +-- as the result isn't a 404. This match is not case sensitive. +-- +-- fingerprint.matches[i].match +-- A string (specifically, a Lua pattern) that has to be found somewhere in the output to +-- count as a match. The string can be in the status line, in a header, or in the body. +-- In addition to matching, this field can contain captures that'll be included in the +-- output. See: http://lua-users.org/wiki/PatternsTutorial +-- +-- fingerprint.matches[i].dontmatch +-- A string (specifically, a lua pattern) that cannot be found somewhere in the output. +-- This takes precedence over any text matched in the 'match' field +-- +-- fingerprint.matches[i].output +-- The text to output if this match happens. If the 'match' field contains captures, these +-- captures can be used with \1, \2, etc. +-- +-- If you have any questions, feel free to email dev@nmap.org or contact Ron Bowes! +-- +-- CHANGELOG: +-- Added 120 new signatures taken from exploit-db.com archives from July 2009 to July 2011 [Paulino Calderon] +-- Added the option to read nikto's database and make use of its fingerprints. [George Chatzisofroniou] +-- + +fingerprints = {}; + +------------------------------------------------ +---- GENERAL CHECKS ---- +------------------------------------------------ +-- These are checks for generic paths, like /wiki, /images, /admin, etc + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/', + method = 'GET' + } + }, + matches = { + { + match = 'Index of .*(Apache.*) Server at', + output = 'Root directory w/ listing on \'\\1\'' + }, + { + match = '<title>Index of', + output = 'Root directory w/ directory listing' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/blog/', + method = 'HEAD' + }, + { + path = '/weblog/', + method = 'HEAD' + }, + { + path = '/weblogs/', + method = 'HEAD' + }, + { + path = '/wordpress/', + method = 'HEAD' + } + }, + matches = { + { + output = 'Blog' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/wiki/', + method = 'HEAD' + }, + { + path = '/mediawiki/', + method = 'HEAD' + }, + { + path = '/wiki/Main_Page', + method = 'HEAD' + } + }, + matches = { + { + output = 'Wiki' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/tikiwiki/', + method = 'HEAD' + } + }, + matches = { + { + output = 'Tikiwiki' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/cgi-bin/mj_wwwusr', + method = 'HEAD' + }, + { + path = '/majordomo/mj_wwwusr', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Majordomo2 Mailing List' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/j2ee/examples/servlets/', + method = 'HEAD' + }, + { + path = '/j2ee/examples/jsp/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Oracle j2ee examples' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/dsc/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Trend Micro Data Loss Prevention Virtual Appliance' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/reg_1.htm', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Polycom IP phone' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/adr.htm', + method = 'HEAD' + }, + { + path = '/line_login.htm?l=1', + method = 'HEAD' + }, + { + path = '/tbook.csv', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Snom IP Phone' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/globalSIPsettings.html', + method = 'HEAD' + }, + { + path = '/SIPsettingsLine1.html', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Aastra IP Phone' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/websvn/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'WEBSVN Repository' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/repos/', + method = 'GET' + }, + { + path = '/repo/', + method = 'GET' + }, + { + path = '/svn/', + method = 'GET' + }, + { + path = '/cvs/', + method = 'GET' + } + }, + matches = { + { + match = 'realm=".-Subversion.-"', + output = 'Subversion Repository' + }, + { + match = '', + output = 'Possible code repository' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/archiva/index.action', + method = 'GET' + }, + { + path = '/index.action', + method = 'GET' + } + }, + matches = { + { + match = '.*">Apache Archiva (.-)</a>', + output = 'Apache Archiva version \\1' + }, + { + match = 'Apache Archiva (%d-%..-)\n', + output = 'Apache Archiva version \\1' + }, + { + match = '<title>Apache Archiva \\', + output = 'Apache Archiva' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/login.stm', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Belkin G Wireless Router' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/tools_admin.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'D-Link DIR-300' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/bsc_lan.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'D-Link DIR-300, DIR-320, DIR-615 revD' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/Manage.tri', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Linksys WRT54G2' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/logo_t.gif', + method = 'HEAD' + } + }, + matches = { + { + match = 'IP_SHARER WEB', + output = 'Belkin/Arris 2307' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '//system.html', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'CMNC-200 IP Camera' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/main_configure.cgi', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Intellinet IP Camera' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/OvCgi/Toolbar.exe', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'HP OpenView Network Node Manager' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/frontend/x3/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'CPanel' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/awstatstotals/awstatstotals.php', + method = 'HEAD' + }, + { + path = '/awstats/awstatstotals.php', + method = 'HEAD' + }, + { + path = '/awstatstotals.php', + method = 'HEAD' + }, + { + path = '/awstats/index.php', + method = 'HEAD' + }, + { + path = '/awstatstotals/index.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'AWStats Totals' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/egroupware/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'eGroupware' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/calendar/cal_search.php', + method = 'HEAD' + }, + { + path = '/cal_search.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'ExtCalendar' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/a_viewusers.php', + method = 'HEAD' + }, + { + path = '/aphpkb/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Andys PHP Knowledgebase' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/webedition/we/include/we_modules/', + method = 'HEAD' + }, + { + path = '/webedition/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Web Edition' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/Examples/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Possible documentation files' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/LightNEasy.php?do=login', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'LightNEasy' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/channel_detail.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'DzTube' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/cgi-bin/vcs', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Mitel Audio and Web Conferencing (AWC)' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/ocsreports/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'OCS Inventory' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/vbseo.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'vBSEO' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/forum/', + method = 'HEAD' + }, + { + path = '/forums/', + method = 'HEAD' + }, + { + path = '/smf/', + method = 'HEAD' + }, + { + path = '/phpbb/', + method = 'HEAD' + } + }, + matches = { + { + output = 'Forum' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/manager/', + method = 'HEAD' + }, + { + path = '/admin.php', + method = 'HEAD' + }, + { + path = '/admin/', + method = 'HEAD' + }, + { + path = '/admin/admin/', + method = 'HEAD' + }, + { + path = '/administrator/', + method = 'HEAD' + }, + { + path = '/moderator/', + method = 'HEAD' + }, + { + path = '/webadmin/', + method = 'HEAD' + }, + { + path = '/adminarea/', + method = 'HEAD' + }, + { + path = '/bb-admin/', + method = 'HEAD' + }, + { + path = '/adminLogin/', + method = 'HEAD' + }, + { + path = '/admin_area/', + method = 'HEAD' + }, + { + path = '/panel-administracion/', + method = 'HEAD' + }, + { + path = '/instadmin/', + method = 'HEAD' + }, + { + path = '/memberadmin/', + method = 'HEAD' + }, + { + path = '/administratorlogin/', + method = 'HEAD' + }, + { + path = '/adm/', + method = 'HEAD' + }, + { + path = '/admin/account.php', + method = 'HEAD' + }, + { + path = '/admin/index.php', + method = 'HEAD' + }, + { + path = '/admin/login.php', + method = 'HEAD' + }, + { + path = '/admin/admin.php', + method = 'HEAD' + }, + { + path = '/joomla/administrator', + method = 'HEAD' + }, + { + path = '/login.php', + method = 'HEAD' + }, + { + path = '/admin_area/admin.php', + method = 'HEAD' + }, + { + path = '/admin_area/login.php', + method = 'HEAD' + }, + { + path = '/siteadmin/login.php', + method = 'HEAD' + }, + { + path = '/siteadmin/index.php', + method = 'HEAD' + }, + { + path = '/siteadmin/login.html', + method = 'HEAD' + }, + { + path = '/admin/index.html', + method = 'HEAD' + }, + { + path = '/admin/login.html', + method = 'HEAD' + }, + { + path = '/admin/admin.html', + method = 'HEAD' + }, + { + path = '/admin_area/index.php', + method = 'HEAD' + }, + { + path = '/bb-admin/index.php', + method = 'HEAD' + }, + { + path = '/bb-admin/login.php', + method = 'HEAD' + }, + { + path = '/bb-admin/admin.php', + method = 'HEAD' + }, + { + path = '/admin/home.php', + method = 'HEAD' + }, + { + path = '/admin_area/login.html', + method = 'HEAD' + }, + { + path = '/admin_area/index.html', + method = 'HEAD' + }, + { + path = '/admin/controlpanel.php', + method = 'HEAD' + }, + { + path = '/admincp/', + method = 'HEAD' + }, + { + path = '/admincp/index.asp', + method = 'HEAD' + }, + { + path = '/admincp/index.html', + method = 'HEAD' + }, + { + path = '/admincp/login.php', + method = 'HEAD' + }, + { + path = '/admin/account.html', + method = 'HEAD' + }, + { + path = '/adminpanel.html', + method = 'HEAD' + }, + { + path = '/webadmin.html', + method = 'HEAD' + }, + { + path = '/webadmin/index.html', + method = 'HEAD' + }, + { + path = '/webadmin/admin.html', + method = 'HEAD' + }, + { + path = '/webadmin/login.html', + method = 'HEAD' + }, + { + path = '/admin/admin_login.html', + method = 'HEAD' + }, + { + path = '/admin_login.html', + method = 'HEAD' + }, + { + path = '/panel-administracion/login.html', + method = 'HEAD' + }, + { + path = '/admin/cp.php', + method = 'HEAD' + }, + { + path = '/cp.php', + method = 'HEAD' + }, + { + path = '/administrator/index.php', + method = 'HEAD' + }, + { + path = '/administrator/login.php', + method = 'HEAD' + }, + { + path = '/nsw/admin/login.php', + method = 'HEAD' + }, + { + path = '/webadmin/login.php', + method = 'HEAD' + }, + { + path = '/admin/admin_login.php', + method = 'HEAD' + }, + { + path = '/admin_login.php', + method = 'HEAD' + }, + { + path = '/administrator/account.php', + method = 'HEAD' + }, + { + path = '/administrator.php', + method = 'HEAD' + }, + { + path = '/admin_area/admin.html', + method = 'HEAD' + }, + { + path = '/pages/admin/admin-login.php', + method = 'HEAD' + }, + { + path = '/admin/admin-login.php', + method = 'HEAD' + }, + { + path = '/admin-login.php', + method = 'HEAD' + }, + { + path = '/bb-admin/index.html', + method = 'HEAD' + }, + { + path = '/bb-admin/login.html', + method = 'HEAD' + }, + { + path = '/bb-admin/admin.html', + method = 'HEAD' + }, + { + path = '/admin/home.html', + method = 'HEAD' + }, + { + path = '/modelsearch/login.php', + method = 'HEAD' + }, + { + path = '/moderator.php', + method = 'HEAD' + }, + { + path = '/moderator/login.php', + method = 'HEAD' + }, + { + path = '/moderator/admin.php', + method = 'HEAD' + }, + { + path = '/account.php', + method = 'HEAD' + }, + { + path = '/pages/admin/admin-login.html', + method = 'HEAD' + }, + { + path = '/admin/admin-login.html', + method = 'HEAD' + }, + { + path = '/admin-login.html', + method = 'HEAD' + }, + { + path = '/controlpanel.php', + method = 'HEAD' + }, + { + path = '/admincontrol.php', + method = 'HEAD' + }, + { + path = '/admin/adminLogin.html', + method = 'HEAD' + }, + { + path = '/adminLogin.html', + method = 'HEAD' + }, + { + path = '/home.html', + method = 'HEAD' + }, + { + path = '/rcjakar/admin/login.php', + method = 'HEAD' + }, + { + path = '/adminarea/index.html', + method = 'HEAD' + }, + { + path = '/adminarea/admin.html', + method = 'HEAD' + }, + { + path = '/webadmin.php', + method = 'HEAD' + }, + { + path = '/webadmin/index.php', + method = 'HEAD' + }, + { + path = '/webadmin/admin.php', + method = 'HEAD' + }, + { + path = '/admin/controlpanel.html', + method = 'HEAD' + }, + { + path = '/admin.html', + method = 'HEAD' + }, + { + path = '/admin/cp.html', + method = 'HEAD' + }, + { + path = '/cp.html', + method = 'HEAD' + }, + { + path = '/adminpanel.php', + method = 'HEAD' + }, + { + path = '/moderator.html', + method = 'HEAD' + }, + { + path = '/administrator/index.html', + method = 'HEAD' + }, + { + path = '/administrator/login.html', + method = 'HEAD' + }, + { + path = '/user.html', + method = 'HEAD' + }, + { + path = '/administrator/account.html', + method = 'HEAD' + }, + { + path = '/administrator.html', + method = 'HEAD' + }, + { + path = '/login.html', + method = 'HEAD' + }, + { + path = '/modelsearch/login.html', + method = 'HEAD' + }, + { + path = '/moderator/login.html', + method = 'HEAD' + }, + { + path = '/adminarea/login.html', + method = 'HEAD' + }, + { + path = '/panel-administracion/index.html', + method = 'HEAD' + }, + { + path = '/panel-administracion/admin.html', + method = 'HEAD' + }, + { + path = '/modelsearch/index.html', + method = 'HEAD' + }, + { + path = '/modelsearch/admin.html', + method = 'HEAD' + }, + { + path = '/admincontrol/login.html', + method = 'HEAD' + }, + { + path = '/adm/index.html', + method = 'HEAD' + }, + { + path = '/adm.html', + method = 'HEAD' + }, + { + path = '/moderator/admin.html', + method = 'HEAD' + }, + { + path = '/user.php', + method = 'HEAD' + }, + { + path = '/account.html', + method = 'HEAD' + }, + { + path = '/controlpanel.html', + method = 'HEAD' + }, + { + path = '/admincontrol.html', + method = 'HEAD' + }, + { + path = '/panel-administracion/login.php', + method = 'HEAD' + }, + { + path = '/wp-login.php', + method = 'HEAD' + }, + { + path = '/wp-json', + method = 'HEAD' + }, + { + path = '/adminLogin.php', + method = 'HEAD' + }, + { + path = '/admin/adminLogin.php', + method = 'HEAD' + }, + { + path = '/adminarea/index.php', + method = 'HEAD' + }, + { + path = '/adminarea/admin.php', + method = 'HEAD' + }, + { + path = '/adminarea/login.php', + method = 'HEAD' + }, + { + path = '/panel-administracion/index.php', + method = 'HEAD' + }, + { + path = '/panel-administracion/admin.php', + method = 'HEAD' + }, + { + path = '/modelsearch/index.php', + method = 'HEAD' + }, + { + path = '/modelsearch/admin.php', + method = 'HEAD' + }, + { + path = '/admincontrol/login.php', + method = 'HEAD' + }, + { + path = '/adm/admloginuser.php', + method = 'HEAD' + }, + { + path = '/admloginuser.php', + method = 'HEAD' + }, + { + path = '/admin2.php', + method = 'HEAD' + }, + { + path = '/admin2/login.php', + method = 'HEAD' + }, + { + path = '/admin2/index.php', + method = 'HEAD' + }, + { + path = '/adm/index.php', + method = 'HEAD' + }, + { + path = '/adm.php', + method = 'HEAD' + }, + { + path = '/affiliate.php', + method = 'HEAD' + }, + { + path = '/adm_auth.php', + method = 'HEAD' + }, + { + path = '/memberadmin.php', + method = 'HEAD' + }, + { + path = '/administratorlogin.php', + method = 'HEAD' + }, + { + path = '/account.cfm', + method = 'HEAD' + }, + { + path = '/admin/account.cfm', + method = 'HEAD' + }, + { + path = '/admin/index.cfm', + method = 'HEAD' + }, + { + path = '/admin/login.cfm', + method = 'HEAD' + }, + { + path = '/admin/admin.cfm', + method = 'HEAD' + }, + { + path = '/admin.cfm', + method = 'HEAD' + }, + { + path = '/admin/admin_login.cfm', + method = 'HEAD' + }, + { + path = '/admin_login.cfm', + method = 'HEAD' + }, + { + path = '/adminpanel.cfm', + method = 'HEAD' + }, + { + path = '/admin/controlpanel.cfm', + method = 'HEAD' + }, + { + path = '/admincontrol.cfm', + method = 'HEAD' + }, + { + path = '/panel-administracion/login.cfm', + method = 'HEAD' + }, + { + path = '/admin/cp.cfm', + method = 'HEAD' + }, + { + path = '/pages/admin/admin-login.cfm', + method = 'HEAD' + }, + { + path = '/admincp/index.cfm', + method = 'HEAD' + }, + { + path = '/admincp/login.cfm', + method = 'HEAD' + }, + { + path = '/admin_area/admin.cfm', + method = 'HEAD' + }, + { + path = '/admin_area/login.cfm', + method = 'HEAD' + }, + { + path = '/moderator/login.cfm', + method = 'HEAD' + }, + { + path = '/administrator/login.cfm', + method = 'HEAD' + }, + { + path = '/moderator.cfm', + method = 'HEAD' + }, + { + path = '/modelsearch/index.cfm', + method = 'HEAD' + }, + { + path = '/panel-administracion/admin.cfm', + method = 'HEAD' + }, + { + path = '/adm/admloginuser.cfm', + method = 'HEAD' + }, + { + path = '/adm.cfm', + method = 'HEAD' + }, + { + path = '/adm_auth.cfm', + method = 'HEAD' + }, + { + path = '/administratorlogin.cfm', + method = 'HEAD' + }, + { + path = '/webadmin.cfm', + method = 'HEAD' + }, + { + path = '/webadmin/index.cfm', + method = 'HEAD' + }, + { + path = '/modelsearch/login.cfm', + method = 'HEAD' + }, + { + path = '/login.cfm', + method = 'HEAD' + }, + { + path = '/administrator.cfm', + method = 'HEAD' + }, + { + path = '/administrator/account.cfm', + method = 'HEAD' + }, + { + path = '/adminLogin.cfm', + method = 'HEAD' + }, + { + path = '/siteadmin/login.cfm', + method = 'HEAD' + }, + { + path = '/admin2/index.cfm', + method = 'HEAD' + }, + { + path = '/adm/index.cfm', + method = 'HEAD' + }, + { + path = '/admin_area/index.cfm', + method = 'HEAD' + }, + { + path = '/bb-admin/index.cfm', + method = 'HEAD' + }, + { + path = '/bb-admin/login.cfm', + method = 'HEAD' + }, + { + path = '/bb-admin/admin.cfm', + method = 'HEAD' + }, + { + path = '/siteadmin/index.cfm', + method = 'HEAD' + }, + { + path = '/memberadmin.cfm', + method = 'HEAD' + }, + { + path = '/admin2/login.cfm', + method = 'HEAD' + }, + { + path = '/admloginuser.cfm', + method = 'HEAD' + }, + { + path = '/admincontrol/login.cfm', + method = 'HEAD' + }, + { + path = '/administrator/index.cfm', + method = 'HEAD' + }, + { + path = '/modelsearch/admin.cfm', + method = 'HEAD' + }, + { + path = '/panel-administracion/index.cfm', + method = 'HEAD' + }, + { + path = '/adminarea/login.cfm', + method = 'HEAD' + }, + { + path = '/adminarea/admin.cfm', + method = 'HEAD' + }, + { + path = '/adminarea/index.cfm', + method = 'HEAD' + }, + { + path = '/admin/adminLogin.cfm', + method = 'HEAD' + }, + { + path = '/webadmin/login.cfm', + method = 'HEAD' + }, + { + path = '/webadmin/admin.cfm', + method = 'HEAD' + }, + { + path = '/user.cfm', + method = 'HEAD' + }, + { + path = '/controlpanel.cfm', + method = 'HEAD' + }, + { + path = '/moderator/admin.cfm', + method = 'HEAD' + }, + { + path = '/cp.cfm', + method = 'HEAD' + }, + { + path = '/admin-login.cfm', + method = 'HEAD' + }, + { + path = '/admin/admin-login.cfm', + method = 'HEAD' + }, + { + path = '/admin/home.cfm', + method = 'HEAD' + }, + { + path = '/adm1n/', + method = 'HEAD' + }, + { + path = '/4dm1n/', + method = 'HEAD' + }, + { + path = '/account.asp', + method = 'HEAD' + }, + { + path = '/admin/account.asp', + method = 'HEAD' + }, + { + path = '/admin/index.asp', + method = 'HEAD' + }, + { + path = '/admin/login.asp', + method = 'HEAD' + }, + { + path = '/admin/admin.asp', + method = 'HEAD' + }, + { + path = '/admin_area/admin.asp', + method = 'HEAD' + }, + { + path = '/admin_area/login.asp', + method = 'HEAD' + }, + { + path = '/admin_area/index.asp', + method = 'HEAD' + }, + { + path = '/bb-admin/index.asp', + method = 'HEAD' + }, + { + path = '/bb-admin/login.asp', + method = 'HEAD' + }, + { + path = '/bb-admin/admin.asp', + method = 'HEAD' + }, + { + path = '/admin/home.asp', + method = 'HEAD' + }, + { + path = '/admin/controlpanel.asp', + method = 'HEAD' + }, + { + path = '/admin.asp', + method = 'HEAD' + }, + { + path = '/pages/admin/admin-login.asp', + method = 'HEAD' + }, + { + path = '/admin/admin-login.asp', + method = 'HEAD' + }, + { + path = '/admin-login.asp', + method = 'HEAD' + }, + { + path = '/admin/cp.asp', + method = 'HEAD' + }, + { + path = '/cp.asp', + method = 'HEAD' + }, + { + path = '/administrator/account.asp', + method = 'HEAD' + }, + { + path = '/administrator.asp', + method = 'HEAD' + }, + { + path = '/login.asp', + method = 'HEAD' + }, + { + path = '/modelsearch/login.asp', + method = 'HEAD' + }, + { + path = '/moderator.asp', + method = 'HEAD' + }, + { + path = '/moderator/login.asp', + method = 'HEAD' + }, + { + path = '/administrator/login.asp', + method = 'HEAD' + }, + { + path = '/moderator/admin.asp', + method = 'HEAD' + }, + { + path = '/controlpanel.asp', + method = 'HEAD' + }, + { + path = '/user.asp', + method = 'HEAD' + }, + { + path = '/admincp/login.asp', + method = 'HEAD' + }, + { + path = '/admincontrol.asp', + method = 'HEAD' + }, + { + path = '/adminpanel.asp', + method = 'HEAD' + }, + { + path = '/webadmin.asp', + method = 'HEAD' + }, + { + path = '/webadmin/index.asp', + method = 'HEAD' + }, + { + path = '/webadmin/admin.asp', + method = 'HEAD' + }, + { + path = '/webadmin/login.asp', + method = 'HEAD' + }, + { + path = '/admin/admin_login.asp', + method = 'HEAD' + }, + { + path = '/admin_login.asp', + method = 'HEAD' + }, + { + path = '/panel-administracion/login.asp', + method = 'HEAD' + }, + { + path = '/adminLogin.asp', + method = 'HEAD' + }, + { + path = '/admin/adminLogin.asp', + method = 'HEAD' + }, + { + path = '/home.asp', + method = 'HEAD' + }, + { + path = '/adminarea/index.asp', + method = 'HEAD' + }, + { + path = '/adminarea/admin.asp', + method = 'HEAD' + }, + { + path = '/adminarea/login.asp', + method = 'HEAD' + }, + { + path = '/panel-administracion/index.asp', + method = 'HEAD' + }, + { + path = '/panel-administracion/admin.asp', + method = 'HEAD' + }, + { + path = '/modelsearch/index.asp', + method = 'HEAD' + }, + { + path = '/modelsearch/admin.asp', + method = 'HEAD' + }, + { + path = '/administrator/index.asp', + method = 'HEAD' + }, + { + path = '/admincontrol/login.asp', + method = 'HEAD' + }, + { + path = '/adm/admloginuser.asp', + method = 'HEAD' + }, + { + path = '/admloginuser.asp', + method = 'HEAD' + }, + { + path = '/admin2.asp', + method = 'HEAD' + }, + { + path = '/admin2/login.asp', + method = 'HEAD' + }, + { + path = '/admin2/index.asp', + method = 'HEAD' + }, + { + path = '/adm/index.asp', + method = 'HEAD' + }, + { + path = '/adm.asp', + method = 'HEAD' + }, + { + path = '/adm_auth.asp', + method = 'HEAD' + }, + { + path = '/memberadmin.asp', + method = 'HEAD' + }, + { + path = '/administratorlogin.asp', + method = 'HEAD' + }, + { + path = '/siteadmin/login.asp', + method = 'HEAD' + }, + { + path = '/siteadmin/index.asp', + method = 'HEAD' + }, + { + path = '/account.aspx', + method = 'HEAD' + }, + { + path = '/admin/account.aspx', + method = 'HEAD' + }, + { + path = '/admin/index.aspx', + method = 'HEAD' + }, + { + path = '/admin/login.aspx', + method = 'HEAD' + }, + { + path = '/admin/admin.aspx', + method = 'HEAD' + }, + { + path = '/admin_area/admin.aspx', + method = 'HEAD' + }, + { + path = '/admin_area/login.aspx', + method = 'HEAD' + }, + { + path = '/admin_area/index.aspx', + method = 'HEAD' + }, + { + path = '/bb-admin/index.aspx', + method = 'HEAD' + }, + { + path = '/bb-admin/login.aspx', + method = 'HEAD' + }, + { + path = '/bb-admin/admin.aspx', + method = 'HEAD' + }, + { + path = '/admin/home.aspx', + method = 'HEAD' + }, + { + path = '/admin/controlpanel.aspx', + method = 'HEAD' + }, + { + path = '/admin.aspx', + method = 'HEAD' + }, + { + path = '/pages/admin/admin-login.aspx', + method = 'HEAD' + }, + { + path = '/admin/admin-login.aspx', + method = 'HEAD' + }, + { + path = '/admin-login.aspx', + method = 'HEAD' + }, + { + path = '/admin/cp.aspx', + method = 'HEAD' + }, + { + path = '/cp.aspx', + method = 'HEAD' + }, + { + path = '/administrator/account.aspx', + method = 'HEAD' + }, + { + path = '/administrator.aspx', + method = 'HEAD' + }, + { + path = '/login.aspx', + method = 'HEAD' + }, + { + path = '/modelsearch/login.aspx', + method = 'HEAD' + }, + { + path = '/moderator.aspx', + method = 'HEAD' + }, + { + path = '/moderator/login.aspx', + method = 'HEAD' + }, + { + path = '/administrator/login.aspx', + method = 'HEAD' + }, + { + path = '/moderator/admin.aspx', + method = 'HEAD' + }, + { + path = '/controlpanel.aspx', + method = 'HEAD' + }, + { + path = '/user.aspx', + method = 'HEAD' + }, + { + path = '/admincp/index.aspx', + method = 'HEAD' + }, + { + path = '/admincp/login.aspx', + method = 'HEAD' + }, + { + path = '/admincontrol.aspx', + method = 'HEAD' + }, + { + path = '/adminpanel.aspx', + method = 'HEAD' + }, + { + path = '/webadmin.aspx', + method = 'HEAD' + }, + { + path = '/webadmin/index.aspx', + method = 'HEAD' + }, + { + path = '/webadmin/admin.aspx', + method = 'HEAD' + }, + { + path = '/webadmin/login.aspx', + method = 'HEAD' + }, + { + path = '/admin/admin_login.aspx', + method = 'HEAD' + }, + { + path = '/admin_login.aspx', + method = 'HEAD' + }, + { + path = '/panel-administracion/login.aspx', + method = 'HEAD' + }, + { + path = '/adminLogin.aspx', + method = 'HEAD' + }, + { + path = '/admin/adminLogin.aspx', + method = 'HEAD' + }, + { + path = '/home.aspx', + method = 'HEAD' + }, + { + path = '/adminarea/index.aspx', + method = 'HEAD' + }, + { + path = '/adminarea/admin.aspx', + method = 'HEAD' + }, + { + path = '/adminarea/login.aspx', + method = 'HEAD' + }, + { + path = '/panel-administracion/index.aspx', + method = 'HEAD' + }, + { + path = '/panel-administracion/admin.aspx', + method = 'HEAD' + }, + { + path = '/modelsearch/index.aspx', + method = 'HEAD' + }, + { + path = '/modelsearch/admin.aspx', + method = 'HEAD' + }, + { + path = '/administrator/index.aspx', + method = 'HEAD' + }, + { + path = '/admincontrol/login.aspx', + method = 'HEAD' + }, + { + path = '/adm/admloginuser.aspx', + method = 'HEAD' + }, + { + path = '/admloginuser.aspx', + method = 'HEAD' + }, + { + path = '/admin2.aspx', + method = 'HEAD' + }, + { + path = '/admin2/login.aspx', + method = 'HEAD' + }, + { + path = '/admin2/index.aspx', + method = 'HEAD' + }, + { + path = '/adm/index.aspx', + method = 'HEAD' + }, + { + path = '/adm.aspx', + method = 'HEAD' + }, + { + path = '/adm_auth.aspx', + method = 'HEAD' + }, + { + path = '/memberadmin.aspx', + method = 'HEAD' + }, + { + path = '/administratorlogin.aspx', + method = 'HEAD' + }, + { + path = '/siteadmin/login.aspx', + method = 'HEAD' + }, + { + path = '/siteadmin/index.aspx', + method = 'HEAD' + }, + { + path = '/account.jsp', + method = 'HEAD' + }, + { + path = '/admin/index.jsp', + method = 'HEAD' + }, + { + path = '/admin/login.jsp', + method = 'HEAD' + }, + { + path = '/admin/admin.jsp', + method = 'HEAD' + }, + { + path = '/admin_area/admin.jsp', + method = 'HEAD' + }, + { + path = '/admin_area/login.jsp', + method = 'HEAD' + }, + { + path = '/admin_area/index.jsp', + method = 'HEAD' + }, + { + path = '/bb-admin/index.jsp', + method = 'HEAD' + }, + { + path = '/bb-admin/login.jsp', + method = 'HEAD' + }, + { + path = '/bb-admin/admin.jsp', + method = 'HEAD' + }, + { + path = '/admin/home.jsp', + method = 'HEAD' + }, + { + path = '/admin/controlpanel.jsp', + method = 'HEAD' + }, + { + path = '/admin.jsp', + method = 'HEAD' + }, + { + path = '/pages/admin/admin-login.jsp', + method = 'HEAD' + }, + { + path = '/admin/admin-login.jsp', + method = 'HEAD' + }, + { + path = '/admin-login.jsp', + method = 'HEAD' + }, + { + path = '/admin/cp.jsp', + method = 'HEAD' + }, + { + path = '/cp.jsp', + method = 'HEAD' + }, + { + path = '/administrator/account.jsp', + method = 'HEAD' + }, + { + path = '/administrator.jsp', + method = 'HEAD' + }, + { + path = '/login.jsp', + method = 'HEAD' + }, + { + path = '/modelsearch/login.jsp', + method = 'HEAD' + }, + { + path = '/moderator.jsp', + method = 'HEAD' + }, + { + path = '/moderator/login.jsp', + method = 'HEAD' + }, + { + path = '/administrator/login.jsp', + method = 'HEAD' + }, + { + path = '/moderator/admin.jsp', + method = 'HEAD' + }, + { + path = '/controlpanel.jsp', + method = 'HEAD' + }, + { + path = '/user.jsp', + method = 'HEAD' + }, + { + path = '/admincp/index.jsp', + method = 'HEAD' + }, + { + path = '/admincp/login.jsp', + method = 'HEAD' + }, + { + path = '/admincontrol.jsp', + method = 'HEAD' + }, + { + path = '/admin/account.jsp', + method = 'HEAD' + }, + { + path = '/adminpanel.jsp', + method = 'HEAD' + }, + { + path = '/webadmin.jsp', + method = 'HEAD' + }, + { + path = '/webadmin/index.jsp', + method = 'HEAD' + }, + { + path = '/webadmin/admin.jsp', + method = 'HEAD' + }, + { + path = '/webadmin/login.jsp', + method = 'HEAD' + }, + { + path = '/admin/admin_login.jsp', + method = 'HEAD' + }, + { + path = '/admin_login.jsp', + method = 'HEAD' + }, + { + path = '/panel-administracion/login.jsp', + method = 'HEAD' + }, + { + path = '/adminLogin.jsp', + method = 'HEAD' + }, + { + path = '/admin/adminLogin.jsp', + method = 'HEAD' + }, + { + path = '/home.jsp', + method = 'HEAD' + }, + { + path = '/adminarea/index.jsp', + method = 'HEAD' + }, + { + path = '/adminarea/admin.jsp', + method = 'HEAD' + }, + { + path = '/adminarea/login.jsp', + method = 'HEAD' + }, + { + path = '/panel-administracion/index.jsp', + method = 'HEAD' + }, + { + path = '/panel-administracion/admin.jsp', + method = 'HEAD' + }, + { + path = '/modelsearch/index.jsp', + method = 'HEAD' + }, + { + path = '/modelsearch/admin.jsp', + method = 'HEAD' + }, + { + path = '/administrator/index.jsp', + method = 'HEAD' + }, + { + path = '/admincontrol/login.jsp', + method = 'HEAD' + }, + { + path = '/adm/admloginuser.jsp', + method = 'HEAD' + }, + { + path = '/admloginuser.jsp', + method = 'HEAD' + }, + { + path = '/admin2.jsp', + method = 'HEAD' + }, + { + path = '/admin2/login.jsp', + method = 'HEAD' + }, + { + path = '/admin2/index.jsp', + method = 'HEAD' + }, + { + path = '/adm/index.jsp', + method = 'HEAD' + }, + { + path = '/adm.jsp', + method = 'HEAD' + }, + { + path = '/adm_auth.jsp', + method = 'HEAD' + }, + { + path = '/memberadmin.jsp', + method = 'HEAD' + }, + { + path = '/administratorlogin.jsp', + method = 'HEAD' + }, + { + path = '/siteadmin/login.jsp', + method = 'HEAD' + }, + { + path = '/siteadmin/index.jsp', + method = 'HEAD' + }, + { + path = '/admin1.php', + method = 'HEAD' + }, + { + path = '/administr8.asp', + method = 'HEAD' + }, + { + path = '/administr8.php', + method = 'HEAD' + }, + { + path = '/administr8.jsp', + method = 'HEAD' + }, + { + path = '/administr8.aspx', + method = 'HEAD' + }, + { + path = '/administr8.cfm', + method = 'HEAD' + }, + { + path = '/administr8/', + method = 'HEAD' + }, + { + path = '/administer/', + method = 'HEAD' + }, + { + path = '/administracao.php', + method = 'HEAD' + }, + { + path = '/administracao.asp', + method = 'HEAD' + }, + { + path = '/administracao.aspx', + method = 'HEAD' + }, + { + path = '/administracao.cfm', + method = 'HEAD' + }, + { + path = '/administracao.jsp', + method = 'HEAD' + }, + { + path = '/administracion.php', + method = 'HEAD' + }, + { + path = '/administracion.asp', + method = 'HEAD' + }, + { + path = '/administracion.aspx', + method = 'HEAD' + }, + { + path = '/administracion.jsp', + method = 'HEAD' + }, + { + path = '/administracion.cfm', + method = 'HEAD' + }, + { + path = '/administrators/', + method = 'HEAD' + }, + { + path = '/adminpro/', + method = 'HEAD' + }, + { + path = '/admins/', + method = 'HEAD' + }, + { + path = '/admins.cfm', + method = 'HEAD' + }, + { + path = '/admins.php', + method = 'HEAD' + }, + { + path = '/admins.jsp', + method = 'HEAD' + }, + { + path = '/admins.asp', + method = 'HEAD' + }, + { + path = '/admins.aspx', + method = 'HEAD' + }, + { + path = '/maintenance/', + method = 'HEAD' + }, + { + path = '/Lotus_Domino_Admin/', + method = 'HEAD' + }, + { + path = '/hpwebjetadmin/', + method = 'HEAD' + }, + { + path = '/_admin/', + method = 'HEAD' + }, + { + path = '/_administrator/', + method = 'HEAD' + }, + { + path = '/_administrador/', + method = 'HEAD' + }, + { + path = '/_admins/', + method = 'HEAD' + }, + { + path = '/_administrators/', + method = 'HEAD' + }, + { + path = '/_administradores/', + method = 'HEAD' + }, + { + path = '/_administracion/', + method = 'HEAD' + }, + { + path = '/_4dm1n/', + method = 'HEAD' + }, + { + path = '/_adm1n/', + method = 'HEAD' + }, + { + path = '/_Admin/', + method = 'HEAD' + }, + { + path = '/system_administration/', + method = 'HEAD' + }, + { + path = '/system-administration/', + method = 'HEAD' + }, + { + path = '/system-admin/', + method = 'HEAD' + }, + { + path = '/system-admins/', + method = 'HEAD' + }, + { + path = '/system-administrators/', + method = 'HEAD' + }, + { + path = '/administracion-sistema/', + method = 'HEAD' + }, + { + path = '/Administracion/', + method = 'HEAD' + }, + { + path = '/Admin/', + method = 'HEAD' + }, + { + path = '/Administrator/', + method = 'HEAD' + }, + { + path = '/Manager/', + method = 'HEAD' + }, + { + path = '/Adm/', + method = 'HEAD' + }, + { + path = '/systemadmin/', + method = 'HEAD' + }, + { + path = '/AdminLogin.asp', + method = 'HEAD' + }, + { + path = '/AdminLogin.php', + method = 'HEAD' + }, + { + path = '/AdminLogin.jsp', + method = 'HEAD' + }, + { + path = '/AdminLogin.aspx', + method = 'HEAD' + }, + { + path = '/AdminLogin.cfm', + method = 'HEAD' + }, + { + path = '/admin108/', + method = 'HEAD' + }, + { + path = '/pec_admin/', + method = 'HEAD' + }, + { + path = '/system/admin/', + method = 'HEAD' + }, + { + path = '/plog-admin/', + method = 'HEAD' + }, + { + path = '/ESAdmin/', + method = 'HEAD' + }, + { + path = '/axis2-admin/', + method = 'HEAD' + }, + { + path = '/_sys/', + method = 'HEAD' + }, + { + path = '/admin_cp.asp', + method = 'HEAD' + }, + { + path = '/sitecore/admin/', + method = 'HEAD' + }, + { + path = '/sitecore/login/admin/', + method = 'HEAD' + } + }, + matches = { + { + match = '<title>Index of', + output = 'Possible admin folder w/ directory listing' + }, + { + output = 'Possible admin folder' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/backup/', + method = 'GET' + }, + { + path = '/backup', + method = 'GET' + }, + { + path = '/backup.sql', + method = 'GET' + }, + { + path = '/backup.sql.gz', + method = 'GET' + }, + { + path = '/backup.sql.bz2', + method = 'GET' + }, + { + path = '/backup.zip', + method = 'GET' + }, + { + path = '/backups/', + method = 'GET' + }, + { + path = '/bak/', + method = 'GET' + }, + { + path = '/back/', + method = 'GET' + }, + { + path = '/cache/backup/', + method = 'GET' + }, + { + path = '/admin/backup/', + method = 'GET' + }, + { + path = '/dbbackup.txt', + method = 'GET' + } + }, + matches = { + { + match = '<title>Index of', + output = 'Backup folder w/ directory listing' + }, + { + match = '', + output = 'Possible backup' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/b.sql', + method = 'HEAD' + }, + { + path = '/db.sql', + method = 'HEAD' + }, + { + path = '/ddb.sql', + method = 'HEAD' + }, + { + path = '/users.sql', + method = 'HEAD' + }, + { + path = '/database.sql', + method = 'HEAD' + }, + { + path = '/mysql.sql', + method = 'HEAD' + }, + { + path = '/dump.sql', + method = 'HEAD' + }, + { + path = '/respaldo.sql', + method = 'HEAD' + }, + { + path = '/data.sql', + method = 'HEAD' + }, + { + path = '/old.sql', + method = 'HEAD' + }, + { + path = '/usuarios.sql', + method = 'HEAD' + }, + { + path = '/bdb.sql', + method = 'HEAD' + }, + { + path = '/1.sql', + method = 'HEAD' + }, + { + path = '/admin/download/backup.sql', + method = 'HEAD' + } + + }, + matches = { + { + match = '', + output = 'Possible database backup' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/clientaccesspolicy.xml', + method = 'HEAD' + }, + }, + matches = { + { + output = 'Microsoft Silverlight crossdomain policy' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/atom/', + method = 'HEAD' + }, + { + path = '/atom.aspx', + method = 'HEAD' + }, + { + path = '/atom.php', + method = 'HEAD' + }, + { + path = '/atom.xml', + method = 'HEAD' + }, + { + path = '/atom.jsp', + method = 'HEAD' + }, + { + path = '/rss/', + method = 'HEAD' + }, + { + path = '/rss.aspx', + method = 'HEAD' + }, + { + path = '/rss.php', + method = 'HEAD' + }, + { + path = '/rss.xml', + method = 'HEAD' + }, + { + path = '/rss.jsp', + method = 'HEAD' + } + }, + matches = { + { + output = 'RSS or Atom feed' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/etc/passwd', + method = 'GET' + }, + { + path = '/boot.ini', + method = 'GET' + } + }, + matches = { + { + match = 'root:', + output = 'Webroot appears to be in / (Linux)' + }, + { + match = 'boot loader', + output = 'Webroot appears to be in c:\\ (Windows)' + }, + { + match = '', + output = 'Webroot might be in root folder' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/example/', + method = 'GET' + }, + { + path = '/examples/', + method = 'GET' + }, + { + path = '/iissamples/', + method = 'GET' + }, + { + path = '/j2eeexamples/', + method = 'GET' + }, + { + path = '/j2eeexamplesjsp/', + method = 'GET' + }, + { + path = '/sample/', + method = 'GET' + }, + { + path = '/ncsample/', + method = 'GET' + }, + { + path = '/fpsample/', + method = 'GET' + }, + { + path = '/cmsample/', + method = 'GET' + }, + { + path = '/samples/', + method = 'GET' + }, + { + path = '/mono/1.1/index.aspx', + method = 'GET' + } + }, + matches = { + { + match = '<title>Index of .*(Apache.*) Server at', + output = 'Sample scripts w/ listing on \'\\1\'' + }, + { + match = '<title>Index of', + output = 'Sample scripts w/ directory listing' + }, + { + match = '', + output = 'Sample scripts' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/login/', + method = 'HEAD' + }, + { + path = '/login.htm', + method = 'HEAD' + }, + { + path = '/login.jsp', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Login page' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/test.asp', + method = 'HEAD' + }, + { + path = '/test.class', + method = 'HEAD' + }, + { + path = '/test/', + method = 'HEAD' + }, + { + path = '/test.htm', + method = 'HEAD' + }, + { + path = '/test.html', + method = 'HEAD' + }, + { + path = '/test.php', + method = 'HEAD' + }, + { + path = '/test.txt', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Test page' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/webmail/', + method = 'HEAD' + }, + { + path = '/mail/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Mail folder' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/log/', + method = 'HEAD' + }, + { + path = '/log.htm', + method = 'HEAD' + }, + { + path = '/log.php', + method = 'HEAD' + }, + { + path = '/log.asp', + method = 'HEAD' + }, + { + path = '/log.aspx', + method = 'HEAD' + }, + { + path = '/log.jsp', + method = 'HEAD' + }, + { + path = '/logs/', + method = 'HEAD' + }, + { + path = '/logs.htm', + method = 'HEAD' + }, + { + path = '/logs.php', + method = 'HEAD' + }, + { + path = '/logs.asp', + method = 'HEAD' + }, + { + path = '/logs.aspx', + method = 'HEAD' + }, + { + path = '/logs.jsp', + method = 'HEAD' + }, + { + path = '/wwwlog/', + method = 'HEAD' + }, + { + path = '/wwwlogs/', + method = 'HEAD' + }, + { + path = '/mail_log_files/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Logs' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/images/rails.png', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'Ruby on Rails' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/mono/', + method = 'HEAD' + }, + }, + + matches = { + { + match = '', + output = 'Mono' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/robots.txt', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'Robots file' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/crossdomain.xml', + method = 'HEAD' + }, + }, + matches = { + { + output = 'Adobe Flash crossdomain policy' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/css/cake.generic.css', + method = 'HEAD' + }, + { + path = '/img/cake.icon.gif', + method = 'HEAD' + }, + { + path = '/img/cake.icon.png', + method = 'HEAD' + }, + { + path = '/js/vendors.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'CakePHP application' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/cgi-bin/ffileman.cgi?', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Ffileman Web File Manager' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/fshow.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Horizon Web App' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/admin/upload.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Admin File Upload' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/upload_multiple_js.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'NAS Uploader' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/uploadtester.asp', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Free ASP Upload Shell' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/info.php', + method = 'HEAD' + }, + { + path = '/phpinfo.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Possible information file' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/kusabax/manage_page.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Kusabax Image Board' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/plus/lurking.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'phpMyChat Plus' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/adm/barra/assetmanager/assetmanager.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = '360 Web Manager' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/eyeos/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Possible eyeOS installation' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/NETWARE.HTM', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Planet FPS-1101' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/setup.cgi', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Linksys Cisco Wag120n or similar' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/debug.cgi', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Linksys WRT54G' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/ehcp/?op=applyforftpaccount', + method = 'HEAD' + }, + { + path = '/ehcp/?op=applyforaccount', + method = 'HEAD' + }, + { + path = '/ehcp/?op=applyfordomainaccount', + method = 'HEAD' + }, + { + path = '/vhosts/ehcp/?op=applyforftpaccount', + method = 'HEAD' + }, + { + path = '/vhosts/ehcp/?op=applyforaccount', + method = 'HEAD' + }, + { + path = '/vhosts/ehcp/?op=applyfordomainaccount', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'Easy Hosting Control Panel' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/tools_admin.cgi?', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'D-Link WBR-1310' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/level/15', + method = 'HEAD' + }, + { + path = '/exec/show/log/CR', + method = 'HEAD' + }, + { + path = '/level/15/exec/-/configure/http', + method = 'HEAD' + }, + { + path = '/level/15/exec/-', + method = 'HEAD' + } + }, + matches = { + { + match = 'cisco-IOS', + output = 'Cisco 2811' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/appServer/jvmReport.jsf?instanceName=server&pageTitle=JVM%20Report', + method = 'HEAD' + }, + { + path = '/common/appServer/jvmReport.jsf?pageTitle=JVM%20Report', + method = 'HEAD' + }, + { + path = '/common/appServer/jvmReport.jsf?reportType=summary&instanceName=server', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Oracle GlashFish Server Information' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/console/login/loginForm.jsp', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Oracle WebLogic Server Administration Console' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/login_img.jpg', + method = 'HEAD' + } + }, + matches = { + { + match = 'RapidLogic', + output = 'AIRAYA WirelessGRID' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/cirronetlogo.gif', + method = 'HEAD' + } + }, + matches = { + { + match = 'Cirronet Wavebolt-AP', + output = 'Cirronet Wavebolt' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/browserId/wizardForm.jhtml', + method = 'HEAD' + }, + { + path = '/webline/html/forms/callback.jhtml', + method = 'HEAD' + }, + { + path = '/webline/html/forms/callbackICM.jhtml', + method = 'HEAD' + }, + { + path = '/webline/html/agent/AgentFrame.jhtml', + method = 'HEAD' + }, + { + path = '/webline/html/agent/default/badlogin.jhtml', + method = 'HEAD' + }, + { + path = '/callme/callForm.jhtml', + method = 'HEAD' + }, + { + path = '/webline/html/multichatui/nowDefunctWindow.jhtml', + method = 'HEAD' + }, + { + path = '/browserId/wizard.jhtml', + method = 'HEAD' + }, + { + path = '/admin/CiscoAdmin.jhtml', + method = 'HEAD' + }, + { + path = '/msccallme/mscCallForm.jhtml', + method = 'HEAD' + }, + { + path = '/webline/html/admin/wcs/LoginPage.jhtml', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Cisco Collaboration Server' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/restoreinfo.cgi', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Sagem router' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/confirminvite.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'phpMyBitTorrent' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/sourcebans/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'SourceBans - Steam server application' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/swfupload/index.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'SWFUpload' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/mymarket/shopping/index.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'MyMarket' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/myshop_start.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'FozzCom shopping' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/piranha/secure/passwd.php3', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'RedHat Piranha Virtual Server' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/cgi-bin/ck/mimencode', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'ContentKeeper Web Appliance' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/cgi-bin/masterCGI?', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Alcatel-Lucent OmniPCX Enterprise' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/tiny_mce/plugins/filemanager/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Tiny MCE File Upload' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/upload/scp/ajax.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'osTicket / AJAX File Upload' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/cgi-mod/view_help.cgi', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Barracuda Networks Spam & Virus Firewall' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/cgi-mod/index.cgi', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Barracuda Web Application Firewall' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/cgi-mod/smtp_test.cgi', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Barracuda IM Firewall' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/TopToolArea.html', + method = 'HEAD' + }, + { + path = '/switchSystem.html', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Alteon OS BBI (Nortell)' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/intruvert/jsp/module/Login.jsp', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'McAfee Network Security Manager' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/ajaxfilemanager/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'AJAX File Manager' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/upload/data/settings.cdb', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'CF Image Hosting DB' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/fm.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Simple File Manager' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/nagios3/cgi-bin/statuswml.cgi', + method = 'HEAD' + }, + { + path = '/nagios3/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Nagios3' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/test/logon.html', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Jetty' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/cal_cat.php', + method = 'HEAD' + }, + { + path = '/calendar/cal_cat.php', + method = 'HEAD' + }, + { + path = '/cal/cal_cat.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Calendarix' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/private/sdc.tgz', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'IBM Bladecenter Management Logs' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/cacti/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Cacti Web Monitoring' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/cgi-bin/awstats.pl', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'AWStats' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/wiki/rankings.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Bit Weaver' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/reqdetails.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'BtiTracker' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/shared/help.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'OpenBiblio/WebBiblio Subject Gateway System' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/seti.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'PHP SETI@home' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/imc/', + method = 'HEAD' + }, + { + path = '/imcws/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = '3Com Intelligent Management Center' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/partymgr/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Apache OFBiz' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/Base/upload.php', + method = 'HEAD' + }, + { + path = '/Base/example_1.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'MassMirror Uploader' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/YUI-upload/html', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'YUI Images / File Upload' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/tools/filemanager/skins/mobile/admin1.template.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'ispCP Omega' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/Uploadify/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Uploadify' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/syssite/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'ShopEx' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/updown.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'PHP Uploader Downloader' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/modules/docmanager/doctypetemplates/myuploadedfile', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Achievo' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/ReqWebHelp/advanced/workingSet.jsp', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'IBM Rational RequisitePro/ReqWebHelp' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/dhost/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Novell eDirectory' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/engine/api/api.class.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'DatalifeEngine' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/jsft_resource.jsf', + method = 'HEAD' + }, + { + path = '/scales_static_resource.jsf', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'JSFTemplating/Mojarra Scales/GlassFish Application Server' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/setup/password_required.html', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = '2WIRE GATEWAY' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/zp-core/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Zen Photo' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/amember/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'aMember' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/.hgignore', + method = 'HEAD' + }, + { + path = '/.gitignore', + method = 'HEAD' + }, + { + path = '/.bzrignore', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Revision control ignore file' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/debug.seam', + method = 'GET' + } + }, + matches = { + { + match = 'JBoss Seam Debug Page', + output = 'JBoss Seam Debug Page' + } + } + }); + +------------------------------------------------ +---- SECURITY SOFTWARE ---- +------------------------------------------------ +-- These checks will find specific installed software. If possible, it will also +-- find versions, etc. + +table.insert(fingerprints, { + category = 'security', + probes = { + { + path = '/CSS/Miniweb.css', + method = 'GET' + } + }, + matches = { + { + match = 'ad_header_form_sprachauswahl', + output = 'SCADA Siemens SIMATIC S7' + } + } + }); + +table.insert(fingerprints, { + category = 'security', + probes = { + { + path = '/S7Web.css', + method = 'GET' + }, + { + path = '/Portal0000.htm', + method = 'GET' + } + }, + matches = { + { + match = '<td class="Title_Area_Name">(.-)</td>', + output = 'SCADA Siemens PCS7: \\1' + }, + { + match = '', + output = 'SCADA Siemens PCS7' + } + } + }); + +table.insert(fingerprints, { + category = 'security', + probes = { + { + path = '/arcsight/', + method = 'HEAD' + }, + { + path = '/arcsight/images/logo-login-arcsight.gif', + method = 'HEAD' + }, + { + path = '/arcsight/images/navbar-icon-logout-on.gif', + method = 'HEAD' + }, + { + path = '/images/logo-arcsight.gif', + method = 'HEAD' + }, + { + path = '/logger/monitor.ftl', + method = 'HEAD' + }, + }, + matches = { + { + output = 'Arcsight' + } + } + }); + +table.insert(fingerprints, { + category = 'security', + probes = { + { + path = '/beef/', + method = 'HEAD' + }, + { + path = '/BEEF/', + method = 'HEAD' + }, + { + path = '/beef/images/beef.gif', + method = 'HEAD' + } + }, + matches = { + { + output = 'BeEF Browser Exploitation Framework' + } + } + }); + +table.insert(fingerprints, { + category = 'security', + probes = { + { + path = '/gfx/form_top_left_corner.gif', + method = 'HEAD' + }, + { + path = '/gfx/logout_24.png', + method = 'HEAD' + }, + { + path = '/gfx/new_logo.gif', + method = 'HEAD' + }, + { + path = '/javascript/sorttable.js', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Secunia NSI' + } + } + }); + +table.insert(fingerprints, { + category = 'security', + probes = { + { + path = '/images/btn_help_nml.gif', + method = 'HEAD' + }, + { + path = '/images/hdr_icon_homeG.gif', + method = 'HEAD' + }, + { + path = '/spControl.php', + method = 'HEAD' + }, + { + path = '/images/isslogo.gif', + method = 'HEAD' + }, + { + path = '/deploymentmanager/', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'IBM Proventia' + } + } + }); + +table.insert(fingerprints, { + category = 'security', + probes = { + { + path = '/i18n/EN/css/foundstone.css', + method = 'HEAD' + }, + { + path = '/i18n/EN/images/external_nav_square.gif', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'Foundstone' + } + } + }); + +table.insert(fingerprints, { + category = 'security', + probes = { + { + path = '/officescan/console/html/cgi/cgiChkMasterPwd.exe', + method = 'HEAD' + }, + { + path = '/officescan/console/html/ClientInstall/officescannt.htm', + method = 'HEAD' + }, + { + path = '/officescan/console/html/images/icon_refresh.gif', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'Trend Micro OfficeScan Server' + } + } + }); + +table.insert(fingerprints, { + category = 'security', + probes = { + { + path = '/picts/BC_bwlogorev.gif', + method = 'HEAD' + }, + { + path = '/picts/menu_leaf.gif', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'BlueCoat Reporter' + } + } + }); + +table.insert(fingerprints, { + category = 'security', + probes = { + { + path = '/theme/images/en/login1.gif', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'Fortinet VPN/Firewall' + } + } + }); + +table.insert(fingerprints, { + category = 'security', + probes = { + { + path = '/', + method = 'GET' + }, + }, + matches = { + { + match = 'id="NessusClient"', + output = 'Nessus' + }, + { + match = 'NessusClient.swf', + output = 'Nessus' + } + } + }); + +table.insert(fingerprints, { + category = 'security', + probes = { + { + path = '/NessusClient.swf', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'Nessus' + } + } + }); + +table.insert(fingerprints, { + category = 'security', + probes = { + { + path = '/dotDefender/', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'dotDefender Web Application Firewall' + } + } + }); + +-- http://www.rapid7.com/db/modules/payload/windows/meterpreter/reverse_hop_http +-- "GET /hop.php?/control" will grab all pending messages, but is unreliable if +-- there are no pending messages. +table.insert(fingerprints, { + category = 'security', + probes = { + { + path = '/hop.php?/12345', + method = 'GET' + }, + }, + matches = { + { + -- TODO: this only works for Meterpreter payloads. Find a more generic means? + match = 'METERPRETER_TRANSPORT_HTTP', + output = 'Metasploit reverse_hop_http hop point' + }, + } + }); + +-- http://carnal0wnage.attackresearch.com/2015/02/cisco-asa-version-grabber-cve-2014-3398.html +table.insert(fingerprints, { + category = 'security', + probes = { + { + path = '/CSCOSSLC/config-auth', + method = 'GET' + }, + }, + matches = { + { + match = '<version who="sg">([^<]+)</version>', + output = 'Cisco ASA, firmware \\1' + }, + } + }); + +------------------------------------------------ +---- MANAGEMENT SOFTWARE ---- +------------------------------------------------ +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/actuator/', + method = 'GET' + }, + { + path = '/auditevents/', + method = 'GET' + }, + { + path = '/autoconfig/', + method = 'GET' + }, + { + path = '/beans/', + method = 'GET' + }, + { + path = '/configprops/', + method = 'GET' + }, + { + path = '/env/', + method = 'GET' + }, + { + path = '/flyway/', + method = 'GET' + }, + { + path = '/health/', + method = 'GET' + }, + { + path = '/healthcheck/', + method = 'GET' + }, + { + path = '/healthchecks/', + method = 'GET' + }, + { + path = '/loggers/', + method = 'GET' + }, + { + path = '/liquibase/', + method = 'GET' + }, + { + path = '/metrics/', + method = 'GET' + }, + { + path = '/mappings/', + method = 'GET' + }, + { + path = '/trace/', + method = 'GET' + } + }, + matches = { + { + output = 'Spring Boot Actuator endpoint' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/heapdump/', + method = 'GET' + }, + { + path = '/jolokia/', + method = 'GET' + } + }, + matches = { + { + output = 'Spring MVC Endpoint' + } + } + }); + + + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/vmware/', + method = 'HEAD' + }, + { + path = '/vmware/imx/vmware_boxes-16x16.png', + method = 'HEAD' + }, + { + path = '/ui/', + method = 'HEAD' + }, + { + path = '/ui/imx/vmwareLogo-16x16.png', + method = 'HEAD' + }, + { + path = '/ui/imx/vmwarePaperBagLogo-16x16.png', + method = 'HEAD' + }, + { + path = '/ui/vManage.do', + method = 'HEAD' + }, + { + path = '/client/VMware-viclient.exe', + method = 'HEAD' + }, + { + path = '/en/welcomeRes.js', + method = 'HEAD' + } + }, + matches = { + { + output = 'VMWare' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/citrix/', + method = 'HEAD' + }, + { + path = '/Citrix/', + method = 'HEAD' + }, + { + path = '/Citrix/MetaFrame/auth/login.aspx', + method = 'HEAD' + }, + { + path = '/images/ctxHeader01.jpg', + method = 'HEAD' + }, + { + path = '/images/Safeword_Token.jpg', + method = 'HEAD' + }, + { + path = '/sw/auth/login.aspx', + method = 'HEAD' + }, + { + path = '/vpn/images/AccessGateway.ico', + method = 'HEAD' + }, + { + path = '/citrix/AccessPlatform/auth/clientscripts/', + method = 'HEAD' + }, + { + path = '/AccessPlatform/auth/clientscripts/', + method = 'HEAD' + }, + { + path = '/Citrix//AccessPlatform/auth/clientscripts/cookies.js', + method = 'HEAD' + }, + { + path = '/Citrix/AccessPlatform/auth/clientscripts/login.js', + method = 'HEAD' + }, + { + path = '/Citrix/PNAgent/config.xml', + method = 'HEAD' + }, + }, + matches = { + { + output = 'Citrix' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/cgi-bin/image/shikaku2.png', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'TeraStation PRO RAID 0/1/5 Network Attached Storage' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/config/public/usergrp.gif', + method = 'HEAD' + }, + { + path = '/pictures/buttons/file_view_mark.gif', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'AXIS StorPoint' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/cpqlogin.htm?RedirectUrl=/&RedirectQueryString=', + method = 'HEAD' + }, + { + path = '/hplogo.gif', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'HP System Management Homepage' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/ie_index.htm', + method = 'HEAD' + }, + { + path = '/ilo.gif', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'HP Integrated Lights Out' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/images/icon_server_connected.gif', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'HP Blade Enclosure' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/mxhtml/images/signin_logo.gif', + method = 'HEAD' + }, + { + path = '/mxhtml/images/status_critical_15.gif', + method = 'HEAD' + }, + { + path = '/mxportal/home/en_US/servicetools.gif', + method = 'HEAD' + }, + { + path = '/mxportal/home/MxPortalFrames.jsp', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'HP Insight Manager' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/xymon/menu/menu.css', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'Xymon' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/rrc.htm', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'Raritan Remote Client' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/manager/html/upload', + method = 'HEAD' + }, + { + path = '/manager/html', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Apache Tomcat' + } + } + }); + +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/axis2/axis2-web/HappyAxis.jsp', + method = 'HEAD' + }, + { + path = '/axis2/', + method = 'HEAD' + }, + { + path = '/happyaxis.jsp', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Apache Axis2' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/web-console/ServerInfo.jsp', + method = 'HEAD' + }, + { + path = '/web-console/Invoker', + method = 'HEAD' + }, + { + path = '/invoker/JMXInvokerServlet', + method = 'HEAD' + }, + { + path = '/invoker/', + method = 'HEAD' + }, + { + path = '/jmx-console/', + method = 'HEAD' + }, + { + path = '/admin-console/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'JBoss Console' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/CFIDE/administrator/enter.cfm', + method = 'HEAD' + }, + { + path = '/CFIDE/administrator/entman/index.cfm', + method = 'HEAD' + }, + { + path = '/cfide/install.cfm', + method = 'HEAD' + }, + { + path = '/CFIDE/administrator/archives/index.cfm', + method = 'HEAD' + }, + { + path = '/CFIDE/wizards/common/_logintowizard.cfm', + method = 'HEAD' + }, + { + path = '/CFIDE/componentutils/login.cfm', + method = 'HEAD' + }, + { + path = '/CFIDE/Administrator/startstop.html', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'ColdFusion Admin Console' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/common/help/en/go/login_ts.html', + method = 'HEAD' + }, + { + path = '/system/login/', + method = 'HEAD' + }, + { + path = '/system/login/reset?next=%2Fsystem%2Flogin&set-lang=en', + method = 'HEAD' + }, + { + path = '/common/images/logos/img_logoMain.jpg', + method = 'HEAD' + }, + }, + matches = { + { + match = 'URL=http://www.macromedia.com/go/breeze_login_help_en', + output = 'Adobe Acrobat Connect Pro' + }, + { + match = '<title>Connect Pro Central Login', + output = 'Adobe Acrobat Connect Pro' + }, + { + match = 'Forgot your password?', + output = 'Adobe Acrobat Connect Pro' + }, + { + match = 'Server: JRun Web Server', + output = 'Adobe Acrobat Connect Pro' + }, + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/Dashboard/Dashboard.html', + method = 'GET' + } + }, + matches = { + { + match = 'Server: Kodak-RulesBasedAutomation', + output = 'Prinergy Dashboard Client Login' + }, + { + match = 'Dashboard', + output = 'Prinergy Dashboard Client Login' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/flexfm/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Flex File Manager' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/lib/usermanagement/userInfo.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Testlink TestManagement' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/security/xamppsecurity.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'XAMPP' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/system/console', + method = 'HEAD' + }, + }, + matches = { + { + match = 'OSGi Management Console', + output = 'OSGi Management Console' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/dm-albums/dm-albums.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'DM FileManager' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + "/ibm/console/logon.jsp?action=OK", + "/console/", + "/console/portal/0/Welcome" + }, + matches = { + { + match = "[Ww][Ee][Bb][Ss][Pp][Hh][Ee][Rr][Ee]", + output = "WebSphere" + }, + { + match = "WSC Console Federation", + output = "WebSphere Commerce" + }, + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/rest/applinks/1.0/manifest', + method = 'GET' + }, + { + path = '/jira/rest/applinks/1.0/manifest', + method = 'GET' + }, + { + path = '/secure/rest/applinks/1.0/manifest', + method = 'GET' + }, + }, + matches = { + { + match = 'jira.*([^<]+)', + output = 'Atlassian Jira \\1' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/rest/servicedeskapi/info', + method = 'GET' + }, + { + path = '/jira/rest/servicedeskapi/info', + method = 'GET' + }, + { + path = '/secure/rest/servicedeskapi/info', + method = 'GET' + }, + }, + matches = { + { + match = '"version":%s*"([^-"]+)', + output = 'Atlassian Jira Service Desk \\1' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/rest/applinks/1.0/manifest', + method = 'GET' + }, + { + path = '/confluence/rest/applinks/1.0/manifest', + method = 'GET' + }, + { + path = '/wiki/rest/applinks/1.0/manifest', + method = 'GET' + }, + }, + matches = { + { + match = 'confluence.*([^<]+)', + output = 'Atlassian Confluence \\1' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/rest/applinks/1.0/manifest', + method = 'GET' + }, + { + path = '/bitbucket/rest/applinks/1.0/manifest', + method = 'GET' + }, + }, + matches = { + { + match = 'stash.*([^<]+)', + output = 'Atlassian Bitbucket Server \\1' + }, + { + match = 'bitbucket.*([^<]+)', + output = 'Atlassian Bitbucket Server \\1' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/rest/applinks/1.0/manifest', + method = 'GET' + }, + { + path = '/bamboo/rest/applinks/1.0/manifest', + method = 'GET' + }, + }, + matches = { + { + match = 'bamboo.*([^<]+)', + output = 'Atlassian Bamboo \\1' + } + } + }); + +table.insert(fingerprints, { + category = 'management', + probes = { + { + path = '/rest/applinks/1.0/manifest', + method = 'GET' + }, + { + path = '/crowd/rest/applinks/1.0/manifest', + method = 'GET' + }, + }, + matches = { + { + match = 'crowd.*([^<]+)', + output = 'Atlassian Crowd \\1' + } + } + }); + +------------------------------------------------ +---- PRINTERS, WEBCAMS, PROJECTORS ---- +------------------------------------------------ +table.insert(fingerprints, { + category = 'printer', + probes = { + { + path = '/x_logo.gif', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Xerox printer' + } + } + }); + +table.insert(fingerprints, { + category = 'printer', + probes = { + { + path = '/gif/hp.gif', + method = 'HEAD' + }, + { + path = '/gif/hp_invent_logo.gif', + method = 'HEAD' + }, + { + path = '/gif/printer.gif', + method = 'HEAD' + }, + { + path = '/hp/device/this.LCDispatcher', + method = 'HEAD' + }, + { + path = '/hp/device/webAccess/index.htm', + method = 'HEAD' + }, + { + path = '/PageSelector.class', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'HP Printer' + } + } + }); + +table.insert(fingerprints, { + category = 'printer', + probes = { + { + path = '/images/lexbold.gif', + method = 'HEAD' + }, + { + path = '/images/lexlogo.gif', + method = 'HEAD' + }, + { + path = '/images/printer.gif', + method = 'HEAD' + }, + { + path = '/printer/image', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Lexmark Printer' + } + } + }); + +table.insert(fingerprints, { + category = 'printer', + probes = { + { + path = '/images/mute_alloff.gif', + method = 'HEAD' + }, + { + path = '/images/pic_bri.gif', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'NEC Projector' + } + } + }); + +table.insert(fingerprints, { + category = 'printer', + probes = { + { + path = '/scanweb/images/scanwebtm.gif', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'SCAN Web (Webcam)' + } + } + }); + +table.insert(fingerprints, { + category = 'printer', + probes = { + { + path = '/view/index.shtml', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'Axis 212 PTZ Network Camera' + } + } + }); + +------------------------------------------------ +---- DATABASES ---- +------------------------------------------------ + +--phpmyadmin db taken from http://milw0rm.com/exploits/8921 +table.insert(fingerprints, { + category = 'database', + probes = { + { + path = '/phpmyadmin/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin/', + method = 'HEAD' + }, + { + path = '/PHPMyAdmin/', + method = 'HEAD' + }, + { + path = '/PMA/', + method = 'HEAD' + }, + { + path = '/pma/', + method = 'HEAD' + }, + { + path = '/dbadmin/', + method = 'HEAD' + }, + { + path = '/myadmin/', + method = 'HEAD' + }, + { + path = '/php-my-admin/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin2/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.2.3/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.2.6/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.5.1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.5.4/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.5.5-rc1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.5.5-rc2/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.5.5/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.5.5-pl1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.5.6-rc1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.5.6-rc2/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.5.6/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.5.7/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.5.7-pl1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.0-alpha/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.0-alpha2/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.0-beta1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.0-beta2/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.0-rc1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.0-rc2/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.0-rc3/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.0/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.0-pl1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.0-pl2/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.0-pl3/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.1-rc1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.1-rc2/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.1-pl1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.1-pl2/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.1-pl3/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.2-rc1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.2-beta1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.2/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.2-pl1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.3/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.3-rc1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.3-pl1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.4-rc1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.4-pl1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.4-pl2/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.4-pl3/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.4-pl4/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.6.4/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.7.0-beta1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.7.0-rc1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.7.0-pl1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.7.0-pl2/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.7.0/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.8.0-beta1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.8.0-rc1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.8.0-rc2/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.8.0/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.8.0.1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.8.0.2/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.8.0.3/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.8.0.4/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.8.1-rc1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.8.1/', + method = 'HEAD' + }, + { + path = '/phpMyAdmin-2.8.2/', + method = 'HEAD' + }, + { + path = '/sqlmanager/', + method = 'HEAD' + }, + { + path = '/php-myadmin/', + method = 'HEAD' + }, + { + path = '/phpmy-admin/', + method = 'HEAD' + }, + { + path = '/mysqladmin/', + method = 'HEAD' + }, + { + path = '/mysql-admin/', + method = 'HEAD' + }, + { + path = '/websql/', + method = 'HEAD' + }, + { + path = '/_phpmyadmin/', + method = 'HEAD' + } + }, + matches = { + { + output = 'phpMyAdmin' + } + } + }); + +table.insert(fingerprints, { + category = 'database', + probes = { + { + path = '/footer1.gif', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = '(possible) Oracle Web server' + } + } + }); + +table.insert(fingerprints, { + category = 'database', + probes = { + { + path = '/homepage.nsf/homePage.gif?OpenImageResource', + method = 'HEAD' + }, + { + path = '/icons/ecblank.gif', + method = 'HEAD' + }, + { + path = '/852566C90012664F', + method = 'HEAD' + }, + { + path = '/admin4.nsf', + method = 'HEAD' + }, + { + path = '/admin5.nsf', + method = 'HEAD' + }, + { + path = '/admin.nsf', + method = 'HEAD' + }, + { + path = '/agentrunner.nsf', + method = 'HEAD' + }, + { + path = '/alog.nsf', + method = 'HEAD' + }, + { + path = '/a_domlog.nsf', + method = 'HEAD' + }, + { + path = '/bookmark.nsf', + method = 'HEAD' + }, + { + path = '/busytime.nsf', + method = 'HEAD' + }, + { + path = '/catalog.nsf', + method = 'HEAD' + }, + { + path = '/certa.nsf', + method = 'HEAD' + }, + { + path = '/certlog.nsf', + method = 'HEAD' + }, + { + path = '/certsrv.nsf', + method = 'HEAD' + }, + { + path = '/chatlog.nsf', + method = 'HEAD' + }, + { + path = '/clbusy.nsf', + method = 'HEAD' + }, + { + path = '/cldbdir.nsf', + method = 'HEAD' + }, + { + path = '/clusta4.nsf', + method = 'HEAD' + }, + { + path = '/collect4.nsf', + method = 'HEAD' + }, + { + path = '/da.nsf', + method = 'HEAD' + }, + { + path = '/dba4.nsf', + method = 'HEAD' + }, + { + path = '/dclf.nsf', + method = 'HEAD' + }, + { + path = '/DEASAppDesign.nsf', + method = 'HEAD' + }, + { + path = '/DEASLog01.nsf', + method = 'HEAD' + }, + { + path = '/DEASLog02.nsf', + method = 'HEAD' + }, + { + path = '/DEASLog03.nsf', + method = 'HEAD' + }, + { + path = '/DEASLog04.nsf', + method = 'HEAD' + }, + { + path = '/DEASLog05.nsf', + method = 'HEAD' + }, + { + path = '/DEASLog.nsf', + method = 'HEAD' + }, + { + path = '/decsadm.nsf', + method = 'HEAD' + }, + { + path = '/decslog.nsf', + method = 'HEAD' + }, + { + path = '/DEESAdmin.nsf', + method = 'HEAD' + }, + { + path = '/dirassist.nsf', + method = 'HEAD' + }, + { + path = '/doladmin.nsf', + method = 'HEAD' + }, + { + path = '/domadmin.nsf', + method = 'HEAD' + }, + { + path = '/domcfg.nsf', + method = 'HEAD' + }, + { + path = '/domguide.nsf', + method = 'HEAD' + }, + { + path = '/domlog.nsf', + method = 'HEAD' + }, + { + path = '/dspug.nsf', + method = 'HEAD' + }, + { + path = '/events4.nsf', + method = 'HEAD' + }, + { + path = '/events5.nsf', + method = 'HEAD' + }, + { + path = '/events.nsf', + method = 'HEAD' + }, + { + path = '/event.nsf', + method = 'HEAD' + }, + { + path = '/homepage.nsf', + method = 'HEAD' + }, + { + path = '/iNotes/Forms5.nsf/$DefaultNav', + method = 'HEAD' + }, + { + path = '/jotter.nsf', + method = 'HEAD' + }, + { + path = '/leiadm.nsf', + method = 'HEAD' + }, + { + path = '/leilog.nsf', + method = 'HEAD' + }, + { + path = '/leivlt.nsf', + method = 'HEAD' + }, + { + path = '/log4a.nsf', + method = 'HEAD' + }, + { + path = '/log.nsf', + method = 'HEAD' + }, + { + path = '/l_domlog.nsf', + method = 'HEAD' + }, + { + path = '/mab.nsf', + method = 'HEAD' + }, + { + path = '/mail10.box', + method = 'HEAD' + }, + { + path = '/mail1.box', + method = 'HEAD' + }, + { + path = '/mail2.box', + method = 'HEAD' + }, + { + path = '/mail3.box', + method = 'HEAD' + }, + { + path = '/mail4.box', + method = 'HEAD' + }, + { + path = '/mail5.box', + method = 'HEAD' + }, + { + path = '/mail6.box', + method = 'HEAD' + }, + { + path = '/mail7.box', + method = 'HEAD' + }, + { + path = '/mail8.box', + method = 'HEAD' + }, + { + path = '/mail9.box', + method = 'HEAD' + }, + { + path = '/mail.box', + method = 'HEAD' + }, + { + path = '/msdwda.nsf', + method = 'HEAD' + }, + { + path = '/mtatbls.nsf', + method = 'HEAD' + }, + { + path = '/mtstore.nsf', + method = 'HEAD' + }, + { + path = '/names.nsf', + method = 'HEAD' + }, + { + path = '/nntppost.nsf', + method = 'HEAD' + }, + { + path = '/nntp/nd000001.nsf', + method = 'HEAD' + }, + { + path = '/nntp/nd000002.nsf', + method = 'HEAD' + }, + { + path = '/nntp/nd000003.nsf', + method = 'HEAD' + }, + { + path = '/ntsync45.nsf', + method = 'HEAD' + }, + { + path = '/perweb.nsf', + method = 'HEAD' + }, + { + path = '/qpadmin.nsf', + method = 'HEAD' + }, + { + path = '/quickplace/quickplace/main.nsf', + method = 'HEAD' + }, + { + path = '/reports.nsf', + method = 'HEAD' + }, + { + path = '/sample/siregw46.nsf', + method = 'HEAD' + }, + { + path = '/schema50.nsf', + method = 'HEAD' + }, + { + path = '/setupweb.nsf', + method = 'HEAD' + }, + { + path = '/setup.nsf', + method = 'HEAD' + }, + { + path = '/smbcfg.nsf', + method = 'HEAD' + }, + { + path = '/smconf.nsf', + method = 'HEAD' + }, + { + path = '/smency.nsf', + method = 'HEAD' + }, + { + path = '/smhelp.nsf', + method = 'HEAD' + }, + { + path = '/smmsg.nsf', + method = 'HEAD' + }, + { + path = '/smquar.nsf', + method = 'HEAD' + }, + { + path = '/smsolar.nsf', + method = 'HEAD' + }, + { + path = '/smtime.nsf', + method = 'HEAD' + }, + { + path = '/smtpibwq.nsf', + method = 'HEAD' + }, + { + path = '/smtpobwq.nsf', + method = 'HEAD' + }, + { + path = '/smtp.box', + method = 'HEAD' + }, + { + path = '/smtp.nsf', + method = 'HEAD' + }, + { + path = '/smvlog.nsf', + method = 'HEAD' + }, + { + path = '/srvnam.htm', + method = 'HEAD' + }, + { + path = '/statmail.nsf', + method = 'HEAD' + }, + { + path = '/statrep.nsf', + method = 'HEAD' + }, + { + path = '/stauths.nsf', + method = 'HEAD' + }, + { + path = '/stautht.nsf', + method = 'HEAD' + }, + { + path = '/stconfig.nsf', + method = 'HEAD' + }, + { + path = '/stconf.nsf', + method = 'HEAD' + }, + { + path = '/stdnaset.nsf', + method = 'HEAD' + }, + { + path = '/stdomino.nsf', + method = 'HEAD' + }, + { + path = '/stlog.nsf', + method = 'HEAD' + }, + { + path = '/streg.nsf', + method = 'HEAD' + }, + { + path = '/stsrc.nsf', + method = 'HEAD' + }, + { + path = '/userreg.nsf', + method = 'HEAD' + }, + { + path = '/vpuserinfo.nsf', + method = 'HEAD' + }, + { + path = '/webadmin.nsf', + method = 'HEAD' + }, + { + path = '/web.nsf', + method = 'HEAD' + }, + { + path = '/.nsf/../winnt/win.ini', + method = 'HEAD' + }, + { + path = '/icons/ecblank.gif', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Lotus Domino' + } + } + }); + +table.insert(fingerprints, { + category = 'database', + probes = { + { + path = '/_api/version', + method = 'GET' + } + }, + matches = { + { + match = '"server":"arango",.-"version":"([^"])"', + output = 'ArangoDB \\1' + } + } + }); + +------------------------------------------------ +---- MICROSOFT ---- +------------------------------------------------ +table.insert(fingerprints, { + category = 'microsoft', + probes = { + { + path = '/_layouts/images/helpicon.gif', + method = 'HEAD' + }, + { + path = '/Pages/Default.aspx', + method = 'HEAD' + }, + { + path = '/PublishingImages/NewsArticleImage.jpg', + method = 'HEAD' + }, + { + path = '/_admin/operations.aspx', + method = 'HEAD' + }, + { + path = '/_app_bin', + method = 'HEAD' + }, + { + path = '/_controltemplates', + method = 'HEAD' + }, + { + path = '/_layouts', + method = 'HEAD' + }, + { + path = '/_layouts/viewlsts.aspx', + method = 'HEAD' + }, + { + path = '/forms/allitems.aspx', + method = 'HEAD' + }, + { + path = '/forms/webfldr.aspx', + method = 'HEAD' + }, + { + path = '/forms/mod-view.aspx', + method = 'HEAD' + }, + { + path = '/forms/my-sub.aspx', + method = 'HEAD' + }, + { + path = '/pages/categoryresults.aspx', + method = 'HEAD' + }, + { + path = '/categories/viewcategory.aspx', + method = 'HEAD' + }, + { + path = '/sitedirectory', + method = 'HEAD' + }, + { + path = '/editdocs.aspx', + method = 'HEAD' + }, + { + path = '/workflowtasks/allitems.aspx', + method = 'HEAD' + }, + { + path = '/lists/tasks/', + method = 'HEAD' + }, + { + path = '/categories/allcategories.aspx', + method = 'HEAD' + }, + { + path = '/categories/SOMEOTHERDIR/allcategories.aspx', + method = 'HEAD' + }, + { + path = '/mycategories.aspx', + method = 'HEAD' + }, + { + path = '/lists/', + method = 'HEAD' + }, + { + path = '/lists/allitems.aspx', + method = 'HEAD' + }, + { + path = '/lists/default.aspx', + method = 'HEAD' + }, + { + path = '/lists/allposts.aspx', + method = 'HEAD' + }, + { + path = '/lists/archive.aspx', + method = 'HEAD' + }, + { + path = '/lists/byauthor.aspx', + method = 'HEAD' + }, + { + path = '/lists/calendar.aspx', + method = 'HEAD' + }, + { + path = '/lists/mod-view.aspx', + method = 'HEAD' + }, + { + path = '/lists/myposts.aspx', + method = 'HEAD' + }, + { + path = '/lists/my-sub.aspx', + method = 'HEAD' + }, + { + path = '/lists/allcomments.aspx', + method = 'HEAD' + }, + { + path = '/lists/mycomments.aspx', + method = 'HEAD' + }, + { + path = '/_layouts/userdisp.aspx', + method = 'HEAD' + }, + { + path = '/_layouts/help.aspx', + method = 'HEAD' + }, + { + path = '/_layouts/download.aspx', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'MS Sharepoint' + } + } + }); + +table.insert(fingerprints, { + category = 'microsoft', + probes = { + { + path = '/projectserver/Home/HomePage.asp', + method = 'HEAD' + }, + { + path = '/projectserver/images/branding.gif', + method = 'HEAD' + }, + { + path = '/projectserver/images/pgHome.gif', + method = 'HEAD' + }, + { + path = '/projectserver/images/pgTask.gif', + method = 'HEAD' + }, + { + path = '/projectserver/Tasks/Taskspage.asp', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'MS Project Server' + } + } + }); + +table.insert(fingerprints, { + category = 'microsoft', + probes = { + { + path = '/exchweb/bin/auth/owalogon.asp', + method = 'HEAD' + }, + { + path = '/images/outlook.jpg', + method = 'HEAD' + }, + { + path = '/owa/8.1.375.2/themes/base/lgntopl.gif', + method = 'HEAD' + }, + { + path = '/owa/', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'Outlook Web Access' + } + } + }); + +table.insert(fingerprints, { + category = 'microsoft', + probes = { + { + path = '/tsweb/', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'Remote Desktop Web Connection' + } + } + }); + +table.insert(fingerprints, { + category = 'microsoft', + probes = { + { + path = '/reportserver/', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Microsoft SQL Report Service' + } + } + }); +------------------------------------------------ +---- NETWORK EQUIPMENT ---- +------------------------------------------------ +-- Routers, switches, etc +table.insert(fingerprints, { + category = 'network', + probes = { + { + path = '/', + method = 'GET' + }, + }, + matches = { + { + match = 'realm="WRT54G"', + output = 'Linksys WRT54g Wireless Router' + } + } + }); + +table.insert(fingerprints, { + category = 'network', + probes = { + { + path = '/HW_logo.html', + method = 'HEAD' + }, + }, + matches = { + { + match = '', + output = 'Huawei HG 530' + } + } + }); + +table.insert(fingerprints, { + category = 'network', + probes = { + { + path = '/icons/icon_set_up_2701XX_01.gif', + method = 'HEAD' + }, + { + path = '/icons/icon_homeportal_2701XX.gif', + method = 'HEAD' + }, + { + path = '/es/images/nav_sl_home_network_01.gif', + method = 'HEAD' + }, + { + path = '/en/images/nav_sl_home_network_01.gif', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = '2WIRE 2701HG' + } + } + }); + +table.insert(fingerprints, { + category = 'network', + probes = { + { + path = '/images/stxx__xl.gif', + method = 'HEAD' + }, + { + path = '/images/bbc__xl.gif', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Thomson TG585' + } + } + }); + +-- HNAP Devices +table.insert(fingerprints, { + category = 'general', + probes = { + { + path = '/HNAP1/', + method = 'GET' + } + }, + matches = { + { + match = '(.-)', + output = '\\1' + } + } + }); + +------------------------------------------------ +---- ATTACKS ---- +------------------------------------------------ +-- These will search for and possibly exploit vulnerabilities. + +table.insert(fingerprints, { + category = 'attacks', + probes = { + { + path = '/sdk/../../../../../../../etc/vmware/hostd/vmInventory.xml', + method = 'GET', + nopipeline = true + }, + { + path = '/sdk/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/vmware/hostd/vmInventory.xml', + method = 'GET', + nopipeline = true + } + }, + matches = { + { + match = '', + output = 'Path traversal in VMWare (CVE-2009-3733)' + }, + { + match = '', + output = 'Possible path traversal in VMWare (CVE-2009-3733)' + } + } + }); + +table.insert(fingerprints, { + category = 'attacks', + probes = { + { + path = '/../../../../../../../../../../etc/passwd', + method = 'GET', + nopipeline = true + }, + { + path = '/../../../../../../../../../../boot.ini', + method = 'GET', + nopipeline = true + } + }, + matches = { + { + match = 'root:', + output = 'Simple path traversal in URI (Linux)' + }, + { + match = 'boot loader', + output = 'Simple path traversal in URI (Windows)' + }, + { + match = '', + output = 'Possible path traversal in URI' + } + } + }); + +table.insert(fingerprints, { + category = 'attacks', + probes = { + { + path = '/.htaccess', + method = 'GET' + }, + { + path = '/.htpasswd', + method = 'GET' + } + }, + matches = { + -- We look for a '200 OK' message on this one, because most Apache servers return an access denied + { + match = '200 OK', + output = 'Incorrect permissions on .htaccess or .htpasswd files' + } + } + }); + +table.insert(fingerprints, { + category = 'attacks', + probes = { + { + path = '/_vti_bin/', + method = 'GET' + }, + { + path = '/_vti_cnf/', + method = 'GET' + }, + { + path = '/_vti_log/', + method = 'GET' + }, + { + path = '/_vti_pvt/', + method = 'GET' + }, + { + path = '/_vti_txt/', + method = 'GET' + }, + { + path = '/postinfo.html' + }, + { + path = '/_vti_bin/_vti_aut/author.dll' + }, + { + path = '/_vti_bin/_vti_aut/author.exe' + }, + { + path = '/_vti_bin/_vti_aut/dvwssr.dll' + }, + { + path = '/_vti_bin/_vti_adm/admin.dll' + }, + { + path = '/_vti_bin/_vti_adm/admin.exe' + }, + { + path = '/_vti_bin/fpcount.exe?Page=default.asp|Image=3' + }, + { + path = '/_vti_bin/shtml.dll' + }, + { + path = '/_vti_bin/shtml.exe' + }, + { + path = '/_vti_pvt/_x_todo.htm' + }, + { + path = '/_vti_pvt/_x_todoh.htm' + }, + { + path = '/_vti_pvt/access.cnf' + }, + { + path = '/_vti_pvt/administrator.pwd' + }, + { + path = '/_vti_pvt/administrators.pwd' + }, + { + path = '/_vti_pvt/authors.pwd' + }, + { + path = '/_vti_pvt/bots.cnf' + }, + { + path = '/_vti_pvt/botinfs.cnf' + }, + { + path = '/_vti_pvt/deptodoc.btr' + }, + { + path = '/_vti_pvt/doctodep.btr' + }, + { + path = '/_vti_pvt/frontpg.lck' + }, + { + path = '/_vti_pvt/linkinfo.cnf' + }, + { + path = '/_vti_pvt/service.cnf' + }, + { + path = '/_vti_pvt/service.grp' + }, + { + path = '/_vti_pvt/service.lck' + }, + { + path = '/_vti_pvt/service.pwd' + }, + { + path = '/_vti_pvt/Service.stp' + }, + { + path = '/_vti_pvt/services.cnf' + }, + { + path = '/_vti_pvt/services.org' + }, + { + path = '/_vti_pvt/structure.cnf' + }, + { + path = '/_vti_pvt/svcacl.cnf' + }, + { + path = '/_vti_pvt/users.pwd' + }, + { + path = '/_vti_pvt/uniqueperm.cnf' + }, + { + path = '/_vti_pvt/writeto.cnf' + }, + }, + matches = { + { + match = '200', + output = 'Frontpage file or folder' + } + } + }); + +table.insert(fingerprints, { + category = 'attacks', + probes = { + { + path = '/.svn/', + method = 'GET' + }, + { + path = '/.svn/text-base/.htaccess.svn-base', + method = 'GET' + }, + { + path = '/.svn/text-base/.htpasswd.svn-base', + method = 'GET' + }, + { + path = '/.svn/text-base/Web.config.svn-base', + method = 'GET' + } + }, + matches = { + { + match = '200', + output = 'Subversion folder' + } + } + }); + +table.insert(fingerprints, { + category = 'attacks', + probes = { + { + path = '/.git/HEAD', + method = 'GET' + }, + }, + matches = { + { + match = 'ref: refs', + output = 'Git folder' + } + } + }); + +table.insert(fingerprints, { + category = 'attacks', + probes = { + { + path = '/.hg/requires', + method = 'GET' + }, + }, + matches = { + { + match = 'revlogv1', + output = 'Mercurial folder' + } + } + }); + +table.insert(fingerprints, { + category = 'attacks', + probes = { + { + path = '/.bzr/README', + method = 'GET' + }, + }, + matches = { + { + match = 'This is a Bazaar', + output = 'Bazaar folder' + } + } + }); + +table.insert(fingerprints, { + category = 'attacks', + probes = { + { + path = '/downloadFile.php', + method = 'GET' + }, + { + path = '/BackupConfig.php', + method = 'GET' + } + }, + matches = { + { + output = 'NETGEAR WNDAP350 2.0.1 to 2.0.9 potential file download and SSH root password disclosure' + } + } + }); + +table.insert(fingerprints, { + category = 'attacks', + probes = { + { + path = '/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\boot.ini', + method = 'GET' + }, + { + path = '/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\Program%20Files\\CSCOpx\\MDC\\Tomcat\\webapps\\triveni\\WEB-INF\\classes\\schedule.properties', + method = 'GET' + }, + { + path = '/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\Program%20Files\\CSCOpx\\lib\\classpath\\com\\cisco\\nm\\cmf\\dbservice2\\DBServer.properties', + method = 'GET' + }, + { + path = '/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\Program%20Files\\CSCOpx\\log\\dbpwdChange.log', + method = 'GET' + } + }, + matches = { + { + match = 'boot loader', + output = 'CiscoWorks (CuOM 8.0 and 8.5) Directory traversal (CVE-2011-0966) (Windows)' + }, + { + match = '', + output = 'Possible CiscoWorks (CuOM 8.0 and 8.5) Directory traversal (CVE-2011-0966) (Windows)' + } + } + }); + +table.insert(fingerprints, { + category = 'attacks', + probes = { + { + path = '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/var/mobile/Library/AddressBook/AddressBook.sqlitedb', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Possible iPhone/iPod/iPad generic file sharing app Directory Traversal (iOS)' + } + } + }); + +table.insert(fingerprints, { + category = 'attacks', + probes = { + { + path = '/Info.live.htm', + method = 'GET' + } + }, + matches = { + { + match = '200', + output = 'Possible DD-WRT router Information Disclosure (BID 45598)' + } + } + }); + +table.insert(fingerprints, { + category = 'attacks', + probes = { + { + path = '/CuteSoft_Client/CuteEditor/Load.ashx?type=image&file=../../../web.config', + method = 'GET' + } + }, + matches = { + { + match = '200', + output = 'Cute Editor ASP.NET Remote File Disclosure ( CVE 2009-4665 )' + } + } + }); + +table.insert(fingerprints, { + category = 'attacks', + probes = { + { + path = '/plugins/PluginController.php?path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00', + method = 'GET' + } + }, + matches = { + { + match = '200', + output = 'OrangeHRM 2.6.3 Local File Inclusion ' + } + } + }); + +table.insert(fingerprints, { + category = 'attacks', + probes = { + { + path = '/tiki-listmovies.php?movie=../../../../../../etc/passwd%001234', + method = 'GET' + } + }, + matches = { + { + match = '200', + output = 'TikiWiki < 1.9.9 Directory Traversal Vulnerability' + } + } + }); + +table.insert(fingerprints, { + category = 'attacks', + probes = { + { + path = '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20', + method = 'GET' + } + }, + matches = { + { + match = '2.0.11%s*([^%s<]*)' + .. '.-Hadoop version:.-%s*([^%s<]*)', + output = 'Hadoop YARN Resource Manager version \\2, state "\\1", Hadoop version \\3' + }, + } + }); + +-- Hadoop Node Resource Manager +table.insert(fingerprints, { + category = 'info', + probes = { + { + path = '/node', + method = 'GET' + }, + }, + matches = { + { + match = 'Node Manager Version:.-%s*([^%s<]*)' + .. '.-Hadoop Version:.-%s*([^%s<]*)', + output = 'Hadoop YARN Node Manager version \\1, Hadoop version \\2' + }, + } + }); + +table.insert(fingerprints, { + category = 'cms', + probes = { + { + path = '/databases/acidcat_3.mdb', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'Acidcat CMS Database' + } + } + }); + +table.insert(fingerprints, { + category = 'cms', + probes = { + { + path = '/mdb-database/dblog.mdb', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'dBlog Database' + } + } + }); + +table.insert(fingerprints, { + category = 'cms', + probes = { + { + path = '/db/users.mdb', + method = 'HEAD' + }, + { + path = '/db/' + } + }, + matches = { + { + match = '', + output = 'BlogWorx Database' + } + } + }); + +table.insert(fingerprints, { + category = 'cms', + probes = { + { + path = '/infusions/avatar_studio/avatar_studio.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'PHP-Fusion Mod avatar_studio' + } + } + }); + +table.insert(fingerprints, { + category = 'cms', + probes = { + { + path = '/bnnr.php', + method = 'HEAD' + }, + { + path = '/vb/bnnr.php', + method = 'HEAD' + }, + { + path = '/forum/bnnr.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'vBulletin ads_saed' + } + } + }); + +table.insert(fingerprints, { + category = 'cms', + probes = { + { + path = '/weblink_cat_list.php', + method = 'HEAD' + } + }, + matches = { + { + match = '', + output = 'WHMCompleteSolution CMS' + } + } + }); + +-- Drupal signatures +table.insert(fingerprints, { + category = 'cms', + probes = { + { + path = '/', + method = 'GET' + } + }, + matches = { + { + match = ' src="/sites/all/themes/', + output = 'Drupal signature' + }, + { + match = ' src="/sites/all/modules/', + output = 'Drupal signature' + }, + { + match = ' href="/sites/all/themes/', + output = 'Drupal signature' + }, + { + match = 'jQuery.extend(Drupal.settings,', + output = 'Drupal signature' + } + } + }); + +-- Drupal files +table.insert(fingerprints, { + category = 'cms', + probes = { + { + path = '/UPGRADE.txt' + }, + { + path = '/INSTALL.txt' + }, + { + path = '/MAINTENERS.txt' + }, + { + path = '/INSTALL.mysql.txt' + }, + { + path = '/INSTALL.pgsql.txt' + }, + { + path = '/update.php' + } + }, + matches = { + { + match = 'Drupal ', + output = 'Drupal file' + } + } + }); + +-- Joomla versions +table.insert(fingerprints, { + category = 'cms', + probes = { + { + -- Detects versions >= 1.60 + path = '/administrator/manifests/files/joomla.xml', + method = 'GET' + }, + { + -- Detects version >= 1.50 and <= 1.5.26 + path = '/language/en-GB/en-GB.xml', + method = 'GET' + }, + { + -- Detects version < 1.50 + path = '/modules/custom.xml', + method = 'GET' + } + }, + matches = { + { + match = '(.-)', + output = 'Joomla version \\1' + } + } + }); + +-- Joomla! +table.insert(fingerprints, { + category = 'cms', + probes = { + { + path = '/htaccess.txt' + }, + { + path = '/templates/system/css/toolbar.css' + }, + { + path = '/templates/beez/css/template_rtl.css' + } + }, + matches = { + { + match = 'Joomla!', + output = 'Joomla!' + } + } + }); + +-- Drupal changelog +table.insert(fingerprints, { + category = 'cms', + probes = { + { + path = '/CHANGELOG.txt' + } + }, + matches = { + { + match = 'Drupal (%d..-),', + output = 'Drupal v1' + } + } + }); + +-- Drupal version +table.insert(fingerprints, { + category = 'cms', + probes = { + { + -- Must be executed on both ports 80, 443 for accurate results + path = '/', + method = 'GET' + } + }, + matches = { + { + match = '