Nessus was able to identify the remote operating system by examining the HTML returned from certain HTTP requests.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(35779);
script_version("1.147");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/23");
script_name(english:"OS Identification : HTML");
script_summary(english:"Identifies devices based on HTML output.");
script_set_attribute(attribute:"synopsis", value:
"The remote web server can be used to identify the host's operating
system.");
script_set_attribute(attribute:"description", value:
"Nessus was able to identify the remote operating system by examining
the HTML returned from certain HTTP requests.");
script_set_attribute(attribute:"solution", value:"n/a");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/05");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"asset_inventory", value:"True");
script_set_attribute(attribute:"os_identification", value:"True");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"General");
script_copyright(english:"This script is Copyright (C) 2009-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("httpver.nasl");
script_require_ports("Services/www");
exit(0);
}
include("http.inc");
var ports = get_kb_list("Services/www");
if (isnull(ports))
exit(0, "No web server was detected.");
ports = make_list(ports);
var default_confidence = 100;
var default_dev_type = "embedded";
# Variables for each device:
#
# nb: for the arrays, *all* elements must be found for a match to occur.
# name description of the device
# confidence confidence level
# dev_type type of the device (eg, embedded, printer, etc).
# port_re regex for port at which to look
# url page to examine
# server string found in Server response header (may be "" if there is *no* such header)
# server_re idem, regex
# headers array of strings found in HTTP response headers
# headers_re array of regexes to match against the headers
# title array of strings found in title
# title_re array of regexes to match against the title
# body array of strings found in body
# body_re array of regexes to match against the body.
var i = 0;
var name = make_array();
var confidence = make_array();
var dev_type = make_array();
var port_re = make_array();
var url = make_array();
var server = make_array();
var server_re = make_array();
var headers = make_array();
var headers_re = make_array();
var title = make_array();
var title_re = make_array();
var body = make_array();
var body_re = make_array();
var redir = make_array();
name[i] = "Android";
dev_type[i] = "mobile";
url[i] = "/";
server_re[i] = "Swift[0-9]+\.[0-9]+";
headers_re[i] = make_list(
'^Location: +.+/www/index\\.html'
);
i++;
name[i] = "Aerohive HiveOS";
dev_type[i] = "embedded";
url[i] = "/";
title_re[i] = make_list(
"^Aerohive HiveUI$"
);
body_re[i] = make_list(
'<td class="hm_version" .+>([0-9]+\\.[^<]+)<',
'<td class="hm_logo" .+>Hive.+OS<'
);
i++;
name[i] = "Avocent MergePoint Unity KVM switch";
dev_type[i] = "switch";
url[i] = "/login.php";
title_re[i] = make_list(
"^MPU[0-9]+E? Explorer"
);
body_re[i] = make_list(
"Avocent, the Avocent logo, MergePoint Unity",
"<b>Appliance firmware version [0-9]+(\.[0-9]+)+</b>"
);
i++;
name[i] = "AXIS Network Document Server";
confidence[i] = 85;
dev_type[i] = "embedded"; # 'scanner'?
url[i] = "/this_server/all_settings.shtml";
title_re[i] = make_list(
"^Settings List"
);
body_re[i] = make_list(
'This AXIS ([0-9][^ ]+) Settings List',
'var aWindow = window.+this_server/config_ini\\.shtml',
'PaperSize0'
);
i++;
name[i] = "AXIS Print Server";
confidence[i] = 85;
dev_type[i] = "printer";
port_re[i] = "^(80|631)$";
url[i] = "/";
title_re[i] = make_list(
"^Network Print Server"
);
body_re[i] = make_list(
'WARNING: Contact with the print server will be lost a while, during the restart',
'<td> <b>AXIS [0-9][^ ]+</b></td>'
);
i++;
name[i] = "Belkin Wireless G Plus MIMO Router";
dev_type[i] = "wireless-access-point";
url[i] = "/";
title_re[i] = make_list(
"^Belkin Wireless G Plus MIMO Router"
);
body[i] = make_list(
'<FRAME SRC="/status.htm" NAME="main"'
);
i++;
name[i] = "Blue Coat PacketShaper";
dev_type[i] = "embedded";
url[i] = "/login.htm";
server[i] = "httpd/1.";
title_re[i] = make_list(
"PacketShaper Login$"
);
body_re[i] = make_list(
'(alt="Blue Coat Systems logo"|Blue Coat Systems, Inc\\. All rights reserved\\.)'
);
i++;
# nb: there are two fingerprints for imageRUNNER printers.
name[i] = "Canon imageRUNNER Printer";
dev_type[i] = "printer";
port_re[i] = "^80$";
url[i] = "/";
server[i] = "CANON HTTP Server";
headers_re[i] = make_list(
'<META http-equiv=Refresh content="0; URL=http.+:8000/rps/"'
);
i++;
name[i] = "Canon imageRUNNER Printer";
dev_type[i] = "printer";
port_re[i] = "^80$";
url[i] = "/";
server[i] = "CANON HTTP Server";
body[i] = make_list(
"function goto_country(){",
"\./twelcome\.cgi\?CorePGTAG"
);
i++;
name[i] = "Canon PIXMA Printer";
dev_type[i] = "printer";
port_re[i] = "^80$";
url[i] = "/English/pages_MacUS/index.html";
server[i] = "KS_HTTP/";
body[i] = make_list(
"<title>Canon [A-Za-z0-9\-]+ series Network Configuration \| Basic Information</title>",
"Link Quality:</th>"
);
i++;
name[i] = "Check Point GAiA";
confidence[i] = 80;
dev_type[i] = "firewall";
url[i] = "/";
server[i] = "CPWS";
body[i] = make_list(
'content="WEBUI LOGIN PAGE"',
"var version='R",
'var formAction="/cgi-bin/home.tcl:'
);
i++;
# nb: this web server should be flagged also as "Service/cp_ica" by
# checkpoint_ica_detect.nasl.
name[i] = "Check Point GAiA";
confidence[i] = 70;
dev_type[i] = "firewall";
url[i] = "/";
server[i] = "Check Point";
title[i] = make_list(
'Check Point Certificate Services'
);
body[i] = make_list(
"window.status='Install this CA certification path'"
);
i++;
# nb: Cisco distributes this as either a dedicated server with RHEL
# or an OVA. Confidence is low since we can't distinguish between
# them with just this fingerprint.
name[i] = "CISCO Application Networking Manager (ANM)";
confidence[i] = 70;
dev_type[i] = "embedded";
url[i] = "/";
server[i] = "Jetty/";
title_re[i] = make_list(
"^ANM - Login$"
);
body[i] = make_list(
'<div class="cuesLoginProductName">Application Networking Manager</div>',
'src="/cues_images/cisco_logo_header.png" align="absmiddle" title="Cisco" alt="Cisco"/>'
);
i++;
name[i] = "CISCO IP Telephone 7937G";
url[i] = "/localmenus.cgi?func=604";
server[i] = "Rockpile Web Server";
body[i] = make_list(
"<CiscoIPPhoneIconMenu>"
);
body_re[i] = make_list(
'<Name>: +Cisco IP Phone 7937G, Global</Name>'
);
redir[i] = 1;
i++;
name[i] = "CISCO IP Telephone 7941G";
url[i] = "/";
server[i] = "Allegro-Software-RomPager";
title[i] = make_list(
"Cisco Systems, Inc."
);
body[i] = make_list(
'<font color="#FFFFFF" size="4">Cisco Unified IP Phone CP-7941G'
);
redir[i] = 1;
i++;
name[i] = "CISCO IP Telephone 7960";
url[i] = "/";
server[i] = "Allegro-Software-RomPager";
title[i] = make_list(
"Cisco Systems, Inc."
);
body_re[i] = make_list(
'<font color="#FFFFFF" size="4">(Cisco|Cisco Systems, Inc\\.) IP Phone 7960 \\( SEP'
);
redir[i] = 1;
i++;
name[i] = "CISCO IP Telephone 7971G";
url[i] = "/";
server[i] = "Allegro-Software-RomPager";
title[i] = make_list(
"Cisco Systems, Inc."
);
body[i] = make_list(
'<font color="#FFFFFF" size="4">Cisco Unified IP Phone CP-7971G'
);
redir[i] = 1;
i++;
name[i] = "CISCO IP Telephone CP-8851";
url[i] = "/";
# No server header for this model
title[i] = make_list(
"Cisco Systems, Inc."
);
body[i] = make_list(
'<font color="#FFFFFF" size="4">Cisco IP Phone CP-8851'
);
redir[i] = 1;
i++;
name[i] = "CISCO Unified IP Telephone CP-8831";
url[i] = "/";
# No server header for this model
title[i] = make_list(
"Cisco Systems, Inc."
);
body[i] = make_list(
'<font color="#FFFFFF" size="4">Cisco Unified IP Phone CP-8831'
);
redir[i] = 1;
i++;
name[i] = "CISCO IP Telephone 7910";
url[i] = "/";
server[i] = "Allegro-Software-RomPager";
title[i] = make_list(
"Cisco Systems, Inc."
);
body_re[i] = make_list(
'<font color="#FFFFFF" size="4">(Cisco|Cisco Systems, Inc\\.) IP Phone (CP-)?7910G? \\( SEP'
);
redir[i] = 1;
i++;
name[i] = "CISCO IP Telephone 7911";
url[i] = "/";
server[i] = "Allegro-Software-RomPager";
title[i] = make_list(
"Cisco Systems, Inc."
);
body_re[i] = make_list(
'<font color="#FFFFFF" size="4">(Cisco|Cisco Systems, Inc\\.) Unified IP Phone (CP-)?7911G? \\( SEP'
);
redir[i] = 1;
i++;
name[i] = "CISCO IP Telephone 7940";
url[i] = "/";
server[i] = "Allegro-Software-RomPager";
title[i] = make_list(
"Cisco Systems, Inc."
);
body_re[i] = make_list(
'<font color="#FFFFFF" size="4">(Cisco|Cisco Systems, Inc\\.) IP Phone (CP-)?7940G? \\( SEP'
);
redir[i] = 1;
i++;
name[i] = "CISCO IP Telephone 7960G";
url[i] = "/";
server[i] = "Allegro-Software-RomPager";
title[i] = make_list(
"Cisco Systems, Inc."
);
body_re[i] = make_list(
'<font color="#FFFFFF" size="4">(Cisco|Cisco Systems, Inc\\.) IP Phone (CP-)?7960G \\( SEP'
);
redir[i] = 1;
i++;
name[i] = "CISCO Unified IP Telephone 7961G";
url[i] = "/";
server[i] = "Allegro-Software-RomPager";
title[i] = make_list(
"Cisco Systems, Inc."
);
body_re[i] = make_list(
'<font color="#FFFFFF" size="4">(Cisco|Cisco Systems, Inc\\.) Unified IP Phone (CP-)?7961G \\( SEP'
);
redir[i] = 1;
i++;
name[i] = "CISCO Unified IP Telephone 7962G";
url[i] = "/";
server[i] = "Allegro-Software-RomPager";
title[i] = make_list(
"Cisco Systems, Inc."
);
body_re[i] = make_list(
'<font color="#FFFFFF" size="4">(Cisco|Cisco Systems, Inc\\.) Unified IP Phone (CP-)?7962G \\( SEP'
);
redir[i] = 1;
i++;
name[i] = "CISCO ATA";
port_re[i] = "^80$";
url[i] = "/";
title[i] = make_list(
"Login Page"
);
body_re[i] = make_list(
'<TD class=APPNAME>Phone Adapter Configuration Utility</TD>'
);
i++;
# Cisco IP phone: Catch-all attempt to capture model
name[i] = "CISCO IP Telephone";
url[i] = "/";
title[i] = make_list(
"Cisco Systems, Inc."
);
body_match[i] =
[
{
'pattern' : '<font color="#FFFFFF" size="4">(?:Cisco|Cisco Systems, Inc\\.) (?:Unified )?IP Phone ((?:[A-Z]+-)?[0-9]+[A-Z]?)'
}
];
confidence[i] = 95;
redir[i] = 1;
i++;
# Keep this in just in case
# generic catch-all for Cisco IP Telephones
# Several servers used
name[i] = "CISCO IP Telephone";
port_re[i] = "^80$";
url[i] = "/";
title[i] = make_list(
"Cisco Systems, Inc."
);
body_re[i] = make_list(
'<font color="#FFFFFF" size="4">(Cisco|Cisco Systems, Inc\\.)( Unified)? IP Phone ([A-Z]+-)?[0-9]+[A-Z]?'
);
redir[i] = 1;
i++;
name[i] = "CISCO IPS";
confidence[i] = 85;
url[i] = "/idm/index.html";
server[i] = "HTTP/1.1 compliant";
title[i] = make_list(
"IPS Device Manager"
);
body[i] = make_list(
'Cisco IPS devices'
);
i++;
name[i] = "CISCO Network Analysis Module (NAM)"; # old versions, circa 2001
dev_type[i] = "embedded";
url[i] = "/";
title_re[i] = make_list(
"^NAM Web Manager$"
);
body_re[i] = make_list(
"Divva Home Page\..+This page just redirects",
"Copyright \(c\) .+ by cisco Systems, Inc\."
);
i++;
name[i] = "CISCO Network Analysis Module (NAM)";
dev_type[i] = "embedded";
url[i] = "/authenticate/login";
title_re[i] = make_list(
"^NAM Login$"
);
body_re[i] = make_list(
"productName='Network Analysis Module'",
"(Cisco reserves the right|Cisco will not have any liability)"
);
i++;
name[i] = "Cisco NX-OS";
dev_type[i] = "switch";
url[i] = "/";
title_re[i] = make_list(
"^Cisco Nexus [0-9]+[a-zA-Z]*$"
);
body_re[i] = make_list(
"<h1>Cisco Nexus [0-9]+[a-zA-Z]*</h1>",
'<a href="http://www\\.cisco\\.com/go/nexus[0-9]+[a-zA-Z]*">'
);
i++;
name[i] = "Cisco NX-OS";
dev_type[i] = "switch";
confidence[i] = 60;
url[i] = "/";
port_re[i] = "^(80|443|8443)$";
server[i] = "nginx/";
title_re[i] = make_list(
"^401 Authorization Required$"
);
headers[i] = make_list(
'WWW-Authenticate: Basic realm="Secure Zone"'
);
body[i] = make_list(
'401 Authorization Required',
'<center>nginx/',
'<!-- a padding to disable MSIE and Chrome friendly error page -->'
);
i++;
name[i] = "Cisco PAP2T Phone Adapter";
port_re[i] = "^80$";
url[i] = "/index.html";
title[i] = make_list(
"Linksys PAP2 Configuration"
);
body[i] = make_list(
'<td>Product Name:<td><font color="darkblue">PAP2T<'
);
i++;
name[i] = "CISCO VPN Concentrator";
dev_type[i] = "VPN";
confidence[i] = 85;
port_re[i] = "^(80|443)$";
url[i] = "/admin.html";
server[i] = "Web Server";
title_re[i] = make_list(
"^Cisco Systems, Inc\. VPN [0-9].+ Concentrator"
);
body_re[i] = make_list(
'<h2>VPN [0-9].+ Concentrator</h2>'
);
i++;
name[i] = "CISCO";
dev_type[i] = "router";
confidence[i] = 66;
port_re[i] = "^(80|443)$";
url[i] = "/";
server[i] = "";
headers[i] = make_list(
'Expires:',
'WWW-Authenticate: Basic realm="level 15 access"'
);
body[i] = make_list(
'<H1>Authorization Required</H1>Browser not authentication-capable or authentication failed.</BODY>'
);
i++;
name[i] = "Citrix NetScaler";
dev_type[i] = "embedded";
url[i] = "/";
title_re[i] = make_list(
"^Citrix Login$"
);
body_re[i] = make_list(
'<form name="form1" action="/login/do_login"',
'<td class="ns_login_header">'
);
i++;
name[i] = "Corero TopLayer IPS";
dev_type[i] = "embedded";
confidence[i] = 85;
url[i] = "/";
title[i] = make_list(
"^IPS Management Application$"
);
body[i] = make_list(
'<img src="index_page_ips.png"',
'<area href="/jaws/ips/ips.jnl"'
);
i++;
name[i] = "D-Link ShareCenter";
confidence[i] = 85;
dev_type[i] = "embedded";
url[i] = "/";
server[i] = "Server: lighttpd/";
body[i] = make_list(
'//Text:In order to access the ShareCenter, ',
'<form name="form" id="form" method="post" action="/cgi-bin/login_mgr.cgi">'
);
i++;
name[i] = "Dell iDRAC 6";
dev_type[i] = "embedded";
confidence[i] = 85;
url[i] = "/dellUI/login.htm";
server[i] = "lighttpd/";
body[i] = make_list(
'top.location.href = "/Applications/dellUI/login.htm";',
'alt="Integrated Dell Remote Access Controller" title="iDRAC6 Enterprise"'
);
i++;
name[i] = "Dell Laser Printer";
dev_type[i] = "printer";
port_re[i] = "^80$";
url[i] = "/";
server[i] = "EWS-NIC4/";
title[i] = make_list(
"Dell MFP Laser"
);
i++;
name[i] = "Eaton Powerware UPS with a ConnectUPS Web/SNMP Card";
dev_type[i] = "embedded";
confidence[i] = 95;
server[i] = "UPS_Server/";
url[i] = "/PSummary.html"; # nb: /rss2.xml could be a useful alternative page
body[i] = make_list(
'<form name=PSummary action=',
'>UPS Model<',
'>POWERWARE ',
'>ConnectUSP Web/SNMP Card'
);
i++;
name[i] = "EMC CLARiiON";
dev_type[i] = "embedded";
url[i] = "/start.js";
body[i] = make_list(
'var _naviVersion =',
'code="com.emc.navisphere'
);
i++;
name[i] = "EMC Data Domain OS";
server[i] = "Apache";
dev_type[i] = "embedded";
url[i] = "/ddem/";
title_re[i] = make_list(
"^Enterprise Manager$"
);
body[i] = make_list(
'<!-- title>DataDomain Enterprise Manager</title -->'
);
i++;
name[i] = "Emerson Industrial Automation SM-Ethernet Drive Controller";
confidence[i] = 80;
url[i] = "/";
server[i] = "Allegro-Software-RomPager/";
title[i] = make_list("Drive Description");
body[i] = make_list(
'Emerson',
'SM-Ethernet'
);
i++;
name[i] = "EPSON Stylus Printer";
dev_type[i] = "printer";
port_re[i] = "^80$";
url[i] = "/";
server[i] = "EPSON_Linux UPnP/";
title[i] = make_list(
"Epson Stylus"
);
i++;
name[i] = "EulerOS";
url[i] = "/";
server[i] = "Apache/";
title[i] = make_list(
"Test Page for the Apache HTTP Server on EulerOS Linux"
);
body[i] = make_list(
"For information on EulerOS Linux,",
"<h1>EulerOS Linux "
);
dev_type[i] = "general-purpose";
confidence[i] = 80;
i++;
name[i] = "ExtremeXOS";
url[i] = "/";
server[i] = "XOS ";
title[i] = make_list(
"ExtremeXOS ScreenPlay®"
);
body[i] = make_list(
"/com/extremenetworks/"
);
confidence[i] = 99;
i++;
name[i] = "ExtremeXOS";
url[i] = "/";
title[i] = make_list(
"{{pageTitle}}"
);
body[i] = make_list(
'<meta name="author" content="Extreme Networks, Inc.">',
'<a href="{{resourceBundle.extreme_support_url}}"',
'<a href="{{resourceBundle.exos_documents_url}}"'
);
dev_type[i] = "embedded";
confidence[i] = 80;
i++;
name[i] = "F5 Networks BIG-IP";
dev_type[i] = "load-balancer";
url[i] = "/tmui/";
headers_re[i] = make_list(
'^401 F5 Authorization Required',
'^WWW-Authenticate: +Basic realm="BIG-IP"'
);
i++;
name[i] = "F5 Networks BIG-IQ";
dev_type[i] = "embedded";
url[i] = "/";
title_re[i] = make_list(
"BIG-IQ™- Redirect"
);
body_re[i] = make_list(
'<meta name="Copyright" content="Copyright \\(c\\) [^ ]+, F5 Networks, Inc'
);
i++;
name[i] = "FireEye OS";
dev_type[i] = "embedded";
url[i] = "/";
title_re[i] = make_list(
"FireEye - Please Log In"
);
body_re[i] = make_list(
'<link href="\\/stylesheets\\/templates\\/fireeye\\/',
"© Copyright .* FireEye, Inc\. All rights reserved\."
);
i++;
name[i] = "FortiOS on Fortinet FortiGate";
dev_type[i] = "firewall";
url[i] = "/login";
body[i] = make_list(
'if (window.opener) {window.opener.top.location.reload(); self.close();}',
'>Warning: this page requires Javascript. To correctly view, please enable it',
'str_table.lockout_msg = "Too many login failures. Please try again in a few minutes...";'
);
i++;
name[i] = "HDHomeRun Networked Digital TV Tuner";
port_re[i] = "^80$";
url[i] = "/";
server[i] = "UPnP/";
title[i] = make_list(
"HDHomeRun"
);
body[i] = make_list(
"Silicondust HDHomeRun™"
);
body_re[i] = make_list(
'<div class="S">Device ID: [0-9A-Fa-f]+<br',
'Firmware: [0-9]+'
);
i++;
name[i] = "Hikvision Digital Video Server";
dev_type[i] = "camera";
url[i] = "/";
server[i] = "WindWeb/";
title_re[i] = make_list(
"^newocx$"
);
body[i] = make_list(
'name=activex ><WINDWEB_URL>',
'codebase="../codebase/NewHCNetActiveX.cab'
);
i++;
name[i] = "Hitachi Projector";
dev_type[i] = "embedded";
port_re[i] = "^80$";
url[i] = "/index.html";
server[i] = "Allegro-Software-RomPager/";
title_re[i] = make_list(
'^Logon$'
);
body[i] = make_list(
'<script src="/FS/FLASH0/prj0B02.js',
'enable JavaScript in order to use the projector web pages',
'str = ProjectorNameAnalyze(str)',
'>PIN Lock & Transition Detector'
);
i++;
name[i] = "HP LaserJet";
dev_type[i] = "printer";
url[i] = "/";
server_re[i] = "(HP-Chai(SOE|Server)|Virata-EmWeb)/";
body_re[i] = make_list(
"(/hp/device/this.LCDispatcher|<title> HP Color LaserJet)"
);
i++;
name[i] = "HP LaserJet";
dev_type[i] = "printer";
url[i] = "/";
server[i] = "Server: $ProjectRevision: ";
title[i] = make_list(
"HP LaserJet"
);
body[i] = make_list(
'<td><div class="mastheadPhoto"><img src="/Images/masthead.jpg" alt="Printer Cartridges">'
);
i++;
name[i] = "HP Integrated Lights Out";
dev_type[i] = "embedded";
url[i] = "/";
body_re[i] = make_list(
"Copyright .+ Hewlett-Packard Development Company",
# nb: the title is combined in the regex here because
# older iLO boards didn't have it.
'(If you are communicating with iLO|<title>iLO [0-9]+</title>|SetCookie\\("hp-iLO-Login"|Note: 128-bit SSL is required to access iLO\\.)'
);
i++;
# nb: http://en.wikipedia.org/wiki/Guardian_Service_Processor
name[i] = "HP Guardian Service Processor";
confidence[i] = 75;
dev_type[i] = "general-purpose";
url[i] = "/";
title[i] = make_list(
'HP Web Console on'
);
body[i] = make_list(
'<APPLET CODE="pericom/TeemWorld/TeemWorld.class" ARCHIVE="TeemWorld.jar" ',
'<PARAM NAME=IPAddress',
'<PARAM NAME=SubTitle VALUE = "Hewlett Packard">'
);
i++;
# nb: there are several different signatures for ProCurve switches.
name[i] = "HP Switch";
confidence[i] = 75;
dev_type[i] = "switch";
server[i] = "eHTTP v";
url[i] = "/";
title[i] = make_list(
"ProCurve Switch"
);
i++;
name[i] = "HP Switch";
confidence[i] = 75;
dev_type[i] = "switch";
server[i] = "eHTTP v";
url[i] = "/banner.html";
title[i] = make_list(
"Notice to users"
);
body[i] = make_list(
"Please register your products now at:",
"www.ProCurve.com"
);
i++;
name[i] = "HP Switch";
confidence[i] = 75;
dev_type[i] = "switch";
server[i] = "eHTTP v";
url[i] = "/html/nhome.html";
title[i] = make_list(
"HP Switch "
);
body[i] = make_list(
'<div class="procurvelogo">'
);
i++;
name[i] = "IBM BNT";
dev_type[i] = "switch";
url[i] = "/";
server[i] = "Agranat-EmWeb";
title[i] = make_list(
"Login to IBM Networking Operating System RackSwitch"
);
body[i] = make_list(
'<TD><H1><CENTER> <FONT color="#666699">Login to</FONT></CENTER>',
'<FORM METHOD=POST NAME=loginForm ACTION="/login.html/bar">',
'<INPUT NAME="username" id="username" TYPE="text" onfocus="this.form.username.value='
);
i++;
name[i] = "IBM Global Console Manager GCM16 KVM";
dev_type[i] = "embedded";
url[i] = "/login.php";
server[i] = "AEWS/";
title_re[i] = make_list(
"^GCM16 Explorer$"
);
body[i] = make_list(
"<form method='post' action='/login.php' class='form-block'>"
);
i++;
name[i] = "IBM Global Console Manager GCM32 KVM";
dev_type[i] = "embedded";
url[i] = "/login.php";
server[i] = "AEWS/";
title_re[i] = make_list(
"^GCM32 Explorer$"
);
body[i] = make_list(
"<form method='post' action='/login.php' class='form-block'>"
);
i++;
name[i] = "Infoblox NetMRI";
dev_type[i] = "embedded";
confidence[i] = 75;
url[i] = "/netmri/config/userAdmin/login.tdf";
title[i] = make_list(
"JavaScript required"
);
body[i] = make_list(
'action="/netmri/config/userAdmin/login.tdf"',
'<input type=hidden name=mode value="LOGIN-FORM"'
);
i++;
name[i] = "IP Power 9258";
dev_type[i] = "embedded";
url[i] = "/";
title_re[i] = make_list(
'^IP9258$'
);
body[i] = make_list(
'<form NAME="login" ACTION="/tgi/login.tgi"',
'<b>IP9258 Login</b>'
);
i++;
name[i] = "Konica Minolta Digital Copier/Printer";
dev_type[i] = "printer";
url[i] = "/";
title[i] = make_list(
"KONICA MINOLTA PageScope Web Connection for magicolor"
);
i++;
name[i] = "KYOCERA Printer";
dev_type[i] = "printer";
url[i] = "/start/start.htm";
server[i] = "KM-MFP-http/V";
body[i] = make_list(
'Kyocera Command Center',
'<!--The title is the model name read from the printer ***-->'
);
i++;
name[i] = "KYOCERA Printer";
dev_type[i] = "printer";
url[i] = "/";
server[i] = "KM-MFP-http/V";
body[i] = make_list(
'<frame name=wlmframe src="/startwlm/Start_Wlm.htm"'
);
i++;
name[i] = "Lantronix Universal Device Server UDS1100";
dev_type[i] = "embedded";
confidence[i] = 80;
url[i] = "/";
body[i] = make_list(
'<meta http-equiv="refresh" content="1; URL=secure/ltx_conf.htm">',
'function doRedirect() {'
);
i++;
# nb: The banner reports the server as Apache, but other (non-existent?)
# pages return a different Server response header.
name[i] = "Mandiant Intelligent Response appliance";
url[i] = "/index.asp";
server[i] = "MIR";
headers[i] = make_list(
'^WWW-Authenticate: basic realm="MIR Realm"'
);
body[i] = make_list(
'You are not authorized to access this resource.'
);
i++;
name[i] = "McAfee Web Gateway";
confidence[i] = 85;
dev_type[i] = "embedded";
url[i] = "/Konfigurator/request";
server[i] = "Server: mwg-ui";
title[i] = make_list(
'^McAfee | Web Gateway - '
);
body[i] = make_list(
'loginform',
'/Konfigurator/images/tab-bar-logo.gif" align="top">'
);
i++;
name[i] = "MikroTik RouterOS";
url[i] = "/";
body[i] = make_list(
'<h1>RouterOS v',
'You have connected to a router. Administrative access only.',
'>© mikrotik<'
);
i++;
name[i] = "MikroTik RouterOS"; # nb: 4.x and older
url[i] = "/";
body_re[i] = make_list(
'>mikrotik routeros [0-9].+ configuration page<'
);
i++;
name[i] = "NetBotz Monitoring Appliance";
dev_type[i] = "embedded";
url[i] = "/";
title_re[i] = make_list(
'^NetBotz Network Monitoring Appliance'
);
body[i] = make_list(
'<frame src="statusHeader.html"',
'<frame src="crawlerLogin.html"'
);
i++;
name[i] = "NETGEAR FVS318N ProSafe Wireless-N VPN Firewall";
dev_type[i] = "wireless-access-point";
url[i] = "/scgi-bin/platform.cgi";
title[i] = make_list(
"NETGEAR Configuration Manager Login"
);
body_re[i] = make_list(
'NETGEAR ProSafe.+ VPN Firewall FVS318N'
);
i++;
name[i] = "Nortel Meridian Integrated RAN (MIRAN)";
confidence[i] = 80;
dev_type[i] = "embedded";
url[i] = "/"+SCRIPT_NAME;
server[i] = "WindWeb/";
body[i] = make_list(
'Please mail problems to <a href="mailto:.+@nortelnetworks".+Miran BUI Development'
);
i++;
name[i] = "Oracle Linux Server";
dev_type[i] = "general-purpose";
confidence[i] = 96;
url[i] = "/";
port_re[i] = "^(8000)$";
body_re[i] = make_list(
'"VARIANT_ID":"tenablecore"',
'"PRETTY_NAME":"Oracle Linux Server ([\\d.]+)"'
);
body_match[i] = [ { 'pattern' : '"Oracle Linux Server ([\\d.]+)"' } ];
i++;
name[i] = "OpenBSD";
dev_type[i] = "general-purpose";
url[i] = "/";
title[i] = make_list(
'Test Page for Apache Installation'
);
body[i] = make_list(
'<img src="openbsd_pb.gif" alt="[Powered by OpenBSD]">'
);
i++;
name[i] = "QNAP QTS on a TS-Series NAS";
dev_type[i] = "embedded";
url[i] = "/cgi-bin";
server[i] = "http server ";
title[i] = make_list(
"QNAP Turbo NAS"
);
body[i] = make_list(
'QNAP.QOS.user = {'
);
i++;
name[i] = "Secure Mail (IronMail) Appliance";
dev_type[i] = "embedded";
url[i] = "/admin/login.do";
title_re[i] = make_list(
'(Secure Computing|IronMail®)'
);
body[i] = make_list(
'<form name="LoginForm" method="post" action="/admin/auth.do',
'<div class="loginProductName">'
);
i++;
# nb: there are two entries for Juniper SSL VPN Appliance.
name[i] = "Juniper SSL VPN Appliance";
port_re[i] = "^443$";
url[i] = "/";
title[i] = make_list(
"Secure Access SSL VPN"
);
body_re[i] = make_list(
'<div>Copyright © 2[0-9]+-2[0-9]+ Juniper Networks, Inc\\.</div>',
'/dana-na/(auth|auth/url_admin|auth/url_default)/welcome\\.cgi'
);
i++;
name[i] = "Juniper SSL VPN Appliance";
confidence[i] = 71;
port_re[i] = "^443$";
url[i] = "/"+SCRIPT_NAME;
server[i] = "";
headers_re[i] = make_list(
'^Location: +.+/dana-na/auth/welcome\\.cgi',
'^Set-Cookie: DSLaunchURL='
);
i++;
name[i] = "KYOCERA Print Server";
dev_type[i] = "printer";
port_re[i] = "^80$";
url[i] = "/links_en.html";
body[i] = make_list(
'kyocera',
'/status/pport_en.html'
);
i++;
name[i] = "PCoIP Zero Client";
confidence[i] = 80;
dev_type[i] = "embedded";
url[i] = "/login.html";
server[i] = "Server: $ProjectRevision: ";
title[i] = make_list(
"Log In"
);
body[i] = make_list(
'<h4>PCoIP® Zero Client</h4>'
);
i++;
name[i] = "Pitney Bowes Digital Mailing System";
confidence[i] = 65;
dev_type[i] = "embedded";
url[i] = "/en/main.js";
body[i] = make_list(
'"./public/stat/sysst_indx.htm"',
'"./private/mainte/firm_up_indx.htm",',
'window.open("../../help/help_"+dir+"_indx.htm?id="+id+"&sub="+sub,"");'
);
i++;
name[i] = "Riverbed Optimization System (RiOS) on a Riverbed SteelHead";
confidence[i] = 75;
dev_type[i] = "embedded";
url[i] = "/mgmt/login?dest=%2Fmgmt%2Fgui%3Fp%3Dhome&reason=&username=";
body_re[i] = make_list(
'<p class="announcement">Riverbed Steel[Hh]ead',
'src="/images/poweredby.gif" alt="Powered by RiOS™"'
);
i++;
name[i] = "Samsung Data Management Server"; # v1.x
dev_type[i] = "scada";
url[i] = "/";
title[i] = make_list(
"Samsung Data Management Server"
);
body[i] = make_list(
'com.samsung.dms.checkjre.CheckJRE'
);
i++;
name[i] = "Samsung Data Management Server"; # v2.x
dev_type[i] = "scada";
url[i] = "/dms2/Login.jsp";
title[i] = make_list(
"Samsung Data Management Server"
);
body[i] = make_list(
'>LOGIN Data Management Server<'
);
i++;
name[i] = "SCO OpenServer";
url[i] = "/dochome.html";
server[i] = "NCSA/";
title[i] = make_list(
"SCO Documentation Library"
);
body[i] = make_list(
"/FEATS/CONTENTS.html>SCO OpenServer"
);
i++;
name[i] = "Sipura Analog Telephone Adapter";
port_re[i] = "^80$";
url[i] = "/";
server[i] = "";
title[i] = make_list(
"Sipura SPA Configuration"
);
body[i] = make_list(
">Product Name:<"
);
i++;
name[i] = "SonicWALL SSL-VPN Appliance";
url[i] = "/cgi-bin/welcome/VirtualOffice";
server[i] = "SonicWALL SSL-VPN Web Server";
body[i] = make_list(
"virtual office - Powered by SonicWALL"
);
i++;
name[i] = "AsyncOS";
url[i] = "/login";
server_re[i] = "glass/[0-9.]+ Python/[0-9.]+";
title_re[i] = make_list(
"^IronPort [CMX][0-9]+"
);
body_re[i] = make_list(
'alt="IronPort (Spam|[CMX][0-9]+)'
);
i++;
name[i] = "D-Link Wireless Access Point";
dev_type[i] = "wireless-access-point";
port_re[i] = "^80$";
url[i] = "/index.php";
title_re[i] = make_list(
"^D-Link Corporation *\\| *[wW][iI][rR][eE][lL][eE][sS][sS] [aA][cC][cC][eE][sS][sS] [pP][oO][iI][nN][tT]"
);
body[i] = make_list(
'Login to the Access Point:'
);
i++;
name[i] = "CISCO ASA 5500";
confidence[i] = 85;
port_re[i] = "^443$";
url[i] = "/+CSCOE+/win.js";
body_re[i] = make_list( 'CSCO_WebVPN');
i++;
name[i] = "Trend Micro InterScan Web Security Virtual Appliance";
port_re[i] = "^1812$";
url[i] = "/logon.jsp";
title[i] = make_list(
"Trend Micro InterScan Web Security Virtual Appliance"
);
body_re[i] = make_list( '2[0-9]+ Trend Micro Incorporated. All rights reserved.</td>');
i++;
name[i] = "Trimble GPS Receiver";
server_re[i] = "^TRMB/[0-9]";
body[i] = make_list(
'Trimble IP Enabled Geomatics GPS Receiver'
);
i++;
name[i] = "Trimble NetR5 Receiver";
server_re[i] = "^TRMB/[0-9]";
body[i] = make_list(
'GPSWeb Version',
'navigation.php?NoClientReload=1'
);
i++;
name[i] = "Juniper Junos";
confidence[i] = 85;
url[i] = "/login";
title_re[i] = make_list('Log In - Juniper (Web Device Manager|Networks Web Management)');
body_re[i] = make_list('[0-9]+, Juniper Networks, Inc. *<a');
i++;
name[i] = "Visara FEP-4600 Communications Controller";
url[i] = "/";
title[i] = make_list("Visara FEP4600");
body[i] = make_list(
'<IMG SRC="/images/Administrative.jpg"></A>',
'<TD COLSPAN=2 ALIGN=CENTER>Software revision level: '
);
i++;
name[i] = "PowerLogic EGX100";
url[i] = "/";
server[i] = "Allegro-Software-RomPager/";
headers_re[i] = make_list(
'^WWW-Authenticate: +Basic realm="EGX100"'
);
i++;
name[i] = "Printronix T 5000 Printer";
dev_type[i] = "printer";
url[i] = "/STATUS";
server[i] = "Allegro-Software-RomPager/";
body[i] = make_list(
'COT Interface Adapter System',
'<img src="cotlogo3d.gif"',
'<strong>Printronix T 5000</strong>'
);
i++;
name[i] = "Printronix Printer";
dev_type[i] = "printer";
url[i] = "/";
title[i] = make_list("Integrated PrintNet Enterprise Home Page");
body[i] = make_list(
'<legend>Welcome to Integrated PrintNet Enterprise</legend>',
'<label for="Configuration"><a href="indexConf.html" title="Configuration">Configuration</a></label>'
);
i++;
name[i] = "Samsung ML-2580N Series Printer";
dev_type[i] = "printer";
url[i] = "/home.htm";
body[i] = make_list(
'<title>SWS - Home </title>";',
'var tray2Installed =',
'ML-2580N'
);
i++;
name[i] = "Samsung SCX-6545 Series Printer";
dev_type[i] = "printer";
url[i] = "/sws/data/sws_data.js";
body_re[i] = make_list(
'SWS.DATA\\.modelName = "Samsung SCX-6545 Series";'
);
i++;
name[i] = "Samsung Printer";
dev_type[i] = "printer";
url[i] = "/";
title[i] = make_list(
'SyncThru Web Service'
);
body_re[i] = make_list(
'var COPYRIGHT =.+ SAMSUNG\\. All rights reserved\\.";',
'function ChangeLocation\\(\\)'
);
i++;
name[i] = "SEW MOVIDRIVE";
url[i] = "/";
server[i] = "Allegro-Software-RomPager/";
title[i] = make_list(
'SEW - Movidrive'
);
body[i] = make_list(
'<frame name="BalkenHoriz"'
);
i++;
name[i] = "SINDOH D401 Printer";
dev_type[i] = "printer";
url[i] = "/wcd/system.xml";
body_re[i] = make_list(
'<MFP><ScreenName>system_device</ScreenName>',
'<System><ProductName>SINDOH D401</ProductName>'
);
i++;
name[i] = "Toshiba e-Studio 5540C printer";
dev_type[i] = "printer";
url[i] = "/js/Device.js";
body[i] = make_list(
'<ModelName>TOSHIBA e-STUDIO5540C</ModelName><Printer>'
);
i++;
name[i] = "Foscam IP Camera";
dev_type[i] = "camera";
url[i] = "/ptz.htm";
body[i] = make_list(
'next_url=ptz.htm&ptz_center_onstart='
);
i++;
name[i] = "VBrick";
confidence[i] = 75;
dev_type[i] = "embedded";
server[i] = "Rapid Logic/";
url[i] = "/";
title[i] = make_list(
"VBrick Integrated Web Server (IWS) Login"
);
body[i] = make_list(
'<input type=text size=20 name=username ONKEYUP="nextField(event'
);
i++;
name[i] = "VMware ESXi";
dev_type[i] = "hypervisor";
port_re[i] = "^443$";
url[i] = "/";
body[i] = make_list(
'<meta name="description" content="VMware ESXi',
'document.write(ID_ESX_VIClientDesc);'
);
i++;
name[i] = "Wiesemann & Theis Web-Thermograph";
dev_type[i] = "embedded";
url[i] = "/";
title_re[i] = make_list(
'^(Web-Thermo-Hygrograph|Web-IO Thermometer)'
);
body[i] = make_list(
'Ihr Browser unterstützt keine Frames'
);
i++;
name[i] = "Xerox ColorQube";
dev_type[i] = "printer";
url[i] = "/";
server[i] = "Allegro-Software-RomPager/";
title_re[i] = make_list(
'^Home'
);
body[i] = make_list(
'<meta content="printer; embedded web server',
"Model=ColorQube",
"XEROX CORPORATION"
);
i++;
name[i] = "Xerox ColorQube";
dev_type[i] = "printer";
url[i] = "/header.php?tab=status";
server[i] = "Apache";
body[i] = make_list(
'<a href="/print/index.php" target="_top">Print</a>',
'<div id="productName">XEROX ColorQube'
);
i++;
name[i] = "Identity Services Engine";
url[i] = "/admin/login.jsp";
dev_type[i] = "general-purpose";
body[i] = make_list(
'<title>Identity Services Engine</title>',
"ciscoLogoImageAlt=",
"loginButtonLabel="
);
i++;
name[i] = "Lantronix SLC";
dev_type[i] = "embedded";
url[i] = "/";
title_re[i] = make_list(
'^Lantronix SLC(8|16|32|48)$'
);
body_re[i] = make_list(
'<div class=product>SLC(8|16|32|48)</div>'
);
i++;
name[i] = "Emerson Liebert IntelliSlot WebCard";
dev_type[i] = "embedded";
confidence[i] = 80;
url[i] = "/";
server[i] = "Allegro-Software-RomPager/";
body[i] = make_list(
'<title>Liebert</title>'
);
i++;
name[i] = "Arista EOS";
url[i] = "/explorer.html";
dev_type[i] = "switch";
server[i] = "nginx";
confidence[i] = 99;
title[i] = make_list(
'Command API Explorer'
);
body[i] = make_list(
'Arista Command API'
);
i++;
name[i] = "Virtuozzo";
url[i] = "/";
server[i] = "Apache/";
title[i] = make_list(
"Test Page for the Apache HTTP Server"
);
body[i] = make_list(
"<h1>Virtuozzo Linux <strong>Test Page</strong></h1>",
"<p>For information on Virtuozzo products, please visit"
);
dev_type[i] = "general-purpose";
confidence[i] = 80;
i++;
name[i] = "BlueBolt";
url[i] = "/";
body[i] = make_list(
'[ "model","sernum","macaddr" ];'
);
dev_type[i] = "embedded";
confidence[i] = 40;
i++;
name[i] = "Polycom SoundPoint IP Telephone";
url[i] = "/";
server[i] = "Polycom SoundPoint IP Telephone HTTPd";
title[i] = make_list(
"Polycom - Configuration Utility"
);
body[i] = make_list(
">Polycom Web Configuration Utility<"
);
dev_type[i] = "embedded";
confidence[i] = 90;
i++;
name[i] = "Dell DR Series Appliance";
dev_type[i] = "embedded";
confidence[i] = 96;
url[i] = "/";
body[i] = make_list(
">Dell DR Series</p>",
">You must use https to access this DR.</p>",
'href="dr_client_support.css">'
);
i++;
name[i] = "Dell DR Series Appliance";
dev_type[i] = "embedded";
confidence[i] = 96;
url[i] = "/";
body[i] = make_list(
'<title></title>',
'ng-app="drConsoleApp"',
'class="dell-logo"',
"<dr-configuration-wizard></dr-configuration-wizard>"
);
i++;
name[i] = "Quest DR Series Appliance";
dev_type[i] = "embedded";
confidence[i] = 96;
url[i] = "/";
body[i] = make_list(
'class="quest-logo">',
">DR Series</p>",
">You must use https to access this DR.</p>",
'href="dr_client_support.css">'
);
i++;
name[i] = "Quest DR Series Appliance";
dev_type[i] = "embedded";
confidence[i] = 96;
url[i] = "/";
body[i] = make_list(
'<title></title>',
'ng-app="drConsoleApp"',
'class="quest-logo"',
"<dr-configuration-wizard></dr-configuration-wizard>"
);
i++;
name[i] = "IBM z/OS";
dev_type[i] = "general-purpose";
confidence[i] = 90;
url[i] = "/";
title[i] = make_list(
"CICS Web Interface error"
);
i++;
name[i] = "Araknis Switch";
dev_type[i] = "switch";
confidence[i] = 96;
url[i] = "/loginMsg.js";
body_re[i] = make_list(
'var modelName="AN-[0-9]+-SW-[0-9]+'
);
i++;
name[i] = "IBM z/OS";
dev_type[i] = "general-purpose";
confidence[i] = 90;
url[i] = "/";
headers[i] = make_list(
"X-Powered-By: DB2 for z/OS"
);
i++;
name[i] = "NetApp Appliance";
dev_type[i] = "embedded";
confidence[i] = 66;
url[i] = "/";
headers_re[i] = make_list(
"^HTTP/1.1 30[23]",
"Location: [^\s]*/sysmgr/SysMgr.html"
);
i++;
name[i] = "Zebra ZTC Printer";
confidence[i] = 90;
dev_type[i] = "printer";
url[i] = "/";
body[i] = make_list(
"Zebra Technologies",
"ZTC"
);
body_re[i] = make_list(
"(?i)<H3><A HREF=.*config.html.?>View Printer Configuration</A><BR>",
"(?i)<A HREF=.*control.?>Printer Controls</A><BR>",
"(?i)<H2>Printer Home Page</H2>"
);
i++;
n = i;
# Check each web server.
foreach port (ports)
{
if (!get_port_state(port)) continue;
prev_url = NULL;
prev_res = NULL;
for (i=0; i<n; i++)
{
# Ignore it if it's supposed to run on a specific set of ports
# and this port isn't in that list.
if (
!isnull(port_re[i]) &&
!preg(pattern:port_re[i], string:string(port))
) continue;
# Examine the Server response header.
banner = get_http_banner(port:port);
if (isnull(banner)) cur_server = "";
else cur_server = pgrep(pattern:"^Server:", string:banner);
if (strlen(cur_server) == 0)
{
if (strlen(server[i]) > 0 || strlen(server_re[i]) > 0) continue;
}
else
{
if (!isnull(server[i]) && server[i] == "") continue;
if (strlen(server[i]) > 0 && server[i] >!< cur_server) continue;
if (
strlen(server_re[i]) > 0 &&
!preg(pattern:"^Server: *"+server_re[i]+'[\r\n]*$', string:cur_server)
) continue;
}
# Fetch the URL if we should test for something in it.
if (
isnull(url[i]) &&
(
!isnull(title[i]) || !isnull(title_re[i]) ||
!isnull(body[i]) || !isnull(body_re[i])
)
)
{
url[i] = "/";
}
if (isnull(url[i])) continue;
if (!isnull(prev_url) && url[i] == prev_url && !isnull(prev_res)) res = prev_res;
else if (url[i] == '/' && empty_or_null(redir[i]))
{
res[0] = res[1] = res[2] = '';
cached_res = http_get_cache(port:port, item:"/");
lines = split(cached_res);
res[0] = lines[0];
for (j=1; j<max_index(lines); j++)
{
if (lines[j] == '\r\n' || lines[j] == '\n') break;
res[1] += lines[j];
}
j++;
while (j<max_index(lines))
{
res[2] += lines[j];
j++;
}
}
else if (get_kb_item('Services/www/'+port+'/broken'))
{
res[2] = '';
}
else
{
if(empty_or_null(redir[i])) redir[i] = 0;
res = http_send_recv3(item:url[i], method:"GET", port:port, follow_redirect:redir[i]);
if (isnull(res)) continue;
if (isnull(res[2])) res[2] = "";
prev_url = url[i];
prev_res = res;
}
# Flag when we can move on to the next signature.
stop_checking = FALSE;
# Check the headers if appropriate.
if (!isnull(headers[i]) || !isnull(headers_re[i]))
{
cur_headers = res[0] + res[1];
if (!isnull(headers[i]))
{
foreach h (headers[i])
{
if (h >!< cur_headers)
{
stop_checking = TRUE;
break;
}
}
if (stop_checking) continue;
}
if (!isnull(headers_re[i]))
{
foreach h (headers_re[i])
{
if (!pgrep(pattern:h, string:cur_headers))
{
stop_checking = TRUE;
break;
}
}
if (stop_checking) continue;
}
}
# Check the title if appropriate.
if (!isnull(title[i]) || !isnull(title_re[i]))
{
# Isolate the title.
cur_title = "";
title_start = stridx(tolower(res[2]), "<title>");
if (title_start < 0) continue;
cur_title = substr(res[2], title_start+strlen("<title>"));
title_end = stridx(tolower(cur_title), "</title>");
if (title_end < 0) continue;
cur_title = substr(cur_title, 0, title_end - 1);
if (!isnull(title[i]))
{
foreach t (title[i])
{
if (t >!< cur_title)
{
stop_checking = TRUE;
break;
}
}
if (stop_checking) continue;
}
if (!isnull(title_re[i]))
{
foreach t (title_re[i])
{
if (!pgrep(pattern:t, string:cur_title))
{
stop_checking = TRUE;
break;
}
}
if (stop_checking) continue;
}
}
# Check the body if appropriate.
if (!isnull(body[i]) || !isnull(body_re[i]) || !isnull(body_match[i]))
{
cur_body = res[2];
if (!isnull(body[i]))
{
foreach b (body[i])
{
if (b >!< cur_body)
{
stop_checking = TRUE;
break;
}
}
if (stop_checking) continue;
}
if (!isnull(body_re[i]))
{
foreach b (body_re[i])
{
if (!pgrep(pattern:b, string:cur_body))
{
stop_checking = TRUE;
break;
}
}
if (stop_checking) continue;
}
# Append captured groups to 'name'
if (!isnull(body_match[i]))
{
matched = false;
string_to_append = NULL;
foreach array (body_match[i])
{
matches = pregmatch(string:cur_body, pattern:array['pattern']);
if (isnull(matches)) continue;
matched = true;
matches[0] = NULL; # NULL out whole match
if (isnull(matches)) continue;
string_to_append = join(matches, sep:' ');
if (!isnull(string_to_append))
{
name[i] += string_to_append;
break;
}
}
if (!matched) continue;
}
}
# If we get here, we found it.
if (confidence[i]) confidence = confidence[i];
else confidence = default_confidence;
if (dev_type[i]) dev_type = dev_type[i];
else dev_type = default_dev_type;
set_kb_item(name:"Host/OS/HTML", value:name[i]);
set_kb_item(name:"Host/OS/HTML/Confidence", value:confidence);
set_kb_item(name:"Host/OS/HTML/Type", value:dev_type);
# Let's make sure the web server is marked as embedded while we're at it.
replace_kb_item(name:"Services/www/" + port + "/embedded", value:TRUE);
exit(0);
}
}