Nmap Development mailing list archives
IPv4 OS Fingerprint Integration Highlights
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 29 Oct 2015 08:33:07 -0500
It's that time again! We processed your IPv4 OS fingerprint submissions from February through September (1065 of them) and here are the results: Line count went from 90388 to 94870 (+4482, +5%). Fingerprint count went from 4766 to 4985 (+219, +5%). The next part could be surprising, but we had good reason to shake up the vendor/family combinations this go-around. We use the Vendor portion of the Class line to report both OS vendor (like Microsoft, Apple, Linux, etc.) and hardware vendor (Apple, Xerox, AXIS, etc.). In some cases, we know both of these: if a router is running embedded Linux, we used to report this as "Class Linksys | Linux | 2.4.X | broadband router" for instance. We changed that so that the same device will now have two Class lines: "Class Linux | Linux | 2.4.X | broadband router" and "Class Linksys | embedded || broadband router". This makes it easier for our automatic CPE [1] generator script to extract appropriate OS and hardware info, and also makes it easier to see what OSs are really represented in a scan. This is the reason you see so many new "embedded" families and so many deleted Linux, VxWorks, Windows, etc. below: New vendor/family combinations: Aerohive HiveOS, AirMagnet embedded, Airnet embedded, Avaya Communication Manager, BT embedded, Bomara embedded, Burny embedded, Ceedtec embedded, Check Point GAiA OS, Chip PC embedded, Citrix XenServer, Cobalt embedded, Compal embedded, CyanogenMod CyanogenMod, Datalogic embedded, Dell DRAC, Dell iDRAC, Dick Smith Electronics embedded, Digium embedded, DirecTV embedded, Draytek embedded, Drobo embedded, Eaton embedded, Emerson embedded, Endian embedded, Excito embedded, Foscam embedded, Free embedded, Fuji embedded, Gargoyle Gargoyle, Gennet embedded, Genua embedded, Hikvision embedded, IGEL embedded, IO-Data embedded, IPCop IPCop, IPCop embedded, IPFire IPFire, ISS embedded, Infomir embedded, Instar embedded, Kemp embedded, LaCie embedded, LifeSize embedded, Logitech embedded, Macsense embedded, Meinberg embedded, Microsoft Windows Mobile, Mitrastar embedded, NodeMCU embedded, Nokia embedded, Nomadix embedded, Olympus embedded, OnStor embedded, Oracle Virtualbox, Precise Software Technologies MQX, Promise embedded, Rigol Technologies embedded, SEH embedded, Secure Computing embedded, Star Track embedded, Starbridge Networks embedded, Synology DiskStation Manager, TP-Link embedded, Trane embedded, Ubiquiti AirOS, Ubiquiti embedded, VIPA embedded, VMware ESXi, Vilar embedded, WebSense embedded, XEU.com eComStation, Yealink embedded, eCosCentric eCos. Removed vendor/family combinations: 3Com VxWorks, AXIS Linux, Actiontec Linux, Aerohive embedded, AirMagnet Linux, Airnet ThreadX, Alcatel-Lucent Linux, Arris VxWorks, Asus Linux, Avaya Linux, Avaya VxWorks, BT Windows, Belkin Linux, Bomara Linux, Burny Windows, Ceedtec Linux, Check Point Linux, Chip PC Linux, Cisco Android, Cisco Linux, Cisco VxWorks, Cisco Windows, Cisco eCos, Citrix Linux, Cobalt Linux, Connected Data Linux, D-Link Linux, D-Link ThreadX, Datalogic Windows, Dell Linux, Dell VxWorks, Dick Smith Electronics VxWorks, Digium Linux, DirecTV Linux, DrayTek Linux, Endian Linux, Enterasys Linux, Epson Linux, Excito Linux, Fortinet Linux, Foscam Linux, Free Linux, Fuji Windows, Fujitsu Siemens Windows, GalaxyMetalGear Linux, Gargoyle Linux, Gennet Linux, Genua OpenBSD, HP Linux, HP VxWorks, HP eCos, HTC Windows, Hikvision Linux, Huawei Linux, Huawei VxWorks, IGEL Linux, IO-Data Linux, IPCop Linux, IPFire Linux, ISS Linux, Icy Box Linux, Infomir Linux, Instar Linux, Intermec Windows, Iomega Linux, Juniper Windows, Kemp Linux, LG Linux, LaCie Linux, LaCie Windows, Lantronix Linux, LifeSize Linux, Linksys Linux, Linksys VxWorks, Logitech Linux, MRT Linux, Macsense Linux, Meinberg Linux, MikroTik Linux, MitraStar Linux, Mobotix Linux, MontaVista Linux, Motorola Linux, Motorola VxWorks, Motorola Windows, Motorola eCos, NAS4Free FreeBSD, Netgear Linux, Netgear VxWorks, Netgear eCos, Neuf VxWorks, Nokia Linux, Nortel VxWorks, ONStor OpenBSD, OpenVZ Linux, Oracle Linux, Philips Linux, ProVision Linux, Promise Linux, Q-SEE Linux, QNAP Linux, RGB Networks Linux, Radware embedded, Roku Linux, Scientific Atlanta eCos, Secure Computing Linux, ShoreTel Linux, Sony FreeBSD, Sony Linux, Star Track Linux, Starbridge Networks Linux, Stratacache Linux, Sun VxWorks, Supermicro Linux, Symantec Linux, Symbol Windows, Synology Linux, TRENDnet ThreadX, Tenda VxWorks, Thomson eCos, Toshiba Linux, Ubiquiti Linux, Vegastream ThreadX, Vilar Linux, WebSense Linux, Western Digital Linux, Wyse Linux, ZTE Linux, ZyXEL Linux, eCos eCos, iDirect Linux. OS X 11 iOS 9 Android 5.1 FreeBSD 11.0 Linux 4.1 Windows Server 2012 R2 Windows 10 build 10240 OpenBSD 5.7 New fingerprints for various updated OSs. We're still sorting out how to report Windows 10, since Microsoft has indicated that they will be using a rolling update system. For now, since we only have a small number of submissions, we're reporting the build number along with the version. https://en.wikipedia.org/wiki/VMware_ESX#Versions +Class VMware | ESX Server | 5.X | specialized +Class VMware | ESXi | 6.X | specialized ESX and ESXi are separate systems, but they were being classified as the same ("ESX Server"). Going forward, they will be reported correctly. +Fingerprint Burny CNC controller (Microsoft Windows XP Embedded) Nothing like commanding a plasma beam to cut your name into something on the other side of the world. :) +Fingerprint JTEKT Toyopuc PC10 programmable logic controller +Fingerprint Trane Tracer SC building controller +Fingerprint VIPA PLC CPU SCADA and ICS were well-represented again. +Fingerprint Microsoft Windows Embedded Standard 7 +Fingerprint Microsoft Windows Embedded POSready 7 Even Microsoft is in the embedded OS business. We'll see if these remain distinguishable from vanilla Windows 7 as we get more submissions. +Fingerprint NodeMCU firmware (lwIP stack) This was previously reported as "Espressif WiFi system-on-a-chip" but NodeMCU is more properly the software that is running on it. +Fingerprint Cobalt Qube 2700WG (Linux 2.0.34) A blast from the past! Wikipedia says this was first released in 1998. https://en.wikipedia.org/wiki/Cobalt_Qube +Fingerprint DEC TOPS-20 7.1 +Fingerprint HP OpenVMS 6 For the mainframe-lovers in your life. And of course a slew of switches, printers, home routers, DVRs, IPMI on-board controllers, and odd OS configurations that always roll in. Happy scanning! Dan [1] https://nmap.org/book/output-formats-cpe.html
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- IPv4 OS Fingerprint Integration Highlights Daniel Miller (Oct 29)