(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"[Tt]omato\"\r\n|s p/Linksys WRT54G WAP http config/ i/Tomato firmware/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"WRT(\w+)\"\r\n|s p/Tomato WAP firmware httpd/ i/Linksys WRT$1 WAP/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nContent-Type: text/html; charset=utf-8\r\nCache-Control: no-cache, no-store, must-revalidate, private\r\nExpires: Thu, 31 Dec 1970 00:00:00 GMT\r\nPragma: no-cache\r\nWWW-Authenticate: Basic realm=\"[^"]*\"\r\nConnection: close\r\n\r\n<html><head><title>Error</title></head><body><h2>401 Unauthorized</h2> Unauthorized</body></html>$| p/Tomato WAP firmware httpd/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Linksys WAG(\w+) ?\"\r\n|s p/Linksys WAG$1 WAP http config/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Linksys WRT(\w+)\"\r\n|s p/Linksys WRT$1 WAP http config/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 \d\d\d .*var path='http://www\.axis\.com/cgi-bin/prodhelp\?prod=axis_(\d+)&ver=([\d.]+)|s p/AXIS $1 print server http config/ v/$2/ cpe:/h:axis:$1/a
match http m|^HTTP/1\.0 200 OK\r\nHTTP/1\.0 200 OK\r\nServer: ap\r\n.*<title>NetGear Remote Bridge Setup</title>|s p/Netgear ethernet Bridge http config/ d/bridge/

match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\n.*<TITLE>optiPoint ([\w .]+) Home Page</TITLE>|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Siemens optiPoint $2 VoIP phone http config/ d/VoIP phone/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:siemens:optipoint_$2/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\n.*<TITLE>optiPoint(\d+)Entry Home Page</TITLE>|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Siemens optiPoint $2 entry http config/ d/VoIP phone/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\n.*<TITLE>optiPoint(\d+)Standard Home Page</TITLE>|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Siemens optiPoint $2 standard http config/ d/VoIP phone/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\n.*<TITLE>optiPoint(\d+)Advance Home Page</TITLE>|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Siemens optiPoint $2 advance http config/ d/VoIP phone/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a

match http m|^HTTP/\d\.\d \d\d\d .*\r\nServer: Mathopd/([\w.]+)\r\n| p/Mathopd httpd/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: ml_www/(.*)\r\n| p/ml_www WinAmp control httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 302 Redirect\r\nServer: GoAhead-Webs\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://Netlinx/WebControl\.asp\r\n\r\n| p/GoAhead WebServer/ i|AMX NetLinx A/V control| d/media device/ cpe:/a:goahead:goahead_webserver/ cpe:/o:harman:amx_firmware/
match http m|^HTTP/1\.0 200 OK \r\nCache-Control: max-age=60\r\nContent-type: text/html; charset=ISO-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Frameset//EN\" >\r\n<HTML>\r\n    <HEAD><TITLE>SandvallsangFSK: (\w+)</TITLE>| p/Kirk $1 VoIP gateway http config/ d/VoIP adapter/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nPragma: no-cache\r\n.*<title>POPFile Control Center</title>\n|s p/POPFile http control center/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n(?:[^\r\n]+\r\n)*?Pragma: no-cache\r\n.*<title>POPFile Control Center</title>\r\n|s p/POPFile http control center/ v/1.1.1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: fhttpd/([\d.]+)\r\n| p/fhttpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nCache-Control: no-cache\r\n\r\n<html>\r\n<head><meta charset=\"utf-8\">\r\n<title> Home </title>\r\n<script language=\"JavaScript\">\r\n<!--\r\n// the start of Cookie related function\r\nfunction getCookieVal \(offset\) {  \r\n| p/Samsung ML-2251N printer http config/ d/printer/ cpe:/h:samsung:ml-2251n/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"Siemens Web User Interface\"\r\n\r\n401 Unauthorized\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Siemens router http config/ d/router/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\" /\"\r\nContent-type: text/html\r\nContent-length: 0\r\n\r\n$| p|Casi-Rusco camera/Bestelco VoIP phone http config|
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: MyServer ([-\w.]+)\r\n|s p/MyServer httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Quantum Corporation\./([\d.]+)\r\n| p/Quantum backup appliance http config/ v/$1/ d/storage-misc/
match http m|^<html><head><title>ServiceRegistry</title><META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\"></head><basefont size=\"2\" face=\"Arial\" color=\"Black\">.*<br><h1><i>ServiceRegistry</i></h1>\r\nAvailable commands:\r\n<ul>| p/HP SAN Manager ServiceRegistry httpd/
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"HP ISEE @| p/HP ISEE httpd/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Simple java\r\n.*<title>hp OpenView storage area manager - GUI download</title>|s p/Simple java httpd/ i/HP OpenView Storage Area Manager http config/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Micro-Web\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<TITLE> HP StorageWorks MSL Tape Library Management Console </TITLE>\n| p/Micro-Web/ i/HP StorageWorks MSL Tape Library http config/ d/storage-misc/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: RapidLogic/([\d.]+)\r\n.*<HTML>\n<HEAD>\n<TITLE>Switch Explorer</TITLE>\n|s p/RapidLogic httpd/ v/$1/ i/Fabric switch http config/ d/switch/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Mono-XSP Server/([\d.]+) Unix\r\n| p/Mono-XSP .NET httpd/ v/$1/ o/Unix/ cpe:/a:mono:xsp:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: SimpleHTTP/([\d.]+) Python/([\d.]+)\r\n| p/Karrigell Python httpd/ i/SimpleHTTP $1; Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Cougar ([\d.]+)\r\n|s p/VideoLAN Server streaming media/ i/Cougar $1/
match http m|^HTTP/1\.0 404 Not found\r\n.*<title>Error 404</title>.*<a href=\"http://www\.videolan\.org\">VideoLAN</a>|s p/VideoLAN Server streaming media/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-type: text/html; charset=UTF-8\r\nCache-Control: no-cache\r\nContent-Length: \d+\r\n.* - - - - >\r?\n<  index\.html: VLC media player web interface\r?\n|s p/VLC media player http interface/ cpe:/a:videolan:vlc_media_player/
match http m|^HTTP/1\.0 \d\d\d .*<title>mikrotik routeros > administration</title>.*font-size: 9px\">mikrotik routeros ([\d.]+) administration|s p/MikroTik router http config/ i/RouterOS $1/ d/router/ cpe:/o:mikrotik:routeros:$1/
match http m|^HTTP/1\.0 \d\d\d .*<title>mikrotik routeros > administration</title>|s p/MikroTik router http config/ d/router/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: thttpd-alphanetworks/([\d.]+)\r\nContent-Type: text/html\r\nDate: .*\r\nLast-Modified: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Broadband Router\"\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD><BODY onLoad=javascript:document\.forms\[0\]\.submit\(\);>| p/thttpd-alphanetworks/ v/$1/ i/FiberLine router http config/ d/router/ cpe:/a:alphanetworks:thttpd:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: RMC Webserver ([\d.]+)\r\n.*<title>Remote Access Controller</title>|s p/Dell Remote Access Controller http interface/ v/$1/ d/remote management/ cpe:/h:dell:remote_access_card/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"PROJECTOR[3]?\" \r\nContent-Type: text/html\r\n\r\n<HTML><BODY><H2>HTTP Error 401 - Unauthorized</H2><HR></BODY></HTML>| p/Panasonic Video Projector http config/ d/media device/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Footprint ([\d.]+)/FPMCP\r\n| p/Sandpiper Footprint http load balancer/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: LogMeIn Web Gateway\r\n| p/LogMeIn remote access web gateway/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: ArGoSoft Mail Server Freeware, Version [\d.]+ \(([\d.]+)\)\r\n| p/ArGoSoft Mail Server Freeware httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\nServer: Fastream NETFile Web Server ([\d.]+)\r\n| p/Fastream httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 \(OK\) \r\nPragma: No-Cache\r\nCache-Control: no-cache\r\nDate: .*\r\nServer: HTTP Server\r\n.*Copyright \d+, \d+ Nortel Networks\.|s p/WindWeb/ i/Nortel Extranet switch http config/ d/switch/ cpe:/a:windriver:windweb/
match http m|^<html>\n<title>24-Port 10/100M Fast Ethernet Web Smart Switch</title>\n<frameset rows='60,\*'.*<frame name=main src=cgi_login noresize>\n|s p/TRENDnet SMART24B switch http config/ d/switch/ cpe:/h:trendnet:smart24b/a
match http m|^HTTP/1.0 403 Forbidden\r\nServer: SI3PHX1/([\d.]+)\r\n| p/Prolexic DDoS protected httpd/ i|SI3PHX1/$1|
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: WebServer ([\d.]+)\r\nLast-Modified: .*\r\nETag: \"[-\w]+\"\r\nAccept-Ranges: bytes\r\n| p/Cryptologic httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: WebServer/([\d.]+)\r\n.*<META http-equiv=\"Refresh\" content=\"0; Url=/trane/tsws/login\.htm\" >\n  <title>redirect</title>|s p/Trane Tracer Summit building control httpd/ v/$1/ d/remote management/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: HDS Hi-Track Server/([\d.]+)\r\n| p/Hi-Track httpd/ v/$1/ i/Hitachi Data System http config/ d/storage-misc/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: WebTrends HTTP Server ([\w.]+)\r\n| p/Webtrends httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: WebTrends HTTP Server \r\n| p/Webtrends httpd/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Desktop On-Call HTTPD V([\d.]+)\r\n| p/IBM Desktop On-Call httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: OCServer\r\nContent-Type: text/html\r\n\r\n\n\n<!-- WebConnect HTML -->| p/OCServer httpd/ i/WebConnect http service/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: ENI-Web/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"standard@3Com\"\r\n\r\n| p/ENI-Web httpd/ v/$1/ i/Speedstream DSL router http config/ d/router/
match http m|^HTTP/1\.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=180\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<META HTTP-EQUIV=\"EXPIRES\" CONTENT=\"0\">\n<meta http-equiv=\"Pragma\" Content=\"No-cache\">\n</head>\n<body>\n<center>\n<h3><BR>Sorry, the switch is already being managed\. Concurrent management is not allowed!\n</center>\n</body></html>\n\0| p/Compex switch http config/ d/switch/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: \r\n(?:[^\r\n]+\r\n)*?\r\n<HTML>\n<HEAD>\n<TITLE>Actiontec</TITLE>\n\n|s p/Actiontec DSL router http config/ d/router/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: JavaWebServer/([\d.]+) \r\nContent-Length: .*<HEAD>\n<TITLE>CentreVu Explorer II</TITLE>\n|s p/JavaWebServer/ v/$1/ i/Lucent CentreVu Explorer II http config/ d/telecom-misc/
match http m|^<!-- saved from url=\(\d+\)http://internet\.e-mail -->\n<html>\n\n<head>\n<title>HTML-Konfiguration</title>\n\n| p/micro_httpd/ i/Deutsche Telekom wireless router http config/ d/router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 \d\d\d .*\nWWW-Authenticate: Basic realm=\"Web Host Manager\"\nConnection: close\nServer: whostmgr/([\d.]+)\n| p/whostmgr httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: RMC Webserver ([\d.]+)\r\nLast-Modified: .*\r\nAllow: GET, HEAD\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>TopTools Remote Control</TITLE>\r\n| p/RMC httpd/ v/$1/ i/HP TopTools http control/
# HP OpenView ITO agent (probably version 7.25) on Windows, port 381
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?server: BBC (\d[-.\w]+); com\.hp\.openview\.Coda (\d[-.\w]+)\r\n\r\n|s p/BBC httpd/ v/$1/ i/HP OpenView ITO agent - Coda $2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?server: BBC (\d[-.\w]+); com\.hp\.openview\.bbc\.LLB[Ss]erver (\d[-.\w]+)\r\n\r\n|s p/BBC httpd/ v/$1/ i/HP OpenView ITO agent - LLB server $2/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Servertec-IWS/([\d.]+)\r\n| p/Servertec IWS Java httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: DirectUpdate/([\d.]+)\r\n| p/DirectUpdate dynamic IP updater/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CCS/Jigsaw/([\d.]+)\r\n|s p/Commerce One httpd/ i/Java Jigsaw $1/ cpe:/a:w3:jigsaw:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: VisiBroker/([\d.]+)\r\n\r\n|s p/Borland VisiBroker CORBA httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Compaq Insight Manager XE ([\d.]+)\r\n|s p/Compaq Insight Manager XE httpd/ v/$1/ cpe:/a:compaq:insight_manager_xe:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ISS-PXServer/([\d.]+)\r\n|s p/ISS-PXServer httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Jigsaw/([\w.-]+)\r\n|s p/Java Jigsaw httpd/ v/$1/ cpe:/a:w3:jigsaw:$1/
match http m|^Language received from client: .*\nSetlocale: .*\n| p/AIX Web-based System Manager/ o/AIX/ cpe:/o:ibm:aix/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nServer: gnump3d2 ([\d.]+) \([\d/]+\)\r\n| p/GNUMP3d streaming server/ v/$1/ cpe:/a:gnu:gnump3d:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: SpyBot([\d.]+)\r\n| p/SpyBot httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?\r\n<HTML>\n<HEAD><TITLE>NBX NetSet</TITLE>\n|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/3Com SuperStack 3 NBX switch http config/ d/switch/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: WWW-KODEKS/([\d.]+)\r\n| p/Knowledge On Demand httpd/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Ares ([\d.]+)\r\nConnection: Keep-Alive\r\n\r\n| p/Ares Galaxy P2P httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Paws/([\d.]+)\r\n.*<title>ParaSoft LicenseServer  ([\d.]+)</title>|s p/Paws/ v/$1/ i/ParaSoft LicenseServer $2/
match http m|^HTTP/1\.1 ERROR\r\nServer: Server: Paws/([^\r\n]+)\r\nDate: \d.*\r\nExpires: .*\r\nContent-type: text/html\r\nContent-length: 2\r\n\r\n\r\n$| p/Paws/ v/$1/ i/ParaSoft Concerto software development platform/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/plain\r\n\r\nNode: \d+\n| p/DSpy D2OL statistics httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nServer: WindWeb/([\d.]+)\r\nDate: .*\r\nContent-Type: text/html\r\n\r\n<HTML>\n<HEAD>\n<TITLE>Horizon Monitor  HTML</TITLE>\n| p/WindWeb/ v/$1/ i/Sun Tape Library http config/ d/storage-misc/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: monit ([\d.]+)\r\n| p/monit httpd/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Red Carpet Daemon/([\d.]+)\r\n\r\n| p/Red Carpet httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: CL-HTTP/([\d.]+) \(LispWorks; ([\d.]+)\)\r\n| p/CL-HTTPd/ v/$1/ i/LispWorks $2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: SAP-Internet-SapDb-Server/([\d.]+)\r\n| p/SAP Internet DB httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: JTALKServer\r\n| p/JTALKServer httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"HostMonitor's Web Service\"\r\n\r\n| p/HostMonitor Web Service/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: iSoft Commerce Suite Server\r\n| p/iSoft Commerce Suite httpd/
match http m|^HTTP/1\.1 \d\d\d .*\.\r\nServer: MS \.NET Remoting, MS \.NET CLR ([\d.]+)\r\n| p/MS .NET Remoting httpd/ i/.NET CLR $1/ o/Windows/ cpe:/a:microsoft:.net_framework:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: BSE ([\d.]+)\r\n| p/BSE httpd/ v/$1/ i/Pinnacle Showcenter http config/ d/media device/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: WebMail/([\d.]+)\r\nDate: .*\r\nContent-type: text/html\r\n\r\n<!-- top\.txt -->\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>WebMail Server</TITLE>\r\n| p/True North Soft WebMail httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 \r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>MX G2000 DEDICATED FILE SERVER</TITLE>| p/Murex G2000 file server httpd/
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nExpires: \d+\r\nCache-Control: no-cache\r\nServer: Indy/([\d.]+)\r\nLocation: /prtg\.htm\r\nSet-Cookie: PRTG4SESSION=| p/Indy httpd/ v/$1/ i/Paessler PRTG bandwidth monitor/ cpe:/a:indy:httpd:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nExpires: \d+\r\nCache-Control: no-cache\r\nServer: Indy/([\d.]+)\r\nLocation: /allsensors\.htm\r\n\r\n<HTML><BODY><B>301 Moved Permanently</B></BODY></HTML>\r\n| p/Indy httpd/ v/$1/ i/Paessler PRTG bandwidth monitor/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nExpires: \d+\r\nCache-Control: no-cache\r\nServer: Indy/([\d.]+)\r\nLocation: /sensorlist\.htm\r\n\r\n| p/Indy httpd/ v/$1/ i/Paessler PRTG bandwidth monitor/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Indy/([\d.]+)\r\nWWW-Authenticate: Basic realm=\"Please enter your login for PRTG(\d)\"\r\n|s p/Indy httpd/ v/$1/ i/Paessler PRTG SNMP $2 bandwidth monitor/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 301 Moved Permanently\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 56\r\nExpires: 0\r\nCache-Control: no-cache\r\nServer: Indy/([\w._-]+)\r\nLocation: /login\.htm\r\n\r\n<HTML><BODY><B>301 Moved Permanently</B></BODY></HTML>\r\n| p/Indy httpd/ v/$1/ i/Paessler PRTG bandwidth monitor/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: PRTG/([\w._-]+)\r\n|s p/Indy httpd/ v/$1/ i/Paessler PRTG bandwidth monitor/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: _httpd\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"\.\"\r\nContent-type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H4>401 Unauthorized</H4>\nAuthorization required\.\n</BODY></HTML>\n| p/Kaspersky AntiVirus http admin/ v/4.X/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Indy/([\d.]+)\r\n.*\r\n<title>Server Monitor Lite</title>\r\n|s p/Indy httpd/ v/$1/ i/Pure Networking Server Monitor Lite http interface/ cpe:/a:indy:httpd:$1/
match http m|^HTTP/1\.0 .*\r\nConnection: close\r\nDate: .*\r\nServer: JavaOpServer\r\n| p/JavaOp httpd/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: SmarterTools/([\d.]+)\r\n.*SmarterStats.*; Professional Edition - v\.([\d.]+) - Customer Login Page\r\n|s p/SmarterTools httpd/ v/$1/ i/SmarterStats $2 http interface/ cpe:/a:smartertools:smarterstats:$2/ cpe:/a:smartertools:smartertools_web:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Project Engine Server\r\n| p/Project Engine Server httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Indy/([\d.]+)\r\nWWW-Authenticate: Basic realm=\"NetStatus Professional\"\r\n|s p/Indy httpd/ v/$1/ i/NetStatus Professional/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: McAfee-Agent-HttpSvr/([\d.]+)\r\n| p/McAfee Agent httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: HoneydHTTP/([\d.]+) Python/([\d.]+)\r\n| p/Honeyd httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: 3ware/([\d.]+)\r\n.*<title>3ware 3DM2 - ([-\w_.]+) - Summary</title>|s p/3ware 3DM2 Serial RAID http config/ v/$1/ d/storage-misc/ h/$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: 3ware/([\d.]+)\r\n.*<title>3DM2 - ([-\w_.]+) - Summary</title>|s p/3ware 3DM2 Serial RAID http config/ v/$1/ d/storage-misc/ h/$2/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: unknown\r\nLocation: https://xweb-ext/__extraweb__/\r\nSet-Cookie: EXTRAWEB_REFERER=| p/Aventail SSL VPN Concentrator http config/ d/security-misc/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Accept: application/vnd\.syncml\+xml, application/vnd\.syncml\+wbxml\r\nCache-Control: no-store\r\nServer: MultiSync Plugin\r\n\r\nNo such file or directory\.|s p/SyncML PIM sync server for MultiSync/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: C4D/([\d.]+)\r\n| p/Cinema 4D Renderer http interface/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: servermgrd\r\nConnection: close\r\nContent-Type: text/html\r\n.*<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3\.2 Final//EN\"><HTML>\r\n<HEAD>\r\n<TITLE>Server Admin module list</TITLE>|s p/Apple Server Monitor http interface/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 401 Authorization Required\r\nServer: servermgrd\r\nWWW-Authenticate: Basic realm = \"Server Admin\"\r\n.*The server could not verify that you are authorized to access the requested content\.<P>\r\n<HR>\r\n</BODY></HTML>\r\n\r\n|s p/Apple Server Monitor http interface/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 401 Authorization Required\r\nServer: servermgrd\r\nSupportsXMLRPC\r\nSupportsBinaryPlist\r\nContent-Type: \xe2\x80\xa0%\xc6\x92<\r\n| p/Mac OS X Server Admin http config/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 404 Not Found\r\nServer: servermgrd\r\nConnection: close\r\nContentType: text/html\r\n| p/Apple Server Monitor http interface/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: BBC ([\d.]+) ; /Hewlett-Packard/OpenView/AutoDiscovery/com\.hp\.openview\.OvAgency\.OvAgencyCommand [\d.]+\r\n\r\n|s p/BBC httpd/ v/$1/ i/HP OpenView AutoDiscovery http interface/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Server: Sun-Java-System/Application-Server\r\n|s p/Sun Java System Application Server httpd/ i/Servlet $1/ cpe:/a:sun:java_system_application_server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Sun-Java-System/Application-Server\r\n| p/Sun Java System Application Server httpd/ cpe:/a:sun:java_system_application_server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Sun-Java-System-Application-Server/([^\r\n]+)\r\n| p/Sun Java System Application Server httpd/ v/$1/ cpe:/a:sun:java_system_application_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Sun-Java-System-Web-Server/([\d.]+)\r\n| p/Sun Java System httpd/ v/$1/ cpe:/a:sun:java_system_web_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Server: Sun Java System Application Server Platform Edition ([\d_.]+)\r\n|s p/Sun Java System Application Server Platform Edition httpd/ v/$2/ i/Servlet $1/ cpe:/a:sun:java_system_application_server:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Server: Sun Java System Application Server ([\w._-]+)\r\n|s p/Sun Java System Application Server httpd/ v/$2/ i/Servlet $1/ cpe:/a:sun:java_system_application_server:$2/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\d.]+)\r\n\r\n.*<title>Netopia Home Page</title>|s p/Allegro RomPager/ v/$1/ i/Netopia DSL router http config/ d/router/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"Netopia-(\w+)\"\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n| p/Allegro RomPager/ v/$2/ i/Netopia $1 router http config/ d/router/ cpe:/a:allegro:rompager:$2/ cpe:/h:netopia:$1/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Type: text/html\r\nDate: .*\r\nPragma: no-cache\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n\n<html>\n<head>\n<title>\nNetopia Router</title>\n|s p/Allegro RomPager/ v/$1/ i/Netopia Cayman 334x router http config/ d/router/ cpe:/a:allegro:rompager:$1/ cpe:/h:netopia:cayman_334x/a
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=BIG5\r\nPragma: No-cache\r\nServer: ACOS HTTPD/([\d.]+)\r\nCache-Control: no-cache\r\n.*<title>Authorization Page</title>.*action=\"checkAuthorization\" target=\"_self\">\r\n|s p/ACOS httpd/ v/$1/ i/Foxconn VoIP TRIO 3C http config/ d/VoIP phone/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: AltaVista Avhttpd ([\d.]+)\r\n| p/Altavista Enterprise Search httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Servage\.net Cluster \(Enhanced Apache\) \(Unix\) (.*)\r\n| p/Servage.net enhanced Apache/ i/$1/
match http m|^HTTP/1\.1 \d\d\d(?:[^\r\n]+\r\n)*?\r\n<!-- Login\.html -->\n\n\n.*<title>Login</title>.*colors\n\ndk blue: #adc3dc\nlt blue: #d2dae3\norange: #ee7d00\nlt orange: #FDDF97\n|s p/Aruba router http config/ d/router/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nLocation: https://securelogin\.arubanetworks\.com/| p/Aruba router secure http config/ d/router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nAccept-Ranges: none\r\n.*<title>Citrix Administration Tool</title>| p/Citrix Secure Gateway http admin/ o/Windows/ cpe:/a:citrix:secure_gateway/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 301 Moved Permanently\r\nCache-Control: no-cache\r\nConnection: close\r\nAccept-Ranges: none\r\nLocation: /CitrixLogonPoint/AccessGateway/\r\n\r\n| p/Citrix Secure Gateway http admin/ o/Windows/ cpe:/a:citrix:secure_gateway/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 301 Moved Permanently\r\nCache-Control: no-cache\r\nConnection: close\r\nAccept-Ranges: none\r\nLocation: /CitrixLogonPoint/Secured/\r\n\r\n| p/Citrix Secure Gateway http admin/ o/Windows/ cpe:/a:citrix:secure_gateway/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 301 Moved Permanently\r\nCache-Control: no-cache\r\nConnection: close\r\nAccept-Ranges: none\r\nLocation: https://([\w._-]+)/CitrixLogonPoint/Default/\r\nContent-Length: 0\r\n\r\n$| p/Citrix Access Gateway firewall http config/ d/firewall/ o/Windows/ h/$1/ cpe:/a:citrix:access_gateway/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Type: text/html; charset=utf-8\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-store\r\n.*<title>Instant Virtual Extranet</title>|s p/Juniper Seca HTTPS VPN appliance/ d/security-misc/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Nucleus WebServ\r\nWWW-Authenticate: Basic realm=\"/\"\r\n.*<H1>Authorization Required</H1></BODY></HTML>\r\n|s p/Nucleus WebServ/ i/Allied Telesyn 802x switch http config/ d/switch/ cpe:/h:alliedtelesyn:802x/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>Spectrum24 Access Point</title>\r\n\r\n| p/RapidLogic httpd/ v/$1/ i/Symbol Spectrum24 access point http config/ d/router/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"VoIP Configuration Web Server\"\r\nContent-type: text/html\r\n\r\n<html>\r\n<body><h1>401 Unauthorized</h1></body></html>\r\n$| p/Welltech Wellgate VoIP adapter http config/ d/VoIP adapter/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Thunderstone-Texis/([\d.]+)\r\n| p/Thunderstone Texis search appliance http config/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"B49G\"\r\n| p/Gigabyte B49G WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nServer: WoWEmu\r\n| p/WoWEmu httpd/ i/World of Warcraft emulated server/
match http m=^HTTP/1\.1 \d\d\d .*\r\nServer: InkHTTP/([\d.]+) Python/([\d.]+)\r\nDate: .*<title>Wirehog \| =s p/Wirehog http transfer interface/ i/InkHTTP $1; Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 \d\d\d .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>   IP PHONE 2 V([\d.]+)         </TITLE>| p/NG VoIP Phone 2 http config/ v/$1/ d/VoIP phone/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\nConnection: close\r\n\r\n<!DOCTYPE html.*\n<title>WikiHome</title>\n</head>\n<body>\n<div id='header'>\n<form method='get' action='/?Search'>\n<table border='0' width='100%'>\n<tr>\n<td align='left' ><strong>WikiHome</strong>  \( <a href='\?edit' title='Edit this wiki page contents\. \[alt-j\]' accesskey='j'>Edit</a> \)|s p/Didiwiki httpd/
match http m|^HTTP/1\.0 400 Wrong Port\r\nServer: ConferenceRoom/IRC\r\nConnection: Close\r\nContent-type: text/html\r\n\r\n<HTML><HEAD><TITLE>Connection to Wrong Port</TITLE></HEAD>\r\n<BODY>You have connected to an IRC server as if it were a web server</BODY>\r\n</HTML>\r\n| p/ConferenceRoom ircd/
match http m|^HTTP/1\.1 400 Bad Request\r\nServer:httpd\r\nDate: .*\r\nContent-Type:text/html\r\n\r\n<html><title>400 Bad Request </title>                         <body> <h1> Bad Request or Syntax Error/Not able to                         understand the request| p/Sagem F@st router httpd/ d/router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: NETID/([\d.]+)\r\n| p/Optivity NetID httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: WYM/([\d.]+)\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nLast-Modified: .*\r\n\r\n<HTML>\n<HEAD>\n<TITLE>IP Camera</TITLE>\n| p/WYM httpd/ v/$1/ i/Aviosys IP Camera http config/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<H1>\w+: A WebGroup/Virtual Host to handle / has not been defined\.</H1><BR><H3>\w+: A WebGroup/Virtual Host to handle [-\w_.:/]+ has not been defined\.</H3><BR><I>IBM WebSphere Application Server</I>| p/IBM WebSphere httpd/ cpe:/a:ibm:websphere_application_server/
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<H1>\w+: Un host WebGroup/Virtual per la gestione / non \xe8 stato definito\.</H1><BR><H3>\w+: A WebGroup/Virtual Host to handle [-\w_.:/]+ has not been defined\.</H3><BR><I>IBM WebSphere Application Server</I>| p/IBM WebSphere httpd/ i/Italian/ cpe:/a:ibm:websphere_application_server::::it/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<H1>\w+: Un host WebGroup/Virtual per la gestione / non \xe8 stato definito\.</H1><BR><H3>SRVE0017W: Un host WebGroup/Virtual per la gestione / non \xe8 stato definito\.</H3><BR><I>IBM WebSphere Application Server</I>| p/IBM WebSphere httpd/ i/Italian/ cpe:/a:ibm:websphere_application_server::::it/
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html;charset=ISO-8859-1\r\n\$WSEP: \r\nContent-Language: .*\r\nServer: WebSphere Application Server/([\d.]+)\r\n| p/IBM WebSphere httpd/ v/$1/ cpe:/a:ibm:websphere_application_server:$1/
match http m|^HTTP/1\.0 \d\d\d .*\t<title>Strongdc\+\+ webserver - Login Page</title>\t|s p/StrongDC++ httpd/
match http m|^HTTP/1\.0 200 OK\r\nServer: HellBot\r\n| p/HellBot Trojan httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: ENI-Web/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"standard@Modem\"\r\n\r\n| p/ENI-Web httpd/ v/$1/ i/Efficient SpeedStream router http config/
match http m|^<html>\n<title>48-Port 10/100/1000Mbps Web-Smart Gigabit Ethernet Switch</title>\n| p/D-Link 48-Port switch http config/ d/switch/ cpe:/h:dlink:48-port/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: MailEnable-HTTP/([\d.]+)\r\n| p/MailEnable httpd/ v/$1/ o/Windows/ cpe:/a:mailenable:mailenable:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nServer: Indy/([\d.]+)\r\n\r\n<HTML><BODY><B>200 OK</B></BODY></HTML>\r\n| p/Indy httpd/ v/$1/ i/WebRoot SpySweeper http config/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: Close\r\nContent-Type: text/html\r\nDate: .*\r\nLocation: login\.php\r\nServer: Kerio Embedded WebServer ([\d.]+)\r\nX-Powered-By: PHP/([\d.]+)\r\n\r\n| p/Kerio Embedded httpd/ v/$1/ i/PHP $2/ o/Windows/ cpe:/a:php:php:$2/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nServer: Agranat-EmWeb/R([\d._]+)\r\nWWW-Authenticate: Basic realm=\"read@\"\r\n\r\n401 Unauthorized\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/3Com SuperStack II Switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: and-httpd/(\d+\.\d+\.[-.\w]+) \(Debug\)|s p/and-httpd/ v/$1/ i/Debug version/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: and-httpd/(\d+\.\d+\.[-.\w]+) ([^\r\n]+)|s p/and-httpd/ v/$1/ i/$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: and-httpd/(\d+\.\d+\.[-.\w]+)|s p/and-httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: and-httpd|s p/and-httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: httpd\r\nDate: .*\r\nWWW-Authenticate: Basic\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H4>401 Unauthorized</H4>\nAuthorization required\.\n</BODY></HTML>\n| p/Linksys Wireless-G DSL router http config/ d/router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nPragma: no-cach\r\nContent-Type: text/html; charset=windows-1251\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>UserGate report area</TITLE>\r\n| p/UserGate http report area/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^<HTML>\r\n<HEAD>\r\n<TITLE>UserGate report area</TITLE>\r\n| p/UserGate http report area/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Kerio MailServer ([\d.]+) patch (\d+)\r\n\r\n|s p/Kerio MailServer http config/ v/$1 patch $2/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: VOIP\r\nWWW-Authenticate: Digest realm=\"VOIP\", nonce=\"\w+\", opaque=\"\w+\",| p/ACT VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: KHAPI/([\d.]+) \(Linux\)\r\n|s p/KHAPI httpd/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
# HP OpenView ITO agent (probably version 7.25) on Windows, port 383
# Moved from RTSPRequest because fallback can take care of it
match http m|^HTTP/1\.1 \d\d\d.*\r\nContent-Type: text/html(?:; charset=us-ascii)?\r\nServer: Microsoft-HTTPAPI/([\d.]+)\r\n| p/Microsoft HTTPAPI httpd/ v/$1/ i|SSDP/UPnP| o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Mediasurface/([\d.]+)\r\n| p/Mediasurface CMS httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: RapidLogic/([\d.]+)\r\n.*<TITLE>WireSpeed Data Gateway</TITLE>|s p/RapidLogic httpd/ v/$1/ i/WireSpeed Data Gateway router http config/ d/router/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: SmarterTools/([\d.]+)\r\n.*SmarterStats|s p/SmarterTools SmarterStats httpd/ v/$1/ o/Windows/ cpe:/a:smartertools:smarterstats/ cpe:/a:smartertools:smartertools_web:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: SmarterTools/([\d.]+)\r\n| p/SmarterTools httpd/ v/$1/ o/Windows/ cpe:/a:smartertools:smartertools_web:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*<HTML><HEAD><TITLE>Scientific-Altanta WebStar Cable Modem</TITLE>|s p/Scientific-Altanta WebStar Cable Modem http config/ d/broadband router/
# WebStar DPC2100 and EPC2100
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: micro_httpd\r\n.*<title>Scientific-Altanta WebStar Cable Modem</title>|s p/micro_httpd/ i/Scientific Atlanta WebStar Cable Modem http config/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 302 Redirect\r\n.*\r\nServer: GoAhead-Webs\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://Device/config/log_off_page\.htm\r\n\r\n| p/GoAhead WebServer/ i/Dell PowerConnect http config/ d/switch/ cpe:/a:goahead:goahead_webserver/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Enable Mode\"\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n<HTML><HEAD><TITLE><script>document\.location\.href='/config/AccessNotAllowedPage\.htm'| p/Allegro RomPager/ v/$1/ i/Dell PowerConnect http config/ d/switch/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 \d\d\d(?:[^\r\n]+\r\n)*?\r\n<BODY><CENTER><BR><BR><strong><font size=5 face=verdana>SRW224 24-Port 10/100 \+ 2-Port Gigabit <BR>|s p/Linksys SRW224 gigabit switch http config/ d/switch/ cpe:/h:linksys:srw224/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: close\r\nCache-Control: no-cache\r\nServer: SQ-WEBCAM\r\n| p/dvr1614n web-cam httpd/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: BeOS/PoorMan\r\n|s p/BeOS poorman httpd/ o/BeOS/ cpe:/o:be:beos/
match http m|^HTTP/1\.0 200\r\nContent-type: text/html\r\n\r\n<HTML>\r\n<HEAD><TITLE>WJ-NT104 MAIN PAGE</TITLE></HEAD>\r\n| p/Panasonic WJ-NT104 network camera httpd/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: TwistedWeb/([\d.]+)\r\n\r\n.*<title>Punjab |s p/TwistedWeb httpd/ v/$1/ i/Punjab HTTP -> XMMP proxy/ cpe:/a:twistedmatrix:twistedweb:$1/a
match http m|^HTTP/1\.1 \d\d\d .*<title>I\.M\. Everywhere</title>|s p/Trillian IM Everywhere http plugin/ o/Windows/ cpe:/a:trillian:trillian/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Grandstream/([\d.]+)\r\n\r\n|s p/Grandstream VoIP phone http config/ v/$1/ d/VoIP phone/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(RV042)\"\r\n| p/thttpd/ i/Linksys $1 VPN router http config/ d/router/ cpe:/a:acme:thttpd/ cpe:/h:linksys:$1/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(RV0041)\"\r\n.*<h2>401 Unauthorized<h2>\n  <p>\n  Authorization required for the URL\.\n</body>\n</html>\n$|s p/thttpd/ i/Linksys $1 router http config/ d/router/ cpe:/a:acme:thttpd/ cpe:/h:linksys:$1/a
match http m|^HTTP/1\.0 200 OK\r\nServer: Router/([\d.]+)\r\n.*<TITLE>Cable/xDSL Wireless Router</TITLE>|s p/SparkLAN WX-2211A wireless router http config/ v/$1/ d/router/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: LiteServe/([\d.]+)\r\n| p/Perception LiteServe httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: httpd-impacct/([\d.]+) ([\d/]+)\r\n| p/Zonet ZSR0104CP router http config/ v/$1/ i/Released $2/ d/router/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: YAZ/([\w._-]+)\r\n|s p/YAZ Z39.50 http interface/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: svea_httpd/([\d.]+) ([^\r\n]+)\r\n| p/svea_httpd/ v/$1 $2/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: svea_httpd/([\d.]+)\r\n| p/svea_httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Microsoft-PWS/([\d.]+)\r\n| p/Microsoft Peer Web Services httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Microsoft-PWS-95/([\d.]+)\r\n| p/Microsoft Peer Web Services 95 httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 302 Found\r\nConnection: Close\r\nLocation: /iw-cc/command/iw\.base\.show_done_page| p/Interwoven TeamSite game proxy httpd/
match http m|^HTTP/1\.0 302 Found\r\nLocation: http://xbtt\.sourceforge\.net/\r\n\r\n| p/xbtt bittorrent tracker httpd/
match http m|^HTTP/1\.1 302 Found\r\nLocation: http://([-\w_.]+)/.*<FONT face=\"Helvetica\">\n<big>Redirect \(authentication_redirect_to_virtual_host\)</big>|s p/Blue Coat http config/ h/$1/
match http m|^HTTP/1\.0 200 OK\nServer: EntropyChat ([\d.]+)\n| p/cPanel EntropyChat httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: Jaguar Server Version ([\d.]+)\r\n.*<TITLE>Sybase EAServer Version ([\d.]+)\n</TITLE>|s p/Jaguar/ v/$1/ i/Sybase EAServer $2/ cpe:/a:sybase:easerver:$2/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Jetty\(EAServer/([\w._ -]+)\)\r\n|s p/Jetty/ i/Sybase EAServer $1/ cpe:/a:mortbay:jetty/ cpe:/a:sybase:easerver:$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: BRS-WebWeaver/([\d.]+)\r\n| p/BRS WebWeaver httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: eSoft/([\d.]+) \(Unix\)\r\n| p/eSoft emumail webmail httpd/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nServer: tigershark/([\d.]+) | p/tigershark httpd/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 200 Document Follows\r\n.*CONTENT=\"TANDBERG ASA \(http://www\.tandberg\.net\)\">\r\n<meta name=\"description\"\r\ncontent=\"TANDBERG is a leading global provider of videoconferencing|s p/Tandberg video conferencing http config/ d/media device/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nContent-type: text/html\r\nServer: Tandberg Television Web server\r\n| p/Tandberg Television httpd/ d/media device/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"([^\"]+)\"\r\n.*\r\n.*\r\nServer :Tandberg Television Web server\r\n| p/Tandberg Television httpd/ i/Realm: $1/ d/media device/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\n\n<!-- \n#ident \"%W%\"\n# Copyright \(c\) 2\d+ SteelEye Technology Inc\. - Mountain View, CA, USA\n################### LifeKeeper| p/SteelEye LifeKeeper cluster http config/ o/Unix/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Ubicom/([\d.]+)\r\n.*<title>D-Link Gaming Router : Login</title>|s p/Ubicom httpd/ v/$1/ i/D-Link gaming router http config/ d/router/ cpe:/a:ubicom:httpd:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\d.]+)\r\n\r\n<HTML>\n<HEAD>\n<TITLE>LANIER 5613 / LANIER Network Printer D model-Network Administration</TITLE>|s p/Allegro RomPager/ v/$1/ i/Lanier 5613 network printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 \d\d\d .*\nServer: Novell-HTTP-Server/([\w.]+)\n.*<TITLE>GroupWise WebAccess</TITLE>|s p/Novell-HTTP-Server/ v/$1/ i/Novell GroupWise webmail/ cpe:/a:novell:groupwise_webaccess/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Novell-Agent ([\w._-]+) \(Linux\)\r\n.*<TITLE>GroupWise Monitor  - Status</TITLE>|s p/Novell GroupWise Monitor/ v/$1/ o/Linux/ cpe:/a:novell:groupwise/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.0 \d\d\d .*\nDate: .*\nServer: Novell-HTTP-Server/([\w._-]+)\n| p/Novell httpd $1/
match http m|^HTTP/1\.0 400\r\nContent-Type: text/html\r\n\r\n<html><head><title>Error</title></head><body>\r\n<h2>ERROR: 400</h2>\r\nHost name unspecified\.\n<br>\r\n</body></html>\r\n$| p/Teros application firewall/ d/firewall/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Intoto ?Http ?Server..([\d.]+)\r\n|s p/Intoto httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nConnection: close\r\nServer: httrack-small-server\r\n| p/httrack offline browsing httpd/ o/Windows/ cpe:/a:httrack:httrack/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: GeneWeb/([\d.]+)\r\n| p/GeneWeb httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*USEMAP=.SwitchMasthead ALT=\\\"Fast Ethernet Switch 8275-416\\|s p/IBM 8275-416 switch http config/ d/switch/ cpe:/h:ibm:8275-416/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: jabberd ([\d.]+)\r\n| p/jabberd httpd/ v/$1/ cpe:/a:jabberd:jabberd:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html>\n\t<head>\n\t\t<title>Enigma Web Interface</title>\n\t| p/Dreambox DVB Enigma httpd/ d/media device/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: VB150\r\n.*<title>WebView Livescope</title>|s p/Canon WebView VB150 http config/ d/webcam/ cpe:/h:canon:webview_vb150/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: iGuard Embedded Web Server/([\w.]+) \((FPS\d+)\) SN:([-\w]+)\r\n| p/iGuard Embedded Web Server/ v/$1/ i/iGuard $2 FingerPrint Scanner http config; SN: $3/ d/security-misc/
match http m|^HTTP/1\.0 \d\d\d .*<title>SP200X Web Configuration Pages</title>|s p/SignalSys SP200X VoIP http config/ d/VoIP adapter/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Beagle-XSP Server/([\d.]+) Unix\r\nX-Powered-By: ([^\r\n]+)\r\n| p/Beagle XSP/ v/$1/ i/$2/ o/Unix/
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"Instant Internet\"\r\n\r\n| p/Nortel Instant Internet remote access httpd/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: NetworkActiv-Web-Server/([\d.]+)\r\n|s p/NetworkActiv httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: ATEN HTTP Server\(V([\d.]+)\)\r\n| p/Aten httpd/ v/$1/ i/Aten KVM http config/
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-authenticate: basic realm=\"Vina Technologies eLink 200\"\r\n| p/Vina Technologies eLink 200 http config/ d/router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-authenticate: basic realm=\"Vina Technologies T1 Integrator\"\r\n| p/Vina Technologies T1 Integrator http config/ d/telecom-misc/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: CPWS\r\n| p/Connectra Check Point Web Security httpd/ d/security-misc/ cpe:/a:checkpoint:connectra/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Agranat-EmWeb/R([-\w_.]+)\r\nWWW-Authenticate: Basic realm=\"Efficient Networks Web User Interface\"\r\n\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Efficient Networks router http config/ d/router/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Niagara Web Server/([\d.]+)\r\nNiagara-Release: ([-\w_.]+)\r\n|s p/Sun Niagara httpd/ v/$1/ i/Niagara release $2/
#The following two lines are for the Tridium Niagara embedded device httpd, NOT the Sun (now Oracle) Solaris httpd - Tom
match http m|^HTTP/1\.[01] \d\d\d .*\r\nNiagara-Platform: ([^\r\n]+).*Server: Niagara Web Server/([\d.]+)\r\n|is p/Tridium Niagara httpd/ v/$2/ d/specialized/ o/$1/ cpe:/a:tridium:niagara:$2/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Niagara Web Server/([\d.]+)\r\n|is p/Tridium Niagara httpd/ v/$1/ d/specialized/ cpe:/a:tridium:niagara:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: The Knopflerfish HTTP Server\r\n|s p/Knopflerfish httpd/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: HTTP\r\n.*<title>Inventel</title>|s p/Inventel router http config/ d/router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Nanox WebServer\r\n| p/Nanox Web Digital Video Recorder http config/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nServer: NetPort Software ([\d.]+)\r\nDate:.* - VSX 7000</title>|s p/NetPort httpd/ v/$1/ i/Polycom VSX 7000 video conferencer http config/ d/webcam/
match http m|^HTTP/1\.0 200 OK\r\nServer: Firewall\r\n.*<TITLE>WatchGuard Configuration Settings</TITLE>|s p/WatchGuard Firebox Soho Firewall http config/ d/firewall/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?WWW-Authenticate: Digest  realm=\"spa user\", domain=\"/\".*<title>Sipura SPA Configuration</title>|s p/Sipura SPA VoIP http config/ d/VoIP adapter/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: ipMonitor ([\d.]+)\r\n| p/MediaHouse ipMonitor httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] \d\d\d .*\nServer: Tarantella/([\d.]+)\n| p/Tarantella httpd/ v/$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: RealServer ([\d.]+)\r\n.*<H2>Access to RealServer 5\.0 Administration Denied</H2></HTML>\n|s p/RealServer httpd/ v/$1/ i/Access denied/
match http m|^HTTP/1\.0 \d\d\d .*<TITLE>AXIS ([\d]+) Camera Server</TITLE>|s p/AXIS $1 camera httpd/ d/webcam/ cpe:/h:axis:$1/
match http m|^HTTP/1\.0 \d\d\d .*<TITLE>The AXIS 200\+ Home Page</TITLE>|s p/AXIS 200+ camera httpd/ d/webcam/ cpe:/h:axis:200%2b/
match http m|^HTTP/1\.0 200 OK\r\n.*<TITLE>AXIS 2400 Video Server</TITLE>|s p/AXIS 2400 video httpd/ d/webcam/ cpe:/h:axis:2400/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Web Crossing/([\d.]+)\r\n|s p/Web Crossing collaboration httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Kannel/([\d.]+)\r\n| p/Kannel SMS proxy httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/(\d[-.\w]+)\r\n\r\n.*<title>ExtremeWare Management Interface</title>|s p/Allegro RomPager/ v/$1/ i/Extreme Networks switch http config/ d/switch/ o/ExtremeWare/ cpe:/a:allegro:rompager:$1/ cpe:/o:extremenetworks:extremeware/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/(\d[-.\w]+)\r\n\r\n<HTML>\n<HEAD>\n<TITLE>AudioCodes\n</TITLE>|s p/Allegro RomPager/ v/$1/ i/AudioCodes VoIP gateway http config/ d/VoIP adapter/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"Switched Rack PDU\"\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n| p/Allegro RomPager/ v/$1/ i/APC switched rack PDU http config/ d/power-device/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"IES-1000 \w+-\d+\"\r\nContent-Type: text/html\r\nServer: ZyXEL-RomPager/([\d.]+)\r\n\r\n| p/ZyXEL RomPager/ v/$1/ i/ZyXEL IES-1000 DSLAM http config/ d/telecom-misc/ cpe:/a:zyxel:rompager:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: DIONIS/([\d.]+)\r\n| p/DIONIS httpd/ v/$1/
match http m|^HTTP/1\.0 400 Bad-Request\nHTTP/1\.0 200 OK\r\n.*Aironet BR500E V([\d.]+)</td>|s p/Cisco Aironet BR500E wireless bridge http config/ v/$1/ d/WAP/ cpe:/h:cisco:aironet_br500e/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"4AFXS Configuration Web Server\"\r\n| p/SunComm 4AFXS VoIP gateway http config/ d/VoIP adapter/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ATR-HTTP-Server/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Allied Telesyn AR410\"\r\n|s p/ATR httpd/ v/$1/ i/Allied Telesyn AR410 http config/ d/router/ cpe:/h:alliedtelesyn:ar410/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle_Web_Listener/([\d.]+)EnterpriseEdition\r\n|s p/Oracle Web Listener Enterprise Edition/ v/$1/ cpe:/a:oracle:apex:$1::enterprise/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle_Web_Listener/([\d.]+)AdvancedEdition\r\n|s p/Oracle Web Listener Advanced Edition/ v/$1/ cpe:/a:oracle:apex:$1::advanced/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle_Web_listener_?([^\r\n]+)\r\n|s p/Oracle Web Listener/ v/$1/ cpe:/a:oracle:apex:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: VOMwebserver v([\d.]+)\r\n|s p/VOMwebserver/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: RapidLogic/([\d.]+)\r\n.*<TITLE>Net2Phone Init Page</TITLE>|s p/RapidLogic httpd/ v/$1/ i/Net2Phone VoIP adapter http config/ d/VoIP adapter/ cpe:/a:rapidlogic:httpd:$1/

match http m|^HTTP/1\.0 \d\d\d .*<title>IT Temperature Monitor: ([^<]+)</title>.*<TD>Model:</TD><TD width=10 rowspan=3><BR></TD><TD>([-\w_.]+)</TD><TD width=20 rowspan=3><BR></TD><TD>Firmware Version:</TD><TD width=10 rowspan=3><BR></TD><TD>([\d.]+)</TD>|s p/Sensatronics $2 remote temperature monitor httpd/ i/name $1; Firmware version $3/ d/specialized/
match http m|^HTTP/1\.0 \d\d\d .*<title>IT Temperature monitor: ([^<]+)</title>.*<TD>Model:</TD><TD width=10 rowspan=7><BR></TD><TD>([-\w_.]+)</TD>.*<TD>Firmware Version:</TD><TD>([\d.]+)</TD>|s p/Sensatronics $2 remote temperature monitor httpd/ i/name $1; Firmware version $3/ d/specialized/

match http m|^HTTP/1\.1 \d\d\d .*<font color=#FFFFFF size=5>Cisco ATA 186 \(SIP\)</font>|s p/Cisco ATA 186 SIP http config/ d/VoIP adapter/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: AKCP Embedded Web Server| p/AKCP embedded httpd/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\d.]+)\r\n.*<meta content=\"Printer with Embedded Web Server\"|s p/Allegro RomPager/ v/$1/ i/Xerox Phaser 4500 printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:xerox:phaser_4500/a
match http m|^HTTP/1\.0 200 OK\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>JetDirect Home Page</TITLE>\r\n\r\n</HEAD>\r\n<BODY>\r\n<P>\r\nWelcome to the HP JetDirect print server!\r\n| p/HP JetDirect printer http config/ d/printer/
match http m|^HTTP/1\.0 200 OK\r\nServer: JVC/([\d.]+)\r\n.*<html>\r\n<head>\r\n.*<title>V\.Networks|s p/JVC V.Networks video httpd/ v/$1/ d/media device/
match http m|^HTTP/1\.0 401\r\nServer: JVC/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?\r\n<html><body><h1>401 Unauthorized</h1></body></html>\r\n|s p/JVC V.Networks video httpd/ v/$1/ i/Authentication enabled/ d/media device/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?WWW-Authenticate: Digest  realm=\"pap user\".*<title>Linksys PAP2 Configuration</title>|s p/Linksys PAP2 VoIP http config/ d/VoIP adapter/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: SWS-([\d.]+)\r\n|s p/Sun WebServer/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*<title>Dominion SX32</title>|s p/Raritan Dominion SX32 http config/ d/terminal server/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Sensorsoft-Remote-Watchman-Enterprise/([\d.]+)\r\n| p/Sensorsoft Remote Watchman Enterprise/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 302 Found\r\nLocation: /cgi-bin/guestimage\.html\r\nContent-type: text/html; charset=ISO-8859-1\r\nCache-Control: no-cache\r\n\r\n.*<title>\r\nRedirect to guestimage: /cgi-bin/guestimage\.html\r\n|s p/thttpd/ i/Mobotix M10 PRISMB web cam http config/ d/webcam/ cpe:/a:acme:thttpd/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nContent-Length: 0\r\nLocation: /\?[a-z\d]{7,8}\r\n| p/Urchin RSS aggregator/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Meridian Data/([\d.]+)\r\n| p/Meridian Quantum Snap! http config/ v/$1/ d/storage-misc/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Login\"\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY><H1>401 Unauthorized Access Attempt</H1>\nYou are not authorized to access the requested file\.</BODY></HTML>$| p/Cisco VG248 http config/ d/telecom-misc/
match http m|^HTTP/1\.0 200 Ok\r\n.*<H1>(ZBR\d+) - ZebraNet PrintServer</H1>|s p/ZebraNet $1 print server http config/ d/print server/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: GoAhead-Webs\r\nDate: (?:[^\r\n]*\r\n(?!\r\n))*?WWW-Authenticate: Basic realm=\"Wireless Access Point\"\r\n.*\r\n<html><head><title>Document Error: Unauthorized</title></head>\r\n\t\t<body><h2>Access Error: Unauthorized</h2>\r\n\t\twhen trying to obtain <b>/</b><br><p>Access to this document requires a User ID</p></body></html>\r\n\r\n|s p/GoAhead WebServer/ i/Ovislink WAP http config/ d/WAP/ cpe:/a:goahead:goahead_webserver/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"(WN-\w+)\"\r\n.*<title> Authorization warning</title>|s p/Ovislink $1 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nServer: HyNetOS/([\d.]+)\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>EverFocus EDSR Applet \(([\d.]+)\)</TITLE>| p/EverFocus webcam http config/ i/EDSR Applet $2; HyNetOS $1/ d/webcam/ o/HyNetOS/ cpe:/o:hyperstone:hynetos:$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<title>MoBif TA-200 Configuration</title>\n| p/MoBif TA-200 http config/ d/VoIP adapter/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\w.]+)\r\n\r\n.*<title>PagePro 9100 / PagePro 9100</title>\n.*<a href=\"http://www\.minolta-qms\.com\">|s p/Allegro RomPager/ v/$1/ i/Minolta 9100 printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:minolta:9100/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-type: text/html\r\n\r\n<HTML><HEAD><TITLE>OkiLAN (\w+)</TITLE>| p/OkiData printer http config/ i/OkiLAN $1/ d/printer/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: IPCheck/([\d.]+) *\r\n\r\n|s p/IPCheck httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Aragorn\r\nWWW-Authenticate: Basic realm=\"Please enter User name and password\"\r\n| p/Aastra 480i VoIP phone http config/ d/VoIP phone/ cpe:/h:aastra:480i/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Aragorn\r\nWWW-Authenticate: Basic realm=\"Aastra ([\w._ -]+)\"\r\n| p/Aastra $1 VoIP phone http config/ d/VoIP phone/ cpe:/h:aastra:$1/
match http m|^HTTP/1\.1 200 Ok\r\nServer: snom embedded\r\n.*\n<TITLE>snom ?(\w+)(?:-[\dA-F]+)?</TITLE>\n|s p/Snom $1 VoIP phone http config/ d/VoIP phone/ cpe:/h:snom:$1/a
match http m|^HTTP/1\.1 403 Forbidden\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nCache-Control: no-store\r\nServer: snom embedded\r\n.*<TITLE>snom VoIP phone: Error</TITLE>|s p/Snom 300 VoIP phone http config/ i/secure connection required/ d/VoIP phone/ cpe:/h:snom:300/a
match http m|^HTTP/1\.1 200 Ok\r\nServer: snom embedded\r\n.*\n<html>\n<head>\n\n<title>snom 105 VoIP Phone :: Home</title>|s p/Snom 105 VoIP phone http config/ d/VoIP phone/ cpe:/h:snom:105/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"main@SP1\"\r\nContent-type: text/html\r\n {34}\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/CyberIQ HyperFlow 3 switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 200 OK\r\nAllow:GET\r\nContent-Type:text/html\r\nExpires: .*\r\nContent-Length:\d+\r\n\r\n<HTML><HEAD><TITLE>Ringdale Printserver </TITLE>| p/Ringdale print server http config/ d/print server/
match http m|^HTTP/1\.0 302 Found\nLocation: /login\.ews\r\nCache-Control: no-store\nContent-Type: text/html\r\n\r\n| p/Emerald Management Suite httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"FXO Configuration Web Server\"\r\nContent-type: text/html\r\n\r\n<html>\r\n<body><h1>401 Unauthorized</h1></body></html>\r\n| p/Tandem NSK D40 http config/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: glass/([\d.]+) Python/([-\w.]+)\r\n| p/IronPort AsyncOS http config/ i/glass $1; Python $2/ o/AsyncOS/ cpe:/a:python:python:$2/ cpe:/o:cisco:asyncos/a
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=iso-8859-1\r\nPragma: No-cache\r\nServer: ACOS HTTPD/([\d.]+)\r\nCache-Control: no-cache\r\n(?:[^\r\n]+\r\n)*?\r\n<html>\r\n<head>\r\n<title>neuf telecom</title>\r\n|s p/ACOS httpd/ v/$1/ i/Neuf Box router http config/ d/router/
match http m|^HTTP/1\.0 200 OK\r\nServer: U S Software Web Server\r\n.*<html>\n<head>\n<title>StorageLoader</title>\n|s p/Tandberg Data StorageLoader http config/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nServer: U S Software Web Server\r\n.*<html>\r\n<head>\r\n<title>StorageLoader</title>\r\n|s p/Tandberg Data StorageLoader Ultrium LTO http config/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: VykTor XML WinAmp Server/([\d.]+)\r\nMIME-version: [\d.]+\r\n.*<title>Snow Crash</title>\r\n|s p/Snowcrash WinAmp http control plugin/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*\n<TITLE>\nGigaset M740 AV - Experimentelles Web-Interface\n</TITLE>\n|s p/Siemens Gigaset M740 http config/ d/media device/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Spinnaker/([\d.]+)\r\n| p/Searchlight Software Spinnaker httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 401 Authorization Required\nWWW-Authenticate: Basic realm=\"HERCULES\"\n| p/Hercules mainframe emulator http config/
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\n(?:X-Frame-Options: SAMEORIGIN\r\n)?Location: https://pgpuniversal_| p/PGP Universal httpd/ cpe:/a:pgp:universal_server/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle/([\d.]+)\r\nWWW-Authenticate: Basic realm=\"XDB\"\r\n|s p/Oracle XDB httpd/ v/$1/ cpe:/a:oracle:database_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle XML DB/Oracle Database\r\nWWW-Authenticate: Basic realm=\"XDB\"\r\n|s p/Oracle XDB httpd/ cpe:/a:oracle:database_server/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle XML DB/Oracle9i Release ([^\r\n]+)\r\n|s p/Oracle XDB httpd/ v/$1/ cpe:/a:oracle:database_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\n<meta name=\"GENERATOR\" content=\"Active WebCam ([\d.]+) \(http://www\.pysoft\.com\) \[Unregistered\]\">\r\n\r\n|s p/Active WebCam httpd/ v/$1/ i/Unregistered/ d/webcam/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: GoAhead-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Venturi NMS\"\r\n| p/GoAhead WebServer/ i/Venturi wireless accelerator http config/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?server: SAP Web Application Server \(([-\w_.;]+)\)\r\n|s p/SAP Web Application Server/ v/$1/ cpe:/a:sap:netweaver:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"SIP Phone\"\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>401 Unauthorized Ip Phone Access</title>\r\n| p/Tecom Co. SIP-Phone http config/ d/VoIP phone/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: SentinelKeysServer/([\w._-]+)\r\n| p/SafeNet Sentinel Keys License Monitor httpd/ v/$1/ i/Java Console/ cpe:/a:safenet-inc:sentinel_keys_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Techno Vision Security System Ver\. ([\d.]+)\r\n| p/Techno Vision Security System http config/ v/$1/ d/webcam/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: webcamXP\r\n\r\n<html><head><title>.*</title><meta name=\"generator\" content=\"webcamXP PRO v([\d.]+)\">|s p/webcamXP PRO http config/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: webcamXP\r\n|s p/webcamXP httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: webcamXP (\d+)\r\n|s p/webcamXP httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Rapidsite/Apa/([\d.]+) \(Unix\) (.*)\r\n| p|Rapidsite/Apa httpd| v/$1/ i/$2/ o/Unix/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Rapidsite/Apa\r\n| p|Rapidsite/Apa httpd|
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"Sip Utility Set\", nonce=| p/Avaya 4602 VoIP phone http config/ d/VoIP phone/ cpe:/h:avaya:4602/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Sun-ILOM-Web-Server/([\d.]+)\r\n| p/Sun Integrated Lights-Out httpd/ v/$1/ d/remote management/ cpe:/h:sun:integrated_lights-out:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Apple Embedded Web Server/([\d.]+)\r\n| p/Apple Embedded httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: iPrism-httpd/v3 \(Unix\) ssl_enabled ossl\r\n| p/St. Bernard iPrism firewall http config/ i/ssl enabled/ d/firewall/ o/Unix/
match http m|^HTTP/1\.0 403 Forbidden\r\nServer: iPrism/v3\r\n| p/St. Bernard iPrism firewall http config/ d/firewall/
# ExtremeWare XOS was renamed ExtremeXOS in version 12.0
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: XOS (\w+)\r\n| p/ExtremeWare XOS httpd/ v/$1/ o/ExtremeXOS/ cpe:/o:extremenetworks:extremeware_xos/
match http m|^HTTP/1\.0 200 Okay\r\nConnection: close\r\nServer: BaseSwitch 801FM\r\nContent-Type: text/html\r\n\r\n<HTML>\n<HEAD><TITLE>Welcome to Transtec AG WEBServer</TITLE>| p/Transtec BaseSwitch 801FM http config/ d/switch/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nContent-Length: 0\r\nWWW-Authenticate: Basic realm=\"Authenticated_User@P330\"\r\n\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Avaya P330 switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a cpe:/h:avaya:p330/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Systinet Server for Java/([\d.]+) \(([^)]+)\)\r\n| p/Systinet Server for Java/ v/$1/ i/$2/
match http m|^HTTP/1\.1 200 OK\r\nServer: Miralix License Server\r\n| p/Miralix license server httpd/ o/Windows/ cpe:/o:microsoft:windows/a

match http m=^HTTP/1\.0 \d\d\d .*\r\nServer: (EWS-NIC\w+)/([\d.]+)\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<title>Dell (?:Laser Printer|Color Laser|MFP Laser) ([\w+]+)</title>\n= p/$1/ v/$2/ i/Dell $3 laser printer http config/ d/printer/ cpe:/h:dell:$3/
match http m=^HTTP/1\.1 \d\d\d .*\r\nServer: (EWS-NIC\w+)/([\d.]+)\r\n.*<title>\r\nDell (\w+) (?:Color Laser|MFP)</title>=s p/$1/ v/$2/ i/Dell $3 printer http config/ d/printer/ cpe:/h:dell:$3/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: (EWS-NIC\w+)/([\d.]+)\r\n.*<title>(Phaser \w+) - Phaser [\w-]+</title>|s p/$1/ v/$2/ i/Xerox $3 printer http config/ d/printer/ cpe:/h:xerox:$3/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: (EWS-NIC\w+)/([\d.]+)\r\n.*<title>(WorkCentre \w+)</title>|s p/$1/ v/$2/ i/Xerox $3 printer http config/ d/printer/ cpe:/h:xerox:$3/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: (EWS-NIC\w+)/([\d.]+)\r\n|s p/$1/ v/$2/ i/Xerox printer http config/ d/printer/

match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: tracd/([-\w_.]+) Python/([-\w_.]+)\r\n| p/Tracd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Sametime Server \(Meeting Services\) ([\d.]+)\r\n\r\n| p/IBM Lotus Sametime httpd/ v/$1/ cpe:/a:ibm:lotus_sametime:$1/
# Not sure if this is used anywhere other than the debian
# apt caching server "approx"...
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: OCaml HTTP Daemon\r\n| p/OCaml httpd/
match http m|^HTTP/1\.0 200 OK\nContent-Type: text/plain\nContent-Length: \d+\n\nerror\nno table param specified\n| p/Ingenuity Works ATRT minidb/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Anapod Manager ([\w.]+)\r\n| p/Anapod iPod Explorer httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: IISGuard\r\n| p/Troxo IISGuard/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*<title>Smart VoIP IAD Web Configuration Pages</title>|s p/Patton SmartLink 4020 VoIP adapter http config/ d/VoIP adapter/ cpe:/h:patton:sl4020/ cpe:/o:patton:smartware/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: DesktopAuthority/([\d.]+)\r\n|s p/ScriptLogic DesktopAuthority httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 302 Please login\.\nDate: .*\nServer: (P560\.GSI\.[\d.]+)\n| p/Gemtek P560 WAP http config/ v/$1/ d/WAP/ cpe:/h:gemtek:p560/a
match http m|^HTTP/1\.0 302 Please login\.\nDate: .*\nServer: RG4000\.CMC\.([\d.]+)\n| p/RG4000 Access Control Gateway/ v/$1/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\n\r\n<HTML>\r\r\n<BODY>\r\r\n\r\r\n<APPLET CODE=\"SimpleCamApplet2\.class\" CODEBASE=\"http://([-\w_.]+)/.*\" WIDTH=\"(\d+)\" HEIGHT=\"(\d+)\">| p/SimpleCam httpd/ i/Webcam resolution: $2x$3/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: LogMeIn/([\d.]+)\r\n|s p/LogMeIn httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: MacroMaker\r\n| p/MacroMaker httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m=^HTTP/1\.0 \d\d\d .*\r\nServer: NI Service Locator/([\w._-]+) \((?:SLServer|LabVIEW)\)\r\n= p/National Instruments LabVIEW service locator httpd/ v/$1/ cpe:/a:ni:labview:$1/
match http m|^HTTP/1\.1 406 Not Acceptable\r\nServer: Phex ([\d.]+)\r\n\r\n| p/Phex HTML-Shared File Export httpd/ v/$1/
match http m|^HTTP/1\.1 403 Browsing disabled\r\nServer: Phex ([\d.]+)\r\n\r\n$| p/Phex HTML-Shared File Export httpd/ v/$1/
match http m|^HTTP/1\.0 200 NoPhrase\r\n.*\r\n<HTML>\r\n<HEAD>\r\n<TITLE>\[JMX RI/([\d.]+)\] Agent View</TITLE>|s p/Sun Java Management Extensions Reference Installation httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nETag: \"[\w_]+\"\r\nAccept-Ranges: bytes\r\nContent-Length: 79\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html>\n<script language=javascript>\n\ntop\.location=\"/login\";\n\n</script>\n</html>\n| p|Fortinet VPN/firewall http config| d/firewall/
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\nDate: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<script>\ntop\.location\.href=\"/login_en\.htm\";\n</script>\n\n| p/Siemens Gigaset SE505 WAP http config/ d/WAP/ cpe:/h:siemens:gigaset_se505/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nServer: Gigaset ([^\r\n]+)\r\n| p/Siemens Gigaset $1 WAP http config/ d/WAP/ cpe:/h:siemens:gigaset_$1/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: Keep-Alive\r\nServer: Siemens Gigaset C450 IP\r\n| p/Siemens Gigaset C450 IP VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: Keep-Alive\r\nServer: Siemens Gigaset ([^\r\n]+)\r\n| p/Siemens Gigaset $1 WAP http config/ d/WAP/ cpe:/h:siemens:gigaset_$1/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"dbox\"\r\n\r\nAccess denied\.\r\n| p/Dbox2 Neutrino httpd/ d/media device/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: nhttpd/([\w._-]+) \(yhttpd_core/([\w._-]+)\)\r\n.*<title>dbox yWeb</title>|s p/nhttpd/ v/$1/ i/dbox yWeb http config; based on yhttpd_core $2/ d/media device/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: nhttpd/([\w._-]+) \(yhttpd_core/([\w._-]+)\)\r\n|s p/nhttpd/ v/$1/ i/based on yhttpd_core $2/
match http m|^HTTP/1\.0 \d\d\d .*<meta http-equiv=\"powerstate\" content=\"Switch Port7,0\">\n<meta http-equiv=\"powerstate\" content=\"Switch Port8,0\">\n<TITLE>ExpPowerControl</TITLE>|s p/Expert Power Control NET http config/ d/power-device/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: aidex/([\d.]+) \(Win32\)\r\n| p/aidex httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: httpd\r\n.*<!-- \r\n\(c\) 2003 Motorola, Inc\. All Rights Reserved\. \r\n-->\r\n\r\n<title>Motorola HomeNet Product WE800G</title>\r\n|s p/Motorola HomeNet WE800G http config/ d/bridge/ cpe:/h:motorola:homenet_we800g/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: httpd\r\n.*<!-- \r\n\(c\) 2003 Motorola, Inc\. All Rights Reserved\. \r\n-->\r\n\r\n<title>Motorola HomeNet Product WR850G</title>\r\n|s p/Motorola HomeNet WR850G http config/ d/broadband router/ cpe:/h:motorola:homenet_wr850g/a
match http m|^HTTP/1\.0 200 Ok Welcome to VOC\r\nServer: Voodoo chat daemon ver perl ([^\r\n]+)\r\n| p/Voodoo chat daemon httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: AP HTTP Server\r\nSet-Cookie: LogIn=0\r\n.*<frame name=\"top\" src=\"/cgibin/entry\" marginwidth=\"10\" marginheight=\"10\" scrolling=\"auto\" frameborder=\"0\">\n    <frame name=\"center\" src=\"/user/images/selected/logslct\.gif|s p/Nortel Integrated Conference bridge http config/ i/AP HTTPd/ d/bridge/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Polycom SoundPoint IP Telephone HTTPd\r\n| p/Polycom SoundPoint VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: BISW_SDR\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"WebAdmin\"\r\nPragma: no-cache\r\n| p|Billion/TeleWell ADSL modem http config| d/broadband router/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n.*getElementById\(\"cTextChg\"\)\.innerHTML = \"<p>Die soeben durchgef&uuml;hrte System&uuml;berpr&uuml;fung hat ergeben,<br>\" \+\n \"dass ihr Bildschirm nicht die minimal erforderliche Aufl\xf6sung hat\.</p>|s p/T-Com Speedport W 501V WAP http config/ i/German/ d/WAP/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: David-WebBox/([\w.]+) \((\d+)\)\r\n| p/David WebBox httpd/ v/$1.$2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>WireSpeed Dual Connect</TITLE>\r\n\r\n<META http-equiv=\"PRAGMA\" content=\"NO-CACHE\"></META>\r\n\r\n| p/Westell C90 ADSL router http config/ v/RapidLogic httpd $1/ d/broadband router/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:westell:c90/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nMIME-Version: 1\.0\r\nDate: .*\r\nServer: PeopleSoft RENSRV/v([\d.]+)\r\n| p/Peoplesoft REN Server httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nExpires: .*\r\nPragma: no-cache\r\n\r\n<HTML><HEAD><TITLE>Actiontec</TITLE>\n|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Actiontec R1524SU http config/ d/broadband router/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:actiontec:r1524su/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: HFS ([^\r\n]+)\r\n|s p/HttpFileServer httpd/ v/$1/ o/Windows/ cpe:/a:rejetto:httpfileserver:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Set-Cookie: HFS_SID=0\.\d{15}; path=/|s p/HttpFileServer httpd/ o/Windows/ cpe:/a:rejetto:httpfileserver/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Ultraseek/([\d.]+)\r\n| p/Ultraseek httpd/ v/$1/ cpe:/a:ultraseek:ultraseek:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Cache-control: no-cache\r\nContent-length: \d+\r\nContent-type: text/html\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>LANB Remote Upgrade Authentication</TITLE>\r\n.*<FONT face=\"Arial Black\" color=black size=5>VoIP Card Remote Upgrade</FONT>|s p/LG Electronics VoIP board http config/ d/VoIP adapter/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: CherryPy/([\w._-]+)\r\n.*Hi, this is ehcp-python background proses, under development now\.\.\.|s p/CherryPy httpd/ v/$1/ i/Easy Hosting Control Panel/ cpe:/a:cherrypy:cherrypy:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: IVC Enterprise Video Server\r\n| p/IVC Enterprise Video Server http config/ d/webcam/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Network Camera\"\r\nContent-Type: text/html\r\nServer: Network Camera\r\n\r\n<HTML>\n<HEAD>\n<TITLE>Protected Object</TITLE></HEAD><BODY>\n<H1>Protected Object</H1>This object is protected\.<P>\n</BODY></HTML>| p/Vivotek 3102 Camera http config/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d .*<ADDRESS>Cheyenne/([\d.]+) Server at ([-\w_.]+) Port \d+</ADDRESS>\n|s p/Cheyenne httpd/ v/$1/ h/$2/
match http m|^HTTP/1\.1 \d\d\d\r\n(?:[^\r\n]+\r\n)*?\r\n<HTML>\r\n<HEAD>\r\n<title>Lantronix WEB-Manager</title>\r\n|s p/Lantronix Universal Device Server http config/
match http m|^<HTML><HEAD><META HTTP-EQUIV=refresh CONTENT=30; \n\t\turl=status\.html><TITLE>Stratasys Modeler Queue &amp; Job Status</TITLE>| p/Stratasys Modeler Queue printer http config/ d/printer/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: GoAhead-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"ATAboy2-| p/GoAhead WebServer/ i/InfiniSAN ATAboy2 http config/ d/storage-misc/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Micro-Web\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<P><TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=\"100%\">\n<TR><TD WIDTH=\"100%\" ALIGN=CENTER>\n<APPLET CODE=\"Login\.class\" WIDTH=545 HEIGHT=418\nALT=\"\[ Login applet is not available \]\">\n| p/Micro-Web/ i/Overland Storage Neo2000 http config/ d/storage-misc/
match http m|^HTTP/1\.1 200\r\nContent-type: text/html\r\nConnection: close\r\nCONTENT-LENGTH: \d+\r\n\r\n<html>\r\n <head>\r\n  <title>([\w._-]+)</title>\r\n| p/Allen-Bradley $1 http config/ cpe:/h:allen_bradley:$1/
match http m|^HTTP/1\.0 200 OK    \r\nServer: A-B WWW/([\d.]+)\r\n.*<img src=\"/images/rockcolor\.gif|s p/Allen-Bradley WWW httpd/ v/$1/ i/Rockwell Automation Ethernet Processor http config/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: NetPort Software ([\d.]+)\r\nDate: .*\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<meta http-equiv=\"content-type\" content=\"text/html;charset=Shift_JIS\">\r\n<title>NEC Projector LAN Control</title>\r\n| p/NetPort httpd/ v/$1/ i/NEC Projector http config/ d/media device/
match http m|^HTTP/1\.1 \d\d\d .*\nContent-Length: \d+\nPragma: no-cache\nExpires: 0\nConnection: close\n\n<HTML><HEAD><TITLE>Bridgit Conferencing Server</TITLE>| p/Bridgit Conferencing httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nContent-Length: \d+\r\nPragma: no-cache\r\nExpires: 0\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML>\n<HEAD><TITLE>\nSMART - SMART Bridgit - Download Conferencing Software\n</TITLE>| p/Bridgit Conferencing httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Web Server\r\n.*\n<title>Cisco Systems, Inc\. VPN 3000 Concentrator \[vpn-conc-3030\]</title>\n|s p/Cisco VPN 3000 Concentrator http config/ d/security-misc/ cpe:/o:cisco:vpn_3000_concentrator_series_software/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nLocation: /webct/entryPageIns\.dowebct\r\n| p/WebCT httpd/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Henry/([\d.]+)\r\nno-cache: set-cookie\r\nSet-Cookie: Customer=\"-[\d_]+\";| p/Henry httpd/ v/$1/ i/NEC Aspire WebPro http config/ d/telecom-misc/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: GoAhead-Webs\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nP3P: CP=\"NON DSP CURa OUR NOR UNI\"\r\nLocation: http://[\d.]+/auth\.asp\r\n\r\n<html><head></head><body>\r\nMoved to this <a href=\"http://[\d.]+/auth\.asp\">location</a>\.\r\n<!-- response_code_begin ERIC_RESPONSE_OK| p/GoAhead WebServer/ i|Peppercon/Paradox alarm system http config| d/remote management/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.0 404 Not Found\r\nServer: TABS http server/([\d.]+)\r\nDate: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE> 404 File Not Found</TITLE>\r\n</HEAD>\r\n\r\n<BODY>\r\n<h2>File Not Found</h2>\r\n</BODY>\r\n</HTML>| p/TABS httpd/ v/$1/ i/Server Observer Network Monitor/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 401\r\nConnection: close\r\nContent-Type: text/plain\r\nWWW-Authenticate: Basic Realm=\"Vibe Streamer\"\r\n\r\n\r\nAccess denied| p/Vibe Streamer httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*<!-- Copyright \(c\) 2000-2002, Fuji Xerox Co\., Ltd\. All Rights Reserved\. -->\r\n<HTML>\r\n<HEAD>\r\n<META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=ISO-8859-1\">\r\n<TITLE>\r\nWorkCentre (\w+) -|s p/Xerox WorkCentre $1 http config/ d/printer/ cpe:/h:xerox:workcentre_$1/a
match http m|^HTTP/1\.1 \d\d\d .*<!-- Copyright \(c\) \d+-\d+, Fuji Xerox Co\., Ltd\. All Rights Reserved\. -->\r\n<HTML>\r\n<HEAD>\r\n<META http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1252\">\r\n<TITLE>\r\nXerox WorkCentre ((?:Pro )?\w+) -|s p/Xerox WorkCentre $1 http config/ d/printer/ cpe:/h:xerox:workcentre_$1/a
match http m|^HTTP/1\.1 \d\d\d .*<!--\s+/\*-+\*\\\s+Copyright \(c\) 2002-2006 Xerox Corporation\. All Rights Reserved\..*<title>\s*XEROX WORKCENTRE|s p/Xerox WorkCentre http config/ d/printer/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<body><h2>HTTP/1\.1 404 Not Found</h2></body>| p/VypressChat httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 Ok\r\nDate: .*\r\nMIME-Version: 1\.0\r\nServer: Rogatkin's JWS based on Acme\.Serve/.Revision: ([\d.]+) .\r\nLast-modified: .*\r\nContent-Range: bytes [-\d/]+\r\nAccept-Ranges: bytes\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\r\n<head>\r\n<title>\r\nblank page\r\n</title>\r\n<META HTTP-EQUIV=\"Refresh\" CONTENT=\"2;URL=about:blank\">\r\n</head>\r\n<body>\r\nThere is nothing to see here, please move along!\r\n</body>\r\n</html>\r\n| p/JWS based on Acme.Serve/ v/$1/ i/SageTV PVR remote control/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nServer: SnapStream\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nConnection: close\r\nContent-Type:text/html\r\n\r\n<html>\r\n<body>\r\n<h1>Beyond TV Web Admin Redirector</h1>| p/SnapStream Beyond TV http config/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nServer: SnapStream Web Server/([\d.]+)\r\n.*<title>\r\nBeyond TV - Web Admin Redirector\r\n</title>\r\n<meta HTTP-EQUIV=\"REFRESH\" CONTENT=\"2; URL=http://([\w_.-]+):(\d+)\">\r\n|s p/SnapStream Web Server/ v/$1/ i/Beyond TV http config; redirect to port $3/ d/media device/ h/$2/
match http m|^HTTP/1\.0 401 Unauthorized\nWWW-Authenticate: Basic realm=\"Server Manager\"\n\nYou must login to continue\n| p/ServerCP httpd/
match http m|^HTTP/1\.0 200 OK\r\ncontent-type: text/html\r\nconnection: close\r\npragma: no-cache\r\nX-Powered-By: PHP/([\d.]+)\r\nContent-type: text/html\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"DTD/xhtml1-transitional\.dtd\">\n<html><head>\n<style type=\"text/css\"><!--\nbody {background-color: #ffffff;| p/Miranda mbot plugin/ i/PHP $1/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.0 200 OK\r\ncontent-type: text/html\r\nconnection: close\r\npragma: no-cache\r\nX-Powered-By: PHP/([\d.]+)\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"DTD/xhtml1-transitional\.dtd\">\n<html><head>\n<style type=\"text/css\">\nbody {background-color: #ffffff;| p/Mianda mbot plugin/ i/PHP $1/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Freechal P2P/([\d.]+)\r\n| p/Freechal P2P httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Httpinfo olsrd plugin ([\d.]+) HTTP/1\.1\r\n| p/olsrd http info plugin/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 OK \r\nServer: Simple java\r\nDate: .*\r\nContent-length: \d+\r\nLast Modified: .*\r\nContent-type: text/html\r\n\r\n<html><head><title> RAID webConsole ([-\w_.]+)</title>| p/Intel Java RAID webConsole/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nLast-Modified: .*\n<HTML><HEAD><TITLE>Gopher</TITLE></HEAD><BODY>Welcome to Gopherspace!  You are browsing Gopher through\na Web interface right now\.|s p/pygopherd web-gopher gateway/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: DirectAdmin Daemon v([\d.]+) Registered to ([^\r\n]+)\r\n| p/DirectAdmin httpd/ v/$1/ i/Registered to $2/ cpe:/a:directadmin:directadmin:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: DirectAdmin Daemon v([\d.]+) Registered to \r\n| p/DirectAdmin httpd/ v/$1/ cpe:/a:directadmin:directadmin:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nConnection: close\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"dreambox\"\r\n\r\n| p/Dreambox httpd/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=180\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n.*<H2>Wireless LAN Access Point Management</H2><br>\n    <Form method=\"POST\" action=\"act_login\">\n|s p/Compex Wifi APN NetPassage http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\n\r\n<HTML><HEAD><TITLE>WinRoute Pro - Web Interface</TITLE>| p/Kerio WinRoute Pro firewall http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 302 Found\r\nCache-Control: no-cache\r\nConnection: Close\r\nContent-Length: 0\r\nContent-Type: application/octet-stream\r\nDate: .*\r\nLocation: /nonauth/login\.php\r\nPragma: no-cache\r\nServer: Kerio WinRoute Firewall Embedded Web Server\r\n\r\n| p/Kerio WinRoute firewall http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\ndate: .*\r\nserver: WebSEAL/([\d.]+) \(Build (\d+)\)\r\n| p/Tivoli Access Manager WebSEAL httpd/ v/$1 build $2/ cpe:/a:ibm:tivoli_access_manager_for_e-business:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Indy/([\d.]+)\r\n.*\r\n<GOTO href=\".*/kiss\.php\"|s p/Indy httpd/ v/$1/ i/FreeKiSS DVD player http config/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\n.*\n<title>SHARED STORAGE DRIVE</title>\n|s p/Maxtor Shared Storage Plus http config/ d/storage-misc/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: VCS-VideoJet-Webserver\r\n.*<title>VCS AG VideoJet 1000</title>|s p/VCS AG VideoJet 1000 http config/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nServer: VCS-VideoJet-Webserver\r\n.*<title>browser_capture</title>\r\n<script type=\"text/javascript\" for=document event=\"onkeydown\(\)\" language=\"JScript\">if\(window\.event\.keyCode==\"123\"\)|s p/VCS-VideoJet-Webserver httpd/ i/Bosch VIP X1 video encoder http config/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: DVSS-HttpServer/([\d.]+)\r\n| p/DVSS Herculese DVR http config/ v/$1/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: Close\r\nContent-Type: text/html\r\nServer: pcastd ([\d.]+)\r\n| p/Buffalo Linkstation http config/ i/pcastd $1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: BigFixHTTPServer/([\d.]+)\r\n| p/BigFix enterprise patch management httpd/ v/$1/
match http m|^HTTP/1\.0 200\r\nContent-Type:text/html\r\n\r\n<!--SELECTserver Full Page Header-->\r\n<html>\r\n\r\n<head>\r\n<title>\r\nSELECTserver: License Manager\r\n| p/Bentley SELECTserver license manager/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Catalyst: ([\d.]+)\r\n\r\n|s p/Catalyst Framework httpd/ v/$1/
match http m|^HTTP/1\.0 301 moved \(redirection follows\)\r\nServer: BaseHTTP/([\d.]+) Python/([\w.]+)\r\nDate: .*\r\nContent-type: text/html\r\nLocation: http://([-\w_.:]+)/viewcvs/\r\n\r\n| p/BaseHTTPServer/ v/$1/ i/ViewCVS http interface; Python $2/ h/$3/ cpe:/a:python:basehttpserver:$1/a cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: GoAhead-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"DCM-202\"\r\n| p/GoAhead WebServer/ i/D-Link DCM-202 Docsis Cable Modem http config/ d/router/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: micro_httpd\r\n.*\r\n<title>Belkin Wireless DSL Router</title>\r\n|s p/micro_httpd/ i/Belkin Wireless ADSL http config/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 \d\d\d .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>VPAD01 V([\d.]+) *</TITLE>| p/E-Tech VPAD01 http config/ v/$1/ d/VoIP adapter/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Quick 'n Easy Web Server\r\n|s p/Quick 'n Easy Web Server httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: SentinelProtectionServer/([\d.]+)\r\n| p/SafeNet Sentinel Protection Server/ v/$1/ o/Windows/ cpe:/a:safenet-inc:sentinel_protection_installer:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: WatchGuard Firewall\r\nwww-authenticate: Digest realm=\"WatchGuard Firebox Local User\"| p/WatchGuard Firewall http config/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\nServer: InterNiche Technologies WebServer ([\d.]+)\r\nDate: .*\r\nContent-type: text/html\r\nConnection: Close\r\n\r\n<html>\r\n<head>\r\n<title>CAN@Net II| p/InterNiche CAN@net II ethernet bridge http config/ v/$1/ d/bridge/
match http m|^HTTP/1\.1 200 OK\r\nServer: InterNiche Technologies WebServer ([\w._-]+)\r\n.*<title>Welcome to Canopy</title>\r\n</head>\r\n\r\n<body>\r\n<p>\r\nPress <a href=\"http:index\.htm\?mac_esn=(\w+)\">Here</a>|s p/InterNiche Technologies WebServer/ v/$1/ i/Motorola Canopy WAP http config; MAC: $2/ d/WAP/
match http m|^HTTP/1\.[01] 200 OK\r\nServer: InterNiche Technologies WebServer ([\w._-]+)\r\n| p/InterNiche Technologies WebServer/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate:.*<title>Welcome to VMware ESX Server ([\d.]+)</title>\n\n|s p/VMware ESX Server httpd/ v/$1/ cpe:/o:vmware:esx:$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*document\.write\(\"<title>\" \+ ID_EE?SX_Welcome \+ \"</title>|s p/VMware ESXi Server httpd/ cpe:/o:vmware:esxi/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html.*\n<meta name=robots content=\"none\">\n<title>Secure&#32;Access&#32;SSL&#32;VPN</title>\n\n|s p/Juniper Networks Secure Access SSL VPN http config/ d/security-misc/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html.*\n<meta name=robots content=\"none\">\n<title>Sign&#32;in&#32;to&#32;begin&#32;\xf92\0\0\xa8o\xee\"\xa8o\xee\"sion&#46;</title>\n\n|s p/Juniper Networks Secure Access SSL VPN http config/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\n\r\n<HTML>\n<HEAD>\n  <TITLE>WireSpeed Dual Connect</TITLE>\n\n| p/RapidLogic httpd/ v/$1/ i/Westell WireSpeed Dual Connect ADSL router http config/ d/router/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\n.* This is a WebSEAL error message template file\.|s p/Tivoli Access Manager WebSEAL httpd/ cpe:/a:ibm:tivoli_access_manager_for_e-business/
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Frameset//EN\">\n<html>\n\n<head>\n<title>Web Smart Switch</title>| p/3Com Baseline 2816 switch http config/ d/switch/ cpe:/h:3com:baseline_2816/a
match http m|^HTTP/1\.0 200 OK\r\nServer: SimpleHTTP/([\d.]+) Python/([\d.]+)\r\nDate:.*<title>AmaroK playlist</title>\n\n|s p/AmaroK media player http interface/ i/SimpleHTTP $1; Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: LANDesk Management Agent/([\d.]+)\r\n| p|LANDesk/Intel Management Agent http config| v/$1/ cpe:/a:landesk:landesk_management_suite:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: PowerSchool\r\n| p/PowerSchool student information system httpd/
match http m|^HTTP/1\.0 (?:[^\r\n]*\r\n(?!\r\n))*?Server: NetWare GroupWise POA ([\d.]+)\r\n|s p/NetWare GroupWise POA httpd/ v/$1/ o/NetWare/ cpe:/a:novell:groupwise:$1/ cpe:/o:novell:netware/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Webserver\r\n.*\n\tXerox Corporation \(R\)\n\t\(c\) Xerox Corporation 2002 - 2004\.\n|s p/Xerox WorkCentre Pro httpd/ d/printer/ cpe:/h:xerox:workcentre_pro/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Webserver\r\n.*\tCopyright \(c\) 2002-2006 Xerox Corporation\. All Rights Reserved\. \n\n|s p/Xerox WorkCentre Pro httpd/ d/printer/ cpe:/h:xerox:workcentre_pro/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Intrinsyc deviceWEB v([\d.]+)\r\n| p/Intermec CK31 http config/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Hitachi Web Server ([-\d.]+)\r\n| p/Hitachi Web Server httpd/ v/$1/
match http m|^HTTP/1\.1 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Hitachi Web Server\r\n|s p/Hitachi Web Server httpd/
match http m|^HTTP/1\.1 \d\d\d .*<address>MLDonkey/([\w._-]+) at|s p/MLDonkey http interface/ v/$1/
match http m|^HTTP/1\.1 401 \r\nServer: PrintSir WEBPORT ([\d.]+)\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Default password:1234\"\r\n\r\n401 Unauthorized - User authentication is required\.| p/PrintSir WEBPORT/ v/$1/ i/Hawking HP1SU Printserver http config; default password "1234"/ d/print server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: GoAhead-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"(GN-\w+)\"\r\n| p/GoAhead WebServer/ i/Gigabyte $1 WAP http config/ d/WAP/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm="(GN-\w+)"|s p/Gigabyte $1 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200\r\nContent-type: text/html\r\nConnection: close\r\nCONTENT-LENGTH: \d+\r\n\r\n.*\r\n<meta http-equiv=\"refresh\" content=\"1; URL=secure/ltx_conf\.htm\">|s p/Lantronix XPort embedded ethernet http config/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: FreeBrowser/([\d.]+) \(Win32\)\r\n| p/FreeBox FreeBrowser http interface/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: GG/([\d.]+) \(Unix\) Debian GNU/Linux\r\nWWW-Authenticate: Basic realm=\"gg zone\"\r\n| p/Ruchomy Terminal Gadu-Gadu http interface/ v/$1/ i/Debian/ o/Linux/ cpe:/o:debian:debian_linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.0 \d\d\d .*\r\nSet-Cookie: SESSIONID=-1 \r\nServer: Easy File Sharing Web Server v([\w.]+)\r\n| p/Easy File Sharing Web Server httpd/ v/$1/ o/Windows/ cpe:/a:efssoft:easy_file_sharing_web_server:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*<title>Welcome to the Galty client depl</title>\r\n|s p/Galty Technologies GaltyExplorer httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Adaptec ASM ([\d.]+)\r\n| p|Adaptec/IBM ServeRAID Management http config| v/$1/ d/storage-misc/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: darkstat/([\d.]+)\r\n| p/darkstat network analyzer httpd/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Rumpus\r\n| p/Rumpus httpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: HTTPD\r\n.*\r\n<title>([\w-]+) Network Camera</title>|s p/Panasonic $1 webcam http config/ d/webcam/ cpe:/h:panasonic:$1/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Medusa/([\w.]+)\r\n.*\n<head>\n<meta name=\"Author\" content=\"DeStar, made by Holger Schurig\"|s p/Medusa httpd/ v/$1/ i/Destar Asterisk PBX http config/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Medusa/([\w.]+)\r\n.*<title>Sophos Anti-Virus - Home</title>\n\n|s p/Medusa httpd/ v/$1/ i/Sophos Anti-Virus Home http config/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?Server: Medusa/([\w._-]+)\r\n.*<title>Supervisor Status</title>\n  <link href=\"stylesheets/supervisor\.css\" rel=\"stylesheet\" type=\"text/css\" />|s p/Medusa httpd/ v/$1/ i/Supervisor process manager/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Medusa/([\w._-]+)\r\n|s p/Medusa httpd/ v/$1/ i/Supervisor process manager/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"Nortel p-Class GbE2 Switch@[\d.]+\"\r\n\r\n401 Unauthorized\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Nortel p-Class GbE2 switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: Keep-Alive\r\nAccept-Ranges: bytes\r\nKeep-Alive: timeout=15, max=100\r\nContent-Type: text/html\r\nExpires: 0\r\n\r\n\n<html>\n<title>Apt-cacher version ([\d.]+)\n| p|apt-cache/apt-proxy httpd| v/$1/ o/Linux/ cpe:/a:debian:apt-cacher:$1/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 Ok\nDate: .*\nContent-type: text/html\n\n<font size=\"-4\">\nIf you can read this, you are sitting too close to the monitor\.\n</font>\n| p/Unknown trojan/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\n.*<meta http-equiv=\"refresh\" content=\"0; URL=/cgi-bin/status\.sh\" />\n\t\t<title>La Fonera</title>|s p/La Fonera WAP http config/ d/WAP/
match http m|^<html>\n<title>DES-(\w+) +(?:Login)?</title>\n| p/D-Link DES-$1 switch http config/ d/switch/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n.*<title>Broadaband Voice Telephone Adapter</title>\r\n|s p/RapidLogic httpd/ v/$1/ i/VG112-D51 VoIP CPE http config/ d/VoIP adapter/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Browser\"\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n<HTML>\n<HEAD>\n<TITLE>Protected Object</TITLE>\n</HEAD>\n<BODY>\n<H1>Protected Object</H1>\n<br>This page requires a login to access\.<br><br>You have <b>failed to login properly</b>\.  Try again\.<P>\n\n</BODY>\n</HTML>\n| p/Allegro RomPager/ v/$1/ i/Kronos 4500 Clock http config/ o/VxWorks/ cpe:/a:allegro:rompager:$1/ cpe:/o:windriver:vxworks/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nWww-Authenticate: Basic REALM=\"snom\"\r\nContent-Type: text/plain\r\nContent-Length: 22\r\n\r\nUnauthorized request\r\n| p/Snom 300 VoIP phone http config/ d/VoIP phone/ cpe:/h:snom:300/a
match http m|^HTTP/1\.1 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Reactivity Gateway\r\n|s p/Reactivity XML Security Gateway/
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\nDate: .*\n<title>WL700g Web Manager</title>|s p/Asus WL700gE Wireless Storage router http config/ d/WAP/
match http m|^<html>\n<title>24-Port 10/100Mbps \+ 2 Combo Copper/SFP PoE Management Switch</title>\n| p/D-Link DES-1526 switch http config/ d/switch/ cpe:/h:dlink:des-1526/a
match http m|^HTTP/1\.0 200 Ok\r\nServer: Embeded_httpd\r\nDate: .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\r\n\r\n<head>\r\n<META NAME=\"GENERATOR\" Content=\"Multi-Functional Broadband NAT Router \(R([\d.]+)\)\">| p/Ambit DOCSIS router http config/ i/R$1/ d/router/
match http m|^HTTP/1\.1 200 OK\r\n.*\n<META NAME=\"GENERATOR\" Content=\"Multi-Functional Broadband NAT Router \(R([\d.]+)\)\">\n|s p|NTL/Ambit DOCSIS router http config| i/R$1/ d/router/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: qHTTPs\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\nLast-modified: .*\r\nContent-length: \d+\r\n\r\n<html>\r\n<head>\r\n<title>JUPSMON</title>| p/qHTTPs/ i/Generex JAVA UPSMON http config/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: qHTTPs\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\nLast-modified: .*\r\nContent-length: \d+\r\n\r\n<head>\r\n<meta http-equiv='refresh' content='0; URL=\./cgi-bin/ups_view\.exe\?-ups_view'>\r\n</head>\r\n<body>\r\n</body>\r\n</html>\r\n$| p/qHTTPs/ i/APC UPSMan http interface/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<html>\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\r\n<title>8 Port Gigabit Switch</title>\r\n| p/Longshine LCS-GS8208-A switch http config/ d/switch/
match http m|^<html>\r\n<head>\r\n<meta http-equiv=\"Content-Language\" content=\"it\">\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1252\">\r\n<meta http-equiv=\"Refresh\" content=\"10\">\r\n<title>UPS web page</title>\r\n| p/Netman UPS monitor http config/ d/power-device/
match http m|^HTTP/1\.1 200 Ok\r\nServer: NAE Server\r\nContent-Length: 73\r\nConnection: close\r\n\r\n<html><center><h1>NAE Server Health Check Succeeded\.</h1></center></html>| p/Ingrian i3xx health monitor httpd/ d/security-misc/
match http m|^HTTP/1\.1 302 Tempor\xe4r verschoben\r\nConnection: close\r\nContent-Type: text/html\r\nServer: Indy/([\d.]+)\r\nLocation: /Wikipedia/\r\n\r\n| p/Indy httpd/ v/$1/ i/German Wikipedia DVD browser/ cpe:/a:indy:httpd:$1:::de/
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\n.*\n<title>HP Media Vault: [^<]*</title>|s p/HP Media Vault http config/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nServer: WindWeb/([\d.]+)\r\nDate: .*\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<title>(\w+) System Control Center</title>\n| p/WindWeb/ v/$1/ i/Hughes $2 satellite modem http config/ cpe:/a:windriver:windweb:$1/
# auther??
match http m|^HTTP/1\.0 200 OK\r\nServer: Camera Web Server/([\d.]+)\r\nAuther: Steven Wu\r\n| p|D-Link/Airlink IP webcam http config| v/$1/ d/webcam/
match http m|^HTTP/1\.0 200 OK\r\nServer: Web Server/([\d.]+)\r\nAuther: Steven Wu\r\n| p/D-Link print server http config/ v/$1/ d/print server/
match http m|^HTTP/1\.0 401 Authorization Required\r\nconnection: Close\r\ncontent-type: text/html\r\nserver: NEWS/([\w._-]+ \(Funk\)) \(Windows 2000\)\r\n| p/NEWS httpd/ v/$1/ i/Juniper Steel-Belted Radius http config/ o/Windows 2000/ cpe:/o:microsoft:windows_2000/
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nWWW-Authenticate: basic realm=IRC Services\r\nContent-Type: text/html\r\nContent-Length: 14\r\n\r\nAccess denied\.| p/ircservices httpd/
match http m|^HTTP/1\.0 \d\d\d .*\r\nSet-Cookie: Ipswitch={| p/Ipswitch WhatsUp Professional httpd/ o/Windows/ cpe:/a:ipswitch:whatsup::professional/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK.*\r\n\tThis machine cannot be used for administration\.\r\n|s p/Cisco Secure ACS httpd/ i/administration disabled/ d/router/ cpe:/a:cisco:secure_access_control_server/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Wusage\"\r\n| p/Wusage httpd/
match http m|^HTTP/1\.1 401 \r\nServer: PrintSir WEBPORT ([\d.]+)\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Default password:sitecom\"\r\n\r\n| p/PrintSir WEBPORT httpd/ v/$1/ i/Sitecom print server http config; default password "sitecom"/ d/print server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Sphere V([^\r\n]+)\r\n| p/Ultima online sphere httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: BlueDragon Server ([\d.]+)\r\n| p/New Atlanta BlueDragon httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: WSTL CPE ([\d.]+)\r\n| p/Westell cable modem http config/ v/$1/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\n.*\r\n<title>Welcome to VMware VirtualCenter ([\d.]+)</title>|s p/VMware VirtualCenter httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: vdradmind/([-\w_.]+)\r\n| p/vdradmin http config/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 \d\d\d .*<TITLE>Actiontec MegaControl Panel</TITLE>|s p/Actiontec router http config/ d/router/
match http m|^HTTP/1\.1 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"Sony Network Camera (SNC-\w+)\"\r\nContent-Type: text/html\r\nServer: NetEVI/([\d.]+)\r\n| p/Sony webcam $1 http config/ v/NetEVI httpd $2/ d/webcam/ cpe:/h:sony:webcam_$1/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: TiVo Calypso for Mac OS X\r\n| p/TiVo Calypso Desktop/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 0 \(null\)\r\nContent-Length: 0\r\n\r\n| p/Simpserver MSN encryption or DAAP from Rhythmbox httpd/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Java/([-\w_.]+) javax\.wbem\.client\.adapter\.http\.transport\.HttpServerConnection\r\n|s p/Java $1 http.transport.HttpServerConnection httpd/ cpe:/a:oracle:jre:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n.*\nExtend-sharp-setting-status: 0\r\n\r\n<HTML>\r\n<HEAD><META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=iso-8859-1\">\r\n<TITLE>TOP PAGE</TITLE>\r\n|s p/RapidLogic httpd/ v/$1/ i/Sharp Imagistics printer http config/ d/printer/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Mon, 1 Jan 2001 12:00:00 GMT\nExtend-sharp-setting-status: 0\r\n\r\n.*<title>(AR-\w+)</title>|s p/RapidLogic httpd/ v/$1/ i/Sharp $2 printer http config/ d/printer/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:sharp:$2/a
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n.*\nExtend-sharp-setting-status: 0\r\n.*<title>([A-Z][A-Z0-9-]+)</title>\n|s p/RapidLogic httpd/ v/$1/ i/Sharp $2 printer http config/ d/printer/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:sharp:$2/a
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Mon, 1 Jan 2001 12:00:00 GMT\nExtend-sharp-setting-status: 0\r\n.*<meta http-equiv=\"Expires\" content=\"Thu, 01 Dec 1994 16:00:00 GMT\">.*<title>(\w+)</title>|s p/RapidLogic httpd/ v/$1/ i/Sharp $2 Imagistics printer/ d/printer/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Agranat-EmWeb/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"HP p-Class GbE2 Switch|s p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/HP p-Class GbE2 switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: HttpServer\r\nDate: .*\r\nContent-type: text/plain\r\nContent-length: \d+\r\nWWW-Authenticate: Basic realm=\"Pylon Anywhere Secure Gateway\"\r\n\r\nUnauthorized| p/Pylon Anywhere Secure Gateway http config/ d/security-misc/
match http m=^HTTP/1\.1 \d\d\d .*\t\t\t<TITLE> (?:KONICA MINOLTA|MINOLTA-QMS) magicolor (\w+ DL) </TITLE>\r\n=s p/Konica Minolta Magicolor $1 printer http config/ d/printer/ cpe:/h:konicaminolta:magicolor_$1/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Authentication\"\r\n\r\n<HEAD><TITLE>Authorization Required</TITLE></HEAD><BODY><H1>Authorization Required</H1>Browser not authentication-capable or authentication failed\.</BODY>\n\n|s p/Cisco Adaptive Security Appliance http config/ d/firewall/ cpe:/h:cisco:asa/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\n.*\n\n  <title>HP LaserJet (\w+) Series|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP LaserJet $2 Series http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:laserjet_$2/

match http m|^HTTP/1\.0 200 Data follows\r\nDate: .*\r\nServer: Radia Integration Server([^\r\n]+)\r\n| p/HP Radia Integration Server httpd/ v/$1/
match http m|^HTTP/1\.0 200 Data follows\r\nDate: .*\r\nServer: HP Client Automation \(httpd-managementportal\) \r\n| p/HP Client Automation httpd/ i/management portal/
match http m|^HTTP/1\.0 200 Data follows\r\nDate: .*\r\nServer: HP Client Automation \(httpd-patchmanager\) \r\n| p/HP Client Automation httpd/ i/patch manager/
match http m|^HTTP/1\.0 200 Data follows\r\nDate: .*\r\nServer: HP Client Automation \(httpd-rps\) \r\n| p/HP Client Automation httpd/ i/rps/
match http m|^HTTP/1\.0 200 Data follows\r\nDate: .*\r\nServer: HP Client Automation \(httpd-pm\) \r\n| p/HP Client Automation httpd/ i/policy server/
match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nServer: HP Client Automation Messaging Service ([\w._-]+)\r\n| p/HP Client Automation httpd/ v/$1/ i/messaging service/

match http m|^HTTP/1\.1 302 Document Follows\r\nLocation: /hag/pages/home\.ssi\r\n\r\nHTTP/1\.1 302 Document Follows\r\nLocation: /hag/pages/home\.ssi\r\n\r\nConnection: close\r\n\r\n| p/D-Link DSL-504G ADSL router http config/ d/router/ cpe:/h:dlink:dsl-504g/a
match http m|^HTTP/1\.0 302 Redirection\r\nDate: .*\r\nServer: iGuard Embedded Web Server/([-\w_.]+) \(\w+\) SN:([-\w]+)\r\nPragma: no-cache\r\nLocation: /Admins/index\.html\r\n\r\n| p/iGuard access control system http config/ v/$1/ i/Serial $2/ d/security-misc/
# Not sure if this will match all:
match http m|^HTTP/1\.0 200 OK\r\nDate: [A-Z]{3}.*</head>\n<body>\n<p>You will automatically be redirected to a secure connection in 2 seconds\.</p>\n</body>\n</html>\n|s p/HP 9000 http service/ o/HP-UX/ cpe:/o:hp:hp-ux/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: LiteSpeed\r\n|s p/LiteSpeed httpd/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: LiteSpeed/([\w. ]+)\r\n|s p/LiteSpeed httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*Powered By <a href='http://www\.litespeedtech\.com'>LiteSpeed Web Server</a>|s p/LiteSpeed httpd/
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\n.*<script type=\"text/javascript\" src=\"lang_pack/language\.js\"></script>\n\t\t<link type=\"text/css\" rel=\"stylesheet\" href=\"style/[-\w_.]+/style\.css\" />\n\t\t<!--\[if IE\]>|s p/DD-WRT milli_httpd/ i/Linksys WRT54G http config/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a

match http m|^HTTP/1\.1 401 N/A\r\nServer: TP-LINK Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Web Smart Switch\"| p/TP-LINK Web Smart Switch http config/ d/switch/
match http m%^HTTP/1\.1 (?:401 (?:|N/A|Unauthorized)|200 OK)\r\nServer: (?:Router|Router Webserver|TP-LINK Router)\r\nConnection: close\r\n(?:Content-Type: text/html\r\n)?WWW-Authenticate: Basic realm=\"TP-LINK (?:Portable |AC\d+ )?(?:Wireless|WiFi) (?:(?:Lite )?(?:N|G) (?:3G(?:/4G)? )?)?(?:Dual Band |Nano )?(?:Gigabit )?(?:AP|Router|Access Point|Range Extender) ([\w /+-]+)\"\r\n% p/TP-LINK $1 WAP http config/ d/WAP/ cpe:/h:tp-link:$1/a
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router Webserver\r\nConnection: close\r\nWWW-Authenticate: Basic realm="TP-LINK Wireless Entertainment Adapter ([^"]+)"| p/TP-LINK $1 wireless adapter http config/ cpe:/h:tp-link:$1/
match http m|^HTTP/1\.1 401 N/A\r\nServer: TP-LINK Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"TP-LINK Router ([\w+-]+)\"\r\n| p/TP-LINK $1 router httpd/ d/broadband router/ cpe:/h:tp-link:$1/a
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"TP-LINK SOHO Router (R[\w/]+)\"| p/TP-LINK $1 WAP http config/ d/WAP/ cpe:/h:tp-link:$1/
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"(TL-\w+) SOHO Router \w+ Series\"\r\n| p/TP-LINK $1 router http config/ d/router/ cpe:/h:tp-link:$1/
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"(TL-\w+)\xcf\xb5\xc1\xd0 SOHO\xbf\xed\xb4\xf8\xc2\xb7\xd3\xc9\xc6\xf7\"\r\nContent-Type: text/html\r\n\r\nWeb Server Error Report:<HR>\n<H1>Server Error: 401 N/A</H1>\r\nOperating System Error Nr:3997698: /userRpm/index\.htm <P><HR><H2>Access denied / wrong user name or password</H2><P><P><HR><H1>/userRpm/index\.htm</H1><P><HR>$| p/TP-LINK $1 router http config/ d/router/ cpe:/h:tp-link:$1/
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"DYNEX (DX-E402)\"| p/DYNEX $1 router http config/ i/manufacturer TP-LINK/ d/broadband router/ cpe:/h:dynex:$1/
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router Webserver\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"\d+Mbps Wireless \w+ Router (RNX-\w+)\"\r\n| p/Rosewill $1 WAP http config/ i/manufacturer TP-LINK/ d/WAP/ cpe:/h:rosewill:$1/
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router Webserver\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Wireless \w+ Router (WRN\w+)\"\r\n| p/Intelbras $1 WAP http config/ i/manufacturer TP-LINK/ d/WAP/ cpe:/h:intelbras:$1/
match http m%^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"\d+Mbps AV\d+(?: WiFi| Wireless(?: N)?) Powerline Extender (WPA[\w._-]+)\"\r\n% p/TP-LINK $1 powerline extender http config/ d/WAP/ cpe:/h:tp-link:$1/
match http m%^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"\d+Mbps AV\d+(?: Nano| Gigabit)? Powerline Extender (PA[\w._-]+)\"\r\n% p/TP-LINK $1 powerline extender http config/ d/switch/ cpe:/h:tp-link:$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: Router Webserver\r\nConnection: close\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm="TP-LINK AV\d+(?: Gigabit)? Powerline(?: ac)? WiFi Extender (TL-\w+)"\r\n| p/TP-LINK $1 powerline WiFi extender http config/ d/WAP/ cpe:/h:tp-link:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm="\d+Mbps Wireless \w+ Router (TL-\w+)"\r\n| p/TP-LINK $1 WAP http config/ d/WAP/ cpe:/h:tp-link:$1/a
match http m|^HTTP/1\.0 200 OK\r\nServer: Terayon/([\d.]+)\r\nContent-type: text/html\r\n\r\n<html><head><title>Cable Modem Information Center</title>| p/Terayon cable modem http config/ v/$1/ d/broadband router/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Tornado/([-\w_.]+)\r\n| p/Puakma Tornado httpd/ v/$1/
match http m|^<html><head><title>Cannot find server</title></head><body>\n<br>Access to this web page is currently unavailable\.<P><HR></BODY></HTML>\n$| p/Arris cm450 cable modem http config/ d/broadband router/ cpe:/h:arris:cm450/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"RV082\"\r\n| p/Linksys RV082 VPN router http config/ d/router/ cpe:/h:linksys:rv082/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Linksys WAG54GS|s p/Linksys WAG54GS broadband router http config/ d/broadband router/ cpe:/h:linksys:wag54gs/a
match http m|^HTTP/1\.1 \d\d\d .*href=\"images/favicon\.ico\">\n<title>NETGEAR ProSafe\x99 - Welcome to Configuration Manager Login</title>\n<!--\nCopyright \(c\) 2005-2006 TeamF1|s p/Netgear ProSafe FVS338 VPN firewall http config/ d/firewall/
match http m|^HTTP/1\.1 \d\d\d .*<link rel=\"icon\" type=\"image/ico\" href=\"images/favicon\.ico\">\n<title>NETGEAR ProSafe&#8482; - Welcome to Configuration Manager Login</title>\n<!--\nCopyright \(c\) 2005-2007 TeamF1, Inc\. \(www\.TeamF1\.com\)\nAll rights reserved\.\n-->|s p/Netgear ProSafe VPN firewall http config/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\n.*<title>NETGEAR ProSafe&#8482; - Welcome to Configuration Manager Login</title>\n<!--\nCopyright \(c\) 2005-2009 TeamF1, Inc\. \(www\.TeamF1\.com\)\nAll rights reserved\.\n-->\n|s p/Netgear ProSafe FVX538 VPN firewall http config/ d/firewall/
match http m|^HTTP/1\.0 \d\d\d .*\r\nMime-Version: 1\.0\r\nServer: Web Transaction Server For ClearPath MCP ([\d.]+)\r\n| p/Unisys ClearPath MCP http config/ v/$1/
match http m|^HTTP/1\.0 401 Access Denied\r\nWWW-Authenticate: NTLM\r\nContent-Length: 24\r\nContent-Type: text/html\r\n\r\nError: Access is Denied\.| p/Microsoft IIS httpd/ v/3.X/ o/Windows/ cpe:/a:microsoft:internet_information_services:3/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: AnomicHTTPD \(www\.anomic\.de\)\r\n|s p/Anomic YaCy P2P Search Engine httpd/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: SnapStream\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nConnection: close\r\nContent-Type:text/html\r\n\r\n<html>\r\n<head>\r\n<title>\r\nBeyond TV - Web Admin Redirector\r\n| p/SnapStream Media Beyond TV PVR http config/ d/media device/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: thttpd-alphanetworks/([\d.]+)\r\nWWW-Authenticate: Basic realm=\"(DI-\w+)\"\r\n|s p/thttpd-alphanetworks/ v/$1/ i/D-Link $2 router http config/ d/router/ cpe:/a:alphanetworks:thttpd:$1/ cpe:/h:dlink:$2/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: thttpd-alphanetworks/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?.*\r\nWWW-Authenticate: Basic realm=\"BRL-04UR\"\r\n\r\n|s p/thttpd-alphanetworks/ v/$1/ i/Planex BRL-04UR router http config/ d/router/ cpe:/a:alphanetworks:thttpd:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: M900\w*-HTTP-Server/([\d.]+)\r\nContent-Type: text/html\r\n\r\n<html><head><title>(M900\w*) AP</title>| p/Trango $2 AP http config/ v/$1/ d/broadband router/
match http m|^HTTP/1\.1 401 Unauthorised\r\nServer: ATR-HTTP-Server/([\d.]+)\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"Allied Telesyn AT-(AR\w+)\"\r\n| p/Allied Telesyn $2 router http config/ v/$1/ d/router/ cpe:/h:alliedtelesyn:$2/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nConnection: close\r\nServer: Yaws/([-\w_.]+) Yet Another Web Server\r\n| p/Yaws httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nConnection: close\r\nServer: Yaws ([\w._-]+)\r\n| p/Yaws httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Web Server\r\n.*<IMG SRC = \"/base/images/netgear_(\w+)_banner\.gif\"|s p/Netgear $1 gigabit switch http config/ d/switch/ cpe:/h:netgear:$1/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Centile Embedded HTTPSd server/([\d.]+)\r\n| p/Centile VoIP adapter http config/ v/$1/ d/VoIP adapter/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nConnection: close\r\nWWW-Authenticate: Digest realm=\"DUALCOM-\d+.USER\",| p/CyberSwitching Dualcom power device http config/ i/rabbit 2000 embedded/ d/power-device/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: PWLib-HTTP-Server/([\d.]+) PWLib/([\d.]+)\r\n.*<HTML>\r\n\r\n<HEAD>\r\n<TITLE>Welcome to OpenMCU</TITLE>|s p/PWLib httpd/ v/$1/ i/OpenMCU http interface; PWLib $2/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: PWLib-HTTP-Server/([\w._-]+) PWLib/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Expires: Tue, 01 Jan 1980 00:00:00 GMT\r\n.*<title>SOPHO (\w+) In-System Gateway</title>|s p/PWLib http/ v/$1/ i/Philips Sopho $3 PBX http config; PWLib $2/ d/PBX/
match http m|^HTTP/1\.1 200 Ok\r\nServer: micro_httpd\r\n.*<title>3Com - OfficeConnect ADSL Wireless 108Mbps 11g Firewall Router</title>|s p/micro_httpd/ i/3Com OfficeConnect ADSL WAP http config/ d/WAP/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 404 Not found\n\0$| p/nohttpd 404 responding httpd/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: ICONAG web server \(Ver\.: ([-\w_.]+)\)\r\n| p/ICONAG building control http config/ v/$1/ d/specialized/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Environmental Monitoring Unit\"\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n| p/Allegro RomPager/ v/$1/ i/APC Environmental Monitoring Unit http config/ d/specialized/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>Westell VersaLink Wireless Gateway</TITLE>| p/RapidLogic httpd/ v/$1/ i/Westell VersaLink WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.1 \d\d\d\r\nContent-Length:\d+\r\nContent-Type: text/html\r\n\r\n<html><head><link rel=\"stylesheet\" type=\"text/css\" href=\"/viawarp\.css\" />| p/Nova viaWARP httpd/ o/Windows/ cpe:/o:microsoft:windows/a
# Looks more general than a media device
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Type: text/html\r\nServer: wizd ([^\r\n]+)\r\n| p/wizd media viewer httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nServer: XES WindWeb/([\d.]+)\r\n| p/WindWeb/ v/$1/ i/XES Synergix printer http config/ d/printer/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 200 OK\r\nPragma:no-cache\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<title>INTERMEC ([\d+/]+); IP| p/Intermec $1 print server http config/ d/print server/ cpe:/h:intermec:$1/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: GoAhead-Webs\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"CameraServer\"\r\n| p/GoAhead WebServer/ i/AirLink 101 SkyIPCam http config/ d/webcam/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\n.*<title>BVA8055 Web Configuration Pages</title>|s p/Leadtek BVA8055 VoIP adapter http config/ d/VoIP adapter/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: KTorrent/(\d[-\w_.]+)\r\n|s p/Ktorrent web interface/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Wildcat/v([-\w_.]+)\r\n|s p/Wildcat Interactive Net Server httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\d.]+)\r\n\r\n<HTML>\n<HEAD>\n<TITLE>NRG (\w+) .*Network Printer D Model-Network Administration</TITLE>.*<FONT SIZE=\+2>Unit Serial Number (\w+)</FONT>|s p/Allegro RomPager/ v/$1/ i/NRG $2 printer http config; serial $3/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:nrg:$2/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Ethernut ([^\r\n]+)\r\n| p/Ethernut demo httpd/ v/$1/ o|Nut/OS| cpe:/o:ethernut:nut_os/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Mongrel ([\d.]+)\r\n|s p/Mongrel httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Micro-Web\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<FORM ACTION=/LoginPostData\.fn METHOD=POST>\r\n<INPUT TYPE=HIDDEN NAME=BrowserId VALUE=\w+>\r\n<TABLE ALIGN=CENTER BORDER=3 CELLPADDING=8 CELLSPACING=1 WIDTH=600 BGCOLOR=\"#C0C0C0\">\r\n<TR><TH COLSPAN=1><BIG><BIG>Login to the Remote Management Interface</BIG></BIG>| p/Micro-Web/ i/HP MSL5000 storage http config/ d/storage-misc/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WindWeb/([\d.]+)\r\n.*\"/js/branding_utils\.js\"></script>\r\n<script language=\"JavaScript\"><!--\nvar iPortIndex = 0; \nvar iProtocol = 0; \nvar serialPort = 1|s p/WindWeb/ v/$1/ i/HP MSL5000 storage config/ d/storage-misc/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WindWeb/([\d.]+)\r\n.*\"/js/branding_utils\.js\"></script>\r\n\r\n<script language=\"JavaScript\"><!--\nvar ConfigDirty = 1\nvar routerMode = 1\nvar modularRouter = 0\nvar szFCHostName = \"none\"\n|s p/WindWeb/ v/$1/ i/HP E1200 storage config/ d/storage-misc/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"read@\"\r\n\r\n<META HTTP-EQUIV=refresh CONTENT=0;URL=/util/401\.html>| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/3com Corebuilder switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 401 Unauthorized\nDATE: .*\nWWW-Authenticate: Basic realm=\"Delta UPS Web\"\nServer: Delta UPSentry\n| p/Belkin Bulldog UPS Monitor http config/ d/power-device/
match http m|^HTTP/1\.0 \d\d\d .*<h3>BitTorrent download info</h3>\n<ul>\n<li><strong>tracker version:</strong> ([-\w_.]+) \(BitTornado\)</li>|s p/BitTornado tracker/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: ChatSpace/([\d.]+)\r\n| p/Akiva ChatSpace httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\n<title>EMC Connectrix Management</title>|s p/EMC Connectrix http config/
match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\nContent-type: text/html\r\n\r\n<html>404 Not Found \(Error 3\)<BR></html>$| p/ESET NOD32 windows anti-virus http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 Document follows\nContent-Type: text/html\nContent-length: \d+\n\n<html>\n<head>\n<title>BeanShell Remote Session</title>\n| p/BeanShell java scripting http console/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: IntellipoolHTTPD/([\d.]+)\r\n|s p/Intellipool Network Monitor http config/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: MX4J-HTTPD/([\d.]+)\r\n.*<title>CruiseControl - Agent View</title>|s p/MX4J/ v/$1/ i/JMX CruiseControl http config/
match http m|^HTTP/1\.0 401 Authentication requested\r\nWWW-Authenticate: Basic realm=\"MX4J\"\r\nServer: MX4J-HTTPD/([\w._-]+)\r\n\r\n$| p/MX4J/ v/$1/ i/OpenNMS http admin/
match http m|^HTTP/1\.0 \d\d\d .*/cgi-bin/prodhelp\?prod=axis_540\+/542\+&ver=([\d.]+)&|s p|AXIS 540+/542+ print server http config| v/$1/ d/print server/
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nRIPT-Server: iTunesLib/([-\w_.]+) \(Mac OS X\)\r\n| p/Apple TV http config/ i/iTunesLib $1/ d/media device/ cpe:/a:apple:apple_tv/ cpe:/o:apple:mac_os_x/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Vistabox\r\n| p/Convision Vistabox security camera http config/ d/webcam/
match http m|^HTTP/1\.0 200 Document follows\r\nServer: ISOCOR web500gw ([\d.]+)\r\n| p/Eudora Worldmail http config/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 Reply from server\r\nServer: MERCUR Messaging 2005\r\n| p/Mercur Webmail httpd/ o/Windows/ cpe:/a:atrium:mercur/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 Document follows\r\nDate: .*\r\nServer: Proofpoint/([\d.]+)\r\n| p/Proofpoint email security http config/ v/$1/ d/security-misc/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><head><title>IVM Answering Attendant</title>| p/IVM Answering Attendant httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 302 Found\r\nContent-Length: 0\r\nConnection: Close\r\nContent-Type: text/html\r\nLocation: /search\?site=[-\w_.]+&client=[-\w_.]+&| p/GoogleMini Search Appliance httpd/
match http m|^HTTP/1\.0 200 OK\r\nX-Powered-By: PHP/([-\w_.]+)\r\n.*\n<title>(N\d+ - N\d+)</title>\n.*// Share Explorer\n|s p/Hammer $2 myshare http config/ i/PHP $1/ d/storage-misc/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\n.*<!--- Vendor:LINKSYS\nModelName:DD-WRT\n.*\nRF SSID:([^\r\n]+)\n|s p/DD-WRT milli_httpd/ i/Linksys WAP http config; SSID $1/ d/WAP/
match http m|^HTTP/1\.0 200 OK \r\n.*<title>: innovaphone (\w+)</title>|s p/Innovaphone $1 VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.0 200 OK \r\n.*<title>NAT: innovaphone (\w+)</title>|s p/Innovaphone $1 VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: SSLX_SSESHID=\w+;Path=/;Secure\r\nLocation: https://[\d.]+/showHome\.do\r\n| p/SSL Explorer browser-based VPN httpd/ i/halfd Half-Life server management/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nContent-Type: text/html\r\nExpires: .*\r\nSet-Cookie: SSLX_SSESHID=| p/SSL Explorer browser-based VPN httpd/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: SSLX_SSESHID=| p/SSL Explorer browser-based VPN httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Gigabit Web Smart Switch\"\r\n\r\n| p/micro_httpd/ i/Justec gigabit ethernet switch http config/ d/switch/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: Rex/([-\w_.]+)\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nPragma: client-id=| p/Rex media encoder http config/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: alevtd/([\d.]+)\r\n| p/alevtd for videotext pages httpd/ v/$1/
match http m|^HTTP/1\.0 200 200 OK\r\nCache-control: max-age=300\r\nServer: Ubicom/([\d.]+)\r\n.*<title>Wireless Bridge : Login</title>|s p/Ubicom httpd/ v/$1/ i/Senao WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nConnection: Close\r\nServer: Synchronet BBS for Win32  Version ([-\w_.]+)\r\n.*<h1 id=\"siteName\">([^<]+)</h1>|s p/Synchronet BBS httpd/ v/$1/ i/BBS name $2/ o/Windows/ cpe:/a:rob_swindell:synchronet:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: (DCS-\w+)\r\n|s p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(DCS-\w+)\"\r\n| p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Slinger/([-\w_.]+)\r\n| p/Panasonic DVR slinger http config/ v/$1/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nDate: .*Server: lighttpd/([\d.]+)\r\n\r\n\n<html>\n<head>\n<title>Shared Storage Manager</title>\n\n|s p/lighttpd/ v/$1/ i/Western Digital My Book http config/ d/storage-misc/ o/Linux/ cpe:/a:lighttpd:lighttpd:$1/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: mini_httpd/([-\w_.]+)/astlinux (\w+)\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nWWW-Authenticate: Basic realm=\"\.\"\r\n| p/mini_httpd/ v/$1/ i/Pointca PBX http config; astlinux $2/ d/PBX/ o/Linux/ cpe:/a:acme:mini_httpd:$1/ cpe:/o:linux:linux_kernel:$2/
match http m|^HTTP/1\.1  200 OK\r\n.*<p:DeviceName>D-Link (DIR-[-\w_.+]+)</p:DeviceName>.*<p:FirmwareVersion>([^<]+)</p:FirmwareVersion>|s p/D-Link $1 WAP http config/ i/FW $2/ d/WAP/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.1 403 Forbidden\r\nDate: .*\r\nServer: RoamAbout Switch Manager Services ([^\r\n]+)\r\nContent-length: 0\r\n\r\n| p/Enterasys RoamAbout Switch Manager http config/ v/$1/
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([-\w_.]+)\r\n.*<title>NBX NetSet</title>\n<META NAME=\"robots\" CONTENT=\"noindex,noarchive,nofollow\">\n<!-- \(c\) Copyright, 3Com Corporation or its subsidiaries|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/3Com NBX NetSet VoIP adapter http config/ d/VoIP adapter/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([-\w_.]+)\r\n.*<title> HP Color LaserJet ([-\w_.]+)|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP LaserJet $2 http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:laserjet_$2/
match http m|^<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML//EN\">\n<html>\n  <head>\n    <title>404 Entity Not Found</title>\n.*The requested file or stream was not found on this server\.|s p/Icecast streaming media server/ cpe:/a:xiph:icecast/
match http m|^HTTP/1\.0 403 too few slashes in URI /\r\nContent-[tT]ype: text/html\r\n\r\n| p|apt-cache/apt-proxy httpd| o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CosminexusComponentContainer\r\n|s p/Cosminexus httpd/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: GoAhead-Webs\r\n.*<!-- response_code_begin ERIC_RESPONSE_OK|s p/GoAhead WebServer/ i|Supermicro IPMI/Paradox Alarm http config| d/remote management/ cpe:/a:goahead:goahead_webserver/a
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<html><head><title>GC-100 Network Adapter</title>| p/Global Cache GC-100 http config/ d/media device/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: JAGeX/([-\w_.]+)\r\n|s p/JAGeX Java gaming httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"BSkyB (\w+) \"\r\n| p/BSkyB $1 http config/ d/broadband router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"WBR-(\w+)\"\r\n| p/LevelOne WBR-$1 http config/ d/broadband router/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: \r\n.*<meta name=\"description\" content=\"DG(\w+) \d+\">\n|s p/Netgear DG$1 http config/ d/broadband router/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?\r\nconnection: Keep-Alive\r\ncontent-length:.*<script src=\"all/kernel/public/lib/rc/js/system/currentVersion\.xjs\?command=WSTGetVersion\" type=\"text/javascript\"></script>|s p/Samsung SyncThru http config/ d/printer/ cpe:/a:samsung:syncthru_web_service/
# Samsung CLX-3175FW
match http m|^HTTP/1\.0 200 OK\r\n.*<title>SyncThru Web Service</title>\r\n\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\r\n\r\n<script src=\"js/cookieCode\.js\">|s p/Samsung SyncThru http config/ d/printer/ cpe:/a:samsung:syncthru_web_service/
match http m|^HTTP/1\.0 \d\d\d .*<title>LaCie EdMini NAS</title>|s p/Lacie BigDisk NAS http config/ d/storage-misc/
match http m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R([\d_]+)\r\n.*<title>HP Color LaserJet (\w+)|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP LaserJet $2 http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:laserjet_$2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: BarracudaHTTP ([\d.]+)\r\n| p/BarracudaHTTP/ v/$1/ i/Barracuda Networks Load Balancer http config/ d/load balancer/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: BarracudaHTTP ([\d.]+)\r\n| p/BarracudaHTTP/ v/$1/ i/Barracuda Networks Spam & Virus Firewall http config/ d/firewall/ cpe:/h:barracudanetworks:spam_%26_virus_firewall_600:-/
# Looks like Apache. --Ed.
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: BarracudaHTTP ([\w._-]+)/([\w._-]+) \(Unix\) ([^\r]+)\r\n(?:[^\r\n]+\r\n)*?Location: https?://([\w._-]+)|s p/Apache/ v/$2/ i/Barracuda firewall http config; BarracudaHTTP $1; $3/ d/firewall/ o/Unix/ h/$4/ cpe:/a:apache:http_server:$2/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WindWeb/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"i\.LON\"\r\n|s p/WindWeb/ v/$1/ i/i.LON 100e2 Internet Server http config/ d/remote management/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: BASIC realm=\"Administrator or User\"\r\n\r\nPassword Error\. $| p/D-Link DCS-900 webcam http config/ d/webcam/ cpe:/h:dlink:dcs-900/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Yaws/([-\w_.]+) Yet Another Web Server\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: SMSESSION=logout; .*Set-Cookie: nortelxnetid=logout;|s p/YAWS httpd/ v/$1/ i/Nortel VPN Gateway http config/ d/security-misc/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: SAP Internet Graphics Server\r\n|s p/SAP Internet Graphics Server httpd/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?server: SAP Message Server, release (\d+)|s p/SAP Message Server httpd/ v/release $1/
match http m|^HTTP/1\.0 \d\d\d(?:[^\r\n]+\r\n)*?\r\n<html>\n<script language=JavaScript>\nfunction show\(\)\n{\n\tform1\.submit\(\);\n}\n</script>\n<body onload=\"show\(\);\">\n<form name=form1 action=\"/cgi-bin/webconfig\?page=first&action=check\">\n</form>\n</body>\n</html>\n|s p/D-Link DHP-540 VoIP Phone http config/ d/VoIP phone/ cpe:/h:dlink:dhp-540/a
match http m|^HTTP/1\.0 200 OK\r\nServer: ScanAlert\r\n| p/ScanAlert Hacker Safe scanner httpd/ d/security-misc/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: ATR-HTTP-Server/([\d.]+)\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"Allied Telesyn AT-8748XL\"\r\n| p/ATR httpd/ v/$1/ i/Allied Telesyn AT-8748XL switch http config/ d/switch/ cpe:/h:alliedtelesyn:at-8748xl/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?WWW-Authenticate: Basic realm=\"Linksys WAP51AB\"\r\n|s p/Linksys WAP51AB http config/ d/WAP/ cpe:/h:linksys:wap51ab/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\nLocation: http://ns5gt/redirect\.html\r\n|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Netscreen NS5GT firewall http config/ d/firewall/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\nLocation: http://[\d.]+/redirect\.html\r\n|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Juniper SSG5 or SSG140 firewall http config/ d/firewall/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\d.]+)\r\n\r\n<HTML>\n<HEAD>\n<TITLE>Cisco Systems, Inc\.</TITLE>.*Cisco Systems, Inc\. IP Phone CP-7940G \(|s p/Allegro RomPager/ v/$1/ i/Cisco CP-7940G VoIP phone http config/ d/VoIP phone/ cpe:/a:allegro:rompager:$1/ cpe:/h:cisco:cp-7940g/a
match http m|^HTTP/1\.0 200 OK\r\nServer: SysMaster Web Server/([\d.]+)\r\nContent-Length: \d+\r\nConnection: close\r\nContent-type: text/html;\r\n\r\n<script>\nif\(document\.all\)\n\tlocation=\"app_ie\.htm\";\nelse\n\tlocation=\"app_mz\.htm\";\n</script>| p/SysMaster httpd/ v/$1/ i/Tornado M10 media center http config/ d/media device/
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"Linksys-CIT400\"\r\n| p/Linksys CIT400 VoIP phone http config/ d/VoIP phone/ cpe:/h:linksys:cit400/a
match http m|^HTTP/1\.0 200 OK\r\nAllow: GET, POST, OPTIONS\r\nServer: EDA HTTP LISTENER/([\d.]+)\r\n.*<form name=\"form\" action=\"webconsole\" method=\"POST\" >|s p/EDA httpd/ v/$1/ i/WebFOCUS http console/
match http m|^HTTP/1\.0 200 OK\r\nAllow: GET, POST, OPTIONS\r\nServer: EDA HTTP LISTENER/([\d.]+)\r\n.*<FORM NAME=\"form\" ACTION=\"/cgiatt\.exe\" METHOD=\"POST\" >|s p/EDA httpd/ v/$1/ i/WebFOCUS http console/
# Netgear WG302v1 or Linksys WRT54G v8
match http m|^HTTP/1\.0 301 Moved Premanently\r\nLocation: https://[\d.]+/\r\nContent-type: text/html\r\n\r\n<html><head><title>Access Denied</title></head><body><h1>You must use SSL based http\(HTTPS\) server\.</h1></body></html>$| p/Netgear or Linksys WAP http config/ d/WAP/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: https:///\r\nContent-type: text/html\r\n\r\n<html><head><title>Access Denied</title></head><body><h1>You must use SSL based http\(HTTPS\) server\.</h1></body></html>$| p/ZyXEL ZyWALL SSL 10 SSL-VPN appliance http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\nServer: ARGUS/([\d.]+)\r\n.*\r\n<TITLE>Intel Wireless Gateway</TITLE>|s p/ARGUS httpd/ v/$1/ i/Intel Wireless Gateway http config/ d/WAP/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Conceptronic C54APRA2\+\"\r\n\r\n|s p/Conceptronic C54APRA2+ WAP http config/ d/WAP/
match http m|^HTTP/1\.0 401 Unauthorized\n.*\r\nWWW-Authenticate: Basic realm=\"AirStation\"\r\n|s p/Buffalo AirStation http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Indy/([\d.]+)\r\n.*<img src=\"Webimages/RaidenMAILD\.jpg\" border=\"0\" id=\"raidenLogo\">|s p/Indy httpd/ v/$1/ i/RaidenMAIL http config/ cpe:/a:indy:httpd:$1/
match http m|^HTTP/1\.1 200 Document follows\r\nServer: ELOG HTTP ([-\w_.]+)\r\n| p/ELOG blog httpd/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"iRMC@.*<title>RemoteView&reg; iRMC Web Server</title>|s p/iRMC RemoteView httpd/ d/remote management/
match http m|^HTTP/1\.1 \d\d\d .*:: Welcome to ZyXEL (P-\w+) \(([-\w_.]+)\) ::\.|s p/ZyXEL $1 broadband router http config/ d/broadband router/ h/$2/ cpe:/h:zyxel:$1/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Web Server\r\n.*<title>Dell OpenManage Switch Administrator</title>|s p/Dell OpenManage switch http config/ d/switch/
match http m|^HTTP/1\.0 \d\d\d .*<SCRIPT language=JavaScript>\r\n\tvar PIN_change_attempted = false;\r\n\tvar Login_failed = false;\r\n\tvar password_label = \"\";\r\n</SCRIPT>\r\n<!--\r?\nNote: the opening and closing HTML tags are deliberately omitted from\r?\nthis file\.|s p/Citrix Access Gateway httpd/ o/Windows/ cpe:/a:citrix:access_gateway/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\nServer: Micro Focus DSD ([-\w_.]+)\r\n| p/Micro Focus Directory Server httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\nServer: SCO I2O Dialogue Daemon ([-\w_.]+) \n|s p/SCO I2O Dialogue Daemon httpd/ v/$1/
match http m|^HTTP/1\.1 404 OK\r\nServer: Lotus Expeditor Web Container/([-\w_.]+)\r\n| p/Lotus Notes Expeditor httpd/ v/$1/ cpe:/a:ibm:lotus_expeditor:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Cpanel::Httpd like Apache\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"cPanel WebDisk\"\r\n\r\n|s p/cPanel WebDisk httpd/ o/Linux/ cpe:/o:linux:linux_kernel/a

match http m|^HTTP/1\.0 302 FOUND\r\nServer: PasteWSGIServer/([-\w_.]+) Python/([-\w_.]+)\r\nDate: .*location: /login/login\r\npragma: no-cache\r\ncache-control: no-cache\r\nset-cookie:  hellahella=|s p/PasteWSGIServer/ v/$1/ i/HellaHella httpd; Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 200 OK\r\nServer: PasteWSGIServer/([-\w_.]+) Python/([-\w_.]+)\r\n.*<title>Welcome to Pylons!</title>|s p/PasteWSGIServer/ v/$1/ i/Pylons web framework; Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 200 OK\r\nServer: PasteWSGIServer/([-\w_.]+) Python/([-\w_.]+)\r\n.*<div id=\"loggerheadCont\">|s p/PasteWSGIServer/ v/$1/ i/Bazaar loggerhead httpd; Python $2/ cpe:/a:python:python:$2/

match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: NessusWWW\r\n(?:[^\r\n]+\r\n)*?Content-Length: 6518\r\n.*<!-- saved from url=\(0016\)http://localhost -->\n<html lang=\"en\">\n\n<!-- \nSmart developers always View Source\. \n\nThis application was built using Adobe Flex.*<title>Nessus</title>|s p/NessusWWW/ v/4.2.2 - 4.49RC1/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:4/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: NessusWWW\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\n.*<!-- saved from url=\(0016\)http://localhost -->\n<html lang=\"en\">\n\n<!-- \nSmart developers always View Source\. \n\nThis application was built using Adobe Flex.*<title>Nessus</title>|s p/NessusWWW/ v/4/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:4/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: NessusWWW\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\n.*<title>Restart needed!</title>.*<body bgcolor=\"#2b4e67\">.*<link type=\"text/css\" href=\"jqueryui18\.css\" rel=\"stylesheet\" />|s p/NessusWWW/ v/5.0.2/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:5.0.2/
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Server: NessusWWW\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Location: https://[\w:._-]+/loading/\r\nCache-Control: \r\nExpires: 0\r\nPragma : \r\n\r\n|s p/NessusWWW/ v/4.2.2 - 4.49RC1/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:4/
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Server: NessusWWW\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Location: https://[\w:._-]+/html5\.html\r\nCache-Control: \r\nExpires: 0\r\nPragma : \r\n\r\n|s p/NessusWWW/ v/5.0.3/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:5.0.3/
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Server: NessusWWW\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Location: https:///html5\.html\r\nCache-Control: \r\nExpires: 0\r\nPragma: \r\n\r\n|s p/NessusWWW/ v/5.2.6/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:5.2.6/
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nServer: NessusWWW\r\n(?:[^\r\n]+\r\n)*?Content-Type: application/json\r\n(?:[^\r\n]+\r\n)*?Location: https://[\w:._-]+/nessus6\.html\r\nCache-Control: \r\nExpires: 0\r\nPragma: \r\n\r\n|s p/NessusWWW/ v/6/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:6/
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nServer: NessusWWW\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Location: https://[\w:._-]+/nessus6\.html\r\n|s p/NessusWWW/ v/6/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:6/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: NessusWWW\r\n(?:[^\r\n]+\r\n)*?\r\n<!doctype html>\n<html lang="en">\n    <head>\n        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />\n        <meta charset="utf-8" />\n        <meta name="viewport" content="width=device-width, initial-scale=1\.0, maximum-scale=1\.0, user-scalable=0" />\n        <meta name="apple-mobile-web-app-capable" content="yes" />\n        <link rel="apple-touch-icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJgAAACYCAIAAACXoLd2AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyNpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8\+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6e|s p/NessusWWW/ v/6.4/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:6.4/
match http m|^HTTP/1\.1 \d\d\d .*\r\nCache-Control: \r\nX-Frame-Options: DENY\r\n(?:Etag: [a-z0-9]{32}\r\n)?Content-Type: .*\r\nDate: : .*\r\nConnection: close\r\nServer: NessusWWW\r\n| p/NessusWWW/ v/6.7 - 6.9/ cpe:/a:tenable:nessus:6/
match ssl/http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 349\r\nServer: NessusWWW\r\nDate: : | p/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus/


# CAMEO-httpd
match http m=^HTTP/1\.0 200 Ok\r\nServer: CAMEO-httpd\r\n.*<title>D-LINK CORPORATION \| WIRELESS AP \| LOGIN</title>=s p/CAMEO httpd/ i/D-Link DAP-1150 WAP http config/ d/WAP/ cpe:/h:dlink:dap-1150/
match http m=^HTTP/1\.0 200 Ok\r\nServer: CAMEO-httpd\r\n.*<title>D-LINK SYSTEMS, INC \| WIRELESS AP \| LOGIN</title>=s p/CAMEO httpd/ i/D-Link DAP-1160 WAP http config/ d/WAP/ cpe:/h:dlink:dap-1160/
match http m=^HTTP/1\.0 200 Ok\r\nServer: CAMEO-httpd\r\n.*<title>D-LINK SYSTEMS, INC\. \| WIRELESS AP : LOGIN</title>=s p/CAMEO httpd/ i/D-Link DAP-1360 WAP http config/ d/WAP/ cpe:/h:dlink:dap-1360/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CAMEO-httpd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"DWL-G700AP Login\"\r\n|s p/CAMEO httpd/ i/D-Link DWL-G700AP http config/ d/WAP/ cpe:/h:dlink:dwl-g700ap/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: CAMEO-httpd\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"802\.11g WLAN Login\"\r\n| p/CAMEO httpd/ i/TRENDnet WAP http config/ d/WAP/


match http m=^HTTP/1\.0 302 (?:Temporary|Object) [Mm]oved\r\nServer: Cisco AWARE ([-\w_.]+)\r\n= p/Cisco ASA firewall http config/ i/Cisco AWARE $1/ d/firewall/ o/IOS/ cpe:/o:cisco:ios/a
match http m|^HTTP/1\.0 200 OK\r\n.*<title>Remote Buddy by IOSPIRIT</title>|s p/IOSPIRIT Remote Buddy http config/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nServer: Asterisk/[\w_+]+-([-\w_.+]+) \(| p/Asterisk http config/ v/$1/ cpe:/a:digium:asterisk:$1/
match http m|^HTTP/1\.1 501 Not Implemented\r\nCIMError: Only POST and M-POST are implemented\r\n\r\n$| p/OpenPegasus CIMServer/
match http m|^HTTP/1\.1 200 OK\r\nDate: (?:[^\r\n]*\r\n(?!\r\n))*?Server: \r\n.*ACTION=\"/cgi-bin/cgi_authenticate\">\n<P ALIGN=\"left\"><B><FONT SIZE=\"5\" face=\"Tahoma\">User Firewall Authentication|s p/WatchGuard Firebox http config/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\n.*<TITLE>Divar Web Client</TITLE>|s p/Bosch Divar Security Systems http config/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([-\w_.]+)\r\nMIME-version: 1\.0\r\nPragma: no-cache\r\nContent-type: text/html\r\n\r\n<script language=\"javascript\">\n<!--\ntop\.location\.href=\"duplicate\.htm\";//-->\n</script>\n\r\n$| p/3Com OfficeConnect WAP http config/ v/$1/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w._-]+)\r\nMIME-version: 1\.0\r\n.*<title>802\.11g AP setup page</title>.*function doLogin\(\)\n{\nvar f=document\.submit_form ;\t\nf\.submit_login_password\.value;|s p/RapidLogic httpd/ v/$1/ i/3Com OfficeConnect WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 200 Ok\rServer: httpd\r.*\t\r\r<TITLE>3Com - OfficeConnect Wireless Cable/DSL Router</TITLE>|s p/3Com OfficeConnect WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\n\n<html>\n<head>\n<meta name=\"description\" content=\"Belkin ([-\w_.+]+)\">\n| p/Belkin $1 WAP http config/ d/WAP/ cpe:/h:belkin:$1/a
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nServer: Ubicom/([\w._-]+)\r\n.*<title>D-Link Print Server - Server Information</title>|s p/Ubicom httpd/ v/$1/ i/D-Link print server http config/ d/print server/ cpe:/a:ubicom:httpd:$1/
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nServer: Ubicom/([\w._-]+)\r\n.*href=\"/substyle_DIR-(6\d+)\.css\"|s p/Ubicom httpd/ v/$1/ i/D-Link DIR-$2 WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/
match http m|^HTTP/1\.0 200 200 OK\r\nServer: Ubicom/([\w._-]+)\r\n.*<!--@TEMPLATE:build/cooker/webgen/cooker_nonav_template\.html@-->|s p/Ubicom httpd/ v/$1/ i/D-Link DIR-625 WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/ cpe:/h:dlink:dir-625/a
match http m|^HTTP/1\.0 200 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Ubicom/([\w._-]+)\r\n.*<link rel=\"stylesheet\" rev=\"stylesheet\" href=\"/substyle_DIR-625\.css\"|s p/Ubicom httpd/ v/$1/ i/D-Link DIR-625 WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/ cpe:/h:dlink:dir-625/a
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: ActiveGrid/([-\w_.]+)\r\n| p/ActiveGrid httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: ISS-HttpMod/([-\w_.]+)\r\n| p/Intelligent Security Systems webcam httpd/ v/$1/ d/webcam/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Linksys RVS4000\n \"| p/Linksys RVS4000 security router http config/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: httpdevil/([-\w_.]+)\r\n| p/httpdevil/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: ADSM_HTTP/([-\w_.]+)\r\nContent-type: text/html\n\n<HEAD>\n<TITLE>\nServer Administration\n</TITLE>.*<META NAME=\"IBMproductVersion\" CONTENT=\"([\d.]+)\">|s p/IBM AIX Storage Management $2 http config/ v/$1/ d/storage-misc/ o/AIX/ cpe:/o:ibm:aix/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Conexant-EmWeb/R([\d_]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Connecting to router\".*\(C\) Copyright \w+ Allied Telesis|s p/Conexant-EmWeb/ v/$SUBST(1,"_",".")/ i/Allied Telesis broadband router http config/ d/broadband router/ cpe:/a:conexant:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.[01] \d\d\d .*\nServer: TIB/Rendezvous ([-\w_.]+)\n|s p/TIB Rendezvous http config/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Snug/([-\w_.]+)\r\n|s p/Snug httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: NetPort Software ([\d.]+)\r\n.*\n<title>([-\w_.]+) - VSX 8000</title>|s p/NetPort httpd/ v/$1/ i/Polycom VSX 8000 http config/ d/webcam/ h/$2/ cpe:/h:polycom:vsx_8000/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Grandstream GXP2000 ([-\w_.]+)\r\n\r\n|s p/Grandstream GXP2000 http config/ v/$1/ d/VoIP adapter/ cpe:/h:grandstream:gxp2000/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: D-Link Internet Camera\r\n.*<title>(DCS-\w+)</title>|s p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.0 200 Ok\r\nServer: micro_httpd\r\n.*var isRouter\t='1' \? '1' : '0';\r\nvar\tisPS\t\t='' \? '' : '0';\r\nvar isAPmode\r\nif\('vlan1' =='' .. '1'=='0'\)\r\n\tisAPmode='1';\r\nelse\tisAPmode='0';\r\nvar bssid = '([\w:]+)';|s p/micro_httpd/ i/Belkin WAP http config; BSSID $1/ d/WAP/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 200 OK\n.*Server: SWILL/([-\w_.]+)\n|s p/SWILL httpd/ v/$1/
match http m|^HTTP/1\.1 .*<p:Type>GatewayWithWiFi</p:Type><p:DeviceName>D-Link DGL-4300</p:DeviceName>|s p/D-Link DGL-4300 WAP http config/ d/WAP/ cpe:/h:dlink:dgl-4300/a
match http m|^HTTP/1\.1 200 OK.*\r\nServer: IPL T S2/([-\w_.]+)\r\n|s p/Extron IPL T S2 http config/ v/$1/ d/media device/
match http m|^HTTP/1\.0 200 Ok\r\nServer: \r\n.*<title>RWO-CPE-PLUS-G Login Page</title>|s p/mini_httpd/ i/Demarc RWO WAP http config/ d/WAP/ cpe:/a:acme:mini_httpd/
match http m|^HTTP/1\.1 200 OK.*\r\nServer: Web Server\r\n.*<TITLE>Netgear System Login</TITLE>.*<IMG SRC = \"/base/images/Netgear_fsm(\w+)_banner\.gif\"|s p/Netgear FSM$1 switch http config/ d/switch/
match http m|^HTTP/1\.1 200 OK.*\r\nServer: Web Server\r\n.*<TITLE>NetGear FSM7352S</TITLE>|s p/Netgear FSM7352S switch http config/ d/switch/ cpe:/h:netgear:fsm7352s/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: FM Web Publishing\r\n|s p/FileMaker Web Publishing httpd/
match http m|^HTTP/1\.1 \d\d\d Snakelet output follows\r\nServer: Snakelets/([-\w_.]+) Python/([-\w_.]+)\r\n| p/Snakelets httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDocuCentre Color (\d+) -|s p/Fuji Xerox DocuCentre Color $1 http config/ d/printer/ cpe:/h:fuji:xerox_docucentre_color_$1/a
match http m|^HTTP/1\.1 \d\d\d .*Fuji Xerox Co\..*\r\n<TITLE>B6300 -|s p/Fuji Xerox B6300 printer http config/ d/printer/ cpe:/h:fuji:xerox_b6300/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Boa/([-\w_.]+) \(with Intersil Extensions\)\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"CONNECT2AIR AP-600RP-USB LOGIN Enter Password \(default is connect\)\"\r\n|s p/Boa/ v/$1/ i/Fujitsu Siemens CONNECT2AIR AP-600RP-USB WAP http config; default password "connect"/ d/WAP/ cpe:/a:boa:boa:$1/ cpe:/h:fujitsu:siemens_connect2air_ap-600rp-usb/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nServer: NetworkScanner WebServer Ver([\w._-]+)\r\nCache-Control: no-cache\r\nContent-Type: TEXT/HTML\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>([\w._-]+)</TITLE>| p/Kyocera $2 printer http config/ v/$1/ d/printer/ cpe:/h:kyocera:$2/
match http m|^HTTP/1\.1 200 OK\r\n.*<title>Colloquy</title>|s p/Colloquy IRC web gateway/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 \d\d\d .*content=\"VMware Server is virtual infrastructure software.*\n\n<title>VMware Server ([-\w_.]+)</title>|s p/VMware Server http config/ v/$1/ cpe:/a:vmware:server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([-\w_.]+)\r\n.*<font color=\"#FFFFFF\" size=\"4\">Cisco Systems, Inc\. IP Phone CP-7960 \(|s p/Allegro RomPager/ v/$1/ i/Cisco CP-7960 VoIP phone http config/ d/VoIP phone/ cpe:/a:allegro:rompager:$1/ cpe:/h:cisco:cp-7960/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: InterMapper/([-\w_.]+)\r\n|s p/Dartware InterMapper httpd/ v/$1/
match http m|^HTTP/1\.0 401 Authenticate\nWWW-Authenticate: Basic realm=\"P4Web\"\n| p/Perforce P4Web httpd/
match http m|^HTTP/1\.1 200\r\n.*<!--SELECTserver Full Page Header-->\r\n<html>\r\n\r\n<head>\r\n<title>\r\nSELECTserver: License Manager\r\n</title>|s p/SELECTserver license manager httpd/
match http m|^HTTP/1\.0 200 Document follows\r\nDate: .*\r\nServer: WebminServer\r\n| p/WebminServer httpd/
match http m|^HTTP/1\.1 200 OK.*\* Zimbra Collaboration Suite Web Client\n|s p/Zimbra http config/ cpe:/a:zimbra:zimbra_collaboration_suite/
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Location: https://[\d.:]+/zimbraAdmin\r\n|s p/Zimbra admin http config/ cpe:/a:zimbra:zimbra_collaboration_suite/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?WWW-Authenticate: Basic realm=\"CANOPY ([-\w]+)\"\r\n|s p/Motorola Canopy WAP http config/ i/MAC $1/ d/WAP/
match http m|^HTTP/1\.0 200 Document follows\nMIME-Version: 1\.0\nServer: Java Cell Server\n.*<title>dCache service</title>|s p/dCache httpd/ i/Distributed Storage Node/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nDate:.*\r\nServer: HighPoint Raidman WebServer/([-.\w\d]+)\r\nAccept-Ranges: bytes\r\n| p/HighPoint Raidman web config http/ v/$1/ d/storage-misc/
match http m|^HTTP/1\.1 404 Not Found\r\nconnection: close\r\ncontent-type: text/html\r\ndate: .*\r\nserver: Ruckus/([\d.]+)\r\n\r\n| p/Ruckus Media Player/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
#Novell Groupwise HTTP services
match http m|^HTTP/1\.0 \d\d\d .*\r\n(?:Date: .*\r\n)?Server: GroupWise MTA ([-_.\d\w\(\) ]+)\r\n| p/Novell GroupWise MTA httpd/ v/$1/ o/Unix/ cpe:/a:novell:groupwise:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\n(?:Date: .*\r\n)?Server: GroupWise POA ([-_.\d\w\(\) ]+)\r\n| p/Novell GroupWise POA httpd/ v/$1/ i/Post Office Agent/ o/Unix/ cpe:/a:novell:groupwise:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\n(?:Date: .*\r\n)?Server: GroupWise GWIA ([-_.\d\w\(\) ]+)\r\n| p/Novell GroupWise GWIA httpd/ v/$1/ i/GroupWise Internet Agent/ o/Unix/ cpe:/a:novell:groupwise:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\n(?:Date: .*\r\n)?Server: Messenger-MA ([-_.\d\w\(\) ]+)\r\n| p/Novell Messenger httpd/ v/$1/ i/Messenger Agent/ o/Unix/
match http m|^HTTP/1\.0 200 .*\r\nDate: .*\r\nContent-Length: .*\r\nContent-Type: .*\r\n\r\n<html>\r\n<head>\r\n<title>Novell Messenger Download</title>| p/Novell Messenger download httpd/ o/Unix/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Hunchentoot ([\w._-]+)\r\n|s p/Hunchentoot httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: AllegroServe/([\w._-]+)\r\n|s p/Franz Allegroserve httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Hop\r\n|s p/HOP httpd/
match http m|^HTTP/1\.1 200 OK\r\nServer: minituner\r\n| p|BMC/Marimba Management http config|
match http m|^HTTP/1\.1 200 Channel Listing\r\nServer: Marimba-Transmitter/([\d.]+)\r\n| p|BMC/Marimba Transmitter| v/$1/
match http m|^HTTP/1\.0 500 Internal Server Error\r\nContent-type: text/html; charset=UTF-8\r\n\r\n<html><META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=UTF-8\"><body>\r\nInternal Server Error</body>\r\n</html>\r\n| p|BMC/Marimba Management http config| i/Error Condition/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"tuner\"\r\n| p|BMC/Marimba Management http config|
match http m|^HTTP/1\.0 200 OK\r\nServer: Henry/\d\.\d\r\n|s p/NEC Electra Elite IPK II WebPro/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: WebZerver/V([\w._-]+)\r\n.*<title>\nAxonix\nSuperCD - cdserver\n  </title>|s p/Axonix SuperCD http config/ i/WebZerver $1/ d/media device/
match http m|^<html>\n<title>DES-2108 +</title>| p/D-Link DES-2108 switch http config/ d/switch/ cpe:/h:dlink:des-2108/a
match http m|^HTTP/1\.1 \d\d\d .*<title>MD Evol Web</title>|s p/Ericsson MD Evolution PBX http config/ d/PBX/
match http m|^HTTP/1\.0 200 OK\r\nServer: NetPort Software ([\w._-]+)\r\nDate: .*\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>On Board Remote Management</title>| p/NetPort httpd/ v/$1/ i/Dell PowerVault 124T http config/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\nServer: AV-TECH (AV\w+) Video Web Server\n| p|Gadspot/Avtech $1 webcam http config| d/webcam/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Minix httpd ([\w._-]+)\r\n| p/Minix httpd/ v/$1/ o/Minix/ cpe:/a:minix:httpd:$1/ cpe:/o:minix:minix/a
match http m|^HTTP/1\.1 200 Ok\r\nServer: micro_httpd\r\n.*<title>ADSL Router</title>\r\n\r\n\r\n<script language=\"javascript\">\r\n<!--\r\nvar ModemVer='(DSL-[\w._+-]+)';|s p/D-Link $1 http config/ d/broadband router/ cpe:/a:acme:micro_httpd/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.0 200 OK\r\n.*<TITLE>HTML-Konfiguration</TITLE>\n<SCRIPT language=\"JavaScript\" src=\"/cgi-bin/webcm\?getpage=\.\./html/js_top\.txt\"|s p/T-Com Speedport W 501V http config/ i/German/ d/broadband router/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Mime-Version: 1\.0\r\n.*<TITLE>HTML-Konfiguration</TITLE>\n<SCRIPT type=\"text/javascript\" src=\"/html/dom\.js\">|s p/T-Com Speedport W 101V http config/ i/German/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nServer: Apache\r\n.*<TITLE>HTML-Konfiguration</TITLE>.*prodname=\"Speedport_W_(\w+)_Typ_B\";|s p/T-Com Speedport W $1 http config/ i/German/ d/broadband router/
match http m|^HTTP/1\.0 200 OK\r\nServer: Apache\r\n.*<title>HTML-Konfiguration</title>.*<style type=\"text/css\">\r\n#startseite|s p/T-Com Speedport W 700 http config/ i/German/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: must-revalidate, no-store\r\nConnection: close\r\n\r\n<html>\n<style>\ntable\.stat th, table\.stat td {\n  font-family:\tVerdana, Geneva, sans-serif;\n  font-size : 11px;\n  color: blue;\n  border: 0px solid;\n  white-space: nowrap;\n}\n| p/Linksys SPA942 VoIP phone http config/ d/VoIP phone/ cpe:/h:linksys:spa942/a
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: must-revalidate, no-store\r\nConnection: close\r\n\r\n<html>\n<style>\ntable\.menu1 td \{\n  font-family:\tVerdana, Geneva, sans-serif;\n  font-size : 13px;\n  border: 0px solid;\n  color: blue;\n  white-space: nowrap;\n\}\ntable\.menu1 td a| p/Linksys SPA2102 VoIP phone http config/ d/VoIP phone/ cpe:/h:linksys:spa2102/a
match http m|^HTTP/1\.1 200 OK\r\nMIME-Version: 1\.0\r\nServer: OKIDATA-HTTPD/([\w._-]+)\r\n.*<title>([^<]+)</title>|s p/OKIDATA httpd/ v/$1/ i/Oki $2 printer http config/ d/printer/ cpe:/h:oki:$2/a
match http m|^HTTP/1\.0 200 OK\r\nServer: NetPort Software ([\w._-]+)\r\n.*<title>([^-<\r\n]+) - VSX 8000</title>\n<link rel=\"stylesheet\" href=\"sabrestyle\.css\"|s p/NetPort httpd/ v/$1/ i/Polycom VSX 8000 http config $2/ d/webcam/ cpe:/h:polycom:vsx_8000/a
match http m|^HTTP/1\.0 200 OK\r\nServer: NetPort Software ([\w._-]+)\r\n.*<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n    <meta http-equiv=\"no-cache\">\n    <link rel=\"stylesheet\" href=\"sabre\.css\"|s p/NetPort httpd/ v/$1/ i/Polycom VSX 8000 http config/ d/webcam/ cpe:/h:polycom:vsx_8000/a
match http m|^HTTP/1\.0 303 Redirecting\r\nServer: httpd/[\d.]+ Python/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Cache-Control: no-store,no-cache,must-revalidate,max-age=0,post-check=0,pre-check=0\r\n.*<title>: Redirecting\n</title>\n<meta http-equiv=\"Refresh\" content=\"0; URL=http://([\w._-]+):\d+/login\"|s p/IronPort Mailflow http config/ i/Python $1/ d/specialized/ h/$2/ cpe:/a:python:python:$1/
match http m|^<html><head><title>Task Manager Server Report</title></head>| p/Dolbey Fusion Focus Task Manager httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: XGATE-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"NB(\w+) Wireless Router\"\r\n| p/NetComm NB$1 WAP http config/ i/XGATE-Webs/ d/WAP/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: XGATE-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"XG6546p2 Wireless Router\"\r\n| p/XAVi XG6546p Wireless Gateway/ i/XGATE-Webs/ d/WAP/
match http m%^HTTP/1\.0 200 Ok\r\nServer: micro_httpd\r\n.*\r\nvar isRouter\t='1' \? '1' : '0';\r\nvar\tisPS\t\t='' \? '' : '0';\r\nvar isAPmode\r\nif\('[\w-]*' =='' \|\| '1'=='0'\)\r\n\tisAPmode='1';\r\nelse\tisAPmode='0';\r\nvar bssid = '([\w:]+)';%s p/micro_httpd/ i/Belkin WAP http config; BSSID $1/ d/WAP/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: Close\r\nDate: .*\r\nServer: Eye-Fi Agent/([\w._-]+) \(Windows| p/Eye-Fi Manager httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: micro_httpd\r\nCache-Control: no-cache\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"U\.S\. Robotics ADSL Gateway\"\r\n| p/micro_httpd/ i/USRobotics ADSL router http config/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 401 Unauthorized\n.*\r\nWWW-Authenticate: Basic realm=\"3Com AirProtect Sentry\"\r\n|s p/3Com AirProtect Sentry http config/ d/security-misc/
match http m|^HTTP/1\.1 200 OK\r\nServer: WindWeb/([\w._-]+)\r\n.*<SCRIPT LANGUAGE=\"JavaScript\">\r\n<!--\r\n  function change_Time\(\) {\r\n    window\.location = '\./cgi/mts_login\.cgi'\r\n|s p/WindWeb/ v/$1/ i/Iwatsu ADIX PBX http config/ d/PBX/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nServer: WindWeb/([\w._-]+)\r\n.*<title>TrueTime - NTS-200 Web Interface -|s p/WindWeb/ v/$1/ i/TrueTime NTS-200 http config/ d/specialized/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.1 302 Found\r\nConnection: Keep-Alive\r\nServer: \r\n.*<!-- this page must have 520 bytes or more, ie is a wonderfull program -->.*<html>\r\n<head>\r\n<title>302-Found</title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\r\n</head>\r\n<body>\r\n<h1>302-Found</h1>\r\n<a href='/login\.html\?id=\d+'>/login\.html</a>|s p|Siemens Gigaset PBX/TARGA DIP VoIP phone http config|
match http m|^HTTP/1\.1 302 Found\r\nConnection: Close\r\nServer: \r\n.*<!-- this page must have 520 bytes or more, ie is a wonderfull program -->.*<html>\r\n<head>\r\n<title>302-Found</title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\r\n</head>\r\n<body>\r\n<h1>302-Found</h1>\r\n<a href='/login\.html\?id=\d+'>/login\.html</a>|s p/Siemens Gigaset A580, DX800A, or S450 VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.0 200 OK\r\nServer: SimpleHTTP/([\d.]+) Python/([\d.]+)\r\n.*<HTML>\n<TITLE>WifiZoo v([\w._-]+) - Control Panel</TITLE>|s p/WifiZoo http control panel/ v/$3/ i/SimpleHTTP $1; Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/
match http m|^HTTP/1\.1 200 OK\r\n.*\n\n\t\t<title>PGP Universal - Page Not Found</title>\n|s p/PGP Universal httpd/ cpe:/a:pgp:universal_server/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: PWS/([\w._-]+)\r\n| p/PWS httpd/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\nCache-Control: no-cache\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Wireless ADSL2\+ Router\"\r\n| p/micro_httpd/ i/Dynalink RTA1025W WAP http config/ d/WAP/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 401 \r\nServer: GoAhead-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"AirMagnet SmartEdge Sensor\"\r\n| p/GoAhead WebServer/ i/AirMagnet SmartEdge Sensor http config/ d/specialized/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: http\r\n(?:[^\r\n]+\r\n)*?Connection: close\r\nWWW-Authenticate: Basic realm=\"Login to Vigor 3300\"\r\n\r\n|s p/DrayTek Vigor 3300 router http config/ d/router/ cpe:/h:draytek:vigor_3300/a
match http m|^HTTP/1\.0 200 OK\r\n.*<link rel=\"stylesheet\" type=\"text/css\" href=\"/musicpal_ie6\.css\" />\r\n<!\[endif\]-->\r\n<title>Freecom MusicPal</title>|s p/Freedom MusicPal/ d/media device/
match http m|^HTTP/1\.1 200 Document follows\r\nConnection: Close\r\nServer: Micro-Web\r\n.*<title>Oasis Semiconductor, Inc\.</title>.*<b>Welcome to a live demo of the TCP/IP network stack running Micro-Web!</b>.*\r\nSystem Up Time:  ([^\r\n<]+)\r\n(?:[^\r\n]+\r\n)*?MAC Address:\r\n([\w:]+)\r\n|s p/Oasis Micro-Web/ i/Uptime $1; MAC $2/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n<html><head><title>VDR Channel Listing</title>| p/VDR Streamdev plugin httpd/ d/media device/
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Agranat-EmWeb/R([\d_]+)\r\n.*<SCRIPT LANGUAGE=JavaScript>\nvar helpUrl = \"\";\n//Ip we are coming from\nvar ip=document\.domain;\n\n|s p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Avaya G350 Media Gateway http config/ d/media device/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w._-]+)\r\nMIME-version: [\d.]+\r\n.*md5\(document\.logonForm\.username\.value \+ \":\" \+ document\.logonForm\.password\.value \+ \":\" \+ \"\w+\"\);  // sets the hidden field value to whatever md5 returns\.\r\n|s p/RapidLogic httpd/ v/$1/ i/Thomson ST2030 VoIP phone http config/ d/VoIP phone/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:thomson:st2030/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: BCReport/([\w._-]+)\r\n| p/Blue Coat Reporter httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Blue Coat Reporter\r\n.*<title>Blue Coat Reporter ([\d.]+)</title>|s p/Blue Coat Reporter httpd/ v/$1/
match http m|^HTTP/1\.1 401 Authentication Required\r\nConnection: close\r\n\r\n$| p/Blue Coat Reporter httpd/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nX-Powered-By: ASP\.NET\r\n| p/Microsoft IIS httpd/ o/Windows/ cpe:/a:microsoft:internet_information_services/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WYM/([\w._-]+)\r\n.*<META NAME=\"Author\" CONTENT=\"ChenXiaohui\">\r\n<meta http-equiv='Relfresh' content='5' />|s p/WYM httpd/ v/$1/ i/Gadspot NC1000-L10 webcam http config/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WYM/([\w._-]+)\r\n.*<TITLE>Video Server \(V([\w._-]+)\)</TITLE>\n<META NAME=\"Author\" CONTENT=\"ChenXiaohui\">\n<!-- Get Server or DVR-->|s p/WYM httpd/ v/$1/ i/Gadspot Video Server $2 http config/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>TallyGenicom Intelliprint (\w+)</TITLE>\r\n| p/TallyGenicom Intelliprint $1 http config/ d/printer/
match http m|^HTTP/1\.0 \d\d\d .*\r\n<META HTTP-EQUIV=\"Content-Style-Type\" content=\"text/css\">\r\n<TITLE>[^\r\n<]+ WJ-HD220 [^\r\n<]+</TITLE>|s p/Panasonic WJ-HD220 http config/ d/media device/
match http m|^HTTP/1\.1 \d\d\d .*<title>([\w-]+) Network Camera</title>|s p/Panasonic $1 webcam http config/ d/webcam/ cpe:/h:panasonic:$1/a
match http m|^HTTP/1\.0 200 OK\r\n.*<TITLE>Network Camera</TITLE>.*<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1;URL=CgiStart\">|s p/Panasonic BB-HCM331 Network Camera http config/ d/webcam/
match http m|^HTTP/1\.1 302 Object Moved\r\nServer: NS_([\w._-]+)\r\nLocation: http://([\w._-]+)/wts\r\n| p/NS httpd/ v/$1/ i/Windows Terminal Server/ o/Windows/ h/$2/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w._-]+)\r\n.*<TITLE>ProLine</TITLE>.*setTimeout\( \"window\.location\.href = 'homeSumBS\.htm'\", 100 \) ;   // 0\.1 second delay\r\n</script>|s p/RapidLogic httpd/ v/$1/ i/ProLine ADSL router http config/ d/broadband router/ cpe:/a:rapidlogic:httpd:$1/
match http m|^<HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY><H1>Error</H1>Bad request or resource not found\.</BODY></HTML>\0$| p/Panasonic DP-1820E printer http config/ d/printer/ cpe:/h:panasonic:dp-1820e/a
match http m|^HTTP/1\.0 200 OK\r\nServer: Contiki/([\w._-]+) http://www\.sics\.se/(?:~adam/)?contiki/\r\n| p/Contiki httpd/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: GoAhead-Webs\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Wireless Router \(username: admin\)\"\r\n.*<body background=/menu-images/config_bg\.gif>|s p/GoAhead WebServer/ i/ZyXEL P-330W WAP http config/ d/WAP/ cpe:/a:goahead:goahead_webserver/ cpe:/h:zyxel:p-330w/a
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n.*<title>Canopy Home Page</title>\r\n.*<frame name=\"leftFrame\" noresize src=\"smleft\.html\">\r\n|s p/Motorola Canopy WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 Ok\r\nServer: micro_httpd\r\n.*cfeVersion = '1\.0\.37-0\.7';\nif \(cfeVersion\.charAt\(9\) == '7'\)\n   document\.writeln\(\"<title>Tecom AH4222</title>\"\);\nelse\n   document\.writeln\(\"<title>Tecom AH4021</title>|s p/micro_httpd/ i/Tecom AH4222 router http config/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 200 Ok\r\nServer: micro_httpd\r\n.*cfeVersion = '1\.0\.37-0\..';\nif \(cfeVersion\.charAt\(9\) == '7'\)\n   document\.writeln\(\"<title>Tecom AH4222</title>\"\);\nelse\n   document\.writeln\(\"<title>Tecom AH4021</title>|s p/micro_httpd/ i/Tecom AH4021 router http config/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Please enter your user name and password on C54APRA\"\r\n|s p/Conceptronic C54APRA WAP http config/ d/WAP/ cpe:/h:conceptronic:c54apra/a
match http m|^HTTP/1\.1 200 Ok\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nSet-Cookie: SessId=.*HREF=\"/theme/main\.css\".*TD\.calMonth SPAN\n|s p/Floosietek FTgate webmail httpd/
match http m|^HTTP/1\.1 200 Ok\r\nServer: FTGate ([\w._-]+)\r\nDate: \d\d\d\d/\d\d/\d\d \d\d:\d\d:\d\d  GMT\r\n| p/Floosietek FTgate webmail httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html;\r\n.*<TITLE>Aastra ([\w._+-]+)</TITLE>|s p/Aastra $1 VoIP phone http config/ d/VoIP phone/ cpe:/h:aastra:$1/a
match http m|^HTTP/1\.0 200 OK\r\n.*<img src=\"images/chumby_logo\.png\">.*<font size=10>Welcome to Chumby</font>|s p/Chumby chumbhttpd/ d/media device/
match http m|^HTTP/1\.1 200 OK\n.*<resolved count='\d+' ommitted='\d+' chumbhowld_ver='([\w._-]+)'>|s p/Chumby chumbhowld/ v/$1/ d/media device/
match http m|^HTTP/1\.1 200 OK\r \nContent-type: text/xml\r\n.*<resolved count='\d+' ommitted='\d+' chumbhowld_ver='([\w._-]+)'>\n</resolved>\r\n|s p/Chumby One chumbhowld/ v/$1/ d/media device/
match http m|^HTTP/1\.1 200 OK\r \nContent-type: text/xml\r\n.*<resolved count='\d+' ommitted='\d+' chumbhowld_ver='([\w._-]+)'>\n<resolve interface='\d+' name='([\w._-]+)' type='_http\._tcp\.'|s p/Chumby One chumbhowld/ v/$1/ d/media device/ h/$2/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<html>\r\n.*if \(window != top\) {\r\n\t\t\t\t\t\t// Load page in the top frame\.\r\n\t|s p/Dell OpenManage httpd/ d/remote management/ cpe:/a:dell:openmanage/
match http m|^HTTP/1\.1 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"Linksys BEFSR41v3\"\r\n| p/Linksys BEFSR41v3 http config/ d/broadband router/ cpe:/h:linksys:befsr41v3/a
match http m|^HTTP/1\.1 200 OK\r\n.*<title>ZyWALL ([\w._+-]+)</title>|s p/ZyXEL ZyWALL $1 http config/ d/security-misc/
match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Server:  \r\n)?Cache-Control: no-cache, private\r\nPragma: no-cache\r\nExpires: Mon, 16 Apr 1973 13:10:00 GMT\r\n.*<title>ZyWALL ([ \w._+-]+)</title>|s p/ZyXEL ZyWALL $1 http config/ d/security-misc/ cpe:/h:zyxel:zywall_$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Server:  \r\n)?Cache-Control: no-cache, private\r\nPragma: no-cache\r\nExpires: Mon, 16 Apr 1973 13:10:00 GMT\r\n.*<title>(U[\w._+-]+)</title>|s p/ZyXEL ZyWALL $1 http config/ d/security-misc/ cpe:/h:zyxel:zywall_$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Server:  \r\n)?Cache-Control: no-cache, private\r\nPragma: no-cache\r\nExpires: Mon, 16 Apr 1973 13:10:00 GMT\r\n|s p/ZyXEL ZyWALL http config/ d/security-misc/
match http m|^HTTP/1\.1 200 OK\r\nContent-length: \d+\r\nExpires: -1\r\nContent-type: application/sxp\r\nPragma: no-cache\r\nCache-control: no-cache\r\n\r\n\(ls \)| p/Xen http config/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"NB5580\"\r\n| p/Netcomm NB5580 http config/ d/broadband router/ cpe:/h:netcomm:nb5580/a
match http m|^HTTP/1\.0 302 Found\nServer: Alpha_webserv\nDate: .*\r\nContent-Type: text/html\nAccept-Ranges: bytes\nLocation: /public/login\.htm\nX-Pad: avoid browser bug\n\n| p/D-Link DIR-100 http config/ d/broadband router/ cpe:/h:dlink:dir-100/a
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n.*<font color=\"#FFFFFF\" size=\"4\">Cisco Systems, Inc\. IP Phone (CP-\w+) \( (\w+) \)|s p/Allegro RomPager/ v/$1/ i/Cisco $2 VoIP phone http config; serial $3/ d/VoIP phone/ cpe:/a:allegro:rompager:$1/ cpe:/h:cisco:$2/a
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n\r\n<HTML>\n<HEAD>\n<TITLE>NetBotz Network Monitoring Appliance -  </TITLE>|s p/Allegro RomPager/ v/$1/ i/NetBotz network monitor http config/ d/security-misc/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 302 Redirect\r\nServer: GoAhead-Webs\r\nDate: .*\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://Device/config/log_off_page\.htm\r\n|s p/GoAhead WebServer/ i/LinkSys SLM2024 or SRW2008 - SRW2016 switch http config/ d/switch/ cpe:/a:goahead:goahead_webserver/a
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: WebtoB/([\w._-]+)\r\n| p/TmaxSoft WebtoB httpd/ v/$1/
match http m|^HTTP/1\.0 200 .*<head><meta http-equiv=\"refresh\" content=\"0; URL=cgi-bin/webif/info\.awx\" /><title>Webif&sup2; Administration Console</title>|s p/X-WRT Webif WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\n.*<TITLE>\r\nWorkCentre (\d+) - [\d.]+\r\n</TITLE>|s p/Fuji-Xerox WorkCentre $1 printer http config/ d/printer/
match http m|^HTTP/1\.0 200 OK\r\n.*<title>VoIP ATA400 \(4FXS\) Web Configuration Pages</title>|s p/4FXS ATA400 VoIP adapter http config/ d/VoIP adapter/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Linksys (WAG\w+)\n\"\r\n| p/Linksys $1 WAP http config/ d/WAP/ cpe:/h:linksys:$1/a
match http m|^HTTP/1\.[01] 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: iPhone lighttpd\r\n|s p/iPhone lighttpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n.*<A HREF=\"/nic/printerstat\"><IMG SRC=\"/nic/Images/but3\.jpg\"|s p/Allegro RomPager/ v/$1/ i/Kyocera 7035 printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:kyocera:7035/a
match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: ALEX_.*\r\nServer: Alexandrie\d+ \(by GBConcept\)\r\n|s p/GBConcept Alexandrie httpd/
match http m|^HTTP/1\.0 200 OK\r\nServer: XmskSvr\r\nContent-Type: text/plain\r\nContent-Length: \d+\r\n\r\nX-MSK http Server ([\w._-]+) | p/Xensoft X-MSK httpd/ v/$1/
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n.*<TITLE>RICOH FAX (\w+) / RICOH Network Printer|s p/Allegro RomPager/ v/$1/ i/Richoh $2 printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.[01] 401 Unauthorized.*\r\nWWW-Authenticate: Basic [rR]ealm=\"DSL-(\w+)\"|s p/D-Link $1 DSL router http config/ d/broadband router/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.1 200 .*<title>Apt-cacher version ([\w._-]+): Daemon mode</title>|s p/Apt-cacher httpd/ v/$1/ cpe:/a:debian:apt-cacher:$1/
match http m|^HTTP/1\.1 404 .*<title>Not Found, APT Reconfiguration required</title>|s p/Apt-cacher-ng httpd/ i/misconfigured/ cpe:/a:debian:apt-cacher/
match http m|^HTTP/1\.0 200 OK\r\nServer: inets/develop\r\n.*{\"couchdb\": \"Welcome\", \"version\": \"([\w._-]+)\"}\n|s p/CouchDB REST httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: MochiWeb/1\.0 \(.*?\)\r\nDate: .*\r\nContent-Type: text/plain;charset=utf-8\r\nContent-Length: \d+\r\nCache-Control: must-revalidate\r\n\r\n{\"couchdb\":\"Welcome\",\"version\":\"([^"]+)\",\"couchbase\":\"([^"]+)\"}\n| p/CouchDB REST httpd/ v/$1/ i/couchbase $2/ cpe:/a:mochiweb_project:mochiweb/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\nCache-Control: no-cache\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"DSL Router\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H4>401 Unauthorized</H4>\nAuthorization required\.\n| p/micro_httpd/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 200(?:[^\r\n]+\r\n)*?\r\n\r\n<HTML><HEAD><TITLE>Lankacom RouterOS Managing Webpage</TITLE>|s p/Lankacom router http config/ d/router/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Comanche/([\w._-]+) \(unix\) \r\n|s p/Comanche smalltalk httpd/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\n\r\n.*<br>Ability FTP Server ([\w._-]+) by Code-Crafters<br>|s p/Code-Crafters Ability FTP Server http interface/ v/$1/ o/Windows/ cpe:/a:code-crafters:ability_ftp_server:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: WYM/([\w._-]+)\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Welcome to IPCam !\"\r\n| p/WYM httpd/ v/$1/ i/Grandtec wifi webcam http config/ d/webcam/
match http m|^HTTP/1\.0 404 Error 404 : Domain Not Found.*\r\nServer: MMM BosServer/([\w._-]+)\r\n|s p/MMM BosServer httpd/ v/$1/
match http m|^HTTP/1\.0 200 CREATED\r\nDate: .*\r\nExpires: .*\r\nServer: WhatsUp_Gold/([\w._-]+)\r\n| p/WhatsUp Gold httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nServer: SNARE/([\w._-]+)\r\nMIME-version: [\d.]+\r\nContent-type: text/html\r\n\r\n<HTML><head><title>InterSect Alliance - Information Technology Security</title>| p/InterSect Alliance SNARE httpd/ v/$1/ cpe:/a:intersectalliance:system_intrusion_analysis_and_reporting_environment:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: SimpleHTTP/([\w._-]+) Python/([\w._-]+)\r\n.*<title>NPAD Diagnostics|s p/NPAD Diagnostics httpd/ i/SimpleHTTP $1; Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/
match http m|^HTTP/1\.1 401 Unathorized\r\nWWW-Authenticate: BASIC realm=\"PY Software Active WebCam\"\r\n| p/PY Software Active webcam httpd/ d/webcam/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Linksys WAG200G \"\r\n| p/Linksys WAG200G http config/ d/WAP/ cpe:/h:linksys:wag200g/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"Thomson_cwmp_([\w._-]+)\", nonce=| p/Thomson TR-069 remote access/ v/$1/ d/broadband router/
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Thomson\"\r\nConnection: close\r\nPragma: no-cache\r\n\r\n<html><head><title>HTTP 401 - Unauthorized</title></head><body><h4>HTTP 401 - Unauthorized</h4><p>Authorization is required to access the configuration server\.<p>You must enter the correct username and/or password\.</body></html>\r\n$| p/Thomson TWG850 router http config/ d/router/ cpe:/h:thomson:twg850/
match http m|^HTTP/1\.0 200 OK\r\nServer: sks_www/([\w._-]+)\r\n| p/SKS OpenPGP Key Server httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nCOMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition\r\n| p/Microsoft Commerce Server 2002 httpd/ o/Windows/ cpe:/a:microsoft:commerce_server:2002/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\n<title>EpsonNet WebManager</title>|s p/EpsonNet WebManager httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nServer: SilverStream Server/([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"Novell exteNd Application Server\"\r\n| p/SilverStream httpd/ v/$1/ i/Novell exteNd Application Server/
match http m|^HTTP/1\.0 \d\d\d .*<title>EvoCam</title>\n</head>\n\n<body bgcolor=\"e3e3e3\">\n<center>\n<applet archive=\"evocam\.jar\" code=\"com\.evological\.evocam\.class\"|s p/Evological Evocam http config/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.0 200\r\n.*<font size=\"1\" face=\"Verdana\" color=\"#FF3300\">UDS10/100/IAP\r\nVersion ([\w._-]+)&nbsp;|s p/Lantronix UDS10 ethernet-serial http config/ v/$1/ d/specialized/
match http m|^HTTP/1\.1 200 OK\r\nServer: TriActive MicroAgent \(([\w._-]+)\)\r\n| p/TriActive MicroAgent httpd/ v/$1/
match http m|^HTTP/1\.0 302 Found\r\nLocation: /login\.app\r\nContent-Lenght: 0\r\n\r\n$| p/NetXMS httpd/
match http m|^HTTP/1\.1 200 OK\r\nCONTENT-LANGUAGE:\r\nCONTENT-LENGTH: 0\r\nCONTENT-TPYE: text/xml\r\nDATE: .*\n\r\n\r\n\(null\)| p/Syabas Popcorn Hour media player http config/ d/media device/ cpe:/h:syabas:popcorn_hour/
match http m|^HTTP/1\.0 404 Not Found\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>404 Not Found</TITLE><H1>Requested file not exist! \(404 Not Found\)</H1>\n<BR>\n</BODY></HTML>\n$| p/Syabas Popcorn Hour media player BitTorrent interface/ d/media device/ cpe:/h:syabas:popcorn_hour/
match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nServer: RadiaMessagingService/([\w._-]+)\r\n| p/HP SIM NVDKIT.exe http config/ i/RadiaMessagingService $1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Virata-EmWeb/R([\d_]+)\r\n.*<hr noshade size=\"3\" width=\"100%\">\n<p class=\"alert\">\nYou need to supply a valid user name and password\.\n|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Allied Data CopperJet http config/ d/broadband router/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nServer: SMSSMTPHTTP\r\n| p/Symantec smtp mail security http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: MediabolicMWEB/([\w._-]+)\r\n|s p/Mediabolic http config/ v/$1/ d/storage-misc/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: MediabolicMWEB/\r\nConnection: close\r\n\r\n<h1>Error</h1>Page not found!\r\n$|s p/Mediabolic http config/ i/Thecus N5200 NAS/ d/storage-misc/ cpe:/h:thecus:n5200/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Ubicom/([\w._-]+)\r\n.*<title>SMC StreamEngine Router : Login</title>|s p/Ubicom httpd/ v/$1/ i/SMC StreamEngine router http config/ d/router/ cpe:/a:ubicom:httpd:$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: d-Box network\r\n\r\n| p/Dreambox streaming audio httpd/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nDate: .*\r\nServer: jtvchat\r\n\r\n<html>\n<head><title>Justin\.tv chat servers</title>| p/justin.tv chat server httpd/
match http m|^HTTP/1\.0 200 OK\r\n.*\r\n<TITLE>bric_web_gui</TITLE>\r\n</HEAD>\r\n<BODY bgcolor=\"#555577\">\r\n<!-- URL's used in the movie-->\r\n<!-- text used in the movie-->|s p/Comrex Access BRIC http config/ d/telecom-misc/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w._-]+)\r\n.*<!-- saved from url=\(\d+\)http://internet\.e-mail -->.* \r\n<link href=\"miniAP\.css\"|s p/RapidLogic httpd/ v/$1/ i/3Com 7760 WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:3com:7760/a
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: I\.T\. Watchdogs, Inc\. Embedded Web Server \(v([\w._-]+)\)\r\n| p/I.T. Watchdogs Embedded httpd/ v/$1/ d/specialized/
match http m|^HTTP/1\.0 200 (?:OK)?\r\nServer: A-B WWW/([\w._-]+)\r\n.*<title>1763-|s p/Allen-Bradley 1763 MicroLogix 1100 logic controller http config/ i/A-B WWW $1/ d/specialized/
match http m|^HTTP/1\.0 200 OK\r\nPragma:no-cache\r\n.*<title>IBM NPS 540\+/542\+; IP address:|s p|IBM NPS 540+/542+ print server http config| d/print server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: UltiDev Cassini/([\w._-]+)\r\n| p/UltiDev Cassini httpd/ v/$1/ o/Windows/ cpe:/a:ultidev:cassini:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Swiftbase Ltd\. Embedded Web Server \(v([\w._-]+)\)\r\n.*<TITLE>Swift-CM2</TITLE>|s p/Swiftbase Ltd. Climate Monitor http config/ v/$1/ d/specialized/
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n.*<title>\nLexmark C500</title>|s p/Allegro RomPager/ v/$1/ i/Lexmark C500 printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:lexmark:c500/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Siemens ADSL SL2-141\"\r\n|s p/micro_httpd/ i/Siemens SL2-141 ADSL router http config/ d/broadband router/ cpe:/a:acme:micro_httpd/ cpe:/h:siemens:sl2-141/a
match http m|^HTTP/1\.0 401 Not Authorized\r\nServer: RapidLogic/([\w._-]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Modem Secure\"\r\n| p/RapidLogic httpd/ v/$1/ i/Westell Wirespeed DSL modem http config/ d/broadband router/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: NT40\r\n.*<title>NT([\w._-]+) - Multiprotocol chat tool</title></head><body><BR><BR><center><b>NT4\.0 Network</b><br><br>Server: (\S+) - \(([\w._-]+)\)<br>Local users connected: (\d+) // Connected to \d+ servers</center><br>Service uptime: ([\d:]+)<br>|s p/NT4.0 Multiprotocol Chat httpd/ v/$1/ i/Name $2; Users $4; Uptime $5/ h/$3/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: http server\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nWWW-Authenticate: Basic realm=\"Citadel\"\r\n| p/Atera Networks Citadel firewall http config/ d/firewall/
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: IST OIS\r\n.*<title>Phone&nbsp;Station&nbsp;Information</title>|s p/AllWorx 9212 VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: Agranat-EmWeb/R([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"GbE2c Ethernet Blade Switch for HP c-Class BladeSystem\"\r\n\r\n401 Unauthorized\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/HP GbE2c Ethernet Blade Switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: Agranat-EmWeb/R([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(GbE2c) L2/L3 Ethernet Blade Switch(?: \(TACACS server enabled\))?\"\r\n\r\n401 Unauthorized\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/HP $2 Ethernet Blade Switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 200 Okay\r\n(?:[^\r\n]+\r\n)*?Server: PLT Scheme\r\n|s p/PLT Scheme httpd/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Swazoo ([\w._-]+) Smalltalk Web Server\r\n| p/Swazoo Smalltalk httpd/ v/$1/
match http m|^HTTP/1\.1 401 OK\r\nContent-Length: 0\r\nConnection: Keep-Alive\r\nWWW-Authenticate: Basic realm=\"/\"\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nEXT: UCoS, UPnP/1\.0, UDI/1\.0\r\n| p/Universal Devices Insteon home automation http config/ d/specialized/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: AUTHKEY=\r\n.*<TITLE>Welcome to Mailtraq WebMail</TITLE>|s p/Mailtraq WebMail httpd/ o/Windows/ cpe:/a:mailtraq:mailtraq/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nServer: TopLayer/([\w._-]+)\r\n.*ALT=\"Welcome to the AppSwitch\"|s p|Top Layer Networks AppSafe/AppSwitch IDS http config| v/$1/
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Mbedthis-AppWeb/([\w._-]+)\r\n.*<title>BT Home Hub manager - Home</title>|s p/Mbedthis-Appweb/ v/$1/ i/BT Home Hub http config/ d/broadband router/ cpe:/a:mbedthis:appweb:$1/
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: MoxaHttp/([\w._-]+)\r\n.*<TITLE>NPort Web Console</TITLE>|s p/MoxaHttp/ v/$1/ i/Moxa NPort serial to IP http config/ d/specialized/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: MoxaHttp/([\w._-]+)\r\n|s p/MoxaHttp/ v/$1/ d/specialized/
match http m|^HTTP/1\.1 200 OK\r\nDate: Wed, 19 Feb 2003 09:00:00 GMT\r\nServer: Http/1\.0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nContent-length: 22016\r\nSet-Cookie: ChallID=\d+\r\n\r\n| p/MoxaHttp/ d/specialized/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-store\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html>\n<style>a{text-decoration:none}</style>\n<body vlink=black bgcolor=\"#99ccff\">\n<center>\n<h1>Invalid Access</h1>\n</center>\n</p></body>\n</html>\n\n\n| p/Cisco ATA186 VoIP adapter http config/ d/VoIP adapter/ cpe:/h:cisco:ata186/a
match http m|^HTTP/1\.0 200 OK\r\nServer: http server ([\w._-]+)\r\nContent-type: text/html; charset=\(null\)\r\n.*<script>location\.href=\"http://\"\+location\.hostname\+\":\"\+8080\+\"/\";</script></head></html>\n$|s p/QNAP TS-109 NAS http config/ v/$1/ d/storage-misc/ cpe:/h:qnap:ts-109/
match http m|^HTTP/1\.0 200 OK\r\nServer: http server ([\w._-]+)\r\n.*<title>NAS</title>\n<script language=\"JavaScript\">\n\nfunction setCookie\(name, value, expires\)\n|s p/QNAP TS-109-II NAS http config/ v/$1/ d/storage-misc/ cpe:/h:qnap:ts-109-ii/
match http m|^HTTP/1\.0 200 OK\r\nServer: http server ([\w._-]+)\r\n.*<script>\npr=\(document\.location\.protocol == 'https:'\) \? 'https' : 'http';\npt=\(location\.port == ''\) \? '' : ':' \+ location\.port;\nredirect_suffix = \"/redirect\.html\?count=\"\+Math\.random\(\);|s p/QNAP TS-219, TS-239, or TS-509 NAS http config/ v/$1/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nServer: http server ([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Content-length: 553\r\n.*{\nlocation\.href=pr\+\"://\"\+location\.hostname\+pt\+redirect_suffix;\n}\nelse\t//could be ipv6 addr\n|s p/QNAP HS-210 or TS-219P NAS http config/ v/$1/ d/storage-misc/ cpe:/h:qnap:ts-219p/
# TS-659 or TS-859U-RP+
# QNAP NAS TS-809U, QNAP HS-210
match http m|^HTTP/1\.0 200 OK\r\nServer: http server ([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Content-length: 291\r\n.*if\(location\.hostname\.indexOf\(':'\) == -1\){location\.href='http://'\+location\.hostname\+':'\+8080\+'/';\n}|s p/QNAP HS-210, TS-659, TS-809U, or TS-859U NAS http config/ v/$1/ d/storage-misc/ o/Linux/ cpe:/o:linux:linux_kernel:2.6/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: http server 1\.0\r\n| p/QNAP NAS http config/ d/storage-misc/
match http m|^HTTP/1\.0 302 Found\r\nServer: http server ([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Location: https://\r\n<HTML><HEAD><TITLE>302 Found</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H2>302 Found</H2>\nThe actual URL is '/'\.\n$|s p/QNAP TS-419P+ NAS http config/ v/$1/ d/storage-misc/ cpe:/h:qnap:ts-419p%2b/
match http m|^HTTP/1\.0 501 Not Implemented\r\nServer: http server ([\w._-]+)\r\nContent-type: text/html\r\n.*<script type=\"text/javascript\" src=\"/ajax_obj/extjs/adapter/ext/ext-base\.js\"></script>\n<script> IEI_NAS_BUTTON_BACK=\"Back\";</script>|s p/QNAP Turbo or TS-459 Pro+ NAS http config/ v/$1/ d/storage-misc/
match http m|^HTTP/1\.0 404 no application for: /\r\nServer: HttpServer\r\n\r\n$| p/Galleon TiVo Application Port http config/ d/media device/
match http m|^HTTP/1\.0 404 File not found\r\nServer: HttpServer\r\n\r\n$| p/Galleon TiVo Publishing Port http config/ d/media device/
match http m|^HTTP/1\.1 302 Redirect\r\nServer: GoAhead-Webs\r\nDate: .*\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://\(null\)/config/log_off_page\.htm\r\n\r\n| p/GoAhead WebServer/ i/Dell PowerConnect Gigabit switch http config/ d/switch/ cpe:/a:goahead:goahead_webserver/a
match http m|^HTTP/1\.0 301 Moved Permanently\r\nContent-Length: 0\r\nConnection: close\r\nLocation: /main/main\.html\r\nServer: debut/([\w._-]+)\r\n\r\n| p/debut httpd/ v/$1/ i/Brother MFC-8860DN printer http config/ d/printer/ cpe:/h:brother:mfc-8860dn/a
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nServer: Avocent DSView ([\w._/-]+)\r\nLocation: https://([\w._-]+)/dsview/\r\nConnection: close\r\n\r\n| p/Avocent DSView remote management httpd/ v/$1/ h/$2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: RAID HTTPServer/([\w._-]+)\r\n| p/Sun StorEdge 3511 http config/ v/$1/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n.*<title>Samsung Printer Status</title>.*var contentURI = \"/general/printerDetails\.htm\"|s p/Samsung printer http config/ d/printer/
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nServer: Ubicom/([\w._-]+)\r\n.*<title>NETGEAR WNHDE111 |s p/Ubicom httpd/ v/$1/ i/Netgear WNHDE111 WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/ cpe:/h:netgear:wnhde111/a
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Server\r\n.*<title>[nN]euf ?box -&nbsp;Accueil</title>|s p/SFR Neuf Box DSL modem http config/ d/broadband router/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Axigen-Webmail\r\n|s p/Axigen webmail httpd/ cpe:/a:gecad:axigen_mail_server/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Axigen-Webadmin\r\n|s p/Axigen webadmin httpd/ cpe:/a:gecad:axigen_mail_server/
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n\r\n<HTML><HEAD>\n<META NAME=\"GENERATOR\" CONTENT=\"Microsoft FrontPage 3\.0\">\n<TITLE></TITLE>.*<frame NAME=\"fInfo\" scrolling=\"no\" noresize src=\"/html/Hlogin\.html\"|s p/Allegro RomPager/ v/$1/ i/Amer.com SSR22i switch http config/ d/switch/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nServer: eSoft\r\nX-Powered-By: PHP/([\w._-]+)\r\nLocation: https://ThreatWall/\r\n| p/eSoft ThreatWall IPS http config/ i/PHP $1/ d/security-misc/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: NetPort Software ([\w._-]+)\r\nDate: .*\r\nContent-type: text/html\r\n\r\n<html>\n<head>\n<title>(.*) - VSX 7000A</title>| p/NetPort httpd/ v/$1/ i/Polycom VSX 7000A http config; name $2/ d/webcam/ cpe:/h:polycom:vsx_7000a/a
match http m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Virata-EmWeb/R([\w._-]+)\r\nLocation: https://[\w._-]+/\+webvpn\+/index\.html\r\n| p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Cisco WebVPN http config/ d/security-misc/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 200 OK\r\nServer: dtHTTPd/([\w._-]+)\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\"><HTML><HEAD><TITLE>(UX-\w+)</TITLE>| p/dtHTTPd/ v/$1/ i/Sharp Broadband $2 Fax http config/ d/printer/ cpe:/h:sharp:$2/
match http m|^HTTP/1\.0 200 OK\r\nServer: dtHTTPd/([\w._-]+)\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\"><HTML><HEAD><TITLE>(FO-\w+)</TITLE>| p/dtHTTPd/ v/$1/ i/Sharp $2 printer http config/ d/printer/ cpe:/h:sharp:$2/
match http m|^HTTP/1\.1 200 OK\r\nServer: Conexant-EmWeb/R([\w._-]+) SIPGT/([\w._-]+)\r\n.*<title>Login page</title>.*<img src=\"images/ixlogga\.gif\"|s p/Conexant-EmWeb/ v/$SUBST(1,"_",".")/ i/Intertex IX68 WAP http config; SIPGT $2/ d/WAP/ cpe:/a:conexant:emweb:$SUBST(1,"_",".")/a cpe:/h:intertex:ix68/a
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n.*<title>NOTE: The requested URL could not be retrieved</title>.*background-image: url\(/html/de/images/bg_ramp\.jpg\);\r\n|s p/AVM FRITZ!Box WAP http config/ d/WAP/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n.*<title>Note: The requested URL could not be retrieved\.</title>.*background-image: url\(\.\./\.\./de/images/bg_ramp\.jpg\);\n|s p/AVM FRITZ!Box WLAN 7270 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: \d+\r\nContent-Type: text/html.*\r\nPragma: no-cache\r\nServer: Webserver\r\nWWW-Authenticate: Basic realm=\"HTTPS Access\"\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized \(ERR_ACCESS_DENIED\)</TITLE></HEAD><BODY><H1>401 Unauthorized</H1><BR>ERR_ACCESS_DENIED<HR><B>Webserver</B>| p/AVM FRITZ!Box WAP http config/ d/WAP/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: lighttpd[/ ]([\d.]+) \(([^)]+)\)\r\n|si p/lighttpd/ v/$1/ i/$2/ cpe:/a:lighttpd:lighttpd:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: lighttpd[/ ]([\d.]+)\r\n|si p/lighttpd/ v/$1/ cpe:/a:lighttpd:lighttpd:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: lighttpd|si p/lighttpd/ cpe:/a:lighttpd:lighttpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\nCache-Control: no-cache\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"U\.S\. Robotics ADSL Router\"\r\n| p/micro_httpd/ i/USRobotics USR9107A ADSL http config/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\nDate: .*<SCRIPT language=Javascript src=\"language_us\.js\"></SCRIPT>\n<SCRIPT>assign_var\(\);</SCRIPT>\n<SCRIPT language=JavaScript src=\"showMenu\.js\"></SCRIPT>\n<SCRIPT>\n\tvar helpItem \t='indexa';|s p/Belkin N1 F5D8231-4 WAP http config/ d/WAP/ cpe:/h:belkin:n1_f5d8231-4/a
match http m|^<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/1999/REC-html401-19991224/loose\.dtd\">\n<HTML>\n<HEAD>\n<TITLE>Mac OS X Personal Web Sharing</TITLE>.*<H1>Your website here\.</H1>|s p/REALbasic 2008 example httpd/
match http m|^HTTP/1\.1 200\r\n.*<TITLE>ProjectorView Control System</TITLE>.*CODE=com\.mitsubishi\.x500u\.X500UApplet\.class\r\n|s p/Mitsubishi Projector XD1000 http config/ d/media device/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\nCache-Control: no-cache\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Wireless Router\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H4>401 Unauthorized</H4>\nAuthorization required\.\n| p/Asus wl-600g WAP http config/ d/WAP/ cpe:/a:acme:micro_httpd/ cpe:/h:asus:wl-600g/a
match http m|^HTTP/1\.0 301 Moved Permanently\r\nCache-Control: no-cache\r\nConnection: close\r\nPragma: no-cache\r\nLocation: /TopAccess/default\.htm\r\nServer: TOSHIBA TEC CORPORATION\r\n| p/Toshiba Tec printer http config/ d/printer/
match http m|^HTTP/1\.0 303 See Other\r\nLocation: http://[\w._-]+:8080\r\n\0 .*\rContent-Length: 0\r\n\r\n| p|Toshiba e-STUDIO 233 copier/printer/fax http config| d/printer/
match http m|^HTTP/1\.1 302 Redirect\r\nServer: GoAhead-Webs\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://[\w._-]+/index\.asp\r\n\r\n<html><head></head><body>\r\n\t\tThis document has moved to a new| p/GoAhead WebServer/ i/Dell PowerConnect 3024 switch http config/ d/switch/ cpe:/a:goahead:goahead_webserver/ cpe:/h:dell:powerconnect_3024/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: GoAhead-Webs\r\nDate: .*\r\nConnection: Close\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://\xee{64}/index\.html\r\n\r\n<html><head></head><body>\r\n\t\tThis document has moved to a new| p/GoAhead WebServer/ i/Allen-Bradley ControlLogix 1769-L35E automation controller http config/ d/specialized/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.1 200 OK\n\n<html>\n<head>\n<title>Touchstone Status</title>| p/Arris Touchstone cable modem http config/ d/broadband router/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\nCache-Control: no-cache\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"ROTAL Wireless ADSL2\+ Router\"\r\n| p/micro_httpd/ i|ROTAL/Dynalink WAP http config| d/WAP/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Oversee Webserver v([\w._-]+)\r\n| p/Oversee httpd/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: GlobalSCAPE-Secure Server/([\w._-]+)\r\n| p/GlobalSCAPE Secure Server httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: GlobalSCAPE-EFTServer/([\w._-]+)\r\n| p/GlobalSCAPE EFT Server httpd/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm=\"\"\r\nContent-Length: .*\r\nCache-control: private\r\nPragma: no-cache\r\nConnection: close\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\n\r\n| p/GlobalSCAPE EFT Server httpd/
match http m|^<html>\n\n<head>\n<title>HTML-Konfiguration</title>\n\n<SCRIPT language=\"JavaScript\">\n<!--\n\n\nfunction rahmen\(but,high\)| p|Targa WR500/Speedport WV500V WAP http config| i/Bitswitcher firmware/ d/WAP/
match http m|^\[ menu  \]   - Control packet filtering\r\n5 - Logs            \[ menu  \]   - Alarm and log control\r\n6HTTP/1\.0 200 OK\r\n.*<font color=\"#ffffff\">Aironet BR500E V([\w._-]+)</td>|s p/Cisco Aironet BR500E WAP http config/ v/$1/ d/WAP/ cpe:/h:cisco:aironet_br500e/a
match http m|^HTTP/1\.1 401 Authorization Required\r\nDate: .*\r\nServer: mini-http/([\w._-]+) \(unix\)\r\nConnection: close\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=user\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">| p/Kemp 2500 load balancer http config/ i/mini-http $1/ d/load balancer/ o/Unix/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: \"Pi3Web/([\w._-]+)\"\r\n|s p/Pi3Web httpd/ v/$1/
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"VoIP841\"\r\n(?:[^\r\n]+\r\n)*?Server: simple httpd ([\w._-]+)\r\n|s p/simple httpd/ v/$1/ i/Philips DECT VoIP841 http config/ d/VoIP phone/ cpe:/h:philips:dect_voip841/a
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"SPH200D\"\r\n(?:[^\r\n]+\r\n)*?Server: simple httpd ([\w._-]+)\r\n|s p/simple httpd/ v/$1/ i/Netgear SPH200D http config/ d/VoIP phone/ cpe:/h:netgear:sph200d/a
match http m|^HTTP/1\.1 403 Forbidden\r\nServer: Mediasite Web Server/([\w._-]+)\r\nDate: .*\r\nContent-Length: \d+\r\nHttpConnection: Close\r\n| p/SonicFoundry MediaSite httpd/ v/$1/ d/media device/
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Mbedthis-Appweb/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: PHP/([\w._-]+)\r\n.*<title>([\w._-]+) : Log In - Juniper Networks Web Management</title>|s p/Mbedthis-Appweb/ v/$1/ i/Juniper router http config; PHP $2; name $3/ d/router/ cpe:/a:mbedthis:appweb:$1/ cpe:/a:php:php:$2/
match http m|^HTTP/1\.1 302 Redirect\r\nServer: GoAhead-Webs\r\n(?:[^\r\n]+\r\n)*?Location: https://Device/config/log_off_page\.htm\r\n|s p/GoAhead WebServer/ i/Linksys SRW2024 switch http config/ d/switch/ cpe:/a:goahead:goahead_webserver/ cpe:/h:linksys:srw2024/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Type: text/html\r\nConnection: close\r\n(?:Pragma: no-cache\r\n)?WWW-Authenticate: Basic realm=\"Netcam\"\r\nContent-Length: 17\r\n\r\n401 Unauthorized\n$| p/Airlink 101 or TRENDnet TVIP-422w webcam http config/ d/webcam/ cpe:/h:trendnet:tvip-422w/a
match http m|^HTTP/1\.1 503 Service Unavailable\r\nServer: NS([\w._-]+)\r\nContent-Length:\d+\r\n| p/Citrix NetScaler httpd/ v/$1/ d/load balancer/
match http m|^HTTP/1\.1 [45]\d\d (.*)\r\nContent-Length: ?\d+\r\nConnection: close\r\nCache-Control: no-cache,no-store\r\nPragma: no-cache\r\n\r\n<html><body>(?:<b>)?Http/1\.1 \1| p/Citrix NetScaler httpd/ d/load balancer/
match http m|^HTTP/1\.1 500 Internal Server Error\r\nContent-Length:71\r\nConnection: close\r\nCache-Control: no-cache,no-store\r\nPragma: no-cache\r\n\r\n<html><body><b>Http/1\.1 Internal Server Error 31    </b></body> </html>$| p/Citrix NetScaler httpd/ d/load balancer/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nLast-Modified: .*\r\nContent-Language: en\r\nContent-Length: \d+\r\nServer: Wireless Network Camera\r\n\r\n<html>\r\n<frameset rows=\"2000,0\" border=\"0\" frameborder=\"no\" framespacing=\"0\">| p/LevelOne WCS-2030 webcam http config/ d/webcam/ cpe:/h:levelone:wcs-2030/a
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: wg_httpd/([\w._-]+)\(based Boa/([\w._-]+)\)\r\n.*<title>WebEye Index Page</title>\n<meta name=\"generator\" content=\"WebGateInc\">|s p/wg_httpd/ v/$1/ i/WebGateInc WebEye webcam http config; based on Boa $2/ d/webcam/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Nano HTTPD library\r\n|s p/Ferhat Ayaz's Nano httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Transmission\r\nWWW-Authenticate: Basic realm=\"Transmission\"\r\n| p/Transmission BitTorrent management httpd/ i/unauthorized/ cpe:/a:transmissionbt:transmission/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Transmission\r\nContent-Type: text/html; charset=ISO-8859-1\r\n| p/Transmission BitTorrent management httpd/ i/unauthorized/ cpe:/a:transmissionbt:transmission/
match http m|^HTTP/1\.0 403 Forbidden\r\nServer: Transmission\r\nContent-Type: text/html; charset=ISO-8859-1\r\n| p/Transmission BitTorrent management httpd/ i/unauthorized/ cpe:/a:transmissionbt:transmission/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nServer: Transmission\r\nLocation: .*?/web/\r\nContent-Type: text/html; charset=ISO-8859-1\r\n\r\n| p/Transmission BitTorrent management httpd/ cpe:/a:transmissionbt:transmission/
match http m|^HTTP/1\.0 409 Conflict\r\nServer: Transmission\r\n| p/Transmission BitTorrent management httpd/ cpe:/a:transmissionbt:transmission/
match http m|^HTTP/1\.1 200 .*<meta http-equiv=\"Refresh\" content=\"2; url=/transmission/web/\">\r\n.*<p>redirecting to <a href=\"/transmission/web\">/transmission/web/</a></p>|s p/Transmission BitTorrent management httpd/ cpe:/a:transmissionbt:transmission/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: GoAhead-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"WebAdmin\"\r\n.*<p>Access to this document requires a User ID</p>|s p/GoAhead WebServer/ i/TeleWell TW-EA510 ADSL router http config/ d/broadband router/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Enigma2 WebInterface Server ([\w._-]+) \r\n|s p/Enigma2 Dreambox http config/ v/$1/ d/media device/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: DPH-140\r\nWWW-Authenticate: Digest realm=\"DPH-140\"| p/D-Link DPH-140 VoIP phone http config/ d/VoIP phone/ cpe:/h:dlink:dph-140/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Topfield PVR Web Server\"\r\n\r\n| p/Topfield HDPVR satellite decoder http config/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nAccept-Ranges: bytes\r\nContent-Type: text/html\r\n\r\n.*<font size=\+3>WAGO-Ethernet TCP/IP PFC</font>.*<td>Firmware revision</td>\n\n<td>([^<]+)</td>.*<td>Hardware address</td>\n\n<td>(\w+)</td>|s p/Wago ethernet controller http config/ v/$1/ i/MAC $2/
match http m|^HTTP/1\.0 200 OK\r\nServer: vxTri's Versatile Smart Server \(TVSS\) V ([\w._-]+)\r\nSet-Cookie: Intoto=.*<title> Login Screen </title>|s p/vxTri's Versatile Smart Server httpd/ v/$1/ i/Adtran Netvanta 2100 VPN Gateway http config/ d/security-misc/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Hauppauge's DVB EPG Webserver v([\w._-]+)\r\n| p/Hauppauge DVB EPG http config/ v/$1/ d/media device/
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: HCW_DVB_EPG_SERVER_([\w._-]+)\r\n.*<title>Hauppauge EPG</title>\r\n|s p/Hauppauge DVB EPG http config/ v/$SUBST(1,"_",".")/ d/media device/
match http m|^HTTP/1\.0 200 Ok.*<IMG SRC=\"compaq\.gif\" ALT=\"COMPAQ\"><BR>\r\n<H3>Remote Insight Lights-Out Edition<BR></H3>|s p|HP/Compaq Integrated Lights-Out http config| d/remote management/ cpe:/h:hp:integrated_lights-out/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nCache-Control: no-cache\r\n\r\n<html>\n<head>\n<title> Home </title>\n<script src=\"script/cookieCode\.js\"></script>\n<script language=\"JavaScript\">\n<!--\nfunction SetDefLanguage\(\)\n| p/Xerox Phaser 3500 http config/ d/printer/ cpe:/h:xerox:phaser_3500/a
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nServer: Ubicom/([\w._-]+)\r\n.*<title>WGA600N Wireless Gaming Adapter  :\r\n\t\t Login\r\n\t</title>|s p/Ubicom httpd/ v/$1/ i/Linksys WGA600N WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/ cpe:/h:linksys:wga600n/a
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Expires: -1\r\n.*<title>NetGear GS(\w+)</title>|s p/NetGear GS$1 switch http config/ d/switch/
match http m|^HTTP/1\.1 400 Error in MIME message\r\n$| p/Wyse Winterm 1200 LE terminal http config/ d/terminal/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Web Server\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"WebAdmin\"\r\n.*<p class=\"alert\">Web configuration is protected\.</p>\n\n<p><a href=\"Javascript:history\.go\(-1\)\">|s p/D-Link DSL2-300G http config/ d/broadband router/ cpe:/h:dlink:dsl2-300g/a
match http m|^HTTP/1\.0 200 .*<title>BPA430 Web Configuration Pages</title></head><script LANGUAGE=\"JavaScript\" src=\"menu\.js\">|s p/Packet8 BPA430 VoIP phone http config/ d/VoIP phone/ cpe:/h:packet8:bpa430/a
match http m|^HTTP/1\.0 200 Document follows\r\nServer: ADH-Web\r\n.*<meta name=\"author\" content=\"Dedicated Micros \(info@dmicros\.com\)\">|s p/ADH-Web httpd/ i/Dedicated Micros Digital Sprite 2 DVR http config/ d/media device/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"FR114W\"\r\nContent-type: text/html\r\n\r\n401 Unauthorized| p/NetGear FR114W WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Mbedthis-Appweb/([\w._-]+)\r\n.*<title>Openstage IP Phone User</title>.*<meta name='author' content='Siemens AG,|s p/Mbedthis-Appweb/ v/$1/ i/Siemens Openstage VoIP phone http config/ d/VoIP phone/ cpe:/a:mbedthis:appweb:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: Splunkd\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<response>\n  <messages>\n    <msg type=\"WARN\">Remote login disabled because you are using a free license which does not provide authentication\.|s p/Splunkd httpd/ i/free license; remote login disabled/ cpe:/a:splunk:splunk/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Splunkd\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<!--This is to override browser formatting; see server\.conf\[httpServer\] to disable\.|s p/Splunkd httpd/ cpe:/a:splunk:splunk/
match http m|^HTTP/1\.0 200 OK\r\n.*<!-- General javascripts -->.*var path='http://www\.axis\.com/cgi-bin/prodhelp\?prod=axis_([\w._-]+)&ver=([\w._-]+)&|s p/AXIS $1 print server http config/ v/$2/ d/print server/ cpe:/h:axis:$1/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServer: Indy/([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"KutinSoft Reboot Service\"\r\n| p/Indy httpd/ v/$1/ i/KutinSoft reboot service http config/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\n.*VMware Server provides a virtual machine platform, which can be managed by VMware VirtualCenter Server\.\">\r\n\r\n<title>VMware Server 2</title>|s p/VMware Server http config/ v/2/ cpe:/a:vmware:server:2/
match http m|^HTTP/1\.1 200 OK\r\n.*document\.write\(\"<title>\" \+ ID_VC_Welcome \+ \"</title>\"\);.*<meta name=\"description\" content=\"VMware VirtualCenter|s p/VMware Server http config/
match http m|^HTTP/1\.0 200 Ok\r\nServer: UI-WebServer V([\w._-]+)\r\n| p/UI-View Automatic Packet Reporting System httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Pragma: no-cache\r\n.*<!--- Page\(\d+\)=\[Login\] --->.*<TITLE>Verizon</TITLE>|s p/Verizon FIOS Actiontec http config/ d/broadband router/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n.*<!--- Page\(\d+\)=\[\] --->.*<TITLE>Management Console</TITLE>|s p/USRobotics USR8200 firewall http config/ d/firewall/ cpe:/h:usrobotics:usr8200/a
match http m|^HTTP/1\.1 200 OK\r\nServer: Synacast Media Server/([\w._-]+)\r\nConnection: close\r\n\r\n| p/Synacast Media Server http config/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: DCLK-HttpSvr\r\n| p/DoubleClick advertising httpd/
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nServer: Mono-HTTPAPI/([\w._-]+)\r\n.*<H1>Ooops!</H1><P>The page you requested has been obsconded with by knomes\. Find hippos quick!</P>|s p/Mono-HTTPAPI/ v/$1/ i/OpenSimulator http config/ cpe:/a:mono:mono:$1/
match http m|^HTTP/1\.0 404 NotFound\r\nContent-type: text/html\r\n(?:[^\r\n]+\r\n)*?Server: Tiny WebServer\r\n.*<H1>Ooops!</H1><P>The page you requested has been obsconded with by knomes\. Find hippos quick!</P><P>If you are trying to log-in, your link parameters should have: &quot;-loginpage http:///\?method=login -loginuri http:///&quot; in your link </P></BODY></HTML>|s p/C# Webserver/ i/OpenSimulator http config/ cpe:/a:gauffin_telecom:c%23_webserver/
# Based on Gauffin C# Webserver
match http m|^HTTP/1\.0 302 Redirect\r\nlocation: /login\.html\r\nDate: .*\r\nContent-Length: 0\r\nContent-Type: \r\nServer: Tiny WebServer\r\nConnection: close\r\nSet-Cookie: xsrf-token=| p/Duplicati httpserver/ cpe:/a:duplicati:httpserver/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: NetGate \r\nConnection: close\r\nContent-Type: text/html\r\n| p/AT&T NetGate VPN http config/ d/security-misc/
# Version 6.0.74
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Gateway \r\nConnection: close\r\nContent-Type: text/html\r\n| p/AT&T NetGate VPN http config/ d/security-misc/
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServer: Indy/([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"Atis Web-Server Autentica| p/Indy httpd/ v/$1/ i/Atis Surveillance camera http config/ d/webcam/ cpe:/a:indy:httpd:$1/
match http m|^HTTP/1\.0 200 KDH1_STC_OK\r\nServer: KDH/([\w_.-]+) \(([\w:]+)\)\r\n.*<title>IBM Tivoli Monitoring Service Index</title>|s p/KDH httpd/ v/$1 $2/ i/IBM Tivoli Monitoring http config/ d/remote management/
match http m|^HTTP/1\.0 401 Unauthorized\r\nMIME-Version: [\d.]+\r\nServer: SNMP Research DR-Web Agent/([\w._-]+)\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"DR-Web\"\r\n| p/SNMP Research DR-Web http config/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Winstone Servlet Engine v([\w._-]+)\r\nX-Hudson: ([\w._-]+)\r\nX-Hudson-CLI-Port: (\d+)\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: Servlet/([\w._-]+) \(Winstone/[\w._-]+\)\r\n|s p/Winstone Servlet Engine/ v/$1/ i/Hudson $2; Servlet $4; CLI port $3/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Winstone Servlet Engine v([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: Servlet/([\w._-]+) \(Winstone/[\w._-]+\)\r\n|s p/Winstone Servlet Engine/ v/$1/ i/Servlet $2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Winstone Servlet Engine v([\w._-]+)\r\n| p/Winstone Servlet Engine/ v/$1/
match http m|^HTTP/1\.0 403 Forbidden\r\nServer: Winstone Servlet Engine v([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: Servlet/([\w._-]+) \(Winstone/[\w._-]+\)\r\n|s p/Winstone Servlet Engine/ v/$1/ i/Servlet $2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nServer: SilverStream Server/([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"SilverStream\"\r\n| p/Silverstream web application management httpd/ v/$1/
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n.*<TITLE>SONY NSP-100 Main Page</TITLE>|s p/Allegro RomPager/ v/$1/ i/Sony NSP-100 network player http config/ d/media device/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 302 Not Found\r\nConnection: close\r\nLocation: /user/login\r\nAccept-Ranges: none\r\nServer: Sockso\r\n\r\n$| p/Sockso personal music player httpd/
match http m|^HTTP/1\.1 302 Not Found\r\nConnection: close\r\nLocation: /user/login\r\nServer: Sockso\r\n\r\n| p/Sockso personal music player httpd/
match http m|^HTTP/1\.1 303 See Other\r\nContent-Type: text/html\r\nContent-Length: 0\r\nLocation: https://[\d.]+:443/webvpn\.html\r\nSet-Cookie: webvpncontext=| p/Cisco WebVPN http config/
# This one must come after the one above to avoid matching IP address as hostname
match http m|^HTTP/1\.1 303 See Other\r\nContent-Type: text/html\r\nContent-Length: 0\r\nLocation: https://([\w.-]+):\d+/webvpn\.html\r\nSet-Cookie: webvpncontext=| p/Cisco WebVPN http config/ h/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nExpires: -1\r\n Cache-Control: no-cache\r\n.*<title>Contivity VPN Client</title>|s p/Contivity VPN Client httpd/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n.*<title>RemoteView</title>.*<frame name=\"menu\" src=\"Menu_main\.htm\" target=\"parent\.work\"|s p/Kguard Security DVR http config/ d/webcam/
match http m|^HTTP/1\.0 200 OK\r\n.*<title>LaCie Network Space NAS</title>.*<meta http-equiv=\"refresh\" content=\"0;url=/cgi-bin/public/login\">|s p/LaCie Network Space NAS http config/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nServer: Development/([\w._-]+) Python/([\w._-]+)\r\n| p/Google App Engine httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 200 OK\r\nServer: Development/([\w._-]+)\r\n| p/Google App Engine httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<html><head><title>APC Back-UPS HS 500\(BackUPS500\0\)</title>| p/APC Back-UPS HS 500 http config/ d/power-device/
match http m|^HTTP/1\.1 500 Internal Server Error\r\nConnection: close\r\nContent-Type: text/plain\r\nContent-Length: 16\r\n\r\nEAccessViolation$| p/TiVo Desktop Server http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 401 Not Authorized\r\nServer: RapidLogic/([\w._-]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Secure Realm\"\r\n\r\n\r\nAuthorization Required\r\n\r\n$| p/RapidLogic httpd/ v/$1/ i/3Com OfficeConnect WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 401 Not Authorized\r\nServer: RapidLogic/([\w._-]+)\r\nMIME-version: 1\.0\r\nPragma: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Secure Realm\"\r\n\r\n\r\nAuthorization Required\r\n\r\n$| p/RapidLogic httpd/ v/$1/ i/Linksys WAP55AG WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:linksys:wap55ag/a
match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\n\r\n.*<br>Ability Mail Server ([\w._-]+) by Code-Crafters<br>|s p/Code-Crafters Ability Mail Server http config/ v/$1/ o/Windows/ cpe:/a:code-crafters:ability_mail_server:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html><head><title>Available Databases - Banshee DAAP Browser</title>| p/Banshee DAAP browser httpd/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: FlashCom/([\w._-]+)\r\n.*<html><head><title>Wowza Media Server ([^<]*)</title></head>|s p/Adobe Flash Media Server/ v/$1/ i/Wowza Media Server $2/ cpe:/a:adobe:flash_media_server:$1/ cpe:/a:wowza:wowza_media_server:$SUBST(2," ","_")/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: FlashCom/([\w._-]+)\r\n.*<html><head><title>Wowza Streaming Engine ([^<]*)</title></head>|s p/Adobe Flash Media Server/ v/$1/ i/Wowza Streaming Engine $2/ cpe:/a:adobe:flash_media_server:$1/ cpe:/a:wowza:wowza_media_server:$SUBST(2," ","_")/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: FlashCom/([\w._-]+)\r\n.*<html><head><title>Wowza ([^<]*)</title></head>|s p/Adobe Flash Media Server/ v/$1/ i/Wowza $2/ cpe:/a:adobe:flash_media_server:$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: FlashCom/([\w._-]+)\r\n.*<\?xml version=\"1\.0\" encoding=\"utf-8\"\?>\n<result>\n\t<level>error</level>\n\t<code>NetConnection\.Connect\.Rejected</code>|s p/Adobe Flash Media Server/ v/$1/ cpe:/a:adobe:flash_media_server:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Length: \d+(?:\r\n)?Content-Type: text/html\r\n\r\n\r\n<html><body>This site is running <a href='http://www\.TeamViewer\.com'>TeamViewer</a>\.| p/TeamViewer httpd/ cpe:/a:teamviewer:teamviewer/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html><body>This site is running <a href='http://www\.TeamViewer\.com'>TeamViewer</a>\.| p/TeamViewer httpd/ cpe:/a:teamviewer:teamviewer/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html><body>This site is running <a href='http://www\.TeamViewer\.com'>TeamViewer</a>\.| p/TeamViewer httpd/ cpe:/a:teamviewer:teamviewer/
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nContent-Type: application/octet-stream\r\nConnection: close\r\nHTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Length: 181\r\nContent-Type: text/html\r\n\r\n<html><body>This site is running <a href='http://www\.TeamViewer\.com'>TeamViewer</a>\.| p/TeamViewer httpd/ cpe:/a:teamviewer:teamviewer/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Type: text/html\r\n\r\n.*<p>Not a recognized search path\.</p>\n<hr />\n<p><i>MWSearch on localhost</i></p>\n</body>\n</html>\r\n|s p/MediaWiki Lucene powered search httpd/
match http m|^HTTP/1\.0 500 Internal Server Error\r\nDate: \r\nServer: \r\nContent-Length: \d+ \r\nContent-Type: text/html\r\n\r\n.*<title>Error Page 500</title>|s p/ESET NOD32 anti-virus update httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 500 Internal Server Error\r\nDate: .*\r\nAccept-Ranges: none\r\nContent-Length: \d+ \r\nContent-Type: text/html\r\n\r\n.*<title>Error Page 500</title>|s p/ESET NOD32 anti-virus update httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/xml; charset=utf-8: \r\n.*<VendorName>D-Link Systems</VendorName><ModelDescription>Xtreme N GIGABIT Router</ModelDescription><ModelName>DIR-([^<]+)</ModelName><FirmwareVersion>([^<]+)</FirmwareVersion>|s p/D-Link Xtreme $1 WAP http config/ i/Firmware $2/ d/WAP/ cpe:/h:dlink:xtreme_$1/a
match http m%^HTTP/1\.0 200 OK\r\n.*<meta http-equiv="refresh" content="0; URL=/(?:cgi-bin/luci|404)" />\n</head>.*href="/cgi-bin/luci">%s p/LuCI Lua http config/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: LuCIttpd/([\d.]+)\r\n| p/LuCIttpd/ v/$1/ d/WAP/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: LuCId-HTTPd/([\d.]+)\r\n| p/LuCId-HTTPd/ v/$1/
match http m|^HTTP/1\.0 401 Not Authorised\r\nServer: Majestic-12 WebServer v([\w._-]+)\r\n| p/Majestic-12 httpd/ v/$1/
match http m|^HTTP/1\.0 405 Method not allowed: Method not allowed by server: GET\r\nDate: .*\r\nCache-Control: no-cache\r\nServer: openwbem/([\w._-]+) \(CIMOM\)\r\n| p/Openwbem CIMOM httpd/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"Network Monitor\"\r\nConnection: close\r\n\r\n<html><body><font size=\"2\"><b>You could not be authenticated by the GFI N\.S\.M\. web server\.| p/GFI Network Service Monitor http config/

match http m|^HTTP/1\.1 \d\d\d .*\r\n.*X-Powered-By: Servlet/([\w._-]+)\r\nServer: GlassFish[ /]v([\w._ -]+)\r\n| p/Sun GlassFish/ v/$2/ i/Servlet $1/ cpe:/a:sun:glassfish_server:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\w._-]+)\r\nServer: GlassFish Server Open Source Edition ([\w._ -]+)\r\n|s p/Sun GlassFish Open Source Edition/ v/$2/ i/Servlet $1/ cpe:/a:sun:glassfish_server:$2::open_source/
match http m|^HTTP/1\.1 \d\d\d .*\r\n.*X-Powered-By: Servlet/([\w._-]+) JSP/([\w._-]+) \(GlassFish Server Open Source Edition ([\w._ -]+) Java/Sun Microsystems Inc\./([\w._-]+)\)\r\n| p/Sun GlassFish Open Source Edition/ v/$3/ i/JSP $2; Servlet $1; Java $4/ cpe:/a:oracle:jsp:$2/ cpe:/a:sun:glassfish_server:$3::open_source/ cpe:/a:sun:jre:$4/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: GlassFish Server Open Source Edition ([\w._-]+)\r\nX-Powered-By: Servlet/([\w._ -]+)\r\n|s p/Sun GlassFish Open Source Edition/ v/$1/ i/Servlet $2/ cpe:/a:sun:glassfish_server:$1::open_source/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\d.]+)\r\nServer: Sun GlassFish Enterprise Server v([\w._ -]+)\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: JSF/([\d.]+)\r\n|s p/Sun GlassFish/ v/$2/ i/Servlet $1; JSF $3/ cpe:/a:sun:glassfish_server:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\d.]+)\r\nServer: Sun GlassFish Enterprise Server v([\w._ -]+)\r\n|s p/Sun GlassFish/ v/$2/ i/Servlet $1/ cpe:/a:sun:glassfish_server:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\d.]+)\r\nServer: Sun GlassFish Communications Server ([\w._ -]+)\r\n|s p/Sun GlassFish Communications Server/ v/$2/ i/Servlet $1/ cpe:/a:sun:glassfish_server:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Sun GlassFish Enterprise Server v([\d.]+)\r\nX-Powered-By: Servlet/([\d.]+)\r\n|s p/Sun GlassFish/ v/$1/ i/Servlet $2/ cpe:/a:sun:glassfish_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Sun GlassFish Enterprise Server v([\d.]+)\r\n|s p/Sun GlassFish/ v/$1/ cpe:/a:sun:glassfish_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\w._-]+) JSP/([\w._-]+) \(Oracle GlassFish Server ([\w._-]+) Java/Sun Microsystems Inc\./([\w._-]+)\)\r\n|s p/Oracle GlassFish/ v/$3/ i/Servlet $1; JSP $2; Java $4/ cpe:/a:oracle:glassfish_server:$3/ cpe:/a:oracle:jsp:$2/ cpe:/a:sun:jre:$4/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\w._-]+) JSP/([\w._-]+) \(Oracle GlassFish Server ([\w._-]+) Java/Oracle Corporation/([\w._-]+)\)\r\n|s p/Oracle GlassFish/ v/$3/ i/Servlet $1; JSP $2; Java $4/ cpe:/a:oracle:glassfish_server:$3/ cpe:/a:oracle:jre:$4/ cpe:/a:oracle:jsp:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\w._-]+) JSP/([\w._-]+) \(GlassFish Server Open Source Edition +([\w._-]+) +Java/Oracle Corporation/([\w._-]+)\)\r\n|s p/Oracle GlassFish/ v/$3/ i/Servlet $1; JSP $2; Java $4/ cpe:/a:oracle:glassfish_server:$3::open_source/ cpe:/a:oracle:jre:$4/ cpe:/a:oracle:jsp:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: GlassFish Server Open Source Edition ([\w._ -]+)\r\n|s p/Sun GlassFish Open Source Edition/ v/$1/ cpe:/a:sun:glassfish_server:$1::open_source/

match http m|^HTTP/1\.[01] 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: IndigoWebServer/([\w_.-]+)\r\n|s p/Perceptive Automation Indigo http config/ v/$1/ d/specialized/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: llink-daemon/([\w._-]+) \(build (\d+)\)\r\n| p/llink media streamer httpd/ v/$1 build $2/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<html xmlns:o=\"urn:schemas-microsoft-com:office:office\"\r\n.*<title>Now SMS</title>|s p/Now SMS http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 Ok\r\n.*<title>\r\nData Frame - Browser not HTTP 1\.1 compatible\r\n</title>.*Your browser must support HTTP 1\.1 to view iLO web pages\.|s p/HP Integrated Lights-Out http config/ d/remote management/ cpe:/h:hp:integrated_lights-out/
match http m|^HTTP/1\.0 200 Okay\r\nServer: Optenet CCOTTA ([\w._-]+)\r\nContent-Type: text/html\r\n\r\n<html><head><title>Optenet CCOTTA Status</title>| p/Optenet Mailsecure CCOTTA http config/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><head><title>Axon</title>| p/Axon VoIP Exchange virtual PBX httpd/ o/Windows/ cpe:/o:microsoft:windows/a
# Version 2.21
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><head><title>Axon - Login</title>| p/Axon VoIP Exchange virtual PBX httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: OctoWebSvr/COM\r\n|s p/SLWebMail Supervisor http config/
match http m|^HTTP/1\.1 200 OK\r\n.*<meta name=\"COPYRIGHT\" content=\"&copy; \d+ Cisco Systems\. All Rights Reserved\.\">.*<title>ACE 4710 DM - Login</title>|s p/Cisco Application Control Engine 4710 DM http config/ d/load balancer/ cpe:/a:cisco:application_control_engine_software/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: ODS/([\w._-]+)\r\n| p|Apple ODS DVD/CD Sharing Agent httpd| v/$1/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: ODS/([\w._-]+)\r\n| p|Apple ODS DVD/CD Sharing Agent httpd| v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: CompaqHTTPServer/([\w._-]+) HPE? System Management Homepage/([\d.]+) httpd/([\w.+]+)\r\n| p/CompaqHTTPServer/ v/$1/ i/HP System Management $2; httpd $3/ cpe:/a:hp:compaqhttpserver:$1/ cpe:/a:hp:system_management_homepage:$2/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: CompaqHTTPServer/([\w._-]+) HPE? System Management Homepage/([\d.]+)\r\n| p/CompaqHTTPServer/ v/$1/ i/HP System Management $2/ cpe:/a:hp:compaqhttpserver:$1/ cpe:/a:hp:system_management_homepage:$2/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: CompaqHTTPServer/([\w._-]+) HPE? System Management Homepage\r\n| p/CompaqHTTPServer/ v/$1/ i/HP System Management/ cpe:/a:hp:compaqhttpserver:$1/ cpe:/a:hp:system_management_homepage/
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"PENTAGRAM Cerberus ([^"]*)\"\r\n| p/Pentagram Cerberus $1 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 302 Document Follows\r\nLocation: http:///index\.html\r\nConnection: close\r\n\r\n| p/Crestron PRO2 automation system httpd/ d/specialized/ o/2-Series/ cpe:/o:crestron:2-series/
match http m|^HTTP/1\.1 200 Document Follows\r\n.*<META content=\"text/html; charset=windows-1252\" http-equiv=Content-Type>\n<meta NAME=\"AUTHOR\" CONTENT=\"TANDBERG ASA \(http://www\.tandberg\.net\)\">\n|s p/Tandberg 2500 video conferencing http config/ d/webcam/
match http m|^HTTP/1\.0 401 Unauthorized\r\nPragma: no-cache\r\nWWW-Authenticate: Digest realm=\"[^"]*\", domain=\"/\", nonce=\"[0-9a-f]{10}\", algorithm=\"MD5\", qop=\"auth\"\r\nWWW-Authenticate: Basic realm=\"rut-nort-vc02\"\r\nContent-Type: text/html\r\nContent-Length: 236\r\n\r\n| p/Tandberg 3000 MXP video conferencing http config/ d/webcam/
match http m|^HTTP/1\.0 200 Ok\r\nContent-Type: text/html\r\nServer: httpd\r\n.*<title>Router - Info</title>\n\n|s p/DD-WRT milli_httpd/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\n.*<title>BitTorrent Download Manager</title>\r\n|s p/BitTorrent Download Manager httpd/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: GoAhead-Webs\r\n(?:[^\r\n]+\r\n)*?Location: https?://vxtarget/esm_loginMain\.htm\r\n\r\n|s p/GoAhead WebServer/ i/Mitel 3300 PBX controller/ d/PBX/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.1 302 Redirect\r\nServer: GoAhead-Webs\r\n(?:[^\r\n]+\r\n)*?Location: https?://3100icp/esm_loginMain\.asp\r\n\r\n|s p/GoAhead WebServer/ i/Mitel 3100 PBX controller/ d/PBX/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Grandstream (\w+) ([\d.]+)\r\n|s p/Grandstream $1 http config/ v/$2/
match http m|^HTTP/1\.0 401 Login failed!\r\nServer: micro_httpd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"WRT54GX4\"\r\n|s p/micro_httpd/ i/WRT54GX4 WAP config/ d/WAP/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Server: SAP J2EE Engine/([\d.]+)\r\n|s p/SAP J2EE Engine httpd/ v/$1/ i/SAP NetWeaver/ cpe:/a:sap:j2ee_engine:$1/ cpe:/a:sap:netweaver/
match http m|^HTTP/1\.1 302 Found\r\nconnection: close\r\nlocation: http://([\w._-]+):\d+/index\.html\r\nserver: SAP J2EE Engine/([\w._-]+)\r\ndate: .*\r\n\r\n$| p/SAP J2EE Engine httpd/ v/$2/ i/SAP NetWeaver/ h/$1/ cpe:/a:sap:j2ee_engine:$2/ cpe:/a:sap:netweaver/
match http m|^HTTP/1\.0 404 Not found\r\nSet-Cookie: ARPT=\w+web-disp2-\w+; path=/\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: \d+\r\nserver: SAP NetWeaver Application Server / ABAP ([\w._-]+)\r\n| p/SAP J2EE Engine httpd/ i/SAP NetWeaver Application Server; ABAP $1/ cpe:/a:sap:j2ee_engine/ cpe:/a:sap:netweaver/
match http m|^HTTP/1\.0 404 Not found\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: \d+\r\nserver: SAP NetWeaver Application Server / ABAP ([\w._-]+)\r\n| p/SAP J2EE Engine httpd/ i/SAP NetWeaver Application Server; ABAP $1/ cpe:/a:sap:j2ee_engine/ cpe:/a:sap:netweaver/
match http m|^HTTP/1\.[01] 404 Not found\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: \d+\r\n\r\n<!DOCTYPE html PUBLIC"-//W3C//DTD HTML 4\.01Transitional//EN"><html><head><title>Logon Error Message</title>| p/SAP J2EE Engine httpd/ cpe:/a:sap:j2ee_engine/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n.*<TITLE>Versalink</TITLE>.*\"window\.location\.href = 'homeSumBS\.htm'\"|s p/RapidLogic httpd/ v/$1/ i/Westell Versalink model C90-327W30-06 WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:westell:versalink_model_c90-327w30-06/a
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n.*<TITLE>VBrick Integrated Web Server \(IWS\) Login</TITLE>|s p/RapidLogic httpd/ v/$1/ i/VBrick 4300 video encoder http config/ d/media device/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nPragma: no-cache\r\nContent-type: text/html\r\n\r\n<script language=\"javascript\">\n<!--\ntop\.location\.href=\"default\.htm\";//-->\n</script>\n\r\n$| p/RapidLogic httpd/ v/$1/ i/3Com 3CRWE454G75 WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:3com:3crwe454g75/a
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\n\r\n<html><head><meta http-equiv='Content-Type' content='text/html; charset=iso8859-1'><META http-equiv=Refresh content=\"0; URL=https://[\d.]+/\"></head><body bgcolor=#FFFFFF></body></html>\r\n$| p/RapidLogic httpd/ v/$1/ i/Netgear WAG102 WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:netgear:wag102/a
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nLocation: /main\.html\r\n\r\n\r\n$| p/RapidLogic httpd/ v/$1/ i/Sharp MX-2700N printer/ d/printer/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:sharp:mx-2700n/a
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nServer: ZING-(\d+/[\d.]+) \([0-9a-f]{32}; [\w-]+\) ([^\r\n]*)\r\n\r\n$| p/ZING httpd/ v/$1/ i/SanDisk Sansa Connect MP3 player; $2/ d/media device/
match http m|^HTTP/1\.0 503 Service Unavailable\r\nContent-Type: text/html\r\nContent-Length: 169\r\n\r\n<html><head><title>503 Service Unavailable</title></head><body><h1>503 Service Unavailable</h1><p>The service is not available\. Please try again later\.</p></body></html>$| p/Alcatel-Lucent OmniPCX PBX httpd/ d/PBX/ cpe:/a:alcatel-lucent:omnipcx/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm=\"\.\"\r\nContent-type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H4>401 Unauthorized</H4>\nAuthorization required\.\n<HR>\n</BODY></HTML>\n$| p/Alcatel-Lucent OmniPCX PBX httpd/ d/PBX/ cpe:/a:alcatel-lucent:omnipcx/
match http m|^HTTP/1\.0 301 Moved Permanently \r\nContent-Type: text/html\r\nDate: .*\r\nLocation: /fusionreactor/\r\n\r\nRedirecting, please wait\.$| p/FusionReactor web server monitor/
match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: wgt_http ([\d.]+)\r\nWWW-Authenticate: Basic realm=\"Anlage\"\r\nConnection: close\r\n$| p/wgt_http/ v/$1/ i/Eumex 704PC ADSL router/ d/broadband router/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Alvarion-Webs\r\nDate: THU JAN 01 01:04:22 1970\r\nWWW-Authenticate: Basic realm=\"Alvarion\"\r\n.*<html><head><title>Document Error: Unauthorized</title></head>\r\n\t\t<body><h2>Access Error: Unauthorized</h2>\r\n\t\t<p>Access to this document requires a User ID</p></body></html>\r\n\r\n$|s p/Alvarion-Webs/ i/Alvarion BreezeMAX WiMAX WAP http config/ d/WAP/
match http m|^HTTP/1\.0 400 Bad Request\r\nPragma: no-cache\r\nContent-type: text/html\r\n\r\n<html>\n  <head>\n  <title>400 Bad Request !!!</title>| p/DrayTek Vigor ADSL router httpd/ d/broadband router/
match http m|^HTTP/1\.0 200 ;OK\r\nServer: \?\?\?\?\?\?\?\?\?\?\?\?\?\?\r\nContent-Type: text/html\r\nConnection: Close\r\n\r\n<HTML>\n<TITLE>Jacarta interSeptor\n</TITLE>| p/Jacarta interSeptor environmental monitor http/ d/specialized/
match http m|^HTTP/1\.0 302 Document Follows\r\nLocation: http:///index\.htm\r\nConnection: close\r\n\r\n| p/Dell PowerVault TL4000 http config/ d/storage-misc/
match http m|^HTTP/1\.0 302 Found\r\nConnection: close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: -1\r\nLocation: https?://[\d.]+/login\.htm\r\n\r\n.*Click <a href=\"https?://[\d.]+/login\.htm\">Here</a> to proceed\.\n|s p/3Com Baseline Switch 2948-SFP Plus web config/ d/switch/
match http m|^HTTP/1\.0 401 Unauthorized\.\r\nWWW-Authenticate: Basic realm=\"GAI-Tronics\"\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized\.</TITLE>\r\n</HEAD><BODY>\r\n<H1>401 Unauthorized</H1>The requested URL / requires authorization\.<P>\r\n<HR>\r\n</BODY></HTML>\r\n$| p/GAI-Tronics Commander VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nServer: HBHTTP POGOPLUG - ([\d.]+) - Linux\r\nDate: .*\r\n\r\n$| p/HBHTTP/ v/$1/ i/Pogoplug NAS device/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 500 Server Error\r\nContent-Length: 0\r\nServer: HBHTTP POGOPRO - ([\w._-]+) - Linux\r\nDate: .*\r\nConnection: close\r\n\r\n$| p/HBHTTP/ v/$1/ i/Pogoplug Pro NAS device/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 500 Server Error\r\nContent-Length: 0\r\nServer: HBHTTP DISCOVERY - (\d[\w._-]+) - Linux\r\n| p/HBHTTP/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nExpires: Thu, 26 Oct 1995 00:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\d.]+)\r\n.*<title>Emerson Network Power IntelliSlot Web/(\d+) Card</title>|s p/Allegro RomPager/ v/$1/ i|Emerson Network Power IntelliSlot Web/$2 card| d/power-device/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w.]+)/?\r\nConnection: close\r\nContent-Length: 0\r\n\r\n|s p/VMware Server 2 http config/ h/$1/ cpe:/a:vmware:server:2/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nServer: WindWeb/([\d.]+)\r\nDate: .*\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"HP\"\r\n.*<script language=\"JavaScript\" src=\"/js/module_utils\.js\"></script>\r\n<script language=\"JavaScript\" src=\"/js/branding_utils\.js\">|s p/WindWeb/ v/$1/ i/HP E1200 storage http config/ d/storage-misc/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 200 OK\nServer: Dave Solin's Web Daemon v\. ([\d.]+)\n.*window\.location = '/servlets/com\.marimba\.servlets\.TunerAdmin';\r\n|s p/Dave Solin's Web Daemon/ v/$1/ i/BMC HTTP service/
# Date in fingerprint was "\xd0\xa4\xaf\*\$\x99@".
match http m|^HTTP/1\.0 200 Output Follows\nServer: Apache Embedded Server\nDate: .......\n.*<title>NewCS Management Console\.\.</title>|s p/NewCS satellite card sharing system http config/ d/media device/
match http m|^HTTP/1\.0 200 Output Follows\nServer: Apache Embedded Server\nDate: \nConnection: close\nContent-Type: text/html\n\n<html>\r\n<head>\r\n<title>NewCS Management Console\.\.</title>|s p/NewCS satellite card sharing system http config/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\n.*<TITLE>CCcam info pages</TITLE><BODY><H2>Welcome to CCcam ([\d.]+) server </H2>|s p/CCcam card sharing system http config/ v/$1/
match http m|^HTTP/1\.1 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"CCcam Server\"\r\n.*<TITLE>CCcam info pages</TITLE>|s p/CCcam card sharing system http config/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: MacHTTP/([\d.]+)\r\n|s p/MacHTTP/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Wub ([\d.]+)\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0\r\nexpires: Sun, 01 Jul 2005 00:00:00 GMT\r\n| p/Wub/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n.*<TITLE></TITLE>\r\n.*<meta http-equiv=\"refresh\" content=\"0; URL=/wcd/js_error\.xml\">\r\n|s p/Konica Minolta PageScope Web Connection httpd/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: sw-cp-server/([\d.]+)\r\n.*<script language=\"javascript\" type=\"text/javascript\" src=\"/javascript/common\.js\?plesk_version=([\w.-]+)\"/>|s p/sw-cp-server httpd/ v/$1/ i/Parallels Plesk WebAdmin version $2/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: sw-cp-server\r\n.*<script language=\"javascript\" type=\"text/javascript\" src=\"/javascript/common\.js\?plesk_version=([\w._-]+)\"/>|s p/sw-cp-server httpd/ i/Parallels Plesk WebAdmin version $1/
match http m|^HTTP/1\.0 500 Internal Server Error\r\nConnection: close\r\nX-UA-Compatible: IE=EmulateIE7\r\n(?:[^\r\n]+\r\n)*?P3P: CP=\"NON COR CURa ADMa OUR NOR UNI COM NAV STA\"\r\n(?:[^\r\n]+\r\n)*?Server: sw-cp-server\r\n|s p/sw-cp-server httpd/ i/Parallels Plesk WebAdmin/
match http m|^HTTP/1\.1 200 OK\r\nServer: Web Server\r\n X-UA-Compatible: IE=EmulateIE7\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n.*<title>Switch</title>|s p/Cisco SG200 switch http admin/ d/switch/ cpe:/h:cisco:sg200/
match http m|^HTTP/1\.0 200 OK\r\n.*<title>Web-Thermograph</title>\r\n|s p/W&T Web-Thermograph http config/ i|firmware 1.50/1.30| d/specialized/
match http m|^HTTP/1\.0 200 OK\r\n.*<title>Web-Thermograph NTC, 10/100BT, 12-24V</title>\r\n|s p/W&T Web-Thermograph NTC http config/ i/firmware 1.53/ d/specialized/
match http m|^HTTP/1\.1 200 OK\r\nStatus:200 OK\r\n(?:[^\r\n]+\r\n)*?Server: RMC Webserver ([\d.]+)\r\n.*<TITLE>VTM</TITLE>|s p/RMC Webserver/ v/$1/ i/Stratus ftServer VTM/ d/remote management/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"ActiontecBHR\"| p/Actiontec TR069 remote access/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: RemoteSupportManager/([\d.]+)\r\n.*<title>Remote Support Manager</title>|s p/RemoteSupportManager/ v/$1/ i/n-able remote management/
match http m|^HTTP/1\.1 200 OK\r\n.*location\.href=\"DE1100u\.html\";\r\n|s p/Ricoh Aficio MP C4000 http config/ d/printer/ cpe:/h:ricoh:aficio_mp_c4000/a
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Server: Vernier/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Location: https://[\d.]+:447/\r\n|s p/Vernier Networks Access Manager http config/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\n\n<html>\r\n<head>\r\n<title></title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1252\">\r\n<style type=\"text/css\">\r\n<!--\r\n\.leftLink {|s p/Belkin F5D76324 WAP http config/ d/WAP/ cpe:/h:belkin:f5d76324/a
match http m|^HTTP/1\.1  200 OK\r\nConnection: close\r\nContent-Type: text/xml; charset=utf-8\r\n\r\n.*<p:ModelDescription>SMC ([\w-]+)</p:ModelDescription>.*<p:FirmwareVersion>([\d., ]+)</p:FirmwareVersion>| p/SMC $1 WAP http config/ i/firmware version $2/ cpe:/h:smc:$1/a
match http m|^HTTP/1\.1 200 OK\r?\nContent-type: text/html; charset=utf-8\r\nServer: WebCit ([\d.]+) / Citadel ([\d.]+)\n| p/WebCit/ v/$1/ i/Citadel $2/ cpe:/a:citadel:ux:$2/ cpe:/a:citadel:webcit:$1/
match http m|^HTTP/1\.1 200 OK\nContent-type: text/html; charset=utf-8\r\nServer: WebCit v([\d.]+) / \n| p/WebCit/ v/$1/ i/Citadel/ cpe:/a:citadel:ux/ cpe:/a:citadel:webcit:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nDate: .*\r\nServer: HTTP/1\.1 compliant\r\n.*<!--\n \*\n \* File: index\.html\n \*\n \* Rajat Hingad rhingad@cisco\.com\n \*\n \* Copyright \(c\) 2001, 2002, 2003, 2004 by Cisco Systems, Inc\.\n \* All rights reserved\.\n \*\n \* This file calls the idm\.jnlp of the PDM\.\n \*\n \*-->\n\n<html>\n<head>\n <meta http-equiv=\"Refresh\" content=\"1; URL=idm/index\.html\">\n</head>\n$|s p/Cisco IPS Device Manager (IDM)/ d/security-misc/
match http m|^HTTP/1\.0  401 Unauthorized \r\nContent-type: text/html \r\nWWW-Authenticate: Basic realm=\"ULTAMUS RAID manager\"\r\n\r\n| p/Overland Storage Ultamus RAID manager/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html(?:; charset=UTF-8)?\r\n\r\n.*background:url\(data:image/gif;base64,R0lGODdhAQAeAIQeAJub/5yc/6Cf/6Oj/6am/6qq/66u/7Gx/7S0/7i4/7u8/7\+//8LD/8bG/8nK/83N/9HQ/9TU/9fX/9va/97e/\+Lh/\+Xl/\+no/\+3t//Dw//Pz//b3//v7//7\+/////////ywAAAAAAQAeAAAFGCAQCANRGAeSKAvTOA8USRNVWReWaRvXhQA7\)|s p/streamdev VDR plugin/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Tntnet/([\w._-]+)\r\n.*<title>VDR-Live - Anmelden</title>|s p/Tntnet/ v/$1/ i/LIVE VDR http config/ cpe:/a:tntnet:tntnet:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Conexant-EmWeb/R([\d_]+)\r\n| p/Conexant-EmWeb/ v/$SUBST(1,"_",".")/ cpe:/a:conexant:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 200 OK\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n<title>Login</title>\n.*<font class=tdBigTitle>Connect to 192\.168\.0\.200</font>\n|s p/D-Link DGS-1224T switch http config/ d/switch/ cpe:/h:dlink:dgs-1224t/a
match http m|^HTTP/1\.1 200 OK\r\n.*<meta name=\"Author\" content=\"FireBrick Ltd\">\n<meta name=\"Description\" content=\"FireBrick (\d+) Control pages\">|s p/FireBrick $1 firewall http config/ d/firewall/ cpe:/h:firebrick:$1/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Date: Wed, 31 Dec 1969 15:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Wed, 31 Dec 1969 15:00:00 GMT\r\n.*<title>PROJECTOR NETWORK SETTINGS</title>.*<!--\nvar mac=\"([0-9A-F]{12})\";\n.*var vMdl=\"(\w+)_Series\";\nvar vVer=\"([\d.]+)\";|s p/NEC $2 series projector http config/ i/firmware version $3; MAC $1/ d/media device/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: EdgePrism/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Connection: close\r\n\r\n\n\n|s p/EdgePrism/ v/$1/ i/Limelight Networks Content Delivery Network/
match http m|^HTTP/1\.1 200 Ok\r\nServer: micro_httpd\r\n.*<TITLE>DSL-(\w+)</TITLE>.*var hostname = \"([\w_.-]+)\";\r\nvar FWTmp = \"(V[\w.]+)\"\.split\(\"_\"\);|s p/micro_httpd/ i/D-Link DSL-$1 ADSL router http config; firmware $3/ d/broadband router/ h/$2/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 200 OK\r\ndate: .*\r\ncontent-type: text/html\r\nconnection: close\r\nserver: Lenel Embedded Web Server/([\d.]+)\r\n\r\n| p/Lenel Embedded Web Server/ v/$1/ i/OnGuard 2008 security system management/ d/security-misc/ cpe:/a:lenel:embedded_web_server:$1/
match http m|^HTTP/1\.0 200 OK\r\ncontent-type: text/html\r\nconnection: close\r\nserver: Lenel Embedded Web Server/([\d.]+)\r\ndate: .*\r\n\r\n| p/Lenel Embedded Web Server/ v/$1/ cpe:/a:lenel:embedded_web_server:$1/
match http m|^HTTP/1\.1 200 Document follows\r\nConnection: Close\r\nServer: Micro-Web\r\nContent-type: text/html\r\nLast-modified: .*\r\nContent-length: 476\r\n\r\n$| p/Micro-Web/ i|Symantec Firewall/VPN 200| d/firewall/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: \r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"System\"\r\n.*<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY><H1>401 Unauthorized</H1>\nYour client does not have permission to get URL / from this server\.\n</BODY></HTML>\n$|s p/Edgewater Networks Edgemarc 4562 VoIP gateway web config/ d/VoIP adapter/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"server\r\n.*<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY><H1>401 Unauthorized</H1>\nYour client does not have permission to get URL / from this server\.\n</BODY></HTML>\n$|s p/DVR Systems webcam http interface/ d/webcam/
match http m|^HTTP/1\.1 204 No Content\nServer: PRS\nDate: .*\n\n$| p/Alcatel-Lucent OmniTouch Unified Communication VoIP gateway/ d/PBX/
match http m|^<html>\n<title>USRobotics 10/100/1000 Mbps 48-Port Smart Switch Login</title>.*<td>&nbsp; System Name\n<td>&nbsp; ([\w-]+)\n.*<td>&nbsp; Location Name\n<td>&nbsp; ([\w -]+)\n|s p/USRobotics USR997748 switch http config/ i/location: $2/ h/$1/ cpe:/h:usrobotics:usr997748/a
match http m|^HTTP/1\.1 401 Authorization Required\nDate: .*\r\nWWW-Authenticate: Basic realm=\"AddPac\"\nContent-Length: 72\n\n<HTML><BODY>You must be authenticated to use this service</BODY></HTML>\n$| p/AddPac AP200B VoIP gateway http config/ d/VoIP adapter/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: NAShttpd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Default ([\w._-]+:[\w._-]+)\"\r\n|s p/NAShttpd/ i/default login: $1/
match http m|^HTTP/1\.1 200 OK\r\n.*if \(needToConfirm\) {\r\n return \"Leaving this page will end the remote help session\";\r\n} else {\r\nneedToConfirm = true;\r\n}\r\n}\r\n</script>|s p/SimpleHelp remote desktop httpd/
match http m|^HTTP/1\.0 302 Object Moved\r\n(?:[^\r\n]+\r\n)*?Location: /\+CSCOE\+/logon\.html\r\nSet-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure\r\n|s p/Cisco ASA firewall http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure\r\nSet-Cookie: webvpn=;.*/\+CSCOE\+/logon\.html|s p/Cisco ASA firewall http config/ d/firewall/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\n(?:[^\r\n]+\r\n)*?Server: Mbedthis-Appweb/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: _appwebSessionId_=|s p/Mbedthis-Appweb/ v/$1/ i/Iomega StorCenter ix2 NAS device/ d/storage-misc/ cpe:/a:mbedthis:appweb:$1/ cpe:/h:iomega:storcenter_ix2/a
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Type: text/html\r\nLocation: /EnterpriseController\r\n| p/GoogleMini search appliance httpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Huawei SmartAX (\w+)\"\r\n|s p/micro_httpd/ i/Huawei SmartAX $1 ADSL router http config/ d/broadband router/ cpe:/a:acme:micro_httpd/ cpe:/h:huawei:smartax_$1/a
match http m|^HTTP/1\.0 200 OK Content-type: text/html\r\n\r\n.*<H2>57066 Minolta Network Configuration Sheet 1 of 2\n\n</H2>.*Serial Number: *(\d+)\n.*Ethernet Address: *([0-9A-F.]+).*F/W Version: *([\w.]+ \(\w+\)).*Print Server Name: *([\w_.-]+)|s p/Minolta PagePro 20 printer http config/ i/serial number: $1, MAC: $2, firmware $3/ d/printer/ h/$4/ cpe:/h:minolta:pagepro_20/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(DCS-\w+)\"\r\n(?:[^\r\n]+\r\n)*?Server: WIC-2300\r\n|s p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(DCS-\w+)\"\r\n(?:[^\r\n]+\r\n)*?Server: DCS-\w+\r\n|s p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: BASIC realm=(DCS-\w+)\r\n\r\nPassword Error\. $| p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/
match http m|^HTTP/1\.0 400 bad url /\r\nServer: TinyHTTPProxy/([\d.]+) ([^\r\n]+)\r\n| p/TinyHTTPProxy/ v/$1/ i/$2/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-store\r\nExpires: -1\r\n.*<script src=\"/dana-na/css/ds\.js\"></script>|s p/Juniper SA2000 or SA4000 VPN gateway http config/ d/security-misc/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-store\r\nExpires: -1\r\n.*by Pulse Secure, LLC\..*<script src=\"/dana-na/css/ds_[a-f0-9]+\.js\"></script>|s p/Pulse Secure VPN gateway http config/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<html xml:lang=\"en\" xmlns=\"http://www\.w3\.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\r\n<title>FMS : Freenet Message System</title>| p/Freenet Message System web client/
match http m|^HTTP/1\.1 400 Bad Request\r\n(?:[^\r\n]+\r\n)*?Server: Profense\r\n|s p/Profense web application firewall/ d/firewall/
match http m|^HTTP/1\.0 200 Ok\r\nServer: NET-DK/([\d.]+)\r\n.*<title>Touchstone Status</title>|s p/NET-DK/ v/$1/ i/Arris Touchstone TM702B VoIP modem/ d/VoIP adapter/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: MediaBox HTTPd Server/([\d.]+) \(Unix\)\r\n|s p/MediaBox HTTPd Server/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 200 OK\r\nServer: cab/([\d.]+) \(([^)]+)\)\r\n.*<TITLE>cab AdminApplet</TITLE>|s p/cab/ v/$1/ i/AdminApplet $2/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n\r\n<head><meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\" /><title>Everything</title>| p/voidtools Everything search engine httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: sessionId=.*<HTML>\n<HEAD>\n\n<TITLE>Cisco Systems Login</TITLE>\n|s p/Cisco 4400 wireless LAN controller httpd/ d/remote management/
match http m|^HTTP/1\.0 200 OK\r\n.*<title>:: ThinStation ::</title>.*<h2>Thinstation ([\w._-]+) on ([\w._-]+) :: Main page</h2>|s p/ThinStation http admin/ v/$1/ o/Linux/ h/$2/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"ADSL Router \(ANNEX B\)\"\r\n.*<meta HTTP-EQUIV=\"Expires\" CONTENT=\"Mon, 06 Jan 1990 00:00:01 GMT\">.*<meta name=\"description\" content=\"806GA M 2073\">|s p/Allnet ALL0277DSL ADSL router http config/ d/broadband router/ cpe:/h:allnet:all0277dsl/a
match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w._-]+)/\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 56\r\n\r\n<HTML><BODY><H1>301 Moved Permanently</H1></BODY></HTML>$| p/VMware ESXi Server httpd/ h/$1/ cpe:/o:vmware:esxi/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"PCS-1 Web Control\"\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\d.]+)\r\n|s p/Allegro RomPager/ v/$1/ i/Sony PCS-1 video conferencing http config/ d/webcam/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Ubicom/([\d.]+)\r\n.*<title>D-Link Gaming Router :\r\n\t\t Login\r\n\t</title>|s p/Ubicom/ v/$1/ i/D-Link DGL-4500 WAP http config/ d/WAP/ cpe:/h:dlink:dgl-4500/a
match http m|^HTTP/1\.1 307 Temporary Redirect\r\nConnection: keep-alive,close\r\n(?:[^\r\n]+\r\n)*?Location: http://([\w._-]+)/servlet/StartServlet\r\nServer: PEWG/([\d.]+)\r\n|s p/PEWG/ v/$2/ i/OCE print server/ d/print server/ h/$1/
match http m|^HTTP/1\.1 401 Authorization Required\r\n.*www-authenticate:Basic realm=\"(\w+)v(\d+)POE \(([0-9A-F]{12})\)\"\r\n|s p/InterTel $1 VoIP phone http config/ i/firmware $2; MAC $3/ d/VoIP phone/
match http m|^HTTP/1\.1 401 Authorization Required\r\n.*www-authenticate:Basic realm=\"(\d+)i \(([0-9A-F]{12})\)\"\r\n|s p/InterTel $1 VoIP phone http config/ i/MAC $2/
match http m|^HTTP/1\.1 401 Authorization Required\r\n.*www-authenticate:Basic realm=\"IP Resource Card \(IPRC\)\(id=[0-9A-F]+\)\"\r\n|s p/InterTel IPRC VoIP management card/ d/PBX/
match http m|^HTTP/1\.1 200 OK\r\n.*<title>Ethernetov\xfd teplom\xecr TME od Papouch s\.r\.o\.</title>|s p/Papouch TME Ethernet thermometer http interface/
match http m|^HTTP/1\.1 200 OK\r\nServer: SMC Internet Update Manager\r\nConnection: Keep-Alive\r\nContent-Type: text\r\nDate: .*\r\nContent-Length: 61\r\n\r\n<HTML>Avira Internet Update Manager ist betriebsbereit</HTML>$| p/Avira SMC Internet Update Manager/
match http m|^HTTP/1\.1 200 OK\r\nServer: Avira Update Manager\r\nConnection: Keep-Alive\r\nContent-Type: text\r\nDate: .*\r\nContent-Length: 52\r\n\r\n<HTML>Avira Update Manager ist betriebsbereit</HTML>| p/Avira Update Manager/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w._-]+)/\r\nConnection: close\r\nContent-Length: 0\r\n\r\n$| p/VMware ESX 3.5 Server httpd/ h/$1/ cpe:/o:vmware:esx:3.5/
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\n.*<SCRIPT language=Javascript src=\"language_us\.js\"></SCRIPT>.*<SCRIPT>assign_var\(\);</SCRIPT>.*<SCRIPT language=JavaScript src=\"showMenu\.js\"></SCRIPT>.*<SCRIPT>|s p/DD-WRT milli_httpd/ i/Belkin F5D8235-4 WAP http config/ d/WAP/ cpe:/h:belkin:f5d8235-4/a
match http m|^HTTP/1\.1 200 OK\r\n.*<title>MiFi(\d+) Mobile Hotspot</title><meta name=description content=Sprint020>|s p/Novatel MiFi $1 WAP http config/ d/WAP/ cpe:/h:novatel:mifi_$1/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Connection: keep-Alive\r\n.*<meta name=description content=VZ018>|s p/Verizon MiFi 2200 E7C5 WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Connection: close\r\n.*<meta name=description content=VZ025>|s p/Verizon MiFi 4510L WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: fec/([\w._-]+) \(([^)]+)\)\r\n.*<TITLE>Funkwerk (\w+)-TTextil - Home Page</TITLE>|s p/fec/ v/$1/ i/Funkwerk bintec $3 router; $2/ d/router/ cpe:/h:funkwerk:bintec_$3/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: fec/([\w._-]+) \(([^)]+)\)\r\n.*<title> Configuration </title>\n</head>\n<body onload=\"location\.href='/esi/795104/esi\.cgi\?page=status-index\.xml';\">|s p/fec/ v/$1/ i/Funkwerk bintec RS230a router; $2/ d/router/ cpe:/h:funkwerk:bintec_rs230a/a
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nServer: fec/([\w._-]+) \(([^)]+)\)\r\n(?:[^\r\n]+\r\n)*?Content-Length: 162\r\n.*<title> Configuration </title>\n</head>\n<body onload=\"location\.href='/esi/787100/esi\.cgi\?page=status-index\.xml';\">|s p/fec/ v/$1/ i/Funkwerk bintec R232B router; $2/ d/router/ cpe:/h:funkwerk:bintec_r232b/a
match http m|^HTTP/1\.1 200 OK\n.*<TITLE>IOGEAR MF Print Server</TITLE>|s p/IOGear GMFPSU22W6 print server http config/ d/print server/ cpe:/h:iogear:gmfpsu22w6/a
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: httpd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"DD-WRT\"\r\n|s p/DD-WRT milli_httpd/
match http m|^HTTP/1\.0 401 Bad Request\r\n(?:[^\r\n]+\r\n)*?Server: httpd\r\n.*<H4>401 Bad Request</H4>\nCan't use wireless interface to access GUI\.\n</BODY></HTML>\n$|s p/DD-WRT milli_httpd/
match http m|^HTTP/1\.0 302 Look here\r\nLocation: /rom/default\.html\r\nContent-Length: 0\r\n\r\n$| p/Intermec P4i label printer http config/ d/printer/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nDate: .*\d\r\nServer: quark-([\w._-]+)\r\n| p/quark/ v/$1/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: GoAhead-Webs\r\n(?:[^\r\n]+\r\n)*?Location: http://([\w._-]+)/login\.asp\r\n|s p/GoAhead WebServer/ i/Sonitrol building access control system http config/ h/$1/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.1 400 Bad Request\r\n.*<P>Your request can't be recognized by Tvants Broadcast Server\. Please visit <A href=\"http://www\.tvants\.com/\">www\.tvants\.com</A> for more information\.</P>|s p/Tvants Broadcast Server httpd/ d/media device/
match http m|^HTTP/1\.0 404 Not Found\r\nSERVER: corega ([\w-]+)\r\nCONTENT-LENGTH: 48\r\nCONTENT-TYPE: text/html\r\n\r\n<html><body><h1>404 Not Found</h1></body></html>$| p/Corega $1 router http config/ d/router/
match http m|^HTTP/1\.0 200 Failed to find service name in request URI and no default service available\r\n.*x-trapeze-fault-response: y\r\n(?:[^\r\n]+\r\n)*?Server: Trapeze-Srv/([\d.]+)\r\n.*<SOAP-ENV:Fault rowsetMode=\"struct\" xmlns=\"http://www\.trapezegroup\.com/\"><faultcode tcftype='10'>SOAP-ENV:Client</faultcode><faultstring tcftype='10'>Failed to find service name in request URI and no default service available</faultstring><detail tcftype='10'></detail></SOAP-ENV:Fault>|s p/Trapeze-Srv/ v/$1/ i/Trapeze Mobile Data Terminal SOAP over HTTP/
match http m|^HTTP/1\.0 401 Default login not authorized to perform this action\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"/INOVAS/NovusDFM-trunk-[\w-]+/Config/([\w_.-]+)\"\r\n(?:[^\r\n]+\r\n)*?Server: Trapeze-Srv/([\d.]+)\r\n|s p/Trapeze-Srv/ v/$2/ i/Trapeze NOVUS http config/ h/$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Trapeze-Srv/([\d.]+)\r\n.*<TITLE>Trapeze Service Shell response</TITLE>|s p/Trapeze-Srv/ v/$1/ i/Trapeze Service Shell/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Trapeze-Srv/([\d.]+)\r\n|s p/Trapeze-Srv/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?server: httpd\.js\r\n.*<title>Songbird WebRemote</title>|s p/httpd.js/ i/Songbird WebRemote/
match http m|^HTTP/1\.0 302 Temporary moved\r\nContent-Length: 0\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nConnection: Close\r\nDate: .*\r\n(?:X-Frame-Options: SAMEORIGIN\r\n)?Location: https:///\r\n\r\n| p/Cisco ASA firewall http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\nServer: Baby Web Server\r\n| p/Baby Web Server/ o/Windows/ cpe:/o:microsoft:windows/a
# BAIDA by Yandex (yandex.ru).
match http m|^HTTP/1\.1 \d\d\d [^\r\n]*\r\n(?:[^\r\n]+\r\n)*?Server: BAIDA/([\w._-]+)\r\n|s p/BAIDA/ v/$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: httpd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"([^"]+)\"\r\n|s p/DD-WRT milli_httpd/ h/$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: httpd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"\"\r\n|s p/DD-WRT milli_httpd/
match http m|^HTTP/1\.0 200 OK\r\n.*<!--- Page\(\d+\)=\[Line Settings\] --->.*<TITLE>Console Alice Access Gateway</TITLE>|s p/Alice Gate 2 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: alice_cookie_session_id=\d+; path=/;\r\n.*<!--- Page\(\d+\)=\[Modem Alice\] --->.*<TITLE>Alice Gate VOIP 2 plus Wi-Fi - Modem Alice</TITLE>|s p/Alice Gate VoIP 2 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: alice_cookie_session_id=\d+; path=/;\r\n.*<!--- Page\(9001\)=\[Stato Modem\] --->.*<TITLE>Alice Gate VOIP 2 plus Wi-Fi - Stato Modem</TITLE>|s p/Alice Gate VoIP 2 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: cookie_session_id_0=\d+; path=/;\r\n.*<!--- Page\(\d+\)=\[\] --->.*<TITLE>Alice Gate 2 [Pp]lus - Stato [Mm]odem</TITLE>|s p/Alice Gate 2 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 401 Unauthorized\r\nPragma: no-cache\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Demo9\"\r\nContent-Type: text/html\r\nContent-Length: 236\r\n\r\n|s p/Tandberg codec T150 http config/ d/VoIP phone/ cpe:/h:tandberg:codec_t150/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: OTDAV/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Www-Authenticate: Digest realm=\"Olive Toast WebDAVServer\"|s p/Olive Toast WebDAVServer/ v/$1/ i/OTDAV; iPhone/ d/phone/
match http m|^HTTP/1\.0 302 Moved\r\nServer: HASP LM/([\w._-]+)\r\nDate: .*\r\nLocation: /_int_/index\.html\r\nContent-[Tt]ype: text/html\r\nContent-[Ll]ength: 106\r\n| p|Aladdin/SafeNet HASP license manager| v/$1/ o/Windows/ cpe:/a:safenet-inc:hasp_license_manager:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 403 Forbidden\r\nServer: HASP LM/([\w._-]+)\r\nDate: .*\r\nContent-[Tt]ype: text/html\r\nContent-[Ll]ength: 137\r\n\r\n<title>403 Forbidden</title>\n<h1>403 Forbidden</h1>\nAccess to this resource has been denied to you\.\n<p>Please contact the administrator\.\n$| p|Aladdin/SafeNet HASP license manager| v/$1/ o/Windows/ cpe:/a:safenet-inc:hasp_license_manager:$1/ cpe:/o:microsoft:windows/a
match http m|^HTT/1\.0 401 Not Authorized\r\nServer: HASP LM/([\w._-]+)\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"HASP License Manager\"\r\nContent-type: text/html\r\nContent-length: 151\r\n\r\n<title>401 Not Authorized</title>\n<h1>401 Not Authorized</h1>\nYou need proper authorization to use this resource\.\n<p>Please contact the administrator\.\n$| p/Sentinel HASP license manager/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 400 Bad Request\nDate: .*\nServer: HASP Server/([\d.]+) \(MSWin32\)\nContent-Length: 95\nConnection: close\nContent-Type: text/html\n\n<HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H2>400 - Bad Request</H2></BODY></HTML>$| p/Aladdin HASP license manager/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: Mbedthis-Appweb/([\d.]+)\r\nDate: .*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-length: 130\r\n\r\n<HTML><HEAD><TITLE>Document Error: Bad Request</TITLE></HEAD>\r\n<BODY><H2>Access Error: 400 -- Bad Request</H2>\r\n</BODY></HTML>\r\n\r\n$| p/Mbedthis-Appweb/ v/$1/ i/Dell iDRAC6 http config/ d/remote management/ cpe:/a:mbedthis:appweb:$1/ cpe:/h:dell:idrac6/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: httpd\r\nDate: .*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-length: 130\r\n\r\n<HTML><HEAD><TITLE>Document Error: Bad Request</TITLE></HEAD>\r\n<BODY><H2>Access Error: 400 -- Bad Request</H2>\r\n</BODY></HTML>\r\n\r\n$| p/Mbedthis-Appweb/ i/Dell iDRAC6 http config/ d/remote management/ cpe:/a:mbedthis:appweb/ cpe:/h:dell:idrac6/
match http m|^RTSP/1\.0 400 Bad Request\r\nServer: \r\nDate: .*\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60, max=2000\r\nContent-Type: text/html\r\nContent-length: 130\r\n\r\n<HTML><HEAD><TITLE>Document Error: Bad Request</TITLE></HEAD>\r\n<BODY><H2>Access Error: 400 -- Bad Request</H2>\r\n</BODY></HTML>\r\n\r\n$| p/Mbedthis-Appweb/ i/Thomson Technicolor broadband router http admin/ d/broadband router/ cpe:/a:mbedthis:appweb/
match http m|^HTTP/1\.0 301 Moved Permanently\r\n(?:[^\r\n]+\r\n)*?Server: Mbedthis-Appweb/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Location: https://:443/start\.html\r\n\r\n$|s p/Mbedthis-Appweb/ v/$1/ i/Dell iDRAC6 http config/ d/remote management/ cpe:/a:mbedthis:appweb:$1/ cpe:/h:dell:idrac6/
match http m|^HTTP/1\.1 200 Ok\r\nServer: micro_httpd\r\n.*<TITLE>Verizon</TITLE>.*<SCRIPT>\nfunction fnGo\(\)|s p/micro_httpd/ i/Actiontec GT704-WGB ADSL WAP http config/ d/WAP/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 200 Ok\r\nServer: micro_httpd\r\n.*<title>Linksys Cable Modem : Status : Modem</title>|s p/micro_httpd/ i/Linksys BEFCMU10 cable modem http config/ d/broadband router/ cpe:/a:acme:micro_httpd/ cpe:/h:linksys:befcmu10/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Netgear\"\r\nConnection: close\r\nPragma: no-cache\r\n\r\n<html><head><title>401 Unauthorized</title>.*<form name=\"RgAuthentication\" action=\"/goform/RgAuthentication\" method=\"POST\">|s p/Netgear CVG834G cable modem http config/ d/broadband router/ cpe:/h:netgear:cvg834g/a
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nConnection: close\r\n\r\n.*<title>Hollis</title>.*<td id=b>Indoor</td><td id=c bgcolor=green>([\d.]+)</td><td id=b>&deg;F</td></tr><tr><td id=b>Indoor Set Temp\.</td><td id=c><input type=text name=setTemp size=10 maxlength=10 value=([\d.]+)></td><td id=b>&deg;F&nbsp;<input type=submit name=7 value=\"Apply\"></td></tr><tr><td id=b>Outdoor temp</td><td id=c bgcolor=green>([\d.]+)</td><td id=b>&deg;F</td></tr></table></form></body></html>$| p/ControlByWeb httpd/ i/Temperature (F): indoor $1 (set to $2), outdoor $3/ d/specialized/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 26 Oct 1995 00:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?Server: IPC@CHIP\r\n.*<TITLE>IPC@CHIP&reg; Main Page</TITLE>|s p/Beck IPC@CHIP embedded httpd/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: IPC@CHIP\r\n.*<title>Start</title>|s p/Beck IPC@CHIP embedded httpd/ i/SolarLog 200 power monitor httpd/ d/power-misc/ cpe:/h:solarlog:200/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Z-World Rabbit\r\n.*<TITLE>EC3 332 \(Rev\. (\d+)\) Web Configuration and Monitoring</TITLE>|s p/Z-World Rabbit microcontroller httpd/ i/Emerson EC3 332 coldroom controller rev. $1/ d/specialized/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Z-World Rabbit\r\n.*<title>(CPON-[\w._-]+)</title>|s p/Z-World Rabbit microcontroller httpd/ i/Advanced Media Technologies $1 optical TV node/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nServer: http server/everfocus\r\n.*<meta http-equiv=\"refresh\" content=\"0;url=/login\.html\?1600&1\">|s p/Everfocus webcam http config/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nServer: Netwave IP Camera\r\n| p/Netwave IP camera http config/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\n.*<TITLE>&nbsp; &nbsp; &nbsp; ETHM-1 &nbsp; &nbsp; &nbsp; </TITLE>|s p/Satel ETHM-1 alarm control unit/ d/specialized/

match http m|^HTTP/1\.1 [25]00 (?:[^\r\n]*\r\n(?!\r\n))*?Server: KM-MFP-http/V([\d.]+)\r\n|s p/Kyocera MFP httpd/ v/$1/ d/printer/

match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?Server: dcs-lig-httpd\r\n|s p/D-Link DCS-2121 webcam http config/ d/webcam/ cpe:/h:dlink:dcs-2121/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Date: \d\d\d\d-\d\d-\d\d [^\r\n]*\r\n(?:[^\r\n]+\r\n)*?Server: IWeb/([\d.]+)\r\n.*<title>VisionWEB</title>.*<meta name=\"AUTHOR\" content=\"Insignis Technologies\" />.*<meta name=\"DESCRIPTION\" content=\"Linearis VisionWEB\. Cieffe srl, manufactures and markets CCTV digital video recorders and Remote Surveillance products for the security market\" />|s p/IWeb/ v/$1/ i/March Networks VisionWEB webcam http config/ d/webcam/
match http m|^HTTP/1\.1 401 Not Authorized\r\nWWW-Authenticate: Basic realm=\"Communicator Jablotron (\w+)\"\r\n\r\n| p/Jablotron $1 alarm http control/ d/security-misc/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(ES-\w+) at [^"]*\"\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\w.]+)\r\n|s p/Allegro RomPager/ v/$2/ i/ZyXEL $1 switch http config/ d/switch/ cpe:/a:allegro:rompager:$2/ cpe:/h:zyxel:$1/a
match http m|^HTTP/1\.0 200 OK\r\nServer: uhttpd/([\w._-]+)\r\n.*<title>NETGEAR Router ([\w._-]+) </title>|s p/uhttpd/ v/$1/ i/Netgear $2 WAP http config/ d/WAP/ cpe:/h:netgear:$2/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: uhttpd/([\w._-]+).*WWW-Authenticate: Basic realm=\"NETGEAR ([\w-]+)\"\r\n|s p/uhttpd/ v/$1/ i/Netgear $2 WAP http config/ d/WAP/ cpe:/h:netgear:$2/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Serv-U/([\w._-]+)\r\n| p/Rhinosoft Serv-U httpd/ v/$1/ cpe:/a:serv-u:serv-u:$1/
match http m|^HTTP/1\.1 302 Redirection\r\nServer: BlueIris-HTTP/([\d.]+)\r\n| p/BlueIris/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: basic realm=\"Protected area\"\r\n.*<title>401 Unauthorized</title>\n.*<!-- Padding: \n        #############################################\n|s p/Breach ModSecurity Apache monitor httpd/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: CSPSESSIONID=\d+; path=/;\r\nCACHE-CONTROL: no-cache\r\nCONNECTION: Close\r\n.*<!-- Copyright \(c\) 2002 InterSystems Inc\. ALL RIGHTS RESERVED\. -->.*<b>CSP Error</b>|s p/InterSystems Cache Objects httpd/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: application/octet-stream\r\nCache-Control: no-cache\r\n\r\nOggS| p/VLC media streaming httpd/ i/Ogg/ cpe:/a:videolan:vlc_media_player/
match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 334\r\n\r\n<\?xml version='1\.0'\?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\"><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/></head><body><h1>404 Not Found</h1></body></html>$| p/ejabberd http admin/ cpe:/a:process-one:ejabberd/
match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 330\r\n\r\n<\?xml version='1\.0'\?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html xmlns='http://www\.w3\.org/1999/xhtml' xml:lang='en' lang='en'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8'/></head><body><h1>Not found</h1></body></html>$| p/ejabberd http admin/ cpe:/a:process-one:ejabberd/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: Asterisk/([\w._+-]+)\r\n| p/Asterisk/ v/$1/ d/PBX/ cpe:/a:digium:asterisk:$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: SMART Web Server\r\n.*<title>SMART Technologies Connected SMART Interactive Products</title>.*SMART Room: ([\w_.-]+)</H2>|s p/SMART Web Server/ i/SMART Board whiteboard http config/ h/$1/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\n(?:[^\r\n]+\r\n)*?Server: Firefly Media Server/([^\r\n]+)\r\n|s p/Firefly Media Server http config/ v/$1/ cpe:/a:fireflymediaserver:firefly_media_server:$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: AvatronHTTP \(com\.avatron\.AirSharing,([\d.]+)\)\r\n|s p/AvatronHTTP/ v/$1/ i/Air Sharing app/ d/phone/ o/iOS/ cpe:/o:apple:iphone_os/a
# https://git.torproject.org/checkout/tor/master/doc/spec/dir-spec.txt
match http m|^HTTP/1\.0 503 Directory unavailable\r\n\r\n| p/Tor directory/ cpe:/a:torproject:tor/
# DirPortFrontPage set in torrc.
match http m|^HTTP/1\.0 200 OK\r\nDate: (?:[^\r\n]*r\n(?!\r\n))*?Content-Type: text/html\r\nContent-Encoding: identity\r\nContent-Length: \d+\r\nExpires: .*\r\n\r\n| p/Tor directory/ cpe:/a:torproject:tor/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: Zarafa iCal Gateway ([^\r\n]+)\r\n|s p/Zarafa iCal Gateway httpd/ v/$1/ cpe:/a:zarafa:zarafa:$1/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nLocation: https?://([\w._-]+):(\d+)/symantec\.html\r\nContent-Length: 0\r\n| p/Symantec Endpoint Protection Manager httpd/ i/redirect to port $2/ h/$1/ cpe:/a:symantec:endpoint_protection_manager/
match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: JSESSIONID=\w+; Path=/; Secure; HttpOnly\r\n.*<title>Symantec Endpoint Protection Manager</title>|s p/Symantec Endpoint Protection Manager httpd/ cpe:/a:symantec:endpoint_protection_manager/
match http m|^HTTP/1\.0 200 OK\r\nServer: UOS\r\n.*<title>3Com Log On</title>|s p/3Com X5 Unified Security Platform IPS http config/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\nServer: UOS\r\n.*<title>TippingPoint Log On</title>\r\n<meta http-equiv=\"Cache-Control\" content=\"no-store\" />.*<!--\r\n////////////////////////////////////////////\r\n// Copyright TippingPoint 2002, 2003, 2004 and 2005\r\n|s p/HP TippingPoint 110 or 1200E IPS http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\nServer: UOS\r\n.*<title>TippingPoint Log On</title>\n<meta http-equiv=\"Cache-Control\" content=\"no-store\" />.*<!--\n////////////////////////////////////////////\n// Copyright TippingPoint 2002, 2003, 2004 and 2005\n|s p/HP TippingPoint 1200E or 5000E IPS http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\nServer: UOS\r\n.*<title>TippingPoint Log On \x7c LSM - Device \(tp\)</title>\r\n\r\n<meta http-equiv=\"Cache-Control\" content=\"no-store\" />.*<!--\r\n////////////////////////////////////////////\r\n// Copyright TippingPoint 2002, 2003, 2004 and 2005\r\n|s p/HP TippingPoint 10 IPS http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\nServer: SpaceMon/([\d.]+)\r\n.*<TITLE>SpaceMon</TITLE>.*SpaceMon Administrator: ([^<]*)<BR>|s p/IPWorx SpaceMon storage monitor httpd/ v/$1/ i/administrator: $2/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] 400 Bad Request\r\nServer: CloudFront\r\n| p/Amazon CloudFront httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Freetz \(([\w._-]+):([\w._-]+)\)\"\r\n.*<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY><H1>401 Unauthorized</H1>\n\n</BODY></HTML>\n|s p/BusyBox httpd/ i/Freetz firmware for AVM FRITZ!Box; login $1:$2/ d/WAP/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-type: text/html\r\nAccept-Ranges: bytes\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"GeneralUser/Administrator\"\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H2>401 Unauthorized</H2>\n<HR>\nAuthorization required for the URL '/'\.\n</BODY></HTML>\n$| p/thttpd/ i/Panasonic BB-HCM511A Network camera http config/ d/webcam/ cpe:/a:acme:thttpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"router\"\r\n.*<h2>401 Unauthorized<h2>\n  <p>\n  Authorization required for the URL\.\n</body>\n</html>\n|s p/thttpd/ i/Linksys RV082 WAP http config/ d/WAP/ cpe:/a:acme:thttpd/ cpe:/h:linksys:rv082/
match http m|^HTTP/1\.0 200 Document follows\r\n(?:[^\r\n]+\r\n)*?Server: Unknown\r\n.*<TITLE> Guardian Digital WebTool Login </TITLE>|s p/EnGuarde Linux Guardian Digital Webtool http admin/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\nServer: Apache\r\nContent-Type: text/html\r\nContent-Length: 3587\r\nConnection: close\r\n\r\n\n<html>\n<head>\n<!-- \n     Copyright \(C\) 2005-2006 Aviv Raff \(with minor modifications by HDM for the MSF module\)\n     From: http://aviv\.raffon\.net/2005/12/11/MozillaUnderestimateVulnerabilityYetAgainPlusOldVulnerabilityNewExploit\.aspx\n     Greets: SkyLined, The Insider and shutdown \n-->| p|Metasploit multi/browser/mozilla_compareto exploit|
match http m|^HTTP1\.1 200 OK\r\nServer: WIBU-SYSTEMS HTTP Server/ Version ([^\r\n]*)\r\n| p/WIBU-SYSTEMS HTTP Server/ v/$1/ i/CodeMeter copy prevention dongle http config/ d/specialized/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: AppleIDiskServer-([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"([\w._-]+)\"\r\n|s p/Apple iDisk Server/ v/$1/ i/online storage access/ h/$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ASSP/([^\r\n]+)\n|s p/ASSP Anti-Spam Proxy httpd/ v/$1/
match http m|^HTTP/1\.0 302 Found\r\n(?:[^\r\n]+\r\n)*?Location: https://([\w._-]+)/[^\r\n]*\r\n.*<TITLE>Novell iChain</TITLE>|s p/Novell iChain http admin/ o/NetWare/ h/$1/ cpe:/a:novell:ichain/ cpe:/o:novell:netware/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Connection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\n.*<HTML>\r\n<HEAD>\r\n<TITLE></TITLE>\r\n<SCRIPT ID=clientEventHandlersJS LANGUAGE=javascript>\r\n<!--\r\nfunction loadpasswd\(\)\r\n{\r\n\ttop\.location = \"index\.htm\"\r\n}\r\nsetTimeout\(\"loadpasswd\(\)\",1\);\r\n//-->\r\n</SCRIPT>\r\n</HEAD>\r\n<BODY>\r\n</BODY>\r\n</HTML>\r\n$|s p/GoldStar iPECS 50B PBX http config/ d/PBX/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure\r\n.*<title>VMware View Portal</title>|s p/VMware View Manager httpd/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure; HttpOnly\r\n.*<title>VMwareView Portal</title>|s p/VMware View Manager httpd/
match http m|^HTTP/1\.1 200 OK\r\ncache-control: no-cache\r\nContent-Length: \d+\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure.*<title>VMware View Portal</title>|s p/VMware View Manager httpd/
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .* GMT\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>VMware View</title>| p/VMware View Manager httpd/
match http m|^HTTP/1\.1 403 Forbidden\r\nServer: Norman Security/([\d.]+)\r\nContent-Type: text/html\r\nConnection: Close\r\nContent-Length: 90\r\n\r\n<html><title>Norman Security Error</title><body><br><h2>403 - Forbidden</h2></body></html>$| p/Norman Security Endpoint Protection httpd/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Norman Security/([\d.]+)\r\n.*<html><title>Norman Security Error</title><body><br><h2>401 - Unauthorized</h2></body></html>$|s p/Norman Security Endpoint Protection httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n.*<!-- \$Header: index\.html 115\.2 2003/03/18 21:32:39 hfux ship \$ -->.*<TITLE>Oracle Applications Rapid Install</TITLE>|s p/Oracle Rapid Install httpd/

match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Connection: \S+)?\r\nContent-Type: text/html\r\n(?:X-Frame-Options: DENY\r\n)?Content-Length: \d+\r\n\r\n.*<meta name="description" content="VMware Converter">|s p/VMware vCenter Converter httpd/ v/4/
match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Connection: \S+)?\r\nContent-Type: text/html\r\n(?:X-Frame-Options: DENY\r\n)?Content-Length: \d+\r\n\r\n.*<meta name="description" content="VMware vSphere|s p/VMware vSphere http config/
match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Connection: \S+)?\r\nContent-Type: text/html\r\n(?:X-Frame-Options: DENY\r\n)?Content-Length: \d+\r\n\r\n.*<meta name="description" content="VMware vCenter Converter Standalone">|s p/VMware vCenter Converter httpd/ v/4.3/

match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 273\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>Root Index</TITLE></HEAD><BODY><UL><LI><A HREF=\"/ccm-notify\">/ccm-notify</A></LI>\r\n<LI><A HREF=\"/ccm-proxy\">/ccm-proxy</A></LI>\r\n<LI><A HREF=\"/ccm-update\">/ccm-update</A></LI>\r\n<LI><A HREF=\"/config_public/\">/config_public/</A></LI>\r\n</UL></BODY></HTML>\r\n$| p/RSA SecurID 2.0 RADIUS http config/ d/security-misc/ cpe:/h:rsa:securid:2.0/
match http m|^HTTP/1\.1 400 Bad Request\r\n(?:[^\r\n]+\r\n)*?Server: LapLink ([\d.]+)\r\n|s p/Laplink file transfer httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\n\n<HTML>\n<HEAD>\n<TITLE>[\w._-]+ - Hallo!</TITLE>| p/Xrelayd SSL engine httpd/ i/OpenWrt/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 OK\r\nServer: jToolkitHTTP/([\w._-]+) Python/([\d.]+)\r\n| p/jToolkit web framework httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 200 Document follows\r\n(?:[^\r\n]+\r\n)*?Server: PureMessage Web Server\r\n|s p/Sophos PureMessage spam filter http interface/
match http m|^HTTP/1\.0 200 OK\r\nServer: iCanWebServer/([\d.]+)\r\n.*<TITLE>Network Camera Viewer</TITLE>|s p/iCanWebServer/ v/$1/ d/webcam/
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Location: https://([\w._-]+):(\d+)/zimbra/\r\n|s p/Zimbra http config/ i/redirect to https on port $2/ h/$1/ cpe:/a:zimbra:zimbra_collaboration_suite/
match http m|^HTTP/1\.1 302 Found\r\n(?:Date: .*\r\n)?Expires: .*\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nPragma: no-cache\r\n(?:X-Frame-Options: SAMEORIGIN\r\n)?Content-Type: text/html; charset=[Uu][Tt][Ff]-8\r\nContent-Language: en-US\r\nLocation: https://[^/]+/[^?]*\?zinitmode=http\r\nContent-Length: 0\r\n\r\n$| p/Zimbra http config/ i/redirect to https/ cpe:/a:zimbra:zimbra_collaboration_suite/
match http m|^HTTP/1\.0 400 String index out of range: -1\r\nContent-Type: text/html\r\n\r\n$| p/Bluecat Networks Proteus IPAM or Enterasys Dragon IDS http config/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 302 Found\r\ncontent-type: text/html;charset=utf8\r\ncache-control: no-cache\r\ncontent-length: 0\r\nlast-modified: .*\r\ndate: .*\r\nconnection: close\r\nlocation: /login\?continue=%2f\r\n\r\n$| p/Alterator remote management httpd/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 403 Forbidden\r\n(?:[^\r\n]+\r\n)*?Server: Alfred/([\d.]+)\r\n|s p/Alfred RenderMan control httpd/ v/$1/
match http m|^HTTP/1\.0 200 Ok\r\n(?:[^\r\n]+\r\n)*?Server: AXIS ThinWizard/v([\d.]+)\r\n|s p/AXIS ThinWizard printer management httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: <xxxx>\r\nContent-Length: 1057\r\n.*<TITLE>Bad Browser</TITLE>|s p/Siemens HG 1500 router http config/ cpe:/h:siemens:hg_1500/a
match http m|^HTTP/1\.1 403 Forbidden\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\d.]+)\r\n.*Correct authorization is required for this area\. Either your browser does not perform authorization, or your authorization has failed\. RomPager server by Digest Access Authentication, which is not supported by your browser\.<P>\nReturn to <A HREF=\"\">last page</A><P>\n\n</BODY>\n</HTML>\n$|s p/AudioCodes Mediant 200 VoIP gateway http config/ d/VoIP adapter/ cpe:/a:allegro:rompager:$1/ cpe:/h:audiocodes:mediant_200/a
match http m|^HTTP/1\.1 200 OK\r\nServer: WHC chatroom\r\n| p/Fifi chat server http interface/
match http m|^HTTP/1\.0 200 OK\r\nServer: Xunlei Http Server/([\d.]+)\r\n| p/Xunlei BitTorrent http interface/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n.*<\?xml version=\"1\.0\" encoding=\"utf-8\"\?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xmlns:v=\"urn:schemas-microsoft-com:vml\" xml:lang=\"en\" lang=\"en\">\n  <head>\n    <!--\n    ShellInABox - Make command line applications available as AJAX web applications\n|s p/ShellInABox httpd/
match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nDate: .*\r\nServer: Java/([-\d_.]+) javax\.wbem\.client\.adapter\.http\.transport\.HttpServerConnection\r\nContent-Length: 0\r\n\r\n| p/Solaris WBEM web management httpd/ i/Java $1/ o/Solaris/ cpe:/a:sun:jre:$1/ cpe:/o:sun:sunos/a
match http m|^HTTP/1\.1 200 OK\r\n.*<TITLE>MGI ZOOM Image Server</TITLE>.*Version: ([^\n]*)\n\t\tBuild: (\d+)<build/><BR>\n|s p/Zoom Image Server httpd/ v/$1 build $2/
match http m|^HTTP/1\.0 200 OK\r\nServer: upshttpd/([\d.]+)\r\n| p/upshttpd/ v/$1/ i/Effekta UPS http config/ d/power-device/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: ZNC ZNC ([\d.]+) - by prozac@rottenboy\.com\r\n| p/ZNC IRC bouncer http config/ v/$1/ cpe:/a:znc:znc:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: (?:ZNC )?ZNC ([-\w_.+]+) (?:by prozac )?- http://znc\.sourceforge\.net\r\n| p/ZNC IRC bouncer http config/ v/$1/ cpe:/a:znc:znc:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: ZNC ([\w_.+-]+) - http://znc\.sourceforge\.net\r\n| p/ZNC IRC bouncer httpd/ v/$1/ cpe:/a:znc:znc:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: ZNC - http://znc\.sourceforge\.net\r\n| p/ZNC IRC bouncer httpd/ v/0.090 - 0.096/ cpe:/a:znc:znc/
# https://github.com/znc/znc/commit/087f01e99b9a1523a2962e05e4e878de0a41a367 - configure.ac.
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ZNC - http://znc\.in\r\n|s p/ZNC IRC bouncer http config/ v/0.097 or later/ cpe:/a:znc:znc/
match http m|^HTTP/1\.0 403 Access Denied\r\n\r\nWeb Access is not enabled\.\r\n$| p/ZNC IRC bouncer http config/ i/not enabled/ cpe:/a:znc:znc/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .* GMT\r\nServer: ZNC (?:- )?([\w._-]+) - http://znc\.in\r\n| p/ZNC IRC bouncer web ui/ v/$1/ cpe:/a:znc:znc:$1/
match http m|^HTTP/1\.0 404 <no description>\r\nDate: .*\r\nServer: XMLD HTTPServer/([\d.]+)\r\n\r\n$| p/XMLD HTTPServer/ v/$1/ i/Citrix XML Service/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Mono\.WebServer2/([\w._-]+) Unix\r\nX-AspNet-Version: ([\d.]+)\r\n|s p/Mono.WebServer2/ v/$1/ i/MonoDoc httpd; ASP.NET $2/ o/Unix/ cpe:/a:microsoft:asp.net:$2/ cpe:/a:mono:xsp:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\n.*WWW-Authenticate: Basic realm=\"Cayman-([\w]+)\"\r\n.*Server: Allegro-Software-RomPager/([\d.]+)\r\n| p/Allegro RomPager/ v/$2/ i/Cayman $1 DSL router/ d/broadband router/ cpe:/a:allegro:rompager:$2/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 26 Oct 1995 00:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n.*<PRE>\*{60}<BR>\* WARNING ALERT: AUTHORIZED USERS ONLY! +\*<BR>\* +\*<BR>\* All activities conducted on this system may be monitored \*<BR>|s p/Allegro RomPager/ v/$1/ i/NetIron XMR 4000 router http config/ d/router/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: 2NAS_LIGHT\r\n|s p/2NAS_LIGHT/
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: sfcHttpd\r\nContent-Length: 0\r\n\r\n$| p/sfcHttpd/ i/VMware Studio VAMI CIM broker/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: BLOBJ\.httpd\r\n.*<meta name='generator' content='BLOBJ WE ([\d.]+)'>|s p/BLOBJ.httpd/ i/BLOBJ Web Edition $1/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: THEO\+Server/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"THEOS Web-based Maintenance\"\r\n|s p/THEO+Server/ v/$1/ i/THEOS Corona http config/ o/THEOS/ cpe:/o:theos:theos/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: CouchDB/([\w._-]+) \(Erlang ([^)]*)\)\r\n| p/CouchDB httpd/ v/$1/ i/Erlang $2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"[\w._-]+\"\r\nServer: CouchDB/([\w._-]+) \(Erlang ([^)]*)\)\r\n| p/CouchDB httpd/ v/$1/ i/Erlang $2; unauthorized/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: Httpd-Webs\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Linksys (WR[\w+]+) ver\. (\d+)\"\r\n|s p/Linksys $1v$2 WAP http config/ d/WAP/
match http m|^HTTP/1\.1 204 No Content\r\nConnection: close\r\nServer: AChat\r\n\r\n| p/AChat chat system httpd/
match http m|^HTTP/1\.0 200\r\n.*<title>AVTECH Software, Inc\. - TemPageR (\w+) - Real-Time Temperature Monitor For IT &amp; Facilities Environment Monitoring</title>|s p/Avtech TemPageR $1 temperature monitor httpd/
match http m|^HTTP/1\.0 403 Access denied\.  Please consult the http-access directive in the User's Guide for more information\.\r\nContent-Type: text/html\r\n\r\n<html><body>Access denied\.  Please consult the http-access directive in the User's Guide for more information\.</body></html>\r\n$| p/Port25 PowerMTA mail gateway http admin/
match http m|^HTTP/1\.1 302 Found\r\nLocation: https?:///logon\.htm\r\nContent-Length: 0\r\nServer: Intel\(R\) Active Management Technology ([\w._-]+)\r\n\r\n$| p/Intel Active Management Technology User Notification Service http admin/ v/$1/ cpe:/h:intel:active_management_technology:$1/
match http m|^HTTP/1\.1 303 See Other\r\nLocation: /logon\.htm\r\nContent-Length: 0\r\nServer: Intel\(R\) Active Management Technology ([\w._-]+)\r\n\r\n| p/Intel Active Management Technology User Notification Service httpd/ v/$1/ cpe:/h:intel:active_management_technology:$1/
match http m|^HTTP/1\.1 405 Method Not Allowed\r\nContent-type: text/HTML\r\nAllow: POST\r\nContent-Length: 43\r\nServer: ChapuraSyncMgrServer/([\w._-]+)\r\nDate: .*\r\n\r\n<html><h1>Invalid Method</h1><hr>GET</html>$| p/Chapura SyncManager httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n<html>\n<head>\n<meta http-equiv=\"Content-type\" content=\"text/html; charset=iso-8859-1\">\n<title>Client Authentication</title>| p|Check Point VPN-1/UTM NGX firewall http admin| v/R70/ d/firewall/ cpe:/a:checkpoint:connectra_ngx:r70/
match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 82\r\n\r\n<HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY>unknown uri in pks request</BODY>\r\n$| p/Seahorse http keyserver/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/xml; charset=utf-8: \r\nConnection: close\r\n\r\n.*<ModelName>([^<]*)</ModelName><FirmwareVersion>([^>]*)</FirmwareVersion>|s p/D-Link $1 WAP Home Network Administration Protocol (SOAP over HTTP)/ v/$2/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: KM_HTTP-Server/([\d.]+)\r\n.*<title>Kyocera Command Center</title>|s p/KM_HTTP-Server/ v/$1/ i/Kyocera 4050 printer http config/ cpe:/h:kyocera:4050/a
match http m|^HTTP/1\.0 200 OK\r\nServer: Apache/0\.6\.5\r\n.*<title>Web Server . Gigaset (\S+) WLAN dsl</title>|s p/Siemens Gigaset $1 WAP http config/ d/WAP/ cpe:/h:siemens:gigaset_$1/a
match http m|^HTTP/1\.0 302 Found\r\nServer: Apache/0\.6\.5\r\n(?:[^\r\n]+\r\n)*?Location: /relink_web\.stm|s p/Siemens Gigaset WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nServer: Apache/0\.6\.5\r\n.*src="top\.stm\?pn1=ho3\.gif&pn2=ad1\.gif"|s p/Philips SNB5600 WAP http config/ d/WAP/ cpe:/h:philips:snb5600/a
match http m|^HTTP/1\.0 200 OK\r\nServer: Apache/0\.6\.5\r\n.*var PM="BBR-4MG";\n|s p/SMC7908VoWBRA ADSL router http config/ d/broadband router/
match http m=^HTTP/1\.[01] 302 .+(Location|LOCATION): .+/UE/welcome_login\.html=s p/Allegro RomPager/ i/Siemens Gigaset SX762 WAP http config/ d/WAP/ cpe:/a:allegro:rompager:$1/ cpe:/h:siemens:gigaset_sx762/a
match http m|^HTTP/1\.[01] \d\d\d .*<title>Welcome to eDR400--login</title>|s p/EverFocus PowerPlex eDR400 security camera http config/ d/webcam/
match http m|^HTTP/1\.[01] 401 Unauthorized\r\nWWW-Authenticate: Basic realm="NETGEAR (WNR\w+)"\r\n| p/Netgear $1 WAP http config/ d/WAP/ cpe:/h:netgear:$1/a
match http m|^HTTP/1\.[01] 302 Redirect\r\nSet-Cookie: CrushAuth=| p/CrushFTP httpd/ cpe:/a:crushftp:crushftp/
match http m|^HTTP/1\.[01] 401 Unauthorized\r\nWWW-Authenticate: Basic realm="(WGR\w+)"\r\n| p/Netgear $1 WAP http config/ d/WAP/ cpe:/h:netgear:$1/a
match http m|^HTTP/1\.1 401 Unauthorized\r\n.*Server: NetIXServer \(([\d\.]+)\)\r\n| p/NetIXServer http admin/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\nWWW-Authenticate: Digest realm="i3micro VRG", nonce="\d+", qop="auth", algorithm=MD5| p/i3micro VRG VoIP adapter http config/ d/VoIP adapter/
match http m|^HTTP/1\.0 302 Found\r\nLocation: /control/userimage.html\r\n| p/Mobotix Camera http config/ d/webcam/
match http m|^HTTP/1.0 401 Unauthorized\r\nDate: .*\r\nConnection: close\r\nServer: Microsoft-WinCE/5.0\r\nSet-Cookie: .*\r\nWWW-Authenticate: Basic Realm="Kesseltronics"| p/Kesseltronics car wash tunnel http config/ d/specialized/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1.0 200\r\nContent-type: text/html\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n<html>\r\n<head><title>BARIX Instreamer| p/Barix Instreamer audio encoder http config/ d/media device/
match http m|^HTTP/1.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm="PortServer (TS \w+)"| p/Digi Portserver $1 terminal server http config/ d/terminal server/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Mbedthis-Appweb/([\w.-]+)\r\n(?:[^\r\n]+\r\n)*?\r\n\n<HTML>\n<HEAD>\n  <META HTTP-EQUIV=\"Refresh\" CONTENT=\"0; URL=/esp/login\.esp\">\n</HEAD>\n<BODY>\n</BODY>\n</HTML>\n\n$|s p/Mbedthis-Appweb/ v/$1/ i/PA-4050 firewall http config/ d/firewall/ cpe:/a:mbedthis:appweb:$1/
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>Bad Request</TITLE></HEAD><BODY><h3>Error: Bad HTTP Request</h3></BODY></HTML>$| p/ZoneAlarm Z100G firewall http config/ d/firewall/ cpe:/h:zonealarm:z100g/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server:  \r\n(?:[^\r\n]+\r\n)*?\r\n<html>\n<head>\n<title>ZyWALL ([\w -]+)</title>\n|s p/ZyXEL ZyWALL $1 firewall http config/ d/firewall/ cpe:/h:zyxel:zywall_$1/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: ALPHA-WebServer/([\w.]+)\r\n| p/ALPHA-WebServer/ v/$1/
# EqualLogic PeerStorage PS100E iSCSI storage array running firmware v4.1.4.
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w.]+)\r\n.*<title>vmgrp1 Group Manager</title>\n|s p/RapidLogic httpd/ v/$1/ i/EqualLogic PeerStorage PS100E NAS device/ d/storage-misc/ cpe:/a:rapidlogic:httpd:$1/
# EqualLogic PeerStorage PS100E iSCSI storage array running firmware 2.3.6.
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w.]+)\r\n.*<title>nwkgrp2 Group Manager</title>\n|s p/RapidLogic httpd/ v/$1/ i/EqualLogic PeerStorage PS100E NAS device/ d/storage-misc/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: rg_cookie_session_id=\d+; path=/; expires=Fri, 01 Jan 2038 00:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?Location: http://[\w._-]+:(\d+)/index\.cgi\?active%5fpage=9069&req%5fmode=0&strip%5fpage%5ftop=0\r\n|s p/Pirelli DRG A125G WAP http config/ i/redirect to port $1/ d/WAP/ cpe:/h:pirelli:drg_a125g/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nServer: jDownloader HTTP Server\r\nContent-Type: text/html\r\nContent-Length: 0\r\n\r\n$| p/jDownloader httpd/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nServer: jDownloader HTTP Server\r\nContent-Type: text/html\r\nContent-Length: 46\r\n\r\nJDRemoteControl - Malformed Request\. use /help$| p/jDownloader httpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"JDownloader\"\r\n\r\n$| p/jDownloader httpd/ i/unauthorized/
match http m|^HTTP/1\.0 200 OK\r\nServer: lwIP/([\w._-]+) \(http://www\.sics\.se/~adam/lwip/\)\r\n.*<title>Stellaris&reg; ([\w._-]+) Evaluation Kit</title>|s p/lwIP/ v/$1/ i/Stellaris $2 microcontroller/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: .*\r\nDate: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\n\r\n<!--- Page\(\d+\)=\[Ouverture de session\] ---><HTML><HEAD><SCRIPT language=\"Javascript\"><!--\n/\*\n \* A JavaScript implementation of the RSA Data Security, Inc\. MD5 Message\n \* Digest Algorithm, as defined in RFC 1321\.\n \* Version 2\.1 Copyright \(C\) Paul Johnston 1999 - 2002\.\n \* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet\n \* Distributed under the BSD License\n \* See http://pajhome\.org\.uk/crypt/md5 for more info\.\n \*/\n\n| p/Sagem Livebox WAP http config/ d/WAP/
match http m%^HTTP/1\.0 200 OK\r\n.*<title>(?:Livebox|HNM)</title>\n\t\t<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">\n\t\t<meta http-equiv=\"Content-language\" content=\"fr\">\n\t\t<meta name=\"author\" content=\"Nicolas VIVIEN\">\n\t\t<meta name=\"Copyright\" content=\"SAGEM COMMUNICATIONS\">%s p/Sagem Livebox WAP http config/ d/WAP/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nConnection: close\r\nLocation: index\.htm\r\nServer: WMI (V[\w._-]+)\r\n\r\n$| p/WMI/ v/$1/ i/3Com 5500G-EI switch http config/ d/switch/ cpe:/h:3com:5500g-ei/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: W3MFC/([\w._-]+)\r\nAllow: GET, POST, HEAD\r\n.*<TITLE>Lan2net Statistics</TITLE>|s p/W3Mfc/ v/$1/ i/Lan2net firewall http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html;charset=utf-8\r\n(?:[^\r\n]+\r\n)*?Mime-Version: 1\.0\r\n.*<title>FRITZ!WLAN Repeater</title>|s p|FRITZ!WLAN Repeater N/G http config| d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; Charset=UTF-8;\r\n\r\n<html><title>Installed templates</title>.*<a href=\"/foobar2000controller/index\.html\">foobar2000controller</a>| p/foobar2000 media player http config/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html; Charset=UTF-8\r\nConnection: close\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\">\r\n<html><head><title>(.*) - foobar2000</title>|s p/foobar2000 media player httpd/ i/now playing: $1/
match http m|^HTTP/1\.1 301 Redirection\r\nServer: Cegid-WEB-Access-Server/([\w._-]+)\r\n| p/Cegid-WEB-Access-Server/ v/$1/
match http m|^HTTP/1\.1 200 Ok\r\nServer: micro_httpd\r\n.*<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"it\" lang=\"it\">\n<head>\n\t<title>Vodafone</title>|s p/micro_httpd/ i/Vodafone Station WAP http config/ cpe:/a:acme:micro_httpd/
match http m=^<html>\n<head>\n<title>TRENDnet \| (TEG-\w+) \| Login</title>= p/TRENDnet $1 switch http config/ d/switch/ cpe:/h:trendnet:$1/a
match http m|^HTTP/1\.1 200 OK\r\nServer: Web Server\r\n.*top\.location\.href = \"/hp_login\.html\";\r\n</script>\r\n\r\n\r\n<BODY style=\"text-align: center\" onload=\"document\.forms\[0\]\.login\.focus\(\);CheckError\(\)\">\r\n<FORM METHOD=\"POST\" ACTION=\"/hp_login\.html\">|s p/HP Procurve 1810G switch http config/ d/switch/ cpe:/h:hp:procurve_switch_1810g/ cpe:/o:hp:procurve_switch_software/
match http m|^HTTP/1\.0 302\r\nLocation: /Portal0000\.htm\r\n.*<HTML><HEAD><TITLE>Error</TITLE></HEAD>\r\n<BODY><CENTER><H2>/<BR><BR>302 : MOVED TEMPORARILY</H2></CENTER></BODY></HTML>$|s p/Siemens Simatic S7-300 PLC httpd/ d/specialized/
match http m|^HTTP/1\.0 302 Object Moved\r\nContent-Type:text/html\r\nContent-Length: 0\r\nConnection: close\r\nLocation: /Default\.mwsl\r\n\r\n$| p/Siemens Simatic S7-1200 PLC httpd/ d/specialized/
match http m|^HTTP/1\.0 302 Object Moved\r\nContent-Type:text/html\r\nContent-Length: 0\r\nConnection: close\r\nLocation: /Default\.html\r\n\r\n$| p/Siemens Simatic HMI MiniWeb httpd/ d/specialized/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"Web Management\"\r\n\r\n<html><title>401 Unauthorized</title><body>401 Unauthorized</body></html>$| p/Foundry EdgeIron switch http config/ d/switch/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: Close\r\nContent-Type: text/html\r\n\r\nThe specified URL cannot be found<!--(?:0123456789){50}01234-->\r\n| p/Barracuda Web Application Firewall/ d/firewall/
match http m|^HTTP/1\.1 403 Directory Listing Denied\r\nContent-Type: text/plain\r\nContent-Length: 12\r\n\r\nError: 403\r\n$| p/HP Dream Screen media player http config/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nX-Powered-By: PHP/([\w._-]+)\r\n.*<title>Seagate NAS - ([\w._-]+)</title>\n<link rel=\"stylesheet\" type=\"text/css\" href=\"/admin/layout_design\.css\" />\n|s p/Seagate Black Armor 440 NAS http config/ i/PHP $1/ h/$2/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.0 200 OK\r\nX-Powered-By: PHP/([\w._-]+)\r\n.*<title>My Book World Edition - ([\w._-]+)</title>\n.*<!-- Framework CSS -->\n<link rel=\"stylesheet\" href=\"/blueprint/screen\.css\" type=\"text/css\" media=\"screen, projection\">|s p/Western Digital My Book http config/ i/PHP $1/ d/storage-misc/ h/$2/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Location: https://([\w._-]+)/site-web/home\.seam\r\n|s p/Seam web framework/ h/$1/
match http m|^HTTP/1\.0 200 OK\r\n.*<TITLE>Print server homepage</TITLE></HEAD>\n<FRAMESET COLS=\"200,\*\" BORDER=0 FRAMEBORDER=0>\n<FRAME SRC=\"/links_en\.html\">\n|s p/Citizen CLP-521 or Kyocera Mita KM-1530 printer http config/ d/printer/ cpe:/h:kyocera:mita_km-1530/a
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 19\r\nContent-Type: text/html\r\n\r\n 404 Page Not Found$| p/Kyocera Mita FS-1350DN printer http config/ d/printer/ cpe:/h:kyocera:mita_fs-1350dn/a
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"GeneralUser/Administrator\"\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H2>401 Unauthorized</H2>\n<HR>\nAuthorization required for the requested URL\.\n</BODY></HTML>\n|s p/thttpd/ i/Panasonic BB-HCM511 IP camera http config/ cpe:/a:acme:thttpd/
match http m|^HTTP/1\.1 307 Redirect\r\nLocation: https?://[^\r\n]*\r\nContent-Length: 0\r\n\r\n$| p/Apache httpd/ v/2.0.X/ cpe:/a:apache:http_server:2.0/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w._-]+)\r\n.*<title>OneAccess WCF</title>|s p/RapidLogic httpd/ v/$1/ i/OneAccess ONE100A router http config/ d/router/ o/OneOS/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:oneaccess:one100a/a cpe:/o:oneaccess:oneos/
match http m|^HTTP/1\.1 200\r\n.*<meta http-equiv=\"refresh\" content=\"10;url=\"><link rel=\"stylesheet\" type=\"text/css\" href=\"/viawarp\.css\" />|s p/Nova viaWARP httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Apache ([\w._-]+) in ([^\r\n]+)\r\n|s p/Apache Tomcat $1/ i/in $2/ cpe:/a:apache:tomcat/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-type: text/html\r\nAccept-Ranges: bytes\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"PLC Adaptor\"\r\n\r\n| p/Panasonic PLC Adaptor Ethernet-to-mains bridge http config/ d/bridge/
match http m|^<html><head>\n<title>501 Method Not Implemented</title>\n</head><body>\n<h1>Method Not Implemented</h1>\n</body></html>\n$| p/kissdx media player control httpd/
match http m|^HTTP/1\.1 200 OK\r\nServer: yawcam/([\w._-]+)\r\nContent-Length:\d+\r\n| p/Yawcam webcam viewer httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: (?:Cisco )?ACS ([\w._-]+)\r\n|s p/Cisco ACS httpd/ v/$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: WYM/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Rovio\"\r\n|s p/WYM httpd/ v/$1/ i/Wowwee Rovio webcam/ d/webcam/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Kerio Connect ([^\r\n]+)\r\n|s p/Kerio Connect webmail httpd/ v/$1/ cpe:/a:kerio:connect:$1/
match http m|^HTTP/1\.1 302 Found\r\nConnection: Close\r\nContent-Length: 0\r\nContent-type: text/html\r\nDate: .*\r\nlocation: https://([^/:]+)(?::\d+)?/webmail/login/\r\nX-UA-Compatible: IE=8\r\n\r\n| p/Kerio Connect webmail httpd/ h/$1/ cpe:/a:kerio:connect/
match http m|^HTTP/1\.0 500 Internal server error\nServer: M3 Business Engine ([^\r\n]+)\nConnection: close\nContent-Type: text/html; charset=UTF-8\nCache-Control: no-cache\nPragma: no-cache\nExpires: 0\nContent-Type: text/html\n\n<HTML><HEAD>\n<TITLE>500 Internal server error</TITLE>\n</HEAD><BODY>\n<H2>500 Internal server error</H2>\n<HR>\n<ADDRESS><A HREF=\"http://null/\">M3 Business Engine ServerView</A></ADDRESS>\n</BODY></HTML>\n$| p/M3 Business Engine ServerView httpd/ v/$1/
match http m|^HTTP/1\.0 200 ok\r\nContent-type: text/plain\r\n\r\nError accessing ''\r\n$| p/OpenSSL s_server -WWW httpd/ cpe:/a:openssl:openssl/
# TODO: hunt down line number/version number correlations
match http m|^HTTP/1\.0 200 ok\r\nContent-type: text/plain\r\n\r\nError opening ''\r\n\d+:error:[A-F\d]+:system library:fopen:No such file or directory:bss_file\.c:169:fopen\('','r'\)\n\d+:error:[A-F\d]+:BIO routines:BIO_new_file:no such file:bss_file\.c:172:\n| p/OpenSSL s_server -WWW httpd/ cpe:/a:openssl:openssl/
match http m|^HTTP/1\.0 200 ok\r\nContent-type: text/html\r\n\r\n<HTML><BODY BGCOLOR=\"#ffffff\">\n<pre>\n\n(.*) (?:\nSecure Renegotiation IS(?: NOT)? supported)?\nCiphers supported in s_server binary\n| p/OpenSSL s_server -www httpd/ i/command line: $1/ cpe:/a:openssl:openssl/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\n(?:[^\r\n]+\r\n)*?Server: go1984\r\n(?:[^\r\n]+\r\n)*?Location: http://([\w._-]+)(?::\d+)?/([\w._-]+)/Default/index\.htm\r\n\r\n|s p/go1984 httpd/ i/session ID $2/ d/webcam/ h/$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nAccept-Ranges: none\r\n.*<SCRIPT language=JavaScript>\r\n\tvar PIN_change_attempted = false;\r\n\tvar Login_failed = false;\r\n\tvar password_label = \"\";\r\n</SCRIPT>\r\n<!--\rNote: the opening and closing HTML tags are deliberately omitted from\rthis file\.|s p/Citrix Access Gateway http login/ cpe:/a:citrix:access_gateway/
match http m|^HTTP/1\.1 200 OK\r\nCONTENT-ENCODING: gzip\r\n(?:[^\r\n]+\r\n)*?SERVER: Linux/([\w._-]+) Motorola/([\w._-]+)\r\n|s p/Moto Phone Portal/ v/$2/ i/Linux $1/ d/phone/ o/Linux/ cpe:/o:linux:linux_kernel:$1/
match http m|^HTTP/1\.1 200 OK\r\nDATE: .*\r\nCONTENT-TYPE: httpd/unix-directory\r\nCONTENT-LENGTH: 0\r\nALLOW: GET, POST, HEAD, OPTIONS\r\nSERVER: Linux/([\w._-]+) Motorola/([\w._-]+)\r\n\r\n$| p/Moto Phone Portal/ v/$2/ i/Linux $1/ d/phone/ o/Linux/ cpe:/o:linux:linux_kernel:$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nCache-Control: no-cache\r\n\r\n.*<b>Welcome to PLANET ([\w-]+) Web Management</b>|s p/Planet $1 switch http config/ d/switch/ cpe:/h:planet:$1/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: GoAhead-Webs\r\n.*Basic realm=\"(P-[\w -]+) \(username: ([\w._-]+)\)\"\r\n|s p/GoAhead WebServer/ i/ZyXEL $1 WAP http config; username: $2/ d/WAP/ cpe:/a:goahead:goahead_webserver/ cpe:/h:zyxel:$1/a
match http m|^HTTP/1\.0 403 Forbidden\r\nServer: Mbedthis-Appweb/([\w._-]+)\r\n.*<H2>Access Error: 403 -- Forbidden</H2>|s p/Mbedthis-Appweb/ v/$1/ i/J-Web http config/ d/router/ o/JUNOS/ cpe:/a:mbedthis:appweb:$1/ cpe:/o:juniper:junos/a
match http m|^HTTP/1\.1 200 OK\r\nServer: WindRiver-WebServer/([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n.*<!-- \(c\) Copyrighted Materials, 2006\. -->.*<script language=\"JavaScript\" src=\"js_utility_JW410R19_____________\.js\"></script>|s p/Wind River Web Server/ v/$1/ i/Fujitsu-Siemens FibreCAT SX80 NAS device http config/ d/storage-misc/
match http m|^HTTP/1\.1 200 OK\r\nServer: WindRiver-WebServer/([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n.*<!-- \(c\) Copyrighted Materials, 2006\. -->.*<script language=\"JavaScript\" src=\"js_utility_JW420R45_____________\.js\"></script>.*<title>HP StorageWorks MSA Storage Management Utility</title>|s p/Wind River Web Server/ v/$1/ i/HP StorageWorks MSA http config/ d/storage-misc/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: MarratechPortal/([\w._-]+) \(Java ([\w._-]+); Windows ([^)]+)\) build/(\d+)\r\n|s p/Marratech Portal/ v/$1 build $4/ i/Java $2; Windows $3/ o/Windows/ cpe:/a:sun:jre:$2/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: BBVS\r\nContent-type: text/plain\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"SecuritySpy Web Server\"\r\n\r\n401 Unauthorized\r\n$|s p/SecuritySpy webcam viewer httpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 200 OK\r\nServer: BBVS/([\w._-]+)\r\nKeep-Alive: timeout=20, max=100\r\nConnection: Keep-Alive\r\nAccept-Ranges: bytes\r\nContent-Length: 6258\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<title>SecuritySpy Web Server</title>\n| p/SecuritySpy webcam viewer httpd/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nExpires:0\r\npragma:no-cache\r\n\r\n<meta http-equiv=\"refresh\" content=\"0;url=Footprints\.html\">\r\n\r\n\r\n\r\n$| p/TED 5000 power use monitor/ d/power-device/
# http://java423.vicp.net:8652/infoserver.central/data/syshbk/collections/TECHNICALINSTRUCTION/1-61-208775-1.html
match http m|^HTTP/1\.0 400 Malformed Header in \r\nContent-Type: text/html\r\n\r\n$| p/Sun ScApp bytecode transfer httpd/
match http m|^HTTP/1\.1 200 OK\r\n\r\n<html><head><title>File Share</title></head><body><a href=\"/folder/0\">Public</a><br/></body></html>$| p/File Share httpd/ i/Android mobile phone/ d/phone/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\n.*<title>VoIP Gateway</title>.*<frame name=\"contents\" target=\"main\" src=\"otgw\.cgi\?PAGE=USER\" scrolling=\"auto\" noresize>|s p/D-Link DVS-4088S, DVS-5088S, or DVG-7062S VoIP gateway http config/ d/VoIP adapter/
match http m|^HTTP/1\.0 200 OK\r\nServer: BEJY V([\w._-]+)  HTTP ([\w._-]+) \r\n| p/BEJY httpd/ v/$2/ i/BEJY $1/
match http m|^HTTP/1\.0 404 Not Found\r\nServer: Xfire\r\nConnection: close\r\n\r\n\r\n$| p/Xfire httpd/
match http m|^HTTP/1\.0 302 Found\r\nLocation: http://guide(?:test)?\.[\w._-]*opendns\.com/\?url=\r\nContent-type: text/html\r\nContent-Length: 0\r\nConnection: close\r\nDate: .*\r\nServer: OpenDNS Guide\r\n\r\n$| p/OpenDNS Guide/
match http m|^HTTP/1\.0 302 Found\r\nLocation: http://guide(?:test)?\.[\w._-]*opendns\.com/\?url=\r\nContent-Length: 0\r\nConnection: close\r\nDate: .*\r\nServer: OpenDNS Guide\r\n\r\n$| p/OpenDNS Guide/
match http m|^HTTP/1\.0 303 See Other\r\nLocation: http://guide(?:test)?\.[\w._-]*opendns\.com/\?url=\r\nContent-Length: 0\r\nConnection: close\r\nDate: .*\r\nServer: OpenDNS Guide\r\n\r\n$| p/OpenDNS Guide/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Frameset//EN\">\r\n<!-- Copyright \(c\) 2000-2002, Fuji Xerox Co\., Ltd\. All Rights Reserved\. -->\r\n<HTML>\r\n<HEAD>\r\n<META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=ISO-8859-1\">\r\n<TITLE>\r\n(DocuPrint [\w._-]+) - ([\w._-]+)\r\n</TITLE>| p/Fuji Xerox $1 printer http config/ d/printer/ h/$2/ cpe:/h:fuji:xerox_$1/a
match http m|^HTTP/1\.1 502 Bad Gateway\r\nContent-Type: text/html\r\nContent-Length: 487\r\n\r\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n<title>\nContent Server Message\n</title>\n</head>\n<body>\nNetwork message format error\. Unable to parse browser environment or content item\. Unable to parse properties\. Name-value pairs are missing an '='\.\n<!---\nStatusCode=-1\nStatusMessage=Network message format error\. Unable to parse browser environment or content item\. Unable to parse properties\. Name-value pairs are missing an '='\.\n---!>\n</body></html>$| p/Oracle Universal Content Management httpd/
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: 0\r\n\r\n$| p/IDentifier NameTracer Pro httpd/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 155\r\nConnection: close\r\n.*<title><FortiClient Download Portal</title>|s p/FortiClient firewall http config/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n<HTML> \n<HEAD>\n<TITLE> [\w._-]+  \n</TITLE>\n\n<SCRIPT TYPE = \"text/javascript\">\n netscapeVersion = navigator\.appVersion\.substring\(0,4\);\n ieVersion = navigator\.appVersion\.substring\(17,25\);\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/HP Designjet 800ps printer http config/ d/printer/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:designjet_800ps/a
match http m|^HTTP/1\.1 302 Found\r\nCache-Control: no-cache\r\nConnection: Close\r\nContent-Length: 0\r\nContent-Type: application/octet-stream\r\nDate: .*\r\nLocation: /main\.php\r\nPragma: no-cache\r\nServer: Kerio WinRoute Firewall Embedded Web Server\r\n| p/Kerio WinRoute firewall http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: MicroWeb/([\w._-]+)\r\n.*<html>\n<head><title>WebAlert Login Page</title></head>\n<script LANGUAGE=\"JavaScript\">\n<!--\nfunction check\(\)\n{\n\t  if\(\(document\.frmLogin\.txtUserName\.value\.length<3\)|s p/MicroWeb/ v/$1/ i/Walchem WebAlert remote monitoring/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: NSMXwui \(Juniper\)\r\n.*<title>Network and Security Manager - Download UI Client</title>|s p/NSMXwui/ i/Juniper Network and Security Manager http config/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r \nContent-type: text/html\r\n.*<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" />\n<title>Chumby FM Radio</title>|s p/Chumby One FM radio http interface/ d/media device/
match http m|^HTTP/1\.0 301 File moved Permanently\nLocation: /cgi-bin/menu/TCP/IP Settings/\r\nDate: Mon, 23 Sep 1996 16:00:00 GMT\r\nExpires: Thu, 01 Dec 1994 16:00:00 GMT\r\nPragma: no-cache\r\nSet-Cookie: Login=DELETED; path=/;\r\n\r\n| p/Intermac scanner http config/ d/specialized/
match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache, must-revalidate\r\n.*<TITLE>MusicMagic Server</TITLE>.*<td>Total songs</td><td align=right>([\d,]+)</td>|s p/MusicMagic Mixer http control/ i/$1 total songs/
match http m|^HTTP/1\.1 401 BAD\r\nWWW-Authenticate: Basic realm=\"Vuze - Vuze Web Remote\"\r\n\r\nAccess Denied\r\n$| p/Vuze BitTorrent remote http admin/ cpe:/a:azureus:vuze/
match http m|^HTTP/1\.0 405 Method Not Allowed\r\nContent-Type: text/html\r\nCache-Control: public\r\nPragma: cache\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT\r\nAccept-Ranges: bytes\r\nConnection: close\r\n|s p/ActionTec TR-069 remote access/
match http m|^HTTP/1\.0 405 Method Not Allowed\r\nContent-Type: text/html\r\nCache-Control: public\r\nPragma: cache\r\n.*<html>\n<head>\n  <title>405 Method Not Allowed</title>\n</head>\n<body bgcolor=\"ffffff\">\n  <h2>405 Method Not Allowed<h2>\n  <p>\n  \n</body>\n</html>\n$|s p/ActionTec TR-069 remote access/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Length: 0\r\n\r\n$| p/TR-069 remote access/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"\", qop=\"auth\", nonce=\"[0-9a-f]{32}:[0-9a-f]{8}:[0-9a-f]{7,8}\", opaque=\"0\"\r\nContent-Type: text/html\r\nCache-Control: public\r\nPragma: cache\r\nExpires: .*\r\nDate: .*\r\nLast-Modified: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\n\r\n<html>\n<head>\n  <title>401 Unauthorized</title>\n</head>\n<body bgcolor=\"#?ffffff\">\n  <h2>401 Unauthorized</?h2>\n  <p>(?:</p>)?(?:\n  )?\n</body>\n</html>\n$| p/TR-069 remote access/

match http m|^HTTP/1\.1 202 Accepted\r\nContent-Type: text/html;charset=UTF-8\r\n.*<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\r\n<title>GlassFish Administration Console - Installation in Progress\.\.\.</title>|s p/Sun GlassFish Administration Console/ i/installation in progress/ cpe:/a:sun:glassfish_server/
match http m|^<html>\r\n<META HTTP-EQUIV=\"Refresh\" CONTENT=\"10\">\r\n<head>\r\n<title>([\w\d.-]+) LanSafe: ([\w\d\s]+)</title>\r\n| p/LanSafe Status@aGlance/ i/Server: $1, Status: $2/
match http m|^HTTP/1\.[01] \d\d\d.*Server: IdeaWebServer/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: ([^\r\n]+)\r\n|s p/IdeaWebServer httpd/ v/$1/ i/$2/
match http m|^HTTP/1\.[01] \d\d\d.*Server: IdeaWebServer/([\w._-]+)\r\n|s p/IdeaWebServer httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: \w\w\w \d\d, \d\d:\d\d:\d\d\.\d\d\d\r\nServer: TreeNeWS/([\w._-]+)\r\nMime-Version: 1\.0\r\nContent-Length: 1419\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\n\r\n.*<title>Webview</title>|s p/TreeNeWS httpd/ v/$1/ i/Enterasys RBT-8200 switch http config/ d/switch/ cpe:/h:enterasys:rbt-8200/
match http m|^HTTP/1\.1 302 OK\r\nDate: \w\w\w \d\d, \d\d:\d\d:\d\d\.\d\d\d\r\nServer: TreeNeWS/([\w._-]+)\r\nMime-Version: 1\.0\r\nLocation: https://index\.html\r\nContent-Length: 67\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>Redirect</TITLE></HEAD>\n<BODY></BODY></HTML>\r\r\n\n$| p/TreeNeWS httpd/ v/$1/ i/Enterasys RBT-8200 switch http config/ d/switch/ cpe:/h:enterasys:rbt-8200/
match http m|^HTTP/1\.1 404 Not Found\r\nDate: \w\w\w \d\d, \d\d:\d\d:\d\d\.\d\d\d\r\nServer: TreeNeWS/([\w._-]+)\r\nMime-Version: 1\.0\r\nContent-Length: 173\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>Not Found</TITLE></HEAD>\n<BODY><H1>Not Found</H1>\n<br>&nbsp;&nbsp;The requested URL was not found on this server\.\n<br><H2>Error 404</H2></BODY></HTML>\r\r\n\n$| p/TreeNeWS httpd/ v/$1/ i/3Com WX2200 WAP http config/ d/WAP/ cpe:/h:3com:wx2200/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: CANON HTTP Server\r\nContent-Type: text/html\r\n| p/Canon printer web interface/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nDate: Sat, 01 Jan 2000 00:37:25 GMT\r\nLast-Modified: Sat, 01 Jan 2000 00:01:28 GMT\r\nContent-Type: text/html\r\nContent-Length: 635\r\n.*<title>VoIP Gateway</title>|s p/D-Link DVG-2032S VoIP gateway http config/ d/VoIP adapter/ cpe:/h:dlink:dvg-2032s/a
match http m|^HTTP/1\.0 301 Moved Permanently\r\n(?:[^\r\n]+\r\n)*?Server: httpd\r\nContent-type: text/html\r\nETag: \"232c8e4-74d-0\"\r\nContent-length: 0\r\nConnection: close\r\nLocation: https://:443/start\.html\r\n\r\n|s p/Dell Remote Access Controller 6 http interface/ d/remote management/ cpe:/h:dell:remote_access_card:6/
match http m|^HTTP/1\.0 302 Found\r\nCache-Control: no-cache\r\nConnection: Close\r\nContent-Length: 0\r\nContent-Type: application/octet-stream\r\n(?:[^\r\n]+\r\n)*?Location: /nonauth/login\.php\r\nPragma: no-cache\r\nServer: Kerio Clientless SSL-VPN\r\n\r\n|s p/Kerio Clientless SSL-VPN/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Tue, 31 Jan 2012 01:17:22 GMT\r\nETag: \"413_83_4f274122\"\r\n(?:[^\r\n]+\r\n)*?Content-Length: 131\r\n.*location=\"/remote/login\";\n</script></html>\n|s p/Fortinet FortiGate SSL VPN remote http login/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Tue, 03 Oct 2006 19:21:12 GMT\r\nETag: \"85f_52_4522b828\"\r\n(?:[^\r\n]+\r\n)*?Content-Length: 82\r\n.*location=\"/remote/index\";\n\n</script>\n</html>\n\0{605}$|s p/Fortinet FortiGate-5001 SSL VPN remote http login/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Wed, 11 Jan 2012 03:34:20 GMT\r\nETag: \"610_4f_4f0d033c\"\r\n(?:[^\r\n]+\r\n)*?Content-Length: 79\r\n.*location=\"/login\";\n\n</script>\n</html>\n|s p/Fortinet FortiGate firewall http proxy admin/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Fri, 21 Apr 2000 00:53:33 GMT\r\nETag: W/\"685_4f_4d082ec4\"\r\n(?:[^\r\n]+\r\n)*?Content-Length: 79\r\n.*location=\"/login\";\n\n</script>\n</html>\n|s p/Fortinet FortiGate firewall http proxy admin/ d/firewall/
match http m|^HTTP/1\.1 303 See Other\r\nLocation: https?://([\d.]+:\d+)/fgtauth\?[0-9a-fA-F]+\r\n.*<title>Firewall Authentication</title></head>|s p/FortiGate Application filtering/ i/Auth server $1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"View Home & Status Web Pages\"\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n|s p/Allegro RomPager/ v/$1/ i/Xerox Phaser 8560DN printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:xerox:phaser_8560dn/a
match http m|^HTTP/1\.1 302 Found\r\nLocation: https://[\d.]+/home\.html\r\nContent-Length: 0\r\nServer: Allegro-Software-RomPager/([\w._-]+)\r\n\r\n$| p/Allegro RomPager/ v/$1/ i/Xerox Phaser 8560DN printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:xerox:phaser_8560dn/a
match http m|^HTTP/1\.1 200 OK\r\n.*<title>XenServer ([\w._-]+)</title>|s p/Citrix Xen Simple HTTP Server/ i/XenServer $1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?ETag: \"-127477461\"\r\n(?:[^\r\n]+\r\n)*?Server: none\r\n.*<title>Fireware XTM User Authentication</title>|s p/WatchGuard FireBox XTM firewall http config/ d/firewall/
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"uTorrent\"\r\n\r\n| p/uTorrent WebUI/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 300 ERROR\r\nConnection: keep-alive\r\nContent-Length: 15\r\nContent-Type: text/html\r\n\r\ninvalid request$| p/uTorrent WebUI/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a
# uTorrent 2.0.2
match http m|^HTTP/1\.1 400 ERROR\r\nConnection: keep-alive\r\nContent-Length: 15\r\nContent-Type: text/html\r\n\r\ninvalid request$| p/uTorrent WebUI/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 400 ERROR\r\nConnection: keep-alive\r\nContent-Length: 17\r\nContent-Type: text/html\r\n\r\n\r\ninvalid request$| p/uTorrent WebUI/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: WYM/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Content-Length: 1029\r\nLast-Modified: Tue, 19 May 2009 02:17:02 GMT\r\n\r\n\xef\xbb\xbf<html>\r\n<head>\r\n<title>NVS</title>|s p/WYM httpd/ v/$1/ i/A+V Link NVS-4000 surveillance system http config/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nLast-Modified: Mon, 07 Apr  2009  04:00:00 GMT\r\nContent-Type: TEXT/HTML\r\nDate: \w\w\w, \d\d \w\w\w  \d\d\d\d  \d\d:\d\d:\d\d GMT00:00 GMT\r\nServer: ICOM ([\w._-]+)    from SBS\r\nMIME-Version: 1\.0\r\nServer: ICOM [\w._-]+    from SBS\r\nConnection: close\r\nContent-Length:             861\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>UltraQuest Index HTML</TITLE>| p/ICOM httpd/ v/$1/ i/UltraQuest mainframe reporting/ o|OS/390| cpe:/o:ibm:os_390/a
match http m|^HTTP/1\.0 404 Not Found\r\nContent-type: text/html\r\nDate: Sat, 31 Dec 2005 23:02:28 GMT\r\nConnection: close\r\n\r\n<HEAD><TITLE>404 Not Found</TITLE></HEAD>\n<BODY><H1>404 Not Found</H1>\nThe requested URL was not found on this server\.\n</BODY>\n$| p/BusyBox httpd/ i/Sphairon Turbolink IAD ADSL modem http config/ o/Linux/ cpe:/a:busybox:busybox/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 302\r\nLocation: /login\.vibe\r\n\r\n$| p/VibeStreamer streaming media httpd/
match http m|^\r\n\r\n\r\n\r\n\r\n\r\n<\?xml version=\"1\.0\" encoding=\"ISO-8859-1\"\?>\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\"\r\n  \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r\n\r\n\r\n\r\n<html>\r\n<head>\r\n<title>RealSecure SiteProtector</title>.*<meta name=\"copyright\"\r\n\t\tcontent=\"This web site, its design, copy, scripts and artwork,\r\n\t\tare copyright 2006 by Internet Security Systems, Inc\.\r\n|s p/Apache httpd/ v/2.0.63/ i/ISS SiteProtector 2.0/ cpe:/a:apache:http_server:2.0.63/
match http m|^<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<html><head>\n<title>302 Found</title>\n</head><body>\n<h1>Found</h1>\n<p>The document has moved <a href=\"/red2301\.html\?RedirectUrl=/\">here</a>\.</p>\n<p>Additionally, a 302 Found\nerror was encountered while trying to use an ErrorDocument to handle the request\.</p>\n</body></html>\n$| p/HP System Management httpd/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\n.*<title>DVR WebViewer</title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=euc-kr\">\r\n.*<OBJECT\r\n\t  classid=\"clsid:EE479A40-C128-40DD-93DA-000556AF9607\"\r\n\t  codebase=\"CtrWeb\.cab#version=1,1,1,1\"\r\n\t  width=(\d+)\r\n\t  height=(\d+)\r\n\t  align=center\r\n\t  hspace=0\r\n\t  vspace=0\r\n>\r\n<param name=\"CmdPort\" value=\"(\d+)\">\r\n<param name=\"StreamPort\" value=\"(\d+)\">|s p/MicroDigital MDR-4600 DVR httpd/ i/Resolution $1x$2; CmdPort $3; StreamPort $4/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nServer: Senturion/([\w._-]+)\r\n.*<title>Sensatronics: Senturion ([\w._-]+)</title><script language=\"javascript\" src=\"/gen\.js\">|s p/Sensatronics Senturion $2 environmental sensor httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n.*<!-- saved from url=\(0022\)http://internet\.e-mail -->\r\n<html>\r\n<head>\r\n<title>WebCam</title>\r\n</head>\r\n<body link=\"#505050\" bgcolor=\"#505050\" vlink=\"#505050\" alink=\"#505050\" topmargin=\"3\">|s p/AverMedia WebCamX httpd/ d/webcam/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nConnection: close\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"User\"\r\nContent-length: 192\r\n\r\n<HTML><HEAD>\n<TITLE>Authentication Error: Access Denied, Authorization required\.</TITLE>\n</HEAD>\r\n<BODY><H2>Authentication Error: Access Denied, Authorization required\.</H2></BODY>\n</HTML>\r\n\r\n| p/Yello Strom Sparzaehler electricity meter httpd/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nETag: \"19c-a4-4ab218f6\"\r\nContent-length: 164\r\n| p/Yello Strom Sparzaehler electricity meter httpd/
match http m|^HTTP/1\.1 200 OK\r\n.*<meta http-equiv=\"Content-Type\" content=\"text/html; charset=Shift_JIS\">\r\n\r\n<html>\r\n<head>\r\n<title>Network</title>\r\n</head>\r\n<noscript>Make sure JavaScript is ON\.</noscript>.*<frame src=\"dmy\.htm\" name=\"m\">|s p/Sanyo PLC-XU300 projector http config/ d/media device/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nPragma: no-cache\r\nLocation: https://[\w._-]+/\r\n.*<TITLE>Redirect Notification</TITLE>.*<P>Please click <a href=\"https://[\w._-]+/\">here</a> to go to the correct location\.|s p/Tandberg Border Controller VoIP proxy/ d/proxy server/ o/Linux 2.6/ cpe:/o:linux:linux_kernel:2.6/
match http m|^HTTP/1\.1 200 Document follows\r\n(?:[^\r\n]+\r\n)*?Connection: Close\r\nServer: Micro-Web\r\n.*<!-- \*\* THIS FILE CONTAINS NO REALTIME DATA \*\* -->.*<title>   LocalSite - ARC Plus Web Interface</title>|s p/Micro-Web/ i/Burk ARC Plus remote management http interface/ d/remote management/
match http m|^HTTP/1\.1 302 \(Found\)\r\nConnection: close\r\nLocation: .*\r\nServer: Oversee Turing v([\w._-]+)\r\n|s p/Oversee Turing httpd/ v/$1/ i/domain parking/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Java PseudoHttpd/([\w._-]+)\r\n.*<title>CSP Status</title>|s p/Java PseudoHttpd/ v/$1/ i/Card Server Proxy (CSP) http config/
match http m|^HTTP/1\.1 200 OK\r\n.*<title>XBMC</title> \n<link type=\"text/css\" rel=\"stylesheet\" href=\"basic\.css\">\n</head>\n<body>\n<h1>XBMC Webinterface</h1>|s p/XBMC http interface/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\n.*<title>XBMC</title>\r\n\t\t<meta http-equiv=\"Content-Language\" content=\"EN\" />.*<!-- <link rel=\"search\" href=\"/provider\.xml\" type=\"application/opensearchdescription\+xml\" title=\"XBMC Library\" /> -->|s p/XBMC http interface/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.[01] 200 OK\r\n.*<title>XBMC</title>\s*<meta http-equiv=\"Content-Language\" content=\"EN\" />.*<!-- <link rel=\"search\" href=\"/?provider\.xml\" type=\"application/opensearchdescription\+xml\" title=\"XBMC Library\" /> -->|s p/XBMC http interface/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 134\r\nExpires: .*\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<html>\n<head>\n<title>XBMC Web Media Manager</title> \n<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=\./movies/index\.html\">\n</head>\n</html>\n$| p/XBMC Web Media Manager/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 0\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=XBMC\r\n|s p/XBMC Web Media Manager/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nExpires: .*\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nDate: .*\r\n\r\n<!DOCTYPE html>.*<title>XBMC \x7c Web interface</title>|s p/XBMC http interface/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation:http://([\w._-]+)/index\.htm\r\nContent-Type: text/plain\r\nContent-Length:2.\r\n\r\nhttp://[\w._-]+/index\.htm$| p/Lanier IS100e image scanner httpd config/ h/$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n.*<TITLE>Start</TITLE>\n</HEAD>\n<FRAMESET border=0 frameSpacing=0 rows=30,8,\* frameBorder=0>\n<FRAME name=bar src=\"CgiTagMenu\?page=Top&Language=0\" scrolling=no NORESIZE>\n<FRAME name=hrbar src=\"BarFoot\.html\" scrolling=no NORESIZE>|s p/thttpd/ i/Panasonic Network Camera http config/ cpe:/a:acme:thttpd/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT\r\n.*\xef\xbb\xbf<html>\r\n<head>\r\n.*<META NAME=\"Expired\" CONTENT=\"01-jan-1900 00:00:00\" />\r\n.*<title>NAS</title>.*<title></title>|s p/BusyBox httpd/ i/Hitachi SimpleNET NAS http config/ d/storage-misc/ o/Linux/ cpe:/a:busybox:busybox/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\n.*<TITLE>(PA168S) V([\w._-]+) +</TITLE>.*<script>function sf\(\){document\.f\.auth\.focus\(\);}</script>.*<FONT size=5>Willkommen zur Administration des Telefons</FONT>|s p/Atcom AT-320 VoIP phone http config/ v/$2/ i/PalmMicro $1 chipset/ cpe:/h:atcom:at-320/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\n.*<TITLE>Dashboard</TITLE>.*<META name='copyright' content='Copyright 2003-2010, Red Condor, Inc\.'>|s p/Red Condor antispam appliance http config/ d/proxy server/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"[\d.]+\",  qop=\"auth\", nonce=\"[0-9a-f]+\"\r\n.*<title>BMC HTTP Server</title>\r\n.*<img src=\"ilo2_rgb2\.jpg\" class=\"mainlogo\" alt=\"\">|s p/HP Integrated Lights-Out http config/ d/remote management/ cpe:/h:hp:integrated_lights-out/
match http m|^HTTP/1\.0 300 Multiple Choices\r\nServer: Rockpile Web Server\r\nDate: Sun, 00 Jan 1900 00:00:00 GMT\r\nConnection: close\r\nLocation: http://[\w._-]+/localmenus\.cgi\?func=604\r\nContent-type: text/html\r\n\r\n.*HTTP/1\.0 404 Not Found\r\nServer: Rockpile Web Server\r\nDate: Sun, 00 Jan 1900 00:00:00 GMT\r\n|s p/Rockpile httpd/ i/Cisco 7937 VoIP phone http config/ d/VoIP phone/ cpe:/h:cisco:7937/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"CentreWare Internet Services\"\r\n.*<!-- Copyright \(c\) 2000-2003, Fuji Xerox Co\., Ltd\. All Rights Reserved\. -->\r\n<HTML>\r\n<HEAD>\r\n<TITLE>FAILED</TITLE>\r\n<META http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1252\">|s p/FujiXerox ApeosPort-IV C4470 http config/ d/printer/
match http m|^HTTP/1\.1 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: iTP Secure WebServer/([\w._() -]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\nConnection: close\r\n\r\n<TITLE>Not Found</TITLE><H1>Not Found</H1>\n The requested object was not found on this server\.$|s p/iTP Secure WebServer/ v/$1/ i/HP Tandem NonStop/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: iTP Secure WebServer/([\w._() -]+)\r\n.*<TITLE>Index of /</TITLE>|s p/iTP Secure WebServer/ v/$1/ i/HP Tandem NonStop/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\n(?:[^\r\n]+\r\n)*?Server: iTP WebServer with NSJSP/([\w._() -]+) \(HTTP/1\.1 Connector\)\r\nLocation: http://([\w._-]+):\d+/index\.html\r\n|s p/iTP WebServer with NSJSP/ v/$1/ i/HP Tandem NonStop/ h/$2/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Indy/([\w._-]+)\r\n.*<title>GregHSRWLib - RemObjects SDK for \.NET v([\w._-]+)</title>|s p/Indy httpd/ v/$1/ i/.NET $2; Acer Registration Service; greghsrw.exe/ cpe:/a:indy:httpd:$1/
match http m|^HTTP/1\.1 200 OK\r\nETag: W/\"[\d-]+\"\r\n(?:[^\r\n]+\r\n)*?Server: null\r\n.*<title>HP - Data Center Fabric Manager</title>|s p/HP Data Center Fabric Manager http config/
match http m|^HTTP/1\.1 200 OK\r\nETag: W/\"[\d-]+\"\r\n(?:[^\r\n]+\r\n)*?Server: censhare hyena/([\w._-]+)\r\n|s p/censhare hyena httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?ETag: W/\"[\d-]+\"\r\n(?:[^\r\n]+\r\n)*?Server: Undefined\r\n.*<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;URL=/core/orionSplashScreen\.do\">|s p/McAfee ePolicy Orchestrator http interface/ cpe:/a:mcafee:epolicy_orchestrator/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?ETag: (?:W/)?\"[\d-]+\"\r\n(?:[^\r\n]+\r\n)*?Server: Undefined\r\n.*<meta http-equiv=\"refresh\" content=\"0;URL=/core/orionSplashScreen\.do\" />|s p/McAfee ePolicy Orchestrator http interface/ cpe:/a:mcafee:epolicy_orchestrator/
match http m|^HTTP/1\.1 401 \r\nDate: Sat, 21 Dec 1996 12:00:00 GMT\r\nWWW-Authenticate: Basic realm=\"Default password:1234\"\r\n\r\n401 Unauthorized - User authentication is required\.$| p/Edimax PS-1206P print server/ d/print server/
match http m|^HTTP/1\.1 301 Moved Permanently\r\n(?:[^\r\n]+\r\n)*?Server: Noelios-Restlet-Engine/([\w._-]+)\r\nLocation: http://([\w._-]+)/index\.html\r\nVary: Accept-Charset,Accept-Encoding,Accept-Language,Accept,User-Agent\r\nContent-Length: 0\r\nConnection: close\r\nContent-Type: text/plain\r\n\r\n$|s p/Noelios Restlet Framework/ v/$1/ i/Sonatype Nexus Maven Repository Manager/ h/$2/
match http m|^HTTP/1\.0 501 Not Implemented\r\nServer: SimpleHTTP/([\w._-]+) Python/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\nConnection: close\r\n\r\n<head>\n<title>Error response</title>\n</head>\n<body>\n<h1>Error response</h1>\n<p>Error code 501\.\n<p>Message: Not Implemented\.\n<p>Error code explanation: 501 = Server does not support this operation\.\n</body>\n$|s p/SimpleHTTPServer/ v/$1/ i/rPath Appliance Platform Agent; Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: CMSHTTPD/([\w._-]+) z_VM/([\w._-]+) ([^\r\n]+)\r\n|s p/CMSHTTPD/ v/$1/ i|z/VM $2; $3| o|z/VM| cpe:/o:ibm:z%2fvm:$2/
match http m|^HTTP/1\.0 200 OK\nServer: Cardax Embedded Interface\n.*<H1>CardaxFT Controller #  (\d+)  \(ETS\)</H1>.*<br>Version: v([\w._/-]+) BootMon-([\w._-]+)</body>\n$|s p/Cardax FT security system http interface/ v/$2/ i/Controller #$1; BootMon $3/ d/security-misc/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nAllow: GET,POST,HEAD\r\nMIME-Version: 1\.0\r\nServer: (MA\w+) Server ([\w._-]+)\r\nLocation: http://0\.0\.0\.0\r\n\r\n$| p/Huawei $1 WAP http config/ v/$2/ cpe:/h:huawei:$1/a
match http m|^HTTP/1\.0 200 OK\r\nServer: ZyXEL SSLVPN Server v([\w._-]+)\r\n.*<title>ZyWALL SSL(\d+)</title>|s p/ZyXEL ZyWALL SSL $2 SSL-VPN applicance http config/ v/$1/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server:  \r\n.*<title>ZyWALL ([^<]+)</title>|s p/ZyXEL ZyWALL $1 firewall http config/ d/firewall/ cpe:/h:zyxel:zywall_$1/a
match http m|^HTTP/1\.0 200 OK\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n<title>Login</title>\n<link rel=stylesheet href=\"login\.css\" type=\"text/css\" />\n<script src=\"form\.js\" type=\"text/javascript\"></script>| p/D-Link DGS-1200T-series switch http config/ d/switch/
match http m|^HTTP/1\.1 505 HTTP Version not supported\r\nContent-Length: 0\r\nDate: .*\r\nAccept-Ranges: bytes\r\n\r\n$| p/Virtual Mic http synchronization/ d/media device/ o/iOS/ cpe:/o:apple:iphone_os/a
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Server: Wireless Network Camera with Pan/Tilt\r\n|s p/Vivotek Network Camera http config/ d/webcam/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Server: Network Camera with Pan/Tilt\r\n|s p/Vivotek Network Camera http config/ d/webcam/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Server: Network Camera\r\n|s p/Vivotek IP7131 Network Camera http config/ d/webcam/ cpe:/h:vivotek:ip7131/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Remote-Motion CCD Network Camera\"\r\nContent-Type: text/html\r\nServer: Vivotek Network Camera\r\n\r\n<HTML>\n<HEAD>\n<TITLE>Protected Object</TITLE></HEAD><BODY>\n<H1>Protected Object</H1>This object on the server is protected\.<P>\n</BODY></HTML>$| p/Vivotek Network Camera http config/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Web Server\r\n.*<TITLE>NetGear ([\w._-]+)</TITLE>|s p/Netgear $1 switch http config/ d/switch/ cpe:/h:netgear:$1/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\n.*<TITLE>Management</TITLE>.*<METArem http_equiv=\"Refresh\" content=\"0; URL=index\.ssi\">\n\n</HEAD>\n<FRAMESET border=0 frameSpacing=0 rows=48,\* frameBorder=no>|s p/Tandberg MXP video conferencing http config/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: HyNetOS/([\w._-]+)\r\n.*<title>(CS\d+) SNMP/Web Adapter</title>|s p/Effekta MH 6000 UPS http config/ i|$2 SNMP/Web adapter; HyNetOS $1| d/power-device/ o/HyNetOS/ cpe:/o:hyperstone:hynetos:$1/
match http m|^HTTP/1\.1 200 OK\r\nX-Cocoon-Version: ([\w._-]+)\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\n.*<title>F-Secure Policy Manager Web Reporting</title>|s p/F-Secure Policy Manager http interface/ i/Apache Cocoon $1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: ShellHTTPD/([\w._-]+)\r\n.*<title>Dachstein LEAF Firewall</title>|s p/ShellHTTPD/ v/$1/ i/Dachstein LEAF firewall/ d/firewall/ o/Linux 2.2/ cpe:/o:linux:linux_kernel:2.2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: Thu, 01 Jan 1970 00:00:00 GMT\r\nnServer: avtech/([\w._-]+)\.\.Expires: 0\r\nPragma:  no-cache\r\nCache-Control:  no-cache\r\nConnection: close\r\nContent-type: text/html;charset=ISO-8859-1\r\nWWW-Authenticate: Basic realm=server\r\nContent-Length: 163\r\n| p/avtech httpd/ v/$1/ i/Postef-8840 ADSL router/ d/broadband router/
match http m|^HTTP/1\.0 200 Script output follows\r\nServer: shinGETsu/([\w._-]+) \(Saku/([\w._-]+)\) Python/([\w._-]+)\r\n| p/Saku/ v/$2/ i/client for shinGETsu $1 BBS; Python $3/ cpe:/a:python:python:$3/
match http m|^HTTP/1\.1 503 HTTP is not licensed\.<p>To set up this filer, use <a href=/api>/api</a> \.\r\nServer: Data ONTAP/([\w._-]+)\r\n| p/NetApp http vFiler/ o/Data ONTAP $1/ cpe:/a:netapp:data_ontap:$1/
match http m|^HTTP/1\.1 503 HTTP is not licensed\.<p>To administer this filer, use <a href=/na_admin/>/na_admin/</a> \.\r\nServer: NetApp//([\w._-]+)\r\n| p/NetApp http vFiler/ v/$1/ o/Data ONTAP/ cpe:/a:netapp:data_ontap/ cpe:/o:netapp:data_ontap/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nWWW-Authenticate: Basic realm=\"\.\"\r\nContent-Type: text/html; charset=%s\r\nConnection: close\r\n\r\n<html>\n<head><title>401 Unauthorized</title></head>\n<body>\n<h3>401 Unauthorized</h3>\nAuthorization required\.\n</body>\n</html>\n| p/m0n0wall FreeBSD firewall web interface/ d/firewall/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nWWW-Authenticate: Basic realm=\"\.\"\r\nContent-Type: text/html; charset=%s\r\nConnection: close\r\n\r\n<html>\n<head><title>401 Unauthorized</title></head>\n<body>\n<h3>401 Unauthorized</h3>\nAuthorization required\. HuaCheng Technologies\n</body>\n</html>\n| p/HuaCheng firewall http config/ d/firewall/
match http m|^HTTP/1\.0 501 Not Implemented\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nContent-Type: text/html; charset=%s\r\nConnection: close\r\n\r\n<html>\n<head><title>501 Not Implemented</title></head>\n<body>\n<h3>501 Not Implemented</h3>\nThat method is not implemented\.\n</body>\n</html>\n$| p/Western Digital My Book http config/ d/storage-misc/
match http m|^HTTP/1\.1 200 OK\r\nServer: Axeda Agent Web Server/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Last-Modified: 1200004200\r\n.*<title>IM_v8_Data </title>\r\n</head>\r\n<body bgcolor=\"ffffff\">\r\n<center>\r\n<DIV style=\"position:absolute; top:6; left:6; width:(\d+); height:(\d+); z-layer:1;\" >\r\n<applet codebase=\"/aagweb/classes\" code=aglance\.jag\.AAGApplet|s p/Axeda remote management http interface/ v/$1/ i/Resolution $2x$3/ d/remote management/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Encoding: gzip\r\nCache-Control: max-age=600\r\n\r\n\x1f\x8b\x08\0\0\0\0\0| p/BenQ projector/ i/Crestron RoomView/ d/media device/ cpe:/h:crestron/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nLocation: https://([\w._-]+):\d+/symantec\.jsp\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: Hidden\r\n\r\n$| p/Symantec Endpoint Protection Manager http config/ d/firewall/ h/$1/ cpe:/a:symantec:endpoint_protection_manager/
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nServer:  \r\nLocation: https://[\d.]+:(\d+)/redirect\.cgi\?arip=\r\n.*<address>  Server at ([\w._-]+) Port \d+</address>|s p/ZyXEL ZyWALL USG 200 firewall http config/ i/redirect to port $1/ d/firewall/ h/$2/ cpe:/h:zyxel:zywall_usg_200/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n.*<script src=\"\./message/message\.js\"></script>\n\t<script src=\"\./buffalo\.js\"></script>\n\t\n\t<script src=\"\./btsdk\.js\"></script>\n\t<script src=\"\./btuicommon\.js\"></script>|s p/Buffalo NAS BitTorrent download manager http interface/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nContent-Encoding: gzip\r\nCache-Control: max-age=600, must-revalidate\r\n\r\n\x1f\x8b\x08\0\0\0\0\0\0\0| p/Modtronix SBC65EC Web Server/
match http m|^HTTP/1\.0 301\r\n(?:[^\r\n]+\r\n)*?Server: OKWS/([\w._-]+)\r\n|s p/OKWS httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n.*<TITLE>PowerDownTop</TITLE>\n<SCRIPT Language=\"JavaScript\">\n<!--\ntop\.location = \"CgiPowerDownReset\?Language=0\";\n// -->\n</SCRIPT>\n</HEAD>\n<BODY></BODY></HTML>$|s p/thttpd/ i/Panasonic IP camera http viewer/ d/webcam/ cpe:/a:acme:thttpd/
match http m|^HTTP/1\.0 200 OK\r\nServer: ZK Web Server\r\nPragma: no-cache\r\nCache-control: no-cache\r\n.*<script language=JavaScript type='text/javascript'>self\.location\.href='/csl/login'</script>|s p/ZK Web Server/ i/ZKSoftware ZEM500 fingerprint reader; MIPS/ d/security-misc/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Length: 69\r\nContent-Type: text/html; charset=UTF-8\r\nServer: TornadoServer/([\w._-]+)\r\n\r\n<html><title>404: Not Found</title><body>404: Not Found</body></html>$| p/Tornado httpd/ v/$1/ cpe:/a:tornadoweb:tornado:$1/a
match http m|^HTTP/1\.1 301 0\w\w\w, \d\d \w\w\w \d\d\d\d \d\d:\d\d:\d\d GMT\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nLocation: https://[\d.]+/web/content/index\.html\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Alcatel 7800 switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a cpe:/h:alcatel:7800/a
# Juniper SRX-240H UTM firewall
# Juniper EX2200-48T-4G switch
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Mbedthis-Appweb/([\w._-]+)\r\nCache-Control: no-cache, must-revalidate\r\nContent-type: text/html\r\nETag: \"[0-9a-f-]+\"\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: PHP/([\w._-]+)\r\nExpires: Mon, 26 Jul 1997 05:00:00 GMT\r\n.*<title>Log In - Juniper Web Device Manager</title>|s p/Mbedthis-Appweb/ v/$1/ i/PHP $2/ d/firewall/ o/JUNOS/ cpe:/a:mbedthis:appweb:$1/ cpe:/a:php:php:$2/ cpe:/o:juniper:junos/a
match http m|^HTTP/1\.0 403 Not Authorized\r\nContent-Type: text/html\r\nContent-Length: 379\r\n\r\n<\?xml version=\"1\.0\" encoding=\"US-ASCII\"\?>.*<p>Will not send listings for this directory\.</p>\r\n</body>\r\n</html>\r\n|s p/Ashd httpd/
match http m|^HTTP/1\.1 200\r\nContent-type: text/html\r\nConnection: close\r\nCONTENT-LENGTH: \d+\r\n.*<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1252\">\r\n<meta name=\"GENERATOR\" content=\"Microsoft FrontPage 4\.0\">.*<title>Phoenix PowerAgent GP</title>|s p/Phoenix PowerAgent GP power monitor http interface/ d/power-device/
match http m|^HTTP/1\.0 200 OK\r\nAccept-Ranges: none\r\nConnection: close\r\nContent-Encoding: identity\r\nContent-Length: 4240\r\nContent-Type: text/html; charset=ISO-8859-1\r\n(?:[^\r\n]+\r\n)*?Server: IST OIS\r\n.*<title>Allworx Hosted Web Site</title>|s p/Allworx 6x VoIP phone http config/ d/VoIP phone/ cpe:/h:allworx:6x/a
match http m|^HTTP/1\.0 403 Forbidden\r\nAccept-Ranges: none\r\nConnection: close\r\nContent-Encoding: identity\r\nContent-Length: 0\r\nContent-Type: text/plain\r\nDate: .*\r\nServer: IST OIS\r\n\r\n$| p/Allworx VoIP network server http admin/ d/VoIP adapter/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"ACEswitch@[\d.]+\"\r\n\r\n401 Unauthorized\r\n$| p/Alteon 2424-SSL load balancer http config/ d/load balancer/
match http m|^HTTP/1\.0 302 Found\r\nConnection: Close\r\nLocation: /search\?site=default_collection&client=default_frontend&output=xml_no_dtd&proxystylesheet=default_frontend&proxycustom=<HOME/>\r\nContent-Type: text/html\r\nContent-Length: 0\r\n\r\n$| p/Google Mini search appliance httpd/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Apache/x\.x\.x \(Unix\) mod_ssl/x\.x\.x OpenSSL/([\w._-]+)\r\n.*<title> FASTORA Filer Storage Manager </title>.*classid=\"clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11\">|s p/Apache httpd/ i/Fastora NAS T2 NAS device; OpenSSL $1/ d/storage-misc/ o/FreeBSD/ cpe:/a:apache:http_server/ cpe:/a:openssl:openssl:$1/ cpe:/o:freebsd:freebsd/a
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nCache-Control: private\r\nServer: IPOffice/([\w._()-]+)\r\nContent-Type: text/plain\r\nContent-Length: 13\r\n\r\nParsing error$| p/Avaya IP Office VoIP PBX httpd/ v/$1/ d/PBX/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nDate: .*\r\n(?:Expires: .*\r\n)?Cache-Control: private(?:,max-age=\d+)?\r\nLocation: /index\.html\r\nServer: IPOffice/([\w._()-]+)\r\nContent-Type: text/plain\r\nContent-Length: 22\r\n\r\nRedirect to index\.html$| p/Avaya IP Office VoIP PBX httpd/ v/$1/ d/PBX/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nDate: .*\r\n(?:Expires: .*\r\n)?Cache-Control: private(?:,max-age=\d+)?\r\nLocation: /index\.html\r\nServer: IPOffice/\r\nContent-Type: text/plain\r\nContent-Length: 22\r\n\r\nRedirect to index\.html$| p/Avaya IP Office VoIP PBX httpd/ d/PBX/
match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\nServer: SimpleHTTPtutorial v([\w._-]+)\r\n\r\n$| p/SimpleHTTPtutorial httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\n.*Server: uClinux-httpd ([\w._-]+)\nExpires: 0\n\n.*<title>DxClient NetViewer</title>.*<OBJECT\r\n\tclassid=\"clsid:EF34051A-402A-4ABE-AA20-04E1B4422BD9\"\r\n\tcodebase=\"DxClient_NetViewer\.cab#version=([\d,]+)\"\r\n|s p/uClinux-httpd/ v/$1/ i/DxClient NetViewer DVR viewer $SUBST(2,",",".")/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nServer: Mbedthis-Appweb/([\w._-]+)\r\nContent-length: 0\r\nConnection: close\r\nLocation: http://http/tohttps\.jsp\r\n\r\n$| p/Mbedthis-Appweb/ v/$1/ i/Ruckus WAP http config/ d/WAP/ cpe:/a:mbedthis:appweb:$1/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nServer: Mbedthis-Appweb/([\w._-]+)\r\nCache-Control: no-cache\r\nETag: \"1b8056-34-531868\"\r\nContent-length: 0\r\nConnection: close\r\nLocation: https://https/admin/login\.jsp\r\n\r\n$| p/Mbedthis-Appweb/ v/$1/ i/Ruckus WAP http config/ d/WAP/ cpe:/a:mbedthis:appweb:$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Mon, 13 Mar 2006 11:22:33 \+1300\r\n.*<title>Welcome</title>.*<script language=\"JavaScript\" type=\"text/JavaScript\">\r<!--\rfunction MM_preloadImages\(\) { //v3\.0\r|s p/FirstClass Internet Access Server httpd/ cpe:/a:opentext:firstclass/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w._-]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\nSet-Cookie: auth=\w+; path=/\r\n\r\n\xef\xbb\xbf.*<title>Logon</title>.*if \(window\.focus\) self\.focus\(\);|s p/RapidLogic httpd/ v/$1/ i/Unita VoIP phone http config/ d/VoIP phone/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html\r\nContent-Length: 2\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nConnection: Close\r\n\r\n5\0$| p/Matrix42 remote control httpd/ d/remote management/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nProxy-Connection: close\r\nContent-Type: text/html\r\nCache-Control: private\r\nExpires: 0\r\n\r\n<html><head><title></title></head><frameset cols=\"100%\"><frame src=\"http://[\d.]+:\d+/joikuspot-accept\">| p/JoikuSpot 3G tethering http interface/ d/phone/
match http m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nCache-Control: max-age=0\r\nExpires: -1\r\n\r\n<!-- \n  Copyright \(c\) 2004-2006 by Cisco Systems, Inc\.\n  All rights reserved\.\n -->.*<title>Cisco Systems, Inc\. Easy VPN Network Access</title>|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Cisco ASA firewall http config/ d/firewall/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 200 Ok\r\nDate: .*\r\nServer: ebHTTPD ([\w._-]+)\r\n| p/ebHTTPD/ v/$1/
match http m|^HTTP/1\.0 404 not found \(/\)\r\n(?:[^\r\n]+\r\n)*?Server: Tntnet/([\w._-]+)\r\n|s p/Tntnet httpd/ v/$1/ cpe:/a:tntnet:tntnet:$1/
match http m|^HTTP/1\.1 401 Authorization Required\r\n(?:[^\r\n]+\r\n)*?Server: SecureTransport/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"FileDriveWWW\"\r\n|s p/Axway SecureTransport httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: Axway-Copilot/([\w._-]+)\r\n| p/Axway CFT http admin/ v/$1/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Length: 69\r\nContent-Type: text/html; charset=UTF-8\r\nServer: CycloneServer/([\w._-]+)\r\n\r\n<html><title>404: Not Found</title><body>404: Not Found</body></html>$| p/CycloneServer httpd/ v/$1/
match http m|^HTTP/1\.1 400 Bad request\n.*<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<html><head>\n<title>400 Header 'Host' is missing\.</title>|s p/Kerio MailServer http config/
match http m|^HTTP/1\.1 200 OK\r\n.*<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\n<html>\n<script language=\"JavaScript\" type=\"text/javascript\">\n  if \(top\.location != self\.location\).*<title>Authentication Required</title>|s p/D-Link DFL-800 or DFL-860 firewall http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: TSEWS\r\n.*<title>TechniSat WebTools</title>.*<meta name='copyright'           content='TechniSat Digital\(r\) 2006-2009\(c\)'>|s p/TechniSat Digicorder HD S2 satellite receiver http interface/ d/media device/
match http m|^HTTP/1\.1 505 HTTP Version not supported\r\n(?:[^\r\n]+\r\n)*?Server: Good\.iWare WebDAV Server for iPhone\r\n.*If you have any questions, please contact <a href=\"mailto:support@goodreader\.net\">support@goodreader\.net</a>|s p/Good.iWare WebDAV Server/ i/GoodReader PDF reader; iPhone/ d/phone/ o/iOS/ cpe:/h:apple:iphone/ cpe:/o:apple:iphone_os/
match http m|^HTTP/1\.1 505 HTTP Version not supported\r\n(?:[^\r\n]+\r\n)*?Server: GoodReader for iPad\r\n.*If you have any questions, please contact <a href=\"mailto:support@goodreader\.net\">support@goodreader\.net</a>|s p/Good.iWare WebDAV Server/ i/GoodReader PDF reader; iPad/ d/media device/ o/iOS/ cpe:/h:apple:ipad/ cpe:/o:apple:iphone_os/
match http m|^HTTP/1\.0 200 OK\r\nServer: Polycom-GAB\r\nContent-type: text/html\r\nPragma: no-cache\r\n\r\n$| p/Polycom CMA Global Address Book (GAB) httpd/
match http m|^HTTP/1\.0 200 \r\n(?:[^\r\n]+\r\n)*?Server: AURA\r\n.*<TITLE>ServerView RAID Manager</TITLE>|s p/Fujitsu Siemens ServerView RAID Manager http interface/
match http m|^HTTP/1\.0 200 \r\n(?:[^\r\n]+\r\n)*?Server: AURA\r\n.*<title>ServerView RAID Manager</title>|s p/Fujitsu Siemens ServerView RAID Manager http interface/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: 227\r\n\r\n<html> <head> <title>D-Link VoIP Router</title>| p/D-Link DVG-5112S VoIP adapter/ d/VoIP adapter/ cpe:/h:dlink:dvg-5112s/a
match http m|^HTTP/1\.0 501 Method Not Implemented\r\nContent-Length: 0\r\n\r\n$| p/Zotero httpd/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Schleifenbauer SPbus gateway\r\n.*<!-- seinclude basicpagehead\.txt -->\r\n|s p/Schleifenbauer SPbus gateway http config/ d/power-device/
match http m|^HTTP/1\.1 200 OK\r\nServer: ExtremeZ-IP/([\w._-]+)\r\n.*<title>ExtremeZ-IP HTTP Service</title>|s p/ExtremeZ-IP httpd/ v/$1/
match http m|^HTTP/1\.0 302 FOUND\r\nContent-Type: text/html; charset=utf-8\r\nLocation: http://([\w._-]+):\d+/login\?next=%2F\r\n(?:[^\r\n]+\r\n)*?Server: Werkzeug/([\w._-]+) Python/([\w._-]+)\r\n|s p/Werkzeug httpd/ v/$2/ i/Flask web framework; Python $3/ h/$1/ cpe:/a:python:python:$3/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=utf-8\r\n(?:[^\r\n]+\r\n)*?Server: Werkzeug/([\w._-]+) Python/([\w._+-]+)\r\n|s p/Werkzeug httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 301 MOVED PERMANENTLY\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: \d+\r\nLocation: http://0\.0\.0\.0:\d+/web/webclient/home\r\nServer: Werkzeug/([\w._-]+) Python/([\w._+-]+)\r\n| p/Werkzeug httpd/ v/$1/ i/OpenERP XML-RPC; Python $2/ o/Unix/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nVary: Cookie, User-Agent, Accept-Language\r.*\nServer: MoinMoin (\d[\w._-]+) release Python/(\d[\w._~+-]+)\r\n|s p/MoinMoin wiki standalone httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 200 OK\r\nServer: MoinMoin ([\w._-]+) release ThreadPoolServer Python/([\w._~+-]+)\r\n| p/MoinMoin wiki standalone httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 77\r\nServer: Indy/([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"Delta Server Management Interface\"\r\n| p/Indy httpd/ v/$1/ i/Avaya IP Office Delta Server/ d/PBX/ cpe:/a:indy:httpd:$1/
match http m|^HTTP/1\.1 200 OK\r\n.*<!--\r\n#\r\n# If you have a 'split' directory installation, with configuration\r\n# files in ~/\.i2p \(Linux\) or %APPDATA%\\I2P \(Windows\), be sure to\r\n# edit the file in the configuration directory, NOT the install directory\.\r\n#\r\n--><title>I2P Anonymous Webserver</title>|s p/I2P anonymous httpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Sun-Java-System-Web-Proxy-Server/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?WWW-authenticate: basic realm=\"Web Proxy Server Administration\"\r\n|s p/Sun Java System Web Proxy http admin/ v/$1/ cpe:/a:sun:java_system_web_proxy_server:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Admin\"\r\nContent-Length: 0\r\n\r\n$| p/Juniper Steel-Belted Radius http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html>\r\n\r\n<head>\r\n<title>Steel-Belted Radius</tile>\r\n| p/Juniper Steel-Belted Radius http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\nServer: PageR Enterprise/([\w._-]+)\r\nContent-Type: text/html\r\nCache-Control: no-cache, no-store, must-revalidate \r\n\r\n| p/Avtech PageR Enterprise http interface/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nConnection: close\r\n\r\n<html><head><link rel=stylesheet type=text/css href=indexStyle\.css><title>Healy LDS Temperature #1</title>.*Sensor 1</td>.*>([\w.]*)</td>.*&deg;([CF])</td>.*Sensor 2</td>.*>([\w.]*)</td>.*&deg;([CF])</td>.*Sensor 3</td>.*>([\w.]*)</td>.*&deg;([CF])</td>.*Sensor 4</td>.*>([\w.]*)</td>.*&deg;([CF])</td>| p/Xytronics X-DAQ-2R1-4T-I temperature sensor http interface/ i/temperatures: $1 $2, $3 $4, $5 $6, $7 $8/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: FitNesse-v([\w._-]+)\r\n|s p/FitNesse httpd/ v/$1/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\n(?:[^\r\n]+\r\n)*?Location: https?://([\w._-]+)/esa\r\n(?:[^\r\n]+\r\n)*?Server: Clearwell\r\n\r\n|s p/Clearwell httpd/ h/$1/
match http m|^HTTP/1\.1 302 Found\r\nLocation: http:///logon\.htm\r\nContent-Length: 0\r\nServer: Intel\(R\) Con\. Management Engine ([\w._-]+)\r\n\r\n$| p/Intel Con. Management Engine httpd/ v/$1/
match http m|^HTTP/1\.1 401 Authorization Required\r\n(?:[^\r\n]+\r\n)*?Server: mpd web server\r\n|s p/mpd web server/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: audio/[\w._-]+\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-cache, no-store\r\n\r\n| p/mpd/ i/Music Player Daemon streaming media server/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: BitMeterOS ([\w._-]+) Web Server\r\n|s p/BitMeter OS bandwidth monitor httpd/ v/$1/
match http m|^HTTP/1\.0 302 Found\r\nMIME-Version: 1\.0\r\nAccept-Ranges: bytes\r\nServer: NaviServer/([\w._-]+)\r\nDate: .*\r\nLocation: http://filemaker\.local:\d+/login\r\n| p/NaviServer httpd/ v/$1/ i/FileMaker Server/
match http m|^HTTP/1\.0 200 OK\r\nServer: Lightstreamer/([\w._ -]+) \(Lightstreamer Push Server - www\.lightstreamer\.com\) Moderato edition\r\nContent-Type: text/html\r\nExpires: Thu, 1 Jan 1970 00:00:00 GMT\r\n| p/Lightstreamer httpd/ v/$1/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-type: text/html\r\nConnection: close\r\nDate: .*\r\n\r\n<HTML><HEAD><TITLE>Error 404</TITLE></HEAD><BODY><H1>Error 404</H1><P>Not Found</P></BODY></HTML>$| p/Ingrian Security Encryption http config/ d/security-misc/
match http m|^HTTP/1\.0 302 Found\r\n(?:[^\r\n]+\r\n)*?Location: http://([\w._-]+):\d+/status/hostgroup\r\nContent-Length: 113\r\nContent-Type: text/html; charset=utf-8\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nStatus: 302\r\n\r\n<html><body><p>This item has moved <a href=\"http://[\w._-]+:\d+/status/hostgroup\">here</a>\.</p></body></html>|s p/OpsView remote management/ h/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: KM-httpd/([\w._-]+)\r\n| p/Kyocera FS-3900DN printer http config/ v/$1/ d/printer/ cpe:/h:kyocera:fs-3900dn/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nContent-Length: 0\r\nServer: DMRND/([\w._-]+)\r\n\r\n| p/DMRND httpd/ v/$1/ i/Samsung TV/ d/media device/
match http m|^HTTP/1\.1 501 Not Implemented\r\nConnection: close\r\nContent-Length: 0\r\nServer: DMRND/([\w._-]+)\r\n\r\n$| p/DMRND httpd/ v/$1/ i/Samsung HT-C5200 entertainment system/ d/media device/ cpe:/h:samsung:ht-c5200/
match http m|^HTTP/1\.0 404 Not Found\r\ncontent-length : 90\r\ncontent-type : text/html\r\n\r\n<html>\n<pre><html><h2>404 Not Found</h2>The server could not locate the resource you requested</html>\0</pre>\n</html>$| p/McAfee virus scanner http admin/ d/security-misc/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: iroffer-dinoex/([\w._-]+)\r\n|s p/iroffer-dinoex httpd/ v/$1/
match http m|^HTTP/1\.0 200 Ok\r\r\nContent-type: text/html\r\r\n\r\r\n<h1>BAD REQUEST: HACK DETECT</h1>\r\n\r\nCHAT\.PHP\.SPB\.RU - Chat software \(c\) Dmitry Borodin - http://php\.spb\.ru/chat/\r\n| p/chat.php.spb.ru chat server httpd/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html; charset=utf-8\r\nServer: Mono-HTTPAPI/([\w._-]+)\r\nDate: .*\r\nContent-Length: 35\r\nConnection: close\r\n\r\n<h1>Bad Request \(Invalid host\)</h1>$| p/Mono-HTTPAPI/ v/$1/ i/Beagle desktop search/ cpe:/a:mono:mono:$1/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: Asterisk/\r\n| p/Digium Asterisk GUI httpd/ d/PBX/ cpe:/a:digium:asterisk/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: Asterisk\r\nDate: .*\r\nCache-Control: no-cache, no-store\r\nContent-type: text/html\r\nContent-Length: 240\r\n\r\n<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2\.0//EN">\r\n<html><head>\r\n<title>404 Not Found</title>\r\n</head><body>\r\n<h1>Not Found</h1>\r\n<p>The requested URL was not found on this server\.</p>\r\n<hr />\r\n<address>Asterisk</address>\r\n</body></html>\r\n| p/Digium Asterisk AJAM/ d/PBX/ cpe:/a:digium:asterisk/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\n(?:[^\r\n]+\r\n)*?Server: zope\.server\.http \(zope\.server\.http\)\r\n(?:[^\r\n]+\r\n)*?Location: http://([\w._-]+):\d+/calendar\r\n|s p/Zope httpd/ i/SchoolTool calendar/ h/$1/ cpe:/a:zope:zope/
match http m|^HTTP/1\.1 302 Found\r\nLocation: https://[\d.]+:\d+/home\.html\r\nContent-Length: 0\r\nServer: Allegro-Software-RomPager/([\w._-]+)\r\n\r\n$| p/Allegro RomPager/ v/$1/ i/Xerox Phaser 8560DN printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:xerox:phaser_8560dn/a
match http m|^HTTP/1\.0 200 Ok\r\n(?:[^\r\n]+\r\n)*?content-length: \d+\r\ncontent-type: text/html\r\n\r\n<\?xml version=\"1\.0\" encoding=\"utf-8\"\?>.*<meta content=\"SOGo Web Interface\" name=\"description\" />.*<meta content=\"@[\w._-]+ ([\w._-]+)\" name=\"build\" />|s p/SOGo groupware httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?ETag: \"\d+\"\r\nContent-Type: text/html\r\nContent-Length: 79\r\nAccept-Ranges: bytes\r\nCache-Control: private\r\n\r\n<html><head><META http-equiv=\"refresh\" content=\"0;URL=(\w\w-\w\w)\.htm\"></head></html>|s p/Milestone XProtect video surveillance http interface/ i/$1/ d/webcam/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nServer: Zild/([\w._-]+)\r\nContent-Type: text/plain\r\nLocation: https?://([\w._-]+):\d+/index\.csp\r\nConnection: close\r\n\r\n$| p/Zild httpd/ v/$1/ i|M/Monit network monitor| h/$2/
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nServer: Zild/([\w._-]+)\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n| p/Zild httpd/ v/$1/ i|M/Monit network monitor|
match http m|^HTTP/1\.0 200 OK\r\nServer: private\r\nCache-Control: no-cache,no-store,max-age=0\r\npragma: no-cache\r\nContent-Type: application/octet-stream\r\nContent-Length: 101376\r\nAccept-Ranges: bytes\r\nDate: .*\r\nLast-Modified: .*\r\nExpires: .*\r\nConnection: close\r\n\r\nMZP\0\x02\0\0\0\x04\0\x0f\0\xff\xff\0\0\xb8| p/Neeris worm httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 404 Not Found\r\nServer: AdaptiveServerAnywhere/([\w._-]+)\r\n| p/Sybase Adaptive Server Anywhere httpd/ v/$1/ cpe:/a:sybase:adaptive_server_anywhere:$1/
match http m|^HTTP/1\.1 401 Authorization Required\r\nConnection: close\r\nDate: .*\r\nServer: Simple-DNS-Plus/([\w._-]+)\r\nCa DNS Plus\"\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 36\r\n\r\n\*Error 401 Authorization Required\*\r\n$| p/Simple DNS Plus httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: AVGADMINSERVER-\w+ \d+ BUILD=(\d+) LOC=\d+ LIC=[\w-]+\r\n.*<h1>AVG Admin Server ([\w._-]+)</h1>|s p/AVG Administration Console httpd/ v/$2 build $1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: AVGADMINSERVER-\w+ \d+ BUILD=(\d+) LOC=\d+ LIC=[\w-]+\r\n|s p/AVG Administration Console httpd/ v/build $1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?WWW-Authenticate: Basic realm=\"AVG (2013) Admin Server\"\r\n(?:[^\r\n]+\r\n)*?Server: AVGADMINSERVER64-\w+ \d+ BUILD=(\d+) LOC=\d+ LIC=[\w-]+\r\n|s p/AVG Administration Console httpd/ v/$1 build $2/
match http m|^HTTP/1\.0 200 OK\r\nDate: [A-Z]{3}, \d\d [A-Z]{3} \d\d\d\d \d\d:\d\d:\d\d GMT\r\n.*<TITLE>HP Web Console on ([\w._-]+)</TITLE>|s p/HP Guardian Service Processor httpd/ o/HP-UX/ h/$1/ cpe:/o:hp:hp-ux/a
match http m|^HTTP/1\.0 200 OK\r\nDate: \w\w, \d\d \w\w\w \d\d\d\d \d\d:\d\d:\d\d GMT\r\nServer: Texis-Monitor/([\w._-]+)\r\n| p/Thunderstone Texis-monitor httpd/ v/$1/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\ndate: .*This is a WebSEAL error message template file\.|s p/IBM WebSEAL httpd/
# http://code.google.com/p/mongoose/
match http m|^HTTP/1\.1 200 OK\r\nDate: .* GMT Standard Time\r\nLast-Modified: .* GMT Standard Time\r\nEtag: \"[0-9a-f.]+\"\r\nContent-Type: text/html\r\nContent-Length: 7\r\nConnection: close\r\nAccept-Ranges: bytes\r\n\r\nwelcome$| p/Mongoose httpd/ cpe:/a:cesanta:mongoose/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><head><title>Index of /</title>| p/Mongoose httpd/ v/3.7/ i/directory listing/ cpe:/a:cesanta:mongoose:3.7/
match http m|^HTTP/1\.0 200 cyberoam authentication response\r\nServer: awarrenhttp/([\w._-]+)\r\n| p/awarrenhttp httpd/ v/$1/ i/Cyberoam CR200 SSL VPN/ d/proxy server/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .* UTC\r\nConnection: close\r\nLocation: /admin/public/index\.html\r\n\r\n$| p/Cisco ASA 5510 firewall http config/ d/firewall/ cpe:/h:cisco:asa_5510/a
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nServer: Mbedthis-Appweb/([\w._-]+)\r\nContent-length: 0\r\nConnection: close\r\nLocation: http://([\w._-]+):\d+/index\.html\r\n\r\n$| p/Mbedthis-Appweb/ v/$1/ i/Iomega StorCenter sohoclient/ o/Windows/ h/$2/ cpe:/a:mbedthis:appweb:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/2\.0 302 Found\r\nServer: SmarterTools/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?X-AspNet-Version: ([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Location: /Login\.aspx\r\n|s p/SmarterTools httpd/ v/$1/ i/ASP.NET $2/ o/Windows/ cpe:/a:microsoft:asp.net:$2/ cpe:/a:smartertools:smartertools_web:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: _sonar_session=[\w+%-]+|s p/Sonar code quality management httpd/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/html\r\nConnection: close\r\nServer: OpenEJB/\?\?\? \(unknown os\)\r\n\r\n$| p/OpenEJB httpd/
match http m|^HTTP/1\.0 302 Found\r\n(?:[^\r\n]+\r\n)*?Location: /index\.ds\r\n(?:[^\r\n]+\r\n)*?Server: DrWebAV-DeskServer/(REL-500-[\w._-]+) Linux/i686 Lua/([\w._-]+) OpenSSL/([\w._-]+)\r\n\r\n$|s p/Dr. Web AV-Desk httpd/ v/$1/ i/i686; Lua $2; OpenSSL $3/ o/Linux/ cpe:/a:openssl:openssl:$3/ cpe:/a:puc-rio:lua:$2/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?Server: vdradmind/([\w._-]+)\r\n|s p/VDR-Admin httpd/ v/$1/
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nServer: unknown\r\nLocation: https?://([\w._-]+)/workplace/access/home\r\n| p/SonicWALL SSL-VPN http proxy auth/ h/$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: webserver/([\w._-]+)\r\n.*<TITLE>OSCAM ([\w._-]+ build #\d+)</TITLE>|s p/webserver/ v/$1/ i/OSCAM $2 card sharing system/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n(?:[^\r\n]+\r\n)*?Server: AvatronHTTP \(com\.avatron\.AirSharingHD,([\w._-]+)\)\r\n\r\n|s p/lighttpd/ i/Avatron Air Sharing HD $1/ d/media device/ o/iOS/ cpe:/a:lighttpd:lighttpd/ cpe:/h:apple:ipad/ cpe:/h:apple:iphone/ cpe:/o:apple:iphone_os/
match http m|^HTTP/1\.1 302 Found\r\nLocation: http:///home\.htm\r\nContent-Length: 0\r\nWebServer:\r\n\r\n$| p/APC SmartUPS http config/ d/power-device/
match http m|^HTTP/1\.0 404 Error\r\nContent-Length: 138\r\nContent-Type:text/html\r\nServer: Ipswitch ([\w._-]+)\r\nConnection: close\r\nCache-Control: private\r\nDate: .*\r\n\r\n<html><head><title>404 Page Not Found</title></head>\r\n<body>404 Page Not Found<br>The system cannot find the file specified\.</body></html>| p/Ipswitch WS_FTP http config/ v/$1/ cpe:/a:ipswitch:ws_ftp:$1/
match http m|^HTTP/1\.1 403 Forbidden\r\nServer: ZenAgent\r\nContent-Length: 0\r\n\r\n| p/Novell ZENworks Configuration Management/ cpe:/a:novell:zenworks_configuration_management/
match http m|^HTTP/1\.1 200 OK \n\n| p/udpxy multicast UDP-to-HTTP/
match http m|^HTTP/1\.1 400 Unrecognized request\r\nServer: udpxy ([\d.-]+) \(prod\) (\w+) \[([^]]+) ([\w_]+)\]\r\nContent-Type:application/octet-stream\r\n\r\n| p/udpxy multicast UDP-to-HTTP/ v/$1/ i/$2; arch: $4/ o/$3/ cpe:/a:pavel_cherenkov:udpxy:$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=utf8\r\nX-Pow-Template: welcome\r\n| p/Pow Rack server/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 200 OK\nServer: BOINC client\n| p/BOINC client httpd/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: zVWS ([\w._-]+) Velocity Software, Inc\. on  z/VM  (V\d+R[\d.]+)\r\n|s p/Velocity Software zVPS httpd/ v/$1/ o|z/VM $2| cpe:/o:ibm:z%2fvm:$2/
match http m|^HTTP/1\.0 200 Ok\r\nSet-Cookie: PostX_Level=0\r\nRefresh: 0;url=/login\.php\r\n\r\n| p/PostX IP Reporting alarm system httpd/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nContent-Type: text/html\r\nX-Your-Address-Is: [][\w.:]+\r\nContent-Encoding: identity\r\nContent-Length: \d+\r\nExpires: .*\r\n\r\n| p/Tor built-in httpd/ i/DirPortFrontPage configured/ cpe:/a:torproject:tor/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Type: \r\nContent-Length: 0\r\nConnection: close\r\n\r\n$| p/Samsung AllShare httpd/
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nConnection: close\r\n\r\n$| p/Samsung AllShare httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: ITW Embedded Web Server \(v([\w._-]+)\)\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Administrator, Control, View Only\"\r\n\r\n<h1>Not Authorized</h1>\r\n| p/ITW Embedded Web Server/ v/$1/ i/ITW WeatherGoose II environmental monitor http config/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: ITW Embedded Web Server \(v([\w._-]+)\)\r\nConnection: close\r\n.*<h2>Mini/([\w._-]+) II&trade; v([\w._-]+)</h2>|s p/ITW Embedded Web Server/ v/$1/ i/ITW MiniGoose XP II environmental monitor http config/ o|Mini/$2 II $3|
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: Cyms-SecS v([\w._-]+)\r\n| p/Citrix Cyms-SecS/ v/$1/
match http m|^HTTP/1\.1 200 Success\r\n(?:[^\r\n]+\r\n)*?Server: LightSpeedServer/([\w._-]+)  client_version/([\w._-]+) rest_protocol/([\w._-]+)\r\n|s p/LightSpeedServer/ v/$1/ i/client_version $2; rest_protocol $3/
match http m|^HTTP/1\.1 200 OK\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=\w+;Path=/\r\nContent-Type: text/html\r\nLast-Modified: .*\r\nAccept-Ranges: bytes\r\nContent-Length: 115\r\n\r\n<html>\n<head><title></title>\n<meta http-equiv=\"refresh\" content=\"0;URL=index\.jsp\">\n</head>\n<body>\n</body>\n</html>\n\n| p/Jetty/ i/Openfire chat server http admin/ cpe:/a:igniterealtime:openfire/ cpe:/a:mortbay:jetty/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Linux, HTTP/1\.1, (DIR-[\w._+-]+) Ver ([\w._-]+)\r\n| p/D-Link $1 WAP http config/ v/$2/ o/Linux/ cpe:/h:dlink:$1:$2/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: Servlet ([\w._-]+); JBoss-([\w._-]+) \(build: SVNTag=JBoss_[\w._-]+ date=\d+\)/Tomcat-([\w._-]+)\r\n|s p/Apache Tomcat/ v/$3/ i/JBoss $2; Servlet $1/ cpe:/a:apache:tomcat:$3/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Prayer/([\w._-]+)\r\n|s p/Prayer webmail httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Nu-OS/([\w._-]+)\r\n.*<title>Pioneer Web Control System</title>|s p/Nu-OS/ v/$1/ i/Pioneer VSX-2020 AV receiver/ d/media device/
match http m|^HTTP/1\.0 403 Access Denied\r\nConnection: close\r\n\r\n<html>The request you issued is not an authorized Convergence Notary request\.\n$| p/Convergence Notary server httpd/
match http m|^HTTP/1\.1 200 OK\r\nDate: Wed, 31 Dec 1969 15:00:00 GMT\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\n.*<title>MONITOR NETWORK SETTINGS</title>.*<!--\nvar mac=\"(\w+)\";\nvar ip3=\d+;\nvar ip2=\d+;\nvar ip1=\d+;\nvar ip0=\d+;\nvar nm3=\d+;\nvar nm2=\d+;\nvar nm1=\d+;\nvar nm0=\d+;\nvar gw3=\d+;\nvar gw2=\d+;\nvar gw1=\d+;\nvar gw0=\d+;\nvar dh=\"0\";\nvar vDns1_0=(\d+);\nvar vDns1_1=(\d+);\nvar vDns1_2=(\d+);\nvar vDns1_3=(\d+);\nvar vDns2_0=\d+;\nvar vDns2_1=\d+;\nvar vDns2_2=\d+;\nvar vDns2_3=\d+;\nvar vVer=\"([\w._-]+)\";|s p/NEC Multeos M461 TV http config/ v/$6/ i/MAC: $1; nameserver $2.$3.$4.$5/
match http m|^HTTP/1\.1 303 See Other\r\nConnection: close\r\nLocation: http://[\d.]+/login_home\.html\r\n\r\n| p/Tandberg Codian 3510 video gateway http config/ d/media device/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nCache-Control: no-store\r\nConnection: close\r\nAccept-Ranges: none\r\nLocation: https?://([\w._-]+)/CitrixLogonPoint/WICL/\r\nContent-Length: 0\r\n\r\n| p/Citrix Access Gateway/ h/$1/ cpe:/a:citrix:access_gateway/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nCache-Control: no-cache\r\nConnection: close\r\nAccept-Ranges: none\r\nLocation: https?://([\w._-]+):\d+/\r\n\r\n$| p/Citrix Access Gateway/ h/$1/ cpe:/a:citrix:access_gateway/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nCache-Control: no-cache\r\nConnection: close\r\nAccept-Ranges: none\r\nLocation: https?://([\w._-]+):\d+/\r\nContent-Length: 0\r\n\r\n$| p/Citrix Access Gateway/ h/$1/ cpe:/a:citrix:access_gateway/
match http m|^HTTP/1\.0 200 OK\r\nServer: Httpd v([\w._ -]+)\r\nContent-Type: text/html\r\n.*<meta http-equiv=\"refresh\" content=\"0; url=/cgi-bin/videoconfiguration\.cgi\">\r\n|s p/ACTi surveillance camera http config/ v/$1/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nServer: Httpd v([\w._ -]+)\r\nContent-Type: text/html\r\n.*<meta http-equiv=\"refresh\" content=\"0; url=/cgi-bin/videoconfiguration\.cgi\">\r\n|s p/ACTi ACM-1231 surveillance camera http config/ v/$1/ d/webcam/ cpe:/h:acti:acm-1231/
match http m|^HTTP/1\.1 200 OK\r\nServer: Httpd v([\w._-]+) (\d\d\w\w\w\d\d\d\d)\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?\r\n\xef\xbb\xbf<html>.*<title>Web Configurator</title>|s p/ACTi E31 surveillance camera http config/ v/$1/ i/$2/ d/webcam/ cpe:/h:acti:e31/
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nConnection: close\r\nPragma: no-cache\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\r\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\">\r\n<head>\r\n    <title>([\w._-]+)</title>| p/ACTi $1 surveillance camera http config/ d/webcam/ cpe:/h:acti:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: (4D_v[\w._-]+)/([\w._-]+)\r\n| p/$1 httpd/ v/$2/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nConnection: close\r\n\r\n<html><head><link rel=stylesheet type=text/css href=indexStyle\.css><title>Webrelay Quad</title>| p/ControlByWeb WebRelay-Quad http admin/ d/remote management/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: 17\r\n\r\nNo soap\. Radio!\n\n$| p/Coyote Point Equalizer load balancer http config/ d/load balancer/
# http://hg.barrelfish.org/file/tip/usr/webserver/
match http m|^HTTP/1\.0 200 OK\r\nServer: Barrelfish\r\n| p/Barrelfish httpd/ o/Barrelfish/ cpe:/o:barrelfish:barrelfish/
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Type: text/html\r\nConnection: close\r\nPragma: no-cache\r\nWWW-Authenticate: Basic realm=\"netcam\"\r\nContent-Length: 17\r\n\r\n401 Unauthorized\n$| p/TRENDnet TV-IP100 or TV-IP110 webcam display httpd/ d/webcam/ cpe:/h:trendnet:tv-ip100/ cpe:/h:trendnet:tv-ip110/
# False positives reported for EMC VNX 5200 - SAN device:
match http m|^HTTP/1\.1 403 Forbidden\r\nContent-Length: 0\r\n\r\n$| p/TRENDnet TV-IP110W webcam display httpd/ d/webcam/ cpe:/h:trendnet:tv-ip110w/
# Trendnet TV-IP110w
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Type: text/html\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"netcam\"\r\nContent-Length: 17\r\n\r\n401 Unauthorized\n$| p/TRENDnet TV-IP110w or TV-IP422W webcam display httpd/ d/webcam/ cpe:/h:trendnet:tv-ip110w/ cpe:/h:trendnet:tv-ip422w/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Internet Camera\"\r\nContent-Type: text/html\r\nContent-Length: 16\r\nPragma: no-cache\r\n\r\n401 Unauthorized| p/TRENDnet TV-IP301 webcam display httpd/ d/webcam/ cpe:/h:trendnet:tv-ip301/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: GoAhead-Webs\r\nDate: .* \d\d\d\d\r\nWWW-Authenticate: Basic realm=\"Internet Camera\"\r\n.*<CENTER><FONT SIZE=\"5\" COLOR=\"#FF0000\" face=\"Arial\">Access Denied</FONT></CENTER></BODY></HTML> {500}|s p/GoAhead WebServer/ i/LogiLink WC0002B webcam http config/ cpe:/a:goahead:goahead_webserver/a cpe:/h:logilink:wc0002b/
match http m|^HTTP/1\.0 200 OK\r\nHTTP/1\.0 200 OK\r\nServer: ap\r\nConnection: close\r\nCache-Control: must-revalidate = no-cache\r\nContent-Type: text/html\r\nExpires: 0\r\nLast-Modified: 0\r\n\r\n<html>  \r\n<head><title>IEEE802\.11b Wireless LAN Access Point| p/Blitzz BWA601 WAP http config/ d/WAP/ cpe:/h:blitzz:bwa601/
match http m|^HTTP/1\.1 200 OK\r\nServer: WindWeb/([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"\"\r\n\r\n<html>\n<head>\n<TITLE>(AMS\w+)</TITLE>\n\n| p/WindWeb/ v/$1/ i/Hitachi $2 NAS device http config/ d/storage-misc/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nLocation: http://[\d.]+:\d+/apex\r\nContent-Type: text/html;charset=ISO-8859-1\r\nContent-Language: en-US\r\nDate: .*\r\nConnection: close\r\n\r\n<html>\r\n<head><title>Document moved</title></head>\r\n| p/Oracle Application Express (APEX) http admin/ cpe:/a:oracle:apex/
match http m|^HTTP/1\.1 200 OK\r\nPragma: no-cache\r\nConnection: close\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\n<html><head><meta http-equiv=\"refresh\" content=\"0;url=/_top\.html\">\n<title></title></head><body></body></html>\0| p/Canon imageRUNNER 2520 printer http config/ d/printer/ cpe:/h:canon:imagerunner_2520/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n<html>\n\t<head>\n\t\t<title>XEP Engine: Status</title>\n\t</head>\n\t<body>\n\t\t<h1>XEP Engine</h1>\n\t\t<dl>\n\t\t\t <dt>state:</dt>\n\t\t\t <dd>([^\n\t]+)\n\t\t</dl>| p/RenderX XEP httpd/ i/state: $1/
match http m|^HTTP/1\.1 403 Forbidden\r\nServer: tksock\r\nDate: .*\r\nConnection: Close\r\nContent-length: 82\r\nContent-type: text/html\r\n\r\n<HTML><TITLE>Error</TITLE><BODY><H2>\r\nHTTP/1\.1 403: Forbidden\r\n</H2></BODY></HTML>| p/Agfeo TK-Suite PBX httpd/ d/PBX/
# The .* looks like part of a Date header.
match http m|^HTTP/1\.0 303 See Other\r\nLocation: http://[\d.]+:\d+\r\n\0.* GMT\r\nSContent-Length: 0\r\n\r\n$| p/Toshiba e-STUDIO printer http config/ d/printer/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Firefly/([\w._-]+)\r\n|s p/Firefly/ v/$1/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: libzapid-httpd\r\nContent-Type: text/html\r\nContent-Length: 86\r\nDate: .*\r\n\r\n<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1></BODY></HTML>\n| p/libzapid-httpd/ i/NetApp DFM http config/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nAccept-Ranges: none\r\n.*<title>Citrix Access Gateway</title>|s p/Citrix Access Gateway firewall http config/ d/firewall/ o/Windows/ cpe:/a:citrix:access_gateway/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nConneccept-Ranges: none\r\n.*<title>Citrix Access Portal</title>|s p/Citrix Access Gateway firewall http config/ d/firewall/ o/Windows/ cpe:/a:citrix:access_gateway/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 302 Object Moved\r\nLocation: /vpn/index\.html\r\nConnection: close\r\n| p/Citrix Access Gateway firewall http config/ d/firewall/ o/Windows/ cpe:/a:citrix:access_gateway/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\nPragma: no-cache\r\nConnection: close\r\nCache-Control: no-cache\r\nExpires: Thu,01 Jan 1970 00:00:00 GMT\r\nContent-Type: text/html\r\n\r\n<html><head><meta http-equiv=\"refresh\" content=\"0;url=/_top\.html\">\n<title></title></head><body></body></html>\0$| p/Canon imageRUNNER 2500-series printer http config/ d/printer/ cpe:/h:canon:imagerunner_2500/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: Hiawatha v([\w._-]+)\r\nConnection: close\r\nWWW-Authenticate: Digest realm=\"Private page\", nonce=\"[0-9A-F]+\", algorithm=MD5, stale=false\r\nContent-Length: 404\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01//EN\" \"http://www\.w3\.org/TR/html4/strict\.dtd\">\n<html>\n<head>\n<title>401 - Unauthorized</title>\n<style type=\"text/css\">BODY { color:#ffffff ; background-color:#00000a }\nDIV { font-family:sans-serif ; font-size:30px ; letter-spacing:20px ; text-align:center ; position:relative ; top:250px }\n</style>\n</head>\n<body>\n<div>401 - Unauthorized</div>\n</body>\n</html>\n$| p/Hiawatha/ v/$1/ i/Echostar ViP 722k satellite receiver/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: VB\r\n.*<TITLE>Network Camera (VB-\w+)/(VB-\w+)</TITLE>|s p/Canon $1 or $2 webcam http config/ d/webcam/
# Note weird date format.
match http m|^HTTP/1\.1 400 Page not found\r\nServer: Schneider-WEB/V([\w._-]+)\r\nDate: [A-Z]+ [A-Z]+ \d+ \d+:\d+:\d+ \d+\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-length: 154\r\nContent-Type: text/html\r\n\r\n<html><head><title>Document Error: Page not found</title></head>\r\n\t\t<body><h2>Access Error: Page not found</h2>\r\n\t\t<p>Bad request type</p></body></html>\r\n\r\n$| p/Schneider-WEB/ v/$1/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: Schneider-WEB/V([\w._-]+)\r\nDate: [A-Z]+ [A-Z]+ \d+ \d+:\d+:\d+ \d+\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-length: 249\r\nContent-Type: text/html\r\nLocation: http://\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xeeP/index\.htm\r\n| p/Schneider-WEB/ v/$1/
# http://bitlash.net/wiki/bitlashwebserver
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/plain\r\n\r\nBitlash web server here! v([\w._-]+)\r\nUptime: (\w+)\r\nPowered by Bitlash\.\r\n| p/Bitlash web server/ v/$1/ i/Arduino; uptime: $2/ cpe:/a:bitlash:bitlash:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Protected\"\r\nConnection: close\r\n\r\n401 Unauthorized: Password required\r\n$| p/ViewSonic PJD6521 projector http config/ d/media device/ cpe:/h:viewsonic:pjd6521/
match http m|^HTTP/1\.0 403 Forbidden\r\nDate: .*\r\nServer: Helix Mobile Server/([\w._-]+) \(win-x86_64-vc10\)\r\n| p/Helix Mobile Server httpd/ v/$1/ i/x86_64/ o/Windows/ cpe:/o:microsoft:windows/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nExpires: Fri, 01 Jan 1980 00:00:00 GMT\r\n.*<title>Gerrit Code Review</title>|s p/Jetty/ i/Gerrit code review/ cpe:/a:mortbay:jetty/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Apache  NetFile/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Content-Length: 177\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4\.01//EN\">\n\n<html>\n\n<head>\n        <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=/cgi-bin/set_index\.cgi\">\n</head>\n\n<body>\n\n</body>\n\n</html>\n$|s p/Ricoh Aficio IS200e scanner http config/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\n\n<html>\n<head>\n<meta http-equiv=\"Content-Language\" content=\"en-us\">\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n<link href=\"images/style\.css\" rel=\"stylesheet\" type=\"text/css\">\n</head>\n<body class=\"globalNew\" onload=\"document\.frmRedirectToTop\.submit \(\)\">\n| p/Cisco RV 120W or RV 180 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: IP-Phone-Web\r\nDate: [A-Z]+ [A-Z]+ \d+ \d+:\d+:\d+ \d+\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://dummy/index\.asp\r\n\r\n<html><head></head><body>\r\n\t\tThis document has moved to a new <a href=\"http://dummy/index\.asp\">location</a>\.\r\n\t\tPlease update your documents to reflect the new location\.\r\n\t\t</body></html>\r\n\r\n$| p/TalkSwitch TS-350i VoIP phone http config/ d/VoIP phone/ cpe:/h:talkswitch:ts-350i/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: IP-Phone-Web\r\nDate: [A-Z]+ [A-Z]+ \d+ \d+:\d+:\d+ \d+\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://dummy:\d+/index\.asp\r\n\r\n<html><head></head><body>\r\n\t\tThis document has moved to a new <a href=\"http://dummy:8000/index\.asp\">location</a>\.\r\n\t\tPlease update your documents to reflect the new location\.\r\n\t\t</body></html>\r\n\r\n$| p/Vertical Edge 5000i VoIP phone http config/ d/VoIP phone/ cpe:/h:vertical:edge_5000i/
# Other probes cause things like |^RECONNECT\x04RECONNECT\x04|.
match http m|^HTTP/1\.0 200 OK \r\nServer: Mobile Air Mouse Server \r\n.*The Mobile Air Mouse server running on \"([\w._-]+)\" was able to receive your request\.</p></BODY></HTML>\r\n|s p/Mobile Air Mouse httpd/ h/$1/
match http m|^HTTP/1\.0 200 OK \n Server: Mobile Air Mouse Server \n.*The Mobile Air Mouse server running on \"([\w._-]+)\" was able to receive your request\.</p></BODY></HTML>|s p/Mobile Air Mouse httpd/ h/$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: 0\r\n\r\n$| p|Mercury/32 Mail Transport httpd| o/Windows/ cpe:/o:microsoft:windows/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\"\r\n  \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\r\n<head>\r\n<title>Flyport online webserver</title>\r\n| p/openPICUS Flyport wi-fi module httpd/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nServer: SwyxConnect ([\w._-]+) \(Annex B\) ([\w._ /-]+)\r\nCache-Control: no-cache\r\nExpires: Thu, 31 Dec 1999 00:00:00 GMT\r\n| p/SwyxConnect $1 VoIP phone http config/ v/$2/ d/VoIP phone/
match http m%^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nExpires: Sat, 01 Jan 2000 00:00:00 GMT\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3\.2 Final//EN\">\r\n<HTML>\r\n<HEAD><TITLE>ZBR\w+ - (?:PAUSED|READY)</TITLE><meta http-equiv=\"Pragma\" content=\"no-cache\"><meta http-equiv=\"Expires\" content=\"0\"></HEAD>\r\n<BODY><CENTER>\r\n<IMG SRC=\"logo\.png\" ALT=\"\[Logo\]\">\r\n<H1>Zebra Technologies<BR>\r\nZTC ([\w -]+)</H1>% p/Zebra $1 label printer http config/ d/printer/ cpe:/h:zebra:$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Kayak\r\nDate: \d+/\d+/\d+ \d+:\d+:\d+ [AP]M\r\n|s p/Kayak/
match http m|^HTTP/1\.1 200 OK\r\nServer: DOT-TUNES\r\n(?:[^\r\n]+\r\n)*?DOT-TUNES: ([\w._-]+)\r\n|s p/Dot.Tunes iTunes sharing httpd/ v/$1/
match http m|^HTTP/1\.0 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: Hiawatha v([\w._-]+)\r\n.*<html><head><title>404 - Not Found</title><style type=\"text/css\">\n<!--\nBODY { color:#ffffff ; background-color:#00000a }\nDIV { font-family:sans-serif ; font-size:30px ; letter-spacing:20px ; text-align:center ; position:relative ; top:250px }\n--></style></head>\n<body><div>404 - Not Found</div></body></html>\n$|s p/Hiawatha/ v/$1/ i/Aerohive HiveAP WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nContent-Length: 415\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html>\n<head>\n<title>Login</title>\n<script>\nvar exp = new Date\(\);\nexp\.setTime\(exp\.getTime\(\)\+\(1000\*6\)\);\n| p/D-Link DGS-1100 switch http config/ d/switch/ cpe:/h:dlink:dgs-1100/
match http m|^HTTP/1\.0 404 Not Found\r\nConnection: closed\r\nContent-Type: text/html; charset=UTF-8\r\n.*<html><head><title>404 Not Found</title>|s p/PHP built-in httpd/ v/5.4.0 or later/ cpe:/a:php:php/
# Also "COMAR SLR-200N - AIS Receiver with LANTRONIX XPort server".
match http m|^HTTP/1\.1 404 ERROR\r\n\r\nERROR 404\r\n$| p/Stanley NT500 access control system httpd/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: .*\r\nDate: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\nSet-Cookie: session_id=\d+; path=/;\r\n\r\n<!--- Page\(9055\)=\[Login\] --->| p/AudioCodes MP-202 VoIP adapter http config/ d/VoIP adapter/ cpe:/h:audiocodes:mp-202/
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nContent-length: \d+\r\nContent-type: text/html\r\n\r\n<html>\n\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n<title> Password Required</title>\n<link rel=\"shortcut icon\" href=\"favicon\.ico\">\n<link rel=\"stylesheet\" type=\"text/css\" href=\"ic\.css\">\n<script src=\"product\.js\"></script>\n<script src=\"script\.js\"></script>\n<script src=\"md5\.js\"></script>\n| p/Speakerbus iD101 VoIP phone http config/ d/VoIP phone/ cpe:/h:speakerbus:id101/
match http m|^HTTP/1\.0 401 Unauthorized\nContent-Type: text/html; charset=iso-8859-1\nExpires: Thu, 01 Dec 1994 23:12:40 GMT\nServer: ServersCheck_Monitoring_Server/([\w._-]+)\n.*<p>Username / Password is still <strong>(\w+/\w+)</strong>\.  Please update\.</p>|s p/ServersCheck Monitoring Server httpd/ v/$1/ i/credentials: $2/
match http m|^HTTP/1\.0 401 Unauthorized\nContent-Type: text/html\nExpires: Thu, 01 Dec 1994 23:12:40 GMT\nServer: ServersCheck_Monitoring_Server/([\w._-]+)\n|s p/ServersCheck Monitoring Server httpd/ v/$1/
match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\n.*<title>VMware View</title>|s p/VMware ESX Server httpd/ cpe:/o:vmware:esx/
match http m|^HTTP/1\.1 200 Ok\r\nServer: PMSoftware-SWS/([\w._-]+)\r\n| p/PMSoftware Simple Web Server/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\ncontent-type: text/html\r\ncontent-length: \d+\r\nlast-modified: .*\r\netag: [0-9a-f]+\r\nConnection: close\r\n\r\n| p/Node.js/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: (DPH-\w+)\r\n| p/D-Link $1 VoIP phone http config/ d/VoIP phone/ cpe:/h:dlink:$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: Mango DSP HTTP Stack\r\n.*<title>Mango IP Node Configuration</title>|s p/Mango DSP AVS Raven-M video server http config/ d/media device/
# Last-Modified has time zone.
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nLast-Modified: .* [-+]\d+\r\nExpires: .*\r\n\r\n| p/OpenText FirstClass webmail httpd/ cpe:/a:opentext:firstclass/
match ssl/http m|^HTTP/1\.0 403 Secure Channel Required\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/plain; charset=utf-8\r\nDate: .*\r\nServer: ExpertAssist/([\w._-]+)\r\n| p/ExpertAssist/ v/$1/ i/ScriptLogic Remote Desktop/
match ssl/http m|^HTTP/1\.0 302 Moved Temporarily\r\nAccept-Ranges: none\r\nConnection: close\r\nContent-Length: 0\r\nContent-Type: application/octet-stream\r\nDate: .*\r\nLocation: https://[^/]*/\r\nServer: ExpertAssist/([\w._-]+)\r\n| p/ExpertAssist/ v/$1/ i/ScriptLogic Remote Desktop/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: ExpertAssist/([\w._-]+)\r\nSet-Cookie: RASID=\w+; path=/\r\n|s p/ExpertAssist/ v/$1/ i/ScriptLogic Remote Desktop/
match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: LOGSSLCHECK=nossl; path=/; expires=.*\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Language: en\r\nContent-Length: \d+\r\nContent-Location: /default\.html\r\n.*<title>ExpertAssist</title>|s p/ScriptLogic ExpertAssist remote management httpd/ d/remote management/
match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nExpires: -1\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">\r\n<html>\r\n<head>\r\n  <title>Thomson Gateway - Startseite</title>| p/Thomson SpeedTouch 536i router http config/ d/router/ cpe:/h:thomson:536i/
match http m|^HTTP/1\.1 200\r\nContent-type: text/html\r\nConnection: close\r\nCONTENT-LENGTH: 240\r\n\r\n<HTML>\r\n<HEAD>\r\n<title>Web-Manager ([\w._-]+)</title>\r\n</HEAD>\r\n<BODY bgcolor=\"#FFFFFF\">\r\n<center>\r\n<applet code=\"container\.class\" archive=web\.jar width=\"743\" height=\"1250\" style=\"border: thick ridge\" VIEWASTEXT>\r\n</applet>\r\n</body>\r\n</html>\r\n\r\n$| p/Napco Netlink NL-MOD http config/ v/$1/
match http m|^<HTML><HEAD></HEAD>\r\n<BODY bgcolor=0x000080 text=#FFFFFF link=#00FF00 vlink=#00FF00><font face=Arial,Helvetica size=2>\r\n<font face=Arial,Helvetica><B>\r\n<CENTER>ERF-Gateway Settings & States</B><BR><TABLE BORDER=0>\r\n<TR><TD><font face=Arial,Helvetica size=2>Software</TD><TD><font face=Arial,Helvetica size=2>ERF-Gateway V([\w._-]+)</TD></TR>\r\n<TR><TD><font face=Arial,Helvetica size=2>Compilation Date</TD><TD><font face=Arial,Helvetica size=2>(\d\d/\d\d/\d\d)</TD></TR>\r\n| p/LaCrosse GW-1000U weather station httpd/ v/$1 $2/
match http m|^HTTP/1\.0 200 OK\r\nServer: \$ProjectRevision: ([\w._-]+) \$\r\nContent-Type: text/html\r\n\r\n<html>\n\n  <head>\n      <meta http-equiv=\"cache-control\" content=\"no-cache, no-store\">\n| p/Teradici PCoIP remote management http config/ v/$1/ d/remote management/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: https://\(null\)/\r\nContent-Length: 2\r\n\r\n\r\n| p/Teradici PCoIP remote management http config/ d/remote management/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nContent-Length: 131\r\nContent-Type: text/html\r\n\r\n\n\n<HTML>\n<HEAD>\n<meta http-equiv=\"Refresh\" content=\"0;URL=/dynamic/action\?Page=general&Action=get\">\n</HEAD>\n<BODY>\n</BODY>\n</HTML>\n$| p/Digital Stream DPS-1000 set-top box http config/ d/media device/
match http m|^HTTP/1\.0 200 OK\nConnection: close\nContent-type: text/html\nContent-Length: \d+\n\n\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3\.2 Final//EN\">\n<HTML>\n<head>\n<LINK  REL=\"STYLESHEET\" TYPE=\"TEXT/CSS\"  HREF=\"/ismserver\.css\">\n<title>Netcool/ISM Login</title>\n| p/IBM Netcool Internet Service Monitors httpd/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Z-World Rabbit\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML>\r\n<HEAD>\r\n<title>SafetyNet Series 5</title>| p/Z-World Rabbit microcontroller httpd/ i/SafetyNet Series 5 environmental monitor/ d/specialized/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 48\r\nServer: Indy/([\w._-]+)\r\n\r\nThe requested URL / was not found on this server$| p/Indy httpd/ v/$1/ i/Avaya VoIP phone upgrade service/ cpe:/a:indy:httpd:$1/a
match http m|^HTTP/1\.1 200 OK\r\nCONTENT-ENCODING: gzip\r\nEXPIRES: .*\r\nCONTENT-LENGTH: \d+\r\nLAST-MODIFIED: .*\r\nDATE: .*\r\nCONTENT-TYPE: text/html; charset=UTF-8\r\nCACHE-CONTROL: max-age=0, no-cache, public\r\nSERVER: Linux/([\w._-]+) Motorola/([\w._-]+) DAV/2\r\n| p/Moto Phone Portal httpd/ i/Linux $1; Motorola Defy $2/ d/phone/ o/Android/ cpe:/o:google:android/ cpe:/o:linux:linux_kernel:$1/
match http m|^HTTP/1\.1 302 Found\r\nServer: httpd\r\nDate: .*\r\nLocation: login\.html\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\nConnection: close\r\n\r\n$| p/Green Packet DX230 WAP http config/ d/WAP/ cpe:/h:green_packet:dx230/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Radware-web-server\r\nWWW-Authenticate: Basic realm=\"Radware\"\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\n<html><head><title>Document Error: Unauthorized</title>| p/Radware OnDemand switch http config/ d/switch/
match http m|^HTTP/1\.0 401 Unauthorized\nServer: Gnat-Box/([\w._-]+)\n| p/Global Technology Associates Gnat Box firewall http config/ v/$1/ d/firewall/
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: Mon, 21 Feb 2011 17:38:00 GMT\r\nContent-Length: 0\r\n\r\n$| p/Apple TV httpd/ d/media device/ cpe:/a:apple:apple_tv/
match http m|^HTTP/1\.1 307 Temporary Redirect\r\n(?:[^\r\n]+\r\n)*?Content-Length: 0\r\nConnection: keep-alive\r\nServer: AmazonS3\r\n\r\n$|s p/Amazon S3 httpd/
match http m|^HTTP/1\.1 200 OK\nServer: BO/([\w._-]+)\nDate: .*\nContent-type: text/html\nPublic: GET, POST\nConnection: keep-alive\n\n| p/BO2K built-in httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\nHello, non-Bayeux request\. Yet another one$| p/Node.js/ i/Faye Bayeux protocol/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.[01] \d\d\d [^\r\n]*\r\nCONTENT-TYPE: text/html\r.*\nServer: IBM_CICS_Transaction_Server/([\w._-]+)\(zOS\)\r\n|s p/IBM CICS Transaction Server/ v/$1/ o|z/OS| cpe:/o:ibm:z%2fos/
match http m|^HTTP/1\.1 200 OK\r\nServer: corehttp-([\w._-]+)\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html><body><pre>| p/CoreHTTP/ v/$1/ i/directory listing/
# http://code.google.com/p/webfinger/
match http m|^HTTP/1\.1 400 Bad request\r\n\r\n$| p/WebFinger httpd/
match http m|^HTTP/1\.1 500 Internal Server Error\r\nContent-Type: text/plain; charset=UTF-8\r\n\r\nFailure: 500 Internal Server Error\r\nnull\r\n\r\n$| p/Eucalyptus httpd/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html; charset=utf-8\r\nContent-Length: 204\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 3\.2 Final//EN\"><html>\n<title>Directory listing for /</title>\n<body>\n<h2>Directory listing for /</h2>\n<hr>\n<ul>\n<li><a href=\"\.\./\">\.\./</a>\n</ul>\n<hr>\n</body>\n</html>\n$| p/Dionaea honeypot httpd/
# http://www.erlang.org/doc/man/inets.html
match http m|^HTTP/1\.0 200 OK\r\nServer: inets/([\w._-]+)\r\n| p/inets/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Encoding: gzip\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n\x1f\x8b\x08\0\0\0\0\0\x02\x03\xa5\x93Mo| p/HP ProCurve 1800-24G switch http config/ d/switch/ cpe:/h:hp:procurve_switch_1800/ cpe:/o:hp:procurve_switch_software/
match http m|^HTTP/1\.1 200 OK\r\nServer: afts/([\w._-]+)\r\n| p/afts/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: OBi(\w+)\r\n| p/Obihai OBi$1 VoIP adapter http config/ d/VoIP adapter/ cpe:/h:obihai:obi$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n1\.0\n(?:\d\d\d\d-\d\d-\d\d\n)+| p/OpenStack Nova httpd/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n{\"versions\": \[{\"status\": \"CURRENT\", \"id\": \"v([\w._-]+)\"}\]}| p/OpenStack Nova httpd/ v/$1/
# http://www.fastpath.it/products/palantir/index.php
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: multipart/x-mixed-replace; boundary=--mp-boundary\r\nExpires: .*\r\nPragma: no-cache\r\nCache-Control: no-store, no-cache\r\nX-Protocol-Version: (\d+)\r\nX-Greeting: Livefeed\r\n\r\n--mp-boundary\r\n| p/Palantir media streaming httpd/ i/protocol $1/
match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServer: MediaMallServer/([\w._-]+)\r\n| p/PlayOn MediaMallServer httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!---CAS:0003--><HTML><HEAD>\n<TITLE>I-O DATA Broadband Router ETX-R</TITLE>| p/I-O Data ETX-R router http config/ d/router/
match http m|^HTTP/1\.0 401 com\.wm\.app\.b2b\.server\.AccessException: com\.wm\.app\.b2b\.server\.AccessException: \[ISS\.0084\.9004\] Access Denied\r\nWWW-Authenticate: Basic realm=\"webMethods\"\r\n| p/Software AG webMethods httpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Secure Area\"\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>Error</TITLE><META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=utf-8\"></HEAD><BODY>401 Unauthorized</BODY></HTML>$| p/ScriptLogic Image Center remote agent httpd/ d/remote management/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nExpires: .*\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<HTML><HEAD><TITLE>Welcome to (963)</TITLE>| p/Trend $1 building control system httpd/ d/security-misc/ cpe:/h:trend:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWww-Authenticate: Basic REALM=\"elmeg\"\r\nContent-Type: text/plain\r\nContent-Length: 22\r\n\r\nUnauthorized request\r\n$| p/Elmeg IP 290 VoIP phone http config/ d/VoIP phone/ cpe:/h:elmeg:ip_290/
match http m|^HTTP/1\.1 401 Authorization Required\nDate: .* ([-+]\d+)\nServer: WebPidginZ \n([\w._-]+)\nWWW-Authenticate: Digest realm=\"WebPidginZLoginDigest\", nonce=\"[0-9a-f]+\", opaque=\"0000000000000000\", stale=false, algorithm=MD5, qop=\"auth\"\nConnection: close\nContent-type: text/html\n\n\n\n$| p/WebPidgin-Z instant messaging interface/ v/$2/ i/time zone: $1/

match http m|^HTTP/1\.0 \d\d\d [^\r\n]+\r\n[Cc]ontent-[Tt]ype: application/json; charset=UTF-8\r\n[Cc]ontent-[Ll]ength: \d+\r\n\r\n{.*?"name" : "([^"]+)",\n  "cluster_name" : "([^"]+)",(?:\n  "cluster_uuid" : "[^"]*",)?\n  "version" : {\n    "number" : "([\w._-]+)",.*"lucene_version" : "([^"]+)"\n  },\n  "tagline" : "You Know, for Search"\n}\n|s p/Elasticsearch REST API/ v/$3/ i/name: $1; cluster: $2; Lucene $4/ cpe:/a:apache:lucene:$4/ cpe:/a:elasticsearch:elasticsearch:$3/
match http m|^HTTP/1\.0 \d\d\d [^\r\n]+\r\n[Cc]ontent-[Tt]ype: application/json; charset=UTF-8\r\n[Cc]ontent-[Ll]ength: \d+\r\n\r\n{.*?"name" : "([^"]+)",\n  "cluster_name" : "([^"]+)",(?:\n  "cluster_uuid" : "[^"]*",)?\n  "version" : {\n    "number" : "([\w._-]+)",.*"lucene_version" : "([^"]+)"|s p/Elasticsearch REST API/ v/$3/ i/name: $1; cluster: $2; Lucene $4/ cpe:/a:apache:lucene:$4/ cpe:/a:elasticsearch:elasticsearch:$3/
match http m|^HTTP/1\.0 \d\d\d [\w ]+\r\n[Cc]ontent-[Tt]ype: application/json; charset=UTF-8\r\n[Cc]ontent-[Ll]ength: \d+\r\n\r\n{.*"name" : "([^"]+)",(?:\r?\n  "cluster_uuid" : "[^"]*",)?\r?\n  "version" : {\r?\n    "number" : "([^"]+)",.*"lucene_version" : "([^"]+)"}|s p/Elasticsearch REST API/ v/$2/ i/name: $1; Lucene $3/ cpe:/a:apache:lucene:$3/ cpe:/a:elasticsearch:elasticsearch:$2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm="([^"]+)"(?:[^\r\n]*\r\n)*?\r\n\{"error":\{"root_cause":\[\{"type":"security_exception","reason":"missing authentication token for REST request \[/|s p/Elasticsearch REST API/ i/Shield plugin; realm: $1/ cpe:/a:elasticsearch:elasticsearch/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Digest realm="([^"]+)",nonce="[\da-f]{32}"\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 19\r\n\r\nUnauthorized access| p/Elasticsearch REST API/ i/realm: $1/ cpe:/a:elasticsearch:elasticsearch/

match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"NETWORK\"\r\nContent-Type: text/html\r\nServer: Lancam Server\r\n\r\n| p/American Dynamics EDVR security recorder/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Muratec Server Ver\.([\w._-]+)\r\n.*<TITLE>Administration tool for IF-300</TITLE>\r\n|s p/Muratec IF-300 network module http config/ v/$1/ i/for F-320 printer/ d/printer/ cpe:/h:muratec:f-320/ cpe:/h:muratec:if-300/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: Muratec Server Ver\.([\w._-]+)\r\nWWW-Authenticate: Basic Realm=\"Pages for SERVICE PERSON\"\r\nContent-Type: text/html\r\nContent-Length: 51\r\n\r\n<html><body><h1>401 Unauthorized</h1></body></html>$|s p/Muratec F-320 printer http config/ v/$1/ d/printer/ cpe:/h:muratec:f-320/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: RedTitan-eNterpriseQueue/([\w._-]+)\r\n.*<TITLE>Enterprise Portal</TITLE>\r\n|s p/RedTitan-eNterpriseQueue/ v/$1/ i/RedTitan Print2PC parallel-to-USB bridge/ d/bridge/ cpe:/h:redtitan:print2pc/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: UPnP/1\.0\r\n.*<title>HDHomeRun</title>\r\n.*<div class=\"S\">Model: ([\w._-]+)<br/>Device ID: ([\w._-]+)<br/>Firmware: ([\w._-]+)</div>|s p/SiliconDust HDHomeRun $1 DVR http config/ v/$3/ i/device ID: $2/ d/media device/ cpe:/h:silicondust:hdhomerun/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?S[eE][rR][vV][eE][rR]: HDHomeRun/1\.0\r\n.*<div class=\"S\">Model: ([\w._-]+)\n?<br/>Device ID: ([\w._-]+)\n?<br/>Firmware: ([\w._-]+)\n?</div>|s p/SiliconDust HDHomeRun $1 DVR http config/ v/$3/ i/device ID: $2/ d/media device/ cpe:/h:silicondust:hdhomerun/
# http://www.ibm.com/developerworks/systems/library/es-nweb/index.html
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n<HTML>\r\n<TITLE>nweb\r\n</TITLE>| p/IBM nweb/ cpe:/a:ibm:nweb/
match http m|^HTTP/1\.0 504 Gateway Timeout\r\nPragma: no-cache\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><body>Connection to server <b></b> failed \(Connection actively refused by the server\.\)<P></body></html> {600}| p/Kerio WinRoute http proxy/ o/Windows/ cpe:/a:kerio:winroute/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .*\r\nX-Cascade: pass\r\nContent-Type: text/html\r\nContent-Length: 409\r\n\r\n<!DOCTYPE html>\n<html>\n<head>\n  <style type=\"text/css\">\n  body { text-align:center;font-family:helvetica,arial;font-size:22px;\n    color:#888;margin:20px}\n  #c {margin:0 auto;width:500px;text-align:left}\n  </style>\n</head>\n<body>\n  <h2>Sinatra doesn't know this ditty\.</h2>\n  <img src='/__sinatra__/404\.png'>\n  <div id=\"c\">\n    Try this:\n    <pre>get '/' do\n  \"Hello World\"\nend</pre>\n  </div>\n</body>\n</html>\n$| p/Sinatra web framework built-in httpd/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\n(?:[^\r\n]+\r\n)*?Server: webcam 7\r\n\r\n|s p/webcam 7 httpd/ o/Windows/ cpe:/o:microsoft:windows/
match http m|^HTTP/1\.1 301 Movprm\r\nLocation: https://[\d.]+/\r\nContent-Length: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n$| p/Konica Minolta bizhub 423 printer http config/ d/printer/ cpe:/h:konicaminolta:bizhub_423/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nServer: Catwalk\r\nDate: .*\r\nLocation: https://null:8443/\r\nContent-Length: 0\r\nConnection: close\r\n\r\n$| p/Catwalk/ i/Canon imageRUNNER C5000-series printer http config/ d/printer/ cpe:/h:canon:imagerunner_c5000/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nExpires: .*\r\nCache-control: private\r\nContent-type: text/html\r\n\r\n<html><body><table width=\"100%\" border=\"0\" cellspacing=\"10\" cellpadding=\"5\">  <tr>    <td colspan=\"2\"  bgcolor=\"#00304B\"><h1><FONT COLOR=\"white\">Enistic Smart Energy Controller</FONT></h1>| p/Enistic Smart Energy Controller httpd/ d/power-misc/
match http m|^HTTP/1\.1 401 Unauthorized\nWWW-Authenticate: Basic realm='unRAID SMU'\n$| p/Lime Technology unRAID Server httpd/ v/4.X/ d/storage-misc/ cpe:/o:lime_technology:unraid_server:4/
# http://code.google.com/p/unraid-unmenu/
match http m|^HTTP/1\.1 200 OK\r\nConnection: Close\r\nPragma: no-cache\r\nCache-Control: private, max-age=0\r\nDate: .*\r\nExpires: -1\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nRefresh: 60; URL=\r\n\r\n[0-9a-f]+\r\n<HTML><title>([\w._-]+) unRAID Server</title>| p/Lime Technology unRAID Server Unmenu http config/ d/storage-misc/ h/$1/ cpe:/o:lime_technology:unraid_server:4/
match http m|^\0\0\0\0\x81HTTP/1\.0 403 Forbidden\r\nServer: ServletExecAS/([\w._-]+)\r\nContent-type: text/html\r\n\r\nRequests from [\d.]+ are not allowed\.$| p/New Atlanta ServletExec/ v/$1/ cpe:/a:newatlanta:servletexec:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"\"\r\n\r\n$| p/Z-World Rabbit microcontroller httpd/ i/Redline AN-50 wireless bridge http config/ cpe:/h:redline:an-50/
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nConnection: Close\r\n\r\n<HTML>\n<HEAD>\n<TITLE>ZyXEL (ZyAIR [\w._-]+)</TITLE>| p/ZyXEL $1 WAP http config/ d/WAP/ cpe:/h:zyxel:$1/
match http m|^HTTP/1\.1 200\r\nContent-type: text/html\r\nConnection: close\r\nCONTENT-LENGTH: 81\r\n\r\n<head>\r\n<meta http-equiv=\"refresh\" content=\"0; URL=get\.cgi&index\.cgi\">\r\n</head>\r\n$| p/SolarLog 400e power monitor httpd/ d/power-misc/ cpe:/h:solarlog:400e/
match http m|^HTTP/1\.1 200 OK\r\naccept-ranges: none\r\ncache-control: no-cache\r\ncontent-type: text/html; charset=utf-8\r\ndate: .*\r\nexpires: 0\r\nserver: Ocsigen\r\n\r\n| p/Ocsigen/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nSet-Cookie: Netio\w+=\w+; path=/\r\n\r\n<html>\n<head>\n<title>(NETIO-\w+) WebControl</title>\n| p/Koukaam $1 power controller http config/ d/power-device/ cpe:/h:koukaam:$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Omniture DC/([\w._-]+)\r\nxserver: ([\w._-]+)\r\n| p/Omniture DC/ v/$1/ h/$2/
# ABS Megacam
# Ubiquity AirCam.v1.1.1 / Airvision v1.1.1
match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 47\r\n\r\n<html><body><p>File not found</p></body></html>$| p/GM Streaming Server httpd/ d/webcam/
match http m|^<html>\n   <head>\n      <meta HTTP-EQUIV='Pragma' CONTENT='no-cache'>\n      <script language=\"javascript\">\n</script>\n   </head>\n   <body>\n   \t<center> \n<table align=center style=\"margin:25px;width:480px\" cellspacing=0 cellpadding=0 border=0> \n \n    <tr> \n        <td align=center><span style=\"font-size:1\.2em\"> VoIP Router</span> \n| p/Inteno X5669B broadband router/ d/broadband router/ cpe:/h:inteno:x5669b/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nX-Powered-By: PHP/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Server: WMI Http Server\r\n.*<title>Xtreamer Media Server</title>\n|s p/WMI HTTP Server/ i/Xtreamer Pro media server; PHP $1/ d/media device/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.1 400 OK\r\n(?:[^\r\n]+\r\n)*?Server: Ability Server ([\w._-]+) by Code-Crafters\r\n|s p/Code Crafters Ability httpd/ v/$1/ cpe:/a:code-crafters:ability_server:$1/
match http m|^HTTP/1\.0 200 Ok\r\nServer: NET-DK/([\w._-]+)\r\n.*<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\">\n<!-- saved from url=\(0033\)http://[\d.]+/startup\.html -->\n<HTML>\n<HEAD>\n<META content=\"text/html; charset=windows-1252\" http-equiv=Content-Type>\n<META content=\"Microsoft FrontPage 4\.0\" name=GENERATOR>|s p/NET-DK/ v/$1/ i/Motorola SB5101 or SB6120 cable modem http config/ d/broadband router/ cpe:/h:motorola:sb5101/ cpe:/h:motorola:sb6120/
match http m|^HTTP/1\.0 401 Unauthorized\n.*Server: SAINT/([\w._-]+)\n.*<HTML>\n<HEAD>\n<TITLE>Bad client authentication code</TITLE>\n<LINK REV=\"made\" HREF=\"mailto:saint@saintcorporation\.com\">\n</HEAD>\n<BODY>\n<H1>Bad client authentication code</H1>\nThe command: <TT>GET / HTTP/1\.0\r\n</TT> was not properly authenticated\.\n</BODY>\n</HTML>\n$|s p/SAINTexploit http interface/ v/$1/
match http m|^HTTP/1\.0 200 OK\n.*Server: SAINT/([\w._-]+)\n.*<title>SAINT Login</title>|s p/SAINTexploit http interface/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nCache-Control: no-cache\r\n\r\n<BODY><CENTER><H2><BR><BR>LevelOne (GSW-\w+)| p/LevelOne $1 switch http config/ d/switch/ cpe:/h:levelone:$1/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html><body bgcolor='#FFFFFF' link='#FFFFFF' vlink='#FFFFFF' alink='#FFFFFF' text='#003031'>\n<table BORDER='1' WIDTH='100%' HEIGHT='100%' CELLSPACING='0' CELLPADDING='0' bordercolor='#003031'>\n<tr><td ALIGN=CENTER>| p/Cisco 7912G IP Phone/ d/VoIP phone/ cpe:/h:cisco:7912g/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"[\d.]+\",  qop=\"auth\", nonce=\"[0-9a-f]+\"\r\n.*<title>BMC HTTP Server</title>\r\n|s p/BMC HTTP Server/ i/HP Integrated Lights-Out remote management/ d/remote management/ cpe:/h:hp:integrated_lights-out/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\nLast-Modified: .*\r\nContent-length: \d+\r\n.*<TITLE>RGB VIA Platform Home Page</TITLE>\r\n|s p/BusyBox httpd/ i/RGB Modular Media Converter http config/ d/media device/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"Web UI Access\", nonce=\"[0-9a-f]{32}\", opaque=\"[0-9a-f]{32}\", stale=\"false\", algorithm=\"MD5\", qop=\"auth\"\r\n\r\n$| p/qBittorrent Web UI/ cpe:/a:qbittorrent:qbittorrent/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\">\r\n<HTML>\r\n<HEAD>\r\n<TITLE></TITLE>\r\n<META content=\"text/html; charset=utf-8\" http-equiv=Content-Type><STYLE type=text/css>BODY {BACKGROUND-COLOR: #3300cc; BACKGROUND-REPEAT: repeat}</STYLE>\r\n<META name=generator content=\"Trellian WebPage\"></HEAD><BODY><FONT color=#ffff00 size=7><P align=center>SDR-IP</P><P align=center>by</P><P align=center>RFSPACE</P></FONT>\r\n</BODY>\r\n</HTML>\r\n$| p/RF-Space SDR-IP software radio http config/ d/specialized/ cpe:/h:rf-space:sdr-ip/
match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nConnection: close\r\nContent-type: text/html\r\nServer: Flumotion/([\w._-]+)\r\n| p/Fluendo Flumotion httpd/ v/$1/
match http m|^HTTP/1\.0 200 ;OK\r\nServer: \?\?\?\?\?\?\?\?\?\?\?\?\?\?\r\nContent-Type: text/html\r\nConnection: Close\r\n\r\n<html>\n<head>\n<link rel=\"SHORTCUT ICON\" href=\"favicon\.ico\">\n<title>EATON</title>\n| p/Eaton Powerware Environmental Rack Monitor httpd/ d/power-misc/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Frameset//EN\" \r\n\"http://www\.w3\.org/TR/html4/frameset\.dtd\">\r\n<html>\r\n<head>\r\n<meta http-equiv=\"Pragma\" content=\"no-cache\">\r\n<meta http-equiv=\"Cache-Control\" content=\"no-cache\">\r\n<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\">\r\n<title>Plasma Monitor web control system</title>\r\n| p/Pioneer PRO-141 monitor http config/ d/media device/ cpe:/h:pioneer:pro-141/
match http m|^HTTP/1\.0 200 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Ubicom/([\w._-]+)\r\n.*<title>Microtek WES : Login</title>\r\n|s p/Ubicom/ v/$1/ i/Microtek ML-WES WAP http config/ d/WAP/ cpe:/h:microtek:ml-wes/
match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nContent-Type:text/html\r\nContent-Length:  *\d+\r\n\r\n\n<html>\n<head>\n<Script language=\"javascript\">\n.*<title>VoIP Login</title>\n|s p/Minitar MVA11A VoIP gateway http config/ d/VoIP adapter/ cpe:/h:minitar:mva11a/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"fr\" lang=\"fr\">\r\n  <head>\r\n    <meta http-equiv=\"content-type\" content=\"text/html; charset=iso-8859-15\" />\r\n    <meta http-equiv=\"content-style-type\" content=\"text/css\" />\r\n    <title>Mon syst\xe8me d'alarme Somfy\r\n    </title>\r\n|s p/Somfy alarm system http config/ d/security-misc/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: printer/index\.html\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 149\r\n\r\n<BODY><H1>Error 301 Moved Permanently<hr><p>Please use this link instead:</p><p><a href='printer/index\.html'>printer/index\.html</a></p></H1></BODY>\r\n$| p/Zebra ZTC 105SL label printer http config/ d/printer/ cpe:/h:zebra:ztc_105sl/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Hydra/([\w._-]+)\r\n.*<title>KOZUMI \[Air Force One 5\]</title>\n|s p/Hydra httpd/ v/$1/ i/Kozumi Air Force One 5 WAP http config/ d/WAP/ cpe:/a:nikos_mavroyanopoulos:hydra:$1/ cpe:/h:kozumi:air_force_one_5/
# "speedport.ip" might be an interpolation by the submitter.
match http m|^HTTP/1\.1 302 \r\nContent-Type: text/html\r\nConnection: Close\r\nLOCATION: https://speedport\.ip/\r\nContent-Length: 155\r\n\r\n<head><title>302 Document moved</title></head><body><h1>302 Document moved</h1>This document has moved <a href=\"https://speedport\.ip//\">here</a>\.<p></body>$| p/T-Com Speedport W 723V WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nCACHE-CONTROL: no-cache\r\n.*<META name=\"author\" content=\"J\.Huber, R\.Kunz\">\r\n\r\n<TITLE>Speedport (W \w+) Konfigurationsprogramm</TITLE>\r\n|s p/T-Com Speedport $1 WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: ISS (\w+) Series/([\w._-]+)\r\n|s p/Extron ISS $1 video switch http config/ v/$2/ cpe:/h:extron:iss_$1/
match http m|^HTTP/1\.1 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: Xavante ([\w._-]+)\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<HTML><HEAD>\n<TITLE>404 Not Found</TITLE>\n</HEAD><BODY>\n<H1>Not Found</H1>\nThe requested URL http://http:/README was not found on this server\.<P>\n</BODY></HTML>$|s p/Xavante/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: JSESSIONID=[0-9A-F]{32}; Path=/\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: 96\r\nDate: .*\r\nConnection: close\r\nServer: Oce Express WebTools\r\n\r\n\n\n\n\n<html>\n\t<head>\n\t\t\n\t\t<meta http-equiv=\"REFRESH\" content=\"0; URL=/home\.jsp\">\n\t</head>\n</html>\n$| p/Oce Colorwave 300 printer http config/ d/printer/ cpe:/h:oce:colorwave_300/
match http m|^HTTP/1\.1 400 Bad Request\nContent-Type: text/xml\n\n<\?xml version=\"1\.0\" encoding=\"UTF-8\" \?>\n<syabasCommandServerXml>\n\t<returnValue>1</returnValue>\n\t<response>\n\t</response>\n</syabasCommandServerXml>\n$| p/Syabas Popcorn Hour media player XML command server httpd/ d/media device/ cpe:/h:syabas:popcorn_hour/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Web Server\"\r\nContent-type: text/html\r\n\r\n<html>\r\n<body><h1>401 Unauthorized</h1></body></html>\r\n$| p/Aethra V3000 VoIP adapter http config/ d/VoIP adapter/ cpe:/h:aethra:v3000/a
# There is a parallel array naming the fields: var Ds= new Array\(\"PLC Type\",\"OS version\",\"Boot version\",\"Factory Boot\",\"BinLib Version\",\"Running Mode\",\"PLC Date\",\"PLC Time\"\);
match http m|^HTTP/1\.0  200 OK\r\n.*<TITLE>Unitronics PLC</TITLE>.*<Script>\r\nvar V =new Array\(\"(V\w+) \((\w+)\) \",\"([\w._-]+)\",\"([\w._-]+)\",\"([\w._-]+)\",\"[01]+\",\"Running\",\"(\d\d/\d\d/\d\d)\",\"(\d\d:\d\d:\d\d)\"\);|s p/Unitronics $1 ($2) PLC http config/ v/$3 $6 $7/ i/boot version: $4; factory boot: $5/ cpe:/h:unitronics:$1:$3/
match http m|^HTTP/1\.0 404 Not Found\r\n\r\nNot Found$| p/Omron PLC http config/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w._-]+):(\d+)/\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 56\r\n\r\n<HTML><BODY><H1>301 Moved Permanently</H1></BODY></HTML>$| p/VMware vCenter Converter httpd/ i|redirect to tcp/$2| h/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: \d+\r\n\r\n\n\n\n\n\n\n\n\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n.*<title>F-Secure Policy Manager Server</title>|s p/Jetty/ i/F-Secure Policy Manager Server/ cpe:/a:mortbay:jetty/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nContent-Language: en-US\r\nContent-Type: text/html;charset=ISO-8859-1\r\n.*<title>F-Secure Policy Manager Server</title>|s p/F-Secure Policy Manager Server/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\n.*/\* f\*cking IE doesn't support web standard \*/\n|s p/Encore ENTC-1000 thin client http config/ d/terminal/ cpe:/h:encore:entc-1000/
match http m|^HTTP/1\.1 403 Forbidden\r\nConnection: close\r\nContent-Type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n39\r\nRejected request from RFC1918 IP to public server address\r\n0\r\n\r\n$| p/OpenWrt uHTTPd/ d/WAP/ o/Linux/ cpe:/a:openwrt:uhttpd/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"FC330A\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n| p/Airvana cellular network access point http config/ d/WAP/
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nContent-Length: 0\r\n\r\n$| p/Apple AirPlay httpd/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nServer: eCos Embedded Web Server\r\nConnection: keep-alive\r\nContent-Type: text/html\r\n\r\n\xef\xbb\xbf<html>\n<head>\n<title>Danfoss Solar Inverters</title>\n<meta http-equiv=\"refresh\" content=\"0;url=/cgi-bin/login_page\.tcl\">\n</head>\n<body>\n</body>\n</html>\n$| p/eCos Embedded Web Server/ i/IBC SOLAR inverter http config/ d/power-misc/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 149\r\nDate: [^\r\n]+\r\nServer: eCos Embedded Web Server\r\nConnection: keep-alive\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?\r\n\xef\xbb\xbf<html>\r\n<head>\r\n<meta http-equiv="refresh" content="0; url=first\.asp">\r\n<title>D-LINK SYSTEMS, INC\. \x7c WIRELESS ROUTER </title>\r\n</head>\r\n</html>\r\n|s p/eCos Embedded Web Server/ i/D-Link WAP/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nServer: Aperio ImageServer v([\w._: -]+)\r\nSpectrumPlus: 0\r\nContent-Length: \d+\r\nContent-Type: text/plain\r\n\r\n| p/Aperio ImageServer httpd/ v/$1/
match http m|^HTTP/1\.0 500 Internal Server Error\r\nMime-Version: 1\.0\r\nDate: [^\r\n]* (\w+)\r\n(?:[^\r\n]+\r\n)*?Via: 1\.0 ([\w._-]+):\d+ \(IronPort-WSA/([\w._-]+)\)|s p/Cisco IronPort Web Security Appliance http config/ v/$3/ i/time zone: $1/ d/firewall/ h/$2/
match http m|^HTTP/1\.0 504 Gateway Timeout\r\nMime-Version: 1\.0\r\nDate: .*? ([A-Z]+)\r\nContent-Type: text/html\r\nConnection: close\r\n| p/IronPort WSA firewall http admin/ i/timezone: $1/ d/firewall/
match http m|^HTTP/1\.0 403 Forbidden\r\nMime-Version: 1\.0\r\nDate: .* ([A-Z]+)\r\nContent-Type: text/html\r\nConnection: close\r\n| p/IronPort WSA firewall http admin/ i/timezone: $1/ d/firewall/
match http m|^HTTP/1\.1 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: Bomgar\r\n|s p/Bomgar Remote Access Portal/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: SQLAnywhere/([\d.]+)\r\n| p/Sybase SQLAnywhere httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Etag: ([\w._ -]+)\r\n.*\xef\xbb\xbf<!DOCTYPE html .*<title>AirDroid</title>|s p/AirDroid httpd/ v/$1/ d/phone/ o/Android/ cpe:/a:airdroid:airdroid:$1/ cpe:/o:google:android/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Etag: ([\w._ -]+)\r\n(?:[^\r\n]+\r\n)*?Server: AirDroid-g\r\n|s p/AirDroid httpd/ v/$1/ d/phone/ o/Android/ cpe:/a:airdroid:airdroid:$1/ cpe:/o:google:android/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: AirDroid ([\w._-]+)\r\n|s p/AirDroid httpd/ v/$1/ d/phone/ o/Android/ cpe:/a:airdroid:airdroid:$1/ cpe:/o:google:android/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.[01] 200 OK\r\nContent-Type: text/html\r\nX-Ajenti-Auth: start\r\nX-Ajenti-Challenge: | p/Ajenti admin httpd/ v/0.6.1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: DebTorrent/([\w._-]+)\r\n|s p/DebTorrent httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: application/xml; charset=UTF-8\r\nContent-Length: 154\r\nDate: .* GMT\r\nConnection: close\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<ListAllMyBucketsResult xmlns=\"http://doc\.s3\.amazonaws\.com/2006-03-01\"><Buckets></Buckets></ListAllMyBucketsResult>$| p/Amazon S3 httpd/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nx-amz-error-code: WebsiteRedirect\r\nx-amz-error-message: Request does not contain a bucket name\.\r\n| p/Amazon S3 httpd/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\n\r\n$| p/ADB P.DG A4001N WAP, Cisco Telepresence MCU 4505, Digifort Enterprise 6.5, or Telekom Speedport W723V httpd/
# Also  with USB-Printer
# Digifort port 80.
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Servidor HTTP Digifort\"\r\n|s p/Digifort Enterprise 6.5 httpd/ o/Windows/ cpe:/a:digifort:digifort:6.5.0_final/ cpe:/o:microsoft:windows/a
# Cisco IP Phone 7941 also?
match http m|^HTTP/1\.1 403 Forbidden\.\r\nContent-Type: application/json.*\r\nDate: .* GMT\r\nContent-Length: 90\r\n\r\n{\"status\": {\n  \"code\": 403,\n  \"commandResult\": 1,\n  \"msg\": \"Forbidden\.\",\n  \"query\": \"/\"\n}}| p/DirecTV satellite receiver http interface/ d/media device/
match http m|^HTTP/1\.0 401 OK\r\nServer: EchoLink/([\w._-]+)\r\n| p/EchoLink radio-over-VoIP http config/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nX-Powered-By: Express\r\nServer: Etherpad-Lite  \(http://j\.mp/ep-lite\)\r\n| p/Etherpad lite/
match http m=^HTTP/1\.1 200 OK\r\nX-Powered-By: Express\r\nServer: Etherpad-Lite ([0-9a-f]+) \((?:http://j\.mp/ep-lite|http://etherpad\.org)\)\r\n= p/Etherpad lite/ v/$1/
match http m|^HTTP/1\.1 500 Server Error\r\nContent-Length: 0\r\nServer: HBHTTP POGOBASIC - ([\w._-]+) - Linux\r\n| p/Pogoplug HBHTTP/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nServer: HBHTTP POGOBASIC - ([\w._-]+) - Linux\r\n| p/Pogoplug HBHTTP/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/
# VMware vSphere (VMware workstation 8.0.2 build-591240)
match http m|^HTTP/1\.1 403 Forbidden\r\nDate: .* GMT\r\nConnection: close\r\nContent-Type: text; charset=plain\r\nContent-Length: 0\r\n\r\n$| p/VMware VirtualCenter Web service/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nExpires: 0\r\nDate: .* GMT\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\">\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n<link href=\"/manimg/[^/]+/main\.css| p/ISPManager billing system httpd/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nExpires: 0\r\nSet-Cookie: ispmgrses5=; path=/; HttpOnly(?:; expires=.*)?\r\nSet-Cookie: ispmgrlang5=[^:]*:(..); path=/; expires=.* ([A-Z0-9+-]+)\r\n| p/ISPManager billing system httpd/ v/5/ i/lang: $1; time zone: $2/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"realm\"\r\nContent-Length: 0\r\n\r\n$| p/PoolServerJ http config/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nServer: Synaccess \r\nConnection: close\r\nContent-Type: text/html\r\n\r\n\r\n<html>\r\n<head>\r\n  <title>Remote Power Management System By Synaccess</title>\r\n| p/Synaccess NP-16 or NP-1601D power management system httpd/ d/power-misc/
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .* GMT\r\nServer: Unknown\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<HTML><HEAD>\n<TITLE>404 Not Found</TITLE>\n</HEAD><BODY>\n<H1>Not Found</H1>\nThe requested URL / was not found on this server\.<P>\n</BODY></HTML>\n$| p/Allot NetEnforcer AC-5000 load balancer/ d/load balancer/ cpe:/h:allot:netenforcer_ac-5000/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: mlws ([\w._-]+)\r\n|s p/Mark Lee's Web Server/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<\?xml version=\"1\.0\" encoding=\"utf-8\"\?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\"\n \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" lang=\"en\"> \n<head> \n <title>BeagleBoard 101</title>| p/BeagleBoard httpd/
match http m|^HTTP/1\.1 404 Not Found\r\nDate: Sat, 30 Dec 0000 00:29:28 GMT\r\nServer: RT-Platform/([\w._-]+) UPnP/([\w._ -]+)\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-cache, must revalidate\r\nContent-Length: 0\r\n\r\n$| p/Advent AW10P printer http config/ i/RT-Platform $1; UPnP $2/ d/printer/ cpe:/h:advent:aw10p/
match http m|^HTTP/1\.1 200 OK\n.*Server: acarsd/([\w._-]+)\n|s p/acarsd httpd/ v/$1/ cpe:/a:acarsd:acarsd:$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html \r\n.*<title>Motorola (PTP \w+)  - Home \(IP=[\d.]+\)</title>\n|s p/Motorola $1 WAP http config/ d/WAP/ cpe:/h:motorola:$1/
match http m|^HTTP/1\.1 404 File not found\r\nContent-Type: text/html\r\nConnection: close\r\nServer: Rex\r\nContent-Length: 141\r\n\r\n<html><head><title>404 Not Found</title></head><body><h1>Not found</h1>The requested URL / was not found on this server\.<p><hr></body></html>$| p/Metasploit Rex httpd/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Ubicom/([\w._-]+)\r\n.*<title>InFocus NGProjector</title>\r\n|s p/Ubicom httpd/ v/$1/ i/InFocus IN2116 projector/ d/media device/ cpe:/a:ubicom:httpd:$1/ cpe:/h:infocus:in2116/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\" >\r\n<html >\r\n  <head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n<meta name=\"description\" content=\"Cisco (WAP\w+)\">\r\n| p/Cisco $1 WAP http admin/ d/WAP/ cpe:/h:cisco:$1/
match http m|^HTTP/1\.0 200 OK\r\nExpires: Mon, 1 Jan 2001 12:00:01 GMT\r\n(?:[^\r\n]+\r\n)*?Server: Ubicom/([\w._-]+)\r\n.*<title>\s*CradlePoint (MBR\w+) Gateway|s p/Ubicom httpd/ v/$1/ i/CradlePoint $2 broadband router/ d/broadband router/ cpe:/a:ubicom:httpd:$1/ cpe:/h:cradlepoint:$2/
match http m|^<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\r\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=gb2312\" />\r\n<title></title>\r\n<script>\r\n\tfunction index\(\){\r\n\t\tif\(navigator\.userAgent\.indexOf\(\"Safari\"\)>0\)| p/Swann DVR8-2600 security camera system httpd/ d/webcam/ cpe:/h:swann:dvr8-2600/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html;charset=UTF-8\r\npragma: no-cache\r\nCache-Control: no-store, no-cache, max-age=0\r\nexpires: Thu,01 Jan 1970 00:00:00 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: \d+\r\nConnection: close\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\r\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\" />\r\n| p/Canon i-SENSYS MF8040Cn printer http admin/ d/printer/ cpe:/h:canon:i-sensys_mf8040cn/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nExpires: Mon, 01 Jan 1990 01:00:00 GMT\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n</head>\n<body onload=\"top\.location='/cab/top\.shtml'\">\n</body>\n</html>\n$| p/Canon i-SENSYS LBP5050 printer http admin/ d/printer/ cpe:/h:canon:i-sensys_lbp5050/
# uname -a: Linux localhost 2.4.17_mvl21-malta-mips_fp_le #1 ІЧ 12тб 1 12:50:59 CST 2009 mips GNU/Linux
match http m|^HTTP/1\.0 200 OK\r\nServer: Mini web server ([\w._-]+) ZTE corp 2005\.\r\n| p/Mini web server/ v/$1/ i/ZTE ZXV10 W300 ADSL router http config/ d/broadband router/ o/Linux 2.4.17/ cpe:/h:zte:zxv10_w300/ cpe:/o:montavista:linux_kernel:2.4.17/
match http m|^HTTP/1\.1 400 Bad Request \r\nConnection: close\r\nContent-Length: 15\r\nContent-Type: text/plain\r\nDate: .* GMT\r\nDav: 1, 2\r\nMs-Author-Via: DAV\r\nServer: Nanoki/([\w._-]+)\r\nVary: accept-encoding\r\n\r\n400 Bad Request$| p/Nanoki/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nConnection: keep-alive\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><head><title>PlayBook WebInspector</title>| p/BlackBerry PlayBook Web Inspector httpd/ cpe:/h:rim:blackberry_playbook_tablet/ cpe:/o:rim:blackberry_playbook_os:2.0/
match http m|^HTTP/1\.1 200 OK\r\nServer: XES WindWeb/([\w._-]+)\r\nConnection: close\r\n| p/WindWeb/ v/$1/ i/Xerox FreeFlow Accxes Web Print Management Tool/ d/printer/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 200 OK\r\nLast-modified: .* GMT\r\nExpires: .* GMT\r\nCache-Control: no-cache, no-store, must-revalidate\r\nCache-Control: post-check=0, pre-check=0\r\nPragma: no-cache\r\nServer: ESERV-10/([\w._-]+)\n| p/ESERV-10/ v/$1/ i/ProfiLux 3 eX aquarium computer/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: KwartzCtl/([\w._-]+)\r\nWWW-authenticate: Basic realm=\"KWARTZ~Control\"\r\nConnection: close\r\nContent-type: text/html\r\n|s p/KwartzCtl/ v/$1/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: Webduino/([\w._-]+)\r\nContent-Type: text/html\r\n\r\n<h1>EPIC FAIL</h1>$| p/Webduino/ v/$1/ i/SainSmart Ethernet shield for Arduino httpd/
match http m|^HTTP/1\.1 404  not found here\. Contact Phluant Mobile \r\nContent-Length: 13\r\n\r\nerror xxxxxxx$| p/Phluant Mobile Duphus httpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: httpd\r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm=\"(\w+)\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H4>401 Unauthorized</H4>\nAuthorization required\.\n</BODY></HTML>\n$| p/Linksys $1 WAP http config/ d/WAP/ cpe:/h:linksys:$1/
match http m|^HTTP/1\.0 303 Use Instead\r\nLocation: /index\.html\r\nContent-Type: text/html\r\n\r\n$| p/MikroTik RouterBoard 250GS httpd/ d/router/ cpe:/h:mikrotik:routerboard_250gs/
match http m|^HTTP/1\.1 200 Ok\r\nDate: .* GMT\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Frameset//EN\" \"http://www\.w3\.org/TR/html4/frameset\.dtd\">\r\n<html>\r\n\t<head>\r\n\t\t<TITLE>Web Application Manager</TITLE>\r\n| p/D-Link DIR-300 WAP http admin/ d/WAP/ cpe:/h:dlink:dir-300/
match http m|^HTTP/1\.1 200 Ok\r\nServer: httpd\r\nDate: .* GMT\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n<head>\n<title>Login Page</title>\n<!--\[if lt IE 7\.\]>\n| p/Cisco SPA112 VoIP adapter http config/ d/VoIP adapter/ cpe:/h:cisco:spa112/a
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nServer: PanWeb Server/ - \r\n(?:[^\r\n]+\r\n)*?Expires: Mon, 26 Jul 1997 05:00:00 GMT\r\n|s p/Palo Alto PanWeb httpd/ d/firewall/ cpe:/a:paloaltonetworks:panweb/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .* GMT\r\nServer: PanWeb Server/ - \r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 19 Nov 1981 08:52:00 GMT\r\n|s p/Palo Alto PanWeb httpd/ d/firewall/ cpe:/a:paloaltonetworks:panweb/
# Sony Bravia
# Sony KDL-46hx720 TV (european model).
# Sony Bravia kdl-46ex725
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 72\r\nDate: .* GMT\r\n\r\n<html><head><title>not found</title></head><body>not found</body></html>$| p/Sony Bravia TV/ d/media device/
match http m|^HTTP/1\.0 200 \(OK\) \r\nPragma: No-Cache\r\nCache-Control: no-cache\r\nDate: [A-Z]{3} [A-Z]{3} \d+ \d+:\d+:\d+ \d\d\d\d\r\nServer: HTTP Server\r\n.*<title>Nortel VPN Router</title>|s p/WindWeb/ v/1.0/ i/Nortel VPN router http admin/ d/router/ cpe:/a:windriver:windweb:1.0/
match http m|^HTTP/1\.0 403 Forbidden\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 353\r\n\r\n<HTML><HEAD>\n<TITLE>ERROR: Access Denied</TITLE>\n</HEAD><BODY>\n<H1>ERROR</H1>\n<H2>Access Denied</H2>\n<HR>\n<UL>\n<LI>\n<STRONG>\nAccess Denied by security policy\n</STRONG>\n</UL>\n<P>\nThe security policy for your network prevents your request from\nbeing allowed at this time\.  Please contact your administrator if\nyou feel this is incorrect\.\n</BODY>\n</HTML>\n\n$| p/Secure Computing Sidewinder firewall http admin/ d/firewall/ cpe:/h:securecomputing:sidewinder/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nServer: SpryWare/([\w._-]+)\r\nDate: .* GMT\r\nX-Deprecated-Response: Invalid CheckSum Received\r\n| p/SpryWare MIS quote server/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nX-Powered-By: PHP/([\w._-]+)\r\nContent-type: text/html\r\n\r\n<html>\n<head>\n<meta http-equiv=\"REFRESH\" content=\"0;url=/nyan/index\.html\">\n</head>\n<body>\n</body>\n</html>\n\n\n$| p/Wifi Pineapple Jasager httpd/ i/PHP $1/ cpe:/a:php:php:$1/
# http://www.nazgul.ch/dev_nostromo.html
match http m|^HTTP/1\.1 200 OK\r\nDate: .* GMT\r\nServer: nostromo ([\w._-]+)\r\n| p/nostromo/ v/$1/
match http m|^HTTP/1\.1 302 Found\r\nConnection: close\r\nContent-type: text/html\r\nLocation: /index\.html\r\nContent-length: 144\r\n\r\n<HEAD><TITLE>302 Found</TITLE></HEAD>\r\n<BODY><H1>302 Found</H1>\r\n<P>Click <A HREF=\"/index\.html\">here</A> if you are not redirected\.</P></BODY>\r\n$| p/Macraigor mpDemon JTAG debugger/ d/specialized/
# Original date was Tue, 18 Aug 2048 22:13:10 PST.
match http m|^HTTP/1\.1 -1 Bad Request\r\nDate: \w+, \d+ \w+ 204\d \d+:\d+:\d+ PST\r\nServer: TargetWeb/([\w._-]+) \(TargetOS\)\r\nConnection: close\r\n| p/Blunk Microsystems TargetWeb/ v/$1/ i/Lenel LNL-2220 firewall/ d/firewall/ cpe:/a:blunk:targetweb:$1/ cpe:/h:lenel:lnl-2220/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nContent-Length:0\r\nLocation: /SSI/index\.htm\r\nServer: Mrvl-R1_0\r\nCache-Control: no-cache\r\n| p/HP LaserJet CP1205nw or P1606 http config/ d/printer/ cpe:/h:hp:laserjet_cp1205nw/ cpe:/h:hp:laserjet_p1606/
match http m%^HTTP/1\.1 200 OK\r\nContent-Length: +\d+\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nContent-Type: text/html; charset=utf-8\r\nServer: Mrvl-R2_0\r\nCache-Control: no-cache\r\nConnection: keep-alive\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\n\r\n<\?xml version="1\.0" encoding="UTF-8"\?>\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01//EN" "http://www\.w3\.org/TR/html4/strict\.dtd">\n<html>\n<head>\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8">\n<title>HP LaserJet Pro MFP ([^&]+)&nbsp;&nbsp;&nbsp;((?:192\.168|172\.(?:1[6-9]|2\d|3[01])|10\.\d{1,3})\.\d{1,3}\.\d{1,3})</title>% p/HP LaserJet Pro MFP config httpd/ i/model: $1; private IP: $2/ d/printer/ cpe:/h:hp:laserjet_$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: +\d+\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nContent-Type: text/html; charset=utf-8\r\nServer: Mrvl-R2_0\r\nCache-Control: no-cache\r\nConnection: keep-alive\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\n\r\n<\?xml version="1\.0" encoding="UTF-8"\?>\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01//EN" "http://www\.w3\.org/TR/html4/strict\.dtd">\n<html>\n<head>\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8">\n<title>HP LaserJet Pro MFP ([^&]+)&nbsp;| p/HP LaserJet Pro MFP config httpd/ i/model: $1/ d/printer/ cpe:/h:hp:laserjet_$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: TAC/Xenta(\w+) ([\w._-]+)\r\n| p/TAC Xenta $1 programmable logic controller httpd/ v/$2/ cpe:/h:tac:xenta_$1/
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nConnection: Close\r\n\r\n<html>\r\n<head>\r\n\r\n<script type=\"text/javascript\" src=\"LocalizeString30\.js\"></script>\r\n\r\n<script type=\"text/javascript\">\r\n| p/Monoprice MS NU62P11 or Sedna print server http config/ d/print server/ cpe:/h:monoprice:ms_nu62p11/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nCache-Control: no-cache\nPragma: no-cache\nContent-Type: text/html\n\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n.*<title>(KX-\w+)</title>|s p/thttpd/ i/Panasonic $1 printer http config/ d/printer/ cpe:/a:acme:thttpd/ cpe:/h:panasonic:$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n.*<title>(PowerGrid [\w._-]+) Web Configuration - Main Page</title>|s p/Comtrend $1 Ethernet adapter http config/ d/bridge/ cpe:/h:comtrend:$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Expires: \"Mon, 06 Jan 1990 00:00:01 GMT\"\r\n.*<title>(PowerGrid [\w._-]+)  Web Configuration - Authentication</title>|s p/Comtrend $1 Ethernet adapter http config/ d/bridge/ cpe:/h:comtrend:$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\nDate: .* GMT\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\"\n     \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\">\n<head>\n\t<title>AWX</title>|s p/XBMC AWX http interface/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: pilot_session_test_cookie=; path=/; secure\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\">\n  <head>\n    <title>Riverbed Technology :: Cascade Shark</title>|s p/Riverbed Cascade Shark security appliance http interface/ d/security-misc/ cpe:/h:riverbed:cascade_shark/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<meta http-equiv=\"content-type\" content=\"text/css;charset=UTF-8\">\n<meta http-equiv=\"Cache-Control\" content=\"no-cache\">\n<meta http-equiv=\"Expires\" content=\"0\">\n<title>prelogin</title>| p/Belkin Encore 3G router http config/ d/WAP/ cpe:/h:belkin:encore_3g/a
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: Alphanetworks,Inc\.\r\nDate: .* GMT\r\nCache-Control: no-cache,no-store\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\n\r\n$| p/Western Digital WD TV Live media player http config/ d/media device/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Zervit (\d[\w._-]+)\r\n| p/Zervit httpd/ v/$1/ cpe:/a:sebastian_fernandez:zervit:$1/
# http://radiothermostat.com/documents/RTCOAWiFIAPIV1_3.pdf
match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nServer: Marvell 8688WM\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n22\r\nHTTP/1\.0 clients are not supported\r\n0\r\n\r\n$| p/3M Filtrete 3M-50 thermostat http config/ d/specialized/
match http m|^HTTP/1\.1 200 OK\r\nCache-control: no-store\r\nContent-type: text/html\r\n.*<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01//EN\" \"http://www\.w3\.org/TR/html4/strict\.dtd\"><html><head><title>(X-[\w._-]+)</title>|s p/Control By Web $1 remote management http interface/ d/remote management/ cpe:/h:controlbyweb:$1/
# http://hackingteam.it/index.php/remote-control-system
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nContent-length: 131\r\n\r\n<!DOCTYPE HTML>\n<html>\n<head>\n    <meta http-equiv=\"refresh\" content=\"0;url=http://www\.google\.com\">\n</head>\n<body>\n\n</body>\n</html>$| p/Hacking Team Remote Control System command and control httpd/
match http m|^HTTP/1\.1 404 NotFound\r\nConnection: close\r\nContent-Type: application/json\r\nContent-length: 16\r\n\r\n\"File not found\"$| p/Hacking Team Remote Control System Adobe Air command and control httpd/
match http m|^HTTP/1\.1 200 OK\r\nPragma: no-cache\r\nExpires: -1\r\nCache-Control: no-cache\r\nContent-Length: 132\r\nDate: .* GMT\r\nConnection: close\r\nServer:  \r\n\r\n<html><head><meta http-equiv='Refresh' content='0;url=https?://([\w._-]+):\d+/director\.jsp'></head><body></body></html>$| p/RSA enVision httpd/ h/$1/ cpe:/a:rsa:envision/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n.*<TITLE>\r\nXerox WorkCentre ([\w._/-]+) -|s p/Xerox WorkCentre $1 printer http config/ d/printer/ cpe:/h:xerox:workcentre_$1/
match http m|^HTTP/1\.1 200 OK\r\nConnection: keep-alive\r\n.*<title>XCP ([\w._-]+)</title>|s p/Xen Cloud Platform httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: HttpSvr/([\w._-]+)\r\nDate: .* GMT\r\nContent-type: text/html\r\n.*<title>Welcome To Commtech Messenger</title>|s p/Commtech Messenger Service httpd/ v/$1/
match http m|^HTTP/1\.1 403 Forbidden\.\r\nContent-Type: application/json; charset=UTF-8\r\nDate: .* GMT\r\nConnection: close\r\nContent-Length: 90\r\n\r\n{\"status\": {\n  \"code\": 403,\n  \"commandResult\": 1,\n  \"msg\": \"Forbidden\.\",\n  \"query\": \"/\"\n}}$| p/DirecTV JSON RPC/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nDate: .* GMT\r\nServer: Linux/2\.x UPnP/([\w._-]+) Avtech/([\w._-]+)\r\nConnection: close\r\n| p/Avtech AVN801 network camera/ v/$2/ i/UPnP $1/ d/webcam/ o/Linux/ cpe:/h:avtech:avn801/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nExpires: Thu, 3 Oct 1968 12:00:00 GMT\r\nConnection: close\r\nPragma: no-cache\r\n.*<title>Super Hub \x7c GUI</title>|s p/Virgin Super Hub media player http config/ d/media device/
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: COLIB_ASYNC_HTTP_SERVER/([\w._-]+)\r\n| p/COLIB_ASYNC_HTTP_SERVER/ v/$1/ i/Cotendo content delivery network/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: https?://([\w._-]+):\d+/sabnzbd\r\nContent-Length: 0\r\nContent-Type: text/plain\r\n| p/SABnzbd newsreader http interface/ h/$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nSet-Cookie: rg_cookie_session_id=[0-9A-F]+; path=/; expires=Fri, 01 Jan 2038 00:00:00 GMT; HttpOnly\r\nCache-Control: no-cache,no-store\r\nPragma: no-cache\r\n.*<!--- Page\(page_login\)=\[Zaloguj si\xc4\x99 \] --->|s p/Vtech ARX168 WAP/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nDate: .* GMT\r\nLast-Modified: .* GMT\r\nETag: .*\r\nAccept-Ranges: bytes\r\n| p/Fortinet FortiGate 50B or FortiWifi 60C or 80C firewall http config/ d/firewall/ o/FortiOS/ cpe:/h:fortinet:fortigate:50b/ cpe:/h:fortinet:fortiwifi:60c/ cpe:/h:fortinet:fortiwifi:80c/
match http m|^HTTP/1\.0 302 Redirection\r\nServer: TCSJH-WebServer\r\nDate: .* GMT\r\nLocation: http://[\w._-]+:\d+/index\.htm\r\n\r\n$| p/TCS John Huxley Gaming Floor Live httpd/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n(?:[^\r\n]+\r\n)*?Date: [^\r\n]* 197\d \d+:\d+:\d+ GMT\r\nExpires: 0\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3c\.org/TR/1999/REC-html401-19991224/loose\.dtd\">\r\n<HTML><HEAD><TITLE>Firepro Wireless</TITLE>|s p/FirePro Router WAP http config/ v/5.4/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Length: \d+\r\nAccess-Control-Allow-Origin:\*\r\nCache-Control:no-cache\r\nContent-Type:application/json; charset=utf-8\r\nPragma:no-cache\r\n\r\n{\"error\": { \"type\": \"4110\", \"message\": \"No user logged in\" }, \"version\": 9, \"client_version\": \"([\w._-]+)\", \"running\": false}$| p/Spotify Web Helper/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nCACHE-CONTROL: no-cache\r\nDate: .* GMT\r\nContent-Type: text/html\r\n.*<META http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n<link rel=\"icon\" type=\"image/icon\" href=\"/favicon\.ico\"/>\n<title>Login</title>|s p/Huawei HG532c ADSL router http config/ d/broadband router/ cpe:/h:huawei:hg532c/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Mon, 28 Nov 2011 10:20:48 GMT\r\n(?:[^\r\n]+\r\n)*?Server: fs\r\n\r\n<!--\n  Licensed to the Apache Software Foundation \(ASF\) under one or more\n  contributor license agreements\.|s p/Apache Tomcat/ v/6.0.35/ cpe:/a:apache:tomcat:6.0.35/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Wed, 09 Mar 2011 18:57:19 GMT\r\n(?:[^\r\n]+\r\n)*?Server: Apache\r\n\r\n<!--\n  Licensed to the Apache Software Foundation \(ASF\) under one or more\n  contributor license agreements\.|s p/Apache Tomcat/ v/6.0.29/ cpe:/a:apache:tomcat:6.0.29/
match http m|^HTTP/1\.0 307 Temporary Redirect\r\nAccess-Control-Allow-Origin: \*\r\nContent-Length: 0\r\nContent-Type: text/html\r\nLocation: en/index\.html\r\nConnection: close\r\nDate: .* 197\d \d+:\d+:\d+ GMT\r\nServer: gen5th/([\w._-]+)\r\n\r\n$| p/Sony SNC-CH120 webcam http config/ v/$1/ d/webcam/ cpe:/h:sony:snc-ch120/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n.*<link rel=\"stylesheet\" type=\"text/css\" href=\"/dude/style\.css\" />|s p/Miktotik Dude network monitor/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\+00:00\r\nServer: DC-MPSERVER/([\w._-]+)\r\nContent-Length: \d+\r\nContent-Type: text/plain; charset=UTF-8\r\n\r\n{\"error\":\"\",\"result\":106}$| p/DC-MPSERVER/ v/$1/ i/Lenovo K91 TV/ d/media device/ cpe:/h:lenovo:k91/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .* GMT\r\nServer: Linux/([\w._-]+) Sony-BDP/([\w._-]+)\r\n\r\n$| p/Sony BDP-BX58 TV http config/ v/$2/ d/media device/ o/Linux $1/ cpe:/h:sony:bdp-bx58/ cpe:/o:linux:linux_kernel:$1/a
match http m|^HTTP/1\.0 302 Redirection\r\nServer: Intellex-Http Server ([\w._-]+)\r\nDate: .* GMT\r\nLocation: http://([\w._-]+)/default\.html\r\n\r\n$| p/American Dynamics Intellex Digital Video Management System httpd/ v/$1/ h/$2/
match http m|^HTTP/1\.1 300 Multiple Choices\r\nContent-Type: application/json\r\nVary: X-Auth-Token\r\n.*{\"versions\": {\"values\": \[{\"status\": \"beta\", \"updated\": \"(\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ)\", \"media-types\": \[{\"base\": \"application/json\", \"type\": \"application/vnd\.openstack\.identity-v2\.0\+json\"},|s p/OpenStack Keystone identity service/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer:CBA8/([\w._-]+)\r\n.*<title>LANDesk\(R\) Management Agent</title>|s p/LANDesk Management Agent/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\nPragma: no-cache\r\nExpires: 0\r\n\r\n<!-----!GS-1124C!-->\n| p/Black Box LGB2008A switch http config/ d/switch/ cpe:/h:blackbox:lgb2008a/
match http m|^HTTP/1\.1 401 \r\nServer: MyWeb ([\w._-]+)\r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm=\"index\.htm\"\r\n\r\n$| p/Black Box 8-port Ethernet switch http config/ i/MyWeb $1/ d/switch/
match http m|^HTTP/1\.1 200 OK\r\nDate: .* GMT\r\nLast-Modified: Sun, 15 Nov 1970 02:20:56 GMT\r\nETag: \"\d+\"\r\nContent-Type: text/html\r\nContent-Length: 87\r\nAccept-Ranges: bytes\r\nCache-Control: private\r\n\r\n<html><head><META http-equiv=\"refresh\" content=\"0;URL=default-ru-RU\.htm\"></head></html>$| p/Milestone IP video management http interface/
match http m|^HTTP/1\.0 307 OK\r\ncontent-type: text/html\r\nconnection: close\r\nlocation: /rp/\?id=0\r\nserver: ArgogroupMonitorMaster/([\w._-]+)\r\n| p/Ascom Monitor Master/ v/$1/
match http m|^HTTP/1\.1 403 Forbidden\r\nDate: .* GMT\r\nContent-Length: 13\r\nConnection: close\r\nCache-Control: no-cache\r\n\r\n403 Forbidden$| p/Neubot/
# https://www.eso.org/projects/dfs/dfs-shared/web/ngas/; HTTPOptions reveals BaseHTTPServer 0.3.
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: NGAMS/v([\w._-]+)/(\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d)\r\n.*<!DOCTYPE NgamsStatus SYSTEM \"http://([\w._-]+):\d+/RETRIEVE\?internal=ngamsStatus\.dtd\">\n|s p/BaseHTTPServer/ v/0.3/ i/NGAS $1 http interface; date: $2/ h/$3/ cpe:/a:python:basehttpserver:0.3/a
match http m|^HTTP/1\.0 404 Not Found\r\nDate: .* GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 52\r\nConnection: close\r\n\r\n404 Not Found\n\nThe resource could not be found\.\n\n   $| p/Nicira bridge http admin/ d/bridge/
match http m|^HTTP/1\.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\n| p/Node.js/ i/Express middleware/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.1 200 OK\r\nX-Hue-Jframe-Path: /\r\nVary: Accept-Language, Cookie\r\nContent-Type: text/html; charset=utf-8\r\n.*<meta http-equiv=\"refresh\" content=\"0; url=/beeswax\">|s p/Hue Thrift plugin for Apache Hadoop/ cpe:/a:apache:hadoop/
match http m|^HTTP/1\.1 400 Bad Request \(missing Host: header\)\r\nConnection: close\r\nDate: .* \+0000\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n$| p/oVirt/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nConnection: close\r\nDate: .* GMT\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\nLocation: http://:/login\?back_url=http%3A%2F%2F%3A%2F\r\nX-Runtime: 7\r\n| p/Redmine http interface/ v/1.3.1/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nContent-Type: text/plain\r\nServer: monocle/([\w._-]+)\r\n\r\nOK,ondemand alive| p/monocle/ v/$1/ i/Sauce OnDemand Selenium server/
match http m|^HTTP/1\.1 401 ERROR\r\nWWW-Authenticate: Digest qop=\"auth\", realm=\"Modem@AirLink\.com\", nonce=\"[0-9a-f]+\"\r\nContent-Length: 0\r\n\r\n| p/Sierra Wireless ALEOS WAP http admin/ d/WAP/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: Sierra Wireless Inc, Embedded Server\r\n| p/Sierra Wireless ALEOS WAP httpd/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length:165\r\nContent-Type:text/html\r\n\r\n<HTML><TITLE>NetTalk, Inc\.</TITLE><FRAMESET COLS=\"100%\" ROWS=\"140,\*\" frameborder=0><FRAME NAME=\"t\" SRC=\"t\.htm\"><FRAME NAME=\"login\" SRC=\"login\.cgi\"></FRAMESET></HTML>$| p/netTALK Duo http config/ d/phone/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"(TEW-\w+)\(ANNEX A\)\"\r\n|s p/TRENDnet $1 WAP http config/ d/WAP/ cpe:/h:trendnet:$1/
match http m|^HTTP/1\.0 200 Ok\r\nContent-type: text/html; charset=\"UTF-8\"\r\nConnection: close\r\nAccept-Ranges: none\r\nServer: Sockso\r\nCache-Control: private\r\n| p/Sockso music server/
match http m|^HTTP/1\.1 403 Forbidden\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>Error 403</TITLE></HEAD><BODY><H1>Error 403</H1><P>Forbidden</P></BODY></HTML>$| p/Sonos Play:5 streaming media server/ cpe:/h:sonos:play%3a5/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"home\", \r\nContent-Type: text/html\r\nCache-Control: public\r\nPragma: cache\r\n.*<html>\n<head>\n  <title>401 Unauthorized</title>\n</head>\n<body bgcolor=\"ffffff\">\n  <h2>401 Unauthorized<h2>\n  <p>\n  \n</body>\n</html>\n|s p/Sagem F@st 2764 WAP http config/ d/WAP/
match http m|^HTTP/1\.1 401 Authorization Required\r\nServer: Lotus Mobile Connect\r\nWWW-Authenticate: Basic realm=\"Lotus Mobile Connect\"\r\nConnection: close\r\nSet-Cookie: WgSessionKey=; expires=Wed, 31 Dec 1969 23:00:00 GMT; Path=/; Domain=([\w._-]+); HttpOnly\r\nContent-Type: text/html; charset=utf-8\r\n\r\n| i/Lotus Mobile Connect/ h/$1/
match http m|^HTTP/1\.1 200 OK\r\nPragma: No-cache\r\nCache-Control: no-cache\r\nExpires: Thu, 01 Jan 19\d\d [^\r\n]* (\w+)\r\n(?:[^\r\n]+\r\n)*?Server: CS-MARS\r\n|s p/Cisco MARS firewall http config/ i/time zone: $1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Synchronet BBS for Win32  Version ([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Allow: GET, HEAD, POST, OPTIONS\r\n.*<title>(.*) Home Page</title>|s p/Synchronet BBS httpd/ v/$1/ i/site name: $2/ cpe:/a:rob_swindell:synchronet:$1/
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Server: SouthRiver/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?X-AspNet-Version: ([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Location: /Content\.aspx\r\n|s p/SouthRiver Titan httpd/ v/$1/ i/ASP.NET $2/ cpe:/a:microsoft:asp.net:$2/ cpe:/a:southrivertech:titan_ftp_server:$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: TMeter\r\n.*<Copyright>Copyright \(c\) \d+-\d+ Alexey Kazakovsky</Copyright>.*<Version>([\w._ -]+)</Version>|s p/TMeter traffic meter httpd/ v/$1/ o/Windows/ cpe:/a:trafficreg:tmeter:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: TMeter\r\n.*<Version>([\w._-]+) Unicode</Version>\r\n\t<CaptureStatus>In capture</CaptureStatus>\r\n\t<XmlTrafficReport>([^<]*)</XmlTrafficReport>\r\n|s p/TMeter/ v/$1/ i/report dir: $2/ o/Windows/ cpe:/a:trafficreg:tmeter:$1/ cpe:/o:microsoft:windows/
match http m|^HTTP/1\.1 200 OK\r\nContent type: text/xml; charset=utf-8\r\n.*<Name>TMeter</Name>\r\n\t<Copyright>Copyright \(c\) \d\d\d\d Trafficreg Software</Copyright>\r\n\t<Version>([\d.]+) Unicode</Version>\r\n|s p/TMeter/ v/$1/ o/Windows/ cpe:/a:trafficreg:tmeter:$1/ cpe:/o:microsoft:windows/
match http m|^HTTP/1\.0 200 OK\nServer: Integrity\nContent-type: text/html\n\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<html>\n<head>\n<title>Welcome to INTEGRITY</title>| p/Hay Systems HSL 2.75G Femtocell http config/ d/WAP/ cpe:/o:hay_systems:hsl_2.75g_femtocell/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: application/octet-stream\r\nCache-Control: no-cache\r\n\r\n$| p/Samsung UE55D7000 TV http config/ d/media device/ cpe:/h:samsung:ue55d7000/
match http m|^HTTP/1\.0 200 OK \r\nContent-Type: text/html\r\nDate: .* GMT\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" lang=\"en\">\n<head>\n<title>Wuala  - Secure Online Storage</title>| p/Wuala cloud storage client http status/
match http m|^HTTP/1\.1 200 OK\r\nServer: X10 Control ([\w._-]+)\r\n| p/X10 ActivePhone remote control httpd/ v/$1/ d/phone/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: 79\r\n\r\n<html><head><title>Page Not Found</title></head><body>Not here :\(</body></html>$| p/Prosody XMPP BOSH/ cpe:/a:prosody:prosody/
match http m|^HTTP/1\.1 200 OK\r\n.*<title>Endpoint Security Required</title>\n.*div\.header { background: url\(/XX/YY/ZZ/CI/MGPGHGPGPFGHCDPFGGOGFGEH\) 0 0 repeat-x; height: 82px; }\n|s p/FortiGate Endpoint Control httpd/
match http-proxy m|^HTTP/1\.1 200 OK\r\n.*<title>Web Filter Block Override</title>\n.*div\.header { background: url\(https?://:\d{1,5}/XX/YY/ZZ/CI/MGPGHGPGPFGHCDPFGGOGFGEH\) 0 0 repeat-x; height: 82px; }\n|s p/FortiGate Web Filtering Service/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=utf-8\r\n(?:[^\r\n]+\r\n)*?Server: TornadoServer/([\w._-]+)\r\n.*<link rel=\"stylesheet\" href=\"/api/[\da-f]{32}/file\.cache/minified_front\.css\?\d+\"|s p/Tornado httpd/ v/$1/ i/CouchPotato downloader/ cpe:/a:tornadoweb:tornado:$1/a
match http m|^HTTP/1\.1 401 UNAUTHORIZED\r\nWWW-Authenticate: Basic realm=\"CouchPotato Login\"\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 54\r\nServer: TornadoServer/([\w._-]+)\r\n\r\nThis is not the page you are looking for\. \*waves hand\*$| p/Tornado httpd/ v/$1/ i/CouchPotato downloader/ cpe:/a:tornadoweb:tornado:$1/a
match http m|^HTTP/1\.1 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Access-Control-Allow-Origin: \*\r\n(?:[^\r\n]+\r\n)*?Server: xmpp-share-server/([\w._-]+)\r\n|s p/xmpp-share-server httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .* ([\w._-]+) \d+\r\nServer: EasyAntiCheat/v([\w._-]+)\r\n| p/EasyAntiCheat httpd/ v/$2/ i/time zone: $1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Embedthis-Appweb/([\w._-]+)\r\n| p/Embedthis-Appweb/ v/$1/ cpe:/a:embedthis:appweb:$1/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: Google Search Appliance\r\n\r\n$| p/Google Search Appliance httpd/ d/specialized/ cpe:/a:google:search_appliance_software/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\n(?:[^\r\n]+\r\n)*?Server: JavaHttpServer/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Pragma: /obligation\r\n|s p/JavaHttpServer/ v/$1/ i/HP Web-Based Enterprise Services obligation server/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Apache\r\n(?:[^\r\n]+\r\n)*?X-Orion-Version: ([\w._-]+)\r\n|s p/Apache httpd/ i/Western Digital web management; Orion $1/ d/storage-misc/ cpe:/a:apache:http_server/
match http m|^HTTP/1\.1 302 Found\r\nContent-Length: 0\r\nLocation: /fhem\r\n\r\n$| p/FHEM home automation http admin/ d/remote management/ cpe:/a:rudolf_koenig:fhem/
match http m|^HTTP/1\.0 200 OK\r\n.*<title>IBM Tivoli Composite Application Manager for Response Time Tracking ([\w._-]+) SoapConnectorServer</title></head>.*SoapConnectorServer is Alive\. <pre>\nBuild ID   \[([\w._-]+)\]\nBuild Date \[([^]]+)\]\n|s p/IBM Tivoli Application Manager httpd/ v/$1/ i/build ID: $2; build date: $3/
match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: alphapd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"(DCS-[\w._-]+)\"\r\n|s p/D-Link $1 webcam http interface/ d/webcam/ cpe:/h:dlink:$1/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nConnection: Close\r\nServer: Day-Servlet-Engine/([\w._-]+) \r\nDate: .*\r\nLocation: http://[\d.]+:\d+/welcome\.html\r\n\r\n$| p/Day CRX httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: SONY LocationFreeTV/([\w._-]+) HTTPD/([\w._-]+)\r\n| p/Sony $1 LocationFree TV http interface/ v/$2/ d/media device/ cpe:/h:sony:$1/
match http m|^HTTP/1\.0 200 Ok\r\nServer: DivaWebConfig\r\n.*<title>Dialogic&reg; Diva&reg; Configuration</title>|s p/Dialogic Diva media board http config/ d/specialized/ cpe:/h:dialogic:diva/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: MiniWeb\r\nConnection: Keep-Alive\r\nContent-length: 125\r\nContent-Type: text/html\r\n\r\n<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL has no content\.</p></body></html>$| p/MediaCoder media converter http interface/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nCache-Control: no-cache, must-revalidate\r\nContent-type: text/html\r\nExpires: Tue, 02 Jan 2000 01:00:00 GMT\r\n.*<title>(DIR-[\w._-]+)</title>.*<meta name=\"copyright\" content=\"Copyright \(C\) 2008 D-Link Russia\" />|s p/D-Link $1 WAP http admin/ i/Russian/ d/WAP/ cpe:/h:dlink:$1/
match http m|^HTTP/1\.0 \xff\xfbAllow: GET \r\nAccept-Ranges: bytes\r\nCache-Control: no-cache\r\nCache-Control: no-store\r\nConnection: Keep-Alive\r\nServer: GoPro Web Server v([\w._-]+)\r\nContent-Type: text/plain\r\nContent-Length: 2\r\n\r\n$| p/GoPro HERO3 camera http interface/ v/$1/ d/webcam/ cpe:/h:gopro:hero3/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: BQTWWW/([\w._-]+) \(RSX\) \(RSX-11M-PLUS V([\w._-]+)\)\r\n| p/BQTWWW/ v/$1/ o/RSX-11M-PLUS $2/ cpe:/o:dec:rsx_11m_plus:$2/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Www-Authenticate: Basic realm=\"SickBeard\"\r\n(?:[^\r\n]+\r\n)*?Server: CherryPy/([\w._-]+)\r\n|s p/CherryPy httpd/ v/$1/ i/Sick Beard PVR/ cpe:/a:cherrypy:cherrypy:$1/
match http m|^HTTP/1\.1 302 Found\r\nContent-Length: 128\r\nConnection: close\r\nLocation: http://127\.0\.0\.1:\d+/api/index\r\nCache-Control: no-cache\r\nDate: .*\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<HTML>\n <HEAD>\n  <TITLE>Found</TITLE>\n </HEAD>\n <BODY>\n  You should go to <A HREF=\"/api/index\">/api/index</A>\.\n </BODY>\n</HTML>\n$| p/Neubot httpd/
# Should be able to know version based on added headers and/or copyright date.
match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: JSESSIONID=\w+; Path=/; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\nDate: .*\r\nConnection: close\r\nServer: SEPM\r\n.*<title>Symantec Endpoint Protection Manager</title>|s p/Symantec Endpoint Protection Manager http config/ d/firewall/ cpe:/a:symantec:endpoint_protection_manager/
match http m|^HTTP/1\.1 200 OK\r\nX-XSS-Protection: 1; mode=block\r\nX-Content-Type-Options: nosniff\r\nSet-Cookie: JSESSIONID=[A-F\d]{32}; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\nDate: .*\r\nConnection: close\r\nServer: SEPM\r\n\r\n\r\n<!--\r\nSYMANTEC:     Copyright \(c\) 2010-2015 Symantec Corporation\.| p/Symantec Endpoint Protection Manager http config/ d/firewall/ cpe:/a:symantec:endpoint_protection_manager/
match http m|^HTTP/1\.1 200 OK\r\nX-XSS-Protection: 1; mode=block\r\nX-Content-Type-Options: nosniff\r\nSet-Cookie: JSESSIONID=[A-F\d]{32}; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\nTransfer-Encoding: chunked\r\nDate: .*\r\nConnection: close\r\nServer: SEPM\r\n\r\n\r\n<!--\r\nSYMANTEC:     Copyright \(c\) 2010-2015 Symantec Corporation\.| p/Symantec Endpoint Protection Manager http config/ d/firewall/ cpe:/a:symantec:endpoint_protection_manager/

match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Length: 85\r\nContent-Type: text/plain\r\n\r\nThe client sent a plain HTTP request, but this server only speaks HTTPS on this port\.$| p/SABnzbd+ newsreader httpd/
match http m|^HTTP/1\.1 200 Ok\r\nDate: .*\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Frameset//EN\" \"http://www\.w3\.org/TR/html4/frameset\.dtd\">\r\n<html>\r\n\t<head>\r\n\t\t<TITLE>Web Client for DVR</TITLE>| p/Zmodo camera http interface/ d/webcam/
match http m|^HTTP/1\.0 200 OK\r\nServer: HTTP Server\(V([\w._-]+)\)\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nContent-Length: 47\r\nCache-Control: no-cache; no-store;max-age=0\r\nConnection: close\r\n\r\n<HTML><BODY>404 Host Not Found\.</BODY></HTML>\r\n$| p/Aten KN2116v KVM-over-IP switch http interface/ v/$1/ d/remote management/
match http m|^HTTP/1\.0 400 Bad Request\r\nDate: .*\r\nContent-Type: text/html; charset=iso-8859-1\r\nAge: 0\r\nServer: YTS/([\w._-]+)\r\n| p/Yahoo! Traffic Server/ v/$1/
match http m|^HTTP/1\.0 503 Service Temporarily Unavailable\r\nDate: .*\r\nContent-Type: text/html; charset=iso-8859-1\r\nAge: 0\r\nServer: YTS/([\w._-]+)\r\n| p/Yahoo! Traffic Server/ v/$1/
match http m|^HTTP/1\.1 404 File not Found\r\nServer: NAE01\r\nDate: .*\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: Close\r\n\r\n$| p/Johnson Metasys building management system http interface/ d/specialized/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 STRICT//EN\" \"DTD/xhtml1-strict\.dtd\">\r\n<html>\r\n<head>\r\n<title>EDS Ethernet to 1-wire Interface</title>| p/Embedded Data Systems Ethernet-to-1-wire interface http admin/ d/bridge/
match http m|^HTTP/1\.0 301 OK\r\nConnection: close\r\nLocation: /AgentManager/get/html/home\.html\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>redirecting to url</TITLE></HEAD><BODY><H1>redirecting to url</H1><A HREF=\"/AgentManager/get/html/home\.html\"></A><p></BODY></HTML>\r\n\r\n$| p/QAM Launcher Manager/
match http m|^HTTP/1\.1 200 OK\r\n.*<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3\.2 Final//EN\">\n\n<HTML>\n\n    <META HTTP-EQUIV=\"Refresh\" CONTENT=\"\.03; URL=perl/initial\.pl\"></META>\n    <HEAD><TITLE>OPNET AppSQL Xpert Management Console</TITLE></HEAD>\n\n<BODY BGCOLOR=\"#A8D5FE\">\n\n</HTML>\n$|s p/Riverbed OPNET AppResponse httpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: BitLeapHTTP\r\nX-Dav-Powered-By: BitLeapWebDAV\r\nMS-Author-Via: DAV\r\nDAV: 1, 2, version-control\r\nContent-Length: 0\r\nConnection: Keep-Alive\r\nContent-Type: text/xml; charset=\"utf-8\"\r\nDate: .*\r\nX-WebDAV-Status: HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=LeapServ\r\n\r\n$| p/Barracuda Backup 490 appliance http admin/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nPragma: no-cache\r\n\r\n<html><head><title>ffserver Status</title>\n<link rel=\"shortcut icon\" href=\"http://dlink\.ru/favicon\.ico\">\n| p/D-Link ffserver httpd/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: HTTP Server\r\n.*<!--\n    M Comeau Dec 19, 2011\n    This page is used to redirect to the URL below\.  It is necessary to do this\n    so the http server properly redirects to the CGI\.\n-->\n<head>\n<title>BSE Redirect</title>|s p/Chrysler wiTECH VCI Pod automotive diagnostic device/ d/specialized/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><head><title>Welcome to Keter</title></head><body><h1>Welcome to Keter</h1><p>You did not provide a virtual hostname for this request\.</p></body></html>$| p/Keter httpd/ i/Yesod web framework/
match http m|^HTTP/1\.1 200 OK\r\n\r\n\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\">\n  <head>\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n    <title>Servers Ultimate Pro</title>| p/Ice Cold Apps Servers Ultimate Pro httpd/
match http m|^HTTP/1\.1 200 OK\r\nETag: .*\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer: wifi-security-server\r\n\r\n<html>\r\n<head>\r\n<meta http-equiv=\"refresh\" content=\"1; URL=/wifiserver\">\r\n</head>\r\n<body>\r\n</body>\r\n</html>\r\n$| p/Apache Tomcat/ i/AirTight SpectraGuard firewall/ d/firewall/ cpe:/a:apache:tomcat/a
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nX-Powered-By: Express\r\nVary: Accept\r\nContent-Type: text/plain\r\nLocation: /plugin\r\nContent-Length: 41\r\nDate: .*\r\nConnection: close\r\n\r\nMoved Temporarily\. Redirecting to /plugin$| p/Ninja Blocks home automation httpd/
match http m|^HTTP/1\.1 501 Not Implemented\r\nDate: .* ([+-]\d+)\r\nAllow: GET, POST\r\nPragma: No-Cache\r\nServer: MobiCont ([\w._-]+)\r\nContent-Length: 0\r\n\r\n$| p/Mobicont httpd/ v/$2/ i/time zone: $1/
# http://www.st.rim.or.jp/~nakata/
match http m|^HTTP/1\.1 200 Document follows\r\nMIME-Version: 1\.0\r\nServer: AnWeb/([\w._-]+)\r\n| p/AN httpd/ v/$1/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: Mini web server 1\.0 ZTE corp 2005\.\r\nContent-Type: text/html; charset=iso-8859-1\r\nAccept-Ranges: bytes\r\nConnection: close\r\nCache-Control: no-cache,no-store\r\n\r\n                                              <HTML>\n                                              <HEAD><TITLE>400 Bad Request</TITLE></HEAD>\n                                              <BODY BGCOLOR=\"#FFFFFF\" TEXT=\"#000000\" LINK=\"#2020ff\" VLINK=\"#4040cc\">\n                                              <H2>400 Bad Request</H2>\nYour request has bad syntax or is inherently impossible to satisfy\.\n| p/thttpd/ i/Zebra ZTE F660 broadband router/ d/broadband router/ cpe:/a:acme:thttpd/ cpe:/h:zebra:zte_f660/a
match http m|^HTTP/1\.1 404 Not Found\r\nPragma: no-cache\r\nmax-age: Thu, 01 Jan 1970 00:00:00 GMT\r\n.*<title>Error 404 NOT_FOUND</title>|s p/Google Web Toolkit httpd/ cpe:/a:google:web_toolkit/
match http m|^HTTP/1\.0 200 OK\r\nServer: Miner WEB Server\r\n.*<td align='right'>Total MHS:</td><td align='left'>([\d.]+)</td>.*<td align='right'>Up Time:</td><td align='left'>([\w,]+)</td>.*Current Server: ([][\w._:-]+)|s p/Asicminer Block Eruptor Blade bitcoin miner httpd/ i|Mhash/s: $1; uptime: $2; server: $3|
match http m|^HTTP/1\.1 200 OK\r\ncontent-type: text/plain; charset=utf-8\r\nCache-Control: no-cache\r\nExpires: Fri, 01 Jan 1990 00:00:00 GMT\r\nContent-Length: \d+\r\nServer: Development/([\w._-]+)\r\nDate: .*\r\n| p/Google App Engine SDK/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\ncontent-length: \d+\r\ncontent-type: text/html; charset=utf-8\r\n.*<title>\n\t  SOGo\n\t</title>.*<meta content=\"SKYRIX Software AG/Inverse inc\.\" name=\"author\" />.*<meta content=\"@shiva (\d+)\" name=\"build\" />|s p/Inverse SOGo SOPE application server httpd/ v/build $1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<html><head><title>WiFi ADSL2/2\+ Combo IAD</title>| p/Netcomm NP805N WAP http config/ d/WAP/ cpe:/h:netcomm:np805n/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: Http Server\r\nDate: .* \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http:///login\.asp\r\n\r\n<html><head></head><body>\r\n\t\tThis document has moved to a new <a href=\"http:///login\.asp\">location</a>\.\r\n\t\tPlease update your documents to reflect the new location\.\r\n\t\t</body></html>\r\n\r\n$| p/Tenda N60 WAP http admin/ d/WAP/ cpe:/h:tenda:n60/
# Fallback match:
match http m|^HTTP/1\.1 400 Page not found\r\nServer: Http Server\r\nDate: .* \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\n| p/Tenda WAP http admin/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: EDICOM-HTTP\r\n.*<meta name=\"Author\" \r\ncontent=\"Santiago Bellosta\">.*<title>EDICOM AS2 \r\nSERVER</title>|s p/Edicom AS2 proxy server http config/ d/proxy server/
match http m|^HTTP/1\.1 417 Expectation Failed\r\nServer: AvigilonServer/([\w._-]+)\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 19\r\n\r\nExpectation failed\.$| p/Avigilon Control Center httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\n\r\n<!DOCTYPE html>\r\n<html>\r\n<head>\r\n   <title>CyberStat Configuration</title>| p/CyberStat thermostat http interface/ d/specialized/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nServer: \r\nContent-length: 0\r\nConnection: close\r\nLocation: https://:443/login\.lp\r\nSet-Cookie: xAuth_SESSION_ID=.*; path=/; \r\nCache-control: no-cache=\"set-cookie\"\r\n\r\n$| p/Technicolor TG789vn broadband router/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: IPWEBS/([\w._-]+)\r\n.*\.noscript_text{\r\nwidth: 100%;\r\nheight: 100%;\r\nfont-size: 24px;\r\ntext-align: center;\r\npadding-top: 24px;\r\n}\r\n</style>|s p/IPWEBS/ v/$1/ i/Huawei broadband router http admin/ d/broadband router/
match http m|^HTTP/1\.1 401 Authorization Required\r\nDate: .*\r\nServer: KGet\r\nWWW-Authenticate: Basic realm=\"KGet Webinterface Authorization\"\r\n| p/KGet download manager http interface/
match http m|^HTTP/1\.1 302 Found\r\nX-Frame-Options: SAMEORIGIN\r\nLocation: https?://([\w._-]+):\d+/vkd/GetWelcomeScreen\.event\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">| p/Symantec PGP Verified Directory httpd/ h/$1/
match http m|^HTTP/1\.1 302 Found\r\nX-Frame-Options: SAMEORIGIN\r\nLocation: https?://([\w._-]+):\d+/b/l\.e\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">| p/Symantec PGP Web Messenger httpd/ h/$1/
match http m|^HTTP/1\.1 302 Found\r\nX-Frame-Options: SAMEORIGIN\r\nLocation: https?://([\w._-]+):\d+/omc/GetLoginScreen\.uevent\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">| p/Symantec PGP Universal Server http admin/ h/$1/ cpe:/a:symantec:pgp_universal_server/
match http m|^HTTP/1\.1 404 not found\r\nContent-Length: 13\r\n\r\n404 not found$| p/Slingbox 500 httpd/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: ZM_TEST=true;Secure\r\n.*\* Zimbra Collaboration Suite Web Client\r\n|s p/Zimbra Collabration Suite httpd/ cpe:/a:zimbra:zimbra_collaboration_suite/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"> \n<title>Access Point Configuration Utility</title>| p/Cisco AP541N WAP http admin/ d/WAP/ cpe:/h:cisco:ap541n/
match http m|^HTTP/1\.1 200 OK\r\nConnection: Close\r\nContent-Length: 0\r\n\r\n$| p/Talk Talk YouView set-top box http config/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nServer: http server ([\w._-]+)\r\n.*<title>NVR</title>|s p/Qnap VioStor video recorder http admin/ v/$1/ d/media device/
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: 6\r\n\r\nERROR\n$| p/Apple Xsan httpd admin/
match http m|^HTTP/1\.1 404 Not Found\r\nX-DEVICE-VALUE:Not Found\r\nServer: Encore/([\w._-]+)\r\nContent-Length: 134\r\n\r\n<html><head>\r\n<META NAME=\"DEVICE-VALUE\" CONTENT=\"Not Found\">\r\n</head><body>\r\n<DIV CLASS=\"DEVICE-VALUE\">Not Found</DIV>\r\n</body></html>$| p/Yamaha M7CL sound board http config/ v/$1/ d/media device/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation:/login/login\.hchl\r\nDate:.*\r\nServer:Numara FootPrints Asset Core Agent ([\w._-]+)\r\nConnection:Close\r\nContent-Length:0\r\n\r\n$| p/Numara FootPrints inventory management http admin/ v/$1/
match http m|^HTTP/1\.1 200 Success\r\nServer: Messaging\r\ntransfer-encoding: chunked\r\n\r\n0\r\n\r\n$| p/Sybase Unwired Server Synchronization httpd/
match http m|^HTTP/1\.1 302 Object Moved\r\nLocation: /vpn/index\.html\r\nSet-Cookie:NSC_AAAC=| p/Citrix NetScaler Access Gateway/ cpe:/h:citrix:netscaler_access_gateway/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: webvpn=;.*document\.location\.replace\(\"/\+CSCOE\+/logon\.html\"\)|s p/Cisco ASA SSL VPN/
match http m|^HTTP/1\.1 303 See Other\r\nServer: \r\nContent-type: text/plain\r\nLocation: /login\.xml\?session=false\r\n| p/IBM WebSphere DataPower management interface/
match http m|^HTTP/1\.1 407 MAG Authentication Failed!\r\n| p/AirWatch Mobile Access Gateway/
match http m|^HTTP/1\.1 200 OK\r\nServer: Linux, STUNNEL/1\.0, (D[\w-]+) Ver ([\w._-]+)\r\n| p/D-Link router admin httpd/ i/model $1; firmware $2/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
# version number is not really a version (this was 1.7.0.11)
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Easy-Web Server/1.0\r\nAuthor: Easy Ftp Server\r\nWWW-Authenticate: BASIC realm=\"Ftp User Login\"\r\n| p/EasyFTP Server httpd/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nServer: wanduck\r\nDate: .*\r\n| p/Asus wanduck WAN monitor httpd/
match http m|^HTTP/1\.1 200 OK\r\nServer:Cross Web Server\r\n| p/Cross DVR httpd/ d/media device/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Aterm\(HT\)/([\d.]+)\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Aterm\(admin\)\"\r\n| p/NEC Aterm admin httpd/ v/$1/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nServer: TAC/Xenta([\w-]+) ([\d.]+)\r\n| p/TAC Xenta httpd/ v/$2/ i/Xenta $1/
match http m|^HTTP/1\.1 200 OK\r.*\nserver: WebSEAL/([\d.]+) \(Build (\d+)\)\r\n|s p/IBM Tivoli WebSEAL httpd/ v/$1/ i/build $2/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: App-webs/\r\n| p/Hikvision IP camera httpd/ d/webcam/
match http m|^HTTP/1\.1 200 [Oo][Kk]\r\nServer: Venky\r\n| p/Smartfren EVDO modem httpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Aviosys\r\nPragma: no-cache\r\nWWW-Authenticate: Basic realm=\"([^"]+)\"\r\n| p/Aviosys $1 httpd/
match http m|^HTTP/1\.0 200 OK\r.*\nServer: OwnServer([\d.]+)\r\n|s p/Anteco OwnServer/ v/$1/
# The "EWS-NIC4" server is used in all sorts of printers, but version 8.80 is exclusively Dell 1320c
# Could probably use Shodan to enumerate other versions
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: EWS-NIC4/8\.80\r\n|s p/Embedded Web Server httpd/ v/8.80/ i/Dell 1320c/ d/printer/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Frameset//EN\">\r\n<!-- Copyright \(c\) 2000-2\d\d\d, Fuji Xerox Co\., Ltd\. All Rights Reserved\. -->\r\n<HTML>.*<TITLE>\r\n([\w -]+?) +- [\d.]+\r\n</TITLE>|s p/Fuji-Xerox $1 httpd/ d/printer/ cpe:/h:fuji_xerox:$1/
# lighttpd started responding with HTTP/1.1 in version 2.0.0, apparently
match http m|^HTTP/1.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: lighttpd/([\w._-]+)\r\n|s p/lighttpd/ v/$1/ cpe:/a:lighttpd:lighttpd:$1/
# SNC full system info at /command/inquiry.cgi?inqjs=system
match http m|^HTTP/1\.0 307 Temporary Redirect\r\n(?:[^\r\n]+\r\n)*?Server: gen5th/([\d.]+)\r\n|s p/Sony Network Camera httpd/ v/$1/ d/webcam/
# WEB-Manager 3.2. Looks like later versions are framed.
match http m|^HTTP/1\.1 200\r\n.*<title>WEB-Manager ([\d.]+)</title>.*<applet code=\"container\.class\" archive=web\.jar width=\"743\" height=\"1250\" style=\"border: thick ridge\">|s p/Lantronix WEB-Manager admin httpd/ v/$1/
match http m|^HTTP/1\.0 302 Document Follows\r\nSet-Cookie: SESSID=[a-f0-9]{32}\r\nPragma: no-cache\r\nLocation: http:///([\w.-]+)/testcookie\.ssi\?SESSID=[a-f0-9]{32}\r\nConnection: close\r\n\r\n| p/IBM Remote Supervisor Adapter httpd/ h/$1/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: httpd\r\nDate: .*\r\nLocation: http://belkin\.range\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\n| p/Belkin WiFi range extender httpd/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nSet-Cookie: rg_cookie_session_id=.*\r\n\r\n<!-- Page\(9123\)=\[Please Reset Your Password\] -->|s p/BT Home Hub config httpd/ i/password reset page/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nSet-Cookie: rg_cookie_session_id=.*\r\n\r\n<!-- Page\(9096\)=\[Home\] -->|s p/BT Home Hub config httpd/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nServer: Sierra Wireless Inc, Embedded Server\r\n| p/Sierra Wireless embedded httpd/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-store\r\nContent-Length: 96\r\nContent-Type: text/html\r\n\r\n<html>\n<body bgcolor=\"#99ccff\">\n<center>\n<h1>Invalid Access</h1>\n</center>\n</p></body>\n</html>\n\n\n| p/Cisco ATA 186 httpd/ d/VoIP adapter/ cpe:/h:cisco:ata_186/a
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nServer: RT-Platform/([\d.]+) (UPnP/[\d.]+) EBS Mi\r\n| p/EBS RTPlatform UPnP httpd/ v/$1/ i/$2/
match http m|^HTTP/1\.1 302 Found\r\nServer: Cassini/(4\.[\d.]+)\r\nDate: .*\r\nX-AspNet-Version: ([\d.]+)\r\nLocation: /Login\.aspx\r\n| p/Cassini httpd/ v/$1/ i/SmarterStats 8.2; ASP.NET $2/ o/Windows/ cpe:/a:microsoft:asp.net:$2/ cpe:/a:microsoft:cassini:$1/ cpe:/a:smartertools:smarterstats:8.2/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Netgear\"\r\n| p/Netgear admin httpd/ d/broadband router/
match http m|^HTTP/1\.0 200 OK\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r\n<!-- release 20120329v1  -->\r\n<!-- \$Id: header\.php 3167 2010-03-03 18:11:27Z slemoine \$ -->| p/Cisco DPC3939b or Arris TG862G wireless cable modem httpd/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nConnection: Close\r\nServer: (BC\d+) WEB SERVER V([\d.]+)\r\nAllow: GET\r\nContent type: text/html\r\nContent-length: \d+\r\ntitle: BC\d+\.htm\r\n\r\n| p/Beckhoff $1 Bus Terminal Controller/ v/$2/ d/specialized/
match http m|^HTTP/1\.0 404 \r\n(?:[^\r\n]+\r\n)*?server: CubeCoders-McMyAdmin/IAWS\r\n.*<p id=\"verinfo\">McMyAdmin Personal - Web Backend v([\d.]+)</p>|s p/CubeCoders McMyAdmin Personal Minecraft control panel/ v/$1/
match http m|^HTTP/1\.0 404 \r\n(?:[^\r\n]+\r\n)*?server: CubeCoders-McMyAdmin/IAWS\r\n.*<p id=\"verinfo\">McMyAdmin Professional - Web Backend v([\d.]+)</p>|s p/CubeCoders McMyAdmin Professional Minecraft control panel/ v/$1/
match http m|^HTTP/1\.0 \d\d\d \r\n(?:[^\r\n]+\r\n)*?server: CubeCoders-McMyAdmin/IAWS\r\n|s p/CubeCoders McMyAdmin Enterprise Minecraft control panel/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: cc-web/([\d.]+)\r\n| p/Centova Cast httpd/ v/$1/
match http m|^HTTP/1\.1 302 Found\r.*\nServer: WSO2 Carbon Server\r\n|s p/WS02 Carbon middleware/
match http m|^HTTP/1\.1 200 OK\r\nServer: Linux, HTTP/1\.1, MyNetN(\d\d\d) Ver ([\d.]+)\r\n| p/Western Digital MyNet N$1 admin httpd/ v/$2/ d/WAP/ o/Linux/ cpe:/h:western_digital:n$1/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r.*\nServer: Monkey\r\n|s p/Monkey httpd/ o/Linux/ cpe:/a:monkey-project:monkey_http_daemon/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nConnection: close\r\nLocation: http://([\w.-]+:\d+)/guest/(?:s/default/)?\?id=[a-f0-9:]+&ap=([a-f0-9:]+)&t=\d+&url=http://\(null\)/\r\n\r\n| p/Ubiquiti UniFi guest redirection/ i/portal: $1; MAC: $2/
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: M1 WebServer/([\d.]+)-VxWorks\r\n| p/Bachmann M1 PLC httpd/ v/$1/ o/VxWorks/ cpe:/o:windriver:vxworks/a
# Ferguson Ariva 252 HD satellite receiver
match http m|^HTTP/1\.0 \d\d\d [A-Z ]+\r\nServer: klhttpd/([\d.]+)\r\n| p/klhttpd/ v/$1/
match http m|^HTTP/1\.1 302 Found\r.*\nServer: ProCurve Web Server\r\n|s p/HP ProCurve httpd/ d/switch/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n\xef\xbb\xbf<!-- Release v ([\d.]+) \d{8} -->.*<title>Bosch Security Systems</title>|s p/Bosch Security DVR httpd/ v/$1/
match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nContent-Length: 0\r\ntv2-auth-digest: | p/Microsoft Mediaroom httpd/ i/IPTV tuner/ d/media device/
match http m|^HTTP/1\.0 404 Not found\r\nDate: [\w., :]+ ([+-]\d\d\d\d)\r\nServer: Monitorix HTTP Server\r\n| p/Monitorix httpd/ i/time zone $1/
match http m|^HTTP/1\.1 200 OK\r\nServer: Web Server\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n\r\n   <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\">\n<HTML>\n<HEAD>\n  <TITLE>Login</TITLE>\n  <link rel=\"stylesheet\" href=\"/50010f00/css/style1\.css\">| p/HP V1810 switch httpd/ d/switch/ cpe:/h:hp:v1810/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: PRINT_SERVER WEB 1\.0\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"(W\w+54G\w*)\"\r\n\r\n401 Unauthorized| p/Linksys $1 wireless print server httpd/ cpe:/h:linksys:$1/a
match http m|^HTTP/1\.0 200 OK\r\n<!DOCTYPE html>\nContent-type: text/html\r\n\r\n<HTML>\n<TITLE>ConfigServer Security & Firewall</TITLE>| p/ConfigServer Security & Firewall/ d/firewall/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: webserver/1\.0\r\nDate: .*\r\nWWW-Authenticate: Digest algorithm=\"MD5\", realm=\"Forbidden\", qop=\"auth\"| p/OSCam softcam httpd/ d/media device/
match http m|^HTTP/1\.1 302 OK\r\nServer: ConfigurationService\r\nDate: .*\r\nConnection: close\r\nSet-Cookie: VNeXHttpSessionID=| p/Avaya Scopia Pathfinder firewall traversal http config/
match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/plain; charset=UTF-8\r\nDate: .*\r\nServer: waitress\r\n\r\n404 Not Found\n\nThe resource could not be found\.\n\n\ndebug_notfound of url http://[^;]+; .* context: <pyramid\.traversal\.DefaultRootFactory instance at| p/Pylons Waitress WSGI server/ i/Pylons Pyramid web framework/
match http m|^HTTP/1\.0 404 Not Found\r.*\nServer: waitress\r\n\r\n|s p/Pylons Waitress WSGI server/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-type: text/html; charset=UTF-8\r\nAccept-Ranges: bytes\r\nConnection: close\r\nWWW-Authenticate: Digest realm=\"Authorization\",nonce=\"[a-f\d]+\",opaque=\"[a-f\d]+\",qop=\"auth\"\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H2>401 Unauthorized</H2>\n<HR>\nAuthorization required for the requested URL\.\n</BODY></HTML>\n| p/Panasonic KX-TGP500 http interface/ d/VoIP phone/
match http m|^HTTP/1\.1 200 OK\r\nServer: sw-cp-server\r\n.*<meta name=\"plesk-build\" content=\"([\d.]+)\">\n\t\t<title>Parallels Plesk Panel ([\d.]+)</title>|s p/Parallels Plesk sw-cp-server httpd/ v/$2/ i/build $1/
match http m|^HTTP/1\.1 200 OK\r.*\nServer: NetDNA-cache/([\d.]+)\r\n.*\r\nYou are hitting the NetDNA ([^<]+)<br>\n<img src=netdna\.gif\?city=4 >\n\n|s p/NetDNA CDN httpd/ v/$1/ i/$2/
match http m|^HTTP/1\.1 200 OK\r\n.*window\.location = \"rdr\.cgi\";\r\n|s p/TRENDnet IP camera httpd/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: YTS/([\d.]+)\r\n|s p/Yahoo! Traffic Server/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: Linux, HTTP/1\.1, (DSL-[\w]+) Ver ([A-Z][A-Z])_([\d.]+)\r\n| p/D-Link $1 router httpd config/ v/$3/ i/region: $2/ d/broadband router/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=\"\"\r\n.*var objWin = window\.open\(strURL, \"WJHD600\",|s p/Panasonic WJ-HD600-series DVR http config/ d/media device/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Type: text/html\r\nDate: .*\r\nConnection: close\r\nServer: mwg-ui\r\n\r\n| p/McAfee Web Gateway httpd/ d/security-misc/ cpe:/a:mcafee:web_gateway/
match http m|^HTTP/1\.1 302 Found\r\nLocation: https://[\w.-]+:\d+/Konfigurator/request\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: mwg-ui\r\n\r\n| p/McAfee Web Gateway http config/ d/security-misc/ cpe:/a:mcafee:web_gateway/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Camera Web Server\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Camera Web Server\"\r\n| p/Belkin NetCam http config/ d/webcam/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nExpires: 0\r\nDate: .*\r\n\r\n<script language='JavaScript'>location='https:///';</script>\n| p/ISPmanager SSL redirector/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nAccess-Control-Allow-Origin: \*\r\nCache-Control: no-cache\r\nContent-type: text/html; charset=utf-8\r\nDate: .*\r\n\r\n<html>\r\n<head><title>JointSpace</title>| p/jointSPACE TV application framework/ d/media device/
match http m|^HTTP/1\.1 200 OK\r.*\nlibAbsinthe: (r[\d.]+)\r\n|s p/Legify Absinthe/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Web Server\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?\r\n   \r\n<!DOCTYPE HTML PUBLIC.*<TITLE>NETGEAR ([^<]+)</TITLE>|s p/Netgear $1 http config/ d/switch/ cpe:/h:netgear:$1/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Basic realm=\"Domoticz\.com\"\r\n\r\n|s p/Domoticz home automation httpd/
match http m|^HTTP/1\.1 200 OK\r\nLast-Modified: .*\r\nContent-Length: \d+\r\nContent-Type: text/html;charset=UTF-8\r\nAccess-Control-Allow-Origin: \*\r\n\r\n<!DOCTYPE html>\n<html manifest="html5\.appcache">\n<head>\n\t\t<meta charset="utf-8">\n\t\t<title>Domoticz</title>| p/Domoticz home automation httpd/
match http m|^HTTP/1\.0 302 Redirect\r\nSet-Cookie: mainServerInstance=; path=/\r\nSet-Cookie: CrushAuth=| p/CrushFTP web interface/ cpe:/a:crushftp:crushftp/
match http m|^HTTP/1\.1 401 Unauthorized\r\nSet-Cookie: mainServerInstance=; path=/\r\nSet-Cookie: CrushAuth=| p/CrushFTP web interface/ cpe:/a:crushftp:crushftp/
match http m|^HTTP/1\.1 200 OK\r\nServer: pyTivo/([\d.]+)\r\n| p/pyTivo http interface/ v/$1/ d/media device/
match http m|^HTTP/1\.1 302 FOUND\r\nX-Hue-Jframe-Path: /\r\n| p/Cloudera Hue http Hadoop UI/
match http m=^HTTP/1\.1 200 OK\r.*\nLiferay-Portal: Liferay Portal (Community|Enterprise) Edition ([^(]+) \([A-Z][a-z]+ / Build (\d+) / [^)]+\)\r.*\nServer: Apache\r\n=s p/Liferay Portal $1 Edition/ v/$2/ i/build $3; Apache Tomcat/ cpe:/a:apache:tomcat/
match http m|^HTTP/1\.1 401 Unauthorized\nContent-Type: text/html;\nConnection: close\nWWW-Authenticate: Basic realm=\"Default: admin/admin\"\nContent-Length: <HTML>\r\n<HEAD>\r\n<TITLE>Sitecom Multi-Functional USB Server ([^<]+)</TITLE>| p/Sitecom $1 http config/
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nPragma: no-cache\r\nExpires: \"[^"]+\"\r\nContent-length: \d+\r\nContent-type: text/html\r\n\r\n<html>\n<head>\n<title>ILV701PL Web Configuration - Authentication</title>| p/LEXCOM ILV701PL IPTV receiver http config/ d/media device/
match http m|^HTTP/1\.0 500 Server Error\nContent-Type: text/html\n\n<html><body><b><font color=#CC0000>haserl CGI Error</font></b><br><pre>\n\[string \"([^"]+)\"\]:\d+:| p/Haserl CGI wrapper/ i/CGI path: "$1"/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"yhhtpd\r\n| p/Neutrino yhttpd 3.X/
match http m|^HTTP/1\.0 200 OK\r\nServer: xLightweb/([\d.]+)\r\nContent-Length: 0\r\nConnection: close\r\nAccess-Control-Allow-Origin: \*\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Headers: device-os, device-mo, app-build, device-id, device-no, device-ip, tracker, sub-id, sid\r\n\r\n| p/xLightweb httpd/ v/$1/
match http m|^HTTP/1\.0 200 Document follows\r\nServer: XCD WebAdmin\r\nContent-Type: text/html\r\n\r\n| p/Intermec EasyLAN print server http admin/ d/print server/
match http m|^HTTP/1\.1 200 OK\r\nServer: Dump1090\r\n| p/Dump1090 Mode S decoder http viewer/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nETag: \"[^"]\"\r\nAccept-Ranges: bytes\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n<html><script type=\"text/javascript\">\nif \(window!=top\) top\.location=window\.location;top\.location=\"/remote/login\";\n</script></html>\n| p/Fortinet FortiGate SSL VPN/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: qHTTPs\r\n| p/AEG Powersolutions UPS View http viewer/ d/power-device/
match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: sid=[^;]+; path=/; httponly\r\nSet-Cookie: sid\.sig=[^;]+; path=/; httponly\r\nDate: .*\r\nConnection: close\r\n\r\n<!DOCTYPE HTML>.*<h1>Webhook Deployer v([\w._-]+)|s p/Node.js/ i/Webhook Deployer v$1/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\nContent-Length: \d+\r\nServer: SIMP LIGHT\r\n\r\n<head><title>SIMP Light web server \[ver\. ([\w._-]+)\]</title>| p/SIMP Light SCADA httpd/ v/$1/
match http m|^HTTP/1\.[01] 401 Unauthorized\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n(?:Connection: close\r\n)?X-Plex-Protocol: 1\.0\r\n| p/Plex Media Server httpd/ cpe:/a:plex:plex_media_server/
match http m|^HTTP/1\.[01] 200 OK\r\nContent-Type: text/xml;charset=utf-8\r\nContent-Length: \d+\r\nConnection: close\r\nX-Plex-Protocol: 1\.0\r\nCache-Control: no-cache(?:\r\nDate: .*)?\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<MediaContainer size=\"\d+\" [^>]*friendlyName=\"([^"]*)\" [^>]*platform=\"Linux\" platformVersion=\"(((?:2\.)?\d\.\d+)[^"]+)\" [^>]*version=\"([^"]+)| p/Plex Media Server httpd/ v/$4/ i/friendlyName: $1; OS version $2/ o/Linux $3/ cpe:/a:plex:plex_media_server:$4/ cpe:/o:linux:linux_kernel:$3/
match http m|^HTTP/1\.[01] 200 OK\r\nContent-Type: text/xml;charset=utf-8\r\nContent-Length: \d+\r\nConnection: close\r\nX-Plex-Protocol: 1\.0\r\nCache-Control: no-cache(?:\r\nDate: .*)?\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<MediaContainer size=\"\d+\" [^>]*friendlyName=\"([^"]*)\" [^>]*platform=\"([^"]+)\" platformVersion=\"([^"]+)\" [^>]*version=\"([^"]+)| p/Plex Media Server httpd/ v/$4/ i/friendlyName: $1; OS version $3/ o/$2/ cpe:/a:plex:plex_media_server:$4/
# Sometimes the version is too far down the page :(
match http m|^HTTP/1\.[01] 200 OK\r\nContent-Type: text/xml;charset=utf-8\r\nContent-Length: \d+\r\nConnection: close\r\nX-Plex-Protocol: 1\.0\r\nCache-Control: no-cache(?:\r\nDate: .*)?\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<MediaContainer size=\"\d+\" [^>]*friendlyName=\"([^"]*)\" [^>]*platform=\"Linux\" platformVersion=\"(((?:2\.)?\d\.\d+)[^"]+)\"| p/Plex Media Server httpd/ i/friendlyName: $1; OS version $2/ o/Linux $3/ cpe:/a:plex:plex_media_server/ cpe:/o:linux:linux_kernel:$3/
match http m|^HTTP/1\.[01] 200 OK\r\nContent-Type: text/xml;charset=utf-8\r\nContent-Length: \d+\r\nConnection: close\r\nX-Plex-Protocol: 1\.0\r\nCache-Control: no-cache(?:\r\nDate: .*)?\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<MediaContainer size=\"\d+\" [^>]*friendlyName=\"([^"]*)\" [^>]*platform=\"([^"]+)\" platformVersion=\"([^"]+)\"| p/Plex Media Server httpd/ i/friendlyName: $1; OS version $3/ o/$2/ cpe:/a:plex:plex_media_server/
match http m|^HTTP/1\.[01] 200 OK\r\nContent-Type: text/xml;charset=utf-8\r\nContent-Length: \d+\r\nConnection: close\r\nX-Plex-Protocol: 1\.0\r\nCache-Control: no-cache(?:\r\nDate: .*)?\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<MediaContainer size=\"\d+\" [^>]*friendlyName=\"([^"]*)\"| p/Plex Media Server httpd/ i/friendlyName: $1/ cpe:/a:plex:plex_media_server/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Type: text/html\r\nSet-Cookie: cookie_session_id_0=\d+; path=/;\r\nCache-Control: public\r\nPragma: cache\r\nExpires: .*\r\nDate: .*\r\nLast-Modified: Thu, 01 Jan 1970 00:00:00 GMT\r\nAccept-Ranges: bytes\r\nConnection: close\r\nLocation: https?://[\w._-]+:\d+/index\.cgi\?active%5fpage=9091&req%5fmode=0\r\n\r\n| p/OpenRT httpd/ o/OpenRT/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"(iRMC S\d)@iRMC([0-9A-F]{6})\", qop=\"auth\", nonce=\"[0-9a-f-]+\", opaque=\"[0-9a-f]+\", stale=\"FALSE\" \r\n(?:Connection: close\r\n)?Cache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\n\r\n296\r\n| p/Fujitsu $1 httpd/ i/Host ID (MAC) $2/ d/remote management/
match http m|^HTTP/1\.1 400 Bad Request\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nProxy-Connection: close\r\nConnection: close\r\nContent-Length: 727\r\n\r\n<HTML><HEAD>\r\n<TITLE>Request Error</TITLE>\r\n</HEAD>\r\n<BODY>\r\n<FONT face=\"Helvetica\">\r\n<big><strong></strong></big><BR>| p/ISPConfig http control panel/
match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: alphapd\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Digest realm=\"(TV-IP\d\d\d\w*)\",qop=\"auth\", nonce=\"[a-f0-9]+\"\r\n\r\n| p/TRENDnet $1 httpd/ d/webcam/ cpe:/h:trendnet:$1/a
#example $2 = "MediaCloset\0"
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<html><head><title>APC Back-UPS ([^(]+)\(([^)]+)\)</title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"></head>| p/APC Back-UPS $1 http admin/ i/$P(2)/
match http m|^HTTP/1\.1 401 UNAUTHORIZED\r\nWWW-Authenticate: Basic realm=\"Login Required\"\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 90\r\nDate: .*\r\nServer: ([\w._-]+)\r\n\r\nCould not verify your access level for that URL\.\nYou have to login with proper credentials| p/Maraschino XBMC http interface/ h/$1/
match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: session=[0-9a-f]{40}; Path=/; HttpOnly\r\nX-Auth-Status: none\r\nContent-Type: text/html\r\nDate: .*\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n.* href=\"/ajenti:static/|s p/Ajenti http control panel/ cpe:/a:ajenti:ajenti/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Hydra/([\w._-]+)\r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Length: \d+\r\nLast-Modified: .*\r\nETag: \"[^"]+\"\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<title>Intelligent Switch</title>>\n| p/Hydra httpd/ v/$1/ i/ZyXEL GS1600 or GS1900 switch/ d/switch/ cpe:/a:nikos_mavroyanopoulos:hydra:$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Length: \d+\r\nLast-Modified: .*\r\nETag: \"[^"]+\"\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<title>Intelligent Switch</title>>\n| p/Hydra httpd/ i/ZyXEL GS1600 or GS1900 switch/ d/switch/ cpe:/a:nikos_mavroyanopoulos:hydra/
match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: JSESSIONID=[0-9A-F]{32}; Path=/\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer:  \r\n\r\n<!-- default page when just a URL is entered \(e\.g\. - http://ipaddress\) -->| p/Cisco Unified Communications Manager httpd/ cpe:/a:cisco:unified_communications_manager/
# version 8.5.1 reported with SAMEORIGIN, but not in 8.6
# version 8.6 has Secure; HttpOnly
match http m|^HTTP/1\.1 200 OK\r\n(?:X-Frame-Options: SAMEORIGIN\r\n)?Set-Cookie: JSESSIONID=[0-9A-F]{32}; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer:  \r\n\r\n<!-- default page when just a URL is entered \(e\.g\. - http://ipaddress\) -->| p/Cisco Unified Communications Manager httpd/ cpe:/a:cisco:unified_communications_manager/
# TODO: Which version has HttpOnly and not Secure?
match http m|^HTTP/1\.1 200 OK\r\nX-Frame-Options: SAMEORIGIN\r\nSet-Cookie: JSESSIONID=[0-9A-F]{32}; Path=/; HttpOnly\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer:  \r\n\r\n<!-- default page when just a URL is entered \(e\.g\. - http://ipaddress\) -->| p/Cisco Unified Communications Manager httpd/ cpe:/a:cisco:unified_communications_manager/
match http m|^HTTP/1\.0 500 No such header: Host\r\nserver: Ag \[47\]\r\ncontent-type: text/html\r\n\r\n<html>\n<head>\n</head>\n<body>\n<h1>500: No such header: Host</h1>\n</body>\n</html>\r\n| p/ZyXEL Keenetic http admin/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<html><head><title>Basic Status</title></head><frameset rows=\"\*,0\" border=0 frameborder=no framespacing=0><frame src=\"basic\.htm\" name=\"main\"><frame src=\"hide\.htm\" name=\"Hide\" marginwidth=0 marginheight=0 border=0></frameset></html>\n| p/NetComm Wireless ADSL router http admin/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Easy Chat Server/([\w._-]+)\r\n| p/Easy Chat Server httpd/ v/$1/
match http m|^HTTP/1\.1 503 Service Unavailable\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Length: \d+\r\nX-Iinfo: ?[\d-]+ .NNN RT\(\d+ \d+\) q\([ 0-9-]+\) r\([ 0-9-]+\)| p/Incapsula CDN httpd/
match http m|^<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4\.01 Transitional//EN'><html><head><title>Evolis TCP/IP\r\n</title>| p/Evolis ID card printer httpd/ d/printer/
match http m|^HTTP/1\.0 200 OK\r\nServer: pilight\r\n| p/pilight home automation webGUI/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nX_Language: .*\r\nContent-Type: text/html\r\nServer: Embedthis-http\r\nLocation: https://([^/]+)/start\.html\n\r\n| p/Embedthis httpd/ i/Dell iDRAC 7/ d/remote management/ h/$1/ cpe:/h:dell:idrac7/
match http m|^HTTP/1\.[01] 30[12] Moved .*\r\nServer: Mbedthis-Appweb/([\d.]+)\r\nLocation: https://([^/]+)/start\.html\n\r\n| p/Embedthis Appweb httpd/ v/$1/ i/Dell iDRAC/ d/remote management/ h/$2/ cpe:/a:mbedthis:appweb:$1/
match http m|^HTTP/1\.[01] 30[12] Moved [^\r\n]+\r\n(?:[^\r\n]+\r\n)*?Location: https://([^/]+)/start\.html\n\r.*\nETag: [^\r\n]+ ([A-Z]+)\r\n|s p/Dell iDRAC http admin/ i/time zone: $1/ d/remote management/ h/$2/
match http m|^HTTP/1\.[01] 30[12] Moved [^\r\n]+\r\n(?:[^\r\n]+\r\n)*?Location: https://([^/]+)/start\.html\n\r\n|s p/Dell iDRAC http admin/ d/remote management/ h/$1/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nContent-Type: text/html\r\nContent-Length: 165\r\nLocation: http://oishare/DCIM\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\r\n<HTML><HEAD><TITLE>301 Moved Permanently</TITLE></HEAD>\r\n<BODY><H1>301 Moved Permanently</H1>\r\n\r\n</BODY></HTML>\r\n| p/Olympus camera httpd/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer:  \r\nCache-Control: no-cache, private\r\nPragma: no-cache\r\nExpires: .*\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\"\r\n\"http://www\.w3\.org/TR/html4/loose\.dtd\">\r\n<html>\r\n<head>\r\n<title>(NWA[\w-]+)</title>| p/ZyXEL $1 http config/ d/WAP/ cpe:/h:zyxel:$1/a
match http m|^HTTP/1\.0 404 Not Found\r\nServer: thttpd/([\w.]+)-Avtrex/([\w._-]+)\r\n| p/thttpd/ v/$1/ i/Avtrex $2/ d/media device/ cpe:/a:acme:thttpd:$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection:close\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\"\r\n\"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\r\n<html>\r\n<head>\r\n\t<title>Berryz WebShare</title>| p/Berryz WebShare/
match http m|^HTTP/1\.1 500 Internal error\r\nCache: no-cache\r\nContent-Type: text/plain\r\nContent-Length: 28\r\n\r\nCardo Updater Internal error| p/Cardo Updater/
match http m|^HTTP/1\.1 200 OK\r\nCONTENT-TYPE: text/html\r\nCONTENT-LENGTH: 260\r\n\r\n.*<H1>PRESENTATION PAGE</H1>|s p/Pioneer VSX-921, Denon DNP-720AE, or Marantz AV7005 AV receiver http config/ d/media device/
match http m|^HTTP/1\.1 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"Fhem: login required\"\r\nContent-Length: 0\r\n\r\n| p/FHEMWEB Fhem frontend/ cpe:/a:rudolf_koenig:fhem/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n<html><head><title>YouLess energy monitor</title>| p/YouLess energy monitor httpd/ d/power-device/
match http m|^HTTP/1\.1 500 Server Error\r\nContent-Length: 0\r\nServer: HBHTTP POGOMVOFFICE - ([\w._-]+) - Linux\r\nDate: .*\r\nConnection: close\r\n\r\n| p/Pogoplug Office NAS httpd/ v/$1/ d/storage-misc/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: AmazonS3\r\n\r\n404|s p/Amazon S3 httpd/
match http m|^HTTP/1\.0 404 Not Found\r\nX-Powered-By: Servlet/([\d.]+)\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<H1>SRVE0255E: A WebGroup/Virtual Host to handle / has not been defined\.</H1><BR><H3>SRVE0255E: A WebGroup/Virtual Host to handle localhost:\d+ has not been defined\.</H3><BR><I>IBM WebSphere Application Server</I>| p/IBM Tivoli Enterprise Portal/ i/Servlet $1/ cpe:/a:ibm:websphere_application_server/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nLocation: http://([\w.-]+)/index\.do\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: ThinkFree Server\r\n\r\n| p/ThinkFree Server Integrator/ h/$1/
match http m|^HTTP/1\.1 \d\d\d .*<center>nginx/([\d.]+)</center>\r?\n</body>\r?\n</html>[\r\n]+$|s p/nginx/ v/$1/ cpe:/a:igor_sysoev:nginx:$1/
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nCache-Control: no-cache\r\nX-Runtime: \d+\r\nSet-Cookie: spiceworks_session=[^;]+; path=/; HttpOnly\r\nLocation: https?://([\w.-]+):\d+/login\r\n| p/Spiceworks http admin/ h/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Clearswift\r\n| p/Clearswift Secure Web Gateway/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nETag: \"[^"]+\"\r\nLast-Modified: .*\r\nContent-Length: \d+\r\nConnection: close\r\nDate: .*\r\nServer: dcs-lig-httpd\r\n\r\n| p/lighttpd/ i/D-Link DCS IP camera/ d/webcam/ cpe:/a:lighttpd:lighttpd/a
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nExpires: .*\r\nConnection: close\r\nPragma: no-cache\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1\.0 Strict//EN' 'http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd'>\n<html xmlns='http://www\.w3\.org/1999/xhtml' xml:lang='en' lang='en'>\n<head>\n    <title>Xfinity</title>| p/Xfinity router http config/ d/broadband router/
# Panasonic TX-P55VTW60
match http m|^HTTP/1\.0 404 Not Found\r\nServer: Panasonic AVC Server/([\w._-]+)\r\nConnection: close\r\nCache-Control: no-cache,no-store\r\nContent-Length: 0\r\n\r\n| p/Panasonic AVC httpd/ v/$1/ d/media device/
match http m|^HTTP/1\.0 403 Forbidden\r\nContent-Length: 15\r\nContent-Type: text/html\r\nAccess-Control-Allow-Origin: \*\r\nAccess-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\n\r\nInvalid request| p/Amazon MP3 Downloader httpd/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: Hikvision-Webs\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://([\w.-]+):\d+/index\.[asphtm]+\r\n\r\n| p/Hikvision DVR httpd/ d/media device/ h/$1/
match http m|^HTTP/1\.1 400\r\nContent-Length: 22\r\nContent-Type: text/plain\r\n\r\nMalformed Request-Line| p/SABnzbd newsreader httpd/
match http m|^HTTP/1\.1 200 OK\r\nServer: HP_Compact_Server\r\nContent-Length: \d+\r\n-onnection: keep-alive\r\nContent-Type: text/html\r\n| p/HP LaserJet printer http admin/ d/printer/
# ntopng <= 1.1 (r7342) had an auth bypass because processing isn't terminated after redirect.
match http m|^HTTP/1\.1 302 Found\r\nSet-Cookie: session=; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT; max-age=0; HttpOnly\r\nLocation: /login\.html\r\n\r\nHTTP/1\.1 200 OK\r\nCache-Control: max-age=0, no-cache, no-store\r\nPragma: no-cache\r\nServer: ntopng ([\d.]+) \((r\d*)\)\r\n| p/ntopng http interface/ v/$1/ i/SVN $2; auth bypass/ cpe:/a:ntop:ntopng:$1/
match http m|^HTTP/1\.1 302 Found\r\nSet-Cookie: session=; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT; max-age=0; HttpOnly\r\nLocation: /login\.html\r\n\r\n$| p/ntopng http interface/ v/1.2/ cpe:/a:ntop:ntopng:1.2/
match http m|^HTTP/1\.1 302 Found\r\nSet-Cookie: session=; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT; max-age=0; HttpOnly\r\nLocation: /lua/login\.lua\?referer=/\r\n\r\n| p/ntopng http interface/ v/2.0 or later/ cpe:/a:ntop:ntopng/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\nServer: owhttpd\r\nLast-Modified: .*\r\nContent-Type: text/html\r\n\r\n| p/OWFS httpd/ cpe:/a:owfs:owhttpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nPragma: no-cache\r\nWWW-Authenticate: Digest realm=\"([^"]+)\", domain=\"/\", nonce=\"[\da-f]+\", algorithm=\"MD5\", qop=\"auth\"\r\nWWW-Authenticate: Basic realm=\"\1\"\r\nContent-Type: text/html\r\n.*<HTML>\r\n<HEAD>\r\n<TITLE>Error 401</TITLE>|s p/Tandberg videoconference httpd/ i/"$1"/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nSet-Cookie: rg_cookie_session_id=.*<!--- Page\(page_login\)=\[Login\] --->.*<TITLE>(MP\d\w+)</TITLE>|s p/Audiocodes $1 gateway http config/ d/VoIP adapter/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nConnection: close\r\n\r\n<!doctype html>\n<html>\n  <head>\n    <title>rabbit\.js and Socket\.IO publish/subscribe example</title>| p/Node.js/ i/rabbit.js messaging example page/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*?\r\nConnection: close\r\n\r\n.*<OBJECT\s+classid=\"clsid:EE479A40-C128-40DD-93DA-000556AF9607\"\r\n\t  codebase=\"CtrWeb\.cab#version=([\d,]+)\".*?<param name=\"CmdPort\" value=\"(\d+)\">\n<param name=\"StreamPort\" value=\"(\d+)\">|s p/DVRWeb viewer/ v/$SUBST(1,",",".")/ i/CmdPort $2; StreamPort $3/
match http m|^HTTP/1\.0 200 OK\r\nServer: KwikNet Web Server\r\n| p/Kadak KwikNet httpd/
match http m|^HTTP/1\.1 406 Not Acceptable\r\nContent-Type: text/html\r\nServer: MineloadHTTPD\r\n\r\nInvalid XML password\.| p/Mineload Bukkit plugin/
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nServer: cPanel\r\n| p/cPanel httpd/ i/unauthorized/
match http m|^HTTP/1\.1 200 OK\r\nPragma: no-cache\r\nCache-control: no-cache\r\nDate: .*\r\nServer: eXtensible UPnP agent\r\nAccept-Ranges: none\r\nConnection: close\r\nContent-Type: text/html\r\nEXT:\r\n\r\n.*Uptime: (\d+ days, [\d:]+).*Model: <a href=http://xupnpd\.org>xupnpd-([\w._-]+)</a>|s p/xupnpd http admin/ v/$2/ i/uptime: $1/
match http m|^HTTP/1\.1 200 OK\r\nServer: fexsrv\r\nLast-Modified: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n| p/F*EX (Frams' Fast File EXchange) server/ cpe:/a:ulli_horlacher:fex/
match http m|^HTTP/1\.0 403 Forbidden\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\nPragma: no-cache\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//en\">\r\n<html lang=\"en\">\r\n\r\n<head>\r\n    <meta LAG = \"<AG_PROXY_ID>\" >| p/Novell Access Gateway/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Type: text/html\r\n(?:X-Frame-Options: SAMEORIGIN\r\n)?Set-Cookie: wbm_cookie_session_id=[\dA-F]+; path=/; HttpOnly\r\n(?:Cache-Control: public,max-age=86400\r\nPragma: cache\r\nExpires: .*\r\n)?Date: .*\r\n(?:Last-Modified: .*\r\n)?Accept-Ranges: bytes\r\nConnection: close\r\nLocation: /main\.cgi\?page=index\.html\r\n\r\n| p/Vodafone Station http config/ d/WAP/
# Also responds to GenericLines (v6.60)
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nConnection: Close\r\nContent-Length: \d+ +\r\n\r\n.+>Dual DHCP DNS Server Version ([\w._-]+ Windows Build \d+)<|s p/Dual DHCP DNS Server http viewer/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 Ok\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\nRefresh: 5;url=/\r\n\r\n.*<td align=right class=title>PowerMTA&trade; ([\w._-]+)&nbsp;</td>|s p/Port25 Solutions PowerMTA http status/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: WebServer\(IPCamera_Logo\)\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nConnection: close\r\nLast-Modified: .*\r\nCache-Control: max-age=60\r\n\r\n\xef\xbb\xbf<!--\r\nProduct:ipcamera\r\nAuthor:xwpcom@gmail\.com\r\n-->| p/Maygion IPCamera http interface/ i/RTSP on same port/
# Verizon FIOS?
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Digest realm=\"IgdAuthentication\", domain=\"/\", nonce=\"\w{35}=\", qop=\"auth\", algorithm=MD5, opaque=\"5ccc09c403ebaf9f0171e9517f40e41\" \r\n\r\n| p/TL-069 remote access/
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nContent-Length: 0\r\nWWW-Authenticate: Digest realm=IgdAuthentication, domain=\"/\", qop=\"auth\", algorithm=MD5, nonce=\"\w{9}\"\r\n\r\n| p/TL-069 remote access/
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 23\r\nServer: MySQL Aggregator\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"CTA\"\r\nContent-Type: text/plain\r\n\r\nAuthorization required\n| p/MySQL Enterprise Agent Aggregator/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nCache-Control: no-cache \r\nServer: Bukkit Webby\r\nConnection: Close\r\n\r\n<script type='text/javascript'>var errorMsg = 'none';</script><!DOCTYPE html>| p/Bukkit Webby Minecraft http admin/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: /console/index\.html\r\nConnection: close\r\nDate: .* GMT\r\n\r\n$| p/JBoss Administrator/
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: max-age=0\r\nPragma: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nX-UA-Compatible: IE=Edge\r\nConnection: close\r\nSet-Cookie: web_session_id=\w+; path=/; HttpOnly; \r\n\r\n.*<title>PA Server Monitor</title>|s p/Power Admin Server Monitor http admin/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: SentinelKeysServer/([\w._-]+)\r\nMIME-Version: 1\.1\r\nContent-Type: text/html\r\n| p/SafeNet Sentinel Keys License Monitor httpd/ v/$1/ i/Java Console/ cpe:/a:safenet-inc:sentinel_keys_server:$1/
# The version numbers don't line up. Need more info or more fingerprints to figure out.
# Also, this matches 4 or 5 different services within CloudView. No further info.
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: Close\r\nContent-Length: \d+\r\nContent-Type: .*\r\nDate: .*\r\nHost: 0\.0\.0\.0\r\nServer: NG/6\.0\.16943\r\n| p/Exalead CloudView/ v/5.1.12.31472/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\nEtag: .*\r\nServer: ngconvert/6\.0\.16943 edoc/1\.4\.36592 \(BUILD=6\.0\.16943;EDOC=1\.4\.36592;AUTOMIME=1\.03;CONFEX=0\.153;XPDFTEXTLIB=3\.02\.24\)\r\n\r\n| p/Exalead CloudView/ v/5.1.12.31472/

match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?\r\n<!-- pageok -->\n<!-- managed by puppet -->\n<html>\n<pre>pageok</pre>\n</html>\n$|s p/GoDaddy error/
match http m|^HTTP/1\.1 400 Bad Request \(5\)\r\nServer: httpd\r\nDate: .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n| p/Cisco small business router VPN/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: HTS/tvheadend\r\nCache-Control: no-cache\r\nWWW-Authenticate: Basic realm=| p/Tvheadend http config/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 400 Bad Request\r\nDate: .* ([+-]\d+)\r\nContent-Length: 0\r\nServer: com\.novell\.zenworks\.httpserver/([\w._-]+)\r\n\r\n| p/Novell ZENworks httpd/ v/$2/ i/time zone: $1/ cpe:/a:novell:zenworks:$2/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/plain\n\nTable: Links\nLocal IP\tRemote IP\tHyst\.\tLQ\tNLQ\tCost\n| p/olsrd txtinfo plugin/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nDate: .*? ([A-Z]+)\r\nExpires: .*\r\n\r\n<HTML>.*<H1>DVR (\w+) WatchDog \(([\w._-]+)\)</H1>|s p/March Networks $2 DVR http config/ i/time zone: $1/ h/$3/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Speclab WebServer/([\w._-]+) (Instinct-\d+ Release \d+)\r\n|s p/Speclab WebServer/ v/$1/ i/Goal $2/
match http m|^HTTP/1\.1 200 OK\r\nMIME-Version: 1\.0\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" {332}\n    \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\"> {332}\n<html | p/Tektronix oscilloscope http viewer/
match http m|^HTTP/1\.1 200 OK\r\ncontent-length: \d+\r\ncontent-type: text/html; charset=utf-8\r\n\r\n.*<meta content=\"SOGo Web Interface\" name=\"description\" />\n\t<meta content=\"SKYRIX Software AG/Inverse inc\.\" name=\"author\" />.*<meta content=\"([^"]+)\" name=\"build\" />|s p/SOGo groupware http interface/ i/build: $1/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close \r\nContent-Type: text/html\r\nCache-control: no-cache\r\n\r\n.*top\.location\.href=\"login_page\.html\";</script><title>Paradox IP Module</title>|s p/Paradox security system IP module httpd/ d/security-misc/
match http m|^HTTP/1\.1 200 OK\r\nServer: WIBU-SYSTEMS HTTP Server/ Version ([\w._-]+) vom \d+\.\w+\.\d+\r\n| p/Wibu CodeMeter httpd/ v/$1/ i/German/
match http m|^HTTP/1\.1 200 OK\r\nServer: WIBU-SYSTEMS HTTP Server/ Version ([\w._-]+) of \w+/\d+/\d+\r\n| p/Wibu CodeMeter httpd/ v/$1/ i/English/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length:\d+\r\nContent-Type:text/html\r\nConnection:close\r\n\r\n<html><body><h2>Mendeley Desktop</h2>| p/Mendeley Desktop httpd/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nLast-Modified: \d+/\d+/\d+ \d+:\d+:\d+ [AP]M\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>HomeWorks Illumination Web Keypad</title>| p/Lutron HomeWorks web keypad/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: \d+\r\nCache-Control: no-cache\r\n\r\nUnified Protocol version ([\d.]+)| p/Samsung CLP printer httpd/ i/Unified Protocol $1/ d/printer/
# BIND 9.5 or later
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/xml\r\n(?:[^\r\n]+\r\n)*?Server: libisc\r\n.*<statistics version=\"([\w._-]+)\">|s p/BIND stats httpd/ i/XML statistics version $1/ cpe:/a:isc:bind/
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html>.*<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\.0, maximum-scale=1\.0, minimum-scale=1\.0, user-scalable=no\"/>\r\n<html>\r\n<head>\r\n\t<meta name=\"author\" content=\"Dave Jensen\" />\r\n\t<meta name=\"keywords\" content=\"LANDesk, Remote Control\" />|s p/LANDesk html5 remote control/ cpe:/a:landesk:landesk_management_suite/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: 345\r\nConnection: close\r\nDate: .*\r\nServer: Swift1\.0\r\n\r\n| p/Samsung Swift httpd/ v/1.0/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nSERVER: HDHomeRun/([\w._-]+)\r\n.*<div class=\"S\">Model: ([\w._-]+)<br/>Device ID: [\w._-]+<br/>Firmware: ([\w._-]+)</div>|s p/Silicondust HDHomeRun set top box http config/ v/$1/ i/model: $2; firmware: $3/ d/media device/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: NSG\r\nWWW-Authenticate: Basic Realm=Security\r\n| p/Harmonic NSG QAM video delivery httpd/ d/media device/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: Httpd/1\.0\r\nDate: \w+ \w+ +\d+ \d+:\d+:\d+ \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http:///login\.asp\r\n\r\n| p/CJ HelloVision DVW-2300N router http redirector/ d/WAP/
match http m|^HTTP/1\.1 403 Forbidden\r\nServer: Avaya Push Agent Ver x\.x\r\nDate: [A-Z]+ [A-Z]+ \d\d \d\d:\d\d:\d\d \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\n| p/Avaya Push Agent/ d/VoIP phone/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: GS-Webs\r\nDate: .*\r\nLocation: http://\x07/index\.html\r\n\r\n|s p/Huacam Cyclops IP camera http config/ d/webcam/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: IP-Phone-Web\r\nDate: [A-Z]+ [A-Z]+ \d+ \d+:\d+:\d+ \d+\r\n| p|TalkSwitch/FortiVoice web manager| d/VoIP phone/
match http m|^HTTP/1\.1 502 Bad Request\r\nContent-Length: \d+\r\n\r\n<html>\r\n<body>\r\nError 502 - Bad Request<br>\r\nThe server could not resolve your request for uri: http://[\d.]+/\r\n</body>\r\n</html>| p/Blackberry phone httpd/ d/phone/
match http m|^HTTP/1\.1 403 Forbidden\r\nDate: [A-Z]+ [A-Z]+ \d\d \d\d:\d\d:\d\d \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\n<html><head><title>Document Error: Forbidden</title></head>\r\n\t\t<body><h2>Access Error: Forbidden</h2>\r\n\t\t<p>HTTP/1\.0 403 Forbidden\n</p></body></html>\r\n\r\n| p/Avaya 9670 VoIP Phone httpd/ d/VoIP phone/ cpe:/h:avaya:9670/a
match http m|^HTTP/1\.1 302 Found\r\nLocation: http://([\w._-]+)/\?cfru=aHR0c.*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n<HTML><HEAD>\r\n<TITLE>Redirect</TITLE>\r\n</HEAD>\r\n<BODY>\r\n<FONT face=\"Helvetica\">\r\n<big><strong></strong></big><BR>\r\n</FONT>\r\n<blockquote>\r\n<TABLE border=0 cellPadding=1 width=\"80%\">\r\n<TR><TD>\r\n<FONT face=\"Helvetica\">\r\n<big>Redirect \(authentication_redirect_to_virtual_host\)</big>| p/Pitney Bowes Business Manager BMDLAService/ h/$1/
match http m|^HTTP/1\.0 401 Unauthorized\r.*\nServer: phionEntegraHTTP\r\nAllow: GET, HEAD, DELETE\r\nWWW-Authenticate: Basic realm=phion Transparent Agent authentication\r\n|s p/phion Entegra SSL VPN client/
match http m|^HTTP/1\.0 404 Not Found\r\nServer: 2Wire TR-069\r\nContent-Length: 0\r\nAllow: GET\r\nWWW-Authenticate: d=\d+ +set_mask=0x[\da-f]+ +handle_evt=0x[\da-f]+.+\r\n| p/2Wire TR-069 access/
match http m|^HTTP/1\.1 302 Found\r\nX-UA-Compatible: IE=edge,chrome=1\r\nSet-Cookie: JSESSIONID=[\dA-F]+; Path=/; Secure; HttpOnly\r\nDate: .*\r\nLocation: /maintenance-login\.html\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: 0\r\nVary: Accept-Encoding\r\nConnection: close\r\nServer: NSC/([\w._-]+) \(JVM\)\r\n\r\n| p/Nexpose Security Console/ v/$1/ i/maintenance mode/ cpe:/a:rapid7:nexpose:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]+\r\n(?!\r\n))*?Server: NSC/([\w._-]+) \(JVM\)\r\n\r\n|s p/Nexpose Security Console/ v/$1/ cpe:/a:rapid7:nexpose:$1/
match http m|^HTTP/1\.1 302 Found\r\nX-Frame-Options: SAMEORIGIN\r\nX-UA-Compatible: IE=edge,chrome=1\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nLocation: https://[^/]+/login\.jsp\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: Security Console\r\n\r\n| p/Nexpose Security Console/ cpe:/a:rapid7:nexpose/
match http m|^HTTP/1\.1 404 Not Found\r\nX-Powered-By: Sinopia/([\w._-]+)\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 13\r\nVary: Accept-Encoding\r\nX-Status-Cat: http://flic\.kr/p/aV6juR\r\nDate: .*\r\nConnection: close\r\n\r\nCannot GET /\n| p/Sinopia npm proxy/ v/$1/ i/node.js/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.1 300 Multiple Choices\r\nVary: X-Auth-Token\r\nContent-Type: application/json\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n{\"versions\": {\"values\": \[{.*?\"type\": \"application/vnd\.openstack\.identity-v([\d.]+)\+| p/OpenStack Identity API/ v/$1/
match http m|^HTTP/1\.1 200 Ok\r\nServer: ZyXEL Modem\r\n.*<title>\.::Welcome to ZyXEL ([^:<]+?)::\.</title>|s p/ZyXEL $1 modem http config/ d/broadband router/ cpe:/h:zyxel:$1/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Oracle-Traffic-Director/([\w._-]+)\r\nDate: .*\r\nContent-length: \d+\r\nContent-type: text/html; charset=UTF-8\r\nX-powered-by: Servlet/([\w._-]+) JSP/([\w._-]+)\r\n| p/Oracle Traffic Director/ v/$1/ i/Servlet $2; JSP $3/ cpe:/a:oracle:jsp:$3/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Oracle-Traffic-Director/([\w._-]+)\r\n| p/Oracle Traffic Director/ v/$1/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Printopia/([\w._-]+)\r\nLocation: http://www\.ecamm\.com/mac/printopia/instructions\.html\r\nConnection: close\r\n\r\n| p/Printopia for Mac/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: httpd\r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm=\"(E\d+)\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n\n| p/Cisco Linksys $1 router config/ d/broadband router/ cpe:/h:cisco:linksys_$1/a
# Blackberry 10.2.1
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServer: \r\n\r\n<html><head><title>404 Not Found</title></head>\n<body><h1>404 Not Found</h1>\nindex\.html: <pre>This item has not been found</pre>\n| p/Blackberry Universal Device Service/ d/phone/ cpe:/a:blackberry:blackberry_universal_device_service/
match http m|^HTTP/1\.1 404 Service not found\r\nDate: .* GMT\r\nServer: ACE XML Gateway\r\nContent-Type: text/plain\r\nContent-Length: 42\r\nConnection: close\r\n\r\nNo handler was found matching the request\.| p/Cisco Application Control Engine XML Gateway/ d/load balancer/ cpe:/a:cisco:application_control_engine_software/
# Post-2.2 development version has longer content
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: 17\r\nWWW-Authenticate: Basic realm=varnish-agent\r\nDate: .*\r\n\r\nAuthorize, please$| p/Varnish Agent/ v/2.2 or older/ cpe:/a:varnish-cache:varnish_agent/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"NetAV\", nonce=\"[\da-f]{32}\", algorithm=MD5, domain=\"/netav/\", qop=\"auth\",\r\nPragma: no-cache\r\nCache-control: no-cache, no-store\r\n\r\n$| p/Sony NetAV/ d/media device/
# UUID header added in 0.5.6b
match http m|^HTTP/1\.1 400 Bad request\r\nContent-Type: text/html; charset=utf-8\r\nPragma: no-cache\r\nExpires: 0\r\nCache-Control: no-store\r\nConnection: close\r\nX-PageKite-UUID: [\da-f]{40}\r\n\r\n<html><body><h1>400 Bad request</h1><p>Invalid request, no Host: found\.</p></body></html>\n| p/PageKite localhost tunnel/ v/0.5.6b or later/
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nServer: Genetic Lifeform and Distributed Open Server ([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\nCache-Control: public, max-age=31536000\r\nContent-Length: 28\r\n\r\nAn error has occurred\. \(404\)| p/Hentai@Home P2P downloader/ v/$1/
match http m|^HTTP/1\.1 400 Bad Request \(missing Host: header\)\r\nConnection: close\r\nDate: .* ([-+]\d\d\d\d)\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n| p/Pandora FMS/ i/timezone: $1/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nContent-Type: text/plain\r\nContent-Length: 24\r\nLocation: /unsupported_browser\.htm\r\nDate: .*\r\nConnection: close\r\nServer: RStudio\r\n\r\n/unsupported_browser\.htm| p/RStudio Server/
match http m|^HTTP/1\.0 401 unknown \r\nServer: ForceLiveTransfer/([\w ]+)\r\nContent-Length: 0\r\nDate: .*\r\nWWW-Authenticate: Basic  realm=\"[^"]+\"\r\n\r\n$| p/ForceTech ForceLive Transfer/ v/$1/ d/media device/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-type: text/plain\r\nContent-length: 58\r\n\r\n400 Bad Request\n'json' or 'msgpack' parameter is required\n$| p/fluentd data collector/ v/0.10.48 or later/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: http://null/console/index\.html\r\nConnection: close\r\nDate: .*\r\n\r\n$| p/HornetQ JMS http admin/
match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nContent-Type: text/html; charset=UTF-8\r\nServer: gvs ([\d.]+)\r\n.* <title>Error 404 \(Not Found\)!!1</title>|s p/Google Video Server/ v/$1/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/plain\r\nConnection: close\r\nDate: .*\r\nServer: HPE?-iLO-Server/([\w._-]+)\r\nContent-Length: 0\r\n\r\n| p/HP Integrated Lights-Out web interface/ v/$1/ cpe:/h:hp:integrated_lights-out:$1/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/plain\r\nConnection: close\r\nDate: .*\r\nContent-Length: 0\r\n\r\n| p/HP Integrated Lights-Out web interface/ cpe:/h:hp:integrated_lights-out/
match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nServer: Brazil/([\d.]+)\r\nConnection: close\r\nContent-Length: 135\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<title>Error: 404</title>\n<body>\nGot the error: <b>Not Found</b><br>\nwhile trying to obtain <b>/</b><br>\n\n</body>\n</html>| p/Sun Labs Brazil httpd/ v/$1/ o/Android/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 403 Forbidden\r\nServer: Norman Security/([\w._-]+)\r\nContent-Type: text/html\r\nConnection: Close\r\nContent-Length: 83\r\n\r\n<html><title>Security Error</title><body><br><h2>403 - Forbidden</h2></body></html>| p/Norman Security Suite http config/ v/$1/ cpe:/a:norman:security_suite:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Tadiran MGCP Phone\"\r\nContent-Type: text/html\r\n\r\n<html>| p/Tadiran MGCP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Cosminexus HTTP Server\r\n| p/Hitachi Cosminexus httpd/ cpe:/a:hitachi:cosminexus_application_server/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Intel\(R\) Small Business Technology ([\w._-]+)\r\n|s p/Intel Small Business Technology Platform/ v/$1/ d/remote management/ cpe:/a:intel:small_business_technology_platform:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\n.*<meta name=\"DC\.Title\" content=\"WebSphere Application Server Version V([\w._-]+) Liberty Profile Welcome\" />|s p/IBM WebSphere Application Server/ v/$1/ i/Liberty Profile/ cpe:/a:ibm:websphere_application_server:$1:-:liberty_profile/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: DrWebServer/REL-1000-([\w._-]+) ([^/]+)/(\w+) Lua/([\w._-]+) OpenSSL/([\w._-]+) zlib/([\w._-]+) UNICODE/[\d.]+\r\n|s p/Dr.Web Enterprise Security Suite httpd/ v/$1/ i/arch: $3; Lua $4; OpenSSL $5; zlib $6/ o/$SUBST(2,"_"," ")/ cpe:/a:drweb:enterprise_security_suite:$1/ cpe:/a:gnu:zlib:$6/ cpe:/a:openssl:openssl:$5/ cpe:/a:puc-rio:lua:$4/
# aviosys 9060 webcam
match http m|^HTTP/1\.0 401 NG \r\nWWW-Authenticate: Basic realm=Camera Name : (.*)\r\n\r\nUnauthorized$| p/Aviosys webcam httpd/ i/camera name: $1/ d/webcam/
match http m|^HTTP/1\.1 400 Bad request\r\nContent-Length: 80\r\n\r\n<html><head><title>400 Bad request</title></head><body>Bad request</body></html>| p/Cockpit management console/ o/Linux/ cpe:/a:redhat:cockpit/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 404 Not Found\r\nServer: CPE-SERVER/([\w._-]+) Supports only GET\r\n\r\n| p/CPE Server TR-069 remote access/ v/$1/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nServer: IPCamera HTTP/ONVIF/P2P/RTSP/VOD Multi-Server\r\n| p|DB Power IP Camera HTTP/ONVIF/P2P/RTSP/VOD multi-server| d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nServer: WebServer\(ipcamera\)\r\n| p|DB Power IP Camera HTTP/ONVIF/P2P/RTSP/VOD multi-server| d/webcam/
# Amazon Fire TV
match http m|^HTTP/1\.1 \d\d\d [\w ]+ \r\nContent-Type: text/plain\r\nDate: .*\r\nConnection: keep-alive\r\nContent-Length: \d+\r\n\r\nError \d\d\d, [\w ]+\.$| p/Amazon Whisperplay DIAL REST service/ d/media device/ cpe:/a:amazon:whisperplay/
match http m|^HTTP/1\.1 403 HTTP_FORBIDDEN\r\nCache-Control: no-cache\r\nConnection: close\r\nDate: .* \d\d:\d\d:\d\d\r\n\r\n| p/Folding@Home FAHClient/ cpe:/a:stanford:fahclient/
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Digest qop=\"auth\", realm=\"rokudev\", nonce=\"1412736333\"\r\n\r\n| p/Mongoose httpd/ v/3.7/ i/Roku developer interface, firmware 5.2 or later/ cpe:/a:cesanta:mongoose:3.7/
match http m|^HTTP/1\.1 200 Ok\r\nServer: httpd\r\nDate: .* GMT\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n| p/milli_httpd/ cpe:/a:acme:milli_httpd/
# Some misconfiguration perhaps?
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/plain\r\nDate: .* GMT\r\nConnection: close\r\n\r\nNot implemented$| p/Node.js/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/html; charset=utf-8\r\nCache-Control: no-cache\r\nWWW-Authenticate: Digest realm=\"Tixati Web Interface\", qop=\"auth\", nonce=\"[0-9a-f]{32}\", opaque=\"[0-9a-f]{32}\"\r\n\r\n| p/Tixati bittorrent client Web interface/ cpe:/a:tixati:tixati/
match http m|^HTTP/1\.1 401 Not Authorized\r\nWWW-Authenticate: Basic realm=\"Vuze(?: - Vuze Web Remote)?\"\r\nContent-Length: 15\r\n\r\nAccess Denied\r\n| p/Vuze remote http admin/ cpe:/a:azureus:vuze/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .* GMT\r\nContent-Length: 1164\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n| p/Oracle WebLogic admin httpd/ cpe:/a:oracle:weblogic_server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: Keep-Alive\r\nServer: \r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">\r\n<!-- this page must have 520 bytes or more, ie is a wonderfull program -->| p/Siemens Gigaset C610 VoIP Phone http admin/ d/VoIP phone/ cpe:/h:siemens:gigaset_c610/a
match http m=^HTTP/1\.1 400 Bad Request\r\nS(?:ERVER|erver): HDHomeRun/([\w._-]+)\r\n= p/SiliconDust HDHomeRun set top box http admin/ v/$1/ d/media device/ cpe:/h:silicondust:hdhomerun/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: HDHomeRun/([\d.]+)\r\nConnection: close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n| p/SiliconDust HDHomeRun set top box streaming httpd/ v/$1/ d/media device/ cpe:/h:silicondust:hdhomerun/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nContent-type: text/html\r\nContent-Length: 97\r\nWWW-Authenticate: Digest qop=\"auth\", stale=false, algorithm=MD5, realm=\"(ECOR[\w_-]+)\", nonce=\"\d+\"\r\nConnection: keep-alive\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY><H1>401 Unauthorized</H1></BODY></HTML>\n| p/EverFocus $1 DVR http viewer/ d/media device/ cpe:/h:everfocus:$1/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Raumfeld Renderer\r\nConnection: close\r\nContent-Type: audio/x-flac\r\n| p/Raumfeld Connector audio streaming httpd/ d/media device/ cpe:/h:teufel:raumfeld_connector/
match http m|^HTTP/1\.1 200 OK\r\nServer: Linux, WEBACCESS/([\w._-]+), (DIR-\w+) Ver ([\w._-]+)\r\n| p/D-Link SharePort web access/ v/$1/ i/model $2, version $3/ d/storage-misc/ o/Linux/ cpe:/a:d-link:shareport_web_access:$1/ cpe:/h:d-link:$2/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nContent-Length: 0\r\n\r\n$| p/T-Home Telekom Media Receiver httpd/ d/media device/
match http m%^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html; charset=\"utf-8\"\r\nServer: Linux/((2\.[46]\.\d+|\d\.\d+)\S*) DoaHTTP\r\nContent-Length: 0\r\nDate: .* GMT\r\n\r\n$% p/com.sec.android.app.FileTransferServer/ i/Linux $1/ o/Android/ cpe:/o:google:android/ cpe:/o:linux:linux_kernel:$2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: WebIOPi/([\w._-]+)/Python(\d[\w._-]*)\r\n| p/WebIOPi IoT framework/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/ cpe:/a:trouch:webiopi:$1/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<html><head><title></title>\n.*\n<script language=\"javascript\">\nvar lanIP=\"[\d.]+\";\nvar wanIP=\"([\d.]+)\";|s p/EnGenius ESR600 router http admin/ i/WAN IP: $1/ cpe:/h:engenius:esr600/a
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nContent-length: \d+\r\nContent-type: text/html\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE></TITLE>\r\n<script id=\"clientEventHandlersJS\" type=\"text/javascript\">| p/LG Ericsson iPECS telephone system web interface/ d/telecom-misc/
match http m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nContent-Length: 63\r\n\r\n<html><body><h2>Error: 501 / Not Implemented</h2></body></html>| p/WibuKey license server/ cpe:/a:wibu:wibukey/
match http m|^HTTP/1\.1 401 Unauthorized\r\nCache-Control: private\r\nExpires: .* (\w+)\r\nX-Frame-Options: SAMEORIGIN\r\nSet-Cookie: JSESSIONID_\d+=[0-9A-F]{32}; Path=/; Secure; HttpOnly\r\nWWW-Authenticate: Basic realm=\"IBM UrbanCode Deploy\"\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: \d+\r\nVary: Accept-Encoding\r\nDate: .*\r\nConnection: close\r\nServer: SERVER\r\n\r\n| p/IBM UrbanCode Deploy/ i/time zone: $1/ cpe:/a:ibm:urbancode_deploy/
match http m|^HTTP/1\.0 501 Not Implemented\r\n$| p/Liaison Exchange Commerce Suite/ cpe:/a:liaison:exchange_cs/
match http m|^HTTP/1\.1 200 OK\r\nServer: ThreadedServers\.Pacserve/([\w._-]+)\r\n| p/Pacserve package server for Arch Linux/ v/$1/ cpe:/a:xyne:pacserve:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Intel\(R\) Standard Manageability ([\w._-]+)\r\n\r\n|s p/Intel AMT WebUI/ v/$1/ i/Standard Manageability/ cpe:/a:intel:active_management_technology:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: Keep-Alive\r\nWWW-Authenticate: Basic realm=\"HuaweiHomeGateway\"\r\nContent-Length: 0\r\n\r\n| p/Huawei TR-069 remote access/ d/broadband router/
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: Keep-Alive\r\nWWW-Authenticate: Digest realm=\"HuaweiHomeGateway\",nonce=\"[\da-f]{32}\", qop=\"auth\", algorithm=\"MD5\"\r\nContent-Length: 0\r\n\r\n| p/Huawei TR-069 remote access/ d/broadband router/
match http m|^HTTP/1\.1 401\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nExpires: Thu, 01 Dec 1990 12:00:00 GMT\r\n\r\n<html><head><title>License Server ([\d.]+)</title></head><body><a href=\"/getstatus\">Get status of the server</a></body></html>| p/V-Ray License Server/ v/$1/ cpe:/a:chaosgroup:vray_license_server:$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Hikvision-Webs\r\nDate: [\w: ]{19} \d\d\d\d\r\n| p/Hikvision camera httpd/ d/webcam/
match http m|^HTTP/1\.1 403 Forbidden\r\nConnection: Keep-Alive\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=iso-8859-1\r\nDate: .*\r\nKeep-Alive: timeout=15; max=19\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>403 Forbidden</TITLE>\r\n</HEAD><BODY>\r\n<H1>Forbidden</H1>\r\nYou don't have permission to access /\r\non this server\.<P>\r\n<HR>\r\n<ADDRESS>HTTP Server at [\w.-]+ Port \d+</ADDRESS>\r\n</BODY></HTML>\r\n| p/SoftEther VPN httpd/ cpe:/a:university_of_tsukuba:softether_vpn/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type:text/html; charset=UTF-8\r\nContent-Length:97\r\n\r\n<html><head><title>403 Access Denied</title></head><body><h1>403 Access Denied</h1></body></html>| p/Spotify/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: index\.htm\r\nServer: Httpd \r\nConnection: Close\r\nDate: .*\r\n\r\n| p/HP MSM Controller or 1920-series switch httpd/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nETag: \"[0-9a-f_]+\"\r\nAccept-Ranges: bytes\r\nContent-Length: 131\r\nConnection: close\r\nContent-Type: text/html\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n<html><script type=\"text/javascript\">\nif \(window!=top\) top\.location=window\.location;top\.location=\"/remote/login\";\n</script></html>\n| p/Fortinet SSL VPN/ d/security-misc/
# Netasq/Stormshield
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nConnection: Close\r\nLocation: /auth/\r\nCache-Control: no-store,no-cache,must-revalidate\r\nPragma: no-cache\r\nExpires: -1\r\nLast-Modified: Mon, 12 Jan 2000 13:42:42 GMT\r\nContent-Type: text/html\r\n\r\n| p/Stormshield firewall admin httpd/ d/firewall/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a
# Despite the 1.4 server header, this can be anything from 1.4 to 2.0:
match http m|^HTTP/1\.1 200 OK\r\nETag: W/\"\d\d\d\d-\d+\"\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nDate: .*\r\nServer: Sun-Java-System/Web-Services-Pack-1\.4\r\nConnection: close\r\n\r\n<html>\n<head>\n<title>Java Web Services Developer Pack ([\d.]+)</title>| p/Java Web Services Developer Pack/ v/$1/ cpe:/a:sun:jwsdp:$1/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nHTTP/1\.0 400 Bad Request\r\n| p/Huawei S5700-series switch httpd/ d/switch/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: switch\r\nDate: [a-z,0-9: ]+ GMT\r\nContent-Length: \d\d?\r\nConnection: Close\r\n\r\n| p/Huawei S5700-series switch httpd/ d/switch/
match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: alphapd\r\nDate: .* \d\d\d\d\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"(TV-IP\w+)\"\r\n\r\n| p/alphapd httpd/ i/TrendNet $1 IP camera/ d/webcam/ cpe:/h:trendnet:$1/
match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: alphapd\r\nDate: .* \d\d\d\d\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"(DCS-\w+)\"\r\n\r\n| p/alphapd httpd/ i/D-Link $1 IP camera/ d/webcam/ cpe:/h:d-link:$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: Web Server\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n\n   <!DOCTYPE HTML PUBLIC| p/Dell N2000-series switch http admin/ d/switch/
match http m|^HTTP/1\.1 302 Object moved\r\nLocation: https://:443/index\.htm\r\nContent-length: 0\r\nConnection: close\r\n\r\n| p/ATEN CN8000 KVM http admin/ cpe:/h:aten:cn8000/
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nContent-length: \d\d\d\d\r\nConnection: close\r\nContent-type: text/html\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">| p/ATEN CN8000 KVM http admin/ cpe:/h:aten:cn8000/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n\n<!DOCTYPE html>\n<html>\n  <head>\n    <script language=\"JavaScript\">\n      var a = navigator\.userAgent\x7c\x7cnavigator\.vendor\x7c\x7cwindow\.opera;\n      if\(/android\x7cavantgo\x7cblackberry\x7cblazer\x7ccompal\x7celaine| p/Open Lighting Architecture daemon/ cpe:/a:open_lighting_project:ola/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\nLast-Modified: .*\r\nContent-length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\">\n<html>\n<head>\n    <title>Aastra IP Phone Webconfiguration</title>| p/Aastra IP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control: max-age=600\r\n\r\n<!DOCTYPE html>.*<link rel=\"stylesheet\" title=\"default\" href=\"style/mtu(\w+)\.css\"|s p/The Energy Detective MTU$1 http admin/ d/power-device/ cpe:/h:the_energy_detective:mtu$1/
match http m|^HTTP/1\.1 401 Authorization Required\r\nDate: .*\r\nServer: \r\nExpires: 0\r\nSet-Cookie: SESSION=; path=/;\r\nExpires: 0\r\nVary: Accept-Encoding\r\nContent-Length: \d\d\d\d\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\n<link rel=\"shortcut icon\" href=\"/images/favicon\.ico\" type=\"image/x-icon\"/>\n<title>Login</title>| p/ArubaOS WebUI http admin/ o/ArubaOS/ cpe:/o:arubanetworks:arubaos/
# Viewer for a rtmp stream, no other info.
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: akstreamer/([\d.]+)\r\nDate: .* GMT\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n| p/akstreamer httpd/ v/$1/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .* GMT\r\nServer: \r\nContent-length: 0\r\nConnection: close\r\nLocation: http://[\w.-]+:80/login\.lp\r\nSet-Cookie: xAuth_SESSION_ID=[\w/+]+=; path=/; \r\nCache-control: no-cache=\"set-cookie\"\r\n\r\n$| p/Technicolor DSL modem http admin/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nServer: WebServer\r\nDate: .*\r\n\r\n<html>\n\t<head>\n\t\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n\t\t<title>D-LINK SYSTEMS, INC\. \x7c Web File Access : Login</title>| p/D-Link SharePort Web File Access/ d/storage-misc/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=-1\r\nAccept-Ranges: bytes\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE html><html><head><title>D-LINK \x7c SharePort Web Access</title>| p/D-Link SharePort Web File Access/ d/storage-misc/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 35\r\nConnection: close\r\n\r\nError 404: Not Found\nFile not found$| p/Nvidia Streamer Service/ o/Windows/ cpe:/a:nvidia:nvidia_streamer_service/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 500 Internal Server Error\r\nContent-Type: text/plain\r\nContent-Length: \d+\r\n.* at [\w._]+ (?:\[as [\w._]+\] )?\(([^:)]*/nodejs/)node_modules/[^:)]+\.js:\d+:\d+\)\n|s p/node.js/ i/installation path: $1/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: CloudHub HTTP Server v([\w._-]+)\r\nDate: .* GMT 00:00\r\n| p/CloudHub iPaaS httpd/ v/$1/ cpe:/a:mulesoft:cloudhub:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\nLast-Modified: .*\r\nServer: atvise\r\n| p/Certec atvise SCADA control httpd/ cpe:/a:atvise:webmi2ads/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: /ui/\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<a href=\"/ui/\">Moved Permanently</a>\.\n\n| p/HashiCorp Consul service discovery httpd/ cpe:/a:hashicorp:consul/
match http m|^HTTP/1\.0 200 OK\nServer: Emacs/([\w._-]+)\nDate: .*\n\nedit-server is running\.\n| p/Emacs text editor/ v/$1/ i/Edit with Emacs extension/ cpe:/a:gnu:emacs:$1/
# Fallback from HTTPOptions, RTSPRequest, and SIPOptions
match http m|^HTTP/1\.[01] 406 Not Acceptable\r\nContent-Length: 51\r\nContent-Type: text/html; charset=utf-8\r\nDate: .* GMT\r\n\r\n<html><body>HTTP Method not supported</body></html>$| p/Greenbone Security Assistant/ cpe:/a:greenbone:security_assistant/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html;\r\nTransfer-Encoding: chunked\r\nCache-Control: no-store\r\nConnection: close\r\n\r\ndb\r\n<html><head><title>Success</title></head><body><form name=\"REDIRECTFORM\" method=\"get\" action=http://ezshare\.card/publicdir/welcome\.htm></form><script language='javascript'>REDIRECTFORM\.submit\(\);</script></body></html>\r\n\r\n0\r\n\r\n| p/ez Share Wi-Fi SD card/ d/storage-misc/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nConnection: Close\r\nDate: .* GMT\r\nContent-Type: text/html\r\nLocation: http://null/storage/emulated/0\r\nContent-Length: 103\r\n\r\nYou are being redirected to <a href=\"http://null/storage/emulated/0\">http://null/storage/emulated/0</a>\r\n| p/smarterDroid WiFi File Transfer/ d/phone/ o/Android/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: Close\r\nDate: .*\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">\r\n<html>\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\r\n<title> - ([^<]+?) - WiFi File Transfer</title>| p/smarterDroid WiFi File Transfer/ i/$1/ d/phone/ o/Android/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: Close\r\nDate: .*\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">\r\n<html>\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\r\n<title> - ([^<]+?) - WiFi File Transfer Pro</title>| p/smarterDroid WiFi File Transfer Pro/ i/$1/ d/phone/ o/Android/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 404 Not Found\r\n.*<h2>Sinatra doesn&rsquo;t know this ditty\.</h2>\n  <img src='http://[^/]+/__sinatra__/404\.png'>|s p/Sinatra web framework/ cpe:/a:bmizerany:sinatra/
match http m|^HTTP/1\.1 200 OK\r\nDate: [A-Z][a-z]{2}, 1 [A-Z]{3} 2015 18:6:13 GMT\r\nServer: Plex\r\nKeep-Alive: timeout=60\r\nContent-Length: 692\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\n\r\n<html>\n<head>\n<title>Plex</title>\n</head>\n<body>\n<h1>/</h1>\n<tt><pre>| p/Plex for Roku/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Unknown\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\n\r\n\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\"\n\"http://www\.w3\.org/TR/html4/loose\.dtd\">\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n<title>LifeSize&reg;</title>| p/LifeSize teleconferencing config httpd/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nCache-control: max-age=300\r\nServer: Ubicom/([\d.]+)\r\nContent-Length: \d+\r\n\r\n<!-- saved from url=\(0022\)http://internet\.e-mail -->\n<html>\n\t<head>\n\t\t<title>Veo Observer Web Client</title>| p/Ubicom embedded httpd/ v/$1/ i/Veo Observer webcam/ d/webcam/ cpe:/h:veo:observer/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: 59\r\nContent-Type: text/plain\r\n\r\nIf you see this page, Seafile HTTP syncing component works\.| p/Seafile HTTP syncing component/ cpe:/a:seafile:seafile/
match http m|^HTTP/1\.1 200 OK\r\nDate: Wed, 17 Jan 2007 22:21:12 GMT\r\nServer: Smeagol/([\w._-]+)\r\nAccept-Ranges: bytes\r\nConnection: Close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<title>Blue's IP Buffer Front Page</title>| p/Smeagol httpd/ v/$1/ i/Telcen Blue's IP Buffer/ d/telecom-misc/
# For fallback (same device as above):
match http m|^HTTP/1\.1 501 Not Implemented\r\nFoo: /usr/www/errors/501\.html\r\nConnection: Close\r\nContent-Type: text/plain\r\n\r\n501 Not Implemented\r\n\r\nThe requested method isn't implemented\.\r\n| p/Smeagol httpd/
match http m|^HTTP/1\.[01] \d\d\d [^\r\n]+\r\nServer: HTTP server\r\nDate: [^\r\n]+ \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n.*</html>\r\n\r\n<head>|s p/Dell 1355cnw MFC config httpd/ d/printer/ cpe:/h:dell:1355cnw/
match http m|^HTTP/1\.[01] \d\d\d .+\r\nDate: .+\r\nServer: Netgem/1\.0 \([Hh][Tt][Tt][Pp]server\)\r\n| p/Netgem netbox set-top box config httpd/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nDate: [^\r\n]+ ([A-Z]+) \d\d\d\d\r\nServer: User Agent Web Server\r\n.*<title>STB WebServer</title>|s p/Cisco ODN set-top box httpd/ i/time zone: $1/ d/media device/
match http m|^HTTP/1\.1 302 Movtmp\r\nContent-Type: text/html\r\nLocation: https://[\d.]+:443/\r\nConnection: close\r\nUpgrade: TLS/([\d.]+)\r\n\r\n| p/Kyocera TASKalfa printer httpd/ i/redirect to HTTPS, TLS $1/ d/printer/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nServer: TSEWS\r\nContent-Length: \d+\r\nDate: .*\r\nExpires: .*\r\n| p/Technisat Embedded Web Server/ d/media device/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\nLast-Modified: .*\r\nContent-length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\">\n<html>\n<head>\n    <title>Aastra IP Phone Configurator</title>\n    <link rel=\"stylesheet\" href=\"/aamadeus\.css\" type=\"text/css\">| p/Aastra IP Phone config httpd/ d/VoIP phone/
match http m|^HTTP/1\.1 404 Not Found\r\ncontent-type: text/html\r\ncontent-length: \d+\r\nserver: PyCharm ([\w._-]+)\r\ndate: | p/PyCharm/ v/$1/ cpe:/a:jetbrains:pycharm:$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Encoding: \r\nContent-Length: \d+\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\" dir=\"ltr\">\n<head>\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8\" />\n    <title>[^<]*qBittorrent| p/qBittorrent Web UI/ cpe:/a:qbittorrent:qbittorrent/
match http m|^HTTP/1\.0 404 Not Found\r\nServer: Cowboy\r\nDate: [^\r\n]+\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\n.*<title>Heroku \x7c No such app</title>|s p/Cowboy httpd/ i/Heroku/ cpe:/a:ninenines:cowboy/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=iso-8859-1\r\nCache-control: no-cache\r\nContent-Length: \d+\r\n\r\n<html>\r\n<head>\r\n<meta HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset==iso-8859-1\">\r\n<title>ARCHTTP Configuration</title>| p/Areca RAID Controller HTTP configuration tool/
match http m|^HTTP/1\.1 200 OK\nServer: axhttpd/([\w._-]+)\nContent-Type: text/html\nContent-Length: \d+\nDate: .*\nLast-Modified: .*\n\n| p/axTLS axhttpd/ v/$1/ cpe:/a:cameron_rich:axtls:$1/
match http m|^HTTP/1\.1 200 OK\r\nAccess-Control-Allow-Methods: GET, POST, HEAD, OPTIONS\r\nAllow: GET, POST, HEAD, OPTIONS\r\nContent-Length: 0\r\nServer: PhpStorm ([\w._-]+)\r\nDate: | p/PhpStorm IDE httpd/ v/$1/ cpe:/a:jetbrains:phpstorm:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nSet-Cookie: DLILPC=\"\"; Version=1; Max-Age=0; Path=/\r\n\r\n.*<title>Power Controller </title>\n \n<script language=\"javascript\" src=\"/md5\.js\"></script>|s p/Digital Loggers Web Power Switch II http config/ d/power-device/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache[- ]Control: .*\r\nExpires: .*\r\nPragma: no-cache\r\nSet-Cookie: DLILPC=""; Version=1; Max-Age=0; Path=/\r\n\r\n<html>\n<head>\n<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">\n \n<title>Power Controller </title>| p/Digital Loggers Web Power Switch/ d/power-misc/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Fast Wireless (?:\w+ )?Router (FW\w+)\"\r\nContent-Type: text/html\r\n\r\n<!--Web Server Error Report:<HR>| p/Fast WAP admin httpd/ i/model: $1/ d/WAP/ cpe:/h:fast:$1/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<!DOCTYPE html>\n<html ng-app=\"ts3soundboard-bot\" ng-controller=\"base\">| p/TS3 Soundboard-Plugin/ cpe:/a:michael_friese:ts3sb/
# ePO 5.0.0.2620 missing X-FRAME-OPTIONS
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n(?:X-FRAME-OPTIONS: SAMEORIGIN\r\n)?Content-Disposition: \r\n\r\n<!DOCTYPE html>\r\n<html>\r\n<head>\r\n<script src=\"js/AgentLog\.js\">| p/McAfee ePolicy Orchestrator Agent Activity Log httpd/ cpe:/a:mcafee:epolicy_orchestrator_agent/
# Fallback
match http m|^HTTP/1\.1 405 Method Not Allowed\r\nConnection: close\r\nContent-Type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n12\r\nMethod Not Allowed\r\n0\r\n\r\n| p/OpenWrt uHTTPd/ d/WAP/ o/Linux/ cpe:/a:openwrt:uhttpd/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: \d+\r\nCache-Control: max-age=0, no-store, no-cache\r\nx-enc: Ext1, Basic\r\nServer: Samsung ([\w ]+) Series, sn=([\dA-Z]+)\r\n\r\n| p/Samsung SyncThru Web Service/ i/$1 series; SN: $2/ d/printer/ cpe:/a:samsung:syncthru_web_service/
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nExpires: .*\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-store, no-cache, must-revalidate\r\nContent-Length: \d+\r\n\r\n<html>\n\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n<script>product=\"HOTBOX\"| p/Hot Hotbox router admin httpd/ d/broadband router/ cpe:/h:hot:hotbox/
match http m|^HTTP/1\.1 500 Internal Server Error\r\nContent-Type: text/plain\r\nContent-Length: 56\r\nDate: .*\r\nConnection: close\r\n\r\nTypeError: Object #<ServerResponse> has no method 'send'| p/Tizen Multiscreen SDK httpd/ d/media device/
match http m|^HTTP/1\.1 401 Authentication Required\r\nWWW-Authenticate: Basic realm=\"([\d.]+)\"\r\nRefresh: 0;URL=\"/ui/logout\.htm\"\r\nServer: Blue-Coat-CacheFlow-Appliance\r\nCache-Control: no-store\r\nSet-Cookie: BCSI_MC=| p/Blue Coat CacheFlow appliance web ui/ i/IP $1/
match http m|^HTTP/1\.1 303 See Other\r\nDate: .*\r\nSet-Cookie: JSESSIONID=[^;]+;Path=/\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nLocation: http://[^:/]+:9000/sessions/new\r\nContent-Length: 0\r\n\r\n| p/Mode Analytics Connector httpd/
# node.js?
match http m|^HTTP/1\.1 200 OK\r\nX-Powered-By: NodeBB\r\nX-Frame-Options: SAMEORIGIN\r\n| p/NodeBB web forum/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\"><html><head><meta http-equiv=content-type content=\"text/html;charset=utf-8\"><title>TSD</title>\n| p/OpenTSDB TSD/ i/http response on TSD port/ cpe:/a:opentsdb:opentsdb/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nExpires: .*\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html>\n  <head>\n    <title>Kodi</title>\n| p/libmicrohttpd/ i/Kodi OSMC web control/ cpe:/a:gnu:libmicrohttpd/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nCache-Control: private, max-age=0, no-cache\r\nAccept-Ranges: bytes\r\nDate: .*\r\n\r\n<!DOCTYPE html>\r?\n<html>\r?\n  <head>\r?\n    <title>Kodi</title>| p/libmicrohttpd/ i/Kodi OSMC web control/ cpe:/a:gnu:libmicrohttpd/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nExpires: .*\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n  <head>\n    <meta charset=\"utf-8\">\n    <title>Chorus\.</title>| p|Chorus Web UI for XBMC/Kodi| cpe:/a:jeremy_graham:chorus/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nCache-Control: private, max-age=0, no-cache\r\nAccept-Ranges: bytes\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang="en">\n  <head>\n    <meta charset="utf-8">\n    <title>Chorus\.</title>| i|Chorus Web UI for XBMC/Kodi| cpe:/a:jeremy_graham:chorus/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nCache-Control: private, max-age=0, no-cache\r\nAccept-Ranges: bytes\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang="en">\n    <head>\n        <meta charset="utf-8">\n        <title>Chorus 2 - Kodi web interface</title>| v/2/ i|Chorus Web UI for XBMC/Kodi| cpe:/a:jeremy_graham:chorus:2/
match http m|^HTTP/1\.1 200 Ok\r\nDate: .* GMT\r\nContent-Type: text/html\r\nSet-Cookie: WASID=[\da-f]{16}; path=/\r\nSet-Cookie: WAAK=[\da-f]{32}; path=/; secure\r\nConnection: close\r\n\r\n| p/Stonesoft StoneGate SSL VPN/ cpe:/a:stonesoft:stonegate/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nServer: Goliath\r\n| p/Goliath httpd/ cpe:/a:postrank:goliath/
match http m|^HTTP/1\.1 200 OK\r\nConnection: Close\r\nDate: .*\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN" "http://www\.w3\.org/TR/html4/loose\.dtd">\r\n<html>\r\n<head>\r\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8">\r\n<title> - ([^<]*?) - WiFi File Transfer</title>| p/SmarterDroid WiFi File Transfer/ i/device: $1/ o/Android/ cpe:/a:smarterdroid:wifi_file_transfer/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 404 Not Found\r\nDate: (.*)\r\nContent-Length: 0\r\nExpires: \1\r\nCache-Control: no-cache\r\n(?:Access-Control-Allow-Origin: \*\r\n)?Connection: close\r\n\r\n$| p/aria2 downloader JSON-RPC/ cpe:/a:tatsuhiro_tsujikawa:aria2/
# TP-LINK TD-W9980 N600
match http m|^HTTP/1\.1 404 Not Found\r\nDate: [\w: ]+ \d\d\d\d\r\nServer: tr069 http server\r\nContent-Length: 15\r\nConnection: close\r\nContent-Type: text/plain; charset=ISO-8859-1\r\n\r\nFile not found\n| p/TP-LINK TR-069 remote access/ d/broadband router/
match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nServer: DTV HMC-Lite Server\r\nConnection: close\r\nContent-Type: text/plain\r\nDate: .*\r\nContent-Length: 38\r\n\r\nInvalid http version 1\.0, requires 1\.1| p/DirecTV HMC-Lite/ d/media device/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=login\r\nX-Backside-Transport: FAIL FAIL\r\nConnection: close\r\n\r\n\n\t\t\n\{"ClaimNotificationAddRs":\{\n    "RqUID":"",\n      "TransactionResponseDt":"",\n      "MsgStatusCd":0,\n      "MsgStatusDesc":"Failure",\n      "MsgErrorCd":"401",\n      "MsgErrorDesc":"Authentication Failure"\n\}\}\n\n\t| p/IBM WebSphere Appliance Management Center web user interface/ cpe:/a:ibm:websphere_appliance_management_center/
match http m|^HTTP/1\.1 200 (?:OK)?\r\nServer: Dump1090\r\nContent-Type: text/html;charset=utf-8\r\nConnection: close\r\nContent-Length: \d+\r\nCache-Control: no-cache, must-revalidate\r\nExpires: Sat, 26 Jul 1997 05:00:00 GMT\r\n\r\n| p/Dump1090 (MalcomRobb fork) http interface/ cpe:/a:malcomrobb:dump1090/
match http m|^HTTP/1\.1 200 OK\r\nServer: Dump1090\r\nContent-Type: text/html;charset=utf-8\r\nConnection: close\r\nContent-Length: \d+\r\n| p/Dump1090 http interface/ cpe:/a:antirez:dump1090/
match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\nCONTENT-LENGTH: \d+\r\nCONTENT-TYPE: text/html\r\n\r\n\xef\xbb\xbf<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\r\n<html> \r\n<head>\r\n<title>CPPLUS DVR \xe2\x80\x93Web View</title>\r\n| p/CP Plus DVR http interface/ d/media device/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: WASABI/1\.1\r\nContent-Length: 73\r\n\r\n<html><title>401 Unauthorized</title><body>401 Unauthorized</body></html>| p/Equitrac Office EQCASService.exe/ cpe:/a:equitrac:office/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 31\r\nConnection: Close\r\n\r\nfastviewer Webconference Server| p/Fastviewer Web Conference Server/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nExpires: Sat, 01 Jan 2000 00:00:00 GMT\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3\.2 Final//EN">\r\n<HTML>\r\n<HEAD><TITLE>(ZBR\d+) - [^<]+</TITLE><meta http-equiv="Pragma" content="no-cache"><meta http-equiv="Expires" content="0"></HEAD>\r\n<BODY><CENTER>\r\n<IMG SRC="logo\.png" ALT="\[Logo\]">\r\n<H1>Zebra Technologies<BR>\r\n((?:FDX )?([^<(]+)(?: \([EZ]PL\)))?</H1>\r\n| p/Zebra $2 printer http config/ i/SN: $1/ d/printer/ cpe:/h:zebra:$3/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: Keep-Alive\r\nContent-Length: 0\r\nContent-Type: text/html\r\n\r\n$| p/Pebble Time developer connection/ cpe:/a:pebble:pebble_time/
#7.4.1
match http m|^HTTP/1\.1 403 Forbidden\r\nDate: .*\r\nServer: Gateway\r\nConnection: close\r\nX-CorrelationID: Id-[a-f0-9]{24} 0\r\nContent-Type: text/html\r\n\r\nAccess Denied| p/Axway API Gateway/ cpe:/a:axway:api_gateway/
match http m|^HTTP/1\.1 403 Forbidden\.\r\nContent-Type: application/json; charset=UTF-8\r\nDate: .*\r\nAccess-Control-Allow-Origin: \*\r\nConnection: close\r\nContent-Length: 90\r\n\r\n\{"status": \{\n  "code": 403,\n  "commandResult": 1,\n  "msg": "Forbidden\.",\n  "query": "/"\n\}\}| p/DirecTV Set-top Box HTTP Exported Functionality (SHEF)/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN" "http://www\.w3\.org/TR/html4/loose\.dtd">\r\n<html><head>\r\n<meta http-equiv="content-type"content="no-cache, text/html">\r\n<title>&micro;BlueBOLT - Menu</title>.*?<font color=#eaaf0f style=font-size:30px>\r\nBlueBOLT-CV1\r\n.*?<th align=right>Serial number:</th>\r\n<th align=left><input name=r value="([\d-]+)" disabled></th>\r\n</tr>\r\n<tr>\r\n<th align=right>IP Card Software Version:</th>\r\n<th align=left><input name=r value="V([\d.]+)" disabled>|s p/BlueBOLT-CV1 network interface card/ v/$2/ i/SN: $1/ d/power-device/ cpe:/h:panamax:bluebolt-cv1/
match http m|^X-Content-Type-Options: no-sniff\r\nCache-Control: no-cache, no-store, must-revalidate\r\nHTTP/1\.1 \d\d\d .*\r\n(?:X-Content-Type-Options: no-sniff\r\nCache-Control: no-cache, no-store, must-revalidate\r\n)?Server: gSOAP/([\d.]+)\r\nContent-Length: 0\r\nConnection: close\r\n\r\n| p/gSOAP/ v/$1/ i/HP MFP printer/ d/printer/ cpe:/a:genivia:gsoap:$1/
match http m|^HTTP/1\.1 302 Found\r\nServer: NetQCheck\r\nLocation: /myspeed/.*\r\nContent-type: text/html\r\nContent-length: \d+\r\n\r\n| p/Visualware NetQCheck httpd/ cpe:/a:visualware:netqcheck/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: Close\r\nAccess-Control-Allow-Origin: \*\r\nServer: Gigablast/1\.0\r\nDate: .*\r\nLast-Modified: .*\r\n\r\n| p/Gigablast search engine httpd/ cpe:/a:gigablast:open-source-search-engine/
match http m|^HTTP/1\.0 200 OK\r\nServer: Web Switch\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<script language=JavaScript><!--\nvar g_Lan=\d+;\nvar stitle = "([^"]+)";| p/TP-LINK $1 switch httpd/ d/switch/ cpe:/h:tp-link:$1/a
match http m|^HTTP/1\.0 200 OK\r\nServer: Web Switch\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<script language=JavaScript><!--\nvar g_Lan=1;\nvar logonInfo = new Array\(\n0,0,0 \);\nvar g_year = \d+;\n--></script>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n<HTML>\r\n\t<HEAD>\r\n\t\t<meta http-equiv=\"pragma\" content=\"no-cache\">\r\n\t\t<meta http-equiv=\"expires\" content=\"wed, 26 Feb 1997 08:21:57 GMT\">| p/TP-Link TL-SG3210 switch admin httpd/ d/switch/ cpe:/h:tp-link:tl-sg3210/
match http m|^HTTP/1\.0 200 OK\r\nServer: Web Switch\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<script language=JavaScript><!--\nvar g_ver = '\d+';\nvar g_Lan='(..)';| p/TP-LINK switch httpd/ i/lang: $1/ d/switch/
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nCache-Control: no-cache\r\nX-Runtime: \d+\r\nSet-Cookie: spiceworks_session=[^;]+; path=/; HttpOnly\r\nLocation: http://([^/]+)/portal\r\n| p/Spiceworks Help Desk/ h/$1/ cpe:/a:spiceworks:spiceworks_help_desk/
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: BASIC realm="(DPR?-\d[^)]+)"\r\n\r\nPassword Error\.| p/D-Link $1 print server httpd/ d/print server/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nExpires: Thu, 3 Oct 1968 12:00:00 GMT\r\nPragma: no-cache\r\nCache-Control: no-cache, must-revalidate\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n| p/Cisco Docsis cable modem http admin/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nSet-Cookie: SiteName64=[^;]+; Expires=Sat, 31 Dec 2050 23:59:59 GMT\r\nSet-Cookie: SiteName=([^;]+);.*\r\nSet-Cookie: SiteAddress64=.*\r\nSet-Cookie: SiteAddress=([^;]+);.*\r\nSet-Cookie: Build64=.*\r\nSet-Cookie: Build=(\d+);.*\r\nSet-Cookie: Version64=.*\r\nSet-Cookie: Version=([^;]+);.*\r\nCONTENT-LENGTH: \d+\r\n| p/aPod Access Control system master controller/ v/$SUBST(4,"%2E",".")/ i/site: $SUBST(1,"%20"," "); address: $SUBST(2,"%20"," "); build: $3/ d/security-misc/ cpe:/a:online_security_technologies:apod:$SUBST(4,"%2E",".")/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html(?:; charset=utf-8)?\r\nContent-Length: \d+\r\nCache-Control: max-age=0, no-store, no-cache\r\n\r\n<html>[\r\n]*<head>[\r\n]*<meta http-equiv="Content-Type" content="text/html; charset=utf-8">[\r\n]*<link rel="shortcut icon" href="/sws/images/fav\.ico" type="image/x-icon" />| p/Samsung SyncThru Web Service/ d/printer/ cpe:/a:samsung:syncthru_web_service/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: BBVS/([\d.]+)\r\nWWW-Authenticate: Basic realm="SecuritySpy Web Server"\r\n| p/BBVS video streaming httpd/ v/$1/ i/SecuritySpy surveillance software/ o/Mac OS X/ cpe:/a:ben_software:bbvs:$1/ cpe:/a:ben_software:securityspy/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 200 OK\r\nCACHE-CONTROL: no-cache\r\nDate: .*\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />\n<title>replace</title>| p/Huawei HG532e ADSL modem http admin/ d/broadband router/ cpe:/h:huawei:hg532e/a
match http m|^HTTP/1\.1 200 OK\r\nServer: magic iradio\r\nCache-Control: max-age=0, no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n| p/AGK WiFi Internet radio http config/ d/media device/
match http m|^HTTP/1\.1 401 Authorization Required\r\nDate: .*\r\nServer: \r\nExpires: 0\r\nSet-Cookie: SESSION=; path=/; expires=Sat, 01-Jan-1970 00:00:00 GMT;\r\nExpires: 0\r\nVary: Accept-Encoding\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n| p/Aruba wireless switch http admin/ d/switch/ o/ArubaOS/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Slinger ([\d.]+)\r\nConnection: close \r\nLast-modified: .*\r\nContent-Type: text/html\r\nExpires: 0\r\n\r\n.*<BR>\n\nZebra Technologies<BR>\nZTC (\w+)|s p/Zebra $2 printer http admin/ i/Slinger $1 httpd/ d/printer/ cpe:/h:zebra:$2/a
# Fallback match, GET actually returns something different, but every other HTTP-like probe returns this:
match http m|^HTTP/1\.0 404 Not Found\r\nServer: esp8266-httpd/([\w._-]+)\r\nContent-Type: text/plain\r\n\r\nNot Found\.\r\n| p/esphttpd/ v/$1/ cpe:/a:spritesmods:esphttpd:$1/
match http m|^HTTP/1\.0 200 Ok\r\nServer: \r\nDate: .*\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: \d+\r\nLast-Modified: Sat, 01 Jan 2000 00:00:\d\d GMT\r\nConnection: close\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1\.0 Transitional//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\n<html xmlns="http://www\.w3\.org/1999/xhtml">\n<head>\n\t<meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type"/>\n    <title>RAP Console</title>| p/Aruba RAP Console/ d/WAP/
# full hw, sw, version, wifi info at /cgi-bin/check.html
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\nExpires: Fri, 01 Jan 1990 00:00:00 GMT\r\nPragma: no-cache\r\nCache-Control: no-cache, no-store, must-revalidate\r\nLast-Modified: Mon, 30 Aug 2010 22:16:44 GMT\r\nContent-length: 1350\r\n\r\n| p/TiVo set-top box network adapter http config/ d/media device/
match http m|^HTTP/1\.1 505 Client Error\r\nServer: AV_Receiver/([\d.]+) \(([^)]+)\)\r\nContent-Length: 0\r\nConnection: close\r\n\r\n$| p/Yamaha AV receiver web ui/ v/$1/ i/model: $2/ cpe:/h:yamaha:$2/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<!DOCTYPE html><html><head><title>BroadCam - Information Setup Page</title>| p/BroadCam video streaming httpd/ o/Windows/ cpe:/a:nchsoftware:broadcam/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n.*\n<FRAME name=hrbar src="BarFoot\.html"|s p/Panasonic Network Camera http ui/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nContent-length: \d+\r\nContent-type: text/html\r\nLast-modified: .*\r\nAccept-ranges: bytes\r\nConnection: close\r\n\r\n<html>\n<head>\n<meta http-equiv="refresh"\n content="0;URL=/talisen/cgi-bin/projects\.cgi">| p/Talisen Secure Access Gateway/ cpe:/a:talisen:secure_access_gateway/
# No info on what is listed
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE html>\n<html><head>\n<script type="text/javascript">\nfunction createPageList\(\) \{\n    var xhr = new XMLHttpRequest;\n    xhr\.open\("GET", "/pagelist\.json"\);| p/LG television page list httpd/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nExpires: -1\r\n\r\n.*\n<link rel="stylesheet" type="text/css" href="login\.css">\n<title>Netgear Prosafe Plus Switch</title>|s p/Netgear ProSAFE Plus switch http admin/ d/switch/
match http m|^HTTP/1\.0 200 OK\r\nAccept-Ranges: bytes\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\nLast-Modified: .*\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang="en">\n    <head>\n        <meta charset="utf-8">\n        <title>Shipyard</title>| p/Shipyard/ cpe:/a:evan_hazlett:shipyard/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nConnection: close\r\n\r\n<!DOCTYPE html>\n<!--\nThe entry point for client\. This file is loaded just once when the client is captured\.\nIt contains socket\.io and all the communication logic\.\n-->\n<html>| p/Karma JavaScript test runner/ cpe:/a:google:karma/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nConnection: close\r\n\r\nHello world\r\n$| p/LG smart TV http service/
match http m|^HTTP/1\.1 100 Invalid request type\r\n(?:Content-Encoding: \r\n)?\r\n$| p/qBittorrent tracker httpd/ cpe:/a:qbittorrent:qbittorrent/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nAccess-Control-Allow-Origin: \*\r\nX-Powered-By: restheart\.org\r\n| p/RESTHeart API server/ cpe:/a:softinstigate:restheart/
match http m|^HTTP/1\.0 501 method 'GET' not available\r\n(?:[^\r\n]+\r\n)*?Server: pve-api-daemon/([\d.]+)\r\n|s p/Proxmox Virtual Environment REST API/ v/$1/ cpe:/a:proxmox:proxmox_virtual_environment:$1/
match http m|^HTTP/1\.1 200 OK\r\nCache-control:no-cache\r\nContent-Type:text/html\r\nTransfer-Encoding:chunked\r\nConnection:Keep-Alive\r\n\r\n.*\r\nvar ProductName = '(\w+)'|s p/Huawei $1 modem http admin/ d/broadband router/ cpe:/h:huawei:$1/
match http m|^HTTP/1\.0 200 OK\r\n\r\n\r\n<html>\r\n<head>\r\n\t<meta http-equiv="Content-Language" content="en-us" />\r\n\t<meta http-equiv="X-UA-Compatible" content="IE=edge" />\r\n\t<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />\r\n\t<title>Check Point ([\w]+) Appliance - Login</title>| p/Check Point $1 SVN foundation login/ cpe:/h:checkpoint:$1/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: snom embedded\r\nCache-Control: no-cache\r\nCache-Control: no-store\r\nContent-Type: text/html\r\nContent-Length: 181\r\n\r\n<HTML><HEAD>\r\n<TITLE>snom VoIP phone: Error</TITLE>\r\n</HEAD><BODY>\r\n<H1>File not found</H1>\r\n<P>Please ask your system administrator to check the lcs log file\.</P>\r\n</BODY></HTML>\r\n| p/Snom VoIP phone http admin/ d/VoIP phone/
match http m|^HTTP/1\.0 404 Not Found\r\nTE: chunked\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html\r\n\r\n58\r\n<html><head><title>Not Found</title></head><body><h1>404 - Not Found</h1></body></html>\n\r\n0\r\n\r\n| p/Orange Livebox http admin/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?X-Syncthing-Id: ((?:\w+-){7}\w+)\r\nX-Syncthing-Version: v([\d.]+)\r\n|s p/Syncthing/ v/$2/ i/ID: $1/ cpe:/a:syncthing:syncthing:$2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Digest realm="cpe@zte\.com", qop="auth", nonce="[a-f0-9]{32}", opaque="T3BhcXVlIHN0cmluZyBmb3IgQUNTIEF1dGhlbnRpY2F0aW9u", Algorithm="MD5"\r\n| p/ZTE Auto-Configuration Servers (ACS) http login/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\ncache-control: no-cache\r\nContent-Length: 1573\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=9A69859878EF80D2D98913D0A75EA0CD; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\npragma: no-cache\r\n.*\r\n<html>\r\n<head>\r\n<title>VMware&nbsp;Horizon View</title>\r\n|s p/VMware Horizon View/ cpe:/a:vmware:horizon_view/
match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>VMware Horizon View</title>\r\n| p/VMware Horizon View/ cpe:/a:vmware:horizon_view/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .*\r\n\r\nMissing route token in request| p/VMware Horizon View/ cpe:/a:vmware:horizon_view/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<\?xml version="1\.0" encoding="UTF-8"\?>\r\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\r\n<html xmlns="http://www\.w3\.org/1999/xhtml">\r\n<head>\r\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />\r\n<meta http-equiv="Cache-Control" content="no-cache"/>\r\n<meta name="viewport" content="width=device-width; initial-scale=1\.0; minimum-scale=1\.0; maximum-scale=2\.0"/>\r\n<meta name="MobileOptimized" content="260"/>\r\n<title>zapya download</title>| p/Zapya file transfer app/ cpe:/a:dewmobile:zapya/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset="utf-8"\r\nContent-Encoding: gzip\r\nContent-Length: 1039\r\nlast-modified: .*\r\n\r\n\x1f\x8b\x08\x08....\0\x03index\.html\0|s p/HP Storage Management Utility/ d/storage-misc/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nServer: \r\nDate: .*\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: close\r\nETag: "\w+-\w+-\w+"\r\nPragma: no-cache\r\nLocation: /php/login\.php\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nX-FRAME-OPTIONS: SAMEORIGIN\r\nSet-Cookie: PHPSESSID=\w+; path=/; HttpOnly\r\n\r\n| p/Palo Alto firewall http admin/ d/security-misc/
match http m|^HTTP/1\.1 302 \r\nContent-Type: text/html\r\nConnection: Close\r\nLOCATION: http://speedport\.ip/html/login/index\.html\r\nContent-Length: 0\r\n\r\n| p/Telekom Speedport http config/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nEtag: "[a-f\d]+\.\d+"\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\nAccept-Ranges: bytes\r\n\r\n<!doctype html>\n<html lang="en">\n    <head>\n {8}<meta charset="utf-8">\n {8}<title>Z-Way UI selection</title>| p/Z-Way home automation controller/ d/specialized/ cpe:/a:z-wave.me:z-way/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Arcadyan httpd 1\.0\r\nContent-type: text/html\r\nConnection: close\r\n\r\n| p/Arcadyan broadband router httpd/ d/broadband router/
match http m|^HTTP/1\.[01] 302 Hotspot redirect\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\nExpires: 0\r\nLocation: .*\r\n\r\n| p/MikroTik HotSpot/ o/RouterOS/ cpe:/a:mikrotik:hotspot/ cpe:/o:mikrotik:routeros/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: HDHomeRun/([\d.]+)\r\nConnection: close\r\nContent-Type: text/html; charset="utf-8"\r\n.*<div class="T TE">HDHomeRun RECORD</div>|s p/SiliconDust HDHomeRun RECORD http config/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title></title></head><frameset rows="0,\*" border=0 frameborder=no framespacing=0><frame src="space\.htm" name="space" scrolling="no" border=0><frame src="wanst\.htm" name="main" marginwidth="30" marginheight="16" scrolling="auto">| p/D-Link WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nServer: Printopia/([\w._-]+)\r\nConnection: close\r\n\r\n<html>\n<head>\n</head>| p/Printopia AirPrint service/ v/$1/ o/OS X/ cpe:/a:decisive_tactics:printopia:$1/ cpe:/o:apple:mac_os_x/a
#CIMC 1.5(4e)
match http m|^UnknownMethod 403 Forbidden\r\nDate: .*\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60, max=2000\r\nContent-Type: text/html\r\nContent-length: \d+\r\n\r\n<HTML><HEAD><TITLE>Document Error: Forbidden</TITLE></HEAD>\r\n<BODY><H2>Access Error: 403 -- Forbidden</H2>\r\n</BODY></HTML>\r\n\r\nHTTP/1\.0 400 Bad Request\r\nDate:| p/Cisco Integrated Management Controller/ cpe:/h:cisco:unified_computing_system_integrated_management_controller/
match http m|^HTTP/1\.1 302 Found\r\nLocation: https?://([^/]+)/admin\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer:  \r\n\r\n| p/Cisco Identity Services Engine/ h/$1/ cpe:/a:cisco:identity_services_engine_software/ cpe:/h:cisco:identity_services_engine:-/
match http m|^HTTP/1\.1 400 Bad request\r\nContent-Type: text/html; charset=utf8\r\nTransfer-Encoding: chunked\r\n\r\n\d+\r\n<!DOCTYPE html>\n<html>\n<head>\n    <title>\r\nb\r\nBad request\r\ncf6\r\n</title>\n    | p/Cockpit web service/ v/161 or earlier/ o/Linux/ cpe:/a:redhat:cockpit/ cpe:/o:linux:linux_kernel/a
# X-DNS-Prefetch-Control and Referrer-Policy added in 162
match http m|^HTTP/1\.1 400 Bad request\r\nContent-Type: text/html; charset=utf8\r\nTransfer-Encoding: chunked\r\nX-DNS-Prefetch-Control: off\r\nReferrer-Policy: no-referrer\r\n\r\n\d+\r\n<!DOCTYPE html>\n<html>\n<head>\n    <title>\r\nb\r\nBad request\r\ncf6\r\n</title>\n    | p/Cockpit web service/ v/162 - 188/ o/Linux/ cpe:/a:redhat:cockpit/ cpe:/o:linux:linux_kernel/a
# X-Content-Type-Options added in 189
match http m|^HTTP/1\.1 400 Bad request\r\nContent-Type: text/html; charset=utf8\r\nTransfer-Encoding: chunked\r\nX-DNS-Prefetch-Control: off\r\nReferrer-Policy: no-referrer\r\nX-Content-Type-Options: nosniff\r\n\r\n\d+\r\n<!DOCTYPE html>\n<html>\n<head>\n    <title>\r\nb\r\nBad request\r\ncf6\r\n</title>\n    | p/Cockpit web service/ v/189 or later/ o/Linux/ cpe:/a:redhat:cockpit/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 401 Not Authorized\r\nServer: WSTL CPE 1\.0\r\nMIME-version: 1\.0\r\nDate: [A-Z]{3} [A-Z]{3} \d\d \d\d:\d\d:\d\d \d\d\d\d GMT\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nWWW-Authenticate: Digest realm="Westell Secure",| p/Westell broadband router TR-069/ d/broadband router/
match http m|^HTTP/1\.1 401 Not Authorized\r\nServer: WSTL CPE 1\.0\r\nDate: .* GMT\r\nMIME-version: 1\.0\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\nWWW-Authenticate: Digest realm="Westell Secure",| p/Westell broadband router TR-069/ d/broadband router/
# Glassfish AS 4.0 (build 89)
match http m|^HTTP/1\.1 202 Accepted\r\nContent-Type: text/html;charset=UTF-8\r\nDate: .*\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\n<html xmlns="http://www\.w3\.org/1999/xhtml" xml:lang="en" lang="en">\n<head>\n<!--\n\n    DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER\.\n\n    Copyright \(c\) [12]\d\d\d Oracle and/or its affiliates\.| p/Oracle Glassfish Application Server/ cpe:/a:oracle:glassfish_application_server/
match http m|^HTTP/1\.0 302 Found\r\nLocation: .*?/user/login\r\nSet-Cookie: lang=(..)-(..); Path=/[^;]*; Max-Age=2147483647\r\nSet-Cookie: i_like_gogits=[a-f\d]{16}; Path=/[^;]*; HttpOnly\r\n| p/Gogs git httpd/ i/lang: $1-$2/ cpe:/a:gogs:gogs::::$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\nSet-Cookie: lang=(..)-(..); Path=/[^;]*; Max-Age=2147483647\r\nSet-Cookie: i_like_gogits=[a-f\d]{16}; Path=/[^;]*; HttpOnly\r\n| p/Gogs git httpd/ i/lang: $1-$2/ cpe:/a:gogs:gogs::::$1/
match http m|^HTTP/1\.0 302 Found\r\nLocation: .*?/login\r\nSet-Cookie: grafana_sess=[a-f\d]{16}; Path=/; HttpOnly\r\n| p/Grafana/ cpe:/a:xn--torkel_degaard-1pb:grafana/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!---CAS:0003--><HTML><HEAD>\n<SCRIPT LANGUAGE=JAVASCRIPT><!--\nvar a=window\.open\("/menu\.htm", "Login", "width=505,height=250,screenX=200,screenY=300,resizable=1,scrollbars=0,dependent=1"\);\na\.focus\(\);\n//--></SCRIPT>\n</HEAD>\n\nPlease Login First\.\n\n</HTML>| p/D-Link DI-524 WAP http config/ d/WAP/ cpe:/h:dlink:di-524/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: HTTPD\r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm="USER LOGIN"\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR="#cc9999"><H4>401 Unauthorized</H4>\nAuthorization required\.\n</BODY></HTML>\n| p/LimitlessLED smart lightbulb bridge httpd/ d/specialized/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<HTML>\n<HEAD>\n<script type="text/javascript" src="/WebLanguage\.js"></script>\n<script>\nd=document;\nd\.write\("<title>"\+Login0104\+"</title>"\);\n</script>\n<link rel="icon" href="/dlink\.ico" type="image/x-icon" />| p/D-Link DES-1100 switch http config/ d/switch/ cpe:/h:dlink:des-1100/a
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: BASIC realm="Admin"\r\n\r\nPassword Error\.| p/D-Link DP-301P+ print server httpd/ d/print server/ cpe:/h:d-link:dp-301p/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: -1\r\n\r\n<SCRIPT language="javascript">\r\nvar logonInfo = new Array\(\r\n\t\d,/\*\xb4\xed\xce\xf3\xc0\xe0\xd0\xcd, 0:\xce\xde\xb4\xed\xce\xf3;1:\xd3\xc3\xbb\xa7\xc3\xfb\xbb\xf2\xd5\xdf\xc3\xdc\xc2\xeb\xb4\xed\xce\xf3;2:\xb8\xc3\xd3\xc3\xbb\xa7\xb2\xbb\xd4\xca\xd0\xed\xb5\xc7\xc2\xbc;3:\xb8\xc3\xd3\xc3\xbb\xa7\xb5\xc7\xc2\xbc\xca\xfd\xd2\xd1\xc2\xfa\.;4\xb5\xc7\xc2\xbc\xd3\xc3\xbb\xa7\xca\xfd\xd2\xd1\xc2\xfa\xa3\xac\xd7\xee\xb6\xe0\xd6\xbb\xc4\xdc\xd4\xca\xd0\xed16\xb8\xf6\xd3\xc3\xbb\xa7\xcd\xac\xca\xb1\xb5\xc7\xc2\xbc;5\xd3\xc3\xbb\xa7\xbb\xe1\xbb\xb0\xb3\xac\xca\xb1\*/\r\n\t0,0\);| p/TP-LINK Easy Smart switch admin httpd/ d/switch/
# http://blog.sec-consult.com/2015/05/kcodes-netusb-how-small-taiwanese.html
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nConnection: Close\r\n\r\n(?:<!-T0004->\r\n)?<HTML>\r\n<HEAD>\r\n<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="TEXT/HTML">\r\n<TITLE></TITLE>\r\n</HEAD>\r\n<BODY BGCOLOR=#FFFFFF>\r\n<SCRIPT LANGUAGE=JavaScript>\r\n\tdocument\.location\.href="system30\.htm";\r\n</script>\r\n</BODY>\r\n</HTML>| p/KCodes NetUSB http interface/ cpe:/o:kcodes:netusb/
match http m|^HTTP/1\.0 302 Found\r\nLocation: https:///\r\nContent-Type: text/html\r\nContent-Length: 136\r\n\r\n<html><head><title>Redirect</title></head><body><h1>Redirect</h1><p>You should go to <a href="https:///">https:///</a></p></body></html>| p/Aruba AirWave httpd/ cpe:/a:arubanetworks:airwave/
match http m|^HTTP/1\.1 401 Authorization Required\r\nWWW-Authenticate: Basic realm="FHEM: login required"\r\nContent-Length: 0\r\n\r\n| p/FHEM home automation httpd/ cpe:/a:rudolf_koenig:fhem/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nLast-Modified: .* GMT\r\nContent-Type: text/html\r\nCache-Control: private, max-age=0, no-cache\r\nAccept-Ranges: bytes\r\nDate: .* GMT\r\n\r\n<!DOCTYPE html>\n<html ng-app="app" ng-csp  ng-controller="AppCtrl">\n  <head>\n    <title>Arch</title>| p/Arch webinterface to Kodi/ cpe:/a:abricot:arch/
match http m|^HTTP/1\.0 [45]\d\d .*\r\nDate: .* GMT\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html>\n<html>\n<head><meta charset="utf-8"><style>body\{margin-top:14%;text-align:center;background-color:#F8F8F8;font-family:sans-serif;\}h1\{font-size:xx-large;\}p\{font-size:x-large;\}p\+p \{ font-size: large; font-family: courier \}</style>\n</head>\n<body><h1>[45]\d\d [^<]*</h1>| p/Prosody XMPP BOSH httpd/ cpe:/a:prosody:prosody/
match http m|^HTTP/1\.1 302 FOUND\r\nLocation:/public/login\.html\r\nContent-Length: 0\r\n\r\n| p/Triax TSS 400 SATIP server httpd/ d/media device/ cpe:/h:triax:tss_400/
# seen on webcam, wifi range extender, etc.
match http m|^HTTP/1\.1 200 OK\r\nServer: TP-LINK HTTPD/1\.0\r\nConnection: close\r\n| p/TP-LINK embedded httpd/
match http m|^HTTP/1\.1 200 OK\r\ncache-control: no-cache\r\ncontent-length: \d+\r\ncontent-type: text/html\r\ndate: (.* GMT)\r\nlast-modified: \1\r\n\r\n| p/EHS embedded httpd/ v/1.4.5 or earlier/ cpe:/a:fritz_elfert:ehs/
match http m%^HTTP/1\.0 200 OK\r\nCache-Control: must-revalidate\r\n(?:Set-Cookie: [a-f0-9]{8}/accept-language=; path=/\r\n)?ETAG: [a-f0-9]{8}\r\n(?:Cache-Control: must-revalidate\r\n)?Content-Type: text/html; charset=utf-8\r\nContent-Length: \d+\r\n\r\n\n\n\n\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Transitional//EN"\n        "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\n<html xmlns="http://www\.w3\.org/1999/xhtml" dir="ltr" lang="en">\n<head>\n<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>\n<meta name="viewport" content="width=1085"/>\n<meta http-equiv="X-UA-Compatible" content="IE=edge"/>\n<title>[^<]*</title>\n<script type="text/javascript">\n\tappUrl = '';\n\tappConfig = '(\w\w)';\n\tappUid = (?:'[a-f0-9]*'|getEtag\(\));\n\tconfig = \{\n\t\tBUILD_CUSTOMER: '[^']+',\n\t\tBUILD_PROJECT: '[^']+',\n\t\tBUILD_HARDWARE: 'sagem_([\w_]+)',% p/Orange Livebox config httpd/ i/language: $1; model: Sagem $2/ d/broadband router/ cpe:/h:sagem:$2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm="Ascotel domain"\r\n| p/Aastra Ascotel PBX httpd/ d/PBX/
match http m|^HTTP/1\.0 401 \[B2BSERV\.0084\.9004\] Access Denied\r\nSet-Cookie: ssnid=[^;]+; path=/; HttpOnly\r\nContent-Type: text/html; charset=utf-8\r\nWWW-Authenticate: Basic realm="sapbc"\r\n| p/SAP Business Connector/ cpe:/a:sap:business_connector/
match http m|^HTTP/1\.1 200 OK\r\nCACHE-CONTROL: no-cache\r\nDate: .* GMT\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<META http-equiv="Content-Type" content="text/html; charset=UTF-8">\r\n<META http-equiv="Pragma" content="no-cache">\n<META http-equiv="expires" CONTENT="-1">\n<link rel="icon" type="image/icon" href="/favicon\.ico"/>\n<title>Login</title>\n| p/Huawei HG532e ADSL router httpd/ d/broadband router/ cpe:/h:huawei:hg532e/a
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Type: application/x-gzip\r\nLocation: https://idrac(?::\d+)?/start\.html\r\nDate: .* GMT\r\nETag: \w{3} \w{3} \d\d \d\d:\d\d:\d\d \d\d\d\d ([-A-Z]+)\r\n| p/Dell iDRAC 8 admin httpd/ i/time zone: $1/ cpe:/o:dell:idrac8_firmware/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nServer: siyou server\r\nTransfer-Encoding: chunked\r\n\r\n[a-f\d]+\r\n| p/D-LINK siyou httpd/ d/broadband router/
match http m|^HTTP/1\.1 404 ERROR\r\nConnection: close\r\nContent-Length: 9\r\n\r\nNot Found$| p/Spotify spotilocal http API/
match http m|^HTTP/1\.1 404 ERROR\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Length: 15\r\nContent-Type: text/plain; charset=utf-8\r\n\r\nmissing method\n$| p/Spotify spotilocal http API/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nServer: httpserver\r\nData: (.* GMT)\r\nLast Modified: \1\r\n\r\n| p/Zmodo webcam http interface/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nServer: CNIX HTTP Server 1\.0\r\nContent-Type: text/html\r\nPragma:no-cache\r\nExpires:-1\r\nCache-Control:no-cache;no-store;must-revalidate\r\nTransfer-Encoding: chunked\r\n\r\n| p/Siemens LOGO! 8 PLC httpd/ d/specialized/ cpe:/h:siemens:logo8/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nExpires: -1\r\n\r\n<html>\n<head>\n<title>Redirect to Login</title>\n<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">\n<link rel="stylesheet" type="text/css" href="/style\.css">\n| p/Netgear ProSafe Gigabit Web Managed (Plus) switch httpd/ d/switch/
match http m|^HTTP/1\.0 200 The request has succeeded\r\nContent-Type: text/html\r\nExpires: Sun, 03 Jan 2100 12:00:00 GMT\r\n\r\n $| p/Bosch Logamatic Gateway web KM200 httpd/ d/specialized/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nExpires: .* GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<html><head><title>Velkommen til 963</title>| p/Trend 963 Supervisor building control system/ i/Danish/ d/specialized/ cpe:/a:trend_control_systems:963_supervisor::::da/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nExpires: .* GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<html><head><title>SUPERVISEUR 963</title>| p/Trend 963 Supervisor building control system/ i/French/ d/specialized/ cpe:/a:trend_control_systems:963_supervisor::::fr/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nExpires: .* GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<html><head><title>963 Valvomo</title>| p/Trend 963 Supervisor building control system/ i/Finnish/ d/specialized/ cpe:/a:trend_control_systems:963_supervisor::::fi/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nExpires: .* GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<html><head><title>Witamy w Programie 963</title>| p/Trend 963 Supervisor building control system/ i/Polish/ d/specialized/ cpe:/a:trend_control_systems:963_supervisor::::pl/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nExpires: .* GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<html><head><title>Benvenuti al 963</title>| p/Trend 963 Supervisor building control system/ i/Portuguese/ d/specialized/ cpe:/a:trend_control_systems:963_supervisor::::pt/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nExpires: .* GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<html><head><title>Bienvenido al 963</title>| p/Trend 963 Supervisor building control system/ i/Spanish/ d/specialized/ cpe:/a:trend_control_systems:963_supervisor::::es/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nExpires: .* GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<html><head><title>V\xc3\xa4lkommen till 963</title>| p/Trend 963 Supervisor building control system/ i/Swedish/ d/specialized/ cpe:/a:trend_control_systems:963_supervisor::::sv/
match http m|^HTTP/1\.0 200 OK\r\nDate: [\w ,]+ GMT\r\nExpires: [\w ,]+ GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<html><head><title>.*\r\n<meta content="Trend Control Systems 963" name="GENERATOR" />| p/Trend 963 Supervisor building control system/ d/specialized/ cpe:/a:trend_control_systems:963_supervisor/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .* GMT\r\nConnection: close\r\n\r\n<!DOCTYPE html><html>    <head>        <meta charset="utf-8" />        <title>Node\.js</title>    </head>    <body>       <h1>Welcome to Node\.js</h1>    </body></html>| p/Node.js/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.0 400 BadRequest\r\nContent-Length: 0\r\nServer: lwIP/(\d[\d.]+)\r\n\n$| p/ESP-12 ESP8266 dev board httpd/ i/lwIP $1/ cpe:/a:lwip_project:lwip:$1/
match http m|^HTTP/1\.1 404 Not Found\r\ncontent-type: text/html\r\ncontent-length: \d+\r\nserver: PhpStorm ([\d.]+)\r\n| p/PhpStorm IDE httpd/ v/$1/ cpe:/a:jetbrains:phpstorm:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: \r\nContent-Type: text/html; charset=iso-8859-1\r\nDate: .* GMT\r\nLast-Modified: .* GMT\r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n<\?xml version="1\.0" encoding="UTF-8"\?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Transitional//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\n\n<html xmlns="http://www\.w3\.org/1999/xhtml">\n<!-- __DVLAPP__ -->| p/Devolo dLAN 500 WiFi powerline adapter/ d/WAP/ cpe:/h:devolo:dlan_500/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .* GMT\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<\?xml version="1\.0" encoding="UTF-8"\?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Transitional//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\n\n<html xmlns="http://www\.w3\.org/1999/xhtml">\n<!-- __DVLAPP__ -->| p/Devolo dLAN WiFi powerline adapter/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\ncontent-type: text/html\r\nexpires: [\w, :]+ GMT\r\n\r\n<!DOCTYPE html>\n<html>\n    <head>\n        <meta charset="utf-8">\n        <title>RethinkDB Administration Console</title>\n.*\.css\?v=([\d.]+)"|s p/RethinkDB Administration Console httpd/ v/$1/ cpe:/a:rethinkdb:rethinkdb:$1/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nDate: .* GMT\r\nConnection: close\r\nServer: server\r\n\r\n$| p/Cisco Identity Services Engine admin httpd/ cpe:/a:cisco:identity_services_engine_software/ cpe:/h:cisco:identity_services_engine/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nAccept-Ranges: bytes\r\nCache-Control: no-cache\r\n\r\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\r\n<html>\r\n<head>\r\n  <meta http-equiv="content-type" content="text/html; charset=UTF-8" />\r\n  <style type="text/css">\r\n  body, th \{ font-family:tahoma, verdana, arial, helvetica, sans; font-weight:normal; font-size:9pt; \}\r\nbody \{ margin:0; background-color:#DDF; padding:10px; \}\r\np \{ margin:0 \}\r\na \{ text-decoration:none;  background-color:Transparent; color:#05F; \}\r\n| p/HttpFileServer httpd/ cpe:/a:massimo_melina:httpfileserver/
# This is the TP-LINK model, but may match the Asus one, too.
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .* GMT\r\n\r\n<html lang="en"> <head> <meta charset="utf-8"/> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <meta name="viewport" content="width=device-width, initial-scale=1"/> <title>OnHub</title>| p/Google OnHub WAP/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nDate: .* GMT\r\nLast-Modified: .* GMT\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nCache-Control: no-cache\r\n\r\n<!doctype html>\n<html lang="en" xmlns:ng="http://angularjs\.org" id="ng-app" ng-app="vzui">\n  <head>\n    <meta charset="utf-8">\n    <meta http-equiv="cache-control" content="no-cache"/>\n    <meta http-equiv="cache-control" content="max-age=0" />\n    <meta http-equiv="pragma" content="no-cache"/>\n    <meta http-equiv="expires" content="0"/>\n    <title>Verizon Router</title>\n    <link rel="stylesheet" href="css/app\.css\?v=v([\d.]+)"/>| p/Verizon router http UI/ v/$1/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\nContent-Type: text/html;charset=windows-1252\nContent-Length: \d+\n\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN" "http://www\.w3\.org/TR/html4/loose\.dtd">\r\n<html>\r\n<head>\r\n<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">\r\n<title>TRENDnet MFP Server</title>| p/TRENDnet MFP print server http config/ d/print server/
match http m|^HTTP/1\.1 200 OK\r\nContent-Language: en-US\r\nContent-Length: \d+\r\nSet-Cookie: JSESSIONID=[A-F\d]{32}; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\n(?:Strict-Transport-Security: max-age=31536000\r\n)?\r\n\r\r\n\r\r\n<!DOCTYPE html>\r\r\n<html lang="en">\r\r\n<head>\r\r\n   <meta charset="utf-8">\r\r\n   <meta http-equiv="X-UA-Compatible" content="IE=edge">\r\r\n   <title>VMware Horizon View</title>| p/VMware Horizon View/ cpe:/a:vmware:horizon_view/
match http m|^HTTP/1\.1 200 OK\r\nContent-Language: en-US\r\nContent-Length: \d+\r\nX-FRAME-OPTIONS: SAMEORIGIN\r\nSet-Cookie: JSESSIONID=[A-F\d]{32}; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\nStrict-Transport-Security: max-age=31536000\r\n\r\n\r\n\r\n<!DOCTYPE html>\r\n<html lang="en">\r\n<head>\r\n   <meta charset="utf-8">\r\n   <meta http-equiv="X-UA-Compatible" content="IE=edge">\r\n   <title>VMware Horizon</title>| p/VMware Horizon/ cpe:/a:vmware:horizon/
match http m|^HTTP/1\.1 200 200\r\nSet-Cookie: JSESSIONID=[A-F\d]{32};path=/;Secure;HttpOnly\r\nContent-Length: \d+\r\nContent-Language: en-US\r\nContent-Type: text/html;charset=UTF-8\r\n#status#: HTTP/1\.1 200 OK\r\nStrict-Transport-Security: max-age=31536000\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: deny\r\nX-XSS-Protection: 1; mode=block\r\n\r\n\r\n\r\n\r\n<!DOCTYPE html>\r\n<html lang="en">\r\n<head>\r\n   <meta charset="utf-8">\r\n   <meta http-equiv="X-UA-Compatible" content="IE=edge">\r\n   <title>VMware Horizon</title>| p/VMware Horizon/ cpe:/a:vmware:horizon/
match http m|^HTTP/1\.1 307 Temporary Redirect\r\nLocation: https://([^:]+):443/\r\nDate: .*\r\nContent-Length: 1994\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>VMware Horizon</title>| p/VMWare Horizon/ h/$1/ cpe:/a:vmware:horizon/
match http m|^HTTP/1\.1 307 Temporary Redirect\r\nLocation: https://[^/]+/\r\nDate: .*\r\nContent-Length: 1994\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>VMware Horizon</title>| p/VMWare Horizon/ cpe:/a:vmware:horizon/
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nConnection: Keep-Alive\r\nContent-type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN">\r\n<html>\r\n<head>\r\n<meta http-equiv="Content-Type" content="text/html; charset=big5">\r\n<meta http-equiv="refresh" content="0;URL=\./bscsetting\.htm">| p/Ambient Weather ObserverIP http config/ d/specialized/ cpe:/h:ambient_weather:observerip/
# Hikvision, truVision, Hills/DAS etc.
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nServer: DNVRS-Webs\r\nETag: "[a-f\d-]+"\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nConnection: close\r\nLast-Modified: .* GMT\r\n\r\n| p/Hikvision Network Video Recorder http admin/ d/webcam/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: DVRDVS-Webs\r\n| p/Hikvision DVR web UI/ d/media device/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .* GMT\r\nServer: DVRDVS-Webs\r\n| p/Hikvision DVR web UI/ d/media device/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: Webs\r\nDate: [\w\d: ]{24}\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://[^/]*/index\.asp\r\n\r\n| p/Hikvision DVR web UI/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-store\r\nContent-Type: text/html\r\nContent-length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01//EN" "http://www\.w3\.org/TR/html4/strict\.dtd"><html id=htmlID><head><title>[^<]+</title><style type="text/css">\*\{padding:0;margin:0\}html,body\{background:url\("dark_carbon\.png"\) repeat;| p/ControlByWeb X-310 controller web interface/ cpe:/h:controlbyweb:x-310/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nETag: "-?\d+"\r\nLast-Modified: .* GMT\r\nContent-Length: \d+\r\nConnection: close\r\nDate: .* GMT\r\nServer: none\r\n\r\n<!-- saved from url=\(0014\)about:internet -->\n<html lang="en">\n\n<!-- \nSmart developers always View Source\. \n\nThis application was built using Adobe Flex, an open source framework\nfor building rich Internet applications that get delivered via the\nFlash Player or to desktops via Adobe AIR\. \n\nLearn more about Flex at http://flex\.org \n// -->\n\n<head>\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />\n\n<!--  BEGIN Browser History required section -->\n<link rel="stylesheet" type="text/css" href="history/history\.css" />\n<!--  END Browser History required section -->\n\n<title>Fireware XTM WebUI</title>| p/WatchGuard Fireware XTM web UI/ i/CometCatchr Flash Comet client/ cpe:/a:progrium:cometcatchr/ cpe:/a:watchguard:fireware_xtm/
match http m|^HTTP/1\.1 401 Unauthorized\r\nAccess-Control-Allow-Origin: \*\r\nWWW-Authenticate: Basic realm="Protected"\r\nConnection: close\r\n\r\n401 Unauthorized: Password required\r\n$| p/ANEL-Elektronik NET-PwrCtrl HUT httpd/ d/power-misc/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm="(WPN\d[\dv]+)"\r\nContent-type: text/html\r\n\r\n<html>\r\n<head><title>401 Unauthorized</title></head>\r\n<body><h1>401 Unauthorized</h1>\r\n<p>Access to this resource is denied; your client has not supplied the correct authentication\.</p></body>\r\n</html>\r\n| p/Netgear WAP http admin/ i/model $1/ d/WAP/ cpe:/h:netgear:$1/
match http m|^HTTP/1\.0 200 OK\r\nAccept-Ranges: bytes\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\nLast-Modified: .* GMT\r\nDate: .* GMT\r\n\r\n<!doctype html>\n<html lang="en">\n<head>\n    <meta charset="utf-8">\n    <meta http-equiv="X-UA-Compatible" content="IE=edge">\n    <meta name="viewport" content="width=device-width, initial-scale=1">\n    <meta name="description" content="">\n    <meta name="author" content="">\n\n    <title>InfluxDB - Admin Interface</title>| p/InfluxDB http admin/ cpe:/a:influxdata:influxdb/
match http m|^HTTP/1\.0 200 OK \r\nexpires: Friday, 25-Jul-97 00:00:00 GMT\r\nContent-type: text/xml\r\n\r\n<\?xml version="1\.0" encoding="utf-8"\?>\n<\?xml-stylesheet type="text/xsl" href="admin\.xsl"\?>\n<info product="[iI]nnovaphone ([^"]+)" manufacturer-url="http://www\.innovaphone\.com" name="([^"]+)"| p/Innovaphone VoIP phone or gateway/ i/model: $1; name: $2/
match http m|^HTTP/1\.0 200 OK \r\nexpires: Friday, 25-Jul-97 00:00:00 GMT\r\nContent-type: text/xml\r\n\r\n<\?xml version="1\.0" encoding="utf-8"\?>\n<\?xml-stylesheet type="text/xsl" href="admin\.xsl"\?>\n<info product="[iI]nnovaphone ([^"]+)"| p/Innovaphone VoIP phone or gateway/ i/model: $1/
match http m|^HTTP/1\.0 200 OK \r\nexpires: Friday, 25-Jul-97 00:00:00 GMT\r\nContent-type: text/xml\r\n\r\n<\?xml version="1\.0" encoding="utf-8"\?>\n<\?xml-stylesheet type="text/xsl" href="admin\.xsl"\?>\n<info product="[aA]scom ([^"]+)"| p/Ascom VoIP phone or gateway/ i/model: $1/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nConnection: close\r\nLocation: http://[\w.:-]+/console/index\.html\r\nContent-Length: 0\r\nDate: Mon, 18 Apr 2016 11:08:30 GMT\r\n\r\n| p/JBoss WildFly web console/ cpe:/a:redhat:jboss_wildfly_application_server/
# version 1.2
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: application/json\r\nDate: Mon, 28 Mar 2016 15:58:03 GMT\r\nContent-Length: 365\r\n\r\n\{\n  "paths": \[\n    "/api",\n    "/api/v1",\n    "/apis",\n    "/apis/autoscaling",\n    "/apis/autoscaling/v1",\n    "/apis/batch",\n    "/apis/batch/v1",\n    "/apis/extensions",\n    "/apis/extensions/v1beta1",\n    "/healthz",\n    "/healthz/ping",\n    "/logs/",\n    "/metrics",\n    "/resetMetrics",\n    "/swagger-ui/",\n    "/swaggerapi/",\n    "/ui/",\n    "/version"\n  \]\n\}| p/Kubernetes jsonapi/ cpe:/a:cloud_native_computing_foundation:kubernetes/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nDate: .* GMT\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE html>\n<html lang="en" ng-app="mesos">\n  <head>\n    <meta charset="utf-8">\n    <title>Mesos</title>\n| p/Apache Mesos/ cpe:/a:apache:mesos/
match http m|^HTTP/1\.1 200 OK\r\nDate: .* GMT\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE html>\n<html lang="en" ng-app="mesos">\n  <head>\n    <meta charset="utf-8">\n    <title>Mesos</title>\n| p/Apache Mesos/ cpe:/a:apache:mesos/
match http m|^\0\x18HTTP/1\.0 404 Not Found\r\n\0\x18Cache-Control:no-cache\r\n\0\x18Content-Type:text/html\r\n\0\x12Connection:close\r\n\0\x14Content-Length:108\r\n\0\x04\r\n\r\n<html>\n<head>\n<title>Error: 404</title>\n<body>\nGot the error: <b>Not Found</b><br><br>\nError\n</body>\n</html>| p/Oce Print Exec Workgroup/ cpe:/a:oce:print_exec_workgroup/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nServer: PHttp/([\d.]+) Win32NT\r\nX-AspNetMvc-Version: ([\d.]+)\r\nX-AspNet-Version: ([\d.]+)\r\nContent-Length: \d+\r\nCache-Control: private\r\nContent-Type: text/html; charset=utf-8\r\nSet-Cookie: WorkplaceToken=[a-f\d]{8}-[a-f\d]{4}-[a-f\d]{4}-[a-f\d]{4}-[a-f\d]{12}; path=/; expires=.* GMT\r\nConnection: close\r\n\r\n| p/Termika OlimpOKS PHttpd/ v/$1/ i/ASP.NET $3; MVC $2/ o/Windows/ cpe:/a:microsoft:asp.net:$3/ cpe:/a:termika:olimpoks/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nServer: PHttp/([\d.]+) Unix\r\nX-AspNetMvc-Version: ([\d.]+)\r\nX-AspNet-Version: ([\d.]+)\r\nContent-Length: \d+\r\nCache-Control: private\r\nContent-Type: text/html; charset=utf-8\r\nSet-Cookie: WorkplaceToken=[a-f\d]{8}-[a-f\d]{4}-[a-f\d]{4}-[a-f\d]{4}-[a-f\d]{12}; path=/; expires=.* GMT\r\nConnection: close\r\n\r\n| p/Termika OlimpOKS PHttpd/ v/$1/ i/ASP.NET $3; MVC $2/ o/Unix/ cpe:/a:microsoft:asp.net:$3/ cpe:/a:termika:olimpoks/
match http m|^HTTP/1\.0 403 Forbidden\r\nDate: .* GMT\r\n(?:X-Frame-Options: SAMEORIGIN\r\n)?Content-Type: text/html; charset=UTF-8\r\nServer: OpenVPN-AS\r\nSet-Cookie: openvpn_sess_[a-f\d]{32}=[a-f\d]{32};| p/OpenVPN Access Server/ cpe:/a:openvpn:openvpn_access_server/
match http m|^HTTP/1\.1 200 OK\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: \*\r\nX-Rocket-Chat-Version: ([\d.]+)\r\n.*__meteor_runtime_config__ = JSON\.parse\(decodeURIComponent\("%7B%22meteorRelease%22%3A%22METEOR%40([\d.]+)%22%2C%22PUBLIC_SETTINGS%22%3A%7B%7D%2C%22ROOT_URL%22%3A%22https?%3A%2F%2F([^%]+)%|s p/Rocket.Chat/ v/$1/ i/Meteor $2/ h/$3/ cpe:/a:meteor:meteor:$2/ cpe:/a:rocketchat:rocket.chat:$1/
match http m|^HTTP/1\.1 200 OK\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ndate: .*<title>Coral Rapid Application Development Framework - Corrad</title>.*__meteor_runtime_config__ = JSON\.parse\(decodeURIComponent\("%7B%22meteorRelease%22%3A%22METEOR%40([\d.]+)%22|s p/Corrad Development httpd/ i/Meteor $1/ cpe:/a:encoral:corrad/ cpe:/a:meteor:meteor:$1/
match http m|^HTTP/1\.1 302 Found\r\nConnection: Keep-Alive\r\nServer: \r\nContent-Type: text/html\r\nContent-Length: 680\r\n\r\n\xef\xbb\xbf<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN" "http://www\.w3\.org/TR/html4/loose\.dtd">\r\n<!-- this page must have 520 bytes or more, ie is a wonderfull program -->| p/Gigaset DECT phone/ d/phone/
# Maybe distinguish language?
match http m%^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nConnection: Close\r\nServer: ([\d.]+)\r\nContent-Type: text/html; charset=utf-8\r\nETag: W/"[a-f\d]{32}"\r\nTransfer-Encoding: chunked\r\nContent-Length: \d+\r\n\r\n\d+\r\n<!DOCTYPE html> <html lang="en" ng-app="server" ng-strict-di ng-controller="ServerController"> <head> <script type="text/javascript">window\.lang = "en";</script> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="chrome=1, IE=edge"> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="description" content="Repetier-Server (Free|Pro) for 3d printer">% p/Repetier Server $2 3d printer controller/ v/$1/ cpe:/a:hot-world:repetier_server:$1::$2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/plain; charset=utf-8\r\nWww-Authenticate: Basic realm="Authorization Required"\r\nX-Content-Type-Options: nosniff\r\nDate: .* GMT\r\nContent-Length: 15\r\n\r\nNot Authorized\n$| p/Syncthing WebUI/ cpe:/a:syncthing:syncthing/
match http m|^HTTP/1\.1 403 Forbidden\r\nConnection: close\r\nContent-Length: 202\r\n\r\n<\?xml version='1\.0' encoding='UTF-8' \?><teamdrive><httpstatus>403 Forbidden</httpstatus><status>0</status><exception><errorcode>-25012</errorcode><message>Invalid URL: </message></exception></teamdrive>| p/TeamDrive/ cpe:/a:teamdrive:teamdrive/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm="FAST Wireless N Router (FW\d+R)"\r\nContent-Type: text/html\r\n\r\n| p/Fastcom $1 WAP http admin/ d/WAP/ cpe:/h:fastcom:$1/
# port 49152. also Neato Botvac D3 Connected; want more specific matches.
#match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .* GMT\r\n\r\n$| p/Linksys E8350 WAP or TP-LINK router/ cpe:/h:linksys:e8350/a
match http m|^HTTP/1\.0 404 not found\r\nDate: .* GMT\r\nConnection: close\r\nX-UA-Compatible: IE=edge\r\nX-Frame-Options: SAMEORIGIN\r\nCache-control: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 19\r\n\r\n<h1>Not Found</h1>\n| p/Fossil SCM httpd/ cpe:/a:d_richard_hipp:fossil/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html> <head> <title>D-Link VoIP Router</title> <meta http-equiv="Content-Type" content="text/html" >| p/D-Link VoIP Router http admin/ d/VoIP adapter/
match http m|^HTTP/1\.1 200 OK\r\ncontent-type: text/html; charset=utf-8\r\nconnection: close\r\ncache-control: no-cache, must-revalidate\r\ncontent-length: \d+\r\n\r\n<!DOCTYPE html>\n<html>\n<head>\n<title>Tomcat - YourKit Java Profiler ([\d.]+) build (\d+)</title>| p/YourKit Java Profiler/ v/$1 build $2/ cpe:/a:yourkit:java_profiler:$1:$2/
match http m|^HTTP/1\.0 200 OK\r\nContent-length: \d+\r\nContent-type: text/html\r\nCache-Control:no-cache\r\nPragma:no-cache\r\n\r\n<html><head>\r\n<META name="description" content="(WN\w+)">\n| p/Netgear $1 WAP http admin/ d/WAP/ cpe:/h:netgear:$1/a
match http m|^HTTP/1\.1 307 Temporary Redirect\r\nLocation:/login/login\.html\r\nSet-Cookie:bmc\.webapp\.src=/;Path=/;Secure;\r\nDate:\S.*\r\nServer:BMC Client Management (\d[\w.]+)\r\nConnection:Close\r\nContent-Length:0\r\n\r\n| p/BMC Client Management/ v/$1/ cpe:/a:bmc:client_management:$1/
match http m|^HTTP/1\.0 500 Internal Server Error\r\nContent-Length: 0\r\nConnection: close\r\nDate: .*\r\nServer: Sky\r\n\r\n| p/BSkyB router http admin/ d/broadband router/
# The "1.1" is meaningless: this was for version 4.0
match http m|^HTTP/1\.1 [45]01 .*\r\nServer: BlueIris-HTTP/1\.1\r\nDate: .*\r\nP3P:| p/Blue Iris camera webserver/ d/webcam/
match http m|^HTTP/1\.0 302 Found\r\naccess-control-allow-credentials: .*\r\nserver: dglux_server/(\d+)\r\n\r\n|s p/DGLux5/ v/$1/ cpe:/a:dglogik:dglux5:$1/
match http m|^HTTP/1\.1 200 Ok\r\nDate: .*\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Frameset//EN" "http://www\.w3\.org/TR/html4/frameset\.dtd">\n<html>\n\t<head>\n\t\t<TITLE>Web Application Manager</TITLE>\n\t\t<meta http-equiv="Content-Type" content="text/html; charset=gb2312">\n| p/NightOwl DVR http viewer/ d/webcam/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: 14\r\n\nPath Not Found| p/8x8 Virtual Office Desktop/
match http m|^HTTP/1\.0 \d\d\d .*\r\n(?:Location: .*)?\r\nDate: .*\r\nServer: Ericom Access Server x64\r\n| p/Ericom Access Server/ i/arch: x64/ cpe:/a:ericom:access_server/
match http m|^HTTP/1\.0 \d\d\d .*\r\n(?:Location: .*)?\r\nDate: .*\r\nServer: Ericom Access Server\r\n| p/Ericom Access Server/ cpe:/a:ericom:access_server/
# 3.2.5.5 and 4.1.3
match http m|^HTTP/1\.1 404 Not Found\r\nServer: ES Name Response Server\r\nContent-Type: text/html\r\nContent-Length: 9\r\nConnection: close\r\n\r\nNot found| p/ES File Explorer Name Response httpd/ d/phone/ cpe:/a:estrongs:es_file_explorer/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 85\r\nContent-Type: text/html\r\n\r\n<html><head><title>Not Found</title></head><body><h1>404 Not Found</h1></body></html>| p/Proficy License Server/ cpe:/a:ge:intelligent_platforms_proficy_license_server/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: xxxxxxxx-xxxxx\r\nLast-Modified: .*\r\nETag: "[a-f0-9-]{16}"\r\nAccept-Ranges: bytes\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n<html><script type="text/javascript">\nif \(window!=top\) top\.location=window\.location;top\.location="/remote/login";\n</script></html>\n| p/Fortinet Fortiguard 900D SSL VPN/ d/firewall/ cpe:/h:fortinet:fortiguard_900d/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: xxxxxxxx-xxxxx\r\n| p/Fortinet security device httpd/ d/security-misc/
match http m|^HTTP/1\.1 302 Found\r\nLocation: https://:8010/\r\nConnection: close\r\n\r\n$| p/Fortinet FortiGuard block page/ d/security-misc/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Length: 13\r\nConnection: close\r\n\r\nBAD REQUEST :>| p/Flightradar24 fr24feed settings httpd/ cpe:/a:flightradar24:fr24feed/
match http m|^HTTP/1\.0 404\r\nServer: Standard ERP ([\d.]+) \d{4}-\d\d-\d\d\r\nDate: | p/HansaWorld Standard ERP/ v/$1/ cpe:/a:hansaworld:standard_erp:$1/
match http m|^HTTP/1\.1 200 OK\r\nX-UA-Compatible: IE=edge\r\nX-Graylog-Node-ID: [a-f\d-]{36}\r\n(?:Vary: Accept-Encoding\r\n)?Content-Type: text/html\r\nDate: .*\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n| p/Graylog2 web interface/ cpe:/a:graylog:graylog2/
match http m|^HTTP/1\.0 411 Length Required\r\nDate: .*\r\nServer: RedBack Application Server ([\d.]+)\r\n| p/IBM RedBack Application Server SOAP/ v/$1/ cpe:/a:ibm:redback_application_server:$1/
match http m|^HTTP/1\.0 403 Forbidden\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<h1>Forbidden</h1>Rejected request from RFC1918 IP to public server address| p/OpenWrt admin httpd/ i/rejected RFC1918 address/
match http m|^HTTP/1\.1 302 Object Moved\r\nLocation: https://.*\r\nContent-Type: text/html\r\nCache-Control: private\r\nConnection: close\r\n\r\n<head><body> This object may be found <a HREF="https://[^"]*">here</a> </body>| p/Citrix NetScaler https redirect/ d/load balancer/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\n\r\n<HTML>\n<HEAD><META http-equiv="Content-Type" content="text/html; charset=utf-8"><TITLE>Cisco .*>Cisco IP Phone CP-(\d+) \(|s p/Cisco Unified IP Phone httpd/ i/model: $1/ cpe:/h:cisco:unified_ip_phone_$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\n\r\n[A-Z\d]+\r\n<!DOCTYPE html>\n<html lang="en">\n<head>\n  <meta charset="utf-8">\n  <meta http-equiv="X-UA-Compatible" content="IE=edge">\n  <meta name="viewport" content="width=device-width, initial-scale=1\.0">\n  <meta name="description" content="ympd - fast and lightweight MPD webclient">\n  <meta name="author" content="andy@ndyk\.de">| p/ympd/ cpe:/a:ndyk.de:ympd/
match http m|^HTTP/1\.1 303 See Other\r\nLocation : /postage/\r\n\r\n$| p/Workflow Envelope httpd/ cpe:/a:workflow_products:envelope/
match http m|^HTTP/1\.1 200\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html>\n<html lang="en"><!-- See http://www\.w3schools\.com/tags/ref_language_codes\.asp -->\n<head>\n    <meta http-equiv="Content-Type" content="text/html" charset="UTF-8">\n    <title>XX-Net</title>| p/XX-Net web proxy tool/
match http m|^HTTP/1\.1 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=ISO-8859-1\r\nDate: .*\r\nExpires: 0\r\nPragma: no-cache\r\nServer: 4D/([\d.]+)\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN">\n<html>\n<head>\n<title>TOPIX8| p/4D RDBMS web server/ v/$1/ i/TOPIX8 CRM/ cpe:/a:4d_sas:4d:$1/ cpe:/a:topix:topix8/
match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: PHPSESSID=\w+; path=/; secure\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache\r\nContent-type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\nDate: .*\r\nServer: Server\r\n\r\n| p/Ubiquiti Edge router httpd/ d/router/
match http m|^HTTP/1\.1 200 OK\r\nServer: Plack::Handler::Starlet\r\nSet-Cookie: RT_SID_ticket\.([\w._-]+?)\.\d+=| p/Plack Starlet/ i/Request Tracker/ h/$1/ cpe:/a:best_practical:request_tracker/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/plain; charset=utf-8\r\nX-Content-Type-Options: nosniff\r\nDate: .*\r\nContent-Length: 19\r\n\r\n404 page not found\n| p|Golang net/http server| i/Go-IPFS json-rpc or InfluxDB API/ cpe:/a:golang:go/ cpe:/a:influxdata:influxdb/ cpe:/a:protocol_labs:go-ipfs/
match http m=^HTTP/1\.0 200 OK\r.*\nServer: WildFly/(\d+)\r.*\nLiferay-Portal: Liferay (Community|Enterprise) Edition Portal ([\d.]+) (?:[A-Z]E )?([A-Z]{1,2}\d+)=s p/Liferay Portal $2 Edition/ v/$3 $4/ i/JBoss WildFly Application Server $1/ cpe:/a:liferay:liferay_portal:$3:$4:$2/ cpe:/a:redhat:jboss_wildfly_application_server:$1/
# Samsung SL-C430W
match http m|^HTTP/1\.1 200 OK\r\nContent-Type:text/html\r\nExpires: Thu, 1 Jan 1998 00:00:00 GMT\r\nPragma: no-cache\r\nServer: LPC Http Server/V1\.0\r\n.*<TITLE>KONICA MINOLTA Page Scope Web Connection for (\d+)</TITLE>|s p/Konica Minolta $1 printer http admin/ d/printer/ cpe:/h:konicaminolta:$1/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control:no-cache\r\nPragma:no-cache\r\nExpires:[smtwf].*\r\n\r\n<!DOCTYPE html>\n<script>\nvar g_Lan=\d+,g_level=\d+,g_year=\d+,g_title='([^']+)';| p/TP-LINK $1 switch http admin/ d/switch/ cpe:/h:tp-link:$1/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control:no-cache\r\nPragma:no-cache\r\nExpires:[smtwf].*\r\n\r\n<script>\nvar logonInfo = new Array\(\n\d+,\n0,0\);\nvar g_Lan = \d+;\nvar g_year=\d\d\d\d;| p/TP-LINK switch http admin/ d/switch/
match http m|^HTTP/1\.1 200 OK\r\nCACHE-CONTROL: no-cache\r\nDate: .*\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">\r\n<title>replace</title>\n| p/Huawei WAP http admin/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nCACHE-CONTROL: no-cache\r\nDate: .*\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">\r\n<link rel="icon" type="image/icon" href="/favicon\.ico"/>\n<title>(H\w+)</title>\n| p/Huawei $1 WAP http admin/ d/WAP/ cpe:/h:huawei:$1/a
match http m|^HTTP/1\.1 302 Object Moved\r\nLocation: /vpn/index\.html\r\n(?:Set-Cookie: NSC_[^\r\n]+\r\n)*?Set-Cookie: NSC_AAAC=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure\r\n| p/Citrix NetScaler SSL VPN/ d/security-misc/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: PDR-M800/1\.0\r\nDate: .*\r\nContent-Type: text/plain\r\nCache-Control: no-cache, must-revalidate\r\nPragma: no-cache\r\nExpires: -1\r\nTransfer-Encoding: chunked\r\n(?:Set-Cookie: CMSID=[a-f\d]+\r\n)?WWW-Authenticate: Digest realm="Control", domain="PDVR M800"| p/Sanyo M800 DVR http admin/ d/webcam/ cpe:/h:sanyo:m800/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: ENP-PSNA-WEB/([\d.]+)\r\nWWW-Authenticate: Basic realm="Welcome to PSNA Web/SNMP Agent\. Please use IE5\.0 or higher\. "\r\n| p|Emerson Network Power PSNA Web/SNMP Agent| v/$1/ d/power-misc/ cpe:/h:emersonnetworkpower:psna_web/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Type: text/html\r\nConnection: close\r\nDate: .*\r\nContent-Length: 142\r\n\r\n<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server\.</p></body></html>\n| p/Cisco Meraki firewall httpd/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: 3306\r\nConnection: close\r\n\r\n\xef\xbb\xbf<!DOCTYPE html>\r\n<!--\[if lte IE 8\]><html class="ie ie8" lang="ko"><!\[endif\]-->\r\n<!--\[if gte IE 9\]><html class="ie ie9" lang="ko"><!\[endif\]-->\r\n<html lang="ja">| p/Humax HG100R router http admin/ d/broadband router/ cpe:/h:humax:hg100r/
match http m|^HTTP/1\.1 200 OK\nContent-Type: text/html;charset=windows-1252\nContent-Length: \d+\n\n<HTML>\r\n<HEAD>\r\n<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">\r\n<TITLE>DYMO LabelWriter Print Server</TITLE>| p/DYMO LabelWriter http admin/ d/print server/
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\n\r\n<html><head><title>hue personal wireless lighting</title></head><body><b>Use a modern browser to view this resource\.</b></body></html>| p/Philips Hue wireless lighting bridge/ cpe:/h:philips:hue_bridge/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: Fri, 18 Jul 1980 22:23:36 GMT\r\nLast-Modified: Fri, 18 Jul 1980 22:23:36 GMT\r\nExpires: Fri, 18 Jul 1980 22:23:36 GMT\r\nServer: Z-World Rabbit\r\nConnection: close\r\nCache-Control: no-cache no-store\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm="FireEye Bypass Switch"\r\n\r\n| p/Z-World Rabbit microcontroller httpd/ i/FireEye AFO Bypass switch/ d/switch/
match http m|^HTTP/1\.0 200 OK \r\nCache-Control: no-cache\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<title id="titl">Login</title>| p/Atlona AT-UHD-CLSO-612 video scaler httpd/ d/media device/ cpe:/h:atlona:at-uhd-clso-612/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<!doctype html>\n<html dir="ltr" lang="en">\n\n<head>\n    <meta charset="utf-8">\n    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">\n    <meta http-equiv="X-UA-Compatible" content="IE=edge">\n    <meta name="viewport" content="width=device-width, initial-scale=1\.0, maximum-scale=1\.0, user-scalable=no" />\n    <title>NGFW Authentication</title>| p/Forcepoint Stonesoft NGFW http admin/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\n\r\n<html>\r\n<head>\r\n<title>ACURITE Weather Station</title>| p|Microchip Libraries of Applications TCP/IP Stack httpd| i/ACURITE weather station/ cpe:/a:microchip_technology_inc:mla/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .*\r\nServer: Linux/([\d.]+) Sony-BDV/([\d.]+)\r\n\r\n| p/Sony BDV media center httpd/ v/$2/ d/media device/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/a
match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nDate: .*\r\nX-AV-Client-Info\.sony\.com: av=([\d.]+); cn="Sony Corporation"; mn="([^"]+)"; mv="([\d.]+)";\r\n| p/Sony $2 http media client/ i/av=$1; mv=$3/ d/media device/ cpe:/h:sony:$2/
match http m|^HTTP/1\.1 200 \r\nContent-Type: text/html;charset=UTF-8\r\nDate: .*\r\nConnection: close\r\n\r\n\n\n\n<!DOCTYPE html>\n<html lang="en">\n    <head>\n {8}<meta charset="UTF-8" />\n {8}<title>Apache Tomcat/(\d[\w._-]+)</title>| p/Apache Tomcat/ v/$1/ cpe:/a:apache:tomcat:$1/a
match http m|^HTTP/1\.1 200 \r\nAccept-Ranges: bytes\r\nETag: W/"[^"]+"\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n<\?xml version="1\.0" encoding="ISO-8859-1"\?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN"\n   "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\n<html xmlns="http://www\.w3\.org/1999/xhtml" xml:lang="en" lang="en">\n<head>\n    <title>Apache Tomcat</title>| p/Apache Tomcat/ cpe:/a:apache:tomcat/a
match http m|^HTTP/1\.0 200 OK\r\nConnection: Keep-Alive\r\nContent-Type: text/xml\r\nContent-Length: \d+\r\nX-Transcend-Version: 1\r\n\r\n<\?xml version="1\.0" encoding="UTF-8"\?>\n<config-auth client="vpn" type="auth-request">\n<version who="sg">0\.1\(1\)</version>\n<auth id="main">\n<message>Please enter your username</message>\n<form method="post" action="/auth">\n<input type="text" name="username" label="Username:" />\n</form></auth>\n</config-auth>| p/OpenConnect Server httpd/ cpe:/a:infradead:ocserv/
match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: webvpncontext=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure\r\nContent-Type: text/xml\r\nContent-Length: \d+\r\nX-Transcend-Version: 1\r\n\r\n| p/OpenConnect Server httpd/ cpe:/a:infradead:ocserv/
match http m|^HTTP/1\.0 505 HTTP Version not supported\r\nDate: .*\r\nAccept-Ranges: bytes\r\nContent-Length: 0\r\n\r\n| p/iOS Call Recorder httpd/ o/iOS/ cpe:/a:yaniv_danan:ioscallrecorder/ cpe:/o:apple:iphone_os/a
match http m|^HTTP/1\.1 303 See Other\r\nLocation: /logon\.htm\r\nContent-Length: 0\r\nServer: Intel\(R\) Management & Security Application ([\d.]+)\r\n\r\n| p/Intel Management & Security Application httpd/ v/$1/ cpe:/a:intel:management_engine_components:$1/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Type: application/json; charset=utf-8\r\nDate: .*\r\nServer: kong/([\d.]+)\r\n| p/Kong http reverse-proxy/ v/$1/ cpe:/a:mashape:kong:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/plain; charset=utf-8\r\nWww-Authenticate: Basic realm="kubernetes-master"\r\nX-Content-Type-Options: nosniff\r\nDate: .*\r\nContent-Length: 13\r\n\r\nUnauthorized\n| p/Kubernetes master node httpd/ cpe:/a:kubernetes:kubernetes/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: application/json\r\nDate: .*\r\nConnection: close\r\n\r\n\{"tinylr":"Welcome","version":"([\d.]+)"\}| p/tinylr httpd/ v/$1/ cpe:/a:mickael_daniel:tinylr:$1/
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nContent-Length: 0\r\n\r\n$| p/AppDynamics EUM server or Apache Mesos slave/
match http m|^HTTP/1\.1 200 OK\r\nAccess-Control-Allow-Origin: \*\r\nContent-Length: 81\r\n\r\nThis is a Minecraft server\. HTTP on this port by JSONAPI\. JSONAPI by Alec Gorge\.\n| p/Minecraft JSONAPI/ cpe:/a:alec_gorge:jsonapi/
# Trying again with SSL will probably yield server headers with versions.
match ssl m|^<html>\n<head>\n<script>\n\tvar redirect = "https://" \+ window\.location\.host;\n\tfunction redirectPage\(\) \{\n\t\twindow\.location\.href= redirect;\n\t\}\n</script>\n<noscript>\n\t<META http-equiv='Refresh' content='0; URL=https://[^']*'>\n</noscript>\n</head>\n\n<body onLoad="redirectPage\(\);">\nRedirecting to SSL secured connection\.\n<p>| p/Plesk Parallels Virtual Automation https redirect/
match http m|^HTTP/1\.1 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: Powered by Highwinds-Software\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nX-HW:|s p/Highwinds CDN httpd/
match http m|^HTTP/1\.[01] 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: \d+\r\nCache-Control: max-age=0, no-store, no-cache\r\nx-enc: Ext1, Basic\r\nServer: Dell (\w+) Mono MFP, sn=(\w+)\r\n\r\n| p/Dell $1 printer httpd/ i/serial: $2/ d/printer/ cpe:/h:dell:$1/a
match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: https?:///hub/\r\nContent-Length: 0\r\n\r\n| p/Qlik Sense httpd/ cpe:/a:qlik:qlik_sense/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Cricut Hyperion v([\d.]+)\r\n.*"Plugin" : \n\t\{\n\t\t"Debug" : false,\n\t\t"Version" : "([\d.]+)"\n\t\},|s p/Cricut Hyperion httpd/ v/$1/ i/Plugin version $2/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\nContent-Length: \d+\r\nDate: .*\r\n\r\n<HTML>\r\n<BODY>\r\n<center><font size=6>Reports Server 'RK\d+SRV' \(PID: \d+, Version: ([\d.]+)\)</font>| p/R-Keeper Reports Server/ v/$1/ cpe:/a:ucs:r-keeper:$1/
match http m|^HTTP/1\.0 200 Ok\r\nServer: jjhttpd v([\d.]+)\r\n| p/jjhttpd/ v/$1/ i/D-Link or TRENDNet WAP/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nServer: WindRiver-WebServer/([\d.]+)\r\nConnection: close\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm="[^"]+"\r\n\r\n.*Device Information</FONT></B>\r\n<p ALIGN=center><B><font color="#FFFFFF" size="4">Cisco IP Phone CP-(\d+) \(|s p/WindRiver WebServer/ v/$1/ i/Cisco IP Phone $2/ d/VoIP phone/ cpe:/h:cisco:unified_ip_phone_$2/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html \r\nSet-Cookie: P4W\d+=([^;\r\n]+); expires=Fri, 1-Dec-1999 23:59:59 GMT; path=/ \r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.0 Transitional//EN"\n"http://www\.w3\.org/TR/REC-html40/loose\.dtd">\n<Html>\n<Head>\n<Title>P4Web - Login</Title>| p/Perforce P4Web httpd/ i/name: $1/ cpe:/a:perforce:p4web/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nServer: TR069 client CLI Server\r\nConnection: close\r\n\r\n| p/Alcatel-Lucent I-240W-A WAP TR069/ d/WAP/ cpe:/h:alcatel-lucent:i-240w-a/a
match http m|^HTTP/1\.1 200 OK\r\nExpires: .*\r\nDate: .*\r\nContent-type: text/html\r\n\r\n<\?xml version="1\.0" encoding="iso-8859-1"\?>\n<!DOCTYPE html PUBLIC\n    "-//W3C//DTD XHTML 1\.0 Transitional//EN"\n    "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\n\n<html style="overflow:hidden" xmlns="http://www\.w3\.org/1999/xhtml">\n\n<head>\n<!--\n\*{74}\n\* \(C\) Copyright 2\d\d\d-2\d\d\d Hewlett-Packard Development Company, L\.P\.\n| p/HP Integrated Lights-Out https redirector/ d/remote management/ cpe:/h:hp:integrated_lights-out/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><head><title>FlexiServer</title>| p/NCH FlexiServer/ cpe:/a:nchsoftware:flexiserver/
match http m|^HTTP/1\.1 200 OK\r\nServer: streamEye/(\d[\w._-]*)\r\n| p/streamEye MJPEG streaming httpd/ v/$1/ cpe:/a:calin_crisan:streameye:$1/
match http m|^HTTP/1\.1 302 Found\r\nConnection: Keep-Alive\r\nServer: (\w+) IP PRO/([\d.]+)\r\n| p/Siemens Gigaset $1 DECT phone httpd/ v/$2/ d/VoIP phone/ cpe:/h:siemens:gigaset_$1/
match http m|^HTTP/1\.0 403 Forbidden\r\nDate: .*\r\nServer: RealPlayer Cloud Service/([\d.]+) \(win-x86-vc10\)\r\nPragma: no-cache\r\nContent-Type: application/json\r\n| p/RealPlayer Cloud httpd/ v/$1/ o/Windows/ cpe:/a:real:realplayer_cloud:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\+00:00\r\nServer: HttpServer/([\d.]+)\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html>\r\n<html lang="en">\r\n<head>\r\n    <meta charset="UTF-8">\r\n    <title>CM Transfer</title>| p/CM Transfer HttpServer/ v/$1/ cpe:/a:cheetah_mobile_cloud:cm_transfer:$1/
match http m|^HTTP/1\.[01] 401 Unauthorized\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nDate: .*\r\nServer: Moonware\.MiniHttpd/([\d.]+)\r\n| p/Moonware MiniHttpd/ v/$1/ cpe:/a:moonware:netcam_studio:$1/
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: .*\r\nServer: sky\r\n\r\n| p/Sky+HD photo display httpd/ d/media device/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: https:///\r\nContent-length: 0\r\n\r\n$| p/Compact IP-DECT Base Station/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nConnection: close\r\nPragma: no-cache\r\nExpires: Fri, 01 Jan 1971 00:00:00 GMT\r\nCache-Control: no-cache, must-revalidate\r\nP3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"\r\nLocation: https://portal\.moovmanage\.com/| p/FleetConnect MoovManage WiFi gateway/ d/WAP/
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .* GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 0\r\n\r\n| p/AgileBits 1Password 3/ cpe:/a:agilebits:1password/
match http m|^HTTP/1\.1 200 Ok\r\nDate: .* GMT\r\nAccept-Ranges: bytes\r\nConnection: close\r\nLast-Modified: .* GMT\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\n\r\n\xef\xbb\xbf<html>\n<head>\n<meta http-equiv="Content-type" CONTENT="text/html; charset=UTF-8">\n<script type="text/javascript" src="/js/variable_6\.js"></script>| p/AirLive POE-100HD webcam http admin/ d/webcam/ cpe:/h:airlive:poe-100hd/a
match http m|^HTTP/1\.1 303 See Other\r\nLocation: /logon\.htm\r\nContent-Length: 0\r\nServer: AMT\r\n\r\n| p/Intel Active Management Technology http admin/ d/remote management/ cpe:/h:intel:active_management_technology/
match http m|^HTTP/1\.0 403 Forbidden\r\nContent-Type: text/plain; charset=utf-8\r\nX-Content-Type-Options: nosniff\r\nDate: .* GMT\r\nContent-Length: 17\r\n\r\nHost check error\n| p/Syncthing Web UI/ cpe:/a:syncthing:syncthing/
match http m|^HTTP/1\.1 200 OK\r\nPragma: no-cache\r\nCache-Control: no-cache, must-revalidate\r\nExpires: Thu, 27 Dec 1986 07:30:00 GMT\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2\.0//EN"><html><head><title>APE Server</title></head><body><h1>APE Server</h1><p>No command given\.</p><hr><address>http://www\.ape-project\.org/ - Server (\d[\w._-]+) \(Build ([^\)]+)\)</address></body></html>| p/APE Comet Server/ v/$1/ i/build: $2/ cpe:/a:ape_project:ape_server:$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:Content-Type: text/html\r\n)?Server: Virtual Web ([\d.]+)\r\n| p/ZyXEL Virtual Web httpd/ v/$1/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nServer: Coturn-([\d.]+) '[^']+'\r\n| p/Coturn TURN server http admin/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: RealTimes Desktop Service/(\d[\w._-]+) \(win-(x[^-]+)-vc\d+\)\r\n| p/RealPlayer RealTimes Desktop Service/ v/$1/ i/arch: $2/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Length: 185\r\nContent-Type: text/html; charset=UTF-8\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang="en">\n<head>\n<meta charset="utf-8"/>\n<title>EasyAntiCheat</title></head>\n<body>\n<div style="text-align:center"><p>400 - Bad Request</p>\n</div>\n</body>\n</html>| p/EasyAntiCheat/ cpe:/a:easyanticheat:easyanticheat/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: EgdLws ([\d.]+)\r\n|s p/GE Ethernet Global Data Configuration Server/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN" "http://www\.w3\.org/TR/html4/loose\.dtd">\n<html><HEAD><TITLE>get_iplayer Web PVR Manager (\d[\w._-]+)</TITLE>| p/get_iplayer web UI/ v/$1/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/plain; charset=utf-8\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nDate: .*\r\nContent-Length: 19\r\n\r\n404 page not found\n| p/Gophish httpd/ cpe:/a:jordan_wright:gophish/
match http m|^HTTP/1\.0 302 Found\r\nLocation: /login\r\nSet-Cookie: _gorilla_csrf=[^;]+; HttpOnly; Secure\r\nVary: Accept-Encoding\r\nVary: Cookie\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<a href="/login">Found</a>| p/Gophish httpd/ cpe:/a:jordan_wright:gophish/
match http m|^HTTP/1\.1 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: .*\r\netag: W/"[-\da-f]+"\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: \d+\r\ndate: .*\r\nconnection: close\r\n\r\n<!DOCTYPE html>\n<html>\n  <head>\n    <title>hotel</title>| p/hotel web process manager/ i/Node.js Express framework/ cpe:/a:nodejs:node.js/ cpe:/a:typicode:hotel/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .* GMT\r\nServer: darkhttpd/(\d[\w._-]+)\r\n| p/darkhttpd/ v/$1/ cpe:/a:emil_mikulic:darkhttpd:$1/
match http m%^HTTP/1\.1 401 Unauthorized\r\nServer: Aragorn\r\nWWW-Authenticate: Basic realm="(Mitel|Aastra) (\w+(?: CT)?)"\r\n% p/$1 $2 VoIP phone http admin/ d/VoIP phone/ cpe:/h:$1:$2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Digest realm="Use 'live' as User Name in order to log in to the respective level",nonce="[a-f0-9]{32}",opaque="",stale=FALSE,algorithm=MD5,qop="auth"\r\n\r\n| p/Bosch DINION IP Bullet 5000 webcam http admin/ d/webcam/ cpe:/h:bosch:ip_bullet_5000/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: Webbit\r\nDate: .* ([A-Z]+)\r\nContent-Length: 0\r\n\r\n| p/Webbit httpd/ i/time zone: $1/ cpe:/a:joewalnes:webbit/
match http m|^HTTP/1\.0 200 Ok\r\nContent-Type: text/html\r\nServer: httpd\r\n.*<title>[^<]* \(build (\d+)\) - Info</title>|s p/DD-WRT milli_httpd/ i/build $1/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
# Estos MetaDirectory, but version is not for MetaDirectory
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: ESTOS WebServer/([\d.]+)\r\n| p/Estos GMBH webserver/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: IP Speaker Web interface\r\nContent-type: text/html\r\nContent-length: \d+\r\nConnection: close\r\n\r\n.*<title>IP Speaker ([a-f\d]{2})([a-f\d]{2})([a-f\d]{2})([a-f\d]{2})([a-f\d]{2})([a-f\d]{2}) at |s p/Advanced Network Devices IP Speaker web interface/ i/MAC: $1:$2:$3:$4:$5:$6/ d/media device/ cpe:/a:advanced_network_devices:ip_speaker/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: Tableau\r\n\r\n| p/Tableau API server/ cpe:/a:tableausoftware:tableau_server/
match http m|^HTTP/1\.1 404 No Encontrado\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: Tableau\r\n\r\n| p/Tableau API server/ i/Spanish/ cpe:/a:tableausoftware:tableau_server::::es/
match http m|^HTTP/1\.1 404 Introuvable\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: Tableau\r\n\r\n| p/Tableau API server/ i/French/ cpe:/a:tableausoftware:tableau_server::::fr/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nLast-Modified: .*\r\nDate: .*\r\nContent-Length: 83\r\n\r\n<pre>\n<a href="db/">db/</a>\n<a href="fingerprint\.json">fingerprint\.json</a>\n</pre>\n| p/EliasDB/ cpe:/a:matthias_ladkau:eliasdb/
# Not sure if this is Wink Hub or just node.js
match http m|^HTTP/1\.1 401 not authorized\r\ncontent-length: 28\r\ncontent-type: application/json\r\nDate: .*\r\nConnection: close\r\n\r\n\{"message":"not authorized"\}| p/Wink Hub 2 API httpd/ d/specialized/ cpe:/h:wink:hub_2/
match http m|^HTTP/1\.1 401 not authorized\r\ncontent-length: 33\r\ncontent-type: application/json\r\nDate: .*\r\nConnection: close\r\n\r\n\{"description":"not authorized"\}\n| p/Wink Hub 2 API httpd/ d/specialized/ cpe:/h:wink:hub_2/
match http m|^HTTP/1\.0 200 OK\r\n(?:X-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1\r\n)?Content-Type: text/html; charset=utf-8\r\nLast-Modified: .*\r\nExpires: 0\r\nPragma: no-cache\r\nConnection: close\r\n\r\n(?:\r\n)?<!DOCTYPE html>(?:\r\n)+<html>\r\n *<head>\r\n *<meta charset="UTF-8"(?: /)?>\r\n *<meta name="ROBOTS" content="NOINDEX, FOLLOW" />\r\n *(?:<meta name="viewport" content="initial-scale=1,user-scalable=no,maximum-scale=1,width=device-width" />\r\n *)?<title>WorldClient</title>\r\n\t *<link rel="shortcut icon" href="[^"]+\.ico\?v=([\d.]+)| p/Alt-N MDaemon webmail/ v/$1/ cpe:/a:altn:mdaemon:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: antid\r\nDate: .* \d\d\d\d\r\nWWW-Authenticate: Digest realm="KEENETIC LITE", qop="auth", nonce="[0-9a-f]{32}", opaque="[0-9a-f]{32}", algorithm="MD5", stale="FALSE"\r\n| p/antid httpd/ i/ZyXEL Keenetic Lite WAP/ d/WAP/
match http m|^HTTP/1\.0 200 Ok\r\nServer: ZiBASE([\d.]+)\r\n| p/Zodianet ZiBASE home automation httpd/ v/$1/ d/specialized/
match http m|^HTTP/0\.0 501 Not Implemented\r\nServer: ZiBASE([\d.]+)\r\n| p/Zodianet ZiBASE home automation httpd/ v/$1/ d/specialized/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: server\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>404 Not Found</title>\r\n</head>\r\n<body>\r\n<h1>Not Found</h1>\r\n</body>\r\n</html>\r\n| p/Pentax K-1 camera httpd/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-store\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: \d+\r\n\r\n<script>RT='/(DGS-\d\w+(?:-\d+))_([\d.]+)/';</script>| p/D-Link $1 switch http admin/ v/$2/ d/switch/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.0 4\d\d .*\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\nDate: .*\r\n\r\n\n\n<!DOCTYPE html>\n<html lang="en">\n    <head>\n        <title>[^<]+</title>\n        <link rel="shortcut icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAlFJREFUeNqUU8tOFEEUPVVdNV3dPe8xYRBnjGhmBgKjKzCIiQvBoIaNbly5Z\+PSv3Aj7DSiP2B0rwkLGVdGgxITSCRIJGSMEQWZR3eVt5sEFBgTb| p/Play Framework/ cpe:/a:zenexity:play_framework/
# Collaborator version is not Burp Suite version
match http m|^HTTP/1\.1 200 OK\r\nServer: Burp Collaborator https://burpcollaborator\.net/\r\nX-Collaborator-Version: ([\d.]+)\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n| p/Burp Collaborator/ v/$1/ cpe:/a:portswigger:burp_suite/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nServer: IP Webcam Server ([\d.]+)\r\nCache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0\r\nPragma: no-cache\r\nExpires: -1\r\n| p/IP Webcam Android app/ v/$1/ d/phone/ cpe:/a:com.pas:webcam:$1/

# version strings show up sometimes, but not reliable and not reflecting actual firmware version.
match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\nDate: .* GMT\r\nLast-Modified: .* GMT\r\nEtag: "\d+:[a-f\d]+"\r\nCONTENT-LENGTH: \d+\r\nCACHE-CONTROL: max-age=0\r\nCONTENT-TYPE: text/html\r\n\r\n<!DOCTYPE html>\r\n<html>\r\n<head>\r\n    <title></title>| p/Amcrest IP camera http interface/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\n(?:Date: .*\r\nLast-Modified: .*\r\nEtag: "\d+:[\da-f]+"\r\n)?CONTENT-LENGTH: \d+\r\n(?:P3P: CP=CAO PSA OUR\r\n)?(?:CACHE-CONTROL: max-age=0\r\n)?CONTENT-TYPE: text/html\r\n\r\n\xef\xbb\xbf<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\r\n<html> *\r\n *<head>\r\n *<title>| p/Dahua webcam httpd/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\n(?:Date: .*\r\nLast-Modified: .*\r\nEtag: "\d+:[\da-f]+"\r\n)?CONTENT-LENGTH: \d+\r\n(?:P3P: CP=CAO PSA OUR\r\n)?(?:CACHE-CONTROL: max-age=0\r\n)?CONTENT-TYPE: text/html\r\n\r\n\xef\xbb\xbf<!DOCTYPE html(?: PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd")?>\r\n<html> *\r\n *<head>\r\n *<title>| p/Dahua webcam httpd/ d/webcam/

match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\nCONTENT-LENGTH: \d+\r\nCONTENT-TYPE: text/html\r\n\r\n\xef\xbb\xbf<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r\n<html> \r\n<head>\r\n<title>WEB SERVICE</title>| p/ADT Home Security web management interface/ d/security-misc/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nConnection: Close\r\nLocation: /admin/\r\nCache-Control: no-store,no-cache,must-revalidate\r\nPragma: no-cache\r\nExpires: -1\r\nLast-Modified: Mon, 12 Jan 2000 13:42:42 GMT\r\nContent-Type: text/html\r\n\r\n| p/Netasq firewall http admin/ d/firewall/
match http m|^HTTP/1\.1 203 Non-Authoritative Information\r\nContent-Type: text/html\r\nServer: AudioCodes Web Server/ \r\n| p/AudioCodes Session Border Controller httpd/ d/security-misc/
# Version is not nVision version
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Axence nVision WebAccess HTTP Server/(\d[\w._-]+)\r\n|s p/Axence nVision WebAccess httpd/ v/$1/ o/Windows/ cpe:/a:axence:nvision/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 302 Found\r\nDate: .*\r\nLocation: /home\.fcgi\r\nContent-Type: text/plain\r\nContent-Length: 24\r\n\r\nRedirected to /home\.fcgi| p/Legrand Nuvo audio player/ d/media device/
# https://github.com/ael-code/daikin-control
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Length: 30\r\nContent-Type: text/plain\r\n\r\nret=PARAM NG,msg=404 Not Found| p/Daikin air conditioning unit REST API httpd/ d/specialized/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest  realm="spa user", domain="/",nonce="[0-9a-f]{40}",opaque="[0-9a-f]{40}",algorithm="MD5",qop="auth"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n  <head>\n    <title>Cisco SPA Configuration</title>| p/Cisco SPA IP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.[01] .*\r\nServer: Interlogix-Webs\r\n| p/Interlogix TruVision DVR web interface/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: ADB Broadband HTTP Server\r\n| p/ADB Broadband embedded httpd/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nEtag: "[\da-f]+\.\d+"\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\nAccept-Ranges: bytes\r\n\r\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Transitional//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\r\n<html xmlns="http://www\.w3\.org/1999/xhtml"><head>\r\n<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">\r\n<title>Gateway</title>\r\n<link rel="icon" type="image/png" href="assets/favico\.png">| p/Abode home security gateway/ d/security-misc/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nLocation: /ide\.html\r\nDate: .* GMT\r\nConnection: close\r\n\r\n| p/Cloud9 IDE/ cpe:/a:cloud9:cloud9_ide/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nCache-Control: private, no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0\r\nExpires: 0\r\nPragma: no-cache\r\n\r\n<!DOCTYPE html><html><head><title>ZentriOS Web App</title>| p/ZentriOS Web App/ o/ZentriOS/ cpe:/o:zentri:zentrios/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: HTTP://[^:]+:\d+/printer/index\.html\r\n| p/Zebra ZTC 105SL printer http admin/ d/printer/ cpe:/h:zebra:ztc_105sl/a
match http m|^HTTP/1\.1 404 Not Found\r\nServer: Keil-EWEB/(\d[\w._-]*)\r\nContent-type: text/html\r\nConnection: close\r\n\r\n<head><title>DNS8 Web Server Error</title>| p/Keil Embedded Web Server/ v/$1/ i/Cedar Audio DNS 8 noise supressor/ d/media device/ cpe:/a:keil:eweb:$1/ cpe:/a:keil:rl-arm/ cpe:/h:cedar_audio:dns_8/
match http m|^HTTP/1\.0 400 Bad Request\r\nSERVER: Parrot\r\nCONTENT-TYPE: text/html\r\nCONTENT-LENGTH: \d+\r\n\r\n<html><head><title>400 Bad Request</title></head><body></body></html>| p/Parrot S.A. embedded httpd/
match http m|^HTTP/1\.1 404 Not Found\r\nX-Powered-By: SoundTouch REST Music Server\r\nContent-Type: application/json; charset=utf-8\r\n| p/Bose SoundTouch Music Server REST API/
match http m|^HTTP/1\.0 \d\d\d .*\r\n(?:Date: .*\r\n)?Server: ZTE Web Server/1\.0\.0\r\n| p/ZTE broadband router admin httpd/ d/broadband router/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: (\S+)\r\nDate: [a-z]{3}, \d\d [a-z]{3} \d\d\d\d \d\d:\d\d:\d\d GMT\r\nContent-Length: 0\r\nConnection: Close\r\n\r\n$| p/Huawei switch admin httpd/ d/switch/ h/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html;charset=BIG5\r\nContent-Length: 677\r\n\r\n<html>  <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" > <title>VoIP Gateway</title> </head>\r\n <frameset rows="110,\*" framespacing="0" border="0" frameborder="0" id="FRAME_ROWS" >| p/Octtel SP4220 VoIP Gateway/ d/VoIP adapter/
match http m|^HTTP/1\.0 200 OK\r\n(?:Connection: close\r\n)?Server: fec/1\.0 \(Funkwerk BOSS\)\r\n| p/Funkwerk embedded httpd/ o/Funkwerk BOSS/ cpe:/o:funkwerk:boss/
match http m|^HTTP/1\.0 200 OK\r\n(?:Connection: close\r\n)?Server: boss/1\.0 \(BOSS\)\r\n| p/Funkwerk embedded httpd/ o/Funkwerk BOSS/ cpe:/o:funkwerk:boss/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: \d+\r\nSet-Cookie: HTTP_SESSION_ID=[a-f0-9]{32}; path=/;\r\nWWW-Authenticate: Basic realm="Modem \(Administrator, password=WepKey\)"\r\n\r\n<HTML><HEAD><TITLE>HTTP/1\.0 401 Authorization Required</TITLE></HEAD><BODY>\r\n<H1>HTTP/1\.0 401 Authorization Required</H1>\r\n</BODY></HTML>\r\n| p/Telmex modem admin httpd/ d/broadand router/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nContent-Encoding: gzip\r\nServer: Sentry360 \r\n\r\n| p/Sentry360 FS-IP5000 camera httpd/ d/webcam/ cpe:/h:sentry360:fs-ip5000/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nETag: "1899773965"\r\nLast-Modified: [^\r\n]*\r\nContent-Length: \d+\r\nConnection: close\r\nDate: [^\r\n]*\r\nServer: httpd\r\n\r\n.*<title>Speco IP Camera</title>|s p/Speco IP camera httpd/ d/webcam/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IQinVision Embedded 1\.0\r\nWWW-Authenticate: Basic realm="([^"]+)"\r\n| p/IQinVision embedded httpd/ i/realm: $1/ d/webcam/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm="VR-8xx"\r\nCache-control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\nDate: .*\r\nServer: JVC VR-809/816 API Server/1\.0\.0\r\n| p/JVC VR-800-series DVR admin httpd/ d/storage-misc/
match http m|^HTTP/1\.1 200 OK\r\nDate: Sat, 22 Oct 2016 15:45:40 GMT\r\nServer: http server 1\.0\r\nContent-type: text/html; charset=UTF-8\r\nLast-modified: Thu, 01 Sep 2016 02:17:20 GMT\r\nAccept-Ranges: bytes\r\nContent-length: 580\r\nVary: Accept-Encoding\r\nConnection: close\r\n\r\n<html style="background:#007cef">\n<head>\n| p/OwnCloud NAS/ d/storage-misc/ cpe:/a:owncloud:owncloud/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: Linux, HTTP/1\.1, MyNet(N\d+) Ver ([\d.]+)\r\nDate:| p/Western Digital MyNet $1 NAS httpd/ v/$2/ d/storage-misc/ cpe:/h:wdc:my_net_$1/ cpe:/o:wdc:my_net_firmware:$2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nWWW-Authenticate: Basic realm="\."\r\nContent-Type: text/html; charset=%s\r\nConnection: close\r\n\r\n\t\+<html>\n\+<head><title>401 Unauthorized</title></head>\n\+<body>\n\+<h3>401 Unauthorized</h3>\nAuthorization required\.\n </body>\n </html>\n| p/mini_httpd/ i/m0n0wall http admin/ cpe:/a:acme:mini_httpd/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nConnection: close\r\nDate: [^\r\n]+\r\n\r\n<!--\r\n<!DOCTYPE html PUBLIC.*<META NAME="ATEN International Co Ltd\." CONTENT="\(c\) ATEN International Co Ltd\. \d\d\d\d">|s p|ATEN/Supermicro IPMI web interface| d/remote management/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nContent-Length: \d\d?\r\nContent-Type: text/plain; charset=utf-8\r\n\r\nnixy (\d[\w._-]*)\n| p/Nixy/ v/$1/ cpe:/a:benjamin_martensson:nixy:$1/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nAccess-Control-Allow-Origin: \*\r\nAccess-Control-Allow-Methods: GET, POST, PUT\r\n\r\n\xef\xbb\xbf<!doctype html>\r\n<html>\r\n    <head>\r\n        <meta http-equiv="content-type" content="text/html; charset=utf-8">\r\n        <meta name="viewport" content="width=device-width, initial-scale=0\.7" />\r\n        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">\r\n        <title>Web-Modul</title>| p/Samson TROVIS 5590 web module/ cpe:/h:samson:trovis_5590/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nContent-Type: text/html; charset=iso-8859-1\r\nDate: .*\r\nLast-Modified: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\n(?:Cache-Control: no-cache,no-store\r\n(?:Cache-Control: max-age=86400\r\nExpires: .*\r\n)?)?WWW-Authenticate: Basic realm="restricted (?:devolo )?configuration website"\r\n\r\n| p/Devolo access point http admin/ d/WAP/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nLocation: http://[^:]*:9527/\r\n\r\nHTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\n\r\n| p/Kathrein SAT>IP-Server http admin/ d/specialized/
match http m|^HTTP/1\.1 401 OK\nWWW-Authenticate: Basic realm="PowerDNS"\nConnection: close\nContent-type: text/html; charset=UTF-8\n\nPlease enter a valid password!\n| p/PowerDNS stats httpd/ cpe:/a:powerdns:powerdns/
match http m|^HTTP/1\.1 302 Found\r\nLocation: http://[^/]+/solr/\r\n\r\n| p/Apache Solr/ cpe:/a:apache:solr/
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nDate: .*\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<META http-equiv="Content-Type" content="text/html; charset=UTF-8" />\n<link rel="icon" type="image/icon" href="/favicon\.ico"/>\n<script language="JavaScript" src="\.\./js/util\.js"></script>\n<script language="JavaScript" src="\.\./js/webtoolkit\.sha256\.js"></script>\n<script language="JavaScript" src="/lang/msgerrcode\.res"></script>\n| p/Huawei ADSL modem http admin/ d/broadband router/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Length: 22\r\nConnection: close\r\nLocation: /portal/index\.html\r\nContent-Type: text/plain\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n302 Moved Temporarily\n| p/Barracuda NextGen Firewall SSL VPN/ d/security-misc/
match http m|^HTTP/1\.1 200 OK \r\nCache: no-cache\r\nContent-Type: text/plain\r\nContent-Length: 4\r\n\r\nOK\r\n| p/NeoRouter SSL VPN/ d/security-misc/
match http m@^HTTP/1\.1 302 Found\r\nDate: .*\r\nServer: unknown\r\nLocation: https://[^/]+/__extraweb__EPCmicrointerrogatorpage\?success=%2F__extraweb__EPCmicrointerrogatordata%3Fsuccess%3D%252F__extraweb__realmform%253Fresource%253D((?:[^%]+|%(?!2526))+?)%2526alias%253D([\w._-]+)%2526r0%253D@ p/SonicWall SSL VPN/ i|resource: $SUBST(1,"%25252F","/")| h/$2/
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nServer: WatchGuard\r\nContent-Length: \d+\r\nExpires: Sun, 28 Jan 2007 00:00:00 GMT\r\nVary: Accept-Encoding\r\nLocation: https://[^/]+/quarantine\r\nPragma: no-cache\r\nSet-Cookie: session_id=| p/WatchGuard Quarantine Server/ cpe:/a:watchguard:quarantine_server/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: ZNC (\d[\w._-]*)(?:\+\S+)? - http://znc\.in\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\n| p/ZNC IRC webadmin/ v/$1/ cpe:/a:znc:znc:$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]*\r\nLast-Modified: [^\r\n]*\r\nEtag: "[a-f0-9]+\.[a-f0-9]+"\r\nContent-Type: text/html\r\nCache-Control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0\r\nExpires: 0\r\nPragma: no-cache\r\nVary: \*\r\nContent-Length: \d+\r\nConnection: close\r\nAccept-Ranges: bytes\r\n\r\n.*<title>Triax - Setup Service Tool</title>|s p/Triax telecom equipment setup httpd/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\n\r\n\{"rtn":108545,"msg":""\}| p/Thunder Xware/
match http m|^HTTP/1\.1 200 OK\.\r\nDate: .*\r\nServer: Reload ([\d.]+) Web Interface\r\nCache-control: no-cache\r\nSet-Cookie: GSESSID=[^;]+; path=/\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n| p/GWAVA Reload Server httpd/ v/$1/ cpe:/a:gwava:reload_server:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n.*\n\t<meta name="description" content="Gargoyle Firmware Webgui for router management\.">|s p/Gargoyle WAP firmware httpd/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Content-Length: \d+\r\nConnection: close\r\nDate: [^\r\n]*\r\nServer: yealink embed httpd\r\n\r\n|s p/Yealink VoIP phone httpd/ d/VoIP phone/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Network_Module/1\.0 \(([A-Z]+-\w+)\)\r\n| p/Yamaha AV device httpd/ i/model: $1/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: OtherWebServer\r\n\r\n| p/ESET Remote Administrator Web Console/ cpe:/a:eset:eset_remote_administrator/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Encoding: gzip\r\nContent-Length: \d+\r\nConnection: close\r\nAccess-Control-Allow-Origin: \*\r\n\r\n\x1f\x8b\x08\x08....\0\x03index\.html\0|s p/nwts Nixie clock sync/ cpe:/h:azevedo:nwts/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html; charset=utf-8\n\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN">\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>Handle Proxy</TITLE>| p/Handle System Proxy Server/
match http m|^HTTP/1\.1 200 OK\nContent-Length: \d+\nContent-Type: text/html\n\n<html>\r\n<head>\r\n\t\r\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8">\r\n<meta name="GENERATOR" content="iniNet SpiderControl TM">\r\n<title> CoMo Net/View </title>\r\n| p|Kistler ControlMonitor CoMo Net/View http ui| d/specialized/
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Type: application/json\r\nDate: .*\r\nContent-Length: 66\r\n\r\n\{\n\t"key": "noAuthHeader",\n\t"message": "No Authentication header"\n\}| p/Plex Media Server/ i/WD MyCloud/ cpe:/a:plex:plex_media_server/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nLast-Modified: .*\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3\.2//EN">\r\n<HTML>\r\n\r\n<HEAD>\r\n\t<link rel="SHORTCUT ICON" href="/ras\.ico">\r\n\r\n<META HTTP-EQUIV="Content-Type" CONTENT="text/html;CHARSET=iso-8859-1">\r\n<SCRIPT language="JavaScript">\r\nvar MainWindow = null;\r\n\r\nfunction StartWindow\(\)\r\n\{\t\t\t\t\t\t\t\t \r\nvar width \t= window\.screen\.availWidth-10;\r\nvar height\t= window\.screen\.availHeight-80;\r\nif \(\(MainWindow ==null\) \x7c\x7c \(MainWindow\.closed==true\)\)\r\nMainWindow = window\.open\("/servlet/smt", "AASTRA"| p/Aastra BusinessPhone Management Suite/
match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: JSESSIONID=[\dA-F]*; Path=/; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: \d+\r\nDate: .* GMT\r\nConnection: close\r\nServer: OWS/1\.0\r\n\r\n| p/Canon varioPRINT or imagePRESS http ui/ d/printer/
match http m|^HTTP/1\.0 404 Not Found\r\nAccept-Ranges: none\r\nConnection: close\r\nContent-Encoding: identity\r\nContent-Length: 0\r\nContent-Type: text/plain\r\nDate: .*\r\nServer: IST OIS\r\nWWW-Authenticate: Digest realm="users@([^"]+)",| p/Allworx VoIP directory server/ h/$1/
match http m|^HTTP/1\.1 400 \r\nContent-Type: application/json\r\nContent-Length: 72\r\n\r\n\{"status": 102, "statusString": "ERROR-BAD-REQUEST", "spotifyError": 0\}\n| p/Spotify json/
# Maybe McAfee Agent instead?
match http m|^HTTP/1\.1 403 Forbidden\r\nContent-Type: text/plain\r\nContent-Length: 13\r\n\r\n403 Forbidden| p/McAfee AntiVirus/ cpe:/a:mcafee:antivirus_engine/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nExpires: .*\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nContent-Type: text/xml; charset=utf-8\r\nContent-Length: \d+\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n<\?xml version="1\.0"\?>\r\n<\?xml-stylesheet type="text/xsl" href="/file/xsl/[^/>]*\.xsl"\?>\r\n| p/ClearSCADA/ v/2017/ cpe:/a:schneider_electric:scada_expert_clearscada:2017/
match http m|^HTTP/1\.1 200 \r\nX-AREQUESTID: [\dx]+\r\n.*\n<meta name="application-name" content="JIRA" data-name="jira" data-version="([\d.]+)">|s p/Atlassian JIRA/ v/$1/ cpe:/a:atlassian:jira:$1/
match http m|^HTTP/1\.1 302 \r\nX-AREQUESTID: [\dx]+\r\n.*Location: [^\r\n]*/secure/SetupMode!default.jspa|s p/Atlassian JIRA/ i/setup wizard/ cpe:/a:atlassian:jira/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\n(?:X-Frame-Options: SAMEORIGIN\r\n)?Content-Type: text/html; charset=UTF-8\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nContent-Length: \d+\r\nSet-Cookie: JSESSIONID=[^;]*;Path=.*\r\nConnection: close\r\n\r\n\n\n\n\n\n\n\n\n\n\n\n\n\n<html>\n<head>\n\n<link href="/graycss/common_min\.css" rel="stylesheet" type="text/css">\n\n\t<title>Cyberoam SSL VPN Portal</title>| p/Cyberoam SSL VPN/
match http m|^HTTP/1\.0 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=31536000\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\nLast-Modified: .*\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang="en" ng-app="portainer">| p/Portainer Docker UI/ v/1.19.1 or earlier/ cpe:/a:portainer:portainer/
# Security-related headers added in 1.19.2
match http m|^HTTP/1\.0 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=31536000\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\nLast-Modified: .*\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nX-Xss-Protection: 1; mode=block\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang="en" ng-app="portainer">| p/Portainer Docker UI/ v/1.19.2/ cpe:/a:portainer:portainer:1.19.2/
# X-Frame-Options removed in 1.20.0
match http m|^HTTP/1\.0 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=31536000\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\nLast-Modified: .*\r\nX-Content-Type-Options: nosniff\r\nX-Xss-Protection: 1; mode=block\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang="en" ng-app="portainer">| p/Portainer Docker UI/ v/1.20.0 or later/ cpe:/a:portainer:portainer/
# ESXi 6.5.0
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nConnection: close\r\nContent-Type: text/html\r\nX-Frame-Options: DENY\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01//EN" "http://www\.w3\.org/TR/html4/strict\.dtd">\n\n<html lang="en">\n<head>\n    <meta http-equiv="content-type" content="text/html; charset=utf8">\n    <meta http-equiv="refresh" content="0;URL='/ui'"/>\n</head>\n</html>\n| p/VMware ESXi Web UI/ cpe:/o:vmware:esxi/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: http://([\w.-]+):\d+/\r\nSet-Cookie: grafana_sess=[^;]*; Path=/; HttpOnly\r\nDate: | p/Grafana http/ h/$1/ cpe:/a:grafana:grafana/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nContent-Length: 12\r\nContent-Type: text/plain; charset=utf-8\r\n\r\nConsul Agent| p/HashiCorp Consul agent/ cpe:/a:hashicorp:consul/
match http m|^HTTP/1\.0 200 OK\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n<title>(D\w\w-\d+)  +Login</title>\n| p/D-Link $1 http admin/ cpe:/h:d-link:$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<html lang="en"> <head> <meta charset="utf-8"/> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <meta name="viewport" content="width=device-width, initial-scale=1"/> <title>Google Wifi</title>| p/Google WiFi http admin/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nContent-Type:text/html\r\nContent-Length: +\d+\r\n\r\n.*[eE]>PLANET IP Phone W[eE][bB] Management</[tT]|s p/PLANET IP Phone http admin/ d/VoIP phone/
match http m|^HTTP/1\.1 200 OK\r\nX-Cache: MISS\r\nVary: Accept-Encoding\r\nContent-Type: text/html\r\nCache-Control: no-cache, must-revalidate\r\nExpires: .*\r\nDate: .*\r\nConnection: close\r\n\r\n<!doctype html>\r\n<html>\r\n<head>\r\n    <title>Polycom&reg; RealPresence&reg; CloudAXIS&trade;</title>| p/Polycom RealPresence CloudAXIS/ cpe:/a:polycom:realpresence_cloudaxis/
match http m|^HTTP/1\.0 200 Ok\r\nDate: Thu, 27 Jan 2000 00:00:00 GMT\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nCache-Control: no-store\r\nServer: snom/([\w._-]+)\r\n| p/Snom DECT phone http admin/ v/$1/ d/phone/
match http m|^HTTP/1\.1 302 Found\r\nLocation: http://[^/]+/ord\r\nContent-Length: 0\r\n\r\n| p/Tridium Niagara/ v/4/ cpe:/a:tridium:niagara:4/
match http m|^HTTP/1\.1 500 Internal Server Error\r\nServer: HIP([\d.]+)\r\nConnection: close\r\nContent-Length: 0\r\n\r\n| p/2N Helios IP http admin/ v/$1/ d/security-misc/
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nDate: .*\r\nAccept-Ranges: bytes\r\nContent-Type: text/html\r\nExpires: Mon, 01 Jul 1980 00:00:00 GMT\r\nCache-Control: no-cache, no-store, must-revalidate\r\nPragma: no-cache\r\nWWW-Authenticate: Basic realm="(D[A-Z0-9-]+)"\r\nContent-Length: 17\r\n\r\n401 Unauthorized\n| p/D-Link $1 camera http admin/ d/webcam/ cpe:/h:d-link:$1/
match http m|^HTTP/1\.0 403 Forbidden\r\nContent-Type: text/html\r\n\r\n<html><head><link href=c rel=stylesheet></head><body><div class=b><form><br>Wachtwoord:<input type=password name=w><input type=submit value=Login></form></div><!--Content-Type: Content-Type: Content-Type: Content-Type: Content-Type: Content-Type: --></body></html>| p/YouLess LS110 energy monitor http admin/ d/power-misc/
match http m|^HTTP/1\.1 200 OK\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Length: \d+\r\nCache-Control:no-cache\r\nContent-Type:text/html\r\nSet-Cookie: PUTCOOKIE=[^;]+; path=/; HttpOnly; \r\n\r\n<html>\n\n<head>\n    <META HTTP-EQUIV="Expires" CONTENT="0">\n    <META HTTP-EQUIV="Pragma" CONTENT="no-cache">\n    <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">\n    <title>Teradata Parallel Upgrade Tool 0?(\d[\d.]*)<| p/Teradata Parallel Upgrade Tool/ v/$1/ cpe:/a:teradata:tdput:$1/
# 15.11.00.05-b143
match http m|^HTTP/1\.1 302 Found\r\nCache-Control: public, no-store, max-age=0\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nLocation: http://[^/]*/login\.html\r\nDate: .*\r\nConnection: close\r\nServer: Teradata-Viewpoint\r\n\r\n| p/Teradata Viewpoint/ cpe:/a:teradata:viewpoint/
match http m|^HTTP/1\.1 400 Invalid request\r\n| p/ThinLinc VSM xmlrpc/ cpe:/a:cendio:thinlinc/
match http m|^HTTP/1\.1 404 NOT FOUND\r\nServer: InterDialog\r\nConnection: close\r\nDate: .* India Standard Time\r\nCache-Control: private\r\nContent-Length: 14\r\nContent-type: text\r\n\r\nPage Not Found| p/Teckinfo InterDialog UCCS/ cpe:/a:teckinfo:interdialog_uccs/
match http m|^HTTP/1\.0 200 OK\r\nServer: httpd/2\.0\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nDate: .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><script>top\.location\.href='/Main_Login\.asp';</script>\n</HEAD></HTML>\n| p/ASUS WRT http admin/ cpe:/o:asus:wrt_firmware/
match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: session=bridgeworks[a-f\d]+; path=/\r\nDate: .*\r\nServer: Mordac/([\d.]+)\r\n| p/Bridgeworks iSCSI-to-SAS bridge http ui/ v/$1/ d/storage-misc/
match http m|^HTTP/1\.0 302 Found\r\nLocation: /login\r\nSet-Cookie: wdcpsessionID=[a-f\d]{32};| p/WDLinux Control Panel/ cpe:/a:wdlinux:wdcp/
match http m|^HTTP/1\.1 \d\d\d \r\nDate:[^ ].*\r\nServer:AprisaSR Web Server\r\n| p/4RF Aprisa SR smart radio httpd/ d/specialized/ cpe:/h:4rf:aprisa_sr/
match http m|^HTTP/1\.0 200 OK\r\nServer: lwIP/([\d.]+) \(http://www\.sics\.se/~adam/lwip/\)\r\nContent-type: text/html\r\n\r\n<!-- Copyright \(c\) \d\d\d\d TDSi Ltd\.  All rights reserved\. -->\r\n<html>\r\n<head>\r\n<meta http-equiv="content-type" content="text/html;charset=ISO-8869-1">\r\n<title>TDSi Ethernet to Serial Module</title>| p/TDSi Ethernet to Serial bridge/ i/lwIP $1/ cpe:/a:lwip_project:lwip:$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: CJServer/1\.1\r\nSet-Cookie: JSESSIONID=[A-F\d]+; Path=/; HttpOnly\r\nContent-Type: text/html;charset=ISO-8859-1\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n\r\n\r\n\r\n\r\n<html>\r\n<body>\r\n\r\n\r\n<form action="/_common/servlet/wap/login\?null" method="post">\r\n<p>([^<]+)</p>| p/WebCTRL building automation http ui/ i/site: $1/ cpe:/a:automatedlogic:webctrl/
match http m|^HTTP/1\.1 200 OK\r\nServer: CJServer/1\.1\r\nSet-Cookie: JSESSIONID=[A-F\d]+; Path=/; HttpOnly\r\n| p/WebCTRL building automation http ui/ cpe:/a:automatedlogic:webctrl/

match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nContent-Type: .*\r\nServer: ghs\r\n| p/Google httpd/
match http m|^HTTP/1\.1 302 Found\r\nX-DNS-Prefetch-Control: off\r\nX-Frame-Options: SAMEORIGIN\r\n(?:Strict-Transport-Security: max-age=\d+; includeSubDomains\r\n)?X-Download-Options: noopen\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nLocation: /signin\r\nVary: Accept\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: \d+\r\nset-cookie: connect\.sid=| p/Xen Orchestra/ i/Node.js Express middleware/ cpe:/a:nodejs:node.js/ cpe:/a:vates:xen_orchestra/
match http m|^HTTP/1\.0 200 OK\r\nServer: Tektronix/WVR 7100\r\nContent-length: \d+\r\nContent-type: text/html\r\n\r\n<html>\r\n\r\n<head>\r\n<title>Tektronix (W\w+) Remote Interface</title>| p/Tektronix $1 waveform monitor http ui/ cpe:/h:tektronix:$1/
match http m|^HTTP/1\.1 403 Forbidden\r\nContent-Length: 70\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD></HEAD><BODY>Error detected by Host Server</BODY></HTML>  \r\n\r\n| p/BMC MainView Explorer/ cpe:/a:bmc:mainview_explorer/
match http m|^HTTP/1\.1 400 Bad Request\r\nCONTENT-TYPE: text/html; charset=utf-8\r\nCONTENT-LENGTH: 92\r\nCONNECTION: CLOSE\r\n\r\n<html><head><title>Server Error</title></head><body><h1>400 Bad Request\r\n</h1></body></html>| p/Bastec BAS2 building automation system http ui/ cpe:/a:bastec:bas2/
match http m|^HTTP/1\.1 200 OK\r\nCONTENT-TYPE: text/html; charset=.*\r\nDATE: .*\r\nCACHE-CONTROL: NO-CACHE\r\nTRANSFER-ENCODING: CHUNKED\r\nSET-COOKIE: SESSION_ID=[A-F\d]{16}\r\nCONNECTION: CLOSE\r\n\r\n| p/Bastec BAS2 building automation system http ui/ cpe:/a:bastec:bas2/
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: \(null\)\r\nDate: .*\r\nContent-Type: text/html\r\nContent-Length:   \d\d\d\r\n| p/D-Link WAP http ui/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: application/json\r\nDate: .*\r\nContent-Length: 114\r\n\r\n\{"type":"sync","status":"Success","status_code":200,"operation":"","error_code":0,"error":"","metadata":\["/1\.0"\]\}\n| p/LXD container manager REST API/ cpe:/a:canonical:lxd/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nDate: .*\r\n\r\n\n\n\n\n<!DOCTYPE html>\n<html>\n<head>\n    <title>Kafka Manager</title>\n .* versions: \{[^}]*"kafka-manager":"([\d.]+)"|s p/Kafka Manager/ v/$1/ cpe:/a:yahoo:kafka_manager:$1/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\nContent-Length: \d+\r\nDate: .*\r\n\r\n<HTML>\r\n<BODY>\r\n<center><font size=6>Reports Server '([^']+)' \(PID: \d+, Version: ([\d.]+)\)</font></center><br>\r\n<center><font size=4>Uptime: (\d[^(]+) \(| p/UCS R-Keeper hospitality system/ v/$2/ i/uptime: $3/ h/$1/ cpe:/a:ucs:r-keeper:$2/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: application/json\r\nContent-Length: 76\r\nAccess-Control-Allow-Headers: Content-Type\r\nAllow: POST\r\nAccess-Control-Allow-Origin: \*\r\nDate: .*\r\nConnection: close\r\n\r\n\{"jsonrpc":"2\.0","error":\{"code":-32602,"message":"Unauthorized"\},"id":null\}| p/Popcorn Time JSONRPC/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: AquaController ([\d.]+)\r\nWWW-Authenticate: Basic realm="\."\r\n| p/Neptune Systems AquaController aquarium monitor httpd/ v/$1/ d/specialized/
match http m|^HTTP/1\.1 403 Forbidden\r\nDate: .*\r\nServer:  \r\nContent-Length: 10\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\nForbidden\.| p/Proofpoint Email Protection/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Basic realm="XBMC"\r\nConnection: close\r\nDate: .*\r\n\r\n| p|Kodi/XBMC http ui|
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n<title>(DGS-\w+)</title>\n| p/D-Link $1 http admin/ cpe:/h:d-link:$1/
match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: SESSIONID=-1 \r\nServer: Easy File Management Web Server (?:SSL )?v([\d.]+)\r\n| p/Easy File Management Web Server/ v/$1/ o/Windows/ cpe:/a:efs:easy_file_management_web_server:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nContent-Type:text/html\r\nContent-Length:\d+ +\r\n\r\n\n<html>\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN"> \n<head>\n<meta http-equiv="Content-Type" content="text/html; charset=UTF8" >\n<title>VoIP</title>\n<script language="JavaScript" type="text/javascript" src='language/info_(\w+)\.js'| p/Crystalmedia VoIP adapter/ i/language: $1/ d/VoIP adapter/
match http m|^HTTP/1\.0 200 OK\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Allow-Origin: http://.*\r\nDate: .*\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<!DOCTYPE html>\n<html ng-app="ts3soundboard-bot" ng-controller="base">\n<head>\n<title>SinusBot</title>| p/SinusBot TS3 bot http ui/
match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nDate: .*\r\nServer: 2wire Gateway BDC\r\n| p/AT&T 2wire Gateway router http admin/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html> \r\n<meta http-equiv="X-UA-Compatible"/>\r\n<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />\r\n<meta name="viewport" content="width=device-width, initial-scale=1\.0, maximum-scale=1\.0, minimum-scale=1\.0, user-scalable=no"/>\r\n<html>\r\n<head>\r\n\t<meta name="author" content="Dave Jensen" />\r\n\t<meta name="keywords" content="LANDESK, Remote Control" />| p/LANDesk html5 remote management httpd/
match http m|^HTTP/1\.1 405 Method Not Allowed\r\nAllow: OPTIONS\r\nContent-Type: application/json\r\nContent-Length: 63\r\nDate: .*\r\nConnection: close\r\n\r\n\{"code":"MethodNotAllowedError","message":"GET is not allowed"\}| p/Storj jsonrpc/
match http m|^HTTP/1\.0 200 OK\r\nServer: [aA](rgos\d+?) Server\r\nContent-type: text/html; charset=iso-8859-1\r\n\r\n<\?xml version="1\.0" encoding="iso-8859-1"\?>\n| p/Henry A$1 biometric access control/ d/security-misc/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: ATCOM-IP-Phone\r\nDate: \w{3} \w{3} [ \d]\d \d\d:\d\d:\d\d \d\d\d\d\r\n| p/ATCOM VoIP phone web ui/ d/VoIP phone/
match http m|^HTTP/1\.1 200 OK\r\nAccess-Control-Allow-Origin: \*\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\n\r\n\d+;\r\n<html lang="en">\r\n<head>\r\n  <meta charset="utf-8">\r\n  <title>Amazon Dash: Device Info</title>| p/Amazon Dash Button http ui/
match http m|^HTTP/1\.1 302 Found\r\nLocation: http://0\.0\.0\.0/login_security\.html\r\nContent-Length: 0\r\nServer: WebServer/1\.0 UPnP/1\.0\r\n\r\n| p/TP-LINK TD-8901N ADSL modem http admin/ d/broadband router/ cpe:/h:tp-link:td-8901n/a
match http m|^HTTP/1\.0 307 Temporary Redirect\r\nLocation: /containers/\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<a href="/containers/">Temporary Redirect</a>\.| p|Golang net/http server| i/Google cAdvisor/ cpe:/a:golang:go/ cpe:/a:google:cadvisor/
# 4.1.0
match http m|^HTTP/1\.1 301 Moved Permanently\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nLocation: http://([\w_.-]+)\.local/myconnect/\r\nX-UA-Compatible: IE=edge\r\n\r\n| p/AirStash WiFi flash drive http ui/ d/storage-misc/ h/$1/
match http m|^HTTP/1\.1 401 Authorization Required\r\nConnection: close\r\nWWW-Authenticate: Basic realm="[A-F\d]+"\r\nContent-Type: text/html\r\n\r\n<HTML><BODY><H1>Server Requires Authentication</H1></BODY></HTML>\r\n| p/EyezOn Envisalink network module httpd/ d/security-misc/ cpe:/a:eyezon:envisalink/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<\?xml version="1\.0" encoding="utf-8"\?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Transitional//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\n<html xmlns="http://www\.w3\.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xml:lang="en" lang="en">\n  <head>\n    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">\n    <!--\n    ShellInABox| p/ShellInABox/ cpe:/a:shellinabox_project:shellinabox/
match http m|^HTTP/1\.1 200 OK\r\nServer: Payara Server +([\d. ]+)(?: #badassfish)?\r\nX-Powered-By: Servlet/([\d.]+) JSP/([\d.]+) \(Payara Server.* Java/Oracle Corporation/([\d.]+)\)\r\n| p/Payara Server httpd/ v/$1/ i/Servlet $2; JSP $3; Java $4/ cpe:/a:oracle:jre:$4/ cpe:/a:payara:payara:$1/
# Sometimes it's not Oracle Java
match http m|^HTTP/1\.1 200 OK\r\nServer: Payara Server +([\d. ]+)(?: #badassfish)?\r\nX-Powered-By: Servlet/([\d.]+) JSP/([\d.]+) \(Payara Server.* Java/([^/]+)(?: Corporation)?/([\d.]+)\)\r\n| p/Payara Server httpd/ v/$1/ i/Servlet $2; JSP $3; $4 Java $5/ cpe:/a:payara:payara:$1/
match http m|^HTTP/1\.0 404 Not found\r\nServer: IVIDEON\r\nDate: .*\r\nContent-Type: text/html\r\nAccept-Range: bytes\r\nKeep-Alive: timeout=5, max=100\r\nContent-Length: 48\r\nAccess-Control-Allow-Origin: \*\r\nAccess-Control-Allow-Methods: GET, POST\r\nAccess-Control-Allow-Headers: \*\r\n\r\n<title>404 Not Found</title>\n<h1>Not Found</h1>\0| p/Ivideon Server httpd/ cpe:/a:ivideon:ivideon_server/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/plain;charset=UTF-8\r\n\r\nJenkins-Agent-Protocols: .*\r\nJenkins-Version: (\d[\w._-]*)\r\n| p/Jenkins httpd/ v/$1/ cpe:/a:jenkins:jenkins:$1/
match http m|^HTTP/1\.1 404 Not Found\r\ncontent-type: text/html\r\ncontent-length: \d+\r\nserver: CLion ([\d.]+)\r\n| p/CLion httpd/ v/$1/ cpe:/a:jetbrains:clion:$1/
match http m|^HTTP/1\.1 403 Forbidden \( The page requires a client certificate as part of the authentication process\. If you are using a smart card, you will need to insert your smart card to select an appropriate certificate\. Otherwise, contact your server administrator\.  \)\r\nConnection: close\r\n| p/Microsoft Forefront TMG/ i/client certificate required/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nServer: Mastodon\r\nX-Frame-Options: DENY\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nLocation: | p/Mastodon microblogging httpd/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: \d+\r\n\r\n\r\n<!doctype html>\r\n<html>\r\n<head>\r\n    <meta charset='utf8'>\r\n    <meta http-equiv='x-ua-compatible' content='ie=edge'>\r\n    <title>Octopus Tentacle</title>| p/Octopus Tentacle/ cpe:/a:octopus:tentacle/
match http m|^HTTP/1\.1 200 OK\r\ncontent-type: text/html; charset=utf-8\r\nconnection: close\r\ncache-control: no-cache, must-revalidate\r\ncontent-length: \d+\r\n\r\n<!DOCTYPE html>\n<html>\n<head>\n<title>PhpStorm([\d.]+) - YourKit Java Profiler (\d[\w.-]*)</title>| p/PhpStorm IDE/ v/$1/ i/YourKit Java Profiler $2/ cpe:/a:jetbrains:phpstorm:$1/ cpe:/a:yourkit:java_profiler:$2/
match http m|^HTTP/1\.1 200 OK\r\nServer: sw-cp-server\r\nDate: .*<title>Plesk Onyx (\d[\w._-]+)</title>|s p/sw-cp-server httpd/ i/Plesk Onyx $1/ cpe:/a:parallels:plesk_onyx:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nDate: .*\r\n\r\n<!--\n  ~ JBoss, Home of Professional Open Source\.\n  ~ Copyright \(c\) \d\d\d\d, Red Hat, Inc\., and individual contributors| p/JBoss Enterprise Application Platform/ cpe:/a:redhat:jboss_enterprise_application_platform/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<\?xml version="1\.0" encoding="UTF-8"\?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Transitional//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\n\n<!-- Created on .* -->\n\n<html xmlns="http://www\.w3\.org/1999/xhtml">\n  <head>\n    <title>SSHelper Activity Log</title>\n| p/SSHelper httpd/ o/Android/ cpe:/a:paul_lutus:sshelper/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nConnection: close\r\n\r\nFile not found$| p/SSBC Patchwork httpd/ cpe:/a:ssbc:patchwork/
match http m|^HTTP/1\.0 302 Redirected\r\nServer: CerberusFTPServer/([\d.]+)\r\n| p/Cerberus FTP Server httpd/ v/$1/ cpe:/a:cerberusftp:ftp_server:$1/
match http m|^HTTP/1\.0 404 Not Found\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\n\r\n<HEAD><TITLE>404 Not Found</TITLE></HEAD>404 Not Found\r\n$| p/RapidLogic httpd/ v/$1/ i/Avaya Core switch/ d/switch/ cpe:/a:rapidlogic:httpd:$1/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: WatchGuard\r\n| p/WatchGuard Fireware httpd/ cpe:/o:watchguard:fireware/
match http m|^HTTP/1\.1 200 ok\r\nServer: CS\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=15, max=95\r\nContent-Length: \d+\r\n\r\n| p/UrBackup httpd/ v/2.0.2 or later/ cpe:/a:martin_raiber:urbackup/
match http m|^HTTP/1\.1 200 ok\r\nServer: CS\r\nContent-Type: text/html\r\nCache-Control: max-age=3600\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=15, max=95\r\nContent-Length: \d+\r\n\r\n| p/UrBackup httpd/ v/2.0.1 or earlier/ cpe:/a:martin_raiber:urbackup/
match http m|^HTTP/1\.0 404 Not Found\r\nCache-Control: no-store\r\nContent-Type: text/plain; charset=utf-8\r\nX-Content-Type-Options: nosniff\r\nDate: .*\r\nContent-Length: 19\r\n\r\n404 page not found\n| p/Hashicorp Vault/ cpe:/a:hashicorp:vault/
match http m|^HTTP/1\.1 200 OK\r\nServer: ClxWifiServer\r\nContent-Type: text/html\r\nContent-Length: 32\r\n\r\nDejaOffice Wi-Fi Synch Available| p/DejaOffice Wi-Fi Sync/ o/Android/ cpe:/a:companionlink:dejaoffice_for_android/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
# Make this a hard match when we get more info
softmatch http m|^HTTP/1\.0 404 Not Found\r\nSERVER: Linux/([\d.]+),  DSL Forum TR-064, LAN-Side DSL CPE Configuration\r\nCONTENT-LENGTH: 48\r\nCONTENT-TYPE: text/html\r\n\r\n<html><body><h1>404 Not Found</h1></body></html>| p/unknown TR-064/ d/broadband router/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/a
match http m|^HTTP/1\.1 200 OK\r\nAccept-Ranges: bytes\r\nETag: W/"[^"]+"\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer: Synametrics Web Server v(\d+)\r\n| p/Synametrics Web Server/ v/$1/ i/Syncrify/ cpe:/a:synametrics:syncrify/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nDate: [^\r\n]*\r\nServer: \r\nContent-Length: \d+\r\nContent-Type: text/html\r\nConnection: close\r\nLocation: https://[0-9:.]*:443/\r\n\r\n<!DOCTYPE html>\r\n<html><head><title>Moved Permanently</title></head>\r\n.*<address> at 127\.0\.0\.1:\d+ Port \d+</address></body>\r\n</html>\r\n$|s p/Unify OpenStage or OpenScape VoIP phone/ d/VoIP phone/
match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]*\r\nContent-Type: text/html;charset=utf-8\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Language: en\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\n\n\n\n\n\n\n<html xmlns="http://www\.w3\.org/1999/xhtml" xml:lang="en" lang="en">\n\n<!-- determine browser language and generate proper gwt meta locale tag -->| p/NetIQ Sentinel appliance/
match http m|^HTTP/1\.1 200 OK\r\nDate: [A-W]{3}, [^\r\n]*\r\nConnection: \r\nServer: HTTP Server 1\.0\r\nContent-Length: \d+\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=gb2312\r\nSet-Cookie: SESSIONID=[^\r\n&]*&[^\r\n&]*&HUAWEI Eudemon([^\r\n&]+)&| p/Huawei Eudemon $1 firewall httpd/ d/firewall/ cpe:/h:huawei:eudemon_$1/a
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nConnection: close\r\n\r\n\{"header":\{"name":"UnsupportedOperationError","payloadVersion":"(\d+)","namespace":"Alexa\.ConnectedHome\.Control",| p/FHEM Connector for Amazon Alexa/ i/payloadVersion: $1/ cpe:/a:rudolf_koenig:fhem/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nContent-Length: \d+\r\nServer: ArenaSrv/([\d.]+) Instance/([\d.]+)\r\n| p/ArenaNet ArenaSrv game server/ v/$1/ i/Instance $2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: calibre ([\d.]+)\r\n|s p/Calibre Content Server httpd/ v/$1/ cpe:/a:kovid_goyal:calibre:$1/
match http m|^HTTP/1\.1 403 OK\r\nContent-type: text/html\r\n\r\n<!doctype html>\r\n<html lang="en">\r\n<head>\r\n\t<title>Unauthorized Access</title>\r\n\t<meta charset="UTF-8">(?:\r\n\t<script src='https://www\.google\.com/recaptcha/api\.js'></script>)?\r\n</head>\r\n<body>\r\n\t<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJYAAAA8CAYAAACEhkNqAAAABHNCSVQICAgIfAhkiAAAAAlwSFlz\r\nAAALEgAACxIB0t1\+/AAAAB90RVh0U29mdHdhcmUATWFjcm9tZWRpYSBGaXJld29ya3MgOLVo0ngA| p/ConfigServer Security & Firewall httpd/ o/Linux/ cpe:/a:way_to_the_web:configserver_security_and_firewall/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 403 OK\r\nContent-type: text/html\r\n\r\n<head>\r\n<title>Unauthorized Access</title>\r\n</head>\r\n<body>\r\n<img src="csf[_-]small\.| p/ConfigServer Security & Firewall httpd/ o/Linux/ cpe:/a:way_to_the_web:configserver_security_and_firewall/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Access Denied\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: cprelogin=| p/cPanel httpd/ o/Unix/
match http m|^HTTP/1\.0 401 Access Denied\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: webmailrelogin=| p/cPanel Webmail httpd/ o/Unix/
match http m|^HTTP/1\.0 401 Access Denied\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: whostmgrrelogin=| p/cPanel Web Host Manager httpd/ o/Unix/
match http m|^HTTP/1\.1 403 Forbidden\r\nContent-Type: text/html; charset=gbk\r\nContent-Length: 106\r\nConnection: close\r\n\r\n<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>| p/TP-Link ADSL+ modem httpd/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\nDate: .*\r\nLast-Modified: .*\r\nEtag: "\d+:[\da-f]+"\r\nCONTENT-LENGTH: \d+\r\nCONTENT-TYPE: text/html\r\n\r\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd"> <html> <head> <title>Intelbras</title>| p/Intelbras webcam httpd/ d/webcam/
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Digest qop="auth", realm="IP Webcam", nonce="\d+"\r\n\r\n| p/IP Webcam httpd/ o/Android/ cpe:/a:pavel_khlebovich:ip_webcam/

#(insert http)

# APACHE
# First match these plaintext responses when SSL was expected
# Matching ssl/http stops probing. This line has plenty of match info.
match ssl/http m|^<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand\.<br />\nReason: You're speaking plain HTTP to an SSL-enabled server port\.<br />\n.*<address>Apache/([\w._-]+) (.*) Server at ([\w._*-]+) Port \d+</address>|s p/Apache httpd/ v/$1/ i/$2; SSL-only mode/ h/$3/ cpe:/a:apache:http_server:$1/
# These lines don't have a strong enough match, so we only match ssl and let Nmap start over inside the tunnel.
match ssl m|^<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand\.<br />| p/Apache httpd/ i/SSL-only mode/ cpe:/a:apache:http_server/
# Too broad to be certain that it's SSL. Matched non-SSL at least once.
#match ssl m|^HTTP/1\.1 400 Bad Request\r\n(?:[^\r\n]+\r\n)*?Server: Apache[^\r\n]*\r\n.*<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand\.<br />|s p/Apache httpd/ i/SSL-only mode/ cpe:/a:apache:http_server/
# Then look for detailed version info in the body which might be better quality than what's in the Server header.
match http m|^.*<address>Apache/([\d.]+) \([^)]+\) ?(.*) Server at ([-\w_.]+) Port \d+</address>\n</body></html>\n|si p/Apache httpd/ v/$1/ i/$2/ h/$3/ cpe:/a:apache:http_server:$1/
match http m|^.*<address>Apache/([\d.]+) \([^)]+\) Server at ([-\w_.]+) Port \d+</address>\n</body></html>\n|si p/Apache httpd/ v/$1/ h/$2/ cpe:/a:apache:http_server:$1/
match http m|^.*<address>Apache/([\d.]+) Server at ([-\w_.]+) Port \d+</address>\n</body></html>\n|si p/Apache httpd/ v/$1/ h/$2/ cpe:/a:apache:http_server:$1/
# Finally, look at the Server header.
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache[/ ](\d[-.\w]+)\r.*\nX-Powered-By: PHP/([\w._-]+)\r\n|s p/Apache httpd/ v/$1/ i/PHP $2/ cpe:/a:apache:http_server:$1/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache\r.*\nX-Powered-By: PHP/([\w._-]+)\r\n|s p/Apache httpd/ i/PHP $1/ cpe:/a:apache:http_server/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache[/ ](\d[-.\w]+)\r.*\nX-Powered-By: ([^\r\n]+)\r\n|s p/Apache httpd/ v/$1/ i/$2/ cpe:/a:apache:http_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache\r.*\nX-Powered-By: ([^\r\n]+)\r\n|s p/Apache httpd/ i/$1/ cpe:/a:apache:http_server/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache[/ ](\d[-.\w]+) ([^\r\n]+)|s p/Apache httpd/ v/$1/ i/$2/ cpe:/a:apache:http_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache[/ ](\d[.\w-]+)\s*\r?\n|s p/Apache httpd/ v/$1/ cpe:/a:apache:http_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache\r\n|s p/Apache httpd/ cpe:/a:apache:http_server/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache +\(([^\r\n\)]+)\)\r\n|s p/Apache httpd/ i/$1/ cpe:/a:apache:http_server/

# Maybe too generic?
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0 \r\n\r\n$| p/Arcnet 3001A powerline network adaptor/ d/power-misc/ cpe:/h:arcnet:3001a/
match http m|^HTTP/1\.0 \d\d\d [^\r\n]+\r\nContent-Type: text/html\r\nDate: [^\r\n]+\r\nAccept-Ranges: bytes\r\nConnection: close\r\n\r\n<html>\n<head>\n  <title>\d\d\d [^<]+</title>\n</head>\n<body bgcolor=\"#ffffff\">\n  <h2>\d\d\d [^<]+</h2>\n  <p></p>\n</body>\n</html>\n| p/Vodafone Station captive portal httpd/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: https://[\d.]+/\r\nConnection: close\r\n\r\n$| p/thttpd/ i/StarField KVM over IP/ cpe:/a:acme:thttpd/
match http m|^HTTP/1\.0 202 Accepted\r\nDate: .*\r\nConnection: Close\r\n\r\n$| p/WSO2 Enterprise Service Bus/ cpe:/a:wso2:esb/
match http m|^HTTP/1\.0 404 Not found\r\n\r\n$| p/Tor directory server/ cpe:/a:torproject:tor/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-type: text/html\r\nContent-Length: 0\r\n\r\n| p/Brickstream/
match http m|^HTTP/1\.0 302 Found\r\nLocation: /html/en/index\.html\r\n\r\n$| p/peercast.org/
match http m|^HTTP/1\.0 404 Not found\r\n\r\n<HEAD><TITLE>File Not Found</TITLE></HEAD>\n<BODY><H1>File Not Found</H1></BODY>\n$| p/Bacula http config/
match http m|^HTTP/1\.[01] 302 Found\r\nConnection: Close\r\nContent-Length: 0\r\nContent-type: text/html\r\nDate: .*\r\nLocation: .*/login\.php\r\n\r\n| p/Kerio MailServer http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: BASIC realm=\"Admin\"\r\n\r\nPassword Error\.\r\n\r\n$| p/D-Link DP-301P+ print server http config/ d/print server/ cpe:/h:d-link:dp-301p%2d/
match http m|^HTTP/1\.0 401 Unauthorized\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Web Server Authentication\"\r\n\r\n<HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY><H1>401 Unauthorized</H1>\n\n</BODY>\n$| p/Accton VM1188T VoIP phone http config/ d/VoIP phone/
# Seen for OpenPegasus, VMware ESX CIM server, Microsoft SCX CIM Server.
match http m|^HTTP/1\.1 501 Not Implemented\r\n\r\n$| p/Web-Based Enterprise Management CIM serverOpenPegasus WBEM httpd/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 302 Found\r\nLocation: http://[\d.]+:8080/\r\nContent-Length: 0\r\n\r\n$| p/Red Condor antispam appliance http config/ d/proxy server/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: https:///\r\n\r\n$| p/Check Point NGX Firewall-1/ cpe:/a:checkpoint:firewall-1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nConnection: close\r\n\r\n$| p/Node.js/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.0 302 Redirection\r\nLocation: index\.html\r\n\r\n$| p/JPS Radio Gateway http config/
match http m|^HTTP/1\.1 404 \r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Length: 0\r\n\r\n| p/SearchInform DLP/
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\nDate: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n<head>\n<title>Login Page</title>\n<!--\[if lt IE 7\.\]>\n<script defer type=\"text/javascript\" src=\"/pngfix\.js\"></script>| p/Cisco Services Ready Platform Configuration Utility/
match http m|^HTTP/1\.0 200 Made by Jonas Gauffin\r\n| p/C# WebServer/ cpe:/a:jgauffin:csharp_webserver/

# If these are too general, they can be moved without modification to FourOhFourRequest, HTTPOptions, RTSPRequest, or SIPOptions
match http m|^HTTP/1\.1 501 \r\nContent-Type:\r\nContent-Length:0\r\n\r\n$| p/Google Chromecast httpd/ d/media device/
# ChromeCast Firmware 17250
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length:0\r\nContent-Type:text/html\r\n\r\n$| p/Google Chromecast httpd/ d/media device/

# This one can cause false results!
# Found a better one and put it in FourOhFour
#match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\n\r\n$| p/apt-proxy httpd/

# Fairly general:
match http m|^HTTP/1\.[01] \d\d\d.*\r\nDate: .*\r\nServer: Apache ((?:[\w_]+/[\w._-]+ ?)+)\r\n| p/Apache httpd/ i/$1/ cpe:/a:apache:http_server/
# http://svn.dd-wrt.com:8000/dd-wrt/browser/src/router/httpd/httpd.c
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: micro_httpd\r\n| p/micro_httpd/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n| p/RapidLogic httpd/ v/$1/ cpe:/a:rapidlogic:httpd:$1/
# also cisco SRPC utility
#match http m|^HTTP/1\.0 200 Ok\r\n.*Server: httpd\r\n|s p/DD-WRT milli_httpd/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: GoAhead\r\n| p/GoAhead WebServer/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: GoAhead-Webs\r\n| p/GoAhead WebServer/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: GoAhead/([0-2][\d.]+)\r\n| p/GoAhead WebServer/ v/$1/ cpe:/a:goahead:goahead_webserver:$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: GoAhead/([\d.]+)\r\n| p/GoAhead WebServer/ v/$1/ cpe:/a:embedthis:goahead_webserver:$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: GoAhead-http\r\n| p/GoAhead WebServer/ cpe:/a:embedthis:goahead_webserver/
match http m|^HTTP/1\.0 200 OK\r\nServer: SimpleHTTP/([\d.]+) Python/([\d.]+)\r\n| p/SimpleHTTPServer/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Mbedthis-App[Ww]eb/([\d.]+)\r\n|s p/Mbedthis-Appweb/ v/$1/ cpe:/a:mbedthis:appweb:$1/
match http m|^UnknownMethod 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: Mbedthis-Appweb/([\w._-]+)\r\n|s p/Mbedthis-Appweb/ v/$1/ cpe:/a:mbedthis:appweb:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Tntnet/([\w._-]+)\r\n|s p/Tntnet/ v/$1/ cpe:/a:tntnet:tntnet:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: PasteWSGIServer/([-\w_+.]+) Python/([-\w_+.]+)\r\n| p/PasteWSGIServer/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 200 OK\r\nServer: Quickserve/([\w._-]+)\r\n| p/Quickserve httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/(\d[\w.]+)\r\n|s p/Allegro RomPager/ v/$1/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: BaseHTTP/([\d.]+) Python/([\w._+-]+)\r\n|s p/BaseHTTPServer/ v/$1/ i/Python $2/ cpe:/a:python:basehttpserver:$1/a cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: FlashCom/(1\.[\w._-]+)\r\n|s p/Macromedia Flash Communication Server httpd/ v/$1/ cpe:/a:macromedia:flash_communication_server:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: FlashCom/(2\.[\w._-]+)\r\n|s p/Macromedia Flash Media Server httpd/ v/$1/ cpe:/a:macromedia:flash_media_server:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: FlashCom/([34]\.[\w._-]+)\r\n|s p/Adobe Flash Media Server httpd/ v/$1/ cpe:/a:adobe:flash_media_server:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: FlashCom/([5-9]\.[\w._-]+)\r\n|s p/Adobe Media Server httpd/ v/$1/ cpe:/a:adobe:media_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: thin ([\w._-]+) codename ([^\r\n]+)\r\n|s p/Thin httpd/ v/$1/ i/codename $2/ cpe:/a:macournoyer:thin:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: thin\r\n|s p/Thin httpd/ cpe:/a:macournoyer:thin/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WYM/([\d\.]+)\r\n|s p/WYM httpd/ v/$1/
match http m|^HTTP/1\.0 200 Ok\r\nServer: NET-DK/([\d.]+)\r\n| p/NET-DK/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Agranat-EmWeb/R([\w._-]+)\r\n|s p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Conexant-EmWeb/R([\w._-]+)\r\n|s p/Conexant-EmWeb/ v/$SUBST(1,"_",".")/ cpe:/a:conexant:emweb:$SUBST(1,"_",".")/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\n|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 404 File Not Found\r\nContent-Type: text/html\r\n\r\n<b>The file you requested could not be found</b>\r\n$| p/Icecast streaming media server/ cpe:/a:xiph:icecast/
match http m|^HTTP/1\.0 404 Not Available\r\nContent-Type: text/html\r\n\r\n<b>The file you requested could not be found</b>\r\n$| p/Icecast streaming media server/ cpe:/a:xiph:icecast/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Mono-HTTPAPI/([\w._-]+)\r\n|s p/Mono-HTTPAPI/ v/$1/ cpe:/a:mono:mono:$1/
match http m|^HTTP/1\.1 \d\d\d .*<a href=\"http://jetty\.mortbay\.org/?\">Powered by Jetty://</a>|s p/Jetty/ cpe:/a:mortbay:jetty/
match http m|^HTTP/1\.1 \d\d\d .*<a href=\"http://eclipse\.org/jetty\">Powered by Jetty:// ?(\d[\w._-]*)</a>|s p/Jetty/ v/$1/ cpe:/a:eclipse:jetty:$1/
match http m|^HTTP/1\.1 \d\d\d .*<a href=\"http://eclipse\.org/jetty\">Powered by Jetty://|s p/Jetty/ cpe:/a:eclipse:jetty/
match http m|^HTTP/1\.1 \d\d\d .*<small>Powered by Jetty://</small>|s p/Jetty/ v/9.2.11 or older/ cpe:/a:eclipse:jetty/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CherryPy/([\w._-]+)\r\n|s p/CherryPy httpd/ v/$1/ cpe:/a:cherrypy:cherrypy:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CherryPy/([\w._-]+) ([^\r\n]+)\r\n|s p/CherryPy httpd/ v/$1/ i/$2/ cpe:/a:cherrypy:cherrypy:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: NetBox Version ([\w._-]+ Build \d+)\r\n|s p/NetBox httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: OmikronHTTPOrigin/([\w._-]+)\r\n| p/OmikronHTTPOrigin httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Zope/\((?:Zope )?([\d\w][^\,\)]+),?\s*([^\)]+)\)\S*\s+([^\r]+)\r\n|s p/Zope httpd/ v/$1/ i/$2; $3/ cpe:/a:zope:zope:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: zope\.server\.http \(zope\.server\.http\)\r\n|s p/Zope httpd/ cpe:/a:zope:zope/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: zope\.server\.http \(HTTP\)\r\n|s p/Zope httpd/ cpe:/a:zope:zope/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Zope \(www\.zope\.org\), Python \(www\.python\.org\)\r\n|s p/Zope httpd/ cpe:/a:python:python/ cpe:/a:zope:zope/
# src/connections.c
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: lighttpd/([\w._-]+).*<\?xml version=\"1\.0\" encoding=\"iso-8859-1\"\?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\"\n         \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n <head>\n  <title>\d\d\d - [\w ]+</title>|s p/lighttpd/ v/$1/ cpe:/a:lighttpd:lighttpd:$1/
match http m|^HTTP/1\.1 \d\d\d .*Server: Optenet Web Server\r\n| p/Optenet httpd/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: uClinux-httpd ([\w._-]+)\n|s p/uClinux-httpd/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: uc-httpd[ /]([\w._-]+)\r?\n|s p/uc-httpd/ v/$1/ cpe:/a:xiongmai_technologies:uc-httpd:$1/
match http m|^HTTP/1\.1 200 Document follows\r\nServer: Micro-Web\r\n| p/Micro-Web/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Indy/([\w._-]+)\r\n|s p/Indy httpd/ v/$1/ cpe:/a:indy:httpd:$1/a
match http m|^HTTP/1\.1 404 File not found\r\n(?:[^\r\n]+\r\n)*?Server: Indy/([\w._-]+)\r\n|s p/Indy httpd/ v/$1/ cpe:/a:indy:httpd:$1/a
match http m|^HTTP/1\.1 200 OK\r\nServer: WindWeb/([\w._-]+)\r\n| p/WindWeb/ v/$1/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Perl Dancer ([\w._-]+)\r\n| p/Perl Dancer/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Perl Dancer2 ([\w._-]+)\r\n| p/Perl Dancer2/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-FB-Debug: [\w+/]{43}=\r\n|s p/Facebook httpd/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: Hiawatha v([-\w_.]+)\r\n| p/Hiawatha httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: TornadoServer/([\w._-]+)\r\n|s p/Tornado httpd/ v/$1/ cpe:/a:tornadoweb:tornado:$1/a
match http m|^HTTP/1\.1 200 OK\r.*\nServer: Node v([\d.]+)\r\n|s p/Node.js httpd/ v/$1/ cpe:/a:nodejs:node.js:$1/
match http m|^HTTP/1\.1 200 OK\r.*\nServer: GHC\r\n|s p/Gemius Hit Counter/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Pegasus/Plan9\r\n|s p/Pegasus httpd/ o/Plan 9/ cpe:/o:belllabs:plan_9/a
match http m|^HTTP/1\.0 \d\d\d [A-Z ]*\r.*\nServer: Werkzeug/([\w._-]+) Python/([\w._-]+)\r\n|s p/Werkzeug httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Webduino/([\w._-]+)\r\n| p/Webduino httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Restlet-Framework/([\w._-]+)\r\n|s p/Restlet Java web framework/ v/$1/ cpe:/a:restlet:restlet:$1/
# version is always 1.0. QUIP is configurable
# Default quip:
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: MochiWeb/1\.0 \(Any of you quaids got a smint\?\)\r\n| p/MochiWeb httpd/ cpe:/a:mochiweb_project:mochiweb/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: MochiWeb/1\.0 \((.*?)\)\r\n| p/MochiWeb httpd/ i/quip: "$1"/ cpe:/a:mochiweb_project:mochiweb/
match http m|^HTTP/1\.1 \d\d\d .*\r\nserver: node-static/([\w._-]+)\r\n| p/node-static httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: corehttp-([\w._-]+)\r\n| p/CoreHTTP httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ECS \(([a-z]{3}/[A-F\d]{4})\)\r\n|s p/Edgecast CDN httpd/ i/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Embedthis-http\r\n|s p/Embedthis HTTP lib httpd/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Embedthis-http/(\d[\w._-]*)\r\n|s p/Embedthis HTTP lib httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: GoAhead-Webs/([\w._-]+)\r\n| p/GoAhead WebServer/ v/$1/ cpe:/a:goahead:goahead_webserver:$1/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: cloudflare-nginx\r\n|s p/Cloudflare nginx/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: cloudflare\r\n|s p/Cloudflare http proxy/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: GateOne\r\n|s p/Gate One http terminal emulator/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Warp/([\w._-]+)\r\n|s p/Warp Haskell httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Vorlon SR ([\w._-]+)\r\n|s p/Hummingbird Vorlon Servlet Runner/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Indy/([\w._-]+)\r\n|s p/Indy httpd/ v/$1/ cpe:/a:indy:httpd:$1/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Rocket ([\w._-]+) Python/([\w._-]+)\r\n|s p/Rocket httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/ cpe:/a:timothy_farrell:rocket:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Debian Apt-Cacher NG/([\w._-]+)\r\n|s p/Debian Apt-Cacher NG httpd/ v/$1/ cpe:/a:debian:apt-cacher:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Boa/([\w._-]+)\r\n|s p/Boa/ v/$1/ cpe:/a:boa:boa:$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: mini_httpd/([\w._ /-]+)\r\n| p/mini_httpd/ v/$1/ cpe:/a:acme:mini_httpd:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Mono\.WebServer2/([\w._-]+) Unix\r\n| p/Mono.WebServer2/ v/$1/ o/Unix/ cpe:/a:mono:xsp:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Splunkd\r\n|s p/Splunkd httpd/ cpe:/a:splunk:splunk/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: BarracudaServer\.com \(Posix\)\r\n| p/Barracuda Embedded Web Server/ cpe:/a:real_time_logic:barracuda_embedded_web_server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nserver: kolibri-([\w._-]+)\r\n| p/Kolibri httpd/ v/$1/ cpe:/a:senkas:kolibri:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nX-Powered-By: Servlet/([\w._-]+)\r\nContent-Type: text/html;charset=[^\r\n;]+\r\n\$WSEP: \r\nContent-Language: ([^\r\n]+)\r\n| p/IBM WebSphere Application Server/ i/Servlet $1; language: $2/ cpe:/a:ibm:websphere_application_server/
match http m|^HTTP/1\.0 \d\d\d .*\r\nX-Powered-By: Servlet/([\w._-]+)\r\nContent-Type: text/html;charset=[^\r\n;]+\r\n\$WSEP: \r\n| p/IBM WebSphere Application Server/ i/Servlet $1/ cpe:/a:ibm:websphere_application_server/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nExpires: 0\r\nSet-Cookie: coreses5=; path=/; HttpOnly\r\nSet-Cookie: corelang5=orion:(\w+); path=/; expires=.*\r\nDate: .*\r\n\r\n| p/ISPsystem COREmanager/ i/language: $1/ cpe:/a:ispsystem:coremanager::::$1/
match http m|^HTTP/1\.0 400 Bad Request\r\nPragma: no-cache\r\nCache-Control: no-cache,no-store\r\n\r\n$| p|Sony NSZ-GS7/GS8 multimedia receiver httpd| d/media device/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nContent-Length: \d+\r\n\r\n.*<!--\nCopyright 2004-20\d\d H2 Group\.\n.*Sorry, remote connections \('webAllowOthers'\) are disabled on this server\.|s p/H2 Database console/ i/remote connections disabled/ cpe:/a:h2group:h2database/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">\n<!--\nCopyright 2004-20\d\d H2 Group\.| p/H2 database http console/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Karrigell ([\w._-]+)\r\nDate: |s p/Karrigell web framework httpd/ v/$1/ cpe:/a:karrigell:karrigell:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .* GMT\r\nServer: WSGIServer/([\w._-]+) C?Python/([\w._+-]+)\r\n| p/WSGIServer/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:wsgiref:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: MX4J-HTTPD/1\.0\r\n\r\n|s p/MX4J HTTP Adaptor/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ExtremeWare/([\d.]+)\r\n|s p/Exreme Networks switch admin httpd/ i/ExtremeWare XOS $1/ o/XOS/ cpe:/o:extremenetworks:extremeware_xos:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ngx_openresty/([\w._-]+)\r\n|s p/OpenResty web app server/ v/$1/ cpe:/a:openresty:ngx_openresty:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ngx_openresty\r\n|s p/OpenResty web app server/ v/1.9.7.2 or earlier/ cpe:/a:openresty:ngx_openresty/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: openresty/([\w._-]+)\r\n|s p/OpenResty web app server/ v/$1/ cpe:/a:openresty:ngx_openresty:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: openresty\r\n|s p/OpenResty web app server/ cpe:/a:openresty:ngx_openresty/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: IntelliJ IDEA (\d[\w._-]*)\r\n|s p/IntelliJ IDEA/ v/$1/ cpe:/a:jetbrains:intellij_idea:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?server: Cowboy\r\n|s p/Cowboy httpd/ cpe:/a:ninenines:cowboy/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Cowboy\r\nDate: .*\r\nContent-Length: \d+\r\n\r\n| p/Cowboy httpd/ cpe:/a:ninenines:cowboy/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Xavante (\d[\w._-]+)\r\n|s p/Xavante Lua httpd/ v/$1/ cpe:/a:kepler_project:xavante:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Oracle-iPlanet-Web-Server/([\w._-]+)\r\n| p/Oracle iPlanet Web Server/ v/$1/ cpe:/a:oracle:iplanet_web_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Linux/(([\d.]+?)(?:\.x)?) UPnP/([\d.]+) Avtech/([\d.]+)\r\n|s p/Avtech IP camera httpd/ v/$4/ i/Linux $1; UPnP $3/ o/Linux/ cpe:/o:linux:linux_kernel:$2/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: BBVS/([\d.]+)\r\n| p/BBVS video streaming httpd/ v/$1/ o/Mac OS X/ cpe:/a:ben_software:bbvs:$1/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: BBVS\r\n| p/BBVS video streaming httpd/ o/Mac OS X/ cpe:/a:ben_software:bbvs/ cpe:/o:apple:mac_os_x/a
# Server header is usually "OpenBSD httpd" but compile-time configurable. CSS however is literal string, but only for abort responses.
match http m|^HTTP/1\.0 [345]\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Date: [^\r\n]*\r\nServer: [^\r\n]*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n.*\r\n<!DOCTYPE html>\n<html>\n<head>\n<title>[^<]*</title>\n<style type="text/css"><!--\nbody \{ background-color: white; color: black; font-family: 'Comic Sans MS', 'Chalkboard SE', 'Comic Neue', sans-serif; \}|s p/OpenBSD httpd/ cpe:/a:openbsd:httpd/
# meta content-type added Tue Mar 8 09:33:15 2016 UTC in revision 1.106 of server_httpd.c
match http m|^HTTP/1\.0 [345]\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Date: [^\r\n]*\r\nServer: [^\r\n]*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n.*\r\n<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>\n<title>[^<]*</title>\n<style type="text/css"><!--\nbody \{ background-color: white; color: black; font-family: 'Comic Sans MS', 'Chalkboard SE', 'Comic Neue', sans-serif; \}|s p/OpenBSD httpd/ cpe:/a:openbsd:httpd/
match http m|^HTTP/1.1 [126-9]\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: OpenBSD httpd\r\n|s p/OpenBSD httpd/ cpe:/a:openbsd:httpd/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\n(?:Connection: close\r\n)?Server: CE_E\r\n| p/Cisco Expressway E/ cpe:/a:cisco:expressway_software/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Play! Framework;([\d.]+);(\w+)\r\n|s p/Play Framework/ v/$1/ i/$2/ cpe:/a:zenexity:play_framework:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: IBM Mobile Connect\r\n|s p/IBM Lotus Mobile Connect/ cpe:/a:ibm:lotus_mobile_connect/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Wave World Wide Web Server \(W4S\) v([\d.]+)\r\n| p/Brocade Wave httpd/ v/$1/ i/NOS REST API/ cpe:/a:brocade:wave_world_wide_web_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: MQX HTTPSRV/[\d.]+ - Freescale Embedded Web Server v([\d.]+)\r\n| p/Freescale MQX embedded httpd/ v/$1/ o/MQX RTOS/ cpe:/o:freescale:mqx/
match http m|^HTTP/1\.1 \d\d\d .*\nServer: MQX HTTP - Freescale Embedded Web Server\n| p/Freescale MQX embedded httpd/ o/MQX RTOS/ cpe:/o:freescale:mqx/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: Microsoft-WinCE/([\d.]+)0\r\n| p/Microsoft Windows Embedded CE Web Server/ o/Windows CE $1/ cpe:/o:microsoft:windows_ce/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Devline Linia Server\r\n|s p/Devline Line surveillance system httpd/ d/security-misc/ cpe:/a:devline:line/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: esp8266-link\r\n| p/esp-link ESP8266 firmware httpd/ cpe:/a:thorsten_von_eicken:esp-link/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Mojolicious \(Perl\)\r\n|s p/Mojolicious httpd/ cpe:/a:sebastian_riedel:mojolicious/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Caddy\r\n|s p/Caddy httpd/ cpe:/a:matt_holt:caddy/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: embOS/IP\r\n|s p|Segger embOS/IP httpd| cpe:/a:segger:embos%2fip/

match http m|^HTTP/1\.1 [45]\d\d (?:[^\r\n]*\r\n)*?\r\n(?:<!DOCTYPE html>)?<html><head><title>Apache Tomcat/(\d[\w._-]*) - Error report</title>|s p/Apache Tomcat/ v/$1/ cpe:/a:apache:tomcat:$1/a
match http m|^HTTP/1\.1 [45]\d\d (?:[^\r\n]*\r\n)*?\r\n(?:<!DOCTYPE html>)?<html><head><title>Apache Tomcat/(\d[\w._-]*) - Informe de Error</title>|s p/Apache Tomcat/ v/$1/ i/Spanish/ cpe:/a:apache:tomcat:$1:::es/
match http m|^HTTP/1\.1 [45]\d\d (?:[^\r\n]*\r\n)*?\r\n(?:<!DOCTYPE html>)?<html><head><title>Apache Tomcat/(\d[\w._-]*) - Rapport d'erreur</title>|s p/Apache Tomcat/ v/$1/ i/French/ cpe:/a:apache:tomcat:$1:::fr/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Type: application/x-appweb-(\w+)\r\n|s p/Embedthis-Appweb/ i/extension: $1/ cpe:/a:mbedthis:appweb/
match http m|^HTTP/1\.1 \d\d\d .*\r\nMIME-Version: 1\.0\r\nServer: KS_HTTP/([\d.]+)\r\n| p/Canon Pixma printer http config/ i/KS_HTTP $1/ d/printer/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Content Gateway Manager ([\w._-]+)\r\n| p/Websense Content Gateway Manager http config/ v/$1/ cpe:/a:websense:websense_content_content_gateway:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: bfe\r\n| p/Baidu Front End httpd/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: bfe/([\d.]+)\r\n| p/Baidu Front End httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: bfe/([\d.]+)-([\w-]+)\r\n| p/Baidu Front End httpd/ v/$1/ i/$2/
# Also matches Swift?
match http m|^HTTP/1\.0 \d\d\d .*<\?xml version=\"1\.0\" encoding=\"iso-8859-1\"\?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\"\n         \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n <head>\n  <title>\d\d\d - [\w ]+</title>|s p/lighttpd/ cpe:/a:lighttpd:lighttpd/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?P3P: CP="This is not a P3P policy! See https://www\.google\.com/support/accounts/answer/151657\?hl=.. for more info\."\r\nServer: gws\r\n|s p/Google Web Server/
match http m|^HTTP/1\.[01] (?:[^\r\n]*\r\n(?!\r\n))*?Server: proxygen\r\nDate: |s p/Facebook Proxygen httpd/ cpe:/a:facebook:proxygen/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: 360wzws\r\nDate: |s p/360 WangZhan httpd/
match http m|^HTTP/1\.[01] 40[04] (?:[^\r\n]*\r\n(?!\r\n))*?Server: ATLAS Platform\r\n|s p/VeriSign Advanced Transaction Look-up Signaling http redirector/
match http m|^HTTP/1\.[01] (?:[^\r\n]*\r\n(?!\r\n))*?Date: [^\r\n]+ GMT\r\nServer: ECD \(\w+/[0-9A-F]+\)\r\n|s p/Edgecast ECD httpd/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: instart/nginx\r\n| p/nginx/ i/Instart Logic/ cpe:/a:igor_sysoev:nginx/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Tengine/([\w._-]+)\r\n|s p/Tengine httpd/ v/$1/ cpe:/a:alibaba:tengine:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Tengine\r\n|s p/Tengine httpd/ cpe:/a:alibaba:tengine/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: 0W/(\d[\w._-]+)\r\n|s p/0W-httpd/ v/$1/ cpe:/a:maxim_zotov:0w-httpd:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: 4D_v(\d+)/(\1\.\d+)\r\n| p/4D RDBMS web server/ v/$2/ cpe:/a:4d_sas:4d:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: 4D/([\d.]+)\r\n|s p/4D RDBMS web server/ v/$1/ cpe:/a:4d_sas:4d:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: close\r\nServer: NetData Embedded HTTP Server\r\n| p/NetData embedded httpd/ cpe:/a:firehol:netdata/
match http m|^HTTP/1\.[01] \d\d\d [^\r\n]+\r\nServer: Digiweb\r\n(?:[^\r\n]+\r\n)*?Expires: 26 Jul 1997 05:00:00 GMT\r\n|s p/Digitronic Digiweb httpd/ cpe:/a:digitronic:digiweb/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Wakanda/\d+ build ([.\d]+) WAF ([\d.]+) build ([\d-]+) \((\w+)-(\w+)\)\r\n|s p/Wakanda httpd/ v/$1/ i/Wakanda Application Framework $2 build $3; arch: $5/ o/$4/ cpe:/a:wakanda:wakanda_application_framework:$2/ cpe:/a:wakanda:wakanda_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Wakanda/\d+ build ([.\d]+) \((\w+)-(\w+)\)\r\n|s p/Wakanda httpd/ v/$1/ i/arch: $3/ o/$2/ cpe:/a:wakanda:wakanda_server:$1/
match http m|^HTTP/1\.[01] (?:[^\r\n]*\r\n(?!\r\n))*?Server: gunicorn/([\w._-]+)\r\n|s p/Gunicorn/ v/$1/ cpe:/a:gunicorn:gunicorn:$1/
match http m|^HTTP/1\.1 \d\d\d .*\nDate: .*\r\nConnection: close\r\nServer: Clearswift\r\n\r\n|s p/Clearswift Secure Web Gateway/ d/security-misc/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Influxdb-Version: ([\d.]+)\r\n|s p/InfluxDB http admin/ v/$1/ cpe:/a:influxdata:influxdb:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: KFWebServer\r\n|s p/KF Web Server/ cpe:/a:keyfocus:kf_web_server/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: KFWebServer/([\d.]+) (Windows[^\r\n]*)\r\n|s p/KF Web Server/ v/$1/ o/$2/ cpe:/a:keyfocus:kf_web_server/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Huawei-BMC\r\n| p/Huawei BMC httpd/ d/remote management/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Seattle Lab HTTP Server/([\d.]+)\r\n| p/Seattle Lab httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: WindRiver-WebServer/([\d.]+)\r\n| p/Wind River Web Server/ v/$1/ cpe:/a:windriver:web_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Python/([\d.]+) aiohttp/([\d.]+)\r\n|s p/aiohttp/ v/$2/ i/Python $1/ cpe:/a:aiohttp:aiohttp:$2/ cpe:/a:python:python:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Cassini/([\d.]+)\r\nDate: .*\r\nX-AspNet-Version: ([\d.]+)\r\n| p/Microsoft Cassini httpd/ v/$1/ i/ASP.NET $2/ o/Windows/ cpe:/a:microsoft:asp.net:$2/ cpe:/a:microsoft:cassini:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Cassini/([\d.]+)\r\nDate: .*\r\n| p/Microsoft Cassini httpd/ v/$1/ o/Windows/ cpe:/a:microsoft:cassini:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: HTTP::Server::PSGI\r\n| p/Plack HTTP::Server::PSGI httpd/ cpe:/a:tatsuhiko_miyagawa:plack/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: ZK Web Server\r\n| p/ZKTeco embedded web server/ d/specialized/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WildFly/(\d[\w._-]*)\r\n|s p/JBoss WildFly Application Server/ v/$1/ cpe:/a:redhat:jboss_wildfly_application_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: fasthttp\r\nDate:| p/Vertamedia fasthttp/ cpe:/a:vertamedia:fasthttp/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Icinga/[rv](\d[\w._-]*)\r\n|s p/Icinga/ v/$1/ cpe:/a:icinga:icinga:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Motion-httpd/([\d.]+)(?:[-+][Gg]it-?\w+)?\r\n|s p/Motion http API/ v/$1/ cpe:/a:motion:motion:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Motion/([\d.]+)(?:[-+][Gg]it-?\w+)?\r\n|s p/Motion jpeg streaming/ v/$1/ cpe:/a:motion:motion:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Simple-DNS-Plus/([\d.]+)\r\n|s p/Simple DNS Plus HTTP API/ v/$1/ cpe:/a:jh_software:simple_dns_plus:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Vidat V7/(\d[\w._-]*) \(([^)]+)\)\r\n|s p/Vidat V7 httpd/ v/$1/ o/$2/ cpe:/a:vidat_consulting:v7:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: PowerStudio v(\d[\w.]*)\r\n| p/Circutor PowerStudio/ v/$1/ cpe:/a:circutor:powerstudio:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: servX\r\n| p/Hilscher servX httpd/ cpe:/a:hilscher:servx/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?server: WebSEAL/(\d[\w.]*)\r\n|s p/IBM WebSEAL/ v/$1/ cpe:/a:ibm:webseal:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: JREntServer/1\.1\r\n| p/Jinfonet JReport Enterprise Server/ cpe:/a:jinfonet:jrentserver/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Date: [^\r\n]+\r\nConnection: close\r\nServer: Prime\r\n\r\n|s p/Cisco Prime Infrastructure httpd/ cpe:/a:cisco:prime_infrastructure/

# Put this at the end because it's not a server, but a backend.
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\w._-]+) JSP/([\w._-]+)\r\n|s p/Java Servlet/ v/$1/ i/JSP $2/ cpe:/a:oracle:jsp:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: sisRapid Framework\r\n|s p/Saman Portal/ cpe:/a:saman_information_structure:sis_rapid_framework/
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nWWW-Authenticate: Basic realm="Sling \(Development\)"\r\n\r\n| p/Adobe Experience Manager/ cpe:/a:adobe:adobe_experience_manager/
match http m|^HTTP/1\.1 200 OK\r\nX-App-Name: kibana\r\n| p/Elasticsearch Kibana/ cpe:/a:elasticsearch:kibana/
match http m|^HTTP/1\.1 200 OK\r\nkbn-name: kibana\r\nkbn-version: (\d[\w._-]*)\r\n| p/Elasticsearch Kibana/ v/$1/ cpe:/a:elasticsearch:kibana:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Express\r\n|s p/Node.js Express framework/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Mojolicious \(Perl\)\r\n|s p/Mojolicious web framework/ cpe:/a:sebastian_riedel:mojolicious/
# https://support.f5.com/kb/en-us/solutions/public/14000/800/sol14815.html
match http m|^HTTP/1\.1 200 OK\r.*\nSet-Cookie: b{15}=[A-Z]{128}; HttpOnly\r\n|s p/F5 BIG-IP load balancer AVR module/ v/11.3.0 or later/ cpe:/a:f5:big-ip_application_visibility_and_reporting/
match http m|^HTTP/1\.1 \d\d\d.*__meteor_runtime_config__ = JSON\.parse\(decodeURIComponent\("%7B%22meteorRelease%22%3A%22METEOR%40([\d.]+)%22%2C%22PUBLIC_SETTINGS%22%3A%7B%7D%2C%22ROOT_URL%22%3A%22https?%3A%2F%2F([^%]+)%|s p/Meteor/ v/$1/ h/$2/ cpe:/a:meteor:meteor:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-AspNetMvc-Version: ([\d.]+)\r\nX-AspNet-Version: ([\d.]+)\r\n|s p/ASP.NET/ v/$2/ i/MVC $1/ cpe:/a:microsoft:asp.net:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Sinopia/(\d[\w._-]*)\r\n|s p/Sinopia npm repository/ v/$1/ cpe:/a:alex_kocharin:sinopia:$1/
softmatch http m|^HTTP/1\.[01] (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: PHP/(\d[\w._-]+)|s i/PHP $1/ cpe:/a:php:php:$1/

# No more HTTP softmatch because many services that I don't think are
# best classified 'http' use http-like semantics (for example UPnP,
# some https servers, etc).  Maybe I should make softmatch allow
# future services that start with the service name, and relable all of
# those.  Shrug.  For now it is gone.
# softmatch http m|^HTTP/1.[01] \d\d\d|

# OCSP malformedRequest response status (1).
match http-ocsp m|^HTTP/1\.0 200 OK\r\nContent-type: application/ocsp-response\r\nContent-Transfer-Encoding: Binary\r\nContent-Length: 5\r\n\r\n0\x03\n\x01\x01$| p/OCSP over HTTP/

match http-proxy m|^HTTP/1\.1 401 Unauthorized\r\nConnection: closed\r\nContent-Length: \d+\r\nWWW-Authenticate: Basic realm=\"WebWasher configuration\"\r\n| p/WebWasher filtering proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\n.*<html><head><title>WebWasher - Error 400: Bad Request</title>|s p/WebWasher filtering proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 400 Bad Request\r\n.*<title>Webwasher - Notification</title>\r\n|s p/WebWasher filtering proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 400 Ung\xfcltige Anforderung\r\nConnection: Close\r\nContent-type: text/html\r\nPragma: no-cache\r\n\r\n<html><head><title>WebWasher - Fehler 400: Ung\xfcltige Anforderung</title>| p/WebWasher filtering proxy/ i/German/ o/Windows/ cpe:/o:microsoft:windows/a

# MiddleMan filtering proxy server v1.5.2
# Middleman 1.8.3
match http-proxy m|^HTTP/1\.1 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: 463\r\nConnection: close\r\nProxy-Connection: close\r\n\r\n<html><head><title>File not found</title></head><!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\">\n<body text=\"#000000\" bgcolor=\"#99AABB\"| p/Middleman filtering web proxy/
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nServer: WWWOFFLE/(\d[-.\w]+)\r\n| p/WWWOFFLE caching webproxy/ v/$1/
match http-proxy m|^HTTP/1\.[01] 400 Host Not Found.*\r\n\r\n<html><head><title>The Proxomitron Reveals\.\.\.</title>|s p/Proxomitron universal web filter/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nDate: .*\r\n\r\n<html><body>.*<font color=\"#FF0000\">Proxy</font><font color=\"#0000FF\">\+</font> (\d[-.\w]+) \(Build #(\d+)\), Date: |s p/Fortech Proxy+ http admin/ v/$1 Build $2/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 403 Forbidden\r\nDate: .*\r\n\r\n<html><body>.*</b> Registration key allows only ([\d]+) simultaneous users\..*>Proxy</font><font color=\"#0000FF\">\+</font> ([\d.]+) \(Build #(\d+)\),|s p/Fortech Proxy+ http admin/ v/$2 Build $3/ i/$1 concurrent users allowed/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nServer: Jana-Server/(\d[-.\w]+)\r\n| p/JanaServer http proxy/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 400 Bad Request\nContent-Type: text/html\n\n<HTML><HEAD><TITLE>DansGuardian - | p/DansGuardian HTTP proxy/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nServer: FreeProxy/(\d[-.\w]+)\r\n| p/FreeProxy/ v/$1/
# EZproxy for Linux 2.2d GA (2003-09-01) - http://www.usefulutilities.com
match http-proxy m|HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: EZproxy\r\n|s p/EZproxy web proxy/
# http://bfilter.sourceforge.net/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\n(?:[^\r\n]+\r\n)*?\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\">\r\n<html>\r\n<head>\r\n  <title>BFilter Error</title>|s p/Bfilter proxy/
match http-proxy m|^HTTP/1\.0 501 Not Implemented\r\n.*<STRONG>\nUnsupported Request Protocol\n</STRONG>\n</UL>\n<P>\nBFilter does not support all request methods for all access protocols\.\n|s p/Bfilter proxy/
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nServer: tinyproxy/(\d[-.\w]+)\r\n| p/tinyproxy/ v/$1/ cpe:/a:banu:tinyproxy:$1/
# Privoxy 3.0.0 Filtering Web Proxy - http://www.privoxy.org
match http-proxy m|^HTTP/1\.0 400 Invalid header received from browser\r\n\r\n$| p|Junkbuster/Privoxy webproxy|
match http-proxy m|^HTTP/1\.0 400 Invalid header received from browser\n\n| p/Junkbuster webproxy/
match http-proxy m|^HTTP/1\.[01] 400 Invalid header received from client\r\nProxy-Agent: Privoxy ([\w._-]+)\r\n| p/Privoxy http proxy/ v/$1/
match http-proxy m|^HTTP/1\.0 400 Bad request received from browser\r\nConnection: close\r\n\r\nBad request\. Privoxy was unable to extract the destination\.\r\n| p/Privoxy http proxy/
match http-proxy m|^HTTP/1\.1 400 Bad request received from client\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\nBad request\. Privoxy was unable to extract the destination\.\r\n| p/Privoxy http proxy/
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: NetCache \(NetApp/(\d[-.\w]+)\)\r\n|s p/NetApp NetCache http proxy/ v/$1/ cpe:/a:netapp:netcache:$1/
# Not sure if the [-\w_.]+ is a hostname, it was netcache02
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nServer: NetCache appliance \(NetApp/([-\w_.]+)\)\r\n| p/NetApp NetCache http proxy/ v/$1/ cpe:/a:netapp:netcache:$1/
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Via: 1\.1 [-\w_.]+ \(NetCache NetApp/(\d[-.\w]+)\)\r\n\r\n<h1>Bad Request \(Invalid Hostname\)</h1>|s p/NetApp NetCache http proxy/ v/$1/ cpe:/a:netapp:netcache:$1/
# Squid 2.5.STABLE3 on NetBSD 1.6ZA
match http-proxy m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: [sS]quid/([-.\w+]+)\r\n|s p/Squid http proxy/ v/$1/ cpe:/a:squid-cache:squid:$1/
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: [sS]quid\r\n|s p/Squid http proxy/ cpe:/a:squid-cache:squid/
# Blue Coat Port 80 Security Appliance  Model: Blue Coat SG400 Software Version: SGOS 2.1.6044 Software Release id: 19480 Service Pack 4
match http-proxy m|^HTTP/1\.1 504 Gateway Time-out\r\nConnection: close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Length: 2976\r\nContent-Type: text/html\r\n\r\n<DIV class=Section1> \n\t\t<P class=MsoNormal| p/Blue Coat Security Appliance http proxy/ o/SGOS/ cpe:/o:bluecoat:sgos/a
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nServer: MS-MFC-HttpSvr/([\w._-]+)\r\n| p/Microsoft Foundation Class httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 400 Cache Detected Error\r\nDate: .*\r\nContent-Type: text/html\r\nVia: 1\.0 ([-.\w]+) \(NetCache NetApp/([-.\w]+)\)\r\n\r\n| p/NetApp NetCache http proxy/ v/$2/ h/$1/ cpe:/a:netapp:netcache:$2/
match http-proxy m|^HTTP/1\.0 400 Cache Detected Error\r\nContent-type: text/html\r\n\r\n.*Generated by squid/([\w._-]+)@([\w._-]+)\n|s p/Squid http proxy/ v/$1/ h/$2/ cpe:/a:squid-cache:squid:$1/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nMime-Version: 1\.0\r\n.*<!-- \n /\*\n Stylesheet for Squid Error pages\n|s p/Squid http proxy/ cpe:/a:squid-cache:squid/
# Novell BorderManager HTTP-Proxy
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Length: \d+\r\n\r\n.*<title>BorderManager Information Alert</title>|s p/Novell BorderManager HTTP-Proxy/ cpe:/a:novell:bordermanager/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nContent-type: text/html\r\n\r\n<html><head><title>InterScan Error</title></head>\r\n<body><h2>InterScan Error</h2>\r\nInterScan HTTP Version ([-\w_.]+) \$Date:| p/InterScan InterScan VirusWall/ v/$1/
# iPlanet-Web-Proxy-Server 3.6
match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nServer: IBM-PROXY-WTE-US/([\d.]+)\r\n| p/IBM-PROXY-WTE-US web proxy/ v/$1/
match http-proxy m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: IBM-PROXY-FW/([\d.]+)\r\n|s p/IBM-PROXY-FW http proxy/ v/$1/
match http-proxy m|^<HTML><BODY bgColor=#FFFFFF link=#0000CC text=#000000 vLink=#CCCC88><TITLE>An error has occurred\.\.\.</TITLE><CENTER><TABLE width=600 border=0 cellpadding=2 cellspacing=1><TR bgcolor=#FFFFFF vAlign=top><TD width=\"90%\" colspan=2 bgcolor=#707888>| p/AnalogX web proxy/ i/misconfigured/ cpe:/a:analogx:proxy/
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nContent-type: text/html\r\nContent-length: \d+\r\nWWW-authenticate: Basic realm=\"\(Password Only\) NAV for MS Exchange\"\r\n\r\n| p/NAV for MS Exchange/
match http-proxy m|^HTTP/1\.0 200 \nServer: VisualPulse \(tm\) ([\w.]+)\n| p/VisualPulse http proxy/ v/$1/
match http-proxy m|^HTTP/1\.0 302 Moved\r\nDate: .*\r\nServer: DeleGate/([\d.]+)\r\n| p/DeleGate proxy/ v/$1/
match http-proxy m|^HTTP/1\.0 302 Moved\r\nDate: .*\r\nServer: DeleGate| p/DeleGate proxy/
match http-proxy m|^HTTP/1\.0 200 OK\r\nProxy-agent: Netscape-Proxy/([\d.]+)\r\n| p/Netscape-proxy/ v/$1/
match http-proxy m|^HTTP/1\.0 504 Gateway Timeout\r\nContent-Type: text/html\r\nPragma: no-cache\r\n\r\n<H4><font COLOR=\"#FF0000\">Error parsing http request : </font></H2><p><pre>GET / / HTTP/1\.0\r\n\r\n</pre>| p/WinProxy http proxy/ o/Windows/ cpe:/a:bluecoat:winproxy/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nServer: NetCache appliance \(NetApp/([\d.]+)\)\r\n\r\n| p/NetApp NetCache http proxy/ v/$1/ d/proxy server/ cpe:/a:netapp:netcache:$1/
match http-proxy m|^HTTP/1\.0  500 \r\nProxy-agent: MultiCertify PROXY/([\d.]+)\r\n| p/MultiCertify http proxy/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: HTTP::Proxy/([\d.]+)\r\n| p/Perl HTTP::Proxy/ v/$1/
match http-proxy m|^HTTP/1\.1 407 Proxy Authentication Required\r\nProxy-Authenticate: NTLM\r\nProxy-Authenticate: BASIC realm=\"DOMBUD\"\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n| p/CacheFlow http proxy/ o/CacheOS/ cpe:/o:bluecoat:cacheos/
# Might match WinProxy as well? -Doug
match http-proxy m|^HTTP/1\.1 404 Not found\r\nConnection: close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html\r\nContent-Length: 48\r\n\r\n<html><body>HTTP/1\.1 404 Not found</body></html>$| p/HTTHost TCP over HTTP tunneling proxy/
match http-proxy m|^HTTP/1\.0 401 Unauthorized\r\nServer: Telkonet Communications\r\n| p/Telkonet Communications http proxy/
match http-proxy m|^HTTP/1\.1 204 No Content\r\n(?:[^\r\n]+\r\n)*?X-Squid-Error: ERR_INVALID_|s p/Squid http proxy/ cpe:/a:squid-cache:squid/
match http-proxy m|^HTTP/1\.[01] 400 Bad Request\r\n(?:[^\r\n]+\r\n)*?X-Squid-Error: ERR_INVALID_|s p/Squid http proxy/ cpe:/a:squid-cache:squid/
match http-proxy m|^HTTP/1\.0 503 Service Unavailable\r\n(?:[^\r\n]+\r\n)*?X-Squid-Error: ERR_CONNECT_FAIL 111\r\n|s p/Squid http proxy/ cpe:/a:squid-cache:squid/
match http-proxy m|^HTTP/1\.1 504 Gateway Time-out\r\n(?:[^\r\n]+\r\n)*?X-Squid-Error: ERR_CONNECT_FAIL 111\r\n|s p/Squid http proxy/ cpe:/a:squid-cache:squid/
match http-proxy m|^HTTP/1\.0 403 Access Forbidden\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>407 Proxy Authentication Required</TITLE></HEAD><BODY><H1>Proxy Authentication Required</H1><H4>Unable to complete request<P>Access denied due to authentication failure\.</H4><HR></BODY></HTML>\n\n\0| p/CA eTrust SCM http proxy/ cpe:/a:ca:etrust_secure_content_manager/
match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nServer: FreeProxy/([\d.]+)\r\n| p/FreeProxy http proxy/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 403 Forbidden\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nConnection: Close\r\n\r\n<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"><TITLE>La solution mat\xc3\xa9rielle-logicielle WebShield&reg;| p/WebShield http proxy/ i/French/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 403 Forbidden\r\nServer: Eplicator/([\d.]+)\r\n| p/Eplicator http proxy/ v/$1/
match http-proxy m|^AdsGone Blocked HTML Ad$| p/AdsGone http proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^<font face=verdana size=1>AdsGone (\d+)  Blocked HTML Ad</font>$| p/AdsGone $1 http proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nContent-Type: text/html\r\nPragma: no-cache\r\n\r\n<html>\n<head>\n<title>Proxy\+ WWW Admin interface</title>\n\n| p/Fortech Proxy+ http admin/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Cache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html.*\r\nProxy-Connection: close\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n<HTML><HEAD>\n<TITLE>Access Denied</TITLE>\n</HEAD>.*\n<big>Access Denied \(policy_denied\)</big>\n|s p/BlueCoat SG-400 http proxy/ d/proxy server/
match http-proxy m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Cache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html.*\r\nProxy-Connection: close\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n<HTML><HEAD>\n<TITLE>Request Error</TITLE>\n</HEAD>.*\n<big>Request Error \(invalid_request\)</big>\n|s p/BlueCoat http proxy/
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: BlueCoat-Security-Appliance\r\n|s p/BlueCoat http proxy/ d/proxy server/
match http-proxy m|^HTTP/1\.1 302 Found\r\nServer: BlueCoat-Security-Appliance\r\nConnection: close\r\nLocation: /proxyclient/\r\n\r\n$| p/BlueCoat ProxyClient http interface/ d/proxy server/
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nProxy-agent: BlueCoat-WinProxy\r\n| p/BlueCoat WinProxy http proxy/ d/proxy server/ o/Windows/ cpe:/a:bluecoat:winproxy/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Sawmill/([-\w_.]+)\r\n|s p/BlueCoat Sawmill http proxy config/ v/$1/
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nProxy-agent: BlueCoat-ProxyAV\r\n| p/BlueCoat ProxyAV appliance http proxy/ d/proxy server/
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nPragma: no-cach\r\nContent-Type: text/html; charset=windows-1251\r\n\r\n| p/UserGate http proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Simple, Secure Web Server ([\d.]+)\r\n|s p/Symantec firewall http proxy/ i/Simple, Secure Web Server $1/ d/firewall/
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Length: \d+\r\n.*<B>KEN! Proxy</B>|s p/AVM KEN! http proxy/
match http-proxy m|^HTTP/1\.0 400 Bad request\r\nContent-Type: text/html\r\nPragma: no-cache\r\n\r\n<H4><font COLOR=\"#FF0000\">Error parsing http request : </font></H2><p><pre>GET / / HTTP/1\.0\r\n\r\n</pre>| p/Kerio WinRoute Pro http proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 200 OK\r\n.*This request is not allowed\n\n\n by One1Stream Fastlane Acceleration Server\.,  Accelerating Server ([\d.]+)</font></p></body></html>|s p/One1Stream Fastlane accelerating http proxy/ v/$1/
match http-proxy m|^HTTP/1\.0 404 Proxy Error\r\nContent-type: text/html\r\nPragma: no-cache\r\nCache-control: no-cache\r\nContent-length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\r\n<html><head><title>Proxy Error</title></head>\r\n<body><h1>Proxy Error</h1>\r\nThe proxy server could not handle this request\.\r\n<p>\r\n<b>bad file or wrong URL</b>\r\n</body></html>\r\n| p/Software602 602LAN Suite http proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nProxy-agent: Ositis-WinProxy\r\n| p/Ositis-WinProxy http proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^<Html><Body><H1> Unauthorized \.\.\.</H1></Body></Html>$| p/CCProxy http proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^<pre>\r\nIP Address: [\d.]+\r\nMAC Address: \r\nServer Time: .*\r\nAuth result: Invalid user\.\r\n</pre>| p/CCProxy http proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 401 Unauthorized\r\nServer: CCProxy\r\nWWW-Authenticate: Basic realm=\"CCProxy Authorization\"\r\n| p/CCProxy http proxy/ i/unauthorized/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 407 Unauthorized\r\nServer: CCProxy\r\nProxy-Authenticate: Basic realm=\"CCProxy Authorization\"\r\n| p/CCProxy http proxy/ i/unauthorized/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WebMarshal Proxy\r\n|s p/WebMarshal http proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n.*<br>Protocol:http\n<br>Host: [N]ULL\n<br>Path:/\n<tr>|s p/Oops! http proxy/
match http-proxy m|^HTTP/1\.0 504 Gateway Timeout\. Or not in cache\r\n\r\n| p/Oops! http proxy/
match http-proxy m|^HTTP/1\.0 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic realm=\"oops\"\r\n| p/Oops! http proxy/ i/Authentication Required/
match http-proxy m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Polipo\r\n|s p/Polipo http proxy/
match http-proxy m|^HTTP/1\.1 503 ERROR\nConnection: close\nContent-Type: text/html; charset=iso-8859-1\n\n<html>\n<head>\n<title>Error: Unable to resolve IP</title>| p/ffproxy http proxy/
match http-proxy m|^HTTP/1\.1 200 OK\r\ndate: .*\r\nconnection: close\r\n\r\n<html><body><pre><h1>Index of /</h1>\n<b>Name {53}Size {6}Last modified</b>\n\n| p/HTTP Replicator proxy/
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: BestHop ([\d.]+)\r\n|s p/BestHop CacheFly http proxy/ v/$1/
match http-proxy m|^HTTP/1\.0 407 Authentication failed\r\nConnection: close\r\nProxy-Connection: close\r\nProxy-Authenticate: Basic realm=\"HTTP proxy\"\r\n| p/Astaro Security http proxy/ cpe:/a:astaro:security_gateway_software/
match http-proxy m|^HTTP/1\.0 503 Service unavailable\r\n\r\n\r\n<html>\r\n<head>\r\n<title>Connect server failed</title>\r\n</head>\r\n<body >\r\n<h3>503 Can not connect server</h3>\r\nezProxy meets some difficulties to connect this WWW server\.| p/ezProxy http proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 403 Forbidden\r\nDate: .*\r\nServer: Mystery WebServer\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<HTML><HEAD>\n<TITLE>403 Forbidden</TITLE>\n</HEAD><BODY>\n<H1>Forbidden</H1>\nYou don't have permission to access /\non this server\.<P>\n<HR>\n<ADDRESS>Mystery WebServer/([\d.]+) Server at ([-\w_.]+) Port \d+</ADDRESS>\n| p/Espion Interceptor http proxy/ v/$1/ h/$2/
match http-proxy m|^HTTP/1\.1 400 Bad Request .*Server: Traffic inspector HTTP/FTP[/ ]Proxy server \(([\w._-]+)\)\r\n|s p/Traffic Inspector http proxy/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 200 OK\r\nCache-Control: no-store\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nX-Bypass-Cache: Application and Content Networking System Software ([\d.]+)\r\n| p/Cisco ACNS outbound proxying/ v/$1/ cpe:/a:cisco:application_and_content_networking_system_software:$1/

match http-proxy m|^<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">.*ERROR: The requested URL could not be retrieved|s p/Squid http proxy/ cpe:/a:squid-cache:squid/
match http-proxy m|^<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">.*El URL solicitado no se ha podido conseguir|s p/Squid http proxy/ i/Spanish/ cpe:/a:squid-cache:squid::::es/
match http-proxy m|^<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">.*A URL solicitada n&atilde;o pode ser recuperada|s p/Squid http proxy/ i/Portuguese/ cpe:/a:squid-cache:squid::::pt/
match http-proxy m|^<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">.*La URL richiesta non pu&ograve; essere recuperata</TITLE>|s p/Squid http proxy/ i/Italian/ cpe:/a:squid-cache:squid::::it/
match http-proxy m|^<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">.*L'URL demand&eacute;e n'a pu &ecirc;tre charg&eacute;e|s p/Squid http proxy/ i/French/ cpe:/a:squid-cache:squid::::fr/
match http-proxy m|^<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">.*FEHLER: Der angeforderte URL konnte nicht geholt werden|s p/Squid http proxy/ i/German/ cpe:/a:squid-cache:squid::::de/

match http-proxy m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: FSAV4IGW\r\n.*<html><head><title>F-Secure Internet Gatekeeper Welcome Page</title>|s p/F-Secure Internet Gatekeeper httpd/
match http-proxy m|^HTTP/1\.[01] \d\d\d .*\r\nServer: twproxy/([-\w_.]+)\r\n| p/ThunderWeb twproxy/ v/$1/
match http-proxy m=^HTTP/1\.0 302 Redirect\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\nConnection: close\r\nLocation: http://([\w._-]+):\d+/(?:nohost|nonauth/nohost\.php)\r\n\r\n= p/Kerio WinRoute http proxy/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 407 Proxy Authentication Required.*\r\nServer: HandyCache\r\n| p/HandyCache http caching proxy/ i/Russian/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CF/v([\d.]+)\r\n(?:[^\r\n]+\r\n)*?X-Cache: MISS from CacheFORCE\r\n|s p/CacheForce http proxy/ v/$1/
match http-proxy m|^HTTP/1\.0 302 Found\r\nSet-Cookie:.*<TITLE>Novell Proxy</TITLE></HEAD><BODY><b><p>HTTP request is being redirected to HTTPS\.</b></BODY></HTML>\r\n|s p/Novell iChain http proxy/ o/NetWare/ cpe:/a:novell:ichain/ cpe:/o:novell:netware/a
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nServer: micro_proxy\r\n.*<ADDRESS><A HREF=\"http://www\.acme\.com/software/micro_proxy/\">micro_proxy</A>|s p/acme.com micro_proxy http proxy/ cpe:/a:acme:micro_proxy/
match http-proxy m|^HTTP/1\.0 403 Forbidden\r\n.*<br><b>Access denied due to Proxy\+'s Security settings!</b>|s p/Fortech Proxy+ http admin/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 200 OK\r\nServer: URL Gateway ([-\w_.]+)\r\n| p/URL Gateway http proxy/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: SonicWALL SSL-VPN Web Server\.?\r\n|s p/SonicWALL SSL-VPN http proxy/
match http-proxy m|^HTTP/1\.0 504 Web Acceleration Client Error \(400\.3\) - Missing Host Field in Request Header\r\nContent-type: text/html\r\nContent-length: \d+\r\n\r\n| p/HughesNet Web Acceleration http proxy/
match http-proxy m|^HTTP/1\.0 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic realm=.*<h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource|s p/3Proxy http proxy/
match http-proxy m|^HTTP/1\.1 400 Malformed Request\r\nServer: WinGate ([\d.]+) \(Build (\d+)\)\r\n| p/WinGate httpd/ v/$1 build $2/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m=^HTTP/1\.1 403 (?:Request|Access) [Dd]enied\r\nDate: .*\r\nCache-control: no-store, no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServer: WinGate Engine\r\n\r\n= p/WinGate http proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 \d\d\d.*server: CoralWebPrx/([-\w_.]+) \(See http://coralcdn\.org/\)\r\n|s p/Coral Content Distribution Network http proxy/ v/$1/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nContent-Type: text/html\r\n\r\nYou are trying to use a node of the CoDeeN CDN Network\.| p/CoDeeN Content Distribution Network http proxy/
match http-proxy m|^HTTP/1\.0 403 Request error by HAVP\r\n.*<title>Yoggie - Unknown Request</title>|s p/Yoggie httpd/ i/HAVP anti-virus web proxy/
match http-proxy m|^HTTP/1\.0 403 Request error by HAVP\r\n| p/HAVP anti-virus web proxy/
match http-proxy m|^HTTP/1\.1 407\r\nProxy-Authenticate: Basic realm=\"Proxy\"\r\nContent-Type: text/plain\r\n\r\nAccess denyed| p/Small HTTP Server http proxy/
match http-proxy m|^HTTP/1\.0 407 Proxy Authentication required\r\nDate: .*\r\nContent-Type: text/html\r\nProxy-Authenticate: Basic realm=\"Proxy\+ HTTP Proxy service\"\r\n| p/Proxy+ http proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 503 Freenet is starting up\r\n| p/Freenet FProxy/
match http-proxy m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Cache-Control: max-age=0, must-revalidate, no-cache, no-store, post-check=0, pre-check=0\r\n.*<title>Freenet FProxy Homepage|s p/Freenet FProxy/
match http-proxy m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Security-Policy: default-src 'self'; script-src 'none'; frame-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'\r\n(?:[^\r\n]+\r\n)*?Cache-Control: private, max-age=0, must-revalidate, no-cache, no-store, post-check=0, pre-check=0\r\n|s p/Freenet FProxy/
match http-proxy m=^HTTP/1\.1 200 OK\r\nConnection: close\r\n.*<title>Browse Freenet \(Node id\|([\w._-]+)\) - Freenet</title>=s p/Freenet FProxy/ i/node id $1/
match http-proxy m|^HTTP/1\.1 200 OK\r\nConnection: close\r\n.*<title>Freenet Node of Node id\x7c([\w._-]+) - Freenet</title>|s p/Freenet FProxy/ i/node id $1/
match http-proxy m|^HTTP/1\.1 200 OK\r\nConnection: close\r\n.*<title>Browse Freenet \(([\w._-]+)\) - Freenet</title>|s p/Freenet FProxy/ i/node id $1/
match http-proxy m|^HTTP/1\.1 200 OK\r\nConnection: close\r\n.*<title>Freenet - Freenet</title>|s p/Freenet FProxy/
match http-proxy m|^HTTP/1\.[01] (?:[^\r\n]*\r\n(?!\r\n))*?Server: Mikrotik HttpProxy\r\n|s p/MikroTik http proxy/
match http-proxy m|^HTTP/1\.0 500 Internal Server Error\r\nCache-control: no-cache\r\nContent-type: text/html\r\n\r\n<HTML><HEAD><TITLE>SpoonProxy V([\w._-]+) Error</TITLE>| p/Pi-Soft SpoonProxy http proxy/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: approx/([\w._~+-]+) Ocamlnet/([\w._-]+)\r\n|s p/Approx http proxy/ v/$1/ i/Ocamlnet $2/
match http-proxy m|^HTTP/1\.1 401 Unauthorized\nWWW-Authenticate: Basic realm=\"Anti-Spam SMTP Proxy \(ASSP\) Configuration\"\nContent-type: text/html\nServer: ASSP/([\w._-]+)\(?\)?\n| p/Anti-Spam SMTP Proxy http config/ v/$1/
match http-proxy m|^HTTP/1\.0 \d\d\d .*<b>Bad request format\.\n\t\t</b><p>Please, check URL\.<p>\t\t<hr>\t\tGenerated by <a href=\"http://www\.kingate\.net\"> kingate\(([\w._-]+)-win32\)</a>\.</body></html>\0\0|s p/kingate http proxy/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^\njava\.net\.UnknownHostException: /\r\n\tat java\.net\.PlainSocketImpl\.connect\(Unknown Source\)\r\n| p/Apache JMeter http proxy/
match http-proxy m|^\r\n\r\njava\.net\.UnknownHostException: /\n\tat java\.net\.AbstractPlainSocketImpl\.connect\(AbstractPlainSocketImpl\.java:158\)\n| p/Apache JMeter http proxy/
match http-proxy m|^HTTP/1\.1 403 Bad Protocol\r\n.*<H1>I2P ERROR: NON-HTTP PROTOCOL</H1>The request uses a bad protocol\. The I2P HTTP Proxy supports http:// requests ONLY\. Other protocols such as https:// and ftp:// are not allowed\.<BR>|s p/I2P http proxy/
match http-proxy m|^HTTP/1\.1 405 Bad Method\r\n.*<H1>I2P ERROR: METHOD NOT ALLOWED</H1>The request uses a bad protocol\. The Connect Proxy supports CONNECT requests ONLY\. Other methods such as GET are not allowed - Maybe you wanted the HTTP Proxy\?\.<BR>|s p/I2P https proxy/
match http-proxy m|^HTTP/1\.0 502 Bad Gateway\r\nProxy-Connection: close\r\nContent-type: text/html; charset=us-ascii\r\n\r\n<html><head><title>502 Bad Gateway</title></head>\r\n<body><h2>502 Bad Gateway</h2><h3>Host Not Found or connection failed</h3></body></html>\r\n| p/3proxy http proxy/
match http-proxy m|^HTTP/1\.0 407 Proxy Authentication Required\r\nProxy-Authenticate: NTLM\r\nProxy-Authenticate: basic realm=\"proxy\"\r\nProxy-Connection: close\r\n.*<h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3>|s p/3proxy http proxy/ i/authentication required/
match http-proxy m|^HTTP/1\.0 404 Object not found\r\n.*<title>MIMEsweeper for Web :: ACCESS DENIED</title>|s p/Clearswift MIMEsweeper for web http proxy/ d/proxy server/
match http-proxy m|^HTTP/1\.1 200 .*<title>[\n ]*Web Filter Block Override[\n ]*</title>.*/XX/YY/ZZ/|s p/Fortinet FortiGuard http proxy/ d/firewall/
match http-proxy m|^HTTP/1\.1 400 Bad Request\r\nServer: ziproxy\r\n.*\(ziproxy/([\w._-]+)\)</ADDRESS>|s p/ziproxy http proxy/ v/$1/
match http-proxy m|^HTTP/1\.1 400 Bad Request\r\nServer: ziproxy\r\n| p/ziproxy http proxy/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\n\r\n\0{872}$| p/Ncat http proxy/ v/0.2/ i/before Nmap 4.85BETA1/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\n\r\n$| p/Ncat http proxy/ i/Nmap 4.85BETA1 or later/
match http-proxy m|^HTTP/1\.1 404 Not found\r\nConnection: close\r\n.*<title>Proxy error: 404 Not found\.</title>\n.*<hr>Generated .* by Polipo on <em>([\w_.-]+):\d+</em>\.\n|s p/Polipo/ h/$1/
match http-proxy m|^HTTP/1\.1 401 Server authentication required\r\nConnection: close\r\n.*<title>Proxy error: 401 Server authentication required\.</title>.*<hr>Generated .*? by Polipo on <em>([\w._-]+):\d+</em>\.|s p/Polipo/ h/$1/
match http-proxy m|^HTTP/1\.0 500 Direct HTTP requests not allowed\nContent-type: text/html\n\n<font face=\"Bitstream Vera Sans Mono,Andale Mono,Lucida Console\">\nThe proxy is unable to process your request\.\n<h1><font color=red><b>Direct HTTP requests not allowed\.</b></font></h1>\n$| p/ratproxy/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\ncontent-type: text/html\r\n\r\n<h1>400</h1>\n<p>koHttpInspector: Could not understand the query: '/'</p>\n<hr>\n<address>Komodo Http Inspector, Port \d+</address>\n$| p/Komodo HTTP Inspector proxy/
match http-proxy m|^HTTP/1\.1 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nCache-Control: no-cache\r\nConnection: close\r\nProxy-Connection: close\r\n\r\n<style type=\"text/css\">\nbody{ font-family: Tahoma, Arial, sans-serif, Helvetica, Verdana; font-size: 11px; color: #000000; background-color: #FFFFFF; margin: 2 }\n| p/SafeSquid http proxy/
match http-proxy m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Basic realm=\"proxy1\"\r\nConnection: keep-alive\r\nProxy-Connection: keep-alive\r\n\r\n$| p/SafeSquid http proxy/
match http-proxy m|^HTTP/1\.0 302 Found\r\nServer: Distributed-Net-Proxy/([\d.]+)\r\nLocation: http://www\.distributed\.net/\r\n\r\n$| p/distributed.net personal key proxy httpd/ v/$1/
match http-proxy m|^HTTP/1\.0 200 OK\r\nServer: LastFMProxy/([\w.]+)\r\n| p/LastFMProxy HTTP-to-last.fm proxy/ v/$1/ cpe:/a:last:last.fm/
match http-proxy m|^HTTP/1\.0 403 Forbidden\r\n.*<TITLE>\r\nFEHLER: Der Zugriff auf die angeforderte URL war nicht erfolgreich\r\n</TITLE>.*<B>KEN! DSL Proxy</B>|s p/AVM KEN! DSL http proxy/
match http-proxy m|^HTTP/1\.0 404 Not Found\r\n.*<title>HINWEIS: Der Zugriff auf die angeforderte URL war nicht erfolgreich</title>|s p/AVM FRITZ!Box Fon WAP http proxy/ d/WAP/
match http-proxy m|^HTTP/1\.0 404 Not Found\r\n.*<title>HINWEIS: Die Internetnutzung ist gesperrt\.</title>|s p/AVM FRITZ!Box Fon WLAN 7100-series http proxy/ d/WAP/
match http-proxy m|^HTTP/1\.0 407 Proxy access denied\r\nProxy-Authenticate: NTLM\r\nProxy-Connection: keep-alive\r\nContent-Length: 0\r\n\r\n$| p/ScanSafe http proxy/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\n(?:[^\r\n]+\r\n)*?Server: BaseHTTP/([\d.]+) Python/([\w._-]+)\r\n.*<head>\n<title>Error response</title>\n</head>\n<body>\n<h1>Error response</h1>\n<p>Error code 400\.\n<p>Message: Bad Request\.\n<p>Error code explanation: 400 = Bad request syntax or unsupported method\.\n</body>\n$|s p/BaseHTTPServer/ v/$1/ i/GAppProxy Google App Engine proxy; Python $2/ cpe:/a:python:basehttpserver:$1/a cpe:/a:python:python:$2/
# Etisalat - United Arab Emirates telecom company.
match http-proxy m|^HTTP/1\.1 501 Not Implemented\r\n.*<title>This site is blocked</title>.*<img border=\"0\" src=\"http://([\w._-]+)/images-ip/ipblocked\.jpg\" \nuseMap=#links2 border=0>.*<area title=\"\" shape=RECT alt=\"\" coords=\"494, 20, 580, 105\" href=\"http://www\.etisalat\.ae\">|s p/Etisalat censorship http proxy/ i/site blocked/ h/$1/
match http-proxy m|^HTTP/1\.1 403 Forbidden\r\n.*<title>This site is blocked</title>.*<img border=\"0\" src=\"http://([\w._-]+)/images-ip/siteblocked\.jpg\" useMap=#links border=0>.*<area title=\"\" shape=RECT alt=\"\" coords=\"154, 449, 254, 463\" href=\"http://www\.etisalat\.ae/proxy\">|s p/Etisalat censorship http proxy/ i/site blocked/ h/$1/
match http-proxy m|^HTTP/1\.0 404 GlimmerBlocked\r\n| p/GlimmerBlocker http proxy/
match http-proxy m|^HTTP/1\.1 400 Bad Request \(Malformed HTTP request\)\r\n.*<HTML><TITLE>Vital Security Proxy Error</TITLE>|s p/Finjan Vital Security http proxy/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nConnection: Close\r\n\r\n<HTML><HEAD>\n<TITLE>ERROR: The requested URL could not be retrieved</TITLE>\n</HEAD><BODY>\n<H2>The requested URL could not be retrieved</H2>\n<HR>\n<P>\nWhile trying to retrieve the URL:\n| p/Websense http proxy/
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Via: HTTP/1\.1 ([\w._-]+) \(Websense_Content_Gateway/([\w._-]+) \[c s f \]\)\r\n|s p/Websense Content Gateway http proxy/ v/$2/ h/$1/ cpe:/a:websense:websense_content_content_gateway:$2/
match http-proxy m|^HTTP/1\.0 504 Gateway Timeout\r\nContent-Length: 237\r\n.*<p>The proxy server did not receive a timely response\nfrom the upstream server\.</p>|s p/Fortinet FortiGate-110c http proxy/ d/firewall/
match http-proxy m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-length: 22\r\nConnection: close\r\nSet-Cookie: sslvpn-authck-orig-url=/; path=/\r\nSet-Cookie: sslvpn-authck-realm-name=Our Users; path=/\r\nLocation: /_formauth/login\.html\r\nContent-Type: text/plain\r\n\r\n302 Moved Temporarily\n$| p/Phion HTTPS VPN gateway/ d/proxy server/

match http-proxy m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html><head><title>Statistics Report for HAProxy</title>| p/HAProxy http proxy/ d/load balancer/ cpe:/a:haproxy:haproxy/
# HAProxy responses are mostly from http_err_msgs, HTTP_401_fmt, and HTTP_407_fmt in
# http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/proto_http.c
# Only statuses 200, 403, and 503 are likely to result from from GetRequest;
# other probes can match via fallbacks.
match http-proxy m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html><body><h1>200 OK</h1>\nHAProxy: service ready\.\n</body></html>\n$| p/HAProxy http proxy/ v/before 1.5.0/ d/load balancer/ cpe:/a:haproxy:haproxy/
match http-proxy m|^HTTP/1\.0 400 Bad request\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<html><body><h1>400 Bad request</h1>\nYour browser sent an invalid request\.\n</body></html>\n$| p/HAProxy http proxy/ v/before 1.3.1/ d/load balancer/ cpe:/a:haproxy:haproxy/
match http-proxy m|^HTTP/1\.0 403 Forbidden\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules\.\n</body></html>\n$| p/HAProxy http proxy/ v/before 1.3.1/ d/load balancer/ cpe:/a:haproxy:haproxy/
match http-proxy m|^HTTP/1\.0 408 Request Time-out\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<html><body><h1>408 Request Time-out</h1>\nYour browser didn't send a complete request in time\.\n</body></html>\n$| p/HAProxy http proxy/ v/before 1.3.1/ d/load balancer/ cpe:/a:haproxy:haproxy/
match http-proxy m|^HTTP/1\.0 500 Server Error\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<html><body><h1>500 Server Error</h1>\nAn internal server error occured\.\n</body></html>\n$| p/HAProxy http proxy/ v/before 1.3.1/ d/load balancer/ cpe:/a:haproxy:haproxy/
match http-proxy m|^HTTP/1\.0 502 Bad Gateway\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<html><body><h1>502 Bad Gateway</h1>\nThe server returned an invalid or incomplete response\.\n</body></html>\n$| p/HAProxy http proxy/ v/before 1.3.1/ d/load balancer/ cpe:/a:haproxy:haproxy/
match http-proxy m|^HTTP/1\.0 503 Service Unavailable\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<html><body><h1>503 Service Unavailable</h1>\nNo server is available to handle this request\.\n</body></html>\n$| p/HAProxy http proxy/ v/before 1.3.1/ d/load balancer/ cpe:/a:haproxy:haproxy/
match http-proxy m|^HTTP/1\.0 504 Gateway Time-out\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<html><body><h1>504 Gateway Time-out</h1>\nThe server didn't respond in time\.\n</body></html>\n$| p/HAProxy http proxy/ v/before 1.3.1/ d/load balancer/ cpe:/a:haproxy:haproxy/
match http-proxy m|^HTTP/1.0 401 Unauthorized\r\nCache-Control: no-cache\r\nConnection: close\r\nWWW-Authenticate: Basic realm=".*"\r\n\r\n<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n$| p/HAProxy http proxy/ v/before 1.3.1/ d/load balancer/ cpe:/a:haproxy:haproxy/
# Statuses 400, 401, 403, 408, 500, 502, 503, and 504 gained "Content-Type: text/html" in v1.3.1.
# http://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=791d66d3634dde12339d4294aff55a1aed7518e3;hp=b9e98b683612b29ef939c10d3d00be27de26534a
match http-proxy m|^HTTP/1\.0 400 Bad request\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html><body><h1>400 Bad request</h1>\nYour browser sent an invalid request\.\n</body></html>\n$| p/HAProxy http proxy/ v/1.3.1 or later/ d/load balancer/ cpe:/a:haproxy:haproxy/
match http-proxy m|^HTTP/1\.0 403 Forbidden\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules\.\n</body></html>\n$| p/HAProxy http proxy/ v/1.3.1 or later/ d/load balancer/ cpe:/a:haproxy:haproxy/
match http-proxy m|^HTTP/1\.0 408 Request Time-out\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html><body><h1>408 Request Time-out</h1>\nYour browser didn't send a complete request in time\.\n</body></html>\n$| p/HAProxy http proxy/ v/1.3.1 or later/ d/load balancer/ cpe:/a:haproxy:haproxy/
match http-proxy m|^HTTP/1\.0 500 Server Error\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html><body><h1>500 Server Error</h1>\nAn internal server error occured\.\n</body></html>\n$| p/HAProxy http proxy/ v/1.3.1 or later/ d/load balancer/ cpe:/a:haproxy:haproxy/
match http-proxy m|^HTTP/1\.0 502 Bad Gateway\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html><body><h1>502 Bad Gateway</h1>\nThe server returned an invalid or incomplete response\.\n</body></html>\n$| p/HAProxy http proxy/ v/1.3.1 or later/ d/load balancer/ cpe:/a:haproxy:haproxy/
match http-proxy m|^HTTP/1\.0 503 Service Unavailable\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html><body><h1>503 Service Unavailable</h1>\nNo server is available to handle this request\.\n</body></html>\n$| p/HAProxy http proxy/ v/1.3.1 or later/ d/load balancer/ cpe:/a:haproxy:haproxy/
match http-proxy m|^HTTP/1\.0 504 Gateway Time-out\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html><body><h1>504 Gateway Time-out</h1>\nThe server didn't respond in time\.\n</body></html>\n$| p/HAProxy http proxy/ v/1.3.1 or later/ d/load balancer/ cpe:/a:haproxy:haproxy/
match http-proxy m|^HTTP/1.0 401 Unauthorized\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=".*"\r\n\r\n<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n$| p/HAProxy http proxy/ v/1.3.1 or later/ d/load balancer/ cpe:/a:haproxy:haproxy/
# HTTP_407_fmt was added in v1.4-rc1.
# http://git.haproxy.org/?p=haproxy-1.4.git;a=commitdiff;h=844a7e76d2557364e6d34d00027f2fa514b9d855;hp=8c8bd4593c95f54cbe42bf204b943a159810a74e
match http-proxy m|^HTTP/1.0 407 Unauthorized\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\nProxy-Authenticate: Basic realm=".*"\r\n\r\n<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n$| p/HAProxy http proxy/ v/1.4.0 - 1.5.10/ d/load balancer/ cpe:/a:haproxy:haproxy/
# 200 changed in v1.5-dev7.
# http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=027a85bb03c5524e62c50e228412d9be403d7f98;hp=7c51a732f701f7d147e7b79d828f80612a0bfcbc
match http-proxy m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html><body><h1>200 OK</h1>\nService ready\.\n</body></html>\n$| p/HAProxy http proxy/ v/1.5.0 or later/ d/load balancer/ cpe:/a:haproxy:haproxy/
# 405 and 429 were added in v1.6-dev2.
# http://git.haproxy.org/?p=haproxy-1.6.git;a=commitdiff;h=108b1dd69d4e26312af465237487bdb855b0de60
match http-proxy m|^HTTP/1\.0 405 Method Not Allowed\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html><body><h1>405 Method Not Allowed</h1>\nA request was made of a resource using a request method not supported by that resource\n</body></html>\n$| p/HAProxy http proxy/ v/1.6.0 or later/ d/load balancer/ cpe:/a:haproxy:haproxy/
match http-proxy m|^HTTP/1\.0 429 Too Many Requests\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html><body><h1>429 Too Many Requests</h1>\nYou have sent too many requests in a given amount of time\.\n</body></html>\n$| p/HAProxy http proxy/ v/1.6.0 or later/ d/load balancer/ cpe:/a:haproxy:haproxy/
# HTTP_407_fmt changed in v1.5.10.
# http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b301654e237c358e892db32c4ac449b42550d79b;hp=211c2e901d0b83b6792d5ebdf207f8e70a299361
match http-proxy m|^HTTP/1\.0 407 Unauthorized\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\nProxy-Authenticate: Basic realm=".*"\r\n\r\n<html><body><h1>407 Unauthorized</h1>\nYou need a valid user and password to access this content\.\n</body></html>\n$| p/HAProxy http proxy/ v/1.5.10 or later/ d/load balancer/ cpe:/a:haproxy:haproxy/

match http-proxy m|^HTTP/1\.0 400\r\nContent-Type: text/html\r\n\r\n<html><head><title>Error</title></head><body>\r\n<h2>ERROR: 400</h2>\r\n<br>\r\n</body></html>\r\n$| p/Citrix Application Firewall/ d/firewall/
match http-proxy m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 3366\r\nPragma: no-cache\r\n\r\n.*<style>\r\n\r\nh1, p, a, body {font-family: Arial;}\r\n\r\nh2\r\n{\r\n\ttext-align: center; \r\n\tfont: bold 20px Verdana, sans-serif; \r\n\tcolor: #00F; \r\n}|s p/Integard filtering http proxy management interface/ d/proxy server/
match http-proxy m|^HTTP/1\.0 502 Bad gateway\r\n\r\nBurp proxy error: invalid client request received: first line of request did not contain an absolute URL - try enabling invisible proxy support\r\n$| p/Burp Suite Pro http proxy/
match http-proxy m|^HTTP/1\.0 502 Bad gateway\r\n\r\nBurp proxy error: Invalid client request received: First line of request did not contain an absolute URL - try enabling invisible proxy support\r\n$| p/Burp Suite Pro http proxy/ v/1.5/
match http-proxy m|^HTTP/1\.1 401 Unauthorized\r\nServer: RabbIT proxy version ([\w._-]+)\r\nContent-type: text/html; charset=utf-8\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"([\w._-]+):\d+\"\r\n| p/RabbIT http proxy/ v/$1/ h/$2/
match http-proxy m|^HTTP/1\.1 403 Forbidden\r\nServer: Lusca/([\w._-]+)\r\n| p/Lusca http proxy/ v/$1/
match http-proxy m|^HTTP/1\.0 403 Access Denied\r\nConnection: close\r\n\r\n<html>The request you issued is not authorized for GoogleSharing\.\n| p/GoogleSharing http proxy/
match http-proxy m|^HTTP/1\.0 503\r\nServer: Charles\r\n| p/Charles http proxy/
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Via: http/1\.[01] ([\w._-]+) \(ApacheTrafficServer[^)]*\)\r\nServer: ATS/([\w._-]+)\r\n|s p/Apache Traffic Server/ v/$2/ h/$1/ cpe:/a:apache:traffic_server:$2/
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Via: http/1\.[01] ([\w._-]+) \(ApacheTrafficServer[^)]*\)\r\nServer: ATS\r\n|s p/Apache Traffic Server/ h/$1/ cpe:/a:apache:traffic_server/
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ATS/([\w._-]+)\r\n|s p/Apache Traffic Server/ v/$1/ cpe:/a:apache:traffic_server:$1/
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ATS\r\n|s p/Apache Traffic Server/ cpe:/a:apache:traffic_server/
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Via: http/1\.1 ([\w._-]+) \([^\)]+ \[c[M ]s[S ]f \]\)\r\nServer: [^/]+/([\d.]+)\r\n|s p/Apache Traffic Server/ v/$2/ h/$1/ cpe:/a:apache:traffic_server:$2/
match http-proxy m|^HTTP/1\.0 200 OK\r\nACCEPT-RANGES: none\r\n\r\n<html><head><Title>SecTitan&#153; Reverse Proxy</title></head><body><center><h1>Error 107</h1>Invalid Request!<br><b>SecTitan&#153; Reverse Proxy ([\w._-]+)</b><br>Copyright &copy; \d+ Bestellen Software, LLC All rights reserved\.</center></body></html>| p/Bestellen SecTitan reverse http proxy/ v/$1/
match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nServer: Varnish\r\n| p/Varnish/ cpe:/a:varnish-cache:varnish/
match http-proxy m|^HTTP/1\.0 503 Internal Error\r\nServer: awarrenhttp/([\w._-]+)\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD>\n<TITLE>ERROR: The requested URL could not be retrieved</TITLE>\n</HEAD><BODY>\n<H1>ERROR</H1>\n<H2>The requested URL could not be retrieved</H2>| p/awarrenhttp http proxy/ v/$1/
match http-proxy m|^HTTP/1\.0 404 No service found\r\nDate: .*\r\nServer: ACE XML Gateway\r\nContent-Type: text/plain\r\nConnection: close\r\nContent-Length: 30\r\n\r\nNo service matched the request| p/Cisco Application Control Engine XML gateway/ d/load balancer/ cpe:/a:cisco:application_control_engine_software/
match http-proxy m|^HTTP/1\.0 403 Request error by HTTP PROXY\r\nContent-Type: text/html\r\nProxy-Connection: close\r\nConnection: close\r\n\r\n<html><head><meta http-equiv=\"Content-Language\" content=\"en-us\"><title>Cisco ([\w._-]+)</title>| p/Cisco $1 http proxy/ d/firewall/
match http-proxy m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: PAW Server ([\w._-]+-android) \(Brazil/2\.0\)\r\n|s p/PAW http proxy/ v/$1/ d/phone/ o/Android/ cpe:/o:google:android/
match http-proxy m|^HTTP/1\.1 200 OK\r\nServer: NETLAB/([\w._-]+)\r\n| p/Cisco NETLab http proxy/ v/$1/
match http-proxy m|^HTTP/1\.1 400 Bad Request\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nProxy-Connection: close\r\nConnection: close\r\n.*<TITLE>P\xc3\xa1gina de Error invalid_request</TITLE>|s p/Blue Coat ProxySG firewall/ i/Spanish/ d/firewall/ cpe:/h:bluecoat:proxysg::::es/
match http-proxy m|^HTTP/1\.1 403 Bad Protocol\r\nContent-Type: text/html; charset=UTF-8\r\nCache-control: no-cache\r\nConnection: close\r\nProxy-Connection: close\r\n.*<title>I2P Warning: Non-HTTP Protocol</title>|s p/I2P http proxy/
match http-proxy m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: http:/index\.html\r\nWWW-Authenticate: Basic realm=\"([\w._-]+)\" \r\nServer: Repro Proxy Repro ([\w._-]+)/000000@SC-VPRABHU\r\n| p/Repro http proxy/ v/$2/ h/$1/
match http-proxy m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nAllow: GET, HEAD\r\nServer: Oracle-Web-Cache/11g \(([\w._-]+)\)\r\n| p/Oracle Web Cache http proxy/ v/$1/ cpe:/a:oracle:application_server_web_cache:$1/
match http-proxy m|^HTTP/1\.1 200 I'm sorry, Dave\. I'm afraid I can't work without a host header\.\r.*\nServer: Haste\r\n|s p/Haste http proxy/ v/2.0/
match http-proxy m|^HTTP/1\.1 400 Bad Request\r\nServer: smartcds/([\w.]+)\r\n| p/SmartCDS http proxy/ v/$1/
match http-proxy m|^HTTP/1\.0 400 Bad request: request-line invalid\r\nContent-type: text/html; charset=\"utf-8\"\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r\n<html lang=\"en\" xml:lang=\"en\" xmlns=\"http://www\.w3\.org/1999/xhtml\">\r\n  <head>\r\n    <title>Request denied by WatchGuard HTTP Proxy</title>| p/WatchGuard http proxy/
match http-proxy m|^HTTP/1\.0 400 Bad request: request-line invalid\r\nContent-type: text/html; charset="iso-8859-1"\r\n\r\n<html>\r\n<body>\r\n<h3> Request denied by WatchGuard HTTP proxy\. </h3>| p/WatchGuard http proxy/
match http-proxy m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Varnish: \d+\r.*\nVia: 1\.1 varnish\r\n|s p/Varnish http accelerator/ cpe:/a:varnish-cache:varnish/
match http-proxy m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Varnish\r.*\nX-Varnish: \d+\r\n|s p/Varnish http accelerator/ cpe:/a:varnish-cache:varnish/
match http-proxy m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Via: 1\.1 varnish-v(\d)\r\n|s p/Varnish http accelerator/ v/$1/ cpe:/a:varnish-cache:varnish:$1/
match http-proxy m|^HTTP/1\.0 403 Forbidden\r\nDate: .*\r\nServer: Microdasys-SCIP\r\nContent-Type: text/html\r\nContent-Length: 240\r\nConnection: close\r\n\r\n<HTML>.*<ADDRESS><A HREF=\"http://www\.websense\.com/\">Websense Content Gateway Proxy v([\w._-]+)</A>| p/Websense Content Gateway http proxy/ v/$1/ i/Microdasys SCIP ssl proxy/ cpe:/a:websense:websense_content_content_gateway:$1/
match http-proxy m|^HTTP/1\.0 403 Forbidden\r\nDate: .*\r\nServer: Microdasys-SCIP\r\n| p/Microdasys SCIP ssl proxy/
match http-proxy m|^HTTP/1\.1 400 Bad Request\r\nServer: mitmproxy ([\w._-]+)\r\nContent-type: text/html\r\nContent-Length: \d+\r\n| p/mitmproxy/ v/$1/
match http-proxy m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nServer: xxxx\r\nX-Frame-Options: SAMEORIGIN\r\nStrict-Transport-Security: max-age=31536000\r\nLocation: https:///webconsole/webpages/login\.jsp\r\n|
match http-proxy m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nServer: xxxx\r\n(?:X-Frame-Options: SAMEORIGIN\r\n(?:Strict-Transport-Security: max-age=\d+\r\n)?)?Location: https?://[^\r\n]+?/webpages/(?:myaccount/)?login\.jsp\r\nCache-Control: max-age=2592000\r\nExpires: .*\r\n(?:Vary: Accept-Encoding\r\n)?Content-Length: \d+\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n| p/Cyberoam captive portal/
match http-proxy m=^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-control: no-cache\r\nPragma: no-cache\r\nCache-control: no-store\r\n(?:X-Frame-Options: DENY\r\n)?\r\n<html><head><title>Burp Suite (Professional|Free Edition)</title>= p/Burp Suite $1 http proxy/ cpe:/a:portswigger:burp_suite:::$1/
match http-proxy m%^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-control: no-cache, no-store\r\nPragma: no-cache\r\nX-Frame-Options: DENY\r\nContent-Type: text/html; charset=utf-8\r\nX-Content-Type-Options: nosniff\r\n\r\n<html><head><title>Burp Suite (Professional|Free Edition)% p/Burp Suite $1 http proxy/ cpe:/a:portswigger:burp_suite:::$1/
match http-proxy m|^HTTP/1\.0 400 Bad request received from client\r\nProxy-Agent: Seeks proxy ([\w._-]+)\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\nBad request\. Seeks proxy was unable to extract the destination\.\r\n| p/Seeks websearch proxy/ v/$1/
match http-proxy m|^HTTP/1\.1 500\r\nAlternate-Protocol: 443:quic\r\nVary: Accept-Encoding\r\nServer: Google Frontend\r\nCache-Control: private\r\nDate: Thu, 06 Feb 2014 14:10:57 GMT\r\nContent-Type: text/html\r\n\r\n\n    <html><head>\n    <meta http-equiv=\"content-type\" content=\"text/html;charset=utf-8\">\n    <title>502 Urlfetch Error</title>| p/GoAgent http proxy/ i/Google App Engine/
match http-proxy m|^HTTP/1\.1 200 Document follows\r\nServer: IBM-PROXY-WTE/([\w._-]+)\r\n| p/IBM WebSphere Edge caching proxy/ v/$1/
match http-proxy m|^HTTP/1\.0 407 Proxy Authentication Required\r\nConnection: close\r\nProxy-Connection: close\r\nProxy-Authenticate: NTLM\r\nContent-Length: \d+\r\nContent-type: text/html\r\n\r\n<html><head><title>NTLM Authentication Failed</title></head><body><center><table border=0 cellpadding=5 width=65%><tr><td align=middle><!-- \.{525}--><table border=2 cellpadding=20 bgcolor=#C0C0C0><tr><td>NTLM Authentica| p/Smoothwall proxy/ i/NTLM authentication/
match http-proxy m|^HTTP/1\.1 400 Received invalid request from Client\r\nDate: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html; charset=\"UTF-8\"\r\nContent-Length: \d+\r\nAccept-Ranges: none\r\nProxy-Connection: close\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">\n<html>\n  <head>\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n    <title>The requested URL could not be retrieved</title>| p|Sophos/Astaro UTM gateway| d/security-misc/ cpe:/a:astaro:security_gateway_software/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nContent-Type: application/json; charset=UTF-8\r\nContent-Length: 84\r\n\r\n{\"fault\":{\"faultstring\":\"\\\"Missing Host header\\\"\",\"detail\":{\"code\":\"MISSING_HOST\"}}}| p/Apigee API proxy/
match http-proxy m|^HTTP/1\.0 400 badrequest\r\nVia: 1\.0 ([\w.-]+) \(McAfee Web Gateway ([\w._-]+)\)\r\nConnection: Close\r\n| p/McAfee Web Gateway/ v/$2/ i/Via $1/ cpe:/a:mcafee:web_gateway:$2/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: 113\r\nDate: .*\r\nExpires: 0\r\n\r\n<html>\n<head><title>Error 400: Bad Request</title></head>\n<body>\n<h1>Error 400: Bad Request</h1>\n</body>\n</html>\n| p/Mikrotik HotSpot http proxy/
match http-proxy m|^HTTP/1\.0 400 Host Required In Request\r\nDate: .*\r\nConnection: close\r\nCache-Control: no-store\r\nContent-Type: text/html\r\nContent-Language: en\r\nContent-Length: \d+\r\n\r\n<HTML>\n<HEAD>\n<TITLE>Host Header Required</TITLE>\n</HEAD>\n\n<BODY BGCOLOR=\"white\" FGCOLOR=\"black\">\n<H1>Host Header Required</H1>\n<HR>\n\n<FONT FACE=\"Helvetica,Arial\">| p/Cyberoam UTM http proxy/
match http-proxy m|^HTTP/1\.1 504 Gateway Timeout\r\nContent-Length: 15\r\nContent-Type: text/plain;\r\n\r\nZAP Error: null| p/OWASP Zed Attack Proxy/
match http-proxy m|^HTTP/1\.1 502 Bad Gateway\r\nContent-Length: \d+\r\nContent-Type: text/plain; charset=UTF-8\r\n\r\nZAP Error \[java\.net\.UnknownHostException\]: null| p/OWASP Zed Attack Proxy/
match http-proxy m|^HTTP/1\.0 502\r\nContent-type: text/html\r\nContent-length: \d+\r\nproxy-Connection: close\r\n\r\n<html>\r\n<head>\r\n\t<title>Spybot - Connection refused</title>\r\n| p/Spybot Search & Destroy/ o/Windows/ cpe:/a:safer-networking:spybot_search_and_destroy/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 407 Proxy Authentication Required\r\nContent-Length: 36\r\nContent-Type: text/html; charset=UTF-8\r\naw-error-code: 1\r\n\r\nMissing \[Proxy-Authorization\] header| p/AirWatch Mobile Access Gateway/ d/proxy server/ cpe:/a:airwatch:mobile_access_gateway/
match http-proxy m|^HTTP/1\.1 407 Proxy Authentication Required\r\naw-error-code: 1\r\n\r\n$| p/AirWatch Mobile Access Gateway/ d/proxy server/ cpe:/a:airwatch:mobile_access_gateway/
match http-proxy m|^HTTP/1\.0 404 Not Found\r\nServer: Traffic Manager ([\w._-]+)\r\nDate: .*\r\nCache-Control: no-store\r\nPragma: no-cache\r\nContent-type: application/x-ns-proxy-autoconfig\r\n| p/Apache Traffic Server/ v/$1/ d/proxy server/ cpe:/a:apache:traffic_server:$1/
# version 10.2.4
match http-proxy m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nConnection: close\r\nPragma: no-cache\r\nContent-Length: \d+\r\n\r\n<html><head><title>Request Rejected</title></head><body>The requested URL was rejected\. Please consult with your administrator\.<br><br>Your support ID is: \d+</body></html>| p/F5 BIG-IP Application Security Module/ d/load balancer/
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nMime-Version: 1\.0\r\nDate: .*\r\nVia: 1\.0 ([\w.-]+):\d+ \(Cisco-WSA/([\w._-]+)\)\r\n| p/Cisco Web Security Appliance/ i/Gateway Timeout/ o/AsyncOS $2/ h/$1/ cpe:/o:cisco:asyncos:$2/
match http-proxy m|^HTTP/1\.1 \d\d\d [^\r\n]+\r\nDate: [^\r\n]+\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html; charset="UTF-8"\r\nContent-Length: \d+\r\nAccept-Ranges: none\r\nConnection: close\r\n\r\n.*href="http://passthrough\.fw-notify\.net/|s p/Sophos UTM http proxy/ d/security-misc/ cpe:/a:sophos:unified_threat_management/
match http-proxy m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nServer: xxxx\r\nLocation: http:///httpclient\.html\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n| p/Cyberoam captive portal/
match http-proxy m|^HTTP/1\.1 403 No Protocol\r\nX-Hola-Error: No Protocol\r\nDate: .*\r\nConnection: close\r\n\r\n$| p/Hola VPN http-proxy/ cpe:/a:hola:hola/
match http-proxy m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Traffic Inspector HTTP/FTP/Proxy server \(([\d.]+)\)\r\n|s p/Traffic Inspector http proxy/ v/$1/ o/Windows/ cpe:/a:smart-soft:traffic_inspector:$1/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 404 Not Found\r\nServer: Sucuri/Cloudproxy\r\nDate: .* GMT\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\nETag: "[a-f\d-]+"\r\n\r\n<!DOCTYPE html>\n\n<html lang="en">\n\n| p/Sucuri CloudProxy/
match http-proxy m|^HTTP/1\.0 30[12] .*\r\nLocation: https?:///[^\r\n]*\r\nServer: LBaaS\r\n| p/OpenStack Neutron LBaaS load balancer/ cpe:/a:openstack:neutron-lbaas/
match http-proxy m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nContent-Length: \d+\r\nEtag: "[a-f\d]{40}"\r\nContent-Type: text/html; charset=UTF-8\r\nServer: Protegrity Cloud Gateway ([\d.]+)\r\n\r\nProtegrity Cloud Gateway ([\w._-]+)<BR>| p/Protegrity Cloud Gateway/ v/$1/ h/$2/ cpe:/a:protegrity:cloud_gateway:$1/
match http-proxy m|^HTTP/1\.1 502 Bad Gateway\r\n(?:[^\r\n]+\r\n)*?\r\n<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2\.0//EN">\r\n<html>\r\n<head><title>502 Bad Gateway</title></head>\r\n<body bgcolor="white">\r\n<h1>502 Bad Gateway</h1>\r\n<p>The proxy server received an invalid response from an upstream server\. Sorry for the inconvenience\.<br/>\r\nPlease report this message and include the following information to us\.<br/>\r\nThank you very much!</p>\r\n<table>\r\n<tr>\r\n<td>URL:</td>\r\n<td>[^<]*</td>\r\n</tr>\r\n<tr>\r\n<td>Server:</td>\r\n<td>([^<]+)</td>\r\n</tr>\r\n<tr>\r\n<td>Date:</td>\r\n<td>[^<]+</td>\r\n</tr>\r\n</table>\r\n<hr/>Powered by Tengine</body>\r\n</html>\r\n$|s p/Tengine http proxy/ h/$1/ cpe:/a:alibaba:tengine/
match http-proxy m|^HTTP/1\.0 404 Not Found\r\nServer: BigIP\r\nConnection: close\r\n| p/F5 BIG-IP load balancer/ d/load balancer/
match http-proxy m|^HTTP/1\.0 503 Service Unavailable\r\nContent-Type: text/html\r\nContent-Length: 5\d\r\nExpires: now\r\nPragma: no-cache\r\nCache-control: no-cache,no-store\r\n\r\nThe service is not available\. Please try again later\.| p/Pound http reverse proxy/ cpe:/a:apsis:pound/
match http-proxy m|^HTTP/1\.0 302 Found\r\nLocation: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html><head><title>Redirect</title></head><body><h1>Redirect</h1><p>You should go to <a href="[^"]+">here</a></p></body></html>| p/Pound http reverse proxy/ cpe:/a:apsis:pound/
match http-proxy m|^HTTP/1\.0 501 Not Implemented\r\nContent-Type: text/html\r\nContent-Length: 2\d\r\nExpires: now\r\nPragma: no-cache\r\nCache-control: no-cache,no-store\r\n\r\nThis method may not be used\.| p/Pound http reverse proxy/ cpe:/a:apsis:pound/
match http-proxy m|^HTTP/1\.0 403 Forbidden\r\nConnection: close\r\nContent-Length: 51\r\nContent-type: text/html\r\n\r\nAccess denied: authentication configuration missing| p/Smoothwall http proxy/ d/firewall/ cpe:/o:smoothwall:smoothwall/
match http-proxy m|^HTTP/1\.1 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic realm="Hola Unblocker"\r\nDate: .*\r\nConnection: close\r\n\r\n| p/Hola Unblocker http proxy/
match http-proxy m|^HTTP/1\.1 400 Bad Request\r\nContent-Length: 21\r\nContent-Type: text/html; charset=utf-8\r\nVia: 1\.1 ([\w.-]+)\r\nDate: .*\r\n\r\nBad Request to URI: /| p/LittleProxy http proxy/ h/$1/ cpe:/a:adamfisk:littleproxy/

match http-proxy m|^HTTP/1\.0 200 OK\r\n\r\n$| p/sslstrip/

# No info on what this is yet
softmatch http-proxy m|^HTTP/1\.1 400 Bad request\r\nContent-Length: 53\r\nContent-Type: text/html\r\n\r\nCan't do transparent proxying without a Host: header\.|

softmatch http-proxy m|^HTTP/1.[01] 407 | i/proxy authentication required/
softmatch http-proxy m|^HTTP/1.[01] 502 | i/bad gateway/

match hnap m|^HTTP/1\.[01] *200 OK.*\r\n\r\n<\?xml.*<soap:Envelope.*<(?:\w+:)?Type>([^<]+)</(?:\w+:)?Type>.*<(?:\w+:)?VendorName>([^<]+)</(?:\w+:)?VendorName>.*<(?:\w+:)?ModelName>([^<]+)</(?:\w+:)?ModelName>.*<(?:\w+:)?FirmwareVersion>([^<]+)</(?:\w+:)?FirmwareVersion>|s p/$2 HNAP/ v/$4/ i/device: $1; model: $3/

# http://www.everyhue.com/vanilla/discussion/112/other-open-ports-on-the-bridge/p1
match hue-link m|^GET  HTTP1\.0\n\n$| p|Philips Hue link/debug|

# http://foolscap.lothar.com/
match foolscap m|^HTTP/1\.1 500 Internal Server Error: internal server error, see logs\r\n\r\n| p/foolscap RPC/

match icontrolav2 m|^E04\r\n$| p/Pioneer iControlAV2 control port/ d/media device/

# Also "Zimbra Network edition 6.0 IMAP server."
match imap-proxy m|^\* OK IMAP4 ready\r\nGET BAD invalid command\r\n| p/nginx imap proxy/
match imap-proxy m|^\* OK IMAP4rev1 proxy server ready\r\nGET BAD invalid command\r\n| p/Zimbra imapd/

match magent m|^Agent Ready\.\.\.\r\n| p/MicroWorld mwagent.exe/ o/Windows/ cpe:/o:microsoft:windows/a
match magent m|^Agent Ready\.\.\.\r\nGET / HTTP/1\.0\r\n\r\nGET 501 command not implemented ERROR\r\n| p/MicroWorld mwagent.exe/ o/Windows/ cpe:/o:microsoft:windows/a
match magent m|^Agent Ready v([\w._]+)+\.\.\.(?:\[[\w._-]+\])\r\nGET / HTTP/1\.0 501 command not implemented ERROR\r\n 501 command not implemented ERROR\r\n| p/MicroWorld mwagent.exe/ v/$1/ i/eScan antivirus management console/ o/Windows/ cpe:/o:microsoft:windows/a

match mapreduce m|name:\x20mapreduce\r\nversion:\x20(.+)\r\n\r\n| p/Hadoop MapReduce/ v/$1/ cpe:/a:hadoop:mapreduce:$1/
match mas-financial m|^409 Invalid Protocol PVXAS/1\.0\r\n| p/MAS200 Financial System/ o/Windows/ cpe:/o:microsoft:windows/a
match mas-financial m|^The Host cannot run the specified program\.$| p/MAS200 Financial System/ o/Windows/ cpe:/o:microsoft:windows/a

match mep m|^\x10\0\0\0\xa5\xa5\0\0.\0`\x01\0\0\0\0|s p/Citrix NetScaler Metric Exchange Protocol/ d/load balancer/

# Expect MassTransit will also match with some variation.
match mtap m|^WATSON!WATSON!\x13Tx\xa3\xfee\xc0\x9b\0\0\0\x01\0\0\0\0\0\0\0\0\0v\0\0\0\0\x84\x84\0\x02\0\x13\0\xd9\0\0\0\x16\x13Virtual Network ([\d.]+)\0| p/Adobe Virtual Network/ v/$1/ cpe:/a:adobe:virtual_network:$1/

# Another implementation (Bukkit?) with the same matchline doesn't respond to GetRequest.
match minecraft m|^\xff\0\x0e\0P\0r\0o\0t\0o\0c\0o\0l\0 \0e\0r\0r\0o\0r$| p/Spigot Minecraft game server/

# http://www.mobilemouse.com/
match mobilemouse m|^HTTP/1\.0 200 OK \r\nServer: Mobile Air Mouse Server\r\n.*>The Mobile Air Mouse server running on \"([\w._-]+)\"|s p/Mobile Air Mouse server/ h/$1/

# https://en.wikipedia.org/wiki/Modbus
match modbus m|^GET [\0/]\x03H\xd4[\x01-\x03]| p/Modbus TCP/
match modbus m|^GET [\0/]\x03H\xd4[\x0a-\x0b]| p/Modbus TCP/ i/gateway/
match modbus m|^GE\0\0\0\x03H\xd4[\x01-\x03]| p/Modbus TCP/
match modbus m|^GE\0\0\0\x03H\xd4[\x0a-\x0b]| p/Modbus TCP/ i/gateway/

# In 2.5.1, the HTTP server was disabled by default
softmatch mongodb m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/plain\r\nContent-Length: 116\r\n\r\nYou are trying to access MongoDB on the native driver port\. For http diagnostic access, add 1000 to the port number\n| p/MongoDB/ v/2.5.0 or earlier/ cpe:/a:mongodb:mongodb/
softmatch mongodb m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/plain\r\nContent-Length: 84\r\n\r\nIt looks like you are trying to access MongoDB over HTTP on the native driver port\.\n| p/MongoDB/ v/2.5.1 or later/ cpe:/a:mongodb:mongodb/

match motorola-devmgr m|^GET / HT\xff\xff\xff\xff$| p/Motorola Device Manager/ cpe:/a:motorola:device_manager/

match mrtgext-nlm m|^-1\n-1\n-1\n$| p/Novell NetWare MRTGEXT NLM Statistics/ o/NetWare/ cpe:/o:novell:netware/a

match msn m|^{?Syntax Error : GET / HTTP/1\.0}? error\r\n$| p/amsn/
match msn m|^{?Erreur de syntaxe : GET / HTTP/1\.0}? error\r\n$| p/amsn/ i/French/
match msn m|^{? ?Erro de sintaxe : GET / HTTP/1\.0}? error\r\n$| p/amsn/ i/Portugese/
match msn m|^{?Errore di sintassi : GET / HTTP/1\.0}? error\r\n$| p/amsn/ i/Italian/

# http://www.icbevr.com/ibank/ibank2/
# byte 8 is a counter, so \x18 in byte 7 may also increment?
match ibank2 m|^\x02\0\0\x01E\(\x18.{25}$|

match icap m|^ICAP/1\.0 501 Method not implemented.*\r\nServer: IronNet/([\d.]+)\r\n\r\n|s p/IronNet Compliance Application/ v/$1/
match icap m|^ICAP/1\.0 501 Method not implemented.*\r\nService: ProxyAV AV scanner ([^\r\n]+)\r\n|s p/Blue Coat ProxyAV/ v/$1/
match icap m|^ICAP/1\.0 501 Other\r\nServer: Traffic Spicer ([\d.]+)\r\n| p/Traffic Spicer icapd/ v/$1/
match icap m|^ICAP/1\.0 501 Method not implemented\r\nConnection: close\r\n\r\n$| p/Symantec DLP Web Prevent icapd/
match icap m|^ICAP/1\.0 400 Bad request\r\nServer: C-ICAP/([\w._-]+)\r\nConnection: close\r\n\r\n$| p/C-ICAP/ v/$1/
softmatch icap m|^ICAP/1\.0 \d\d\d |

# gidentd 0.4.5 on Linux 2.4.X
match ident m|^0, 0 : ERROR : INVALID-PORT\r\n$| p/gidentd/
match ident m|^GET / HTTP/1\.0 : USERID : UNIX : ([-.\w]+)\r\n : USERID : UNIX : [-.\w]+\r\n| p/Nullidentd/ i/Claimed user: $1/
match ident m|^GET / HTTP/1\.0 : USERID : UNIX : ([-.\w]+)\r\n$| p/Liedentd/ i/Claimed user: $1/
# pidentd 2.81
match ident m|^0 , 0 : ERROR : X-INVALID-REQUEST\r\n$| p/pidentd/
# pidentd 3.1a25 on Linux 2.4.20 (SuSE 8.2)
match ident m|^GET : ERROR : UNKNOWN-ERROR\r\n$| p/pidentd/
match ident m|^0, 0 : ERROR : INVALID-AUTH-REQ-INFO : CAPABILITY=USER-INTERACTION : AUTH-MECH=KEBEROS_V4\r\n$| p/Stanford PC-leland identd/
# fair-identd-20000201
# pidentd-2.8.5-3
match ident m|^0 , 0 : ERROR : UNKNOWN-ERROR\r\n$| p/pidentd/ i/could be fair-identd/
# identd 1.1 on Linux 2.4.21
# linux-identd 1.2 - http://www.fukt.bth.se/~per/identd
match ident m|^GET / HTTP/1\.0 : ERROR : INVALID-PORT\r\n : ERROR : INVALID-PORT\r\n$| p/Linux-identd/ o/Linux/ cpe:/o:linux:linux_kernel/a
# HP-UX ident
match ident m|^0 , 0 : ERROR : INVALID-PORT\r\n| p/HP-UX identd/ o/HP-UX/ cpe:/o:hp:hp-ux/a
match ident m|^GET / HTTP/1\.0 : USERID : UNIX : [^\r\n]+\r\n| p/KVIrc fake identd/

# uw-imap 2003debian0.0304182231-1
match imap m|^\* OK \[CAPABILITY IMAP4REV1 X-NETSCAPE LOGIN-REFERRALS STARTTLS LOGINDISABLED\] \[[-.\w]+\] IMAP4rev1 200[-.\w]+ at .*\r\nGET BAD Command unrecognized/login please: /\r\n\* BAD Null command\r\n| p/UW imapd/ cpe:/a:uw:imap_toolkit/
match imap m|^\* OK \[[-.+\w]+\] IMAP4rev1 v1(\d[-.\w]+) server ready\r\n| p/UW imapd/ v/1$1/ cpe:/a:uw:imap_toolkit:1$1/
match imap m|^\* OK ([-.+\w]+) IMAP4rev1 v1(\d[-.\w]+) server ready\r\n| p/UW imapd/ v/1$2/ h/$1/ cpe:/a:uw:imap_toolkit:1$2/
# gnu/mailutils imap4d 0.3.2 on Linux
match imap m|^\* OK IMAP4rev1\r\nGET BAD  Invalid command\r\n\* BAD  Null command\r\n$| p/GNU Mailutils imapd/ cpe:/a:gnu:mailutils/
# Cyrus IMAP 2.1.14
match ssl/imap m|^\* BYE Fatal error: tls_start_servertls\(\) failed\r\n$| p/Cyrus imapd/ cpe:/a:cmu:cyrus_imap_server/
match imap m|^\* OK ([-\w_.]+)\r\nGET BAD Error in IMAP command received by server\.\r\n\* BAD Error in IMAP command received by server\.\r\n| p/Dovecot imapd/ h/$1/ cpe:/a:dovecot:dovecot/
match imap m|^\* OK .*\r\nGET BAD Error in IMAP command received by server\.\r\n\* BAD Error in IMAP command received by server\.\r\n| p/Dovecot imapd/ cpe:/a:dovecot:dovecot/
# Too general -- also matches Cyrus imapd 2.3.9.
# match imap m|^\* OK .*\r\nGET BAD Please login first\r\n| p/Dovecot imapd/ i/auth required/ cpe:/a:dovecot:dovecot/
match imap m|^\* OK IMAP4 IMAP4rev1 Server\r\nGET BAD Unrecognised Command\r\n| p/Floosietek FTgate imapd/
match imap m|^\* OK IMAP4r1 server \[([-\w_.]+)\] ready\r\nGET BAD Protocol Error: \"Unidentifiable command specified\"\.\r\n\* BAD Protocol Error: \"Tag not found in command\"\.\r\n| p/Microsoft Exchange imapd/ i/Version masked/ o/Windows/ h/$1/ cpe:/a:microsoft:exchange_server/ cpe:/o:microsoft:windows/a
match imap m|^\* OK IMAP4rev1 server ready at \d\d/\d\d/\d\d \d?\d:\d\d:\d\d\r\nGET BAD UNKNOWN Command\r\n\r\n BAD UNKNOWN Command\r\n| p/MailEnable imapd/ o/Windows/ cpe:/a:mailenable:mailenable/ cpe:/o:microsoft:windows/a
match imap m|^\* OK IMAP4rev1 server ready\r\nGET BAD Unknown command '/'\r\n BAD Unknown command ''\r\n| p/Kerio imapd/
match imap m|^\* OK Gimap ready for requests from [\d\.]+ ([\w\d]+)| p/Google Gmail imapd/ i/$1/
match imap m|^\* OK .*IMAP4rev1 Server Completed\r\nGET BAD Protocol Error: Invalid IMAP command specified\r\n| p/Cisco imapd/
# embyte
match imap m|^\* OK  MailSite IMAP4 Server ([-.\w]+) ready| p/MailSite imapd/ v/$1/
match imap m|^\* OK ([\w._-]+) Welcome \(cimap\)\r\nGET BAD Invalid command \(/\)\r\n\* BAD - command line Insufficient tokens \(\)\r\n| p/SurgeMail imapd/ h/$1/ cpe:/a:netwin:surgemail/
match imap m|^GET NO Error in IMAP command received by server\.\r\n| p/cPanel Courier imapd/
match imap m|^\* OK .*\r\nGET BAD Unknown or NULL command\r\n BAD NULL COMMAND\r\n| p/hMailServer imapd/ o/Windows/ cpe:/o:microsoft:windows/a
match imap m|^\* OK ([\w._-]+)\r\nGET BAD Unknown or NULL command\r\n BAD NULL COMMAND\r\n| p/hMailServer imapd/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
match imap m|^\* OK \[CAPABILITY IMAP4rev1 [^]]*\]\r\nGET NO Error in IMAP command received by server\.\r\n\* NO Error in IMAP command received by server\.\r\n| p/Plesk Courier imapd/
match imap m|^\* OK \[CAPABILITY IMAP4rev1 [^]]*\] ([\w.-]+) server ready\r\nGET BAD Please login first\r\n\* BAD Invalid tag\r\n| p/Cyrus imapd/ h/$1/ cpe:/a:cmu:cyrus_imap_server/

match http m|^HTTP/1\.1 200 OK\r\nContent-Type: application/xml; charset=utf-8\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?><services xmlns:xsi=\"http://www\.w3\.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"http://www\.intersystems\.com/services/schema/2009\.2\"/>$| p/InterSystems Cache httpd/
match intermec-bri m|^ERR UNAVAILABLE\r\nOK>\r\nOK>\r\n| p/Intermec Basic Reader Interface/

# Server: CUPS/1.1
match ipp m|^HTTP/1\.0 \d\d\d .*<TITLE>Home - CUPS ([\d.]+)</TITLE>.*SUMMARY=\"Common UNIX Printing System|s p/CUPS/ v/$1/ cpe:/a:apple:cups:$1/
match ipp m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CUPS/([-\w_.]+)|s p/CUPS/ v/$1/ cpe:/a:apple:cups:$1/
match ipp m|^lpd \[@[-.\w]+\]: Host name for your address \([:.\d]+\) is not known\n$| p/CUPS/ cpe:/a:apple:cups/
match ipp m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: EPSON-IPP/([\d.]+)\r\nContent-Type: application/ipp\r\nContent-Length: \d+\r\n\r\n| p/Epson ippd/ v/$1/ d/print server/
match ipp m|^HTTP/1\.1 411 Length Required\r\nSERVER: EpsonNet IPP-SERVER/([\w._-]+)\r\nCONTENT-LENGTH: 0\r\n\r\n| p/Epson ippd/ v/$1/ i/AL-C2800 printer/ d/printer/
match ipp m|^HTTP/1\.0 404 Not Found\r\nCache-Control: no-cache\r\nDate: .*\r\nPragma: no-cache\r\nContent-Type: text/html\r\nContent-Length: 91\r\nServer: Web-Server/([\d.]+)\r\n\r\n<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD>\n<BODY><H1>404 Not Found</H1></BODY></HTML>\0| p/Web-Server httpd/ v/$1/ i/NRG copier or Ricoh Aficio printer http config/ d/printer/
match ipp m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 89\r\nServer: Web-Server/([\d.]+)\r\n\r\n<html><head><title>404 Not Found</title></head><body><h1>404 Not Found</h1></body></html>$| p/Web-Server httpd/ v/$1/ i/NRG copier or Ricoh Aficio printer http config/ d/printer/
match ipp m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: CANON HTTP Server Ver(\d[-.\w ]+)\r\n| p/Canon printer http config/ v/$1/
match ipp m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Canon Http Server (\d[-.\w ]+)\r\n| p/Canon printer http config/ v/$1/
match ipp m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><META HTTP-EQUIV=\"Content-type\" CONTENT=\"text/html; charset=iso-8859-1\">\r\n<TITLE>IBM Infoprint Color (\d+)</TITLE>| p/IBM Infoprint Color $1 ippd/ d/printer/ cpe:/h:ibm:infoprint_color_$1/
match ipp m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Virata-EmWeb/R([\w_]+)\r\nLocation: https://[\d.]+/\r\nContent-Type: text/html\r\nContent-Length: 90\r\n\r\nMoved\r\n| p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP Laserjet 4200TN http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:laserjet_4200tn/a
match ipp m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><META HTTP-EQUIV=\"Content-type\" CONTENT=\"text/html; charset=iso-8859-1\">\r\n<TITLE>Dell Laser Printer 1700n</TITLE>| p/Dell Laser Printer 1700n ippd/ d/printer/ cpe:/h:dell:1700n/
match ipp m|^HTTP/1\.0 \d\d\d .*<TITLE>Common UNIX Printing System</TITLE>.*HREF=\"http://www\.easysw\.com\" ALT=\"Easy Software Products Home Page\">\n|s p/Easy Software Products CUPS/
match ipp m|^<HEAD><TITLE>Not Found</TITLE></HEAD><BODY><H1><B>Not Found</B></H1><P>The requested URL \"\"was not found on this server\.</BODY>\r\n| p/Epson 980N Printer/ d/printer/ cpe:/h:epson:980n/a
match ipp m|^HTTP/1\.0 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\n(?:; charset=utf-8)?\r\nContent-Length: \d+\r\nCache-Control: (?:max-age=0, no-store, )?no-cache\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3\.2//EN">\n<HTML>\n<HEAD>\n<TITLE>Invalid Request</TITLE>\n</HEAD>\n\n<BODY BGCOLOR="#FFFFFF" TEXT="#000000">\n<CENTER>\n<FONT SIZE="\+2" COLOR="#FFFFFF" ALIGN="Center">\n</FONT>\n<B>Invalid Request\. Some Error</B>\n</BODY>\n\n</HTML>\n\n| p/Xerox or Samsung ipp/ d/printer/
match ipp m|^HTTP/1\.0 404 Not found\r\n\r\n404 Not found$| p/Xerox WorkCentre IPP/ d/printer/
match ipp m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nContent-Language: C\r\nUpgrade: TLS/1\.0,HTTP/1\.1\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 138\r\n\r\n<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested resource was not found on this server\.</BODY></HTML>\n| p/Thecus N5200 IPP/ d/storage-misc/ cpe:/h:thecus:n5200_nas_server/
match ipp m|^HTTP/1\.1 200 OK\r\nPragma: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><META HTTP-EQUIV=\"REFRESH\" CONTENT=\"0; URL=http://[\d.]+/\"></HEAD><BODY><P>For more printserver info please open the <A HREF=\"http://[\d.]+/\">[\d.]+</A> home page</BODY></HTML>$| p/Kyocera Mita KM-1530 IPP/ d/printer/ cpe:/h:kyocera:mita_km-1530/
match ipp m|^HTTP/1\.0 405 Method Not Allowed\r\nContent-Type: text/html\r\nCache-Control: public,max-age=86400\r\nPragma: cache\r\nExpires: .*\r\nDate: .*\r\nLast-Modified: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\n\r\n| p/Netia Spot ipp/ d/broadband router/
match ipp m|^HTTP/1\.0 200 OK\r\nContent-Type: text/plain; charset=UTF-8\r\n\r\nreturn_code=FCS9015\?error_text=This server does not support this API\.| p/PrinterOn Print Delivery Gateway ipp/ cpe:/a:printeron:print_delivery_gateway/
# Fuji Xerox DocuCentre-V C4475 T2
match ipp m|^HTTP/1\.0 301 Moved Permanently\r\nDate: .*\r\nPragma: no-cache\r\nLocation: http:///\r\nContent-Length: 109\r\nContent-Type: text/html\r\n\r\n<html><head><title>301 Moved Permanently</title></head>\t\t<body><h1>301 Moved Permanently</h1></body></html>\r\n| p/Fuji Xerox DocuCentre-V ipp/ d/printer/
match ipp m|^HTTP/1\.1 403 Forbidden\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 89\r\nServer: Web-Server/3\.0\r\n\r\n<html><head><title>403 Forbidden</title></head><body><h1>403 Forbidden</h1></body></html>| p/Ricoh Aficio printer ipp/ d/printer/
match ipp m|^HTTP/1\.1 400 Bad Request\r\nContent-Length: 29\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n 400 Bad Request from Browser| p/Konica Minolta BizHub C224e printer ipp/ d/printer/ cpe:/h:konicaminolta:bizhub_c224e/a

match irc m|^:Default-Chat-Community 421 \* GET :Unknown command\r\n| p/Microsoft Exchange 2000 Server Chat Service/ o/Windows/ cpe:/a:microsoft:exchange_server:2000/ cpe:/o:microsoft:windows/a
match irc m|^:([-\w_.]+) 451  :You have not registered your connection\r\n$| p/Wircsrv/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
match irc m|^ERROR :Closing Link: \[[^]]*\] \(HTTP command from IRC connection \(ATTACK\?\)\)\r\n| p/UnrealIRCd/ cpe:/a:unrealircd:unrealircd/
match irc m|^HTTP/1\.0 400 Wrong Port\r\nServer: ConferenceRoom/IRC (\d[\w._-]+)\r\n| p/WebMaster ConferenceRoom ircd/ v/$1/ cpe:/a:webmaster:conferenceroom:$1/

match ingrian-xml m|^<GenericError><Success>false</Success><FatalError>101</FatalError><ErrorString>Could not parse client request</ErrorString></GenericError>| p/Ingrian NAE XML daemon/ d/security-misc/

# Jabber 1.4.2
match jabber m|^<stream:stream xmlns:stream='http://etherx\.jabber\.org/streams' version='([\d.]+)'>| p/Jabber instant messaging server/ i/Protocol $1/ cpe:/a:jabberd:jabberd/
match jabber m|^<stream:stream version='([\d.]+)' from='[\w._-]+' xmlns:stream='http://etherx\.jabber\.org/streams'>| p/Jabber instant messaging server/ i/Protocol $1/ cpe:/a:jabberd:jabberd/

match jabber m|^<\?xml version='1\.0'\?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx\.jabber\.org/streams' id='none' from='([\w._-]+)' version='([\d.]+)'>| p/ejabberd/ i/Protocol $2/ h/$1/ cpe:/a:process-one:ejabberd/
match jabber m|^<\?xml version='1\.0'\?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx\.jabber\.org/streams' id='\d+' from='([\w._-]+)' version='([\d.]+)'>| p/ejabberd/ i/Protocol $2/ h/$1/ cpe:/a:process-one:ejabberd/
match jabber m|^<\?xml version='1\.0'\?><stream:stream xmlns:stream='http://etherx\.jabber\.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback'| p/ejabberd/ cpe:/a:process-one:ejabberd/
# ejabberd 16.12
match jabber m|^<\?xml version='1\.0'\?><stream:stream id='\d+' version='1\.0' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx\.jabber\.org/streams' xmlns='jabber:server'>| p/ejabberd/ cpe:/a:process-one:ejabberd/
match jabber m|^<\?xml version='1\.0'\?><stream:stream xmlns:stream='http://etherx\.jabber\.org/streams' xmlns='jabber:component:accept' id='none' from='([-\w_.]+)'><stream:error><xml-not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>| p/jit-transport jabber-ICQ transport/ h/$1/
match jabber m|^<stream:error>Invalid XML</stream:error>$| p/Jabber instant messaging server/ cpe:/a:jabberd:jabberd/
match jabber m|^<stream:error>Invalid XML</stream:error></stream:stream>$| p/Jabber instant messaging server/ cpe:/a:jabberd:jabberd/
match jabber m|^<stream:error><invalid-xml xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams' xml:lang='en'>Invalid XML</text></stream:error>| p/jabberd instant messaging server/ cpe:/a:jabberd:jabberd/
match jabber m|^<\?xml version=\"1\.0\"\?><stream:stream id=\"none\" from=\"([\w._-]+)\" xmlns=\"jabber:client\" xmlns:stream=\"http://etherx\.jabber\.org/streams\" version=\"1\.0\"><stream:error><xml-not-well-formed xmlns=\"urn:ietf:params:xml:ns:xmpp-streams\"/></stream:error></stream:stream>$| p/Facebook Chat XMPP/ h/$1/
match jabber m|^<\?xml version='1\.0'\?><stream:stream id='' xmlns:stream='http://etherx\.jabber\.org/streams' version='1\.0' xmlns='jabber:server'><stream:error><xml-not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>$| p/Prosody Jabber server/ v/0.7.0 or older/ cpe:/a:prosody:prosody/
match jabber m|^<\?xml version='1\.0'\?><stream:stream id='' xmlns:stream='http://etherx\.jabber\.org/streams' version='1\.0' xmlns='jabber:client'><stream:error><xml-not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>$| p/Prosody Jabber client/ v/0.7.0 or older/ cpe:/a:prosody:prosody/
# 0.8.0 changed "xml-not-well-formed" to "not-well-formed"
match jabber m|^<\?xml version='1\.0'\?><stream:stream id='' xmlns:stream='http://etherx\.jabber\.org/streams' version='1\.0' xmlns='jabber:server'><stream:error><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>$| p/Prosody Jabber server/ v/0.8.0 or newer/ cpe:/a:prosody:prosody/
match jabber m|^<\?xml version='1\.0'\?><stream:stream id='' xmlns:stream='http://etherx\.jabber\.org/streams' version='1\.0' xmlns='jabber:client'><stream:error><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>$| p/Prosody Jabber client/ v/0.8.0 or newer/ cpe:/a:prosody:prosody/
match jabber m|^<\?xml version='1\.0'\?><stream:stream xmlns:stream='http://etherx\.jabber\.org/streams' xmlns='jabber:client' version='1\.0' id=''><stream:error><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>$| p/Prosody Jabber client/ v/0.8.0 or newer/ cpe:/a:prosody:prosody/
match jabber m|^<\?xml version='1\.0'\?><stream:stream xmlns:stream='http://etherx\.jabber\.org/streams' xmlns='jabber:server' version='1\.0' id=''><stream:error><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>$| p/Prosody Jabber server/ v/0.8.0 or newer/ cpe:/a:prosody:prosody/
match jabber m|^<\?xml version='1\.0'\?><stream:stream xmlns:stream='http://etherx\.jabber\.org/streams' xml:lang='en' xmlns:db='jabber:server:dialback' xmlns='jabber:server'><stream:error><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>| p/Prosody Jabber server/ cpe:/a:prosody:prosody/
# 0.10
match jabber m|^<\?xml version='1\.0'\?><stream:stream xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx\.jabber\.org/streams' xml:lang='en' id='' xmlns='jabber:server'><stream:error><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>| p/Prosody Jabber server/ cpe:/a:prosody:prosody/
# empty id removed
match jabber m|^<\?xml version='1\.0'\?><stream:stream xmlns:stream='http://etherx\.jabber\.org/streams' xml:lang='en' xmlns='jabber:client'><stream:error><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>| p/Prosody Jabber client/ cpe:/a:prosody:prosody/
match jabber m|^<\?xml version='1\.0'\?><stream:stream xmlns:stream='http://etherx\.jabber\.org/streams' xml:lang='en' xmlns='jabber:server'><stream:error><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>| p/Prosody Jabber server/ cpe:/a:prosody:prosody/
# empty from and to attributes added
# 0.9.8
match jabber m|^<\?xml version='1\.0'\?><stream:stream xmlns:stream='http://etherx\.jabber\.org/streams' xml:lang='en' from='' xmlns:db='jabber:server:dialback' to='' xmlns='jabber:server'><stream:error><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>| p/Prosody Jabber server/ i/dialback/ cpe:/a:prosody:prosody/
match jabber m|^<\?xml version='1\.0'\?><stream:stream xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx\.jabber\.org/streams' xml:lang='en' from='' to='' xmlns='jabber:server'><stream:error><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>| p/Prosody Jabber server/ i/dialback/ cpe:/a:prosody:prosody/

match jabber m|^<\?xml version='1\.0'\?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx\.jabber\.org/streams' id='error-id'><stream:error><invalid-xml xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>| p/Isode M-Link Jabber client/ cpe:/a:isode:m-link/
match jabber m|^<\?xml version='1\.0'\?><stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx\.jabber\.org/streams' id='error-id'><stream:error><invalid-xml xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>| p/Isode M-Link Jabber server/ cpe:/a:isode:m-link/

match jabber m|^<\?xml version='1\.0' encoding='UTF-8'\?>\n<stream:stream xmlns='jabber:client' xmlns:stream='http://etherx\.jabber\.org/streams' from=\"\" version=\"1\.0\">\n<stream:features/>$| p/Empathy Jabber client/
match jabber m|^<\?xml version='1\.0'\?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx\.jabber\.org/streams' id='[0-9A-F]{16}' from='[^']*' version='1\.0'><stream:error><xml-not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>| p/MongooseIM/ cpe:/a:erlang-solutions:mongooseim/

match james-admin m|^JAMES Remote Administration Tool ([\d.]+)\nPlease enter your login and password\nLogin id:\n| p/JAMES Remote Admin/ v/$1/

match jicp m|^d\x08\x1c\0\0\0Uncorrect JICP data type: 71$| p/Jade Inter Container Protocol/

match olsrd-jsoninfo m|^{\n\"links\": \[[^]]*\]\n,\n\t\"neighbors\": \[[^]]*\]\n,\n\t| p/olsrd jsoninfo plugin/

match jxta m|^JXTAHELLO tcp://[\d.]+:\d+ tcp://[\d.]+:\d+ | p/JXTA P2P Collaboration daemon/

match kazaa-http m|^HTTP/1\.1 \d\d\d .*\r\nServer: giFT-FastTrack ([\d.]+)\r\nX-Kazaa-Username: giFTed\r\nX-Kazaa-Network: ([-.\w]+)\r\n| p/giFTed FastTrack P2P client/ v/$1/ i/network: $2/
match kazaa-http m|^HTTP/1\.1 \d\d\d .*\r\nServer: giFT-FastTrack ([\d.]+)\r\nX-Kazaa-Username: www\.k-lite\.com\.br\r\nX-Kazaa-Network: ([-.\w]+)\r\n| p/K-Lite FastTrack P2P client/ v/$1/ i/network: $2/

match kazaa-http m|^HTTP/1\.0 404 Not Found\r?\nX-Kazaa-Username: (\S+)\r\nX-Kazaa-Network: ([-.\w]+)\r\n| p/KaZaA P2P client/ i/username: $1; network: $2/
match kazaa-http m|^HTTP/1\.[01] 404 Not Found\r?\nServer: giFT-FastTrack ([\d.]+)\r\nX-Kazaa-Username: (\S+)\r\nX-Kazaa-Network: ([-.\w]+)\r\n| p/KaZaA P2P client/ v/$1/ i/username: $2; network: $3/

match kazaa-peerpoint m|^HTTP/1\.0 404 Not Found\n\r\n$| p/KaZaA P2P client Peer Point Manager/

match kdb m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 107\r\n\r\n<html><head><title></title><frameset cols=",\*"><frame src=\?><frame name=v src="\?"></frameset></head></html>| p/kdb+ http interface/ cpe:/a:kx_systems:kdb%2b/

match kerberos-sec m|^\0\0\0.~\x81.0\x81..\x03\x02\x01\x05.\x03\x02\x01\x1e.\x11\x18\x0f|s p/Mac OS X kerberos-sec/ o/Mac OS X/ cpe:/a:apple:kerberos:5/ cpe:/o:apple:mac_os_x/a

match lcdproc m|^huh\? Invalid command \"GET\"\n| p/LCDProc screen interface daemon/

match listserv m|^The file name you specified is invalid\. LISTSERV files have names like\r\n\"BOARD\.MINUTES\" or \"XYZ-L LOG9303\" \(without the quotes\)\.\r\n| p/LISTSERV Administration service/ cpe:/a:lsoft:listserv/

match loadrunner-vts m|^\x02\0\0\0\x84\0\$\0\x03\0\x08 \0\0\x06\0\x05\0\x15Wrong version: 71\x02\0\0\0\x81\0\x07| p/HP LoadRunner Virtual Table Server/ cpe:/a:hp:loadrunner/

softmatch lscp m|^ERR:0:syntax error, unexpected '/' \(line:1,column:5\)\.|

match megafillers m|^400 Unknown command\.\.\. Are you surprised\?\r\n$| p/MegaFillers game server/

match mogilefs m|^ERR unknown_command Unknown\+server\+command\r\n| p/MogileFS distributed filesystem/

match moneyworks m|^This is MoneyWorks; Server is on Windows\n$| p/MoneyWorks accounting software/ o/Windows/ cpe:/o:microsoft:windows/a

match mosmig m|^GET \0\0\0\0TP/1\.0\r\n$| p/OpenMosix Process Migration Service/ o/Linux/ cpe:/o:linux:linux_kernel/a

# MLDonkey 2.5
match napster m|^1INVALID REQUEST$| p/MLDonkey multi-network P2P client/
match napster m|^1$| p/WinMX or Lopster Napster P2P client/
match bittorrent-tracker m|^HTTP/1\.1 404 Not Found\r\nServer: MLdonkey\r\nConnection: close\r\nContent-Type: application/x-bittorrent\r\nContentlength: 0\r\n\r\n| p/MLDonkey multi-network P2P client/
match bittorrent-tracker m|^HTTP/1\.1 200 OK\r\nServer: MLdonkey/([\w._-]+)\r\nConnection: close\r\nContent-length: 53\r\n\r\nd14:failure reason31:Failure\(\"Incorrect filename 1\"\)e| p/MLDonkey multi-network P2P client/ v/$1/
match bittorrent-tracker m|^HTTP/1\.1 200 OK\r\nServer: MLdonkey\r\n| p/MLDonkey P2P client http config/
# Don't know the server name for this one. It's the same as the "your file may
# exist elsewhere in the universe\nbut alas, not here" under FourOhFourRequest.
match bittorrent-tracker m|^HTTP/1\.0 200 OK\r\n.*<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.1//EN\" \"http://www\.w3\.org/TR/xhtml11/DTD/xhtml11\.dtd\">\n<html><head><title>BitTorrent download info</title>\n<link rel=\"shortcut icon\" href=\"/favicon\.ico\">\n.*<strong>tracker version:</strong> ([\w._-]+)|s p/BitTornado tracker httpd/ v/$1/

match ndb_mgmd m|^result: Unknown command, 'GET / HTTP/1\.0'\n\n| p/MySQL cluster management server/ v/5.1/ cpe:/a:mysql:mysql:5.1/

# Original path was "/opt/openerp/server/bin/service/netrpc_server\.py\"
match net-rpc m|^     4041\(lp1\ncexceptions\nValueError\np2\n\(S\"invalid literal for int\(\) with base 10: 'GET / HT'\"\np3\ntp4\nRp5\naS'Traceback \(most recent call last\):\\n  File \"([\w._/-]+)/netrpc_server\.py\", line 69, in run\\n| p/OpenERP NET-RPC/ i/path: $1/ o/Unix/
match net-rpc m|^     5051\(lp1\ncexceptions\nException\np2\n\(Vinvalid literal for int\(\) with base 10: 'GET / HT'\np3\ntp4\nRp5\naS'Traceback \(most recent call last\):\\n  File \"([\w._/-]+)/netrpc_server\.py\", line 63, in run\\n| p/OpenERP NET-RPC/ i/path: $1/ o/Unix/

match netbios-ssn m|^\x83\0\0\x01\x82\x7c\x8f$|
match netwareip m|^\xfb\xff\xfe\xff\xfb\xff\xfe\xff\xfb\xff\xfe\xff$| p|Novell NetWare/IP| o/NetWare/ cpe:/o:novell:netware/a

match nimbud-netmon m|^nimbus/([\d.]+) \d+ \d+\r\nmtype| p/Nimsoft Nimbus network monitor/ v/$1/

match ntrip m|^SOURCETABLE 200 OK\r\nServer: NTRIP Caster ([\w._-]+)/([\w._-]+)\r\nContent-Type: text/plain\r\n| p/Ntrip Caster/ v/$1/ i/protocol $2/

match giop m|^GIOP\x01\0\x01\x06\0\0\0\0$| p/omniORB omniNames/ i/Corba naming service/

match obiee m|^\x0c\x01\0\0\x03\0\0\0\x84\0\0\0\[\0n\0Q\0S\0E\0r\0r\0o\0r\0:\0 \x001\x002\x000\x003\x003\0\]\0 \0A\0 \0c\0l\0i\0e\0n\0t\0 \0t\0r\0i\0e\0d\0 \0t\0o\0 \0c\0o\0n\0n\0e\0c\0t\0 \0t\0o\0 \0a\0 \0s\0e\0r\0v\0e\0r\0 \0t\0h\0a\0t\0 \0i\0s\0 \0n\0o\0t\0 \0o\0f\0 \0t\0h\0e\0 \0r\0i\0g\0h\0t\0 \0t\0y\0p\0e\0\.\0\n\0\[\0n\0Q\0S\0E\0r\0r\0o\0r\0:\0 \x004\x003\x001\x001\x003\0\]\0 \0M\0e\0s\0s\0a\0g\0e\0 \0r\0e\0t\0u\0r\0n\0e\0d\0 \0f\0r\0o\0m\0 \0O\0B\0I\0S\0\.\0| p/Oracle BI Server/

match oem-agent m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Connection: Close\r\nX-ORCL-EMSV: ([\d.]+)\r\n|s p/Oracle Enterprise Manager Agent httpd/ v/$1/ cpe:/a:oracle:enterprise_manager:$1/

match openerp m|^[ \d]{8}1\(lp1\ncexceptions\nException\np2\n\(Vinvalid literal for int\(\) with base 10: 'GET / HT'\np3\ntp4\nRp5\naS'Traceback \(most recent call last\):\\n  File \"(.*?)/openerp/service/netrpc_server\.py\", line 63, in run\\n    msg = ts\.myreceive\(\)\\n  File \".*?/openerp/tiny_socket\.py\", line 76, in myreceive\\n    size = int\(buf\)\\nValueError: invalid literal for int\(\) with base 10: \\'GET / HT\\'\\n'\np6\na\.| p/OpenERP/ v/6.1/ i/install path: $1/
match opinionsquare m|^HTTP/1\.0 505 HTTP Version not supported\r\n\r\n$| p/OpinionSquare application/

# http://documents.opto22.com/1465_OptoMMP_Protocol_Guide.pdf
match optommp m|^GET / P\0\0\0\0\0| p/OptoMMP/

# Oracle MTS Recovery Service 9.2.0.1 on Windows 2000 Professional
match oracle-mts m|^HTTP/1\.0 200 OK\r\nContent-length: 7\r\n\r\nunknown$| p/Oracle MTS Recovery Service/
# Windows 2003
match oracle-mts m|^HTTP/1\.0 400 Bad Request\r\nContent-length: 15\r\nContent-type: text/html\r\n\r\n400 Bad Request$| p/Oracle MTS Recovery Service/

match oracle-nm m|^-ERR Invalid command name 'GET'\r\n-ERR Invalid command name ''\r\n| p/Oracle WebLogic Server Node Manager/ cpe:/a:oracle:weblogic_server/

match oracle-vs m|^\(err \(type xen\.xend\.XendError\.XendError\) \(value 'Invalid operation: GET'\)\)\n$| p/Oracle Virtual Service Agent/ i/Xen/
match oracle-vs m|^\(err \(type \"<class 'xen\.xend\.XendError\.XendError'>\"\) \(value 'Invalid operation: GET'\)\)\n$| p/Oracle Virtual Service Agent/ i/Xen/

match ormi m|^\xe3\r\n\r\n\0\x01\0.\0vInvalid protocol verification, illegal ORMI request or request performed with an incompatible version of this protocol|s p/Oracle Remote Method Invocation/
match ormi m|^\xe3\r\n\r\n\0\x01\0\x03\x0b\0vInvalid protocol verification, illegal ORMI request or request performed with an incompatible version of this protocol| p/Oracle Remote Method Invocation/

match pcs-partner m|^notAuthenticated\n| p/SpliceCom PCS Partner Protocol/ d/VoIP phone/

match ssl/pop3 m|^-ERR \[SYS/PERM\] Fatal error: tls_start_servertls\(\) failed\r\n$| p/Cyrus pop3sd/ cpe:/a:cmu:cyrus_imap_server/
match ssl/pop3 m|^-ERR Fatal error: pop3s: required OpenSSL options not present\r\n| p/Cyrus pop3sd/ cpe:/a:cmu:cyrus_imap_server/
# Postgresql-server-7.3.2-3
match postgresql m|^EFATAL:  invalid length of startup packet\n\0$| p/PostgreSQL DB/ cpe:/a:postgresql:postgresql/
# Doesn't look like this line number has changed, but the file name may have.
match pgpool m|^E\0\0\0.S[^\0]+\0CXX000\0M[^\0]*\0D[^\0]*\0Fpcp_worker\.c\0L176\0\0| p/pgpool-II/ cpe:/a:pgpool:pgpool-ii/
match postgrey m|^action=dunno\n\n$| p/Postfix Greylist Daemon/
match powerchute m|^server=&type=0&id=&count=1&oid=[\d.]+&value=&error=4\n| p/APC Powerchute/ d/power-device/

match niprint m|^NIPrint received command: ET / HTTP/1\.0\r\.\r\nThis command is not in LPD specification, ignored\r\nNIPrint received command: \.\r\nThis command is not in LPD specification, ignored\r\n| p/Network Instruments NIPrint network analyzer/

match ratnj m|^0\0$| p/RatNJ C2 server/ i/malware/
match raop m|^RTSP/1\.0 401 Unauthorized\r\nServer: AirTunes/([\w._-]+)\r\nWWW-Authenticate: Digest realm=\"raop\" nonce=\"\w+\"\r\n\r\n$| p/Apple AirTunes RAOP/ v/$1/ i/Apple AirPort Express/ d/WAP/ cpe:/h:apple:airport_express/

match redis m|^-ERR wrong number of arguments for 'get' command\r\n$| p/Redis key-value store/

# Later EMC Retrospect, then Roxio Retrospect, then Retrospect, Inc. Retrospect
match retrospect m|^\0\xca\0\0\0\0\0\x04\0\0\0\0$| p/Dantz Retrospect/ v/6.0/ cpe:/a:dantz:retrospect:6.0/

# http://www.librelp.com/relp.html
match relp m|^0 serverclose 0\n$| p/Reliable Event Logging Protocol/

match rfidquery m|^Error 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\n$| p/Mercury3 RFID Query protocol/

softmatch rotctld m|^RPRT -1\n| p/Hamlib rotctld/

match rtsp m|^RTSP/1.0 400 Bad Request\r\nServer: DSS/([-.\w]+) \[(v\d+)]-(\w+)\r\n| p/DarwinStreamingServer/ v/$1/ i/$2 on $3/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: QTSS/([\d.]+ \[v\d+\]-Win32)\r\nCseq: \r\n| p/Apple QuickTime Streaming Server/ v/$1/ o/Windows/ cpe:/a:apple:quicktime_streaming_server:$1/ cpe:/o:microsoft:windows/a
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: QTSS/([\d.]+ \[\d+\]-Linux)\r\nCseq: \r\n| p/Apple QuickTime Streaming Server/ v/$1/ o/Linux/ cpe:/a:apple:quicktime_streaming_server:$1/ cpe:/o:linux:linux_kernel/a
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: QTSS/([\d.]+) \(Build/([\d.]+); Platform/MacOSX; ([^)]*); \)\r\n| p/Apple QuickTime Streaming Server/ v/$1 build $2/ i/$3/ o/Mac OS X/ cpe:/a:apple:quicktime_streaming_server:$1/ cpe:/o:apple:mac_os_x/a
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: QTSS/([\d.]+) \(Build/([\d.]+); Platform/MacOSX\)\r\n| p/Apple QuickTime Streaming Server/ v/$1 build $2/ o/Mac OS X/ cpe:/a:apple:quicktime_streaming_server:$1/ cpe:/o:apple:mac_os_x/a
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: QTSS/v([\d.]+)\r\nCseq: \r\nConnection: Close\r\n\r\n| p/Apple QuickTime Streaming Server/ v/$1/ cpe:/a:apple:quicktime_streaming_server:$1/

match rtsp m|^RTSP/1\.0 505 Protocol Version Not Supported\r\nDate: .*\r\nServer: WMServer/([\w._-]+)\r\n\r\n$| p/Microsoft Windows Media Services/ v/$1/ o/Windows/ cpe:/a:microsoft:windows_media_services:$1/a cpe:/o:microsoft:windows/a
match rtsp m|^RTSP/1\.0 505 Vers\xc3\xa3o do Protocolo sem Suporte\r\nDate: .*\r\nServer: WMServer/([\w._-]+)\r\n\r\n$| p/Microsoft Windows Media Services/ v/$1/ i/Portuguese/ o/Windows/ cpe:/a:microsoft:windows_media_services:$1:::pt/ cpe:/o:microsoft:windows/a
match rtsp m|^RTSP/1\.0 505 Vers\xc3\xa3o de protocolo n\xc3\xa3o suportada\r\nDate: .*\r\nServer: WMServer/([\w._-]+)\r\n\r\n$| p/Microsoft Windows Media Services/ v/$1/ i/Portuguese/ o/Windows/ cpe:/a:microsoft:windows_media_services:$1:::pt/ cpe:/o:microsoft:windows/a
match rtsp m|^RTSP/1\.0 505 Versi\xc3\xb3n del protocolo no compatible\r\nDate: .*\r\nServer: WMServer/([\w._-]+)\r\n\r\n$| p/Microsoft Windows Media Services/ v/$1/ i/Spanish/ o/Windows/ cpe:/a:microsoft:windows_media_services:$1:::es/ cpe:/o:microsoft:windows/a

match rtsp m|^RTSP/1\.0 505 RTSP Version not supported\r\nCseq: \d+\r\nServer: fbxrtspd/([\d.]+) Freebox minimal RTSP server\r\n\r\n| p/Freebox minimal rtspd/ v/$1/ d/media device/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nCseq: \d+\r\nServer: fbxrtspd/([\w._-]+) Freebox RTSP server\r\n| p/Freebox rtspd/ v/$1/ d/media device/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nDate: .*\r\nAllow: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, STATS\r\n\r\n| p/MediaPortal TV-Server rtspd/ d/media device/
match rtsp m|^HTTP/1\.0 401 Unauthorized\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\nWWW-Authenticate: Basic realm=\"server\r\nContent-Length: 166\r\n| p/Avtech MPEG4 DVR control rtspd/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nDate: .*\r\nallow: OPTIONS, DESCRIBE, SETUP, PLAY, TEARDOWN, SET_PARAMETER\r\n\r\n$| p/ACTi E32 webcam rtspd/ d/webcam/ cpe:/h:acti:e32/
match rtsp m|^HTTP/1\.0 503 Service Unavailable\r\nServer: GStreamer RTSP Server\r\nConnection: close\r\nCache-Control: no-store\r\nPragma: no-cache\r\nDate: .*\r\n\r\n$| p/GStreamer rtspd/
# Example i/Win32; Windows NT 6.1/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: Microsoft Application Virtualization Server/([\w._-]+) \[([^]]+)\]\r\nDate: .*\r\n\r\n| p/Microsoft Application Virtualization Server rtspd/ v/$1/ i/$2/ o/Windows/ cpe:/o:microsoft:windows/a
match rtsp m|^RTSP/1\.0 405 Method Not Allowed\r\nServer: Dahua Rtsp Server\r\nContent-Length: 0\r\nCSeq: 0\r\n\r\n| p/Dahua IP camera rtspd/ d/webcam/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nSERVER: HDHomeRun/1\.0\r\nCSeq: 0\r\n\r\n| p/SiliconDust HDHomeRun set top box rtspd/ d/media device/ cpe:/h:silicondust:hdhomerun/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nContent-length: 0\r\n\r\n| p/Weatherbug camera rtspd/ d/webcam/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nCSeq: 1\r\nServer: Hipcam RealServer/V([\d.]+)\r\n\r\nRTSP/1\.0 400 Bad Request\r\n| p/Hipcam IP camera rtspd/ v/$1/ d/webcam/
match rtsp m|^RTSP/1\.0 505 RTSP Version Not Supported\r\nServer: HIP([\d.]+)\r\n\r\n| p/2N Helios IP intercom rtspd/ v/$1/ cpe:/h:2n:helios_ip/
match rtsp m|^RTSP/1\.0 505 RTSP Version Not Supported\r\nConnection: Keep-Alive\r\n\r\n$| p/Panasonic AW-HE50 camera rtspd/ d/webcam/ cpe:/h:panasonic:aw-he50/
match rtsp m|^HTTP/1\.1 405 Method Not Allowed\r\nDate: .*\r\n\r\n\r\n$| p/DoorBird video doorbell rtspd/ d/webcam/
match rtsp m|^HTTP/1\.1 200 OK\r\nContent-Type: application/x-rtsp-tunnelled\r\nServer: H264DVR ([\d.]+)\r\nConnection: close\r\nCache-Control: private\r\n\r\n| p/H264DVR rtspd/ v/$1/ d/storage-misc/
match rtsp m|^RTSP/1\.0 505 RTSP Version Not Supported\r\nServer: ALi feng/([\w._-]+)\r\nDate: Week \d+, .* GMT\r\n\r\n| p/feng rtspd/ v/$1/ cpe:/a:lscube:feng:$1/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nCSeq: 0\r\nServer: Hipcam RealServer/V([\d.]+)\r\n\r\n| p/Hipcam RealServer rtspd/ v/$1/ d/webcam/
# draft-gentric-avt-rtsp-http-00
softmatch rtsp m|^HTTP/1\.[01] \d\d\d(?:[^\r\n]*\r\n(?!\r\n))*?Content-Type: application/x-rtsp-tunnelled|s

match sassafras m|^/0 0 ([-\w_.]+)\r\n/0 0 HUH\r\n| p/Sassafras Key Server/ h/$1/

match seti-proxy m|^HTTP/1\.0 200 OK\r\nServer: SetiQueue/(\d+)\r\n| p/SetiQueue SETI@Home proxy/ v/$1/
match shell m|^\x01INTERnet ACP Error  Status = %SYSTEM-F-TOOMUCHDATA\r\n\0$| p/OpenVMS shelld/ o/OpenVMS/ cpe:/o:hp:openvms/a

# SHOUTcast Distributed Network Audio: www.shoutcast.com
match icy m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/posix\(linux x[86][64]\) v([\w._-]+)<BR>\r\n.*icy-name:([^\r\n]*)\r\n.*icy-genre:([^\r\n]*)\r\n.*icy-url:([^\r\n]*)\r\n.*icy-br:(\d+)\r\n|s p/SHOUTcast server/ v/$1/ i/stream name: $2; genre: $3; URL: $4; bitrate: $5/ o/Linux/ cpe:/a:shoutcast:dnas:$1/a cpe:/o:linux:linux_kernel/a

match icy m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/Linux.v([\d.]+).*icy-name:(.*?)\r\n|s p/SHOUTcast server/ v/$1/ i/Name: $2/ o/Linux/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:linux:linux_kernel/a
match icy m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/win[36][24].v([\d.]+).*icy-name:(.*?)\r\n|s p/SHOUTcast server/ v/$1/ i/Name: $2/ o/Windows/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:microsoft:windows/a
match icy m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/SolarisSparc.v([\d.]+).*icy-name:(.*?)\r\n|s p/SHOUTcast server/ v/$1/ i/Name: $2/ o/Solaris/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:sun:sunos/a
match icy m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/FreeBSD.v([\d.]+).*icy-name:(.*?)\r\n|s p/SHOUTcast server/ v/$1/ i/Name: $2/ o/FreeBSD/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:freebsd:freebsd/a
match icy m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/posix.v([\d.]+).*icy-name:(.*?)\r\n|s p/SHOUTcast server/ v/$1/ i/Name: $2/ o/Unix/ cpe:/a:shoutcast:dnas:$1/
match icy m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/MacOS_X.v([\d.]+).*icy-name:(.*?)\r\n|s p/SHOUTcast server/ v/$1/ i/Name: $2/ o/Mac OS X/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:apple:mac_os_x/a
match icy m|^ICY 401 Service Unavailable\r\n.*SHOUTcast Distributed Network Audio Server/UNIX OS-3 v([\d.]+)| p/SHOUTcast server/ v/$1/ o/Unix/ cpe:/a:shoutcast:dnas:$1/

match icy m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/Linux.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/Linux/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:linux:linux_kernel/a
match icy m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/win[36][24].v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/Windows/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:microsoft:windows/a
match icy m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/SolarisSparc.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/Solaris/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:sun:sunos/a
match icy m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/FreeBSD.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/FreeBSD/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:freebsd:freebsd/a
match icy m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/posix.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/Unix/ cpe:/a:shoutcast:dnas:$1/

match icy m|^ICY \d\d\d .*SHOUTcast Distributed Network Audio Server/Linux.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/Linux/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:linux:linux_kernel/a
match icy m|^ICY \d\d\d .*SHOUTcast Distributed Network Audio Server/win[36][24].v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/Windows/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:microsoft:windows/a
match icy m|^ICY \d\d\d .*SHOUTcast Distributed Network Audio Server/SolarisSparc.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/Solaris/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:sun:sunos/a
match icy m|^ICY \d\d\d .*SHOUTcast Distributed Network Audio Server/FreeBSD.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/FreeBSD/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:freebsd:freebsd/a
match icy m|^ICY \d\d\d .*SHOUTcast Distributed Network Audio Server/posix.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/Unix/ cpe:/a:shoutcast:dnas:$1/

match icy m=^(?:HTTP/1\.0|ICY) \d\d\d .*\r\nicy-notice2:SHOUTcast DNAS/win[36][24] v([\d.]+)<BR>\r\n.*icy-name:(.*?)=s p/SHOUTcast Distributed Network Audio Server/ v/$1/ i/Name: $2/ o/Windows/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:microsoft:windows/a
match icy m=^(?:HTTP/1\.0|ICY) \d\d\d .*\r\nicy-notice2:SHOUTcast DNAS/posix\(linux x[86][64]\) v([\d.]+)<BR>\r\n.*icy-name:(.*?)=s p/SHOUTcast Distributed Network Audio Server/ v/$1/ i/Name: $2/ o/Linux/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:linux:linux_kernel/a
match icy m=^(?:HTTP/1\.0|ICY) \d\d\d .*\r\nicy-notice2:SHOUTcast DNAS/posix\(bsd\) v([\d.]+)<BR>\r\n.*icy-name:(.*?)=s p/SHOUTcast Distributed Network Audio Server/ v/$1/ i/Name: $2/ o/BSD/ cpe:/a:shoutcast:dnas:$1/
match icy m=^(?:HTTP/1\.0|ICY) \d\d\d .*\r\nicy-notice2:SHOUTcast DNAS/armv6\(rpi\) v([\d.]+)<BR>\r\n.*icy-name:(.*?)=s p/SHOUTcast Distributed Network Audio Server/ v/$1/ i/Raspberry Pi; Name: $2/ cpe:/a:shoutcast:dnas:$1/

match icy m=^(?:HTTP/1\.0|ICY) \d\d\d .*\r\nicy-notice1:<BR>SHOUTcast DNAS/win[36][24] v([\d.]+)<BR>\r\n=s p/SHOUTcast Distributed Network Audio Server/ v/$1/ o/Windows/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:microsoft:windows/a
match icy m=^(?:HTTP/1\.0|ICY) \d\d\d .*\r\nicy-notice1:<BR>SHOUTcast DNAS/posix\(linux x[86][64]\) v([\d.]+)<BR>\r\n=s p/SHOUTcast Distributed Network Audio Server/ v/$1/ o/Linux/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:linux:linux_kernel/a
match icy m=^(?:HTTP/1\.0|ICY) \d\d\d .*\r\nicy-notice1:<BR>SHOUTcast DNAS/posix\(bsd\) v([\d.]+)<BR>\r\n=s p/SHOUTcast Distributed Network Audio Server/ v/$1/ o/BSD/ cpe:/a:shoutcast:dnas:$1/
match icy m=^(?:HTTP/1\.0|ICY) \d\d\d .*\r\nicy-notice1:<BR>SHOUTcast DNAS/armv6\(rpi\) v([\d.]+)<BR>\r\n=s p/SHOUTcast Distributed Network Audio Server/ v/$1/ i/Raspberry Pi/ cpe:/a:shoutcast:dnas:$1/

match icy m|^HTTP/1\.0 200 OK\r\nContent-Type: audio/mpeg\r\nicy-br:([\d.]+)\r\n.*icy-name:([^\r\n]+)\r\n(?:[^\r\n]+\r\n)*?Server: Icecast ([\d.]+)\r\n\r\n|s p/Icecast streaming media server/ v/$3/ i/Name $2; Bitrate $1/ cpe:/a:xiph:icecast:$3/
match icy m|^HTTP/1\.0 200 OK\r\nContent-Type: audio/mpeg\r\nicy-br:([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Server: Icecast ([\d.]+)\r\n|s p/Icecast streaming media server/ v/$2/ i/Bitrate $1/ cpe:/a:xiph:icecast:$2/

match shoutcast m|^invalid password\r\n$| p/SHOUTcast server/ cpe:/a:shoutcast:dnas/a

match shoutirc m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n\r\n<h1>ShoutIRC Bot ([\w._-]+)</h1>This is not a web server port, it is for use only by clients supporting the <a href=\"http://wiki\.shoutirc\.com/index\.php/Remote_Commands\">Remote Protocol</a>!| p/ShoutIRC Bot/ v/$1/

match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: <sip:missing>\r\nTo: <sip:missing>;tag=badrequest\r\nUser-Agent: AVM FRITZ!Box Fon WLAN ([\d.]+) ([^\r\n]+)\r\n| p/AVM FRITZ!Box WLAN $1/ v/$2/ d/VoIP adapter/
match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: <sip:missing>\r\nTo: <sip:missing>;tag=badrequest\r\nUser-Agent: AVM FRITZ!Box Fon (\w+) \(UI\) ([^\r\n]+)\r\n| p/AVM FRITZ!Box $1/ v/$2/ d/VoIP adapter/
match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: <sip:missing>\r\nTo: <sip:missing>;tag=badrequest\r\nUser-Agent: AVM FRITZ!Box Fon ([^\r\n]+)\r\n|s p/AVM FRITZ!Box/ v/$1/ d/VoIP adapter/
match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: <sip:missing>\r\nTo: <sip:missing>;tag=badrequest\r\nUser-Agent: AVM FRITZ!Box WLAN ([\d.]+) ([^\r\n]+)\r\n| p/AVM FRITZ!Box WLAN $1/ v/$2/ d/VoIP adapter/
match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: <sip:missing>\r\nTo: <sip:missing>;tag=badrequest\r\nUser-Agent: AVM FRITZ!Fon ([\w_-]+) ([^\r\n]+)\r\n| p/AVM FRITZ!Fon $1/ v/$2/ d/VoIP adapter/
match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: <sip:missing>\r\nTo: <sip:missing>;tag=badrequest\r\nUser-Agent: FRITZ!OS\r\nContent-Length: 0\r\n\r\n| p/AVM FRITZ!OS SIP/ d/VoIP adapter/
match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: <sip:missing>\r\nTo: <sip:missing>;tag=badrequest\r\nUser-Agent: AVM Speedport (W \w+) ([^\r\n]+)\r\n| p/Speedport $1/ v/$2/ d/VoIP adapter/
match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: <sip:missing>\r\nTo: <sip:missing>;tag=badrequest\r\nUser-Agent: AVM Sinus (W \w+) ([^\r\n]+)\r\n| p/AVM Sinus $1/ v/$2/ d/VoIP adapter/
match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: <sip:missing>\r\nTo: <sip:missing>;tag=badrequest\r\nUser-Agent: Speedport (W \w+) ([^\r\n]+)\r\n| p/T-Com Speedport $1/ v/$2/ d/VoIP adapter/

match slimp3 m|^GET %2[Ff] HTTP%2[Ff]1\.0\n$| p/SliMP3 MP3 player/ i|http://www.slimdevices.com|

match soap m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"gSOAP_Web_Service\",.*Server: gSOAP/([\d.]+)\r\n.*<SOAP-ENV:Fault><faultcode>Client</faultcode><faultstring>HTTP Error: 401 Unauthorized</faultstring></SOAP-ENV:Fault>|s p/gSOAP/ v/$1/ i/Sagem F@st 3464 WAP soap/ d/WAP/ cpe:/a:genivia:gsoap:$1/
match soap m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"realtek\.com\.tw\", qop=\"auth\", nonce=\"[0-9a-f]+\", opaque=\"[0-9a-f]+\"\r\nServer: gSOAP/([\w._-]+)\r\n| p/gSOAP/ v/$1/ cpe:/a:genivia:gsoap:$1/
match soap m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: gSOAP/([\d.]+)\r\n|s p/gSOAP/ v/$1/ cpe:/a:genivia:gsoap:$1/
match soap m|^HTTP/1\.1 200 OK\r\nServer: SCS\r\nContent-Type: text/html; charset=utf-8\r\n.*<h2 style=\"color:darkcyan\">ServerView Remote Connector - Provider V([\w._-]+)</h2>|s p/Fujitsu ServerView Remote Connector soap/ v/$1/ cpe:/a:fujitsu:serverview_operations_manager:$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: SCS\r\nContent-Type: text/html; charset=utf-8\r\n.*<h2 style=\"color:darkcyan\">ServerView Remote Connector Service V([\w._-]+)</h2>|s p/Fujitsu ServerView Remote Connector soap/ v/$1/ cpe:/a:fujitsu:serverview_operations_manager:$1/
match soap m|^HTTP/1\.0 500 Internal Server Error\r\nServer: gSOAP/([\w._-]+)\r\n.* xmlns:gmmiws=\"https://([\w._-]+):\d+/glsinternal\.wsdl\" .*<faultstring>HTTP GET method not implemented</faultstring>|s p/gSOAP/ v/$1/ i/Good Messaging Server gddomsyncsrv/ h/$2/ cpe:/a:genivia:gsoap:$1/
match soap m|^HTTP/1\.0 500 Internal Server Error\r\nServer: gSOAP/([\w._-]+)\r\n.* xmlns:pushws=\"https://([\w._-]+):\d+/pushws\">.*<faultstring>HTTP GET method not implemented</faultstring>|s p/gSOAP/ v/$1/ i/Good Messaging Server gdpushproc/ h/$2/ cpe:/a:genivia:gsoap:$1/
match soap m|^HTTP/1\.1 405 Method Not Allowed\r\nDate:\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d\r\nContent-Type: application/soap\+xml; charset=\"utf-8\"\r\n\r\n$| p/Dell 1130n printer soap/ d/printer/ cpe:/h:dell:1130n/
match soap m|^HTTP/1\.1  200 OK\r\nContent-Type: text/xml; charset=utf-8: \r\nConnection: close\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\" standalone=\"yes\"\?>.*<ModelDescription>Xtreme N GIGABIT Router</ModelDescription><ModelName>(DIR-655) \w+</ModelName><FirmwareVersion>([^<]+)</FirmwareVersion>|s p/D-Link $1 soap/ v/$2/ d/WAP/ cpe:/h:dlink:$1/
match soap m|^HTTP/1\.1 200 OK\r\nContent-Type: text/xml; charset=utf-8\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n<\?xml version=\"1\.0\" encoding=\"utf-8\"\?>.*<ModelName>(SMC\w+)</ModelName>\n<FirmwareVersion>V([\w._-]+)</FirmwareVersion>|s p/SMC $1 Barricade WAP soap/ v/$2/ d/WAP/ cpe:/h:smc:$1:$2/
match soap m|^HTTP/1\.1 \d\d\d .*\r\nServer: gSOAP\r\n| p/gSOAP/ cpe:/a:genivia:gsoap/

match smtp m|^220 ([\w._-]+)\r\n500 5\.5\.1 Unrecognized command\r\n| p/SoftStack Free SMTP Server/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/
match smtp m|^220[ -]([\w._-]+) ESMTP\r.*\n521 5\.7\.0 Error: I can break rules, too\. Goodbye\.\r\n|s p/Postfix smtpd/ h/$1/ cpe:/a:postfix:postfix/a

# spamd 2.20-1woody
match spamassassin m|^SPAMD/1\.0 76 Bad header line: GET / HTTP/1\.0\r\r?\n| p/SpamAssassin spamd/ cpe:/a:apache:spamassassin/

# TLS 1.0 Alert (0x21), Fatal (0x02), Unexpected message (0x0a)
match ssl m|^\x15\x03\x01\0\x02\x02\x0a$| p/TLS/ v/1.0/

match http m|^HTTP/1\.1 405 Method Not Allowed\r\nDate:0000-01-01T18:54:43\r\nContent-Type: application/soap\+xml; charset=\"utf-8\"\r\n\r\n$| p/Samsung CLX-3175FW printer SOAP over HTTP/ d/printer/ cpe:/h:samsung:clx-3175fw/a

match speech m|^ER\nLP\n#<SUBR\(6\) />\nft_StUfF_keyOK\nER\n$| p/Festival Speech Synthesis System/

match sphinx-search m|^\x01\0\0\0\0\x01\0\0\0\0\0 \0\0\0\x1cunknown command \(code=\d+\)| p/Sphinx Search daemon/

# No idea if this is general enough
match sopcast m|^HTTP/1\.0 200 OK\r\n\r\n0&\xb2u\x8ef\xcf\x11\xa6\xd9\0| p/SopCast P2P/

match syncplay-json m|^\{"Error": \{"message": "Not a json encoded string GET / HTTP/1\.0"\}\}\r\n| p/Syncplay JSON server/ cpe:/a:syncplay:syncplay/

match tcpmux m|^-Service not available\r\n$|

match telnet m|^\xff\xfb\x01\xff\xfe\"\n\r\tNetDSL Copyright by ARESCOM 2003\n\r\n\r\n\rUsername:GET / HTTP/1\.0\r\n\n\rPassword:\r\n\n\rUsername:| p/ARESCOM NetDSL 1000 router/ d/router/
match telnet m|^\xff\xfb\x03\xff\xfb\x01\xff\xfbi\r\n\tWelcome to Magicunix's TCP Server\.\r\n\r\n\r\nLogin: P/1\.0\r\nPassword: \r\nLogin incorrect\r\nLogin: | p/MagicUnix telnetd/
match telnet m|^\xff\xfb\x03\xff\xfb\x01\r\n\r\n\x07HP ([\w+]+) AdvanceStack 10BT Switching Hub Management Module\r\n| p/HP $1 switch telnetd/ d/switch/ cpe:/h:hp:$1/a
match telnet m|^\xff\xfb\x01\r\n-> GET / HTTP/1\.0\r\nGET / HTTP/1\.0\r\nundefined symbol: GET\r\n-> \r\n-> | p/Konica Minolta Magicolor 2300 DL printer telnetd/ d/printer/
match telnet m|^\xff\xfe\x01Login to server\. \r\nUsername: ET / HTTP/1\.0\r\nPassword: \r\nLogin to server\. \r\nUsername:| p/EFCMService telnetd/ o/Windows/ cpe:/o:microsoft:windows/a
match telnet m|^\xff\xfc\"\xff\xfb\x03\xff\xfb\x01\r\n\r\nWelcome to  C A N O P Y  CMM Micro\.\r\n\r\nPress Enter to Continue\.\.\.\r\n\r\nLogin: \r\nPassword: | p/Motorola Canopy cluster management module telnetd/ o/eCos/ cpe:/o:ecos:ecos/
match telnet m|^\xff\xfb\x01\xff\xfb\x03telnet@CER(\w+)>GET / HTTP/1\.0\r\nInvalid input -> GET / HTTP/1\.0\r\nType \? for a list\r\n| p/NetIron CER $1 switch telnetd/ d/switch/
match telnet m|^BAD_COMMAND\n| p/Lotus Domino Console/ cpe:/a:ibm:lotus_domino/
match telnet m|^\xff\xfb\x01\xff\xfb\x03$| p/Pocket CMD telnetd/
match telnet m|^\xff\xfe\x01\r\n\r\n\+============================================================================\+\r\n\x7c             \[ Rack Monitor Configuration Utility Main Menu \]               \x7c\r\n\+============================================================================\+\r\n\r\nEnter Password: | p/Eaton Powerware Environmental Rack Monitor telnetd/ d/power-misc/
match telnet m|^\xff\xfb\x01\r\nMGI Login: GET / HTTP/1\.0\r\n\r\nPassword: \r\nLogin incorrect\r\n\r\nMGI Login: | p/Samsung PBX telnetd/ d/PBX/
match telnet m|^\xff\xfb\0\*\*\*\*\*\*\*\*\*\*\*\*\*\*\r\n\r\nD-Link Access Point login: | p/D-Link DWL-3200AP WAP telnetd/ d/WAP/ cpe:/h:dlink:dwl-3200ap/
match telnet m|^\r\n\xff\xfb\x01\xff\xfb\x03\r\nUser:GET / HTTP/1\.0\r\nPassword:\r\nUser:| p/Dell OpenManage telnetd/ cpe:/a:dell:openmanage_baseboard_management_controller_utilities/
match telnet m|^\n\rError 0xf802: Command not recognized\.\r\n| p/Quatech Airborne CLI server/ d/bridge/
match telnet m|^Please enter password:\r\nPassword incorrect, please enter password:\r\nPassword incorrect, please enter password:\r\n| p/7 Days to Die game Telnet config/ cpe:/a:the_fun_pimps:7_days_to_die/
# Probably BusyBox
match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01\xff\xfb\x03\r\r\nGET / HTTP/1\.0\r\n\r\nSICUNET login: | p/Sicunet access control system telnetd/ d/security-misc/

# https://www.reddit.com/r/telnet/comments/4i3w20/found_vizio_m55c3_telnet_access/
match textui m|^cannot find method GET\n\n$| p/Vizio television textui/ d/media device/

# The Onion Router
match tor-socks m|^HTTP/1\.0 501 Tor is not an HTTP Proxy\r\n| p/Tor SOCKS proxy/ cpe:/a:torproject:tor/
match tor-info m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Encoding: identity\r\n.*signed-directory\npublished .*\nrecommended-software|s p/Tor nodes info httpd/ cpe:/a:torproject:tor/
match tor-info m|^HTTP/1\.0 503 Directory busy, try again later\r\n\r\n$| p/Tor nodes info httpd/ cpe:/a:torproject:tor/
match tor-info m|^HTTP/1\.0 404 Not found\r\nDate: \w\w\w, \d\d? \w\w\w \d\d\d\d \d\d:\d\d:\d\d GMT\r\n\r\n$| p/Tor nodes info httpd/ cpe:/a:torproject:tor/

softmatch uptime-agent m|ERR - Command 'GET' not found\n$| p/Idera Uptime Infrastructure Monitor/ cpe:/a:idera:uptime_infrastructure_monitor/

match utsessiond m|^ERR/InvalidCommand\n$| p/Sun Ray utsessiond/ cpe:/a:sun:ray_server_software/
match utsvc m|^protocolErrorInf error=Missing\\040hw\\040string\\040from\\040:\\040null\.\\040Check\\040hardware state=disconnected\n| p/Sun Ray utsvcd/ cpe:/a:sun:ray_server_software/
match utsvc m|^protocolErrorInf error=invalid\\040command\\040or\\040parameter state=disconnected\n| p/Sun Ray utsvcd/ cpe:/a:sun:ray_server_software/

match upnp m|^HTTP/1\.1 403 Forbidden\r\n.*SERVER: LG-BDP DLNADOC/([\w._-]+)\r\n| p/LG BP730 Blu-ray player upnp/ i/DLNADOC $1/ d/media device/ cpe:/h:lg:bp730/
match upnp m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: (UPnP/[\d.]+ DLNADOC/[\d.]+) Platinum/([\d.]+)\r\n\r\n|s p/Platinum UPnP/ v/$2/ i/$1/
match upnp m|^HTTP/1\.[01] 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Linux-amd64-([\w._-]+), UPnP/([\d.]+), PMS/(.*?)\r\n|s p/PS3 Media Server UPnP/ v/$3/ i/Linux $1; UPnP $2/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.[01] 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Linux-([\w_.-]+), UPnP/([\d.]+), PMS/(.*?)\r\n|s p/PS3 Media Server UPnP/ v/$3/ i/Linux $1; UPnP $2/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.[01] 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Windows_XP-([\w_.-]+), UPnP/([\d.]+), PMS/(.*?)\r\n|s p/PS3 Media Server UPnP/ v/$3/ i/Windows XP $1; UPnP $2/ d/media device/ o/Windows XP/ cpe:/o:microsoft:windows_xp:$1/
match upnp m|^HTTP/1\.[01] 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Windows_Vista-x86-([\w._-]+), UPnP/([\d.]+), PMS/(.*?)\r\n|s p/PS3 Media Server UPnP/ v/$3/ i/Windows Vista $1; UPnP $2/ d/media device/ o/Windows Vista/ cpe:/o:microsoft:windows_vista:$1::x32/
match upnp m|^HTTP/1\.[01] 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Windows_Vista-x86_64-([\w._-]+), UPnP/([\d.]+), PMS/(.*?)\r\n|s p/PS3 Media Server UPnP/ v/$3/ i/Windows Vista $1; UPnP $2/ d/media device/ o/Windows Vista/ cpe:/o:microsoft:windows_vista:$1::x64/
match upnp m|^HTTP/1\.[01] 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Windows_7-x86-([\w._-]+), UPnP/([\d.]+), PMS/(.*?)\r\n|s p/PS3 Media Server UPnP/ v/$3/ i/Windows 7 $1; UPnP $2/ d/media device/ o/Windows 7/ cpe:/o:microsoft:windows_7:$1::x32/
match upnp m|^HTTP/1\.[01] 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Windows_7-x86_64-([\w._-]+), UPnP/([\d.]+), PMS/(.*?)\r\n|s p/PS3 Media Server UPnP/ v/$3/ i/Windows 7 $1; UPnP $2/ d/media device/ o/Windows 7/ cpe:/o:microsoft:windows_7:$1::x64/
match upnp m|^HTTP/1\.[01] 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Mac_OS_X-x86_64-([\w_.-]+), UPnP/([\d.]+), PMS/(.*?)\r\n|s p/PS3 Media Server UPnP/ v/$3/ i/Mac OS X $1; UPnP $2/ d/media device/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a

match upnp m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Linux/([\w_.-]+), UPnP/([\w_.-]+), Free UPnP Entertainment Service/ReadyNAS\r\n|s p/FUPPES UPnP media server/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Linux/([\w_.-]+), UPnP/([\w_.-]+), Free UPnP Entertainment Service/([^\r\n]+)\r\n|s p/FUPPES UPnP media server/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: FreeBSD/([\w_.-]+), UPnP/([\w_.-]+), Free UPnP Entertainment Service/([^\r\n]+)\r\n|s p/FUPPES UPnP media server/ v/$3/ i/FreeBSD $1; UPnP $2/ o/FreeBSD/ cpe:/o:freebsd:freebsd:$1/

match upnp m|^HTTP/1\.1 500 Internal Server Error\r\nSERVER: ipOS/([\d.]+) UPnP/([\d.]+) ipUPnP/([\d.]+)\r\n| p/ipOS upnpd/ i/D-Link WAP dynamic DNS; UPnP $2; ipUPnP $3/ d/WAP/ o/ipOS $1/ cpe:/o:ubicom:ipos:$1/
match upnp m|^HTTP/1\.1 400 Bad Request\r\nSERVER: ipOS/([\d.]+) UPnP/([\d.]+) ipGENADevice/([\d.]+)\r\n| p/ipOS upnpd/ i/D-Link DGL-4300 gaming router; UPnP $2; ipGENADevice $3/ d/broadband router/ o/ipOS $1/ cpe:/h:d-link:dgl-4300/ cpe:/o:ubicom:ipos:$1/
match upnp m|^HTTP/1\.0 \d\d\d .*\r\nSERVER: ipos/([\w._-]+) +UPnP/([\d.]+) (?:ADSL2\+ (?:Modem )?Router )?(T[DL]-\w+)/([\w._/-]+)\r\n| p/ipOS upnpd/ i/TP-LINK $3 WAP $4; UPnP $2/ d/WAP/ o/ipOS $1/ cpe:/h:tp-link:$3/ cpe:/o:ubicom:ipos:$1/
match upnp m|^HTTP/1\.0 \d\d\d .*\r\nSERVER: ipos/([\w._-]+) +UPnP/([\d.]+) (RNX-\w+)/([\w._/-]+)\r\n| p/ipOS upnpd/ i/Rosewill $3 WAP $4; UPnP $2/ d/WAP/ o/ipOS $1/ cpe:/h:rosewill:$3/ cpe:/o:ubicom:ipos:$1/
match upnp m|^HTTP/1\.0 \d\d\d .*\r\nSERVER: ipos/([\w._-]+) UPnP/([\d.]+) Archer[ _]([^/]+)/([\w._/-]+)\r\n| p/ipOS upnpd/ i/TP-Link Archer $3 WAP $4; UPnP $2/ d/WAP/ o/ipOS $1/ cpe:/h:tp-link:a$3/ cpe:/o:ubicom:ipos:$1/

match upnp m|^HTTP/1\.[01] \d\d\d .*\r\nSERVER: Linux/([\w._+-]+), UPnP/([\d.]+), Portable SDK for UPnP devices/([\w._~-]+)\r\n| p/Portable SDK for UPnP devices/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.[01] \d\d\d .*\r\nSERVER: Linux, UPnP/([\d.]+), Portable SDK for UPnP devices/([\w._~-]+)\r\n| p/Portable SDK for UPnP devices/ v/$2/ i/UPnP $1/ o/Linux/ cpe:/o:linux:linux_kernel/
match upnp m|^HTTP/1\.[01] \d\d\d .*\r\nSERVER: Linux/([\w._+-]+) UPnP/([\d.]+) DLNADOC/([\d.]+) Portable SDK for UPnP devices/([\w._~-]+)\r\n| p/Portable SDK for UPnP devices/ v/$4/ i/Linux $1; DLNADOC $3; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Linux/([\w._+-]+) DLNADOC/([\d.]+) UPnP/([\d.]+) MiniDLNA/([\w._-]+)\r\n|s p/MiniDLNA/ v/$4/ i/Linux $1; DLNADOC $2; UPnP $3/ o/Linux/ cpe:/a:minidlna:minidlna:$4/a cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.0 500 Internal Server Error\r\nSERVER: ([\w._-]+\.7601) 2/Service Pack (\d+), UPnP/([\w._-]+), Portable SDK for UPnP devices/([\w._~-]+)\r\n| p/Portable SDK for UPnP devices/ v/$4/ i/UPnP $3/ o/Windows 7 SP$2 build $1/ cpe:/o:microsoft:windows_7/a
match upnp m|^HTTP/1\.0 \d\d\d .*\r\nSERVER: ([56]\.[\d. ]+)/, UPnP/([\d.]+), Portable SDK for UPnP devices/([\w._~-]+)\r\n| p/Portable SDK for UPnP devices/ v/$3/ i/Windows $1; UPnP $2/ o/Windows/ cpe:/o:microsoft:windows/a
match upnp m|^HTTP/1\.0 \d\d\d .*\r\nSERVER: ([56]\.[\d. ]+)/Service Pack (\d+), UPnP/([\d.]+), Portable SDK for UPnP devices/([\w._~-]+)\r\n| p/Portable SDK for UPnP devices/ v/$4/ i/Windows $1 (SP$2); UPnP $3/ o/Windows/ cpe:/o:microsoft:windows/a

match upnp m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?SERVER: Linux/([-+\w_.]+), UPnP/([\d.]+), Intel SDK for UPnP devices ?/([\w._~-]+)\r\n|s p/Intel UPnP reference SDK/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?SERVER: Linux/([-+\w_.]+) UPnP/([\d.]+) DLNADOC/([\w._-]+) Intel_SDK_for_UPnP_devices/([\w._~-]+)\r\n|s p/Intel UPnP reference SDK/ v/$4/ i/Linux $1; UPnP $2; DLNADOC $3/ o/Linux/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.[01] \d\d\d .*\r\nSERVER: Linux, UPnP/([\d.]+), Intel SDK for UPnP devices ?/([\w._~-]+)\r\n| p/Intel UPnP reference SDK/ v/$2/ i/UPnP $1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match upnp m|^HTTP/1\.[01] \d\d\d .*\r\nSERVER: Darwin/([\w._+-]+), UPnP/([\w._-]+), Portable SDK for UPnP devices/([\w._~-]+)\r\n| p/Intel UPnP reference SDK/ v/$3/ i/Mac OS X $1; UPnP $2/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match upnp m|^HTTP/1\.[01] \d\d\d .*\r\nSERVER: Windows2000/0\.0 UPnP/([\w._+-]+) PhilipsIntelSDK/([\w._-]+) DLNADOC/([\w._-]+)\r\n| p/Philips Intel UPnP SDK/ v/$2/ i/Philips Smart TV; UPnP $1; DLNADOC $3/ d/media device/
match upnp m|^HTTP/1\.[01] \d\d\d .*\r\nSERVER: Linux([\d.]+)/0\.0 UPnP/([\w._+-]+) PhilipsIntelSDK/([\w._-]+) DLNADOC/([\w._-]+)\r\n| p/Philips Intel UPnP SDK/ v/$3/ i/Philips Smart TV; UPnP $2; DLNADOC $4/ d/media device/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/a
match upnp m|^HTTP/1\.[01] \d\d\d .*\r\nSERVER: Windows2000/0\.0 UPnP/([\w._+-]+) PhilipsIntelSDK/([\w._-]+) \r\n| p/Philips Intel UPnP SDK/ v/$2/ i/Philips Smart TV; UPnP $1/ d/media device/
match upnp m|^HTTP/1\.[01] \d\d\d .*\r\nSERVER: Linux([\d.]+)/0\.0 UPnP/([\w._+-]+) PhilipsIntelSDK/([\w._-]+) \r\n| p/Philips Intel UPnP SDK/ v/$3/ i/Philips Smart TV; UPnP $2/ d/media device/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/a

match upnp m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?CONTENT-TYPE: text/xml\r\nContent-Length: .*<modelName>Xbox 360</modelName>.*<serialNumber>(\w+)</serialNumber>|s p/Xbox 360 XML UPnP/ i/Serial number $1/ d/game console/ o/Xbox 360/ cpe:/h:microsoft:xbox_360_kernel/
match upnp m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nConnection: close\r\nServer: Microsoft-Windows-NT/(\d[-.\w]+) UPnP/(\d[-.\w]+) UPnP-Device-Host/(\d[-.\w]+)\r\n| p/Microsoft Windows UPnP/ v/$2/ i/UPnP Device Host: $3/ o/Windows NT $1/ cpe:/o:microsoft:windows_nt:$1/
match upnp m=^HTTP/1\.1 200 .*\r\nSERVER: Linux/((2\.[46]\.\d+|\d\.\d+)\S*), UPnP/([\d.]+), MediaTomb/([\w._-]+)\r\n=s p/MediaTomb UPnP/ v/$4/ i/Linux $1; UPnP $3/ o/Linux/ cpe:/o:linux:linux_kernel:$2/
match upnp m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?SERVER: Darwin/([\w._-]+), UPnP/([\d.]+), MediaTomb/([\w._-]+)\r\n|s p/MediaTomb UPnP/ v/$3/ i/Darwin $1; UPnP $2/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match upnp m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?SERVER: FreeBSD/([\w._-]+), UPnP/([\d.]+), MediaTomb/([\w._-]+)\r\n|s p/MediaTomb UPnP/ v/$3/ i/FreeBSD $1; UPnP $2/ o/FreeBSD/ cpe:/o:freebsd:freebsd:$1/
match upnp m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?SERVER: OpenBSD/([\w._-]+), UPnP/([\d.]+), MediaTomb/([\w._-]+)\r\n|s p/MediaTomb UPnP/ v/$3/ i/OpenBSD $1; UPnP $2/ o/OpenBSD/ cpe:/o:openbsd:openbsd:$1/
match upnp m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?SERVER: SunOS/([\w._-]+), UPnP/([\d.]+), MediaTomb/([\w._-]+)\r\n|s p/MediaTomb UPnP/ v/$3/ i/SunOS $1; UPnP $2/ o/Solaris/ cpe:/o:sun:sunos:$1/
#TODO make sure the * version doesn't come after \r\n

match upnp m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+),  Twonky UPnP SDK/([\w._-]+)\r\n|s p/TwonkyMedia UPnP/ i/UPnP $1; pvConnect SDK $2; SDK $3/ cpe:/a:packetvideo:twonky/
match upnp m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+),  TwonkyMedia UPnP SDK/([\w._-]+)\r\n|s p/TwonkyMedia UPnP/ i/UPnP $1; pvConnect SDK $2; SDK $3/ cpe:/a:packetvideo:twonky/
match upnp m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: *Linux/([\w._-]+), UPnP/([\w._-]+), TwonkyVision UPnP SDK/([\w._-]+)\r\n|s p/TwonkyMedia UPnP/ i/Linux $1; UPnP $2; SDK $3/ o/Linux/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: *Linux/2\.x\.x, UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+), Twonky UPnP SDK/([\w._-]+)\r\n|s p/TwonkyMedia UPnP/ i/UPnP $1; pvConnect SDK $2; Twonky SDK $3/ o/Linux/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:2/
match upnp m=^HTTP/1\.1 \d\d\d .*Server: *Linux/([\w._-]+), UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+)\r\n.*<title>(?:TwonkyMedia|TwonkyMedia server media browser|TwonkyVision Configuration)</title>=s p/TwonkyMedia UPnP/ i/Linux $1; UPnP $2; pvConnect SDK $3/ o/Linux/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: *Linux/([\w._-]+), UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+)\r\n.*<title>MediaServer Restriced Access</title>|s p/TwonkyMedia UPnP/ i/Iomega Home Media NAS device; Linux $1; UPnP $2; pvConnect SDK $3/ o/Linux/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: *Linux/2\.x\.x, UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+), TwonkyMedia UPnP SDK/([\w._-]+)\r\n\r\n|s p/TwonkyMedia UPnP/ i/Linux 2.X.X; UPnP $1; pvConnect SDK $2; SDK $3/ o/Linux/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:2/
match upnp m|^HTTP/1\.1 401 Unauthorised\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Digest realm=\"([\w._-]+)\", nonce=\"\w+\", algorigthm=MD5, qop=\"auth\" \n.*Server: *Linux/2\.x\.x, UPnP/([\d.]+), pvConnect UPnP SDK/([\w._-]+), Twonky UPnP SDK/([\w._-]+)\r\n|s p/TwonkyMedia UPnP/ i/Linux; UPnP $2; pvConnect SDK $3; SDK $4/ o/Linux/ h/$1/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:2/
match upnp m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: *Linux/2\.x\.x, UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+)\r\n\r\n|s p/TwonkyMedia UPnP/ i/Linux 2.X.X; UPnP $1; pvConnect SDK $2/ o/Linux/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:2/
match upnp m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Windows NT/[\w._-]+, UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+),  TwonkyMedia UPnP SDK/([\w._-]+)\r\n|s p/TwonkyMedia UPnP/ i/UPnP $1; pvConnect SDK $2; SDK $3/ o/Windows NT/ cpe:/a:packetvideo:twonky/ cpe:/o:microsoft:windows_nt/
match upnp m|^HTTP/1\.1 401 Unauthorised\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"([\w._-]+)\"\n.*Server: *Linux/2\.x\.x, UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+), Twonky UPnP SDK/([\w._-]+)\r\n|s p/TwonkyMedia UPnP/ i/Linux 2.X; UPnP $2; pvConnect SDK $3; SDK $4/ o/Linux/ h/$1/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:2/
match upnp m|^HTTP/1\.1 401 Unauthorised\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"([\w._-]+)\"\n.*Server: *Linux/([\w._-]+), UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+)\r\n|s p/TwonkyMedia UPnP/ i/Linux $2; UPnP $3; pvConnect SDK $4/ o/Linux/ h/$1/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:$2/a

match upnp m|^HTTP/1\.1 \d\d\d .*\r\nContent-Type:  text/xml; charset=\"UTF-8\"\r\nServer: Orb Media Server, WINDOWS, UPnP/([\w._-]+), Intel MicroStack/([\w._-]+)\r\n| p/Orb Media Server UPnP/ i/UPnP $1; Intel MicroStack $2/ o/Windows/ cpe:/o:microsoft:windows/a
match upnp m|^HTTP/1\.1 200 OK\r\nCONTENT-TYPE:  text/xml;charset="utf-8"\r\nServer: WINDOWS, UPnP/([\d.]+), Intel MicroStack/([\w._-]+)\r\n| p/Intel MicroStack upnpd/ v/$2/ i/UPnP $1/ o/Windows/ cpe:/o:microsoft:windows/a
match upnp m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: OpenWRT/kamikaze UPnP/([\w._-]+) miniupnpd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$2/ i/OpenWrt Kamikaze; UPnP $1/ d/broadband router/ o/Linux/ cpe:/a:miniupnp_project:miniupnpd:$2/a cpe:/o:linux:linux_kernel/a
match upnp m|^HTTP/1\.0 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: neufbox UPnP/([\w._-]+) MiniUPnPd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$2/ i/Neuf Box router; UPnP $1/ d/router/ cpe:/a:miniupnp_project:miniupnpd:$2/a
match upnp m|^HTTP/1\.0 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: DrayTek/Vigor(\w+) UPnP/([\w._-]+) MiniUPnPd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$3/ i/DrayTek Vigor $1 router; UPnP $2/ d/router/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/h:draytek:vigor_$1/a
match upnp m|^HTTP/1\.0 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: OpenWRT/OpenWrt UPnP/([\w._-]+) MiniUPnPd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$2/ i/OpenWrt; UPnP $1/ d/broadband router/ cpe:/a:miniupnp_project:miniupnpd:$2/a
match upnp m|^HTTP/1\.1 200 OK\r\nServer: Roku UPnP/([\d.]+) MiniUPnPd/([\d.]+)\r\n| p/MiniUPnP/ v/$2/ i/Roku; UPnP $1/ d/media device/ cpe:/a:miniupnp_project:miniupnpd:$2/a
match upnp m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Linux,([\w._-]+),UPnP/([\w._-]+),Coherence UPnP framework,([\w._-]+)\r\n|s p/Coherence UPnP framework/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/a
match upnp m|^HTTP/1\.[01] 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: Netgem/([\d.]+) \(NeufboxTV UPnPServer\)\r\n|s p/Netgem UPnP/ v/$1/ i/Neuf Box TV/ d/media device/
match upnp m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: WINDOWS, UPnP/([\d.]+), Intel MicroStack/([\d.]+)\r\n.*<dlna:X_DLNADOC xmlns:dlna=\"urn:schemas-dlna-org:device-1-0\">(DMS-[\d.]+)</dlna:X_DLNADOC>.*<friendlyName>([\w._-]+): MediaServer</friendlyName>.*<manufacturer>Wistron</manufacturer>.*<modelDescription>WiDMS</modelDescription>|s p/Intel MicroStack UPnP/ v/$2/ i/Wistron Digital Media Server $3; UPnP $1/ o/Windows/ h/$4/ cpe:/o:microsoft:windows/a
match upnp m|^HTTP/1\.1 40[04] .*\r\nServer: Linux, UPnP/([\d.]+), (DIR-[\w+]+) Ver ([\w._-]+)\r\n| p/D-Link $2 WAP UPnP/ v/$3/ i/UPnP $1/ d/WAP/ o/Linux/ cpe:/h:d-link:$2/ cpe:/o:linux:linux_kernel/a
match upnp m|^HTTP/1\.0 404 Not Found\r\nSERVER: FAST Router (\w+) Router, UPnP/([\w.]+)\r\n| p/FAST $1 router UPnP $2/ d/router/
match upnp m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?SERVER: Linux/([\w._-]+) UPnP/([\w._-]+) myigd/([\w._-]+)\r\n|s p/myigd/ v/$3/ i/Linksys WAG354G router; Linux $1; UPnP $2/ d/WAP/ o/Linux/ cpe:/h:linksys:wag354g/a cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?SERVER: Linux/([\w._-]+), UPnP/([\w._-]+), Everest/([\w._-]+)\r\n|s p/Everest/ v/$3/ i/Pelco Spectra Mini IP webcam; Linux $1; UPnP $2/ d/webcam/ o/Linux/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.1 404 Bad Request\r\nCONTENT-LENGTH: 0\r\nCONTENT-TYPE: text/html\r\n\r\n$| p/SuperMicro IPMI UPnP/ cpe:/o:supermicro:intelligent_platform_management_firmware/
match upnp m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nServer: Unknown/0\.0 UPnP/([\d.]+) Virata-EmWeb/([-.\w]+)\r\n| p/Virata-EmWeb/ v/$SUBST(2,"_",".")/ i/ReplayTV UPnP; UPnP $1/ cpe:/a:virata:emweb:$SUBST(2,"_",".")/a
match upnp m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Server: RomPager/([\w.]+) UPnP/([\w.]+)\r\n\r\n\n<html><head>.*<title>ZyXEL Prestige Router</title>|s p/Allegro RomPager/ v/$1/ i/ZyXEL Prestige router UPnP; UPnP $2/ d/router/ cpe:/a:allegro:rompager:$1/
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: NT/([\d.]+) UPnP/([\d.]+)\r\nDate: .*\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>HotBrick Load Balancer ([-\w_.]+)</title>\r\n| p/NT httpd/ v/$1/ i/HotBrick Load Balancer $3 UPnP; UPnP $2/ d/load balancer/
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: NT/([\d.]+) UPnP/([\d.]+)\r\nDate: .*\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>HotBrick Firewall VPN ([-\w_./]+)</title>| p/NT httpd/ v/$1/ i/HotBrick Firewall VPN $3 UPnP; UPnP $2/ d/firewall/
match upnp m|^HTTP/1\.1 200 OK\r\nServer: Unknown/[\d.]+ UPnP/([\d.]+) Virata-EmWeb/R([\d_]+)\r\nContent-Length: .*\r\n\r\n<HTML><HEAD><TITLE>Actiontec</TITLE>\n|s p/Virata-EmWeb/ v/$SUBST(2,"_",".")/ i/ActionTec DSL UPnP; UPnP $1/ d/broadband router/ cpe:/a:virata:emweb:$SUBST(2,"_",".")/a
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: Unknown/[\d.]+ UPnP/([\d.]+) GlobespanVirata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nExpires: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n<html>\n<head>\n<title>ADSL VPN Firewall Router</title>| p/Virata-EmWeb/ v/$SUBST(2,"_",".")/ i/Billion 741GE ADSL router UPnP; UPnP $1/ d/router/ cpe:/a:virata:emweb:$SUBST(2,"_",".")/a cpe:/h:billion:741ge/a
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: Unknown/[\d.]+ UPnP/([\d.]+) Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nExpires: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n\n<html>\n<head>\n<title>ADSL Configuration Page\n</title>| p/Virata-EmWeb/ v/$SUBST(2,"_",".")/ i/Telewell 715 DSL router UPnP; UPnP $1/ d/router/ cpe:/a:virata:emweb:$SUBST(2,"_",".")/a cpe:/h:telewell:715/a
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nDATE: .*\r\nConnection: Keep-Alive\r\nServer: LINUX/([\d.]+) UPnP/([\d.]+) BRCM400/([\d.]+)\r\n| p|Belkin/Linksys wireless router UPnP| i/UPnP $2; BRCM400 $3/ d/router/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/a
match upnp m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Unknown/[\d.]+ UPnP/([\d.]+) GlobespanVirata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\n.*<title>CopperJet ([-\w+/.]+) Router VoATM</title>|s p/Virata-EmWeb/ v/$SUBST(2,"_",".")/ i/CopperJet $3 VoATM router UPnP; UPnP $1/ d/router/ cpe:/a:virata:emweb:$SUBST(2,"_",".")/a
match upnp m|^HTTP/1\.1 200 OK\r\nServer: Unknown/[\d.]+ UPnP/([\d.]+) GlobespanVirata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\n.*<head>\n<title>Wireless ADSL VPN Firewall Router</title>\n|s p/GlobespanVirata-EmWeb/ v/$SUBST(2,"_",".")/ i/Billion BIPAC-743GE V1 ADSL WAP UPnP; UPnP $1/ d/WAP/
match upnp m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Nucleus/([\d.]+) UPnP/([\d.]+) Virata-EmWeb/R([\d_]+)\r\nLocation: http://[\d.]+/hag/pages/home\.htm\r\n| p/Virata-EmWeb/ v/$SUBST(3,"_",".")/ i|Huawei/Intracom ADSL router UPnP; UPnP $2; Nucleus $1| d/broadband router/ cpe:/a:virata:emweb:$SUBST(3,"_",".")/a
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: Unknown/0\.0 UPnP/([\d.]+) GlobespanVirata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nExpires: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n<html>\n<head>\n<title>ADSL -modem/firewall/switch/WLAN -AP</title>\n| p/GlobespanVirata-EmWeb/ v/$SUBST(2,"_",".")/ i/Telewell TW-EA2000 ADSL modem UPnP; UPnP $1/ d/WAP/
match upnp m|^HTTP/1\.1 \d\d\d Server: Unknown/0\.0 UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\n.*<TITLE>Siemens ([\w._ -]+) Router</TITLE>|s p/Conexant-EmWeb/ v/$SUBST(2,"_",".")/ i/Siemens $3 router UPnP; UPnP $1/ d/router/ cpe:/a:conexant:emweb:$SUBST(2,"_",".")/a cpe:/h:siemens:$3/a
match upnp m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Unknown/0\.0 UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\n.*<TITLE>Zoom - USB Endpoint</TITLE>.*<TITLE>Zoom DSL Modem Web-Console</TITLE>|s p/Conexant-EmWeb/ v/$SUBST(2,"_",".")/ i/Zoom A6 ADSL modem UPnP; UPnP $1/ d/broadband router/ cpe:/a:conexant:emweb:$SUBST(2,"_",".")/a cpe:/h:zoom:a6/a
match upnp m|^HTTP/1\.1 401 Unauthorized\r\nServer: Unknown/0\.0 UPnP/([\d.]+) GlobespanVirata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nExpires: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nWWW-Authenticate: Basic realm=\"WebAdmin\"\r\n\r\n\n\n<html>\n<head>\n\n<link rel=\"stylesheet\" type=\"text/css\" href=\"/styles/default\.css\">\n\n<title>Authentication failed</title>\n\n</head>\n<body bgcolor=\"#ffffff\" link=\"#3300cc\" alink=\"#ff0000\" vlink=\"#990066\">\n\n| p/GlobespanVirata-EmWeb/ v/$SUBST(2,"_",".")/ i/Xavi 7768r WAP UPnP; UPnP $1/ d/WAP/
match upnp m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Unknown/0\.0 UPnP/([\d.]+) Web Server\r\n.*<title>MT882 ADSL Router</title>|s p/Huawei SmartAX MT882 ADSL router UPnP/ i/UPnP $1/ d/broadband router/ cpe:/h:huawei:smartax_mt882/a
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: Nucleus/([-\w_.]+) UPnP/([\d.]+) Virata-EmWeb/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"MT882\"\r\n| p/Virata-EmWeb/ v/$SUBST(3,"_",".")/ i/Huawei SmartAX MT882 ADSL router UPnP; UPnP $2; Nucleus $1/ d/broadband router/ cpe:/a:virata:emweb:$SUBST(3,"_",".")/a cpe:/h:huawei:smartax_mt882/a
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: Nucleus/([\d.]+) UPnP/([\d.]+) Virata-EmWeb/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"Viking\"\r\n\r\n401 Unauthorized\r\n| p/Virata-EmWeb/ v/$SUBST(3,"_",".")/ i/Viking router UPnP; UPnP $2; Nucleus $1/ d/router/ cpe:/a:virata:emweb:$SUBST(3,"_",".")/a
match upnp m|^HTTP/1\.1 200 OK\r\nServer: Unknown/0\.0 UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nExpires: .*<title>VoIP/802\.11g ADSL2\+ Firewall Router</title>\n|s p/Conexant-EmWeb/ v/$SUBST(2,"_",".")/ i|Billion ADSL/WAP/VoIP router UPnP; UPnP $1| d/router/ cpe:/a:conexant:emweb:$SUBST(2,"_",".")/a
match upnp m|^HTTP/1\.1 200 OK\r\nServer: Unknown/0\.0 UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nExpires: .*<head>\n<title>Huawei xDSL\r\n</title>|s p/Conexant-EmWeb/ v/$SUBST(2,"_",".")/ i|Huawei ADSL/WAP/VoIP router UPnP; UPnP $1| d/router/ cpe:/a:conexant:emweb:$SUBST(2,"_",".")/a
match upnp m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Unknown/0\.0 UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\n.*<title>VoIP/802\.11g ADSL2\+ Firewall Router</title>|s p/Conexant-EmWeb/ v/$SUBST(2,"_",".")/ i/Billion 800VGT ADSL router UPnP; UPnP $1/ d/broadband router/ cpe:/a:conexant:emweb:$SUBST(2,"_",".")/a cpe:/h:billion:800vgt/a
match upnp m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Unknown/0\.0 UPnP/([\d.]+) Virata-EmWeb/R([\d_]+)\r\n.*<title>Wireless ADSL Router Control Panel</title>|s p/Virata-EmWeb/ v/$SUBST(2,"_",".")/ i/Eminent EM4104 WAP UPnP; UPnP $1/ d/WAP/ cpe:/a:virata:emweb:$SUBST(2,"_",".")/a
match upnp m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: ISOS/([-\w_.]+) UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\n.*<title>Scarlet One</title>|s p/Conexant-EmWeb/ v/$SUBST(3,"_",".")/ i/Scarlet One UPnP; UPnP $2; ISOS $1/ d/VoIP adapter/ cpe:/a:conexant:emweb:$SUBST(3,"_",".")/a
match upnp m|^HTTP/1\.1 401 Unauthorized\r\nServer: ISOS/([-\w_.]+) UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\n| p/Conexant-EmWeb/ v/$SUBST(3,"_",".")/ i/ISOS $1; UPnP $2/ d/broadband router/ cpe:/a:conexant:emweb:$SUBST(3,"_",".")/a
match upnp m|^HTTP/1\.1 404 Not Found\r\nCONTENT-LENGTH: 48\r\nDATE: .*\r\nSERVER: Linux/6\.0 UPnP/([\d.]+) Intel UPnP/([\d.]+)\r\n\r\n<html><body><h1>404 Not Found</h1></body></html>$| p/Linksys WVC54GC webcam UPnP/ i/UPnP $1; Intel UPnP $2/ d/webcam/ o/Linux/ cpe:/h:linksys:wvc54gc/ cpe:/o:linux:linux_kernel/a
match upnp m|^HTTP/1\.1 200 OK\r\nServer: Unknown/0\.0 UPnP/([\w._-]+) GlobespanVirata-EmWeb/R([\w._-]+)\r\n.*<title>JetSpeed 500 i</title>|s p/GlobespanVirata-EmWeb/ v/$SUBST(2,"_",".")/ i/Intracom JetSpeed 500i UPnP; UPnP $1/ d/broadband router/
match upnp m|^HTTP/1\.1 401 Unauthorized\r\nServer: Nucleus/([\w._-]+) UPnP/([\w._-]+) Virata-EmWeb/R([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"MT880\"\r\n\r\n\r\n| p/Virata-EmWeb/ v/$SUBST(3,"_",".")/ i/Huawei SmartAX MT880 DSL modem UPnP; UPnP $2; Nucleus $1/ d/broadband router/ cpe:/a:virata:emweb:$SUBST(3,"_",".")/a cpe:/h:huawei:smartax_mt880/a
match upnp m|^HTTP/1\.1 400 Bad Request\r\nServer: Linux, UPnP/([\d.]+), (AR\w+) Ver ([\d.]+)\r\n| p/Airlink 101 $2 WAP UPnP/ v/$3/ i/UPnP $1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match upnp m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?SERVER: EPSON_Linux UPnP/([\d.]+) Epson UPnP SDK/([\d.]+)\r\n.*<title>WorkForce ([\w+]+)</title>|s p/Epson WorkForce $3 printer UPnP/ i/UPnP $1; Epson UPnP SDK $2/ d/printer/ o/Linux/ cpe:/h:epson:workforce_$3/ cpe:/o:linux:linux_kernel/a
match upnp m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?SERVER: EPSON_Linux UPnP/([\d.]+) Epson UPnP SDK/([\d.]+)\r\n.*<title>Artisan ([\w+]+)</title>|s p/Epson Artisan $3 printer UPnP/ i/UPnP $1; Epson UPnP SDK $2/ d/printer/ o/Linux/ cpe:/h:epson:artisan_$3/ cpe:/o:linux:linux_kernel/a
match upnp m=^HTTP/1\.1 200 OK\r\n.*SERVER: EPSON_Linux UPnP/([\d.]+) Epson UPnP SDK/([\d.]+)\r\n.*<title>(?:Epson )?(Stylus (?:Office |Photo )?\w+)</title>=s p/Epson $3 printer UPnP/ i/UPnP $1; Epson UPnP SDK $2/ d/printer/ o/Linux/ cpe:/h:epson:$3/ cpe:/o:linux:linux_kernel/
match upnp m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?SERVER: EPSON_Linux UPnP/([\d.]+) Epson UPnP SDK/([\d.]+)\r\n.*<meta name=\"Author\" content=\"SEIKO EPSON\">.*path\.indexOf\(\"/PRESENTATION/HTML/TOP/INDEX\.HTML\", 0\);|s p/Epson Stylus NX230 printer UPnP/ i/UPnP $1; Epson UPnP SDK $2/ d/printer/ o/Linux/ cpe:/h:epson:stylus_nx230/ cpe:/o:linux:linux_kernel/
match upnp m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?SERVER: EPSON_Linux UPnP/([\d.]+) Epson UPnP SDK/([\d.]+)\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01//EN \"\r\n\"http://www\.w3\.org/TR/html4/strict\.dtd\">\r\n<html>\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\r\n<meta name=\"Author\" content=\"SEIKO EPSON\">|s p/Epson WorkForce WF-2540 printer UPnP/ i/UPnP $1; Epson UPnP SDK $2/ d/printer/ o/Linux/ cpe:/h:epson:wf-2540/ cpe:/o:linux:linux_kernel/
match upnp m|^HTTP/1\.1 401 Unauthorized\r\nServer: Unknown/0\.0 UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"WebAdmin\"\r\n|s p/Conexant-EmWeb/ v/$SUBST(2,"_",".")/ i/Billion 740- or 7400-series ADSL router UPnP; UPnP $1/ d/WAP/ cpe:/a:conexant:emweb:$SUBST(2,"_",".")/a
match upnp m|^HTTP/1\.1 \d\d\d.*Server: Unknown/0\.0 UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\n|s p/Conexant-EmWeb/ v/$SUBST(2,"_",".")/ i/UPnP $1/ cpe:/a:conexant:emweb:$SUBST(2,"_",".")/a
match upnp m|^HTTP/1\.1 511 Not Implemented\r\n\r\n$| p/Netgear WGU624 WAP UPnP/ d/WAP/ cpe:/h:netgear:wgu624/
match upnp m|^HTTP/1\.0 404 Not Found\r\nSERVER: PRONET (PN-\w+), UPnP/([\d.]+)\r\nCONTENT-LENGTH: 48\r\nCONTENT-TYPE: text/html\r\n\r\n<html><body><h1>404 Not Found</h1></body></html>$| p/Pronet $1 WAP UPnP/ i/UPnP $2/ d/WAP/ cpe:/h:pronet:$1/
match upnp m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Linux/2\.x UPnP/([\w._-]+) Avtech/([\w._-]+)\r\nConnection: close\r\nLast-Modified: .*..\xbe\x40..\xbe..\x03\r\n|s p/Avtech surveillance camera http config/ v/$2/ i/Linux 2.X; UPnP $1/ o/Linux/ cpe:/o:linux:linux_kernel:2/
match upnp m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Linux/2\.x UPnP/([\w._-]+) Avtech/([\w._-]+)\r\nConnection: close\r\nLast-Modified: .*\xb2\xe8\xbe\x1c\xb2\xe8\xbe\x38\x62\x03\r\n| p/Avtech CPCAM surveillance camera http config/ v/$2/ i/Linux 2.X; UPnP $1/ o/Linux/ cpe:/o:linux:linux_kernel:2/
match upnp m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .* GMT\r\nServer: RTOS/([\w._-]+) UPnP/([\w._]+) ([\w._-]+)\s*/([\w._-]+)\r\nX-AV-Server-Info: av=5\.0; cn=\"Sony Corporation\"; mn=\"BRAVIA | p/Sony Bravia $3 TV DLNA/ v/$4/ i/UPnP $2/ d/media device/ o/RTOS $1/ cpe:/h:sony:bravia_$3:$4/ cpe:/o:greenhills:rtos:$1/
match upnp m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nDate: .*\r\nX-AV-Client-Info: av=5\.0; cn="Sony Corporation"; mn="BRAVIA (KD-[^"]+)";| p/Sony Bravia $1 TV DLNA/ cpe:/h:sony:bravia_$1/
match upnp m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: \r\nContent-Length: 0\r\nConnection: close\r\n\r\n| p/AllShare UPnP/ o/Bada/ cpe:/o:samsung:bada:1.2/
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Linux/i686 UPnP/([\d.]+) DLNADOC/([\d.]+) LGE_DLNA_SDK/([\d.]+)\r\n| p/LG TV upnp/ i/UPnP $1; DLNADOC $2; LGE_DLNA_SDK $3/ o/Linux/ cpe:/o:linux:linux_kernel/a
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nSERVER: Linux/([\w._-]+) UPnP/([\w._-]+) DLNADOC/([\w._-]+) INTEL_NMPR/([\w._-]+) LGE_DLNA_SDK/([\w._-]+)\r\n| p/LG LW5700 TV upnp/ i/UPnP $2; DLNADOC $3; INTEL_NMPR $4; LGE_DLNA_SDK $5/ d/media device/ o/Linux $1/ cpe:/h:lg:lw5700/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.1 500 Internal server error\r\nDATE: .* GMT\r\nSERVER: OpenRG/([\w._-]+) UPnP/([\w._-]+) Actiontec/RG_VERSION\r\nCONNECTION: close\r\n\r\n$| p/Jungo OpenRG upnp/ v/$1/ i/UPnP $2/
# E303s-2, K4201
match upnp m|^HTTP/1\.0 404 Not Found\r\nSERVER: PACKAGE_VERSION HUAWEI, UPnP, HUAWEI SDK for UPnP devices/  \r\nCONTENT-LENGTH: 48\r\nCONTENT-TYPE: text/html\r\n\r\n<html><body><h1>404 Not Found</h1></body></html>$| p/Huawei broadband router upnp/ d/broadband router/ o/VxWorks/ cpe:/o:huawei:vxworks/
match upnp m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html; charset=\"utf-8\"\r\nServer: Linux/([\w._-]+) CyberHTTP/([\d.]+)\r\nContent-Length: 0\r\nDate: .*\r\n\r\n| p/CyberLink upnp/ v/$2/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.1 404 Not Found\r\nDATE: .*\r\nConnection: Keep-Alive\r\nServer: LINUX/([\w._-]+) UPnP/([\d.]+) BRCM400-UPnP/([\d.]+)\r\n| p/Broadcom upnpd/ v/$3/ i/UPnP $2/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.1 404 Not Found\r\nServer: NFLC/([\w._-]+) UPnP/([\w._-]+) DLNADOC/([\w._-]+)\r\n| p/NetFront Living Connect upnpd/ v/$1/ i/UPnP $2; DLNADOC $3/
match upnp m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?SERVER: XboxUpnp/([\w._-]+) UPnP/([\w._-]+) Xbox/2\.0\.(\d+)\.0\r\n|s p/Microsoft Xbox 360 upnpd/ v/$1/ i/UPnP $2; Xbox Dashboard 2.0.$3.0/ o/Xbox 360/ cpe:/h:microsoft:xbox_360_kernel:$3/
match upnp m|^HTTP/1\.1 404 Not Found\r\nSERVER: Linux/([\w._-]+) UPnP/([\w._-]+) Motorola-DLNA-Stack-DLNADOC/([\w._-]+)\r\n| p/Motorola DLNA Stack upnpd/ i/UPnP $2; DLNA $3/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.0 404 Not Found\r\nSERVER: ipos/([\w._-]+) UPnP/([\w._-]+) (RNX-[\w._-]+)/1\.0\r\n| p/ipOS upnpd/ i/Rosewill $3; UPnP $2/ d/broadband router/ o/ipOS $1/ cpe:/h:rosewill:$3/ cpe:/o:ubicom:ipos:$1/
match upnp m|^HTTP/1\.0 404 Not Found\r\nSERVER: ipos/([\w._-]+) UPnP/([\w._-]+) (TL-[\w._-]+)/1\.0\r\n| p/ipOS upnpd/ i/TP-LINK $3; UPnP $2/ d/broadband router/ o/ipOS $1/ cpe:/h:tp-link:$3/ cpe:/o:ubicom:ipos:$1/
match upnp m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: UPnP/([\w._-]+) DLNADOC/([\w._-]+) Allwinnertech/([\w._-]+)\r\n\r\n|s p/AllWinner upnpd/ v/$3/ i/UPnP $1; DLNADOC $2/
match upnp m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: \d+\r\nServer: Linux (([234]\.[\d.]+)[\w._-]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) ReadyDLNA/([\w._-]+)\r\n| p/ReadyDLNA/ v/$5/ i/Linux $1; DLNADOC $3; UPnP $4/ o/Linux/ cpe:/o:linux:linux_kernel:$2/
match upnp m|^HTTP/1\.0 404 Not Found\r\nSERVER: Roteador Wireless (WR\w+), UPnP/([\d.]+)\r\n| p/Intelbras $1 upnpd/ i/UPnP $2/ d/WAP/
match upnp m|^HTTP/1\.0 500 Internal Server Error\r\nContent-Type: text/xml\r\nContent-Language: en\r\nServer: WinRoute ([\w._-]+) UPnP/([\w._-]+) module\r\n| p/Kerio WinRoute UPnP module/ v/$1/ i/UPnP $2/ o/Windows/ cpe:/o:microsoft:windows/a
match upnp m|^HTTP/1\.1 (?:[^\r\n]*\r\n(?!\r\n))*?SERVER: IPI/([\w._-]+) UPnP/([\w._-]+) DLNADOC/([\w._-]+)\r\n|s p/IPI Media Renderer upnpd/ v/$1/ i/UPnP $2; DLNADOC $3/ cpe:/a:ip_infusion:media_renderer:$1/
match upnp m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nDate: .*\r\nX-AV-Client-Info: av=5\.0; cn=\"Sony Ericsson\"; mn=\"([^"]+)\"; mv=\"2\.0\";\r\n\r\n| p/Sony Ericsson $1 UPnP AV client/ d/phone/
match upnp m|^HTTP/1\.0 404 Not Found\r\nSERVER: Wireless [\w+] Router ([\w._-]+), UPnP/1\.0\r\n| p/TP-LINK $1 upnpd/ d/WAP/ cpe:/h:tp-link:$1/
match upnp m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .* GMT\r\nRealTimeInfo\.dlna\.org: DLNA\.ORG_TLAG=\*\r\nSERVER: BH\r\n\r\n| p|Osmosys BH/DLNA Media Server| d/media device/ cpe:/a:osmosys:bh_dlna_media_server/
match upnp m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/xml\r\nConnection: close\r\nContent-Length: 127\r\nServer: \w+ Wireless [\w/] Router ([\w-]+), UPnP/1\.0\r\n\r\n<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>Invalid device or service descriptor !\r\n</BODY></HTML>\r\n| p/Fast $1 WAP upnpd/ d/WAP/ cpe:/h:fast:$1/
match upnp m=^HTTP/1\.1 400 Bad Request\r\nS(?:ERVER|erver): HDHomeRun/([\w._-]+) UPnP/([\w._-]+)\r\n= p/SiliconDust HDHomeRun set top box upnpd/ v/$1/ i/UPnP $2/ d/media device/ cpe:/h:silicondust:hdhomerun/
match upnp m|^HTTP/1\.0 404 Not Found\r\nSERVER: Linux/([\w._-]+) UPnP/([\d.]+) NDS_MHF DLNADOC/([\d.]+)\r\n\r\n| p/Samsung UPC Horizon TV upnpd/ i/Linux $1; UPnP $2; DLNADOC $3/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel:$1/a
match upnp m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-type: text/html\r\nServer: Linux UPnP/([\d.]+) Sonos/([\w._-]+) \(([^)]+)\)\r\nConnection: close\r\n\r\n|s p/Sonos upnpd/ v/$2/ i/UPnP $1; model $3/ o/Linux/ cpe:/o:linux:linux_kernel/a
# formerly XBMC
match upnp m|^HTTP/1\.1 (?:[^\r\n]*\r\n(?!\r\n))*?Server: UPnP/([\d.]+) DLNADOC/([\d.]+) Kodi\r\n|s p/Kodi upnpd/ i/UPnP $1; DLNADOC $2/
match upnp m=^HTTP/1\.1 404 Not Found\r\nSERVER: Linux/((2\.[46]\.\d+|\d\.\d+)\S*) UPnP/([\d.]+) DiXiM/([\d.]+)\r\n= p/DiXiM upnpd/ v/$4/ i/UPnP $3; Linux $1/ o/Linux/ cpe:/a:digion:dixim_media_player:$4/ cpe:/o:linux:linux_kernel:$2/
match upnp m=HTTP/1\.0 404 Not Found\r\nSERVER: TP-LINK (?:Portable )?Wireless (?:(?:Lite )?(?:N|G) (?:3G(?:/4G)? )?)?(?:Dual Band |Nano )?(?:Gigabit )?(?:AP|Router|Access Point|Range Extender) ([\w /+-]+), UPnP/([\d.]+)\r\n= p/TP-LINK $1 WAP upnpd/ i/UPnP $2/ d/WAP/ cpe:/h:tp-link:$1/a
match upnp m|^HTTP/1\.1 400 Bad Request\r\nServer: Linux, UPnP/([\d.]+), (DAP-\d+) Ver ([\d.]+)\r\n| p/D-Link $2 WAP upnpd/ v/$3/ i/UPnP $1/ cpe:/h:dlink:$2/a
match upnp m|^HTTP/1\.1 412 Precondition Failed\r\nDate: .*\r\nContent-Length: 0\r\nConnection: close\r\nServer: ([^,]+), UPnP/([\d.]+) DLNADOC/([\d.]+), KooRaRoo Media Server/([\d.]+)\r\n\r\n| p/KooRaRoo upnpd/ v/$4/ i/UPnP $2; DLNADOC $3/ o/$1/ cpe:/a:shv-tal:kooraroo:$4/
# Unsure of device type, have seen this one on P6 phone.
match upnp m|^HTTP/1\.1 400 Bad Request\r\nSERVER: Linux/([\d.]+)-\w+-\w+ UPnP/([\d.]+) HUAWEI_iCOS/iCOS V1R1C00\r\nCONNECTION: close\r\nCONTENT-LENGTH: 50\r\nCONTENT-TYPE: text/html\r\n\r\n<html><body><h1>400 Bad Request</h1></body></html>| p/Huawei iCOS upnpd/ i/UPnP $2/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/a
match upnp m|^HTTP/1\.0 400 Bad Request \r\nCONTENT-TYPE: text/xml; charset="utf-8" \r\nSERVER: UPnP/([\d.]+) Samsung AllShare Server/([\d.]+) \r\nCONTENT-LENGTH: \d+ \r\n\r\n| p/Samsung AllShare upnpd/ v/$2/ i/UPnP $1/ cpe:/a:samsung:allshare_server:$2/
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nCONTENT-TYPE: text/xml; charset="utf-8"\r\nDATE: .*\r\nEXT: \r\nSERVER: UPnP/([\d.]+) AwoX/([\d.]+)\r\nCONTENT-LENGTH: 0\r\n| p/AwoX upnpd/ v/$2/ i/UPnP $1/
match upnp m|^HTTP/1\.0 \d\d\d .*\r\nSERVER: TP-LINK SMB (TL-[\w]+), UPnP/([\d.]+)\r\nCONTENT-LENGTH: \d+\r\nCONTENT-TYPE: text/html\r\n\r\n| p/TP-LINK upnpd/ i/model: $1; UPnP $2/ cpe:/h:tp-link:$1/
match upnp m|^HTTP/1\.0 \d\d\d .*\r\nSERVER: AIT Multimedia Network Solution, UPnP/([\d.]+) devices/([\d.]+)\r\n| p/AIT Multimedia Network Solution/ v/$2/ i/UPnP $1; Polaroid Cube camera/
match upnp m=^HTTP/1\.1 200 OK\r.*\nS(?:erver|ERVER): (Windows_[^-]+)_(R\d+)-([^-]+)-[\d.]+, UPnP/([\d.]+), UMS/([\d.]+)\r\n=s p/Universal Media Server/ v/$5/ i/arch: $3; UPnP $4/ o/$SUBST(1,"_"," ") $2/ cpe:/a:universal_media_server:universal_media_server:$5/ cpe:/o:microsoft:$1:$2/
match upnp m=^HTTP/1\.1 200 OK\r.*\nS(?:erver|ERVER): (Windows_[^-]+)-([^-]+)-[\d.]+, UPnP/([\d.]+), UMS/([\d.]+)\r\n=s p/Universal Media Server/ v/$4/ i/arch: $2; UPnP $3/ o/$SUBST(1,"_"," ")/ cpe:/a:universal_media_server:universal_media_server:$4/ cpe:/o:microsoft:$1/
match upnp m=^HTTP/1\.1 200 OK\r.*\nS(?:erver|ERVER): Linux-([^-]+)-(\d.[\w._-]+), UPnP/([\d.]+), UMS/([\d.]+)\r\n=s p/Universal Media Server/ v/$4/ i/arch: $1; UPnP $3/ o/Linux $2/ cpe:/a:universal_media_server:universal_media_server:$4/ cpe:/o:linux:linux_kernel:$2/a
match upnp m=^HTTP/1\.1 200 OK\r.*\nS(?:erver|ERVER): Linux-([^-]+)-(\d.[\w._-]+), UPnP/([\d.]+) DLNADOC/([\d.]+), UMS/([\d.]+)\r\n=s p/Universal Media Server/ v/$5/ i/arch: $1; UPnP $3; DLNADOC $4/ o/Linux $2/ cpe:/a:universal_media_server:universal_media_server:$4/ cpe:/o:linux:linux_kernel:$2/a
match upnp m=^HTTP/1\.1 200 OK\r.*\nS(?:erver|ERVER): Mac_OS_X-([^-]+)-(\d.[\w._-]+), UPnP/([\d.]+), UMS/([\d.]+)\r\n=s p/Universal Media Server/ v/$4/ i/arch: $1; UPnP $3/ o/Mac OS X $2/ cpe:/a:universal_media_server:universal_media_server:$4/ cpe:/o:apple:mac_os_x:$2/
match upnp m|^HTTP/1\.1 412 Failed\r\nServer: WINDOWS UPnP/([\d.]+) Intel MicroStack/([\d.]+)\r\nContent-Length: 0\r\n\r\n| p/Intel Developer Tools for UPnP upnpd/ v/$2/ i/UPnP $1/ o/Windows/ cpe:/a:intel:developer_tools_for_upnp:$2/ cpe:/o:microsoft:windows/a
match upnp m|^HTTP/1\.1 200 OK\r\nDate: Sun, 31 Jul 2016 13:02:01 GMT\r\nServer: Linux/([ix][\w_]+) UPnP/([\d.]+) SST/1\.0 /\r\n| p/LG SST Device upnpd/ i/UPnP $2; arch: $1/
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nDLNADeviceName\.lge\.com: %5bLG%5d%20webOS%20TV%20([\w-]+)\r\nDate: .*\r\nServer: Linux/i686 UPnP/([\d,.]+) DLNADOC/([\d.]+) LGE WebOS TV/Version ([\d.]+)\r\n| p/LG WebOS TV upnpd/ i/model: $1; WebOS $4; UPnP $SUBST(2,",","."); DLNADOC $3/ d/media device/ o/Linux/ cpe:/h:lg:$1/ cpe:/o:linux:linux_kernel/a
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Neptune/([\d.]+)\r\nDLNADeviceName\.lge\.com: %5bTV%5d%5bLG%5d([\w-]+)\r\n| p/Platinum upnpd/ i/LG TV model: $2; Neptune $1/ d/media device/ o/Linux/ cpe:/a:plutinosoft:neptune:$1/ cpe:/a:plutinosoft:platinum/ cpe:/h:lg:$2/ cpe:/o:linux:linux_kernel/a
match upnp m|^HTTP/1\.1 200 OK\r\nCONTENT-TYPE:  text/xml; charset="utf-8"\r\nServer: Mac OS X, UPnP/([\d.]+), Elgato EyeConnect/([\d.]+)\r\n\r\n<\?xml version="1\.0" encoding="utf-8"\?>\n.*<friendlyName>EyeConnect \(([\w._-]+)\)</friendlyName>|s p/Elgato EyeConnect media server upnpd/ v/$2/ i/UPnP $1/ o/OS X/ h/$3/ cpe:/a:elgato:eyeconnect:$2/ cpe:/o:apple:mac_os_x/a
match upnp m|^HTTP/1\.1 200 OK\r\nContent-Type: text/xml\r\nDate: [^\r\n]*\r\nExpires: [^\r\n]*\r\nLast-Modified: [^\r\n]*\r\nPragma: no-cache\r\nServer: WebServer/1\.0 UPnP/([\d.]+)\r\n\r\n<\?xml version="1\.0"\?>\n.*<manufacturer>ZTE</manufacturer>\n.*<modelName>([^<]+)</modelName>|s p/ZTE $2 router upnpd/ i/UPnP $1/ d/broadband router/ cpe:/h:zte:$2/a
match upnp m|^HTTP/1\.0 500 Internal Server Error\r\nSERVER: Unspecified, UPnP/([\d.]+), SoftAtHome\r\n| p/SoftAtHome upnpd/ i/UPnP $1/
match upnp m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Linux_Android_ARM/4\.0 UPnP/([\d.]+) DLNADOC/([\d.]+) EShare/([\d.]+)\r\n|s p/EShare upnpd/ v/$3/ i/UPnP $1; DLNADOC $2/ o/Android/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
match upnp m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: WebOS/([\d.]+) UPnP/([\d.]+)\r\n.*<manufacturer>LG Electronics</manufacturer>|s p/LG WebOS upnpd/ i/WebOS $1; UPnP $2/ d/media device/
# Several internet radios
match upnp m|^HTTP/1\.1 412 Failed\r\nServer: FSL DLNADOC/([\d.]+) UPnP Stack/1\.0\r\nContent-Length: 0\r\n\r\n| p/FSL upnpd/ i/DLNADOC $1/ d/media device/
match upnp m|^HTTP/1\.1 412 Precondition Failed\r\nDate: .*\r\nContent-Length: 0\r\nConnection: close\r\nServer: Audi-MIB2HIGH-(G\d+)/([\d.]+) DLNADOC/([\d.]+)/1\r\n\r\n| p/Audi MIB High $1 entertainment system/ v/$2/ i/DLNADOC $3/
match upnp m|^HTTP/1\.1 200 OK\r\nCONTENT-TYPE: text/xml\r\nContent-Length: \d+\r\n\r\n<\?xml version="1\.0" encoding="utf-8"\?>\r\n<root xmlns="urn:schemas-upnp-org:device-1-0">\r\n.*<friendlyName>Stream What You Hear \(([^)]+)\):|s p/Stream What You Hear unpnd/ o/Windows/ h/$1/ cpe:/a:sebastian_warin:streamwhatyouhear/ cpe:/o:microsoft:windows/a
match upnp m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nAccept-Ranges: bytes\r\nConnection: close\r\nDATE: .*\r\ncontentFeatures\.dlna\.org: \r\ntransferMode\.dlna\.org: \r\nEXT:\r\nServer: Linux/(\d[\d.]+)SR[\d_]+, UPnP/([\d.]+), SmartStor Media Server/([\d.]+)\r\n\r\n<\?xml version="1\.0" encoding="UTF-8"\?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" \nhttp://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\n<html>\n<script :language="javascript">\nthis\.location = "http://[^"]*"\n</script>\n<h1>system information</h1>\n<p>\nVersion: [\d.]+<br />\nHostname: ([\w.-]+)<br />\nOS: Linux [^<]*<br />\nSQLite: ([\d.]+)\n</p>| p/Promise SmartStor Media Server/ v/$3/ i/UPnP $2; SQLite $5/ d/storage-misc/ o/Linux $1/ h/$4/ cpe:/a:promise:smartstor_media_server:$3/ cpe:/a:sqlite:sqlite:$5/ cpe:/o:linux:linux_kernel:$1/a

softmatch upnp m|^HTTP/1.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server:[^\r\n]*UPnP/1.0|si

match upnp m|^HTTP/1\.1 200 OK\r\ncontent-length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n<\?xml version="1\.0"\?>\n<root xmlns="urn:schemas-wink-com:device-1-0">\n<specVersion>\n<major>1</major>\n<minor>0</minor>\n</specVersion>\n<URLBase>https://[^<]+</URLBase>\n<device>\n<deviceType>urn:wink-com:device:hub:([^<:]+)</deviceType>\n| p/Wink Hub $1 API httpd/ d/specialized/ cpe:/h:wink:hub_$1/
match upnp m|^HTTP/1\.0 200 OK\nCache-Control: no-cache\nExpires: -1\nDate: \d\d\d\d/\d\d/\d\d \d\d:\d\d:\d\d\.\d+\n.*<deviceType>urn:domotz:fingbox:([\d.]+)<|s p/Domotz Fingbox upnpd/ v/$1/ cpe:/a:domotz:fingbox_agent:$1/
softmatch upnp m|^HTTP/1\.[01].*xmlns=["']urn:schemas-upnp-org:device-1-0["']|s

# UUCP 1.06.2 on Linux 2.4.X
# Taylor UUCP 1.06.2 on Slackware
match uucp m|^login: Password:$| p/Taylor uucpd/
# uucico prompt does not have space after "Password:",
# but Debian-contributed in.uucpd calls pam_authenticate, which does.
match uucp m|^login: Password: $| p/Debian in.uucpd, probably Taylor uucpd/ i/PAM auth/ o/Linux/ cpe:/o:debian:debian_linux/ cpe:/o:linux:linux_kernel/
match uucp m|^login: Login incorrect\.$| p/Solaris uucpd/ o/Solaris/ cpe:/o:sun:sunos/a

# Veritas Netbackup client v.3.4
# Veritas Netbackup 4.5 Java listener
match netbackup m|^1000      2\n43\nunexpected message received\n$| p/Veritas Netbackup java listener/ cpe:/a:symantec:veritas_netbackup/

# Veritas Backup Exec 9.0 on Windows
match ndmp m|^\x80\0\0\$\0\0\0\x01....\0\0\0\0\0\0\x05\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x03\0\0\0\0|s p/Veritas Backup Exec ndmp/ v/9.0/ cpe:/a:symantec:veritas_backup_exec:9.0/
# Possibly a different version? -Doug
match ndmp m|^\x80\0\0\$\0\0\0\x01....\0\0\0\0\0\0\x05\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02\0\0\0\0|s p/Veritas Backup Exec ndmp/ cpe:/a:symantec:veritas_backup_exec/

# DAZ Studio 4.5, port 27997
match valentinadb m|^dddd\0\0\0\0\0\0\0\x0b\xf2\xf2\xf2\xf2\0\0\0_\0\0\0\0\0\0\0\0\0\0\0\0\0F\0\0\0\x02\0\0\0=\0\x08%\x15\0\0\0\x1a\0R\0e\0c\0e\0i\0v\0e\0d\0 \0p\0a\0c\0k\0e\0t\0 \0i\0s\0 \0b\0r\0o\0k\0e\0n\0\.\0\xf4\xf4\xf4\xf4| p/Valentina DB/

match vnc-http m|^HTTP/1\.1 200 OK\r\nServer: RealVNC/([-.\w]+)\r\n.*<APPLET CODE="?vncviewer/VNCViewer\.class"? ARCHIVE="?vncviewer\.jar"?\r?\n *WIDTH="?(\d+)"? HEIGHT="?(\d+)"?>\r?\n<PARAM name=\"port\" value=\"(\d+)\">\r?\n</APPLET>|si p/RealVNC/ v/$1/ i/resolution: $2x$3; VNC TCP port: $4/ cpe:/a:realvnc:realvnc:$1/
# Sometimes extra HTTP crap pushes the extra info out of the header we capture:
match vnc-http m|^HTTP/1\.1 200 OK\r\nServer: RealVNC/([-.\w]+)\r\n| p/RealVNC/ v/$1/ cpe:/a:realvnc:realvnc:$1/
match vnc-http m|^HTTP/1\.1 200 OK\r\nServer: RealVNC-x0vncserver/([\w._ ()-]+)\r\n.*<applet code=\"vncviewer/VNCViewer\.class\" archive=\"vncviewer\.jar\"\n        width=\"(\d+)\" height=\"(\d+)\">\n<param name=\"port\" value=\"(\d+)\">|s p/RealVNC x0vncserver/ v/$1/ i/resolution: $2x$3; VNC TCP port $4/ cpe:/a:realvnc:realvnc:$1/

match vnc-http m|^HTTP/1\.1 200 OK\r\nServer: VNC Server Enterprise Edition/E([\w._-]+) \(r(\d+)\)\r\n.*<applet code=\"vncviewer/VNCViewer\.class\" archive=\"vncviewer\.jar\"\r\n        width=\"(\d+)\" height=\"(\d+)\">\r\n<param name=\"port\" value=\"(\d+)\">|s p/VNC Server Enterprise Edition httpd/ v/$1 r$2/ i/resolution: $3x$4; VNC port $5/ cpe:/a:realvnc:realvnc:$1::enterprise/
match vnc-http m|^HTTP/1\.1 200 OK\r\nServer: VNC Server Personal Edition/P([\w._-]+) \(r(\d+)\)\r\n.*<applet code=\"vncviewer/VNCViewer\.class\" archive=\"vncviewer\.jar\"\r\n        width=\"(\d+)\" height=\"(\d+)\">\r\n<param name=\"port\" value=\"(\d+)\">|s p/VNC Server Personal Edition httpd/ v/$1 r$2/ i/resolution: $3x$4; VNC port $5/ cpe:/a:realvnc:realvnc:$1::personal/

# RealVNC Unknown Version
match vnc-http m|^HTTP/1\.0 200 OK\n\n<HTML><TITLE>VNC desktop</TITLE>\n<APPLET CODE=vncviewer\.class ARCHIVE=vncviewer\.jar WIDTH=(\d+) HEIGHT=(\d+)>\n<param name=PORT value=(\d+)></APPLET></HTML>\n| p/RealVNC/ i/resolution: $1x$2; VNC TCP port: $3/ cpe:/a:realvnc:realvnc/

# TightVNC Server version 1.2.2 HTTP on Windows 2000 SP2
match vnc-http m|^HTTP/1\.0 200 OK\n\n<HTML><TITLE>TightVNC desktop \[([-.\w]+)\]</TITLE>\n<APPLET CODE=vncviewer\.class ARCHIVE=vncviewer\.jar WIDTH=(\d+) HEIGHT=(\d+)>\n<param name=PORT value=(\d+)>| p/TightVNC/ v/1.2.2/ i/resolution: $2x$3; VNC TCP port: $4/ h/$1/ cpe:/a:tightvnc:tightvnc:1.2.2/a
# Tightvnc-1.2.3
match vnc-http m|^HTTP/1\.0 404 Not found\n\n<HEAD><TITLE>File Not Found</TITLE></HEAD>\n<BODY><H1>File Not Found</H1></BODY>\n$| p/TightVNC/ cpe:/a:tightvnc:tightvnc/a
# Tightvnc 1.2.3
match vnc-http m|^HTTP/1\.0 200 OK\n\n<HTML><TITLE>TightVNC desktop \[([-.\w]+)\]</TITLE>\n<APPLET CODE=VncViewer\.class ARCHIVE=VncViewer\.jar WIDTH=(\d+) HEIGHT=(\d+)>\n<param name=PORT value=(\d+)>| p/TightVNC/ v/1.2.3/ i/user: $1; resolution: $2x$3; VNC TCP port: $4/ cpe:/a:tightvnc:tightvnc:1.2.3/a
# TightVNC 1.2.6
match vnc-http m|^HTTP/1\.0 200 OK\n\n<HTML>\n  <HEAD><TITLE>TightVNC desktop \[[-.\w]+\]| p/TightVNC/ cpe:/a:tightvnc:tightvnc/a
# TightVNC 1.2.8
match vnc-http m|^HTTP/1\.0 200 OK[\r\n]*.*<!-- \n     index\.vnc - default HTML page for TightVNC Java viewer applet, to be\n     used with Xvnc\. On any file ending in \.vnc, the HTTP server embedded in\n     Xvnc will substitute the following variables when preceded by a dollar:\n     USER, DESKTOP, DISPLAY, APPLETWIDTH, APPLETHEIGHT, WIDTH, HEIGHT, PORT,\n.*<TITLE>\n(\w+)'s X desktop.*<APPLET CODE=VncViewer\.class ARCHIVE=VncViewer\.jar\n        WIDTH=(\d+) HEIGHT=(\d+)>\n<param name=PORT value=(\d+)>\n\n</APPLET>|s p/TightVNC/ v/1.2.8/ i/user: $1; resolution: $2x$3; VNC TCP port: $4/ cpe:/a:tightvnc:tightvnc:1.2.8/a
# TightVNC 1.2.8 - I guess it gets cut off sometimes?
match vnc-http m|^HTTP/1\.0 200 OK[\r\n]*.*<!-- \n     index\.vnc - default HTML page for TightVNC Java viewer applet, to be\n     used with Xvnc\. On any file ending in \.vnc, the HTTP server embedded in\n     Xvnc will substitute the following variables when preceded by a dollar:\n     USER, DESKTOP, DISPLAY, APPLETWIDTH, APPLETHEIGHT, WIDTH, HEIGHT, PORT,\n|s p/TightVNC/ v/1.2.8/ cpe:/a:tightvnc:tightvnc:1.2.8/a
# TightVNC 1.2.9
match vnc-http m|^HTTP/1\.0 200 OK\n.*<HTML><HEAD><TITLE>Remote Desktop</TITLE></HEAD>\n<BODY>\n<APPLET CODE=VncViewer\.class ARCHIVE=VncViewer\.jar WIDTH=(\d+) HEIGHT=(\d+)>\n\t<param name=PORT value=(\d+)>\n</APPLET>\n</BODY></HTML>\n|s p/TightVNC/ v/1.2.9/ i/resolution: $1x$2; VNC TCP port $3/ cpe:/a:tightvnc:tightvnc:1.2.9/a
# NetWare VNCServer
match vnc-http m|^HTTP/1\.0 200 OK\n.*<!-- \r\n     index\.vnc - default HTML page for TightVNC Java viewer applet, to be.*<TITLE>\r\n([\d\w]+) - NetWare VNCServer desktop.*<APPLET CODE=VncViewer\.class ARCHIVE=VncViewer\.jar\r\n *WIDTH=(\d+) HEIGHT=(\d+)>\r\n<param name=PORT value=(\d+)>|s p/NetWare VNC Desktop/ i/user: $1; resolution: $2x$3; VNC TCP port: $4/
# WinVNC 3.3.7 Build Mar 5 2003
match vnc-http m|^HTTP/1\.0 200 OK\r\n\r\n<HTML><TITLE>VNC desktop \[([-.\w]+)\]</TITLE>\n<APPLET CODE=vncviewer\.class ARCHIVE=vncviewer\.jar WIDTH=(\d+) HEIGHT=(\d+)>\n<param name=PORT value=(\d+)| p/WinVNC/ v/3.3.7/ i/Server: $1; resolution: $2x$3; VNC TCP port: $4/
# WinVNC 3.3.3
# Tight VNC 1.5.2
match vnc-http m|^HTTP/1\.0 200 OK\n\n<HTML><TITLE>VNC desktop \[([-.\w]+)\]</TITLE>\n<APPLET CODE=vncviewer\.class ARCHIVE=vncviewer\.jar WIDTH=(\d+) HEIGHT=(\d+)>\n<param name=PORT value=(\d+)></APPLET></HTML>\n$| p/WinVNC/ i/Server: $1; resolution: $2x$3; VNC TCP port: $4; May be standard or TightVNC/
match vnc-http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\n\r\n<HTML>\r\n  <HEAD><TITLE>Siemens Sm@rtClient Desktop \[WinVNC\]</TITLE></HEAD>\r\n  <BODY>\r\n<APPLET CODE=VncViewer\.class ARCHIVE=VncViewer\.jar WIDTH=(\d+) HEIGHT=(\d+)>\r\n           <PARAM NAME=\"PORT\" VALUE=\"(\d+)\">\r\n    </APPLET><BR>\r\n  </BODY>\r\n</HTML>\r\n| p/WinVNC/ i/Siemens Sm@rtClient Desktop; resolution $1x$2; VNC TCP port: $3/
# Ultr@VNC Win32 v1.0.9 - HTTP
match vnc-http m|^HTTP/1\.0 200 OK\n\n<HTML>\n  <HEAD><TITLE>Ultr@VNC Desktop \[[-. \w]+\] ------- Ultr@VNC Home Page is  http://ultravnc\.sf\.net -------</TITLE></HEAD>\n  <BODY>\n  <SPAN style='position: absolute; top:0px;left:0px'>\n    <APPLET CODE=VncViewer\.class ARCHIVE=VncViewer\.jar WIDTH=(\d+) HEIGHT=(\d+)>\n      <PARAM NAME=PORT VALUE=(\d+)>\n      <PARAM NAME=ENCODING VALUE=Tight>\n    </APPLET>  </SPAN>\n  </BODY>\n| p/Ultr@VNC/ i/resolution: $1x$2; VNC TCP port: $3/ cpe:/a:ultravnc:ultravnc/
match vnc-http m|^HTTP/1\.0 200 OK\n\n<HTML>\n  <HEAD><TITLE> \[([-. \w]+)\] </TITLE></HEAD>\n  <BODY>\n  <SPAN style='position: absolute; top:0px;left:0px'>\n    <APPLET CODE=VncViewer\.class ARCHIVE=VncViewer\.jar WIDTH=(\d+) HEIGHT=(\d+)>\n      <PARAM NAME=PORT VALUE=(\d+)>\n      <PARAM NAME=ENCODING VALUE=Tight>\n    </APPLET>  </SPAN>\n  </BODY>\n</HTML>\n| p/Ultr@VNC/ i/Name $1; resolution: $2x$3; VNC TCP port: $4/ cpe:/a:ultravnc:ultravnc/
match vnc-http m|^HTTP/1\.0 200 OK\n\n<HTML>\n  <HEAD><TITLE> \[([-. \w]+)\] </TITLE></HEAD>\n  <BODY>\n  <SPAN style='position: absolute; top:0px;left:0px'>\n<OBJECT \n    ID='VncViewer'\n.*WIDTH = (\d+) HEIGHT = (\d+) >.*<PARAM NAME = PORT VALUE=(\d+)>|s p/Ultr@VNC/ i/Name $1; resolution: $2x$3; VNC TCP port: $4/ cpe:/a:ultravnc:ultravnc/
# VNC to java display applet over http. Final AT&T release
match vnc-http m|^HTTP/1\.0 200 .*<!-- index\.vnc - default html page for Java VNC viewer applet.*<TITLE>\n([\w._-]+)'s .*<APPLET CODE=vncviewer\.class ARCHIVE=vncviewer\.jar.*WIDTH=(\d+).*HEIGHT=(\d+).*name=PORT value=(\d+)|s p/AT&T VNC/ i/user: $1; resolution: $2x$3; VNC TCP port $4/
match vnc-http m|^HTTP/1\.0 200 OK\r\n.*<!-- index\.vnc - default html page for Java VNC viewer applet\..*<TITLE>\n\?'s Android desktop \(([\w._-]+):1\)\n</TITLE>\n<APPLET CODE=VncViewer\.class ARCHIVE=VncViewer\.jar\n        WIDTH=(\d+) HEIGHT=(\d+)>\n<param name=PORT value=(\d+)>.*Further help: <BR>\n<A href=\"http://onaips\.blogspot\.com/\">oNaiPs Blog</A><BR>\n<A href=\"http://www\.tightvnc\.com/\">www\.TightVNC\.com</A>\n</HTML>\n$|s p/Android VNC Server/ i/resolution: $2x$3; VNC TCP port $4/ h/$1/
# KDE Built-in VNC Server
match vnc-http m|^HTTP/1\.0 200 OK\n.*<HTML><HEAD><TITLE>(.*)'s desktop</TITLE></HEAD>\n<BODY>\n<APPLET CODE=(?:vncviewer/)?[vV][nN][cC][vV]iewer\.class ARCHIVE=[vV]nc[vV]iewer\.jar WIDTH=(\d+) HEIGHT=(\d+)>\n\t<param name=PORT value=(\d+)>\n</APPLET>\n</BODY></HTML>\n|s p/Synergy VNC/ i/user: $1; resolution: $2x$3; VNC TCP port: $4/
match vnc-http m|^HTTP/1\.0 200 OK\n\n.*<TITLE>eSVNC Desktop \[([\w._-]+)\]</TITLE>.*<APPLET CODE=VncViewer\.class ARCHIVE=VncViewer\.jar WIDTH=(\d+) HEIGHT=(\d+)>.*<PARAM NAME=PORT VALUE=(\d+)>|s p/eSVNC/ i/resolution: $2x$3; VNC TCP port $4/ h/$1/
match vnc-http m|^HTTP/1\.0 200 OK\r\n.*<TITLE>\n([\w._-]+)'s [\w._:-]+ desktop \([\w._:-]+\)\n</TITLE>\n<APPLET CODE=VncViewer\.class ARCHIVE=VncViewer\.jar\n        WIDTH=(\d+) HEIGHT=(\d+)>\n<param name=PORT value=(\d+)>\n<param name=\"Open New Window\" value=yes>\n</APPLET>\n<BR>\n<A href=\"http://www\.tightvnc\.com/\">|s p/X11VNC/ i/user: $1; Resolution $2x$3; VNC TCP port: $4/
match vnc-http m|^HTTP/1\.0 200 OK\r\n.*<TITLE>TightVNC desktop \[([\w._-]+)\]</TITLE>.*<APPLET ARCHIVE=\"VncViewer\.jar\" CODE=VncViewer WIDTH=1 HEIGHT=1>\n      <PARAM NAME=\"PORT\" VALUE=\"(\d+)\">\n      <PARAM NAME=\"Open new window\" VALUE=\"YES\">\n\n    </APPLET><BR>\n    <A HREF=\"http://www\.tightvnc\.com/\">|s p/TightVNC/ i/user: $1; VNC TCP port: $2/ cpe:/a:tightvnc:tightvnc/a
match vnc-http m|^HTTP/1\.0 200 OK\r\n.*<TITLE>TightVNC desktop \[([\w._-]+)\]</TITLE>.*<APPLET ARCHIVE=\"tightvnc-jviewer\.jar\" CODE=\"com\.glavsoft\.viewer\.Viewer\" WIDTH=1 HEIGHT=1>\n      <PARAM NAME=\"PORT\" VALUE=\"(\d+)\">\n      <PARAM NAME=\"OpenNewWindow\" VALUE=\"YES\">\n\n    </APPLET><BR>\n    <A HREF=\"http://www\.tightvnc\.com/\">|s p/TightVNC/ i/user: $1; VNC TCP port: $2/ cpe:/a:tightvnc:tightvnc/a
# match vnc-http m|^HTTP/1\.0 200 OK\r\n.*<TITLE>TightVNC desktop \[([\w._-]+)\]</TITLE>.*<APPLET ARCHIVE=\"tightvnc-jviewer\.jar\" CODE=\"com\.glavsoft\.viewer\.Viewer\" WIDTH=1 HEIGHT=1>\n      <PARAM NAME=\"PORT\" VALUE=\"(\d+)\">\n      <PARAM NAME=\"OpenNewWindow\" VALUE=\"YES\">\n\n    </APPLET><BR>\n    <A HREF=\"http://www\.tightvnc\.com/\">www\.TightVNC\.com</A>\n  </BODY>\n</HTML>\n| p/xxx/
match vnc-http m|^HTTP/1\.0 200 OK\r\n.*<TITLE>GeekBuddyRSP desktop \[([^]]+)\]</TITLE>.*<APPLET ARCHIVE=\"tightvnc-jviewer\.jar\" CODE=\"com\.glavsoft\.viewer\.Viewer\" WIDTH=1 HEIGHT=1>\n      <PARAM NAME=\"PORT\" VALUE=\"(\d+)\">\n|s p/TightVNC/ i/Comodo GeekBuddy; user: $1; VNC TCP port: $2/ cpe:/a:tightvnc:tightvnc/a
match vnc-http m|^HTTP/1\.0 200 OK\n\n<HTML>\n<TITLE>VNC desktop \[[\d.]+\]</TITLE>\n<APPLET CODE=vncviewer\.class ARCHIVE=vncviewer\.jar WIDTH=(\d+) HEIGHT=(\d+)>\n<param name=PORT value=(\d+)>\n</APPLET>\n</HTML>\n| p/Wyse Winterm 1200 LE terminal/ i/resolution: $1x$2; VNC TCP port $3/ d/terminal/
match vnc-http m|^HTTP/1\.1 \d\d\d .*\r\nServer: TigerVNC/([\w._-]+)\r\n| p/TigerVNC/ v/$1/ cpe:/a:tigervnc:tigervnc:$1/
match vnc-http m|^HTTP/1\.0 404 Not found\r\n\r\n<html><head><title>File Not Found</title></head>\n<body><h1>File Not Found</h1></body></html\n$| p/x11vnc/
match vnc-http m|^HTTP/1\.0 200 OK\n\n<HTML>\n  <HEAD><TITLE> \[[\w._-]+\] </TITLE></HEAD>\n  <BODY>\n  <SPAN style='position: absolute; top:0px;left:0px'>\n<OBJECT \n    ID='AxedaDesktopViewer'\n    classid = 'clsid:8AD9C840-044E-11D1-B3E9-00805F499D93'\n    codebase = 'http://java\.sun\.com/update/1\.4\.2/jinstall-1_4-windows-i586\.cab#Version=1,4,0,0'\n    WIDTH = (\d+) HEIGHT = (\d+) >\n| p/Axeda Desktop Viewer/ i/Resolution $1x$2/
# looks like rebranded TightVNC
match vnc-http m|^HTTP/1\.0 200 OK.*<!-- index\.vnc - default html page for Java VNC viewer applet\.  On any file\n     ending in \.vnc, the HTTP server embedded in Xvnc will substitute the\n     following variables when preceded by a dollar: USER, DESKTOP, DISPLAY,.*<TITLE>\n(\w+)'s Android desktop.*<APPLET CODE=VncViewer\.class ARCHIVE=java-applet/VncViewer\.jar\n        WIDTH=(\d+) HEIGHT=(\d+)>\n<param name=PORT value=(\d+)>|s p/Droid VNC Server/ v/1.1RC0/ i/user: $1; resolution: $2x$3; VNC TCP port: $4/
match vnc-http m|^HTTP/1\.0 200 OK\nContent-Type: text/html\nContent-Length: \d+\nConnection: close\n\n\n<HTML><HEAD><TITLE>Remote Desktop</TITLE></HEAD>\n<BODY>\n<APPLET CODE="com\.tigervnc\.vncviewer\.VncViewer" ARCHIVE="VncViewer\.jar"| p/TigerVNC/ cpe:/a:tigervnc:tigervnc/

match vzagent m|^<packet xmlns:xsi=\"http://www\.w3\.org/2001/XMLSchema-instance\" id=\"0\" priority=\"0\" version=\"([\d.]+)\">\n<origin>[\w._-]+</origin>\n<target>agent</target>\n<data>\n<ok/>\n<eid>[\w._-]+</eid>\n</data>\n</packet>\n\0| p/Parallels Virtuozzo Agent/ i/protocol $1/

match ripbot m|^200 Welcome\r\n400-Unknown Command\r\n400 GET / HTTP/1\.0\r\n$| p/RipBot video encoding server/

match xml-rpc m|^HTTP/1\.0 400 Bad Request\r\nServer: Apache XML-RPC (\d[-.\w ]+)\r\n\r\nMethod GET not implemented \(try POST\)$| p/Apache XML-RPC/ v/$1/
match xml-rpc m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: XMLRPC_ABYSS/Xmlrpc-c ([\w._-]+)\r\n|s p/ABYSS httpd/ i/Xmlrpc-c $1/
match xml-rpc m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: XMLRPC_ABYSS/([\w._-]+)\r\n|s p/ABYSS httpd/ i/Xmlrpc-c $1/
match xml-rpc m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Xmlrpc-c_Abyss/([\w._-]+)\r\n|s p/ABYSS httpd/ i/Xmlrpc-c $1/
match xml-rpc m|^HTTP/1\.1 404 Not Found\r\nServer: Atheme/([\w._-]+)\r\nContent-Type: text/plain\r\nContent-Length: 24\r\n\r\nHTTP/1\.1 404 Not Found\r\n| p/Atheme IRC Services/ v/$1/ cpe:/a:atheme:atheme:$1/

# Kerio MailServer
match http m|^HTTP/1\.[01] 302 Redirected\r\nConnection: close\r\nContent-Length: 0\r\nLocation: /login\r\n\r\n$| p/Kerio MailServer Webmail/
match http m|^HTTP/1\.1 302 Found\r\nConnection: Close\r\nContent-Length: 0\r\nContent-type: text/html\r\nDate: .*\r\nLocation: https?:///webmail/login/\r\nX-UA-Compatible: IE=8\r\n\r\n| p/Kerio MailServer Webmail/
match http m|^HTTP/1\.[01] (?:[^\r\n]*\r\n(?!\r\n))*?Server: Kerio MailServer ([\d.]+)\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: PHP/([\d.]+)\r\n|s p/Kerio MailServer Webmail/ v/$1/ i/PHP $2/ cpe:/a:php:php:$2/
match http m|^HTTP/1\.[01] (?:[^\r\n]*\r\n(?!\r\n))*?Server: Kerio MailServer ([\d.]+)\r\n|s p/Kerio MailServer Webmail/ v/$1/
match http m|^HTTP/1\.1 302 Found\r\nConnection: Close\r\nContent-Length: 0\r\n(?:[^\r\n]+\r\n)*?Location: https?:///([\w._-]+)/login\.php\r\nServer: Kerio MailServer ([^\r\n]+)\r\n\r\n$|s p/Kerio MailServer Webmail/ v/$2/ h/$1/
match http m|^HTTP/1\.1 302 Redirected\r\nConnection: close\r\nContent-Length: 0\r\nLocation: /login\r\n\r\n$| p/Kerio MailServer Webmail/

match http m|^HTTP/1\.0\x20250\x20Ok\r\n.*<title>PowerMTA monitoring</title>|s p/Port25 PowerMTA web monitor/

# Dell OpenManage Version 3.5.0 on MS Windows 2000 server / PowerEdge 6400/700
match http m|^HTTP/1\.1 200 OK\r\nConnection: Close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<html>\r\n    <head>\r\n        <script language=\"javascript\">\r\n\t\t\t\t\tif| p/Dell PowerEdge OpenManage Server Administrator httpd admin/ o/Windows/ cpe:/a:dell:openmanage_server_administrator/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html; charset=UTF-8\r\n(?:[^\r\n]+\r\n)*?\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\n<html>\n<head>\n<META http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n<title>Open Manage&trade;</title>\n|s p/Dell PowerEdge OpenManage Server Administrator httpd admin/ o/Windows/ cpe:/a:dell:openmanage_server_administrator/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html; charset=UTF-8\r\n(?:[^\r\n]+\r\n)*?\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r\n<html>\r\n<head>\r\n<META http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n<title>Open Manage&trade;</title>\r\n|s p/Dell PowerEdge OpenManage Server Administrator httpd admin/ o/Windows/ cpe:/a:dell:openmanage_server_administrator/ cpe:/o:microsoft:windows/a
# OpenManage version 5.2; these have to match on Javascript which kinda sucks...
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<html>.*QueryString\.keys\[QueryString\.keys\.length\] = argname;|s p/Dell PowerEdge OpenManage Server Administrator httpd/ o/Windows/ cpe:/a:dell:openmanage_server_administrator/ cpe:/o:microsoft:windows/a
match http m|HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<html>.*for \(var i = 0; i < QueryString\.keys\.length; i\+\+\) {\n|s p/Dell PowerEdge OpenManage Server Administrator httpd/ o/Windows/ cpe:/a:dell:openmanage_server_administrator/ cpe:/o:microsoft:windows/a

# ASPI server (www.aspi.cz) on Solaris 6666/tcp
match aspi m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nServer: ByllSoftware Gurda/([\d.]+)\r\n| p/ASPI server/ v/$1/ o/Solaris/ cpe:/o:sun:sunos/a
match sunscreen-adm m|^\x01\0\0\0\0\0\0\0T\x03\0\0\0\0\0\x01\x1e\0\0\0\0\0\0;\0\0\0\0\0\0\0\0Error: incompatible with administration server \(version (\d[-.\w ]*)\)\nc\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\0$| p/SunScreen Remote Administration server/ v/$1/

# PopChartServer
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: PopChartServer ([\d.]+)\r\n|s p/PopChart Pro/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: CordaServer \(PopChartServer compatible\) ([\d.]+)\r\n|s p/CordaServer/ v/$1/

match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WebSTAR/([\d.]+) ID/\d+\r\n|s p/WebSTAR/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: INEOQUEST/([\d.]+)\r\nConnection: close\r\nSet-Cookie:|s p/IneoQuest Video Diagnostic HTTP/ v/$1/

match honeypot m|^HTTP/1\.0 401 Unauthorized\r\n\r\n<BODY><HTML><H1>401 - Authorization Failed</H1></HTML></BODY>\0| p/Network Flight Recorder BackOfficer Friendly http honeypot/
match honeypot m|^\r\nHTTP/1\.1 404 Not Found\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 36\r\nServer: IIS 5\.0\r\n\r\nErro\. URL n\xe3o encontrada no servidor| p/Valhalla honeypot/

# Maybe too specific?
match ilo-vm m|^#\0\x04\0$| p/HP Integrated Lights-Out Virtual Media/ cpe:/h:hp:integrated_lights-out/

# curl -k -H "X-Iota-API-Version: 1" -d '{"command":"getNodeInfo"}'
match iota-api m|^HTTP/1\.0 400 Bad Request\r\nConnection: close\r\nAccess-Control-Allow-Origin: \*\r\nKeep-Alive: timeout=500, max=100\r\nContent-Type: application/json\r\nContent-Length: 44\r\nDate: .*\r\n\r\n\{"error":"Invalid API Version","duration":0\}| p/IOTA Node API/

match remoting m|^\.NET\x01\0\x02\0\0\0\0\0\0\0\x02\0\x03\x01\0\x03\0\x01\x01..\0\0Server encountered an internal error\. To get more info turn on customErrors in the server's config file\.\x05\0\0\0\0|s p/MS .NET Remoting services/ cpe:/a:microsoft:.net_framework/
match remoting m|^\.NET\x01\0\x02\0\0\0\0\0\0\0\x02\0\x03\x01\0\x03\0\x01\x01..\0\0System\.Runtime\.Remoting\.RemotingException: Tcp channel protocol violation: expecting preamble\.\r\n|s p/MS .NET Remoting services/ cpe:/a:microsoft:.net_framework/

# Version 3.2.0
match wbem m|^HTTP/1\.0 405 Method not allowed: Method not allowed by server: GET\r\nDate: .*\r\nCache-Control: no-cache\r\nServer: / \(CIMOM\)\r\nContent-Length: 0\r\n\r\n| p/OpenWBEM/

match webdav m|^HTTP/1\.0 302 Found\r\nConnection: Close\r\nDate: .*\r\nLocation: /ui/core/index\.html\r\n\r\n$| p/Tonido WebDAV/
match webdav m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?nEtag: -?\d+_-?\d+\r\nContent-Length: \d+\r\nDate: [^\r\n]+ GMT\+00:00\r\n\r\n<html><head><script type=\"text/javascript\" language=\"javascript1\.1\">\n    var fNewDoc = false;\n  </script>\n  <script LANGUAGE=\"VBSCRIPT\">\n|s p/The Olive Tree WebDAV Server/ o/Android/ cpe:/a:theolivetree:webdavserver/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
match webdav m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WsgiDAV/(\d[\w._-]*) CherryPy/(\d[\w._-]+) Python/(\d[\w._-]+)\r\n|s p/WsgiDAV/ v/$1/ i/CherryPy $2; Python $3/ cpe:/a:cherrypy:cherrypy:$2/ cpe:/a:martin_wendt:wsgidav:$1/ cpe:/a:python:python:$3/

match websocket m|^HTTP/1\.1 200 OK\r\n(?:Date: .*\r\n)?Connection: close\r\n\r\nWelcome to socket\.io\.| p/socket.io/
match websocket m|^HTTP/1\.1 200 OK\r\ncontent-type: text/plain; charset=UTF-8\r\nDate: .*\r\nConnection: close\r\n\r\nWelcome to SockJS!\n| p/SockJS/
match websocket m|^HTTP/1\.0 426 Upgrade Required\r\nX-Supported-WebSocket-Versions: ([\d, ]+)\r\nServer: OverSIP/([\w._-]+)\r\n\r\n| p/OverSIP/ v/$2/ i/WebSocket versions: $1/
# Version: 10.0.5.7
match websocket m|^HTTP/1\.1 400 Bad Request\r\nUpgrade: WebSocket\r\nConnection: Upgrade\r\nSec-WebSocket-Version: 8, 13\r\n\r\n$| p/DeskCenter WorkerService/ i/WebSocket versions: 8, 13/ cpe:/a:deskcenter:deskcenter_management_suite/
match websocket m|^HTTP/1\.1 426 Upgrade Required\r\nContent-Length: 16\r\nContent-Type: text/plain\r\nDate: .* GMT\r\nConnection: close\r\n\r\nUpgrade Required$| p/Ogar agar.io server/ cpe:/a:devin_ryan:ogar/
match websocket m|^HTTP/1\.0 404 Not Found\r\nserver: libwebsockets\r\ncontent-type: text/html\r\n\r\n<html><body><h1>404</h1></body></html>| p/libwebsockets/ cpe:/a:lws-team:libwebsockets/
match websocket m|^HTTP/1\.0 200 \r\nserver: libwebsockets\r\ncontent-type| p/libwebsockets/ cpe:/a:lws-team:libwebsockets/
match websocket m|^HTTP/1\.1 400 Bad Request\r\n\r\nnot a WebSocket handshake request: missing upgrade| p/Neo4j Bolt protocol/ cpe:/a:neo4j:neo4j/
match websocket m|^HTTP/1\.1 [24]00(?: OK)?\r\n.* GMT\r\nUser-Agent: LOOLWSD WOPI Agent\r\n| p/LibreOffice Online WebSocket server/ cpe:/a:libreoffice:libreoffice/
match websocket m|^HTTP/1\.1 400 HTTP Host header missing in opening handshake request\r\n\r\n| p/Autobahn WAMP server/ cpe:/a:crossbario:autobahn/
match websocket m|^HTTP/1\.1 404 WebSocket Upgrade Failure\r\nContent-Type: text/html\nServer: TooTallNate Java-WebSocket\r\n| p/Java-WebSocket/ cpe:/a:tootallnate:java-websocket/
softmatch websocket m|^HTTP/1\.1 101 Web Socket Protocol Handshake\r\n|
softmatch websocket m|^HTTP/1\.1 400 Bad Request\r\n(?:[^\r\n]+\r\n)*?Sec-WebSocket-Version: (\d+)\r\n|s i/WebSocket version: $1/

match whois m|^Process query: 'GET  HTTP1\.0'\n\n\nNo lookup service available for your query 'GET  HTTP1\.0'\.\ngwhois remarks: If this is a valid domainname or handle, please file a bug report\.\n\n\n\n\n-- \n  To resolve one of the above handles:   OTOH offical handles should be recognised directly\.\n  Please report errors or misfits via the debian bug tracking system\.\n$| p/gwhois/
match whois m|^\n\r\nJava Whois Server ([\w._-]+)    \(c\) \d+ - \d+ Klaus Zerwes zero-sys\.net\r\n\n| p/Java Whois Server/ v/$1/
match whois m|^This is JWhoisServer serving ccTLD ([\w._-]+)\r\nJava Whois Server ([\w._-]+)    \(c\) \d+ - \d+ Klaus Zerwes zero-sys\.net\r\n| p/Java Whois Server/ v/$2/ i/serving ccTLD $1/

match winagents-hyperconf m|^ROSC: Invalid connection string$| p/WinAgents HyperConf configuration management/ o/Windows/ cpe:/o:microsoft:windows/a

# Also callbook?
match winbox m|^\x01\0\0\0\x02\0\0| p/MikroTik WinBox management console/

# Version 2.1.0
match wsman m|^HTTP/1\.1 501 Method Not Implemented\r\n\r\n501 Method Not Implemented| p/Openwsman/
match ws-discovery m|^HTTP/1\.1 400 Bad Request$| p/Ricoh WS Discovery/ d/printer/

match xmpp m|^</stream:stream>$| p/Wildfire XMPP Client/
match xmpp m|^Use XMPP$| p/Trixbox HUD xmpp/ cpe:/a:fonality:hud/

match printer m|^An lpd test connection was completed successfully\r\n|s p/Lexmark lpd service/ d/printer/
match printer m|^Invalid protocol request \(71\): GGET / HTTP/1\.0\r\n\n$| p/Sun Solaris lpd/ o/Solaris/ cpe:/o:sun:sunos/a

# Västgöta-Data, but not sure how to encode those characters for CPE.
match zftp-admin m|^220 \.\r\n500 ' / HTTP/1\.0': command not understood\.\r\n| p/zFTPServer admin/ o/Windows/ cpe:/a:vaestgoeta-data:zftpserver/ cpe:/o:microsoft:windows/a
match zftp-admin m|^220 \.\r\n500 'GET / HTTP/1\.0': command not understood\.\r\n| p/zFTPServer admin/ o/Windows/ cpe:/a:vaestgoeta-data:zftpserver/ cpe:/o:microsoft:windows/a


match mmouse m|^HTTP/1\.0\x20200\x20OK\x20\n\x20Server:\x20Mobile\x20Air\x20Mouse\x20Server\x20\n\x20Content-Type:\x20text/html\x20\n\x20Content-Length:\x20344\n\n<HTML><HEAD><TITLE>Success!</TITLE><meta\x20name=\"viewport\"\x20content=\"width=device-width,user-scalable=no\"\x20/></HEAD><BODY\x20BGCOLOR=#000000><br><br><p\x20style=\"font:12pt\x20arial,geneva,sans-serif;\x20text-align:center;\x20color:green;\x20font-weight:bold;\"\x20>The\x20Mobile\x20Air\x20Mouse\x20server\x20running\x20on\x20\"([^\"]*)\"\x20was\x20able\x20to\x20receive\x20your\x20request\.</p></BODY></HTML>$| p/Mobile Air Mouse/ i/server name: $1/

softmatch rtsp m|^RTSP/1.0 .*\r\n|

# Know the device, but not the service. Port 515.
# match unknown m|^\x02| p/Conceptronics CPSERVU print server/ d/print server/

# Alert (Level: Fatal, Description: Protocol Version|Handshake Failure)
match ssl m|^\x15\x03[\x00-\x04]\0\x02\x02[F\x28]|

# These are pretty general, so keep at the end.
# "bad" values chosen to avoid matching SSL
match msdtc m|^[^\x15\x16][^\x03].\0..$|s p/Microsoft Distributed Transaction Coordinator/ o/Windows/ cpe:/o:microsoft:windows/a
match msdtc m|^..\x0a\0x\x01$|s p/Microsoft Distributed Transaction Coordinator/ o/Windows/ cpe:/o:microsoft:windows/a
match msdtc m|^ERROR\n$|s p/Microsoft Distributed Transaction Coordinator/ i/error/ o/Windows/ cpe:/o:microsoft:windows/a

# Place hard matched Apache banners above this line
# (?!400) prevents matching 400 error, which can be result of SSL-only listener
softmatch http m|^HTTP/1\.[01] (?!400)\d\d\d.*\r\nDate: .*\r\nServer: Apache ([^\r\n]+)\r\n| p/Apache httpd/ i/$1/ cpe:/a:apache:http_server/

match http m|^HTTP/1\.1 \d\d\d \w+\r\ncontent-type: application/json\r\ncontent-length: \d+\r\n\r\n{\n  \"ok\" : \w+,\n  \"status\" : \d+,\n  \"name\" : \"[^\"]+\",\n  \"cluster_name\" : \"([^\"]+)\",\n  \"version\" : {\n    \"number\" : \"([\d.]+)\",\n    \"build_hash\" : \"[^\"]+\",\n    \"build_timestamp\" : \"[^\"]+\",\n    \"build_snapshot\" : \w+,\n    \"lucene_version\" : \"([\d.]+)\"\n  }\n}\n$|s p/Crate.io CrateDB/ v/$2/ i/Cluster name: $1, Lucene version: $3/

##############################NEXT PROBE##############################
Probe TCP HTTPOptions q|OPTIONS / HTTP/1.0\r\n\r\n|
rarity 4
ports 80-85,2301,631,641,3128,5232,6000,8080,8888,9999,10000,10031,37435,49400
sslports 443,4443,8443
fallback GetRequest

match apollo-server m=^0000000001(?:3C|C0)0000$= p/Apollo Server database access/

match caldav m|^HTTP/1\.1 200 OK\r\nServer: DavMail Gateway ([\w._-]+)\r\nDAV: 1, calendar-access, calendar-schedule, calendarserver-private-events, addressbook\r\n| p/DavMail CalDAV http gateway/ v/$1/ d/proxy server/

# IRIX 6.5.18f Distributed GL Daemon dgld
match dgld m|^OPTI$| p/IRIX Distributed GL Daemon/ o/IRIX/ cpe:/o:sgi:irix/a

match docker m|^HTTP/1\.0 200 OK\r\nApi-Version: ([\d.]+)\r\nDocker-Experimental: false\r\nOstype: (.+)\r\nServer: Docker/(\d[\w.-]*) \(.*\)\r\nDate: .*\r\nContent-Length: 0\r\n\r\n| p/Docker remote API/ v/$3/ i/API $1/ o/$2/ cpe:/a:docker:docker:$3/
match ets2 m|^\xff\xfe\\\0n\0e\0w\0f\0r\0e\0i\0g\0h\0t\0 \0E\0u\0r\0o\0 \0T\0r\0u\0c\0k\0 \0S\0i\0m\0u\0l\0a\0t\0o\0r\0 \x002\0;([^;]+);| p/newfreight Euro Truck Simulator 2/ i/level: $P(1)/ cpe:/a:scs_software:euro_truck_simulator_2/
# Webmaster Conferenceroom 1.8.9.1 IRC Server
match irc m|(^:[-.\w]+) 421 \* OPTIONS :Unknown command\r\n| p/Webmaster Conferenceroom IRC server/ h/$1/

# Seems sometimes CUPS doesn't respond to GET
match ipp m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CUPS/([-\w_.]+)|s p/CUPS/ v/$1/ cpe:/a:apple:cups:$1/

#  cgi-httpd from shttpd-0.53 on FreeBSD
match http m|^HTTP/1\.0 501 method not implemented\r\nServer: cgi-httpd\r\n| p/shttpd cgi-httpd/

match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: WebSphere Application Server/(.+)\r\n| p/IBM WebSphere Application Server/ v/$1/ cpe:/a:ibm:websphere_application_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle HTTP Server Powered by Apache\r\n|s p/Oracle HTTP Server Powered by Apache/ cpe:/a:oracle:http_server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: webfs/(\d[-.\w]+)\r\n| p/WebFS httpd/ v/$1/

match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Microsoft-IIS/([\d.]+)\r\n|s p/Microsoft IIS httpd/ v/$1/ o/Windows/ cpe:/a:microsoft:internet_information_services:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 503 Service Unavailable\r\nContent-Type: text/html\r\nDate: .*\r\nConnection: close\r\nContent-Length: 28\r\n\r\n<h1>Service Unavailable</h1>| p/Microsoft IIS httpd/ o/Windows/ cpe:/a:microsoft:internet_information_services/ cpe:/o:microsoft:windows/a

# A whole bunch of these.. All on win32
match http m|^HTTP/1\.0 510 Not Extended\r\nDate: .*\r\nServer: CompaqHTTPServer/([\d.]+)\r\n| p/Compaq Diagnostics httpd/ i/CompaqHTTPServer $1/ cpe:/a:hp:compaqhttpserver:$1/
# HP Linux System Management, PSP 7.30 on Linux 2.4
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nServer: CompaqHTTPServer/([\d.]+) HP System Management Homepage/([\d.]+)\r\n| p/HP System Management Homepage/ v/$2/ i/CompaqHTTPServer $1/ cpe:/a:hp:compaqhttpserver:$1/ cpe:/a:hp:system_management_homepage:$2/
match http m|^HTTP/1\.0 400 Ungueltige Anfrage\r\nServer: Web Sharing\r\n| p/Mac OS Personal Web Sharing/ i/German/ o/Mac OS/ cpe:/o:apple:mac_os/a
match http m|^HTTP/1\.1 405 Method Not Allowed\r\nContent-Type:text/html\r\n\r\n<HTML><HEAD><TITLE>Remote Insight</TITLE></HEAD><BODY>\r\n<H1>Request Error</H1>\r\nHTTP/1\.1 405 Method Not Allowed\r\n</BODY></HTML>\r\n| p|HP/Compaq Integrated Lights-Out http config| d/remote management/ cpe:/h:hp:integrated_lights-out/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: Web Sharing\r\nContent-type: text/html\r\n\r\n<HTML><TITLE>400 Bad Request</TITLE>The URL you requested could not be understood by the server\.  Do not include double slashes or colon characters in the URL\.</HTML>\r\n\r\n| p/Apple Personal Websharing httpd/ o/Mac OS/ cpe:/o:apple:mac_os/a
match http m|^Command Not Reconized\r\n$| p/Microsiga httpd/
match http m|^HTTP/1\.0 405 Method Not Allowed\r\nAllow: GET, HEAD, POST, PUT\r\n\r\n$| p/Lexmark printer http config/ d/printer/
match http m|^HTTP/1\.0 405-metode ikke tillatt\r\nTillatt: GET, HEAD, POST, PUT\r\n\r\n$| p/Lexmark printer http config/ i/Norwegian/ d/printer/
match http m|^HTTP/1\.1 500 \( Die Anforderung wurde vom HTTP-Filter zur\xc3\xbcckgewiesen\. Wenden Sie sich an den ISA Server-Administrator\.  \)\r\n| p/Microsoft ISA server httpd/ i/German/ o/Windows/ cpe:/a:microsoft:isa_server::::de/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\nServer: GemtekBalticHTTPD/(.*)\n| p/Gemtek Systems GemtekBalticHTTPD/ v/$1/
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"TiVo-web\"\r\nConnection: close\r\n\r\n| p/TiVoWebPlus Project httpd/ d/media device/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ELMO Web Server\r\n.*<TITLE>HV-([\w+/-]+)</TITLE>\r\n|s p/ELMO $1 Visual Presenter http config/ d/media device/
match http m|^HTTP/1\.0 501 Not Implemented\r\nServer: HTTPD/[\d.]+\r\n.*<a href=\"/\">Return to Web Management</a>.*<A HREF=\"http://www\.juniper\.net/support/\">HTTPD release ([-\w_.]+) built by|s p/Juniper router http config/ i/HTTPD $1/ d/router/
match http m|^HTTP/1\.1 404 Not found\r\nServer: BadBlue/([\d.]+)\r\n| p/BadBlue httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 501 Not Implemented\r\nServer: httpd/1\.00\r\nCache-Control: no-cache\r\nExpires: 0\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>501 Not Implemented</TITLE></HEAD>\n<BODY><H2>501 Not Implemented</H2>\nThe requested method 'OPTIONS' is not implemented by this server\.\n<HR>\n<I>httpd/1\.00</I></BODY></HTML>\n$| p|Packeteer PacketShaper 4500/ISP httpd|
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: SkyX HTTPS ([^\r\n]+)\r\n| p/Packeteer SkyX Accellerator/ v/$1/
match http m|^HTTP/1\.0 501 Not Implemented\r\nDate: .*<H1>501 Not Implemented</H1>\nPOST to non-script is not supported in Boa\.\n</BODY></HTML>\n|s p/Boa httpd/ cpe:/a:boa:boa/
match http m|^HTTP/1\.1 501 Not Implemented\r\nDate: .*\r\nServer: HTTPsrv\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\n\r\n<HTML><HEAD><TITLE>501 Not Implemented</TITLE></HEAD>\n<BODY><H1>501 Not Implemented</H1>\nPOST to non-script is not supported\.\n</BODY></HTML>\n$| p/Boa httpd/ i/Mega System Technologies NetProbe Lite environmental sensor/ d/specialized/ cpe:/a:boa:boa/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Oracle-Application-Server-11g\r\nAllow: GET,HEAD,POST,OPTIONS\r\nContent-Length: 0\r\n|s p/Oracle Application Server 11g httpd/ cpe:/a:oracle:application_server:11g/

# HP JetDirect Card in a LaserJet printer
match http m|^HTTP/1\.1 501 Unknown or unimplemented http action\r\nMIME-Version: 1\.0\r\nServer: HP-ChaiServer/([\d.]+)\r\nContent-length: \d+\r\nContent-Type: text/html\r\n\r\n<TITLE>Request Not Implemented</TITLE><P><B>Cannot process request, not implemented at server\.</B></P><P>Unknown or unimplemented http action| p/HP JetDirect Card in a LaserJet printer/ i/HP-ChaiServer Embedded VM $1/ d/printer/
match http m|^HTTP/1\.0 501 Not Implemented\r\nServer: Waveplus HTTPD\r\n|s p/Waveplus HTTPD/ i/Thomson TG508 DSL router/ d/broadband router/ cpe:/h:thomson:tg508/a

# Zero One Technology ( http://www.01tech.com/ ) print servers embedded HTTP service
match http m|^HTTP/1\.0 501 Not Implemented\r\nDate: .*\r\nMIME-version: 1\.0\r?\nServer: ZOT-PS-(\d+)/([\w._-]+)\r?\n| p/Zero One Technology $1 httpd/ v/$2/ d/print server/ cpe:/h:zero_one_tech:$1/

match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: micro_httpd\r\n| p/micro_httpd/ cpe:/a:acme:micro_httpd/
# github.com/xen-org/xen-api-libs.git
match http m|^HTTP/1\.0 500 Internal Error\r\nConnection: close\r\nCache-Control: no-cache, no-store\r\n\r\n<html><body><h1>Internal Server Error</h1>Failure\(&quot;No handler table for HTTP method Unknown OPTIONS&quot;\)</body></html>$| p/Citrix Xen Simple HTTP Server/
match http m|^HTTP/1\.1 302 Found\r\nDate: \w\w\w \w\w\w \d\d \d\d:\d\d:\d\d \d\d\d\d\n GMT\r\nServer: VCS-VideoJet-Webserver\r\nLocation: http://[\w._-]+/xampp/\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\n\r\n|s p/VCS-VideoJet-Webserver httpd/ i/Bosch VIP X1 video encoder http config/ d/webcam/
match http m|^HTTP/1\.0 501 Not Implemented\r\nServer: mini_httpd ([^\r\n]+)\r\n(?:[^\r\n]+\r\n)*?Cache-Control: no-cache,no-store\r\nContent-Type: text/html; charset=%s\r\nConnection: close\r\n|s p/mini_httpd/ v/$1/ cpe:/a:acme:mini_httpd:$1/
match http m|^HTTP/1\.1 501 Not Implemented\r\nServer: mini_httpd/([^\r\n]+)\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nContent-Type: text/html; charset=[\w_-]+\r\nContent-Length: \d+\r\nConnection: close\r\n\r\n| p/mini_httpd/ v/$1/ cpe:/a:acme:mini_httpd:$1/
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: keyreporter/([\w._-]+)\r\nConnection: Close\r\nContent-Type: text/plain\r\nContent-Length: 20\r\n.*URL is malformatted\n$|s p/Sassafras KeyReporter http interface/ v/$1/
match http m|^HTTP/1\.1 403 Forbidden\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html;charset=[\w._-]+\r\nContent-Language: ([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Server: Hidden\r\n\r\n<html><head><title>Apache Tomcat/([\w._-]+) - Error report</title>|s p/Symantec Endpoint Protection Manager http config/ i/Apache Tomcat $2; $1/ d/firewall/ cpe:/a:apache:tomcat:$2/ cpe:/a:symantec:endpoint_protection_manager/
match http m|^HTTP/1\.1 403 Forbidden\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html;charset=[\w._-]+\r\n(?:[^\r\n]+\r\n)*?Server: Hidden\r\n\r\n<html><head><title>Apache Tomcat/([\w._-]+) - Error report</title>|s p/Symantec Endpoint Protection Manager http config/ i/Apache Tomcat $1/ d/firewall/ cpe:/a:apache:tomcat:$1/
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 50\r\n\r\n<HTML><BODY><H1>400 Bad Request</H1></BODY></HTML>$| p/VMware Server http config/ cpe:/a:vmware:server/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?X-Runtime: 2\r\n.*<title>Metasploit Framework Web Console ([\w._-]+)</title>\n|s p/Metasploit Framework web console/ v/$1/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 59\r\nConnection: close\r\n\r\nError 400: Bad Request\nCannot parse HTTP request: \[OPTIONS\]$| p/Mongoose httpd/ cpe:/a:cesanta:mongoose/
match http m|^HTTP/1\.1 200 OK\r\nAllow: GET, POST, HEAD, CONNECT, PUT, DELETE, OPTIONS\r\nDAV: 1\r\n\r\n$| p/Mongoose httpd/ v/3.7/ cpe:/a:cesanta:mongoose:3.7/
match http m|^HTTP/1\.0 501 Not Implemented\r\nConnection: close\r\nServer: Android Webcam Server v([\w._-]+)\r\n| p/IP Webcam/ v/$1/ i/Android phone/ d/phone/ o/Android/ cpe:/o:google:android/
match http m|^HTTP/1\.1 404 OK\r\nContent-Length: 0\r\nConnection: Keep-Alive\r\nWWW-Authenticate: Basic realm=\"/\"\r\nContent-Type: text/html; charset=UTF-8\r\nCache-Control: max-age=3600, must-revalidate\r\nEXT: UCoS, UPnP/1\.0, UDI/1\.0\r\nLast-Modified: .*\r\n\r\n| p/Universal Devices Insteon home automation http config/ d/specialized/ o/uCOS/ cpe:/o:universal_devices:ucos/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: \d+\r\n\r\n\n\n<!DOCTYPE html>\n<html>\n\t<head>\n\t\t<title>Action not found</title>\n\t\t<link rel=\"shortcut icon\" href=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAlFJREFUeNqUU8tOFEEUPVVdNV3dPe8xYRBnjGhmBgKjKzCIiQvBoIaNbly5Z\+PSv3Aj7DSiP2B0rwkLGVdGgxITSCRIJGSMEQWZR3eVt5sEFBgTb/dN1yvnnHtPNTPG4PqdHgCMXnPRSZrpSuH8vUJu4DE4rYHDGAZDX62BZttHqTiIayM3gGiXQsgYLEvATaqxU\+| p/Graylog2 httpd/ cpe:/a:graylog:graylog2/
match http m|^HTTP/1\.1 405 Method Not Allowed\r\nServer: NetQoS-HTTPd/1\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\n| p/CA NetQoS ReporterAnalyzer/
match http m|^HTTP/1\.1 501 Not Implemented\r\n\r\nHTTP method/URL unsupported: OPTIONS| p/DirecTV Genie/

match kmldonkey m|^HTTP/1\.1 400 Bad Request\r\nServer: KMLDonkey/(\d\S+)| p/KMLDonkey/ v/$1/

# webmin version 1.090 on Mandrake 8.2 - not sure why it's not picked up by the getreq probe
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: MiniServ/([\d.]+)\r\n.*\r\n<h1>Error - Bad Request</h1>\n|s p/MiniServ/ v/$1/ i/Webmin httpd/
match http m|^HTTP/1\.1 400 Page not found\r\nServer: GoAhead-Webs\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\n<html><head><title>Document Error: Page not found</title></head>| p/GoAhead WebServer/ i/WAP http config/ d/WAP/ cpe:/a:goahead:goahead_webserver/

match http m|^HTTP/1\.0 200 Ok\r\nCseq: 0\r\nServer: VLC Server\r\nPublic: DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE\r\nContent-Length: 0\r\n\r\n| p/VLC HTTP streamer/ cpe:/a:videolan:vlc_media_player/

match http m|^ 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\n.*<B>The request is not Implemented\.</B>|s p/Dell 1815dn printer http config/ d/printer/ cpe:/h:dell:1815dn/a
match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\n\r\n<html><head><title>404 Not Found</title></head>\r\n<body><h1>Not Found</h1>The requested URL / was not found on this server\.<p>\r\n</body></html>\r\n$| p/Mono XSP httpd/ cpe:/a:mono:xsp/
match http m|^HTTP/1\.1 302 Found\r\nLocation: https?:///home\.htm\r\nContent-Length: 0\r\nWebServer:\r\n\r\n$| p/APC SmartUPS http config/ d/power-device/
match http m|^HTTP/1\.0 400\r\nContent-Type: text/html\r\n\r\n<hr><pre><font size=\+2><b>\nError\. Unsupported method\.\n</b></font>| p/Small Home Server httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>400 Bad Request \(ERR_INVALID_REQ\)</TITLE></HEAD><BODY><H1>400 Bad Request</H1><BR>ERR_INVALID_REQ<HR><B>AR7 Webserver</B>| p/AR7 embedded httpd/
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>400 Bad Request \(ERR_INVALID_REQ\)</TITLE></HEAD><BODY><H1>400 Bad Request</H1><BR>ERR_INVALID_REQ<HR><B>Webserver</B>| p/AVM FRITZ!Box WLAN 7170 WAP http config/ d/WAP/
match http m|^HTTP/[10]\.0 200 OK\nPragma: no-cache\nContent-Type: text/html; charset=iso-8859-1\nContent-Length: 63\n\n<html><body>ERROR ERR_INVALID_REQ<hr>Bad Request</body></html>\n| p/AVM FRITZ!Box 7300-series WAP http config/ d/WAP/

match http m|^HTTP/1\.1 404 Not Found\r\nServer: Cisco AWARE ([\w._-]+)\r\n| p/Cisco ASA AWARE http config/ v/$1/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\nPragma: no-cache\r\nx-responding-server: ([\w._-]+)\r\nX-dmUser: (.*)\r\nMS-Author-Via: DAV\r\n| p/CrushFTP DAV httpd/ i/User $2/ h/$1/ cpe:/a:crushftp:crushftp/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nLocation: /login\r\n\r\n$| p/Bizanga IMP Email http config/
match http m|^HTTP/1\.0 501 Not Implemented\t\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>Not Implemented</TITLE></HEAD><BODY><h3>Error: HTTP Method Not Implemented</h3></BODY></HTML>$| p/Check Point UTM-1 Edge X firewall or Zonealarm Z100G WAP http config/
match http m|^HTTP/1\.1 405 Method Not Allowed\r\nServer: Cassini/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?X-AspNet-Version: ([\w._-]+)\r\n.*<title>Runtime Error</title>\r\n        <style>\r\n         body {font-family:\"Verdana\";font-weight:normal;font-size: \.7em;color:black;}|s p/Cassini httpd/ v/$1/ i/Ateas Security webcam management httpd; ASP.NET $2/ o/Windows/ cpe:/a:microsoft:asp.net:$2/ cpe:/a:microsoft:cassini:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 302 \r\nLocation: ,\r\n\r\n$| p/BlackBox LWU0200-POE-M ethernet-optical bridge http config/ d/bridge/
match http m|^HTTP/1\.0 400 Bad Request \r\nContent-Type: text/plain\r\nContent-Length: \d+\r\n\r\n400 Bad Request Cannot parse request\r\n| p/GotoMeeting httpd/
match http m|^HTTP/1\.0 405 Method Not Allowed\r\nAllow: GET, HEAD, POST\r\nContent-Length: 0\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n$| p/Allegro RomPager/ v/$1/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 501 Not Implemented\r\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>501 Not Implemented</TITLE></HEAD>\n<BODY><H1>501 Not Implemented</H1>\nThe requested method is not recognized\n</BODY></HTML>\n$| p/BusyBox httpd/ v/1.13/ o/Linux/ cpe:/a:busybox:busybox:1.13/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 501 Not Implemented\r\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\n\r\n<HEAD><TITLE>501 Not Implemented</TITLE></HEAD>\n<BODY><H1>501 Not Implemented</H1>\nThe requested method is not recognized by this server\.\n</BODY>\n$| p/BusyBox httpd/ d/media device/ o/Linux/ cpe:/a:busybox:busybox/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 501 Not Implemented\r\nDate: .*\r\nConnection: close\r\nContent-type: text/html\r\n\r\n<HTML><HEAD><TITLE>501 Not Implemented</TITLE></HEAD>\n<BODY><H1>501 Not Implemented</H1>\nThe requested method is not recognized\n</BODY></HTML>\n$| p/BusyBox httpd/ o/Linux/ cpe:/a:busybox:busybox/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 501 Not Implemented\nContent-type: text/html\r\nDate: Wed, 01 Jul 2009 09:22:30 GMT\r\nConnection: close\r\n\r\n<HEAD><TITLE>501 Not Implemented</TITLE></HEAD>\n<BODY><H1>501 Not Implemented</H1>\nThe requested method is not recognized by this server\.\n</BODY>\n$| p/BusyBox http/ v/1.01/ o/Linux/ cpe:/a:busybox:busybox:1.01/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\nB\r\nBad Request\r\n0\r\n\r\n$| p/BusyBox http/ v/1.19.4/ o/Linux/ cpe:/a:busybox:busybox:1.19.4/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Length: 0\r\n\r\n$| p/Octoshape P2P streaming web service/
match http m|^UNKNOWN 501 Not Implemented\r\nServer: \r\n.*<BODY BGCOLOR=\"#cc9999\" TEXT=\"#000000\" LINK=\"#2020ff\" VLINK=\"#4040cc\">\n<H2>501 Not Implemented</H2>\nThe requested method 'OPTIONS' is not implemented by this server\.|s p/i3 micro or Linksys SPA400 VoIP gateway http config/ d/VoIP adapter/ cpe:/h:linksys:spa400/a
match http m|^HTTP/1\.1 501 Method Not Implemented\r\nServer: qhttpd\r\n| p/qhttpd/
match http m|^HTTP/1\.0 200 OK \r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<html><head><meta http-equiv=\"content-type\" content=\"text/html; charset=ISO-8859-1\"><title>DIRECTV HTTP server available options</title>| p/DirecTV satellite receiver http interface/ d/media device/
match http m|^HTTP/1\.1 405 Method Not Allowed\.\r\nContent-Type: application/json; charset=ISO-8859-1\r\nDate: .* GMT\r\nContent-Length: 142\r\nReason: Only HTTP GET or POST methods are supported\.\r\n\r\n{\"status\": {\n  \"code\": 405,\n  \"commandResult\": 1,\n  \"msg\": \"Method Not Allowed\.Only HTTP GET or POST methods are supported\.\",\n  \"query\": \"\"\n}}| p/DirecTV satellite receiver http interface/ d/media device/
match http m|^HTTP/1\.1 400 Page not found\r\nServer: GoAhead-Webs\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html; charset=iso-8859-1;\r\n\r\n<html><head><title>Document Error: Page not found</title></head>\r\n        <body><h2>Access Error: Page not found</h2>\r\n        <p>Bad request type</p></body></html>\r\n\r\n$| p/GoAhead WebServer/ i/Auerswald COMpact 5020 VoIP PBX/ d/PBX/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Apache/x\.x\.x \(Unix\) mod_ssl/x\.x\.x OpenSSL/([\w._-]+)\r\nContent-Length: 0\r\nAllow: GET, HEAD, POST, OPTIONS, TRACE\r\nConnection: close\r\n\r\n$|s p/Apache httpd/ i/Fastora NAS T2 NAS device; OpenSSL $1/ d/storage-misc/ o/FreeBSD/ cpe:/a:apache:http_server/ cpe:/a:openssl:openssl:$1/ cpe:/o:freebsd:freebsd/a
match http m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R([\d_]+)\r\nContent-Length: 0\r\nAllow: HEAD, GET, OPTIONS\r\n\r\n$| p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP LaserJet 2430 printer http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:laserjet_2430/a
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: 111\r\nContent-Type: text/xml\r\n.*<error xmlns=\"http://www\.slingbox\.com\"><code>ObjectNotFound</code><message>Resource Not Found</message></error>$|s p/Slingbox remote streaming httpd/
match http m|^HTTP/1\.1 405 Not Allowed\r\nContent-Type: text/html; charset=utf-8\r\n.*<head><title>405 Not Allowed</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>405 Not Allowed</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n|s p/nginx/ cpe:/a:igor_sysoev:nginx/
match http m|^HTTP/1\.1 405 Method Not Allowed\r\nPragma: no-cache\r\nConnection: close\r\nCache-Control: no-cache\r\n\r\n<html><head><title>Error</title></head><body>Error: 405 METHOD NOT ALLOWED</body></html>$| p/Canon imageRUNNER 1025i printer http config/ d/printer/ cpe:/h:canon:imagerunner_1025i/
match http m|^HTTP/1\.0 405 Method Not Allowed\r\nContent-Length: 87\r\nContent-Type: text/html; charset=UTF-8\r\nServer: TornadoServer/([\w._-]+)\r\n\r\n<html><title>405: Method Not Allowed</title><body>405: Method Not Allowed</body></html>$| p/Tornado httpd/ v/$1/ cpe:/a:tornadoweb:tornado:$1/a
# http://www.ibm.com/developerworks/systems/library/es-nweb/index.html
match http m|^<HTML><BODY><H1>nweb Web Server Sorry: Only simple GET operation supported OPTIONS / HTTP/1\.0\*\*\*\*</H1></BODY></HTML>\r\n| p/IBM nweb/ cpe:/a:ibm:nweb/
match http m|^HTTP/1\.0 501 Not Implemented\r\nServer: httpd_gargoyle/([\w._ -]+)\r\n| p/httpd_gargoyle/ v/$1/ i/Gargoyle WAP firmware/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\nDate: .* GMT\r\nServer:  \r\nAllow: GET,HEAD,POST,OPTIONS\r\nVary: Accept-Encoding\r\nContent-Length: 0\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n$| p/Apache httpd/ v/2.2.9/ cpe:/a:apache:http_server:2.2.9/
match http m|^HTTP/1\.0 405 Method Not Allowed\r\nContent-Length: 0\r\nConnection: close\r\nAllow: GET, POST\r\nContent-Type: text/html\r\n\r\n$| p|Siemens 315-2PN/DP programmable logic controller http admin| d/specialized/ cpe:|h:siemens:315-2pn/dp|
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Arecont Vision\"\r\n\r\n| p/Arecont Vision surveillance camera httpd/ d/webcam/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: \r\nContent-Type: text/html\r\nContent-Length: 57\r\n\r\nHTTP/1\.0 400 Bad Request: Invalid or unsupported method\r\n\r\n\r\n$| p|Alcatel/Thomson SpeedTouch ADSL http config| d/broadband router/
match http m|^HTTP/1\.1 501 Not Implemented\r\nDate: .* GMT\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 54\r\n\r\n<HTML><BODY><H1>501 Not Implemented</H1></BODY></HTML>$| p/VMware ESXi 4.1 Server httpd/ cpe:/o:vmware:esxi:4.1/
match http m|^HTTP/1\.0 405 Method Not Allowed\r\nServer: Membase Server ([\w.-]+)\r\nPragma:| p/Membase Admin httpd/ v/$1/
match http m|^HTTP/1\.0 405 Method Not Allowed\r\nServer: Couchbase Server ([\w.-]+)\r\nPragma:| p/Couchbase Admin httpd/ v/$1/
match http m|^HTTP/1\.0 501 Unsupported method \('OPTIONS'\)\r\nServer: BaseHTTP/([\w._-]+) Python/([\w._+-]+)\r\n| p/BaseHTTPServer/ v/$1/ i/Python $2/ cpe:/a:python:basehttpserver:$1/a cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 500 Internal Server Error\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 148\r\nDate: .* GMT\r\nConnection: close\r\n\r\n500 Internal Server Error\n\nThe server has either erred or is incapable of performing the requested operation\. \n\n 'NoneType' object is not iterable  $| p/Nicira bridge http admin/ d/bridge/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServer: \r\n\r\n<html><head><title>404 Not Found</title></head>\n<body><h1>404 Not Found</h1>\n/: <pre>This item has not been found</pre>\n<hr><address><a href=\"http://(BLACKBERRY-[\w._-]+):\d+/\">[\w._-]+:\d+</a></address>\n</body></html>\n$| p/BlackBerry PlayBook QConnDoor httpd/ h/$1/ cpe:/h:rim:blackberry_playbook_tablet/ cpe:/o:rim:blackberry_playbook_os:2.0/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Roteador Intelbras Wireless N 150Mbps\"\r\n| p/Intelbras router httpd/ d/WAP/
match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\nAllow: GET, HEAD, OPTIONS\r\nContent-Length: 0\r\n\r\n| p/Hiawatha httpd/
match http m|^HTTP/1\.1 404 Not Found\nDate: .*\nServer: Webserver \(Windows\)\nConnection: close\nContent-Type: text/html; charset=ISO-8859-1\nContent-Length: 79\n\n<h1>Wrong URL</h1><h3>The webpage your are trying to access does not exist</h3>| p/American Dynamics IP camera httpd/ d/webcam/
# Responds with this to anything containing "\r\n"
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"DMP\"\r\n\r\n| p/Cisco Digital Media Player/ d/media device/
# too general?
match http m|^HTTP/1\.1 405 Method Not Allowed\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 124\r\nConnection: close\r\n\r\n<html><head><title>405 Method Not Allowed</title></head><body><center><h1>405 Method Not Allowed</h1></center></body></html>| p/TP-LINK TD-W8968 http admin/ d/WAP/ cpe:/h:tp-link:td-w8968/a
match http m|^HTTP/1\.1 403 Forbidden\r\nPragma: No-cache\r\nCache-Control: no-cache\r\nExpires: .*? ([A-Z]+)\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer:  \r\n\r\n<html><head><title>Apache Tomcat/([\w._-]+) - Error report</title>| p/Apache Tomcat httpd/ v/$2/ i/timezone: $1/ cpe:/a:apache:tomcat:$2/
match http m|^HTTP/1\.0 501 Not Implemented\r\nDate: .*? UTC\r\nContent-type: text/html\r\nExpires: Thu, 16 Feb 1989 00:00:00 GMT\r\n\r\n<H1>501 Not Implemented</H1>\r\n\r\n\r\n| p/Cisco IOS httpd/ o/IOS/ cpe:/o:cisco:ios/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: \r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Max-Age: 86400\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nServer: nzbget-([\w._-]+)\r\n\r\n| p/NZBGet httpd/ v/$1/
match http m|^HTTP/1\.1 501 Not Implemented\r\nContent-Length: 0\r\nConnection: close\r\n\r\nHTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Securesphere Gateway Authentication\"\r\nContent-Length: 0\r\nConnection: close\r\nSet-Cookie: session_id=\d+; Path=/\r\n\r\n| p/Imperva SecureSphere WAF http admin/
match http m|^HTTP/1\.0 501 Unsupported method \('OPTIONS'\)\r\nServer: JiffyServer/([\w._-]+) Python/([\w._-]+)\r\nDate: .*\r\nContent-Type: text/html;charset=utf-8\r\nConnection: close\r\n\r\n| p/Jiffy secure messaging httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 405 Method not allowed\r\nCache-Control: no-cache\r\nConnection: close\r\nPragma: no-cache\r\nContent-Length: 8\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\n\r\nERROR=0\n| p/ACTi NVR3 httpd/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: GateOne\r\nX-Ua-Compatible: IE=edge\r\nAllow: HEAD,GET,POST,OPTIONS\r\nDate: .*\r\nAccess-Control-Allow-Origin: \*\r\nContent-Type: application/json; charset=UTF-8\r\n\r\n{\"applications\": \[([^]]+)\]|s p/Gate One http terminal emulator/ i/apps: $1/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Type: text/plain\r\nDate: .*\r\nConnection: close\r\n\r\nCannot OPTIONS /$| p/Express.js httpd/
match http m|^HTTP/1\.0 501 not implemented\r\nConnection: close\r\nContent-Length: 20\r\nAllow: GET,HEAD,POST\r\nCache-Control: max-age=0\r\nContent-Type: text/plain\r\nDate: .*\r\nExpires: .*\r\n\r\n501 not implemented\n| p/Bluesound Node http config/ d/media device/
match http m|^HTTP/1\.1 501 Not Implemented\r\nServer: WindWeb/([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<H1>Wind Manage Web Server Error Report:</H1>| p/Wind Manage httpd/ v/$1/ cpe:/a:windriver:wind_manage:$1/
match http m%^HTTP/1\.0 40(?:6 Not Acceptable|5 Method Not Allowed)\r\nContent-Length: 51\r\nContent-Security-Policy: default-src 'self' 'unsafe-inline'; img-src 'self' blob:; frame-ancestors 'self'\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Type: text/html; charset=utf-8\r\nDate: .*\r\n\r\n<html><body>HTTP Method not supported</body></html>% p/Greenbone Security Assistant/ cpe:/a:greenbone:greenbone_security_assistant/
match http m|^<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN" "http://www\.w3\.org/TR/html4/loose\.dtd">\r\n<html>\r\n<head>\r\n<link rel="shortcut icon" href="/images/favicon\.ico" type="image/x-icon">\r\n<title>WLC_Control - Error - 400</title>\r\n<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">\r\n\r\n<link rel="stylesheet" type="text/css" href="/css/login\.css">\r\n    </head><body  ><div class="header">\r\n<a href="http://www\.lancom-systems\.de"><img class="headerimg" src="/images/productsvg\.svg" alt="LANCOM Systems Homepage"></a><p class="headerp">LANCOM WLC-([\w._+-]+)</p>| p/Lancom WLAN Controller httpd/ i/model: WLC-$1/ cpe:/h:lancom:wlc-$1/
# ASUS RT-AC66U firmware uses the "httpd/2.0" SERVER_NAME
match http m|^HTTP/1\.0 501 Not Implemented\r\nServer: httpd/2\.0\r\nDate: .* GMT\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>501 Not Implemented</TITLE></HEAD>\n<BODY BGCOLOR="#cc9999"><H4>501 Not Implemented</H4>\nThat method is not implemented\.\n</BODY></HTML>\n| p/Acme milli_httpd/ v/2.0/ i/ASUS RT-AC-series router/ d/broadband router/ cpe:/a:acme:milli_httpd:2.0/
match http m|^HTTP/1\.1 501 Not Implemented\r\nConnection: close\r\n\r\n501 Not Implemented: Only GET and POST supported\r\n| p|Microchip Libraries of Applications TCP/IP Stack httpd| cpe:/a:microchip_technology_inc:mla/
match http m|^HTTP/1\.1 400 Page not found\r\nServer: Go[aA]head(?:-Webs)?/([\d.]+) PeerSec-MatrixSSL/(\d[\w.]+)-OPEN\r\n| p/GoAhead WebServer/ v/$1/ i/PeerSec MatrixSSL $2/ cpe:/a:goahead:goahead_webserver:$1/ cpe:/a:peersec:matrixssl:$2/
# Also works for GetRequest but may be too general there.
match http m|^HTTP/1\.1 200 OK\r\n(?:connection: .*\r\n)?(?:content-length: \d+\r\n)?content-type: text/html(?:; charset=UTF-8)?\r\n(?:transfer-encoding: .*\r\n)?\r\n| p/ocaml-cohttp/ cpe:/a:mirageos:ocaml-cohttp/
match http m|^HTTP/1\.1 200 OK\r\nServer: AvigilonOnvifNvt/([\d.]+)\r\n| p/Avigilon webcam ONVIF NVT/ v/$1/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nHTTP/1\.1\r\nServer: Loxone Miniserver ([\w._-]+)/([\d.]+) UPnP/([\d.]+)\r\n| p/Loxone Miniserver home automation httpd/ v/$2/ i/name: $1; UPnP $3/ d/specialized/
match http m|^HTTP/1\.0 204 \r\ncontent-type: text/html\r\ncontent-length: 0\r\n\r\n| p/Tablo Network TV tuner/ d/media device/
match http m|^HTTP/1\.1 501 Method Not Implemented\r\nContent-Type: text/plain\r\nContent-Length: 12\r\n\r\nError: 501\r\n| p/Televes CoaxData coax-to-Ethernet bridge/ d/bridge/

match http-proxy m|^HTTP/1\.1 503 Service Unavailable\r\ndate: .*\r\nconnection: close\r\n\r\n<html><body><pre><h1>Service unavailable</h1></pre></body></html>\n| p/HTTP Replicator proxy/
match http-proxy m|^HTTP/1\.1 400 Bad Request\r\n.*This is a WebSEAL error message template file\.|s p/IBM WebSEAL reverse http proxy/ d/proxy server/
match http-proxy m|^HTTP/1\.0 \d\d\d.*\r\nServer: B[iI][gG]-?IP\r\n|s p/F5 BIG-IP load balancer http proxy/ d/load balancer/
match http-proxy m|^HTTP/1\.1 200 OK\r.*\nAllow: GET,HEAD,POST,OPTIONS\r.*\nServer: Oracle-Application-Server-(\w+) Oracle-Web-Cache \(|s p/Oracle Web Cache http proxy/ v/$1/ cpe:/a:oracle:application_server_web_cache:$1/
match http-proxy m|^HTTP/1\.1 405 Method Not Allowed\r\nContent-Length: 1059\r\nContent-Type: text/html; charset=utf-8\r\n\r\n$| p/XX-Net web proxy tool/
match http-proxy m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nPragma: no-cache\r\nContent-Length: \d+\r\nSet-Cookie: f5[a-z]+=[A-Z]+; HttpOnly; secure\r\n\r\n<html><head><title>Request Rejected</title>| p/F5 BIG-IP load balancer http-proxy/ d/load balancer/

match kerberos-sec m|^\0\0\0[\x50-\x90]~[\x4e-\x8e]0[\x4c-\x8c]\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11\x18\x0f(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z\xa5\x05\x02\x03...\xa6\x03\x02\x01=\xa9.\x1b.([\w.-]+)\xaa\x1d0\x1b\xa0\x03\x02\x01\0\xa1\x140\x12\x1b\x06kadmin\x1b\x08changepw|s p/MIT Kerberos/ i/server time: $1-$2-$3 $4:$5:$6Z/ h/$7/

match monsoon m|^\0\x14\0\x01\xff\xff\xff\xfd\0\0\0\0\0\0\0\0\0\0\0\0$| p/Monsoon HAVA media streaming/ d/media device/

match msdtc m|^\x10\x1a\x0b\x00\x60\x4d$| p/Microsoft Distributed Transaction Coordinator/ o/Windows/ cpe:/o:microsoft:windows/a

match policy m|^action=defer_if_permit Policy Rejection: Invalid data\n\n$| p/Postfix mail policyd/

match pop3 m|^\+OK Citadel POP3 server <\d+@([-\w_.]+)>\r\n-ERR Not logged in\.\r\n-ERR Not logged in\.\r\n| p/Citadel pop3d/ h/$1/ cpe:/a:citadel:ux/

match rtsp m|^HTTP/1\.0 501 Not Implemented\r\nAllow: DESCRIBE, GET_PARAMETER, PAUSE, PLAY, SETUP, SET_PARAMETER, TEARDOWN\r\n| p/Axis M1054 or P3364 Network Camera rtspd/ d/webcam/
match rtsp m|^RTSP/1\.0 200 OK\r\nCSeq: 0\r\nPublic: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY\r\nBoard: MIPS\r\nDevCaps: VideoColor,IRLed,LightMode,\r\n\r\n| p/Maygion IPCamera rtspd/ d/webcam/

match sand-db m|^\xff\x02\x04\0\x03\0r\n\x08\0@L\x01\0\x01\x01\0\0\0\0[A-Z]{16}$| p/SAND database/

# www.hermstedtstingray.com/user_guides/stingray_security_white_paper.pdf
match stingray m|^\x02\x004ComDU2\0\0\0\0\0\0\0\0\0ON\0\x08OPTIONS \0\0\0\0<\x9e\x0e\x08!\x8a6@@\xb2W@\0\0\0\00\xd8\xdd\xbf\xbe\x99\r9@\x0c\xe0\x0b\x08\xb5\xd6\x0f@\xe8\xdd\xbf\xbeh\xa6>@0O\x18\x08\xd4\xb4U@| p/StingRay file transfer/

match tgcmd m|^\d+ \d+ \d+,Invalid command\.\n$| p/tgcmd.exe support daemon/ o/Windows/ cpe:/o:microsoft:windows/a

match upnp m|^HTTP/1\.1 405 METHOD NOT ALLOWED\r\nCache-Control: no-cache\r\nLast-Modified: .*\r\nX-User-Agent: DVArchive\r\nServer: Unknown/0\.0 UPnP/([\d.]+) Virata-EmWeb/R([\d_]+)\r\n| p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/DVArchive UPnP; UPnP $2/ o/Linux/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/o:linux:linux_kernel/a
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: Debian/([\w._-]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) MiniDLNA/([\w._-]+)\r\n| p/MiniDLNA/ v/$4/ i/Debian $1; DLNADOC $2; UPnP $3/ o/Linux/ cpe:/a:minidlna:minidlna:$4/a cpe:/o:debian:debian_linux:$1/ cpe:/o:linux:linux_kernel/a

match vnc-http m|^HTTP/1\.1 200\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nSet-Cookie: UBRWID=[A-F0-9]+\r\nAccess-Control-Allow-Origin: \*\r\nConnection: Keep-Alive\r\n\r\n\xef\xbb\xbf<!DOCTYPE html>\r\n<html>\r\n<head>\r\n<title>ThinVNC</title>\r\n| p/ThinVNC/

match webdav m|^HTTP/1\.1 200 OK\r\nSet-Cookie: mainServerInstance=; path=/(?:; secure)?\r\n(?:Set-Cookie: currentAuth=[^;]*; path=/(?:; secure)?\r\n)?Set-Cookie: CrushAuth=[^;]+; path=/(?:; secure; HttpOnly)?\r\nPragma: no-cache\r\nx-responding-server: ([\w._-]+)\r\nX-dmUser: username\r\nMS-Author-Via: DAV\r\nAllow: | p/CrushFTP httpd/ h/$1/ cpe:/a:crushftp:crushftp/
match webdav m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: cPanel\r\nPersistent-Auth: false\r\nCache-Control: no-cache[^\r\n]*\r\nConnection: Keep-Alive\r\nVary: Accept-Encoding\r\nAllow: [A-Z, ]+\r\nContent-Length: 0\r\nContent-Type: text/plain\r\nExpires: Fri, 01 Jan 1990 00:00:00 GMT\r\nDAV: 1, 2\r\nKeep-Alive: timeout=15, max=96\r\nMS-Author-Via: DAV\r\n\r\n|s p/cPanel webdav/ o/Linux/ cpe:/o:linux:linux_kernel/a

softmatch caldav m|^HTTP/1\.[01] 200 OK\r\n.*DAV: [^\r\n]*calendar.*\r\nAllow:|s
softmatch webdav m|^HTTP/1\.[01] 200 OK.*\r\nDAV: *1.*\r\nAllow:[^\r\n]* PROPFIND|s
softmatch webdav m|^HTTP/1\.[01] 200 OK.*\r\nAllow:[^\r\n]* PROPFIND.*\r\nDAV: *1|s

# https://github.com/kanaka/websockify
match websocket m|^HTTP/1\.0 501 Unsupported method \('OPTIONS'\)\r\nServer: SimpleHTTP/([\w._-]+) Python/([\w._+-]+)\r\nDate: .* GMT\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<head>\n<title>Error response</title>\n</head>\n<body>\n<h1>Error response</h1>\n<p>Error code 501\.\n<p>Message: Unsupported method \('OPTIONS'\)\.\n<p>Error code explanation: 501 = Server does not support this operation\.\n</body>\n$| p/websockify/ i/SimpleHTTP $1; Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/

##############################NEXT PROBE##############################
Probe TCP RTSPRequest q|OPTIONS / RTSP/1.0\r\n\r\n|
rarity 5
ports 80,554,3052,3372,5000,7070,8080,10000
sslports 322
fallback GetRequest

match raop m|^RTSP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"raop\", nonce=\"[0-9A-F]{40}\"\r\nContent-Length: 0\r\n\r\n$| p/Remote Audio Output Protocol/ i/Rogue Amoeba Airfoil speakers/ d/media device/

match rtsp m|^RTSP/1\.0 200 OK\r\nCSeq: 0\r\nDate: .*\r\nServer: RealServer Version (\d[-.\w]+) \(win32\)\r\n| p/Realserver RTSP/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match rtsp m|^RTSP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: RealMedia EncoderServer Version (\d[-.\w]+) \(win32\)\r\n|s p/RealMedia EncoderServer/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match rtsp m|^RTSP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: RealServer Version (\d[-.\w]+) \(([-.+\w]+)\)\r\n|s p/RealOne Server/ v/$1/ i/$2/
match rtsp m|^RTSP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Helix [\w ]*Server Version ([\d.]+) \(win32\)\r\n|s p/Helix DNA Server/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match rtsp m|^RTSP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Helix [\w ]*Server Plus Version ([\d.]+) \(win32\)|s p/Helix DNA Server Plus/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match rtsp m|^RTSP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Helix [\w ]*Server Version ([\d.]+) \((linux-[^)\r\n]+)\)|s p/Helix DNA Server/ v/$1/ i/$2/ o/Linux/ cpe:/o:linux:linux_kernel/a
match rtsp m|^RTSP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Helix [\w ]*Server Version ([\d.]+) \(sunos-([\d.]+)-sparc-server\)|s p/Helix DNA Server/ v/$1/ i/SunOS $2 sparc/ o/SunOS/ cpe:/o:sun:sunos:$2/
match rtsp m|^RTSP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Helix Server Version ([\d.]+) \(sunos-([\d.]+)-sparc-server\)|s p/Helix DNA Server/ v/$1/ i/SunOS $2 sparc/ o/SunOS/ cpe:/o:sun:sunos:$2/
match rtsp m|^RTSP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Helix Server Version ([\d.]+) \(win32\)|s p/Helix DNA Server/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a

match rtsp m|^RTSP/1\.0 \d\d\d .*\r\nServer: DSS/([\d.]+) \(Build/[\d.]+; Platform/Win32| p/Darwin Streaming Server/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match rtsp m|^RTSP/1\.0 \d\d\d .*\r\nServer: DSS/([\d.]+) \(Build/[\d.]+; Platform/Solaris| p/Darwin Streaming Server/ v/$1/ o/Solaris/ cpe:/o:sun:sunos/a
match rtsp m|^RTSP/1\.0 \d\d\d .*\r\nServer: DSS/([\d.]+) \(Build/[\d.]+; Platform/Linux| p/Darwin Streaming Server/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match rtsp m|^RTSP/1\.0 \d\d\d .*\r\nServer: DSS/([\d.]+) \(Build/[\d.]+; Platform/FreeBSD| p/Darwin Streaming Server/ v/$1/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a
match rtsp m|^RTSP/1\.0 \d\d\d .*\r\nPublic: DESCRIBE, GET_PARAMETER, PAUSE, PLAY, SETUP, TEARDOWN\r\n\r\n| p/Axis 207W Webcam rtspd/
match rtsp m|^RTSP/1\.0 200 OK\r\nAudio-Jack-Status: connected; type=digital\r\n| p/RogueAmoeba Airfoil rtspd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match rtsp m|^RTSP/1\.0 200 OK\r\nServer: AirTunes/([\w._-]+)\r\nAudio-Jack-Status: connected; type=analog\r\nPublic: ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER, POST, GET\r\n\r\n| p/RogueAmoeba Airfoil rtspd/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match rtsp m|^RTSP/1\.0 200 OK\r\nAudio-Jack-Status: connected; type=analog\r\nCSeq: \r\nPublic: ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER\r\n\r\n| p/Boxee rtspd/ d/media device/
match rtsp m|^RTSP/1\.0 200 OK\r\nServer: vlc ([\w._-]+)\r\n| p/VideoLAN/ v/$1/ cpe:/a:videolan:vlc_media_player:$1/
match rtsp m|^RTSP/1\.0 200 OK\r\nPublic: ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER, POST, GET\r\nServer: AirTunes/([\w._-]+)\r\n\r\n| p/Apple AirTunes rtspd/ v/$1/ i/Apple TV/ d/media device/ o/Mac OS X/ cpe:/a:apple:apple_tv/ cpe:/o:apple:mac_os_x/a
match rtsp m|^RTSP/1\.0 400 Bad Request\r\n\r\n$| p/Apple AirTunes rtspd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: AirTunes/([\w._-]+)\r\n\r\n| p/Apple AirTunes rtspd/ v/$1/
match rtsp m|^RTSP/1\.0 453 Not Enough Bandwidth\r\nServer: AirTunes/([\w._-]+)\r\n\r\n| p/Apple AirTunes rtspd/ v/$1/ i/bandwidth maxed out/
match rtsp m|^RTSP/1\.0 200 OK\r\nServer: VLC/([\w._-]+)\r\nContent-Length: 0\r\nPublic: DESCRIBE,SETUP,TEARDOWN,PLAY,PAUSE,GET_PARAMETER\r\n\r\n| p/VLC rtspd/ v/$1/ cpe:/a:videolan:vlc_media_player:$1/

match rtsp m|^RTSP/2\.0 200 OK\r\nCSeq: 0\r\nPublic: DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE\r\n\r\n$| p/TwonkyMedia rtspd/
match rtsp m|^RTSP/1\.0 200 OK\r\nServer: iCanSystem/([\w._-]+)\r\nCseq: \r\nPublic: DESCRIBE, SETUP, PLAY, PAUSE, TEARDOWN, OPTIONS\r\n\r\n$| p/iCanSystem rtspd/ v/$1/ d/webcam/
match rtsp m|^RTSP/1\.0 200 OK\r\nPublic: DESCRIBE, GET_PARAMETER, PAUSE, PLAY, SETUP, SET_PARAMETER, TEARDOWN\r\n\r\n$| p/AXIS 207W or 212 PTZ network camera rtspd/ d/webcam/
match rtsp m|^RTSP/1\.0 200 OK\r\nPublic: DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, SET_PARAMETER\r\n\r\n$| p/Avtech MPEG4 DVR control rtspd/
match rtsp m|^RTSP/1\.0 200 OK\r\nSupported: play\.basic, con\.persistent\r\nCseq: 0\r\nServer: Wowza Media Server ([\w._-]+) build(\d+)\r\nPublic: DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, OPTIONS, ANNOUNCE, RECORD, GET_PARAMETER\r\n\r\n$| p/Wowza Media Server rtspd/ v/$1 build $2/ cpe:/a:wowza:wowza_media_server:$1/
match rtsp m|^RTSP/1\.0 200 OK\r\nSupported: play\.basic, con\.persistent\r\nCseq: 0\r\nServer: Wowza Streaming Engine ([\w._-]+) build(\d+)\r\nPublic: DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, OPTIONS, ANNOUNCE, RECORD, GET_PARAMETER\r\nCache-Control: no-cache\r\n\r\n$| p/Wowza Streaming Engine rtspd/ v/$1 build $2/ cpe:/a:wowza:wowza_streaming_engine:$1/
match rtsp m|^RTSP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Helix Mobile Server Version ([\w._-]+) \(win32\) \(RealServer compatible\)\r\nPublic: OPTIONS, DESCRIBE, PLAY, PAUSE, SETUP, GET_PARAMETER, SET_PARAMETER, TEARDOWN\r\nTurboPlay: 1\r\nRealChallenge1: [0-9a-f]+\r\nStatsMask: 8\r\n\r\n$|s p/Helix Mobile Server rtspd/ v/$1/
match rtsp m|^RTSP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Helix Mobile Server Version ([\w._-]+) \(win32\) \(RealServer compatible\)\r\nPublic: OPTIONS, DESCRIBE, ANNOUNCE, PLAY, PAUSE, SETUP, GET_PARAMETER, SET_PARAMETER, TEARDOWN\r\nTurboPlay: 1\r\nRealChallenge1: [0-9a-f]+\r\nStatsMask: 8\r\n\r\n$|s p/Helix Mobile Server rtspd/ v/$1/
match rtsp m|^RTSP/1\.0 200 OK\r\nCseq: 0\r\nPublic: OPTIONS,DESCRIBE,SETUP,PLAY,PING,PAUSE,TEARDOWN\r\n\r\n$| p/Cisco WVC54GCA webcam rtspd/ d/webcam/ cpe:/h:cisco:wvc54gca/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nDate: .*\r\nallow: OPTIONS, DESCRIBE, SETUP, PLAY, TEARDOWN\r\n\r\n$| p/ACTi surveillance camera rtspd/ d/webcam/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: Mango DSP RTSP Stack\r\n\r\n| p/Mango DSP AVS Raven-M video server rtspd/ d/media device/
match rtsp m|^RTSP/1\.0 200 OK\r\nCSeq: -1\r\nDate: .* GMT\r\nPublic: OPTIONS, DESCRIBE, PLAY, SETUP, TEARDOWN\r\n\r\n$| p/Vivotek IP7131 or IP7138 webcam rtspd/ d/webcam/ cpe:/h:vivotek:ip7131/ cpe:/h:vivotek:ip7138/
match rtsp m|^RTSP/1\.0 200 OK\r\nCSeq: -1\r\nDate: .* GMT\r\nPublic: OPTIONS, DESCRIBE, PLAY, SETUP, GET_PARAMETER, SET_PARAMETER, TEARDOWN\r\n\r\n| p/Vivotek FD8134V webcam rtspd/ d/webcam/ cpe:/h:vivotek:fd8134v/
match rtsp m|^RTSP/1\.0 200 OK\r\nPublic: OPTIONS, ANNOUNCE, SETUP, RECORD, SET_PARAMETER, GET_PARAMETER, FLUSH, TEARDOWN, POST\r\n\r\n| p/Freebox rtspd/ d/media device/
match rtsp m|^RTSP/1\.0 401 Unauthorized\r\nCSeq: 0\r\nDate: .*\r\nExpires: .*\r\nCache-Control: must-revalidate\r\nWWW-Authenticate: Digest realm=\"NET-i\", nonce=\"000000000000000000000000[0-9A-F]{8}\"\r\n\r\n| p/Samsung SNB-2000 webcam rtspd/ d/webcam/ cpe:/h:samsung:snb-2000/
match rtsp m|^RTSP/1\.0 200 OK 200\r\n(?:[^\r\n]+\r\n)*?Server: Amino streamer\r\n|s p/Amino AmiNET set-top box rtspd/ d/media device/
match rtsp m|^RTSP/1\.0 200 OK\r\nServer: GM Streaming Server v([\w._-]+)\r\nPublic: DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE\r\n\r\n$| p/GM Streaming Server rtspd/ v/$1/ d/webcam/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nCSeq: 0\r\n\r\n| p/Sanyo VCC-HD2300 webcam rtspd/ d/webcam/ cpe:/h:sanyo:vcc-hd2300/
match rtsp m|^RTSP/1\.0 401 Unauthorized\r\nCSeq: 0\r\nWWW-Authenticate: Basic realm=\"Arecont Vision\"\r\n\r\n| p/Arecont Vision surveillance camera rtspd/ d/webcam/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nDate: .* GMT\r\nAllow: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, GET_PARAMETER, SET_PARAMETER\r\n\r\n| p/D-Link DCS-2130 or Pelco IDE10DN webcam rtspd/ d/webcam/ cpe:/h:dlink:dcs-2130/ cpe:/h:pelco:ide10dn/
match rtsp m|^RTSP/1\.0 200 OK\r\nCSeq: 0\r\nDate: .*\r\nServer: RealMedia Server Version ([\d.]+) \(([^)]+)\)\r\nPublic: OPTIONS, DESCRIBE, ANNOUNCE, SETUP, GET_PARAMETER, SET_PARAMETER, TEARDOWN\r\nRealChallenge1: | p/RealMedia Server/ v/$1/ o/$2/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nDate: .*\r\nAllow: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE\r\n\r\n| p/NUUO IP Surveillance rtpsd/ d/webcam/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nDate: .*\r\nAllow: OPTIONS, DESCRIBE, SETUP, TEARDOWN, SET_PARAMETER, PLAY\r\n\r\n| p/Planet ICA-HM132 or TRENDnet TV IP302PI rtspd/ d/webcam/ cpe:/h:planet:ica-hm132/ cpe:/h:trendnet:tv_ip302pi/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nDate: .*\r\nAllow: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, SET_PARAMETER\r\n\r\n| p/Live555 Streaming Server rtspd/
match rtsp m|^RTSP/1\.0 200 OK\r\nAudio-Jack-Status: .*\r\nPublic: ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER\r\n\r\n| p/Shairport rtspd/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: Optelecom-NKF RTSPServer/([\w._-]+)\r\n\r\n| p/Optelecom-NKF rtspd/ v/$1/ d/webcam/
match rtsp m|^RTSP/1\.0 200 OK\r\nServer: HiIpcam/([\w._-]+) VodServer/([\w._-]+)\r\nPublic: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY,SET_PARAMETER,GET_PARAMETER\r\n\r\n| p/VODServer rtspd/ v/$2/ i/HiIpcam $1/
match rtsp m|^RTSP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"Hikvision\", nonce=\"[\da-f]{32}\", stale=\"FALSE\"\r\nWWW-Authenticate: Basic realm=\"/\"\r\n\r\n| p/Hikvision DVR rtspd/ d/media device/
match rtsp m|^RTSP/1\.0 200 OK\r\nPublic: ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER, POST, GET, PUT\r\nServer: AirTunes/([\w._-]+)\r\n\r\n| p/AirTunes rtspd/ v/$1/ cpe:/a:apple:airtunes:$1/
# TP-LINK Wireless N Gigabit Router WR1043ND
match rtsp m|^RTSP/1\.0 200 OK\r\nCSeq: 0\r\nDate: .*\r\nPublic: OPTIONS, DESCRIBE, SETUP, PLAY, PAUSE, TEARDOWN, GET_PARAMETER, SET_PARAMETER\r\n\r\n$| p/TP-LINK WAP rtspd/ d/WAP/
match rtsp m|^RTSP/1\.0 400 Bad Request\r\nDate: \d\d\d\d/\d\d?/\d\d?\r\nAllow: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, GET_PARAMETER, SET_PARAMETER\r\n\r\n| p/Monster Digital Villain or Denver AC-5000W MK2 rtspd/ d/webcam/
match rtsp m|^RTSP/1\.0 200 OK\r\nServer: HiIpcam/(V\d+R\d+) VodServer/([\d.]+)\r\nPublic: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY\r\n\r\n| p/HiLinux IP camera rtspd/ v/$1/ i/VodServer $2/ d/webcam/
match rtsp m|^RTSP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm="device"\r\nServer: Dahua Rtsp Server\r\nContent-Length: 0\r\n\r\n| p/Dahua IP camera rtspd/
match rtsp m|^RTSP/1\.0 404 Not Found\r\nServer: AvigilonOnvifNvt/([\d.]+)\r\n| p/Avigilon ONVIF camera rtspd/ v/$1/ d/webcam/

# IQinVision IQeye3 RTSP, this is pretty generic, leaving in (Brandon)
match rtsp m|^RTSP/1\.0 200 OK\r\nServer: Gordian Embedded([\d\.]+)\r\n(?:[^\r\n]+\r\n)*?Public: OPTIONS, DESCRIBE, SETUP, PLAY, TEARDOWN\r\n|s p/Gordian httpd/ v/$1/ i/IQinVision IQeye3 webcam rtspd/ d/webcam/
match rtsp m|^RTSP/1\.0 200 OK\r\nServer: H264DVR ([\d.]+)\r\nPublic: OPTIONS, DESCRIBE, SETUP, TEARDOWN, GET_PARAMETER,(?: SET_PARAMETER,) PLAY, PAUSE\r\n\r\n| p/H264DVR rtspd/ v/$1/
match rtsp m|^RTSP/1\.0 403 Forbidden\r\nContent-Length: 0\r\nServer: AirTunes/([\d.]+)\r\n\r\n| p/AirTunes rtspd/ v/$1/ cpe:/a:apple:airtunes:$1/
match rtsp m|^RTSP/1\.0 200 OK\r\nPublic: OPTIONS, DESCRIBE, SETUP, PLAY, TEARDOWN, PAUSE\r\n\r\n$| p/Hikvision DVR rtspd/
match rtsp m|^RTSP/1\.0 200 OK\r\nCSeq: 0\r\nPublic: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE,GET_PARAMETER\r\n\r\n$| p/Kodi OSMC rtspd/
match rtsp m|^RTSP/1\.0 200 OK\r\nCSeq: \r\nPublic: DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE\r\nServer: HomeMonitor HD Pro\r\n\r\n| p/Y-cam HomeMonitor HD Pro rtspd/ d/webcam/ cpe:/h:y-cam:homemonitor_hd_pro/
match rtsp m|^RTSP/1\.0 200 OK\r\nServer: AirTunes/([\d.]+)\r\nPublic: ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER\r\n\r\n| p/Apple AirTunes rtspd/ v/$1/ cpe:/a:apple:airtunes:$1/
match rtsp m|^RTSP/1\.0 200 OK\r\nCSeq: 0\r\nServer: Wowza Streaming Engine ([\d.]+) build ?(\d+)\r\nCache-Control: no-cache\r\nPublic: DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, OPTIONS, ANNOUNCE, RECORD, GET_PARAMETER\r\n| p/Wowza Streaming Engine rtspd/ v/$1 build $2/ cpe:/a:wowza:wowza_streaming_engine:$1/

match http m|^HTTP/1\.1 403 Forbidden\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/([\d.]+).*This object on the APC Management Web Server is protected and requires a secure socket connection\.|s p/Allegro RomPager/ v/$1/ i/APC http config/ d/power-device/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 405 Method Not Allowed\r\nAllow: GET, HEAD, POST, PUT\r\nContent-Length: 0\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n$| p/Allegro RomPager/ v/$1/ cpe:/a:allegro:rompager:$1/

match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nServer: FineGround Performance Server\r\n| p/Fineground performance httpd/
match http m|^RTSP/1\.0 501 Not Implemented\r\nServer: Embedded HTTP Server ([\d.]+)\r\n| p/Embedded HTTP Server/ v/$1/

match http m|^HTTP/1\.1 400 Bad Request\r\nServer: Virata-EmWeb/R([\d_]+)\r\nContent-Length: 0\r\n\r\n400 Bad Request\r\n$| p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP printer http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a

match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nContent-Length: 0\r\n\r\n| p/EMC Navisphere CIM Object Manager httpd/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nCache-Control: no-store\r\nContent-Type: text/html\r\nContent-Length: 229\r\n\r\n<html>\r\n<head>\r\n<title> Error </title>\r\n</head>\r\n<body>\r\n<!-- user defined strings -->\r\nAccess denied due to security policy violation<br><br><!-- reject ID -->\r\nReject ID: [0-9a-f-]+\r\n<br>\r\n<br>\r\n</body>\r\n</html>$| p/Check Point R65 firewall http config/ d/firewall/ cpe:/h:checkpoint:r65/a
match http m|^HTTP/1\.1 406 Not Acceptable\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\nContent-Length: 616\r\n\r\n<HTML><HEAD>\n<TITLE>Request Error</TITLE>| p/Blue Coat proxy server/ d/proxy server/
match http m|^<html>\r\n<head><title>400 Bad Request</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n$| p/nginx/ cpe:/a:igor_sysoev:nginx/
match http m|^<html>\r\n<head><title>400 Bad Request</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<hr><center>nginx/([\w._-]+)</center>\r\n</body>\r\n</html>\r\n$| p/nginx/ v/$1/ cpe:/a:igor_sysoev:nginx:$1/
match http m|^<html>\r\n<head><title>400 Bad Request</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<hr><center>cloudflare-nginx</center>\r\n</body>\r\n</html>\r\n$| p/cloudflare-nginx/
match http m|^<head><title>400 Bad Request</title></head>\r\n<h1>400 Bad Request</h1>\r\n\r\n| p/nginx/ cpe:/a:igor_sysoev:nginx/
# Counting on this 404 being unique enough here in RTSPRequest.
match http m|^HTTP/1\.0 404 Not Found\r\n\r\n$| p/XBT BitTorrent tracker http interface/
match http m|^HTTP/1\.1 400 Bad Request\n\n$| p/Adaptec Storage Manager Agent httpd/
match http m|^HTTP/1\.1 406 Not Acceptable\r\n.*<blockquote>\n<TABLE border=0 cellPadding=1 width=\"80%\">\n<TR><TD>\n<FONT face=\"Helvetica\">\n<big>Request Error \(unsupported_protocol\)</big>\n<BR>\n<BR>\n</FONT>|s p/Dreambox httpd/ d/media device/
match http-proxy m|^HTTP/1\.1 400 Bad Request \( The data is invalid\.  \)\r\n| p/Microsoft ISA Server http proxy/ o/Windows/ cpe:/a:microsoft:isa_server/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nConnection: close\r\nDate: .*\r\n\r\n<HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD>\r\n<BODY><H1>400 Bad Request</H1>\r\nThe request could not be understood by the server due to malformed syntax\r\n</BODY></HTML>$| p/Trend Micro CSC module for Cisco ASA 5510 firewall httpd/ cpe:/h:cisco:asa_5510/a
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\nError 400: Bad Request\nCan not parse request: \[OPTIONS\]| p/TomTom httpd/
match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nDate: .*\r\nConnection: close\r\nServer: Apache\r\n\r\n| p/Apache Tomcat httpd/ cpe:/a:apache:tomcat/
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nContent-Length: 0\r\n\r\n400 Bad Request\r\n| p/Cisco Wireless LAN Controller httpd/ d/remote management/ cpe:/o:cisco:wireless_lan_controller_software/
match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nContent-Type: text/html\r\nContent-Length: 166\r\n\r\n<html><head><title>505 HTTP Version Not Supported</title></head><body><h1>HTTP Version Not Supported</h1><p>HTTP versions 1\.0 and 1\.1 are supported\.</p></body></html>| p/Mitel SIP DEC VoIP phone http config/ d/VoIP phone/
#match http m|^<head>\n<title>Error response</title>\n</head>\n<body>\n<h1>Error response</h1>\n<p>Error code 400\.\n<p>Message: Bad request version \('RTSP/1\.0'\)\.\n<p>Error code explanation: 400 = Bad request syntax or unsupported method\.\n</body>\n| p/BaseHTTPServer/ cpe:/a:python:basehttpserver/a
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 59\r\nConnection: close\r\n\r\nError 400: Bad Request\nCannot parse HTTP request: \[OPTIONS\]$| p/Mongoose httpd/ cpe:/a:cesanta:mongoose/
match http m|^HTTP/1\.1 505 HTTP Version not supported\r\nContent-Length: 0\r\nDate: .* GMT\r\nConnection: close\r\n\r\n| p/Konica Minolta bizhub C452 OpenAPI/ d/printer/ cpe:/h:konicaminolta:bizhub_c452/
match http m|^HTTP/1\.0 500\r\nContent-Type: text/html; charset=UTF-8\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\nConnection: close\r\n\r\n<!DOCTYPE html>\n<html>\n<head>\n  <title>Application Firewall Error</title>\n  <style type="text/css" media="screen">\n    body \{ font-family: Arial, Garamond, sans-serif; padding: 40px; background-color: #333333; \}\n| p/Imperva WAF/
match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\nCache-Control: no-cache\r\nDate: .*\r\n\r\n<HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD>\r\n<BODY><H1>400 Bad Request</H1>\r\n</BODY></HTML>\r\n| p/Trend Micro OfficeScan/ cpe:/a:trend_micro:officescan/
match http m|^<html>\r\n<head><title>400 Bad Request</title></head>\r\n<body bgcolor="white">\r\n<center><h1>400 Bad Request</h1></center>\r\n<hr><center></center>\r\n</body>\r\n</html>\r\n| p/Palo Alto GlobalProtect Gateway httpd/ cpe:/a:paloaltonetworks:globalprotect/

match http-proxy m|^HTTP/1\.1 503 Service Unavailable\r\ndate: .*\r\nconnection: close\r\n\r\n<html><body><pre><h1>Service unavailable</h1></pre></body></html>\n| p/HTTP Replicator proxy/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: 103\r\nConnection: close\r\n\r\n<html><body> <h2>Mikrotik HttpProxy</h2>\n\r<hr>\n\r<h2>\n\rError: 400 Bad Request\r\n\r\n</h2>\n\r</body></html>\n\r$| p/MikroTik HttpProxy/ d/router/
match http-proxy m|^RTSP/1\.0 400 Bad Request\r\nServer: PanWeb Server/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Keep-Alive: timeout=60, max=2000\r\nContent-Type: text/html\r\nContent-length: 130\r\n\r\n<HTML><HEAD><TITLE>Document Error: Bad Request</TITLE>|s p/Palo Alto PanWeb httpd/ v/$1/ d/proxy server/ cpe:/a:paloaltonetworks:panweb:$1/

match remote-control m|^\x01\0\0\0\0\0\0$| p/Alchemy Lab Remote Control PRO remote management/ d/remote management/

match rtsp-proxy m|^RTSP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Via: [\d.]+ ([-\w_.]+) \(NetCache NetApp/([\w.]+)\)\r\n\r\n|s p/NetApp NetCache rtsp proxy/ v/$2/ h/$1/ cpe:/a:netapp:netcache:$2/
match rtsp-proxy m|^RTSP/1\.0 451 Parameter Not Understood\r\n\r\n$| p/RTSP Proxy Reference Implementation/
match rtsp-proxy m|^RTSP/1\.0 403 Forbidden: Proxy not licensed\r\nSession: \w+\r\n\r\n| p/Blue Coat rtsp proxy/ i/Unlicensed/

match sonicmq m|^\x1a\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x08\xff\xff\xff\xf1\0\0\0O$| p/Novell Sentinel SonicMQ broker/

match powerchute m|^RTSP/1\.0 400 Bad request\r\nContent-type: text/html\r\n\r\n| p/APC PowerChute Agent/ v/6.x|7.x/ d/power-device/
match powerchute m|^RTSP/1\.0 400 Bad request\nContent-type: text/html\n\n| p/APC PowerChute Agent/ v/7.X/ d/power-device/
match msdtc m|^ERROR\n$|s p/Microsoft Distributed Transaction Coordinator/ i/error/ o/Windows/ cpe:/o:microsoft:windows/a

match upnp m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nServer: Unknown/0\.0 UPnP/([\d.]+) Virata-EmWeb/([-.\w]+)\r\n| p/Virata-EmWeb/ v/$SUBST(2,"_",".")/ i/ReplayTV UPnP; UPnP $1/ cpe:/a:virata:emweb:$SUBST(2,"_",".")/a
# Xbox One UPnP unicast eventing listener or IIS 8.5 on Windows 2012
match upnp m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html; charset=us-ascii\r\nDate: .*\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01//EN\"\"http://www\.w3\.org/TR/html4/strict\.dtd\">| p/Microsoft IIS httpd/ cpe:/a:microsoft:internet_information_services/

# This probe sends an RPC "Null command" to the port for service
# 100000 (portmapper).
# Some of these numbers are abitrary (such as ID).  I could consider
# adding an \R escape in the string logic to provide a random byte.
# This would make IDS detection and such a bit harder.  On the other
# hand, that would make the response a little harder to recognize too.
##############################NEXT PROBE##############################
Probe TCP RPCCheck q|\x80\0\0\x28\x72\xFE\x1D\x13\0\0\0\0\0\0\0\x02\0\x01\x86\xA0\0\x01\x97\x7C\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0|
rarity 4
ports 81,111,199,514,544,710,711,1433,2049,4045,4999,7000,8307,8333,17007,32750-32810,38978

match unicorn-ils m|^\xb5q\x83\x02\x05\xe0\x84\x03\x01\xe1\x82\x85\x03\x04\x93\xe0\x86\x03\x04\x93\xe0\x8c\x01\0\x9fn\x16Unicorn ([\w._-]+) Standard\x9fo\x11SIRSI Corporation\x9fp\x033\.0\xab&\(\$\x81\"Expected CONSTRUCTED PDU not found$| p/SirsiDynix Unicorn Integrated Library System/ v/$1/

match afp m|^\x01\x01\x86\xa0\xff\xff\xecj\0\0\0\0\0\0\0\0| p/Mac OS 9 AFP/ o/Mac OS 9/ cpe:/o:apple:mac_os:9/

match consul m|^\x82\xa5Error\xb2Handshake required\xa3Seq\0| p/HashiCorp Consul RPC/ cpe:/a:hashicorp:consul/

match airmedia-audio m|^AudioPro\x14\x10\x02\0\0\xacD \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| p/Crestron AirMedia audio data channel/

match exportfs m|^(?:p9sk1@[\w._-]+ )*p9sk1@([\w._-]+)\0/bin/exportfs: auth_proxy: auth_proxy rpc write: : invalid argument\n| p/Plan 9 exportfs/ o/Plan 9/ h/$1/ cpe:/o:belllabs:plan_9/a

match goldengate m|^\0\+  ERROR\tMGR did not recognize the command\.\0| p/Oracle GoldenGate/ cpe:/a:oracle:goldengate/

match honeywell-confd m|^\0\0\0\0\0\0\+\xc1$| p/Honeywell confd/

match http m|^HTTP/1\.1 400 Bad Request\r\nServer: micro_httpd\r\nCache-Control: no-cache\r\nDate: .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H4>400 Bad Request</H4>\nNo request found\.\n<HR>\n<ADDRESS><A HREF=\"http://www\.acme\.com/software/micro_httpd/\">micro_httpd</A></ADDRESS>\n</BODY></HTML>\n$| p/micro_httpd/ cpe:/a:acme:micro_httpd/

# reported for 3.8.1, 3.9.3
match jabber m|^<stream:error xmlns:stream="http://etherx\.jabber\.org/streams"><xml-not-well-formed xmlns="urn:ietf:params:xml:ns:xmpp-streams"/></stream:error>$| p/Ignite Realtime Openfire Jabber server/ v/3.9.3 or earlier/ cpe:/a:igniterealtime:openfire/
# https://issues.igniterealtime.org/browse/OF-811
match jabber m|^<stream:error xmlns:stream="http://etherx\.jabber\.org/streams"><not-well-formed xmlns="urn:ietf:params:xml:ns:xmpp-streams"/></stream:error>$| p/Ignite Realtime Openfire Jabber server/ v/3.10.0 or later/ cpe:/a:igniterealtime:openfire/
softmatch jabber m|^<stream:error |

match kdb m|^'char$| p/kdb+/ cpe:/a:kx_systems:kdb%2b/

match kerberos m|^\0\0\0Q~O0M\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11\x18\x0f(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z\xa5\x05\x02\x03...\xa6\x03\x02\x01=\xa9\x15\x1b\x13<unspecified realm>\xaa\x0b0\t\xa0\x03\x02\x01\0\xa1\x020\0$|s p/Heimdal Kerberos/ i/server time: $1-$2-$3 $4:$5:$6Z/

match kapow-robot m|^<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<!DOCTYPE rql PUBLIC \"-//Kapow Technologies//DTD RoboSuite Robot Query Language ([\w._-]+)//EN\" \"http://www\.kapowtech\.com/robosuite/rql/dtd/robot-query-language_[\w._-]+\.dtd\">\n<rql>\n  <server-error>\n    <message>com\.kapowtech\.robosuite\.api\.java\.rql\.RQLProtocolException: Invalid byte 1 of 1-byte UTF-8 sequence\.</message>| p/Kapow Robot Query Language/ v/$1/

match kvm m|^\0\0\0\0\0\x84\0\x10\x7c\x9f\xfb\0\0\0\0\0$| p/KVM daemon/

match lanrev-agent m|^\x01\0\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01| p/LANrev remote administration/

match mxie m|^\x80\x00\x00\x0c\x72\xfe\x1d\x13\x00\x00\x00\x01\x00\x00\x00\x02$| p/Zultys MXIE VoIP presence server/

# tcp/5000: Adaptive Server
# tcp/5001: Backup Server
# tcp/5002: Monitor Server
match sybase-adaptive m|^\0\x01\0\x08\0\0\x00\0$| p/Sybase Adaptive Server/ o/Windows/ cpe:/a:sybase:adaptive_server/ cpe:/o:microsoft:windows/a
match sybase-backup m|^\0\x01\0\x08\0\0\x01\0$| p/Sybase Backup Server/ o/Windows/ cpe:/a:sybase:backup_server/ cpe:/o:microsoft:windows/a

match syncsort-cmagent m|^\x80\0\0.\x0f\x02\x02\x06\t\x1d\x02\x11m\x04\x15\x17\x01\x06c\x7csww{t\x1b...On\x04\x0f\x1d\x19wE\x0f\x13\x15\x08\x13g\x06\x03\x15\x04\x08\x0f\x13e\x18fm.ug| p/Syncsort Backup Express cmagent/

# port 5566: https://www.synology.com/en-us/knowledgebase/DSM/tutorial/General/What_network_ports_are_used_by_Synology_services
match synobtrfsreplicad m|^\x80\0\0\(r\xfe\x1d\x13\0\0\0\x19| p/Synology Snapshot Replication shared folder/ d/storage-misc/

match tandem-print m|^\x01$| p/Sharp printer tandem printing/ d/printer/

# Distributed Relational Database Architecture (DRDA) OS/400 V5R2
# PRCCNVRM conversational protocol error.
match drda m|^\0\x15\xd0\x02\xff\xff\0\x0f\x12E\0\x06\x11I\0\x08\0\x05\x11\?\x06$| p/IBM DRDA/

# Microsoft SQLServer 6.5 on WinNT 4.0 SP6a
# Microsoft SQL Server 6.5 on WinNT 4.0
match ms-sql-s m|^\x04\x01\0C..\0\0\xaa\0\0\0/\x0f\xa2\x01\x0e.. Login failed\r\n\x14Microsoft SQL Server\0\0\0\xfd\0\xfd\0\0\0\0\0\x02$|s p/Microsoft SQL Server/ v/6.5/ o/Windows/ cpe:/a:microsoft:sql_server:6.5/ cpe:/o:microsoft:windows/a

match netman m|^\0\0\0 \0\0\0\x01\xd5\x1f\x0fK\0\0\0\0\x18\?c\0\0\0\0\0\x01\0\0\x00([\w._-]+)   $| p/Tivoli Workload Scheduler Netman/ v/$1/

match nim m|^\0$| p/IBM AIX Network Installation Management/ o/AIX/ cpe:/o:ibm:aix/a

match ossec-agent m=^\xdf\x06\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\x97\|\0\0\0\0\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x10\0\0\0$= p/OSSEC Agent/ cpe:/a:ossec:ossec/

match riverbed-stats m|^a\x0f\x02\x04fiji\x02\x01\0\x02\x01\0\x02\x01\0$| p/Riverbed Steelhead Mobile caching proxy statistics/ d/proxy server/

#RPC Response, MSG_ACCEPTED, any AUTH type
match rpcbind m|^\x80\0\0.\x72\xfe\x1d\x13\0\0\0\x01\0\0\0\0\0\0\0[\x00-\x03\x06]|
# RPC Response, MSG_DENIED, RPC_MISMATCH
match rpcbind m|^\x80\0\0.\x72\xfe\x1d\x13\0\0\0\x01\0\0\0\x01\0\0\0\x00\0\0\0[\x00-\x02]\0\0\0[\x00-\x02]|
# RPC Response, MSG_DENIED, AUTH_ERROR, any status
match rpcbind m|^\x80\0\0.\x72\xfe\x1d\x13\0\0\0\x01\0\0\0\x01\0\0\0\x01\0\0\0[\x00-\x07]|

match rtdscchcch m|^\x03\x11\0\x02V1\xec\xe7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xdd\0\x04\0\0| p/SIX Market Data Feed (MDF)/ cpe:/a:six_group:market_data_feed/

# The following matchline commented out as it is actually a match for a TLS
# negotiation error message (15 03 01 00 02 02 0a) - http://seclists.org/nmap-dev/2010/q2/465
# match raid-mgt m|^\x15\x03\x01\0\x02\x02\n$| p/Promise Array Manager RAID management/
match raid-mon m|^\0 \0.{5}\x04\0\0\0\x02\\@|s p/Promise RAID message agent/
match raid-mon m|^\x02 \0.{5}\x04\0\0\0\x02\\@|s p/Promise RAID message agent/

match solidworks-remotesolve m|^\0\0\0\0\0\0\0\0T\x01\x04\x80| p/SolidWorks Remote Solver for Flow Simulation/ v/2009/

match telnet m=^\xff\xfb\x01\xff\xfb\x03\xff\xfb\0\xff\xfd\0Username: data_error\r\r\n\(rdata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\n\|= p/Jungo OpenRG telnetd/ i/Actiontec MI424-WR/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match telnet m=^\xff\xfb\x01\xff\xfb\x03\xff\xfb\0\xff\xfd\0Username: data_error\r\n\(rdata_error\r\ndata_error\r\ndata_error\r\ndata_error\r\ndata_error\r\ndata_error\r\ndata_error\r\ndata_error\r\ndata_error\r\n\|= p/Jungo OpenRG telnetd/ i/Linksys RV082 WAP/ d/WAP/ o/Linux 2.4/ cpe:/h:linksys:rv082/a cpe:/o:linux:linux_kernel:2.4/
match telnet m=^\xff\xfb\x01\xff\xfb\x03\xff\xfb\0\xff\xfd\0Log level 3\r\r\nUsername: data_error\r\r\n\(rdata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\n\|= p/Jungo OpenRG telnetd/ i/Pirelli A125G wireless DSL router/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a

# Version 4.2.4
match tina m|^\x80\0\0\x0c\0\0\0\x01\0\0\0\x11%\xf5:\0| p/Atempo Time Navigator/

# Vmware ESX 1.5.x Client Agent for Linux -- WAIT - I think this is erronous and is actually smux
# HP-UX 11 SNMP Unix Multiplexer (smux)
match smux m|^A\x01\x02$| p/HP-UX smux/ i/SNMP Unix Multiplexer/ o/HP-UX/ cpe:/o:hp:hp-ux/a
# Network Appliance ONTAP 6.3.3 shell
match shell m|^\x01Permission denied\.\n$| p/Netapp ONTAP rshd/ cpe:/a:netapp:data_ontap/
# HP-UX 11 Kerberized 'rsh' (v5)
match kshell m|^\x01remshd: connect: Connection refused\n$| p/HP-UX kerberized rsh/ o/HP-UX/ cpe:/o:hp:hp-ux/a
# Tumbleweed SecureTransport 4.1.1 Transaction Manager Non-Secure Port on Solaris
match securetransport m|^\xde\xad\xbe\xef\x04\0\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x1fem\.requestparserparser\.InvError| p/Tumbleweed SecureTransport Transaction Manager Non-Secure Port/
# ED2KLink Server v1.12 (Build 1014 or later)
match ed2klink m|^\x16\x15\x16\x16\x16\x12XW\]$| p/ED2KLink Server/
match sarad m|^NO LOGIN\0$| p/British National Corpud sarad/

match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nConnection: close\r\nContent-Type: text; charset=plain\r\nContent-Length: 16\r\n\r\ninvalid value 0 $| p/VMware hostd httpd/
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>400 Bad Request \(ERR_INVALID_REQ\)</TITLE></HEAD><BODY><H1>400 Bad Request</H1><BR>ERR_INVALID_REQ<HR><B>Webserver</B>| p/AVM FRITZ!Box WLAN 7170 WAP http config/ d/WAP/

match upnp m|^HTTP/0\.0 400 Bad Request\r\nSERVER: Linux/([\w._+-]+), UPnP/([\w.]+), Intel SDK for UPnP devices ?/([\w._~-]+)\r\n| p/Intel UPnP reference SDK/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/0\.0 400 Bad Request\r\nSERVER: Linux/([\w._+-]+), UPnP/([\w.]+), Portable SDK for UPnP devices ?/([\w._~-]+)\r\n| p/Portable SDK for UPnP/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.1 400 Bad Request\r\nSERVER: Linux/([\w._+-]+), UPnP/([\w.]+), Portable SDK for UPnP devices ?/([\w._~-]+)\r\n| p/Portable SDK for UPnP/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/

match virtualgl m|^VGL\x02\x01$| p/VirtualGL/

#Fortinet Firewall SSL VPN on port 10433 V5.0,build3608 GA Patch 7
match http m|^<HTML>\n<HEAD>\n<META http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n.*HTTP_NOT_IMPLEMENTED<br>|s p/Fortinet Firewall SSL VPN/

# Alert (Level: Fatal, Description: Unexpected Message|Protocol Version|Handshake Failure)
match ssl m|^\x15\x03[\x00-\x04]\0\x02\x02[\nF\x28]|

# Some HP printer service? Port 9110.
# match jetdirect m|^\0\0\(r\xfe\x1d\x13\0\0\0\0\0\0\0\x02\0\x01\x86\xa0\0\x01\x97\x7c\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$| d/HP printer/

##############################NEXT PROBE##############################
Probe UDP RPCCheck q|\x72\xFE\x1D\x13\0\0\0\0\0\0\0\x02\0\x01\x86\xA0\0\x01\x97\x7C\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0|
rarity 1
ports 17,88,111,407,500,517,518,1419,2427,4045,10000,10080,12203,27960,32750-32810,38978

match amanda m|^Amanda ([\d.]+) NAK HANDLE  SEQ 0\nERROR expected \"Amanda\", got \"r\xfe\x1d\x13\"\n| p/Amanda backup service/ v/$1/ o/Unix/

# http://xbtt.sourceforge.net/udp_tracker_protocol.html ("scrape output")
match bittorrent-udp-tracker m|^\0\0\0\x02....\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$|s p/BitTorrent UDP tracker/
match bittorrent-udp-tracker m|^\x03\0\0\0\0\x01\x86\xa0Connection ID missmatch\.\0| p/opentracker UDP tracker/ cpe:/a:dirk_engling:opentracker/

# http://bittorrent.org/beps/bep_0029.html
match bittorrent-utp m|^r\xfe\x1d\x13\0\0\0\0\0\0\0\0\0\0\0\0\xff\0\x03....$|s p/uTorrent uTP/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a
# Seems to be a bug here, with a time_t timestamp (0x4B......, ca. Dec 2009) instead of a microsecond count.
match bittorrent-utp m|^r\xfe\x1d\x13........\x7f\xff\xff\xff\xff\x02\x02..\0\x01\0\x08\0\0\0\0\0\0\0\0$|s

match brio m|^\0\0\x01\(\x16\x85..$|s p/Brio 8 business intelligence/

match dnastar m|^....\0{7}.,PSH,[\x21-\x7e]{55}\0{800}|s p/Dnastar Lasergene/ cpe:/a:dnastar:lasergene/

match slp-srvreg m|^\x02\x05\0\0\x12\0\0\0\0\0\0\x02\0\x02en\0\x0e$| p/IBM Director SLP Service Registration/ i/slp_srvreg.exe/ cpe:/a:ibm:director/

match radius m|^\x03\xfe\0\x14................$|s p/Juniper Steel-Belted Radius radiusd/

match rpcbind m|^\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01|
match rpcbind m|^\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02|
# OpenAFS 1.2.10 on Linux 2.4.22
match kerberos-sec m|^\x04\n\0\0\0\0\0\0\0\0\0\0\x04code = 4: packet version number unknown\0| p/OpenAFS/ cpe:/a:openafs:openafs/
# talk-server-0.17 (linux), ports 517-518/udp
match talk m|^\x01\xfe\x05\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| p/Talk server/
# Mandrake Linux 9.2, xinetd 2.3.11 chargen
match chargen m|NOPQRSTUVWXYZ\[\\\]\^_`abcdefghijklm|
match chargen m|^ !\"#\$%&'\(\)\*\+| p/SunOS chargen/ o/SunOS/ cpe:/o:sun:sunos/a

match isakmp m|^r\xfe\x1d\x13\0\0\0\0\0\0\0\x02\0\x01\x86\xa0\x0b\x10\x05\0\0\0\0\0\0\0\0| p/Openswan ISAKMP/ cpe:/a:openswan:openswan/
match isakmp m|^r\xfe\x1d\x13\0\0\0\0\0\0\0\x02\0\x01\x86\xa0\) % \0\0\0\0\0\0\0\$\0\0\0\x08\0\0\0\x05| p/StrongSwan ISAKMP/ cpe:/a:strongswan:strongswan/

match jetadmin m|^2;http://[\d.]+:\d+/;[\d.]+;\d+:\d+;\w+,[\d.]+,PLUGIN_LOADED| p/HP Jetadmin/

# http://staff.science.uva.nl/~arnoud/activities/NaoIntro/ConnectLantronix.c
match lantronix-config m|^\xff$| p/Lantronix DSTni networking chip configuration/

# https://github.com/cobyism/edimax-br-6528n/blob/master/AP/RTL8196C_1200/mp-daemon/UDPserver.c
match mp-automation m|^r\xfe\x1d\x13 ok| p/Realtek MP Automation daemon/ d/WAP/

match nameserver m|^help\r\n\r\n\xff\xbf\xf8\xb0\xff7\0\x18\0\0\0\x01\0\0\0\0| p/Solaris Internet Name Server/ o/Solaris/ cpe:/o:sun:sunos/a

match ppp m|^\x7e\xff\x7d\x23\xc0!}!#} }8}\"}&} } } } }#}\$\xc2'}%}&Q\x93\xee,}'}\"}\(}\"}\(D~| p/pppd/ v/2.4.5/

# Windows qotd service. Same as the TCP version. It's only in this
# Probe because this is the first UDP Probe that nmap tries.
match qotd m=^"(?:My spelling is Wobbly\.|Man can climb to the highest summits,|In Heaven an angel is nobody in particular\.|Assassination is the extreme form of censorship\.|When a stupid man is doing|We have no more right to consume happiness without|We want a few mad people now.|The secret of being miserable is to have leisure to|Here's the rule for bargains:|Oh the nerves, the nerves; the mysteries of this machine called man|A wonderful fact to reflect upon,|It was as true as taxes is\.)= p/Windows qotd/ i/English/ o/Windows/ cpe:/a:microsoft:qotd::::en/ cpe:/o:microsoft:windows/a
match qotd m=^"(?:Mi ortograf\xeda tiembla\. Es bueno revisarla,|un hombre puede escalar a las m\xe1s altas cumbre|Algo maravilloso a poner de manifiesto:|Cuando un necio hace algo de lo que se aveg\xfcenza,|En el cielo, un \xe1ngel no es nadie en concreto|Traigamos unos cuantos locos ahora\.|Era tan verdad como los impuestos\. Y no|Hay libros cortos que, para entenderlos como se merecen,|Quedarse en lo conocido por miedo a lo desconocido,|La prosperidad hace amistades, y la adversidad las|El uso principal de un PC es confirmar la ley de|Quedarse en lo conocido por miedo a lo desconocido,|Cuando las leyes son injustas, no obligan en el fuero|Magia equivale a cualquier avance en la ciencia\.|Vale mejor consumir vanidades de la vida,)= p/Windows qotd/ i/Spanish/ o/Windows/ cpe:/a:microsoft:qotd::::es/ cpe:/o:microsoft:windows/a
# Some Italian qotds start with a space instead of a "
match qotd m=^.(?:Voce dal sen fuggita|Semel in anno licet insanire|Cosa bella e mortal passa e non dura|Quando uno stupido compie qualcosa di cui si vergogna,|Se tu pagare come dici tu,|Fatti non foste a viver come bruti,|Sperare senza far niente e` come)= p/Windows qotd/ i/Italian/ o/Windows/ cpe:/a:microsoft:qotd::::it/ cpe:/o:microsoft:windows/a
match qotd m=^"(?:Prazos longos sao f\xa0ceis de subscrever\.|Deus, para a felicidade do homem, inventou a f\x82 e o amor\.|Ao vencido, \xa2dio ou compaixao, ao vencedor, as batatas\.|Quem nao sabe que ao p\x82 de cada bandeira p\xa3blica,|Nao te irrites se te pagarem mal um benef\xa1cio; antes cair|A vida, como a antiga Tebas, tem cem portas\.)= p/Windows qotd/ i/Portuguese/ cpe:/a:microsoft:qotd::::pt/
# The German version doesn't start with "
match qotd m=^(?:Wer wirklich Autorit\xe4t hat, wird sich nicht scheuen,|Moral ist immer die Zuflucht der Leute,|Beharrlichkeit wird zuweilen mit Eigensinn|Wer den Tag mit Lachen beginnt, hat ihn|Wenn uns keine Ausweg mehr bleibt,|Gesichter sind die Leseb\xfccher des Lebens|Grosse Ereignisse werfen mitunter ihre Schatten|Dichtung ist verpflichtet, sich nach den|Ohne Freihet geht das Leben|Liebe ist wie ein Verkehrsunfall\. Man wird angefahren)= p/Windows qotd/ i/German/ cpe:/a:microsoft:qotd::::de/
match qotd m=^"(?:Clovek ma tri cesty, jak moudre jednat\. Nejprve premyslenim|Co je vubec hodno toho, aby to bylo vykonano,|Fantazie je dulezitejsi nez vedeni\.|Potize narustaji, cim vice se clovek blizi|Kdo nezna pristav, do ktereho se chce plavit,|Lidske mysleni ztraci smysl,|Nikdo nevi, co muze vykonat,|Nic neprekvapi lidi vice nez zdravy rozum|Zadny cil neni tak vysoky,)= p/Windows qotd/ i/Czech/ o/Windows/ cpe:/a:microsoft:qotd::::cs/ cpe:/o:microsoft:windows/a
match qotd m=^"(?:L'art de persuader consiste autant|Le peu que je sais, c'est \x85 mon ignorance|Certaines \x83mes vont \x85 l'absolu comme l'eau|Le m\x82rite a sa pudeur comme la chastet|Rien de plus futile, de plus faux, de plus|\xb7 vaincre sans p\x82ril, on triomphe|Le comble de l'orgueil, c'est de se)= p/Windows qotd/ i/French/ o/Windows/ cpe:/a:microsoft:qotd::::fr/ cpe:/o:microsoft:windows/a

match mohaa m|\xff\xff\xff\xff\x01disconnect| p/Medal Of Honor Allied Assault game server/
match mohaa-gamespy m|^\\final\\\\queryid\\\d+\.1| p/Medal Of Honor Allied Assault gamespy query port/
match ericssontimestep m|^.{8}\0\0\0\0\0\0\0\0\x0b\x10\x05\0\0\0\0\0\0\0\0\(\0\0\0\x0c\0\0\0\0\x01\0\0\x1e$|s p/Ericsson Timestep Permit VPN/
match rtp m|^501 0 Endpoint is not ready - Unrecognized command verb\n|

match sauerbraten m|^r\xfe\x1d\x13\0\0\0\0\0\0\0\x02\0\x01\x86\xa0\0\x01\x97\x7c\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x05\x80\x02\x01\0\0\x0c\0\0([\w._ -]+)\0$| p/Sauerbraten game server/ i/server name: $1/

match sentinel-lm m|^r\xfe\x1d\x13\0\0\0\0\0\0\0\x02,PSH,'A{\^QOHpe\]\)\]\\\^cRH>%gNQX$| p/SafeNet Sentinel License Manager/

match ssdp m|^HTTP/1\.1 200 OK\r\nST:upnp:rootdevice\r\nUSN:uuid:11111111-0000-c0a8-0101-efefefef8035::upnp:rootdevice\r\nLocation:http://[\d.]+:\d+/DeviceDescription\.xml\r\nCache-Control:max-age=480\r\nServer:Allegro-Software-RomUpnp/([\w._-]+) UPnP/([\w._-]+) IGD/1\.00\r\nExt:\r\n\r\n|s p/Allegro RomUPnP/ v/$1/ i/UPnP $2/

# Timbuktu 8.7.1
match timbuktu m|^\0#\xd1\x1f$| p/Timbuktu remote desktop/

match utorrent-udp m|^\x72\xfe\x1d\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03....$|s p/uTorrent UDP listener/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a

# This protocol is defined by miniserv.pl to let Webmin servers to find each
# other's HTTP port. The response format is
# $address:$port:$ssl:$hostname
match webmin m|^0\.0\.0\.0:(\d+):0:?$| i/http on TCP port $1/
match webmin m|^([^:]*):(\d+):0:?$| i/http on TCP $1:$2/
match webmin m|^0\.0\.0\.0:(\d+):0:(.+)$| i/http on TCP port $1 ($2)/
match webmin m|^([^:]*):(\d+):0:(.+)$| i/http on $1:$2 ($3)/
match webmin m|^0\.0\.0\.0:(\d+):1:?$| i/https on TCP port $1/
match webmin m|^([^:]*):(\d+):1:?$| i/https on TCP $1:$2/
match webmin m|^0\.0\.0\.0:(\d+):1:(.+)$| i/https on TCP port $1 ($2)/
match webmin m|^([^:]*):(\d+):1:(.+)$| i/https on $1:$2 ($3)/

softmatch quake3 m|^\xff\xff\xff\xffdisconnect$| p/Quake 3 game server/

# Know the device, but not the service. Port 19541.
# match unknown m|^\xfer\0\0\0\0\0\x12ERR\(NOT SUPPORTED\)$| p/OKI ES3640e GA printer/ d/printer/

match apple-sasl m|How was your weekend\?;[0-9A-F]*\0| p/Mac OS X Server Password Server/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a

match nat-pmp m|^\0\xfe\0\x01\0\0..$|s p/natpmp daemon/ d/router/
match nat-pmp m|^\0\0\0\x01...\0$|s p/Apple Time Capsule/ d/router/

match xdmcp m|^\0\x01\0\x05..\0\0\0.(.+)\0.(.+)|s p/XDMCP/ i/willing; status: $2/ o/Unix/ h/$1/
#DTLS 1.0/1.2 alert (there was no DTLS 1.1)
softmatch dtls m|^\x15\xfe[\xfd\xff]\0\0\0\0\0\0\0\0..\x02.\0\0\0\0\0|

##############################NEXT PROBE##############################
Probe UDP DNSVersionBindReq q|\0\x06\x01\0\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03|
rarity 1
ports 53,1967,2967

# Matches here have been grouped by product and roughly ordered based on prevalence
# on the Internet
# Note when generating match lines - TCP responses have two bytes at the beginning
# of the response that the UDP doesn't, otherwise they are the same. Account for this
# in the regex so that a matchline will work for both.

# ISC BIND - RedHat / Fedora
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}(\d[-\w.+]*?)-RedHat-[-\w._+]+.fc(\d+)|s p/ISC BIND/ v/$1/ i/Fedora Core $2/ o/Linux/ cpe:/a:isc:bind:$1/ cpe:/o:fedoraproject:fedora_core:$2/
# 9.9.3-rpz2+rl.13208.13-P2-RedHat-9.9.3-4.P2.el6
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}(\d[-\w.+]*?)-RedHat-[-\w._+]+.el(\d+)|s p/ISC BIND/ v/$1/ i/RedHat Enterprise Linux $2/ o/Linux/ cpe:/a:isc:bind:$1/ cpe:/o:redhat:enterprise_linux:$2/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}(\d[-\w.+]*?)-RedHat-|s p/ISC BIND/ v/$1/ i/RedHat Linux/ o/Linux/ cpe:/a:isc:bind:$1/ cpe:/o:linux:linux_kernel/a


# ISC BIND - Ubuntu
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}(\d[-\w.+]*?)-[Uu]buntu|s p/ISC BIND/ v/$1/ i/Ubuntu Linux/ o/Linux/ cpe:/a:isc:bind:$1/ cpe:/o:linux:linux_kernel/a

# ISC BIND - Debian
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}(\d[-\w.+~]*?)-9\+deb8u[-\w._+~]*?[Dd]ebian|s p/ISC BIND/ v/$1/ i/Debian Linux 8.0 (Jessie)/ o/Linux/ cpe:/a:isc:bind:$1/ cpe:/o:linux:linux_kernel/a
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}(\d[-\w.+~]*?)-9wheezy\w+-[Dd]ebian|s p/ISC BIND/ v/$1/ i/Debian Linux 7.0 (Wheezy)/ o/Linux/ cpe:/a:isc:bind:$1/ cpe:/o:linux:linux_kernel/a
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}(\d[-\w.+~]*?)-[Dd]ebian|s p/ISC BIND/ v/$1/ i/Debian Linux/ o/Linux/ cpe:/a:isc:bind:$1/ cpe:/o:linux:linux_kernel/a

match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}(?:BIND )?(\d[-\w.+~]*?)-9\+deb8u[-\w._+~]*?Raspbian|s p/ISC BIND/ v/$1/ i/Raspbian Linux 8.0 (Jessie based)/ o/Linux/ cpe:/a:isc:bind:$1/ cpe:/o:linux:linux_kernel/a
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}(?:BIND )?(\d[-\w.+~]*?)-Raspbian|s p/ISC BIND/ v/$1/ i/Raspbian Linux/ o/Linux/ cpe:/a:isc:bind:$1/ cpe:/o:linux:linux_kernel/a

match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}([89][.\d]+-APPLE(?:-[SPW]\d+)?)|s p/ISC BIND/ v/$1/ i/Mac OS X/ o/Mac OS X/ cpe:/a:isc:bind/ cpe:/o:apple:mac_os_x/a

# ISC BIND - Release numbers w/o OS info - may be dragons here
# rpz = response policy zone patch     rl = rate liming patch
# 9.8.4-rpz2+rl005.12-P1   9.6-ESV-R11-P2  9.5.0b2  8.3.7-REL 9.4.2-P2-W2
match domain m=\x07version\x04bind\0\0\x10\0\x03(?:\xc0\x0c|\x07VERSION\x04BIND\0)\0\x10\0\x03.{7}(?:BIND )?([89][.\d]+(?:[ab]\d+)?(?:rc\d)?(?:-REL)?(?:-rpz[\d.]+)?(?:[-+]rl[\d.]+)?(?:-ESV(?:-R\d+)?)?(?:-[SPW][W\d.-]+)?(?:-NOESW)?)(?:\0|\xc0|$)=s p/ISC BIND/ v/$1/ cpe:/a:isc:bind:$1/

match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}Served by Bind - www\.isc\.org/software/bind|s p/ISC BIND/ cpe:/a:isc:bind/
# Likely ISC bind w/o version string but w/ Responsible authority mailbox set to "hostmaster.version.bind"
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x06\0\x03.{6}\xc0\x0c\nhostmaster\xc0\x0c|s p/ISC BIND/ cpe:/a:isc:bind/

# dnsmasq
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}dnsmasq-([-\w. +]+)$|s p/dnsmasq/ v/$1/ cpe:/a:thekelleys:dnsmasq:$1/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}dnsmasq-ubnt/([\w.-]+)|s p/dnsmasq/ v/$1/ i/Ubiquiti build/ d/WAP/ cpe:/a:thekelleys:dnsmasq:$1/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x08\x07dnsmasq| p/dnsmasq/ cpe:/a:thekelleys:dnsmasq/

# Microsoft DNS - assumes hosts running DNS service are the server version of a given kernel
# Microsoft has 3 configuration states that govern how the version is reported:
# 0 = Off, no version response, 1 = Full version (6.3.9600 and often build), 2 = minimal (6.3)
# Ref:  dnscmd /config /EnableVersionQuery <value> - https://msdn.microsoft.com/en-us/library/cc422472.aspx

# match full response
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x01.{7}Microsoft DNS (10\.0\..+)|s p/Microsoft DNS/ v/$1/ i/Windows Server 2016/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2016/a
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x01.{7}Microsoft DNS (6\.3\.9600.+)|s p/Microsoft DNS/ v/$1/ i/Windows Server 2012 R2/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2012:r2/a
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x01.{7}Microsoft DNS (6\.2\.9200.+)|s p/Microsoft DNS/ v/$1/ i/Windows Server 2012/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2012/a
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x01.{7}Microsoft DNS (6\.1\.7601.+)|s p/Microsoft DNS/ v/$1/ i/Windows Server 2008 R2 SP1/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2008:r2:sp1/a
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x01.{7}Microsoft DNS (6\.1\.7600.+)|s p/Microsoft DNS/ v/$1/ i/Windows Server 2008 R2/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2008:r2/a
# Windows 2008 and earlier CAN respond with answer class \x00\x03  = 3 (CHAOS), instead of \x00\x01 = 1 (Internet) like more modern versions do
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0[\x01\x03].{7}Microsoft DNS (6\.0\.6002.+)|s p/Microsoft DNS/ v/$1/ i/Windows Server 2008 SP2/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2008::sp2/a
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0[\x01\x03].{7}Microsoft DNS (6\.0\.6001.+)|s p/Microsoft DNS/ v/$1/ i/Windows Server 2008 SP1/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2008::sp1/a

match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0[\x01\x03].{7}Microsoft DNS (5\.2\.3790.+)|s p/Microsoft DNS/ v/$1/ i/Windows Server 2003 SP2/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2003::sp2/a

# Match Windows minimal response - dnscmd /config /EnableVersionQuery 2
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x01.{7}Microsoft DNS (10\.0$)|s p/Microsoft DNS/ v/$1/ i/Windows Server 2016/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2016/a
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x01.{7}Microsoft DNS (6\.3)$|s p/Microsoft DNS/ v/$1/ i/Windows Server 2012 R2/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2012:r2/a
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x01.{7}Microsoft DNS (6\.2)$|s p/Microsoft DNS/ v/$1/ i/Windows Server 2012/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2012/a
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x01.{7}Microsoft DNS (6\.1)$|s p/Microsoft DNS/ v/$1/ i/Windows Server 2008 R2/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2008:r2/a
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0[\x01\x03].{7}Microsoft DNS (6\.0)$|s p/Microsoft DNS/ v/$1/ i/Windows Server 2008/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2008/a
# Generic Windows DNS match
softmatch domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0[\x01\x03].{7}Microsoft DNS (.+)|s p/Microsoft DNS/ v/$1/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows/a


# PowerDNS
match domain m|\x07version\x04bind\0\0\x10\0[\x01\x03]\xc0\x0c\0\x10\0[\x01\x03].{7}PowerDNS.Authoritative.Server.(\d[\w.-]+)| p/PowerDNS Authoritative Server/ v/$1/ cpe:/a:powerdns:authoritative:$1/
match domain m|\x07version\x04bind\0\0\x10\0[\x01\x03]\xc0\x0c\0\x10\0[\x01\x03].{7}PowerDNS Recursor (\d[\w.-]+)|s p/PowerDNS Recursor/ v/$1/ cpe:/a:powerdns:recursor:$1/
match domain m|\x07version\x04bind\0\0\x10\0[\x01\x03]\xc0\x0c\0\x10\0[\x01\x03].{7}PowerDNS Recursor$|s p/PowerDNS Recursor/ cpe:/a:powerdns:recursor/
match domain m|\x07version\x04bind\0\0\x10\0[\x01\x03]\xc0\x0c\0\x10\0[\x01\x03].{7}Served by PowerDNS - https?://www\.powerdns\.com/?|s p/PowerDNS/ v/3.3 or later/ cpe:/a:powerdns:powerdns/
match domain m|\x07version\x04bind\0\0\x10\0[\x01\x03]\xc0\x0c\0\x10\0[\x01\x03].{7}Served by POWERDNS (\d[-.\w]+)|s p/PowerDNS/ v/$1/ cpe:/a:powerdns:powerdns:$1/

# Nonimum
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}Nominum Vantio (\w+) ([\d\.]+)$|s p/Nominum Vantio $1/ v/$2/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}Nominum Vantio ([\d\.]+)|s p/Nominum Vantio/ v/$1/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}Nominum ANS(?:Premier)? ([\d\.]+)|s p/Nominum Vantio AuthServ/ v/$1/

# NLNet Labs products - unbound / nsd
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}unbound ([\w.-]+)$| p/Unbound/ v/$1/ cpe:/a:nlnetlabs:unbound:$1/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}unbound$|i p/Unbound/ cpe:/a:nlnetlabs:unbound/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}NSD ([-\w.]+)|s p/NLnet Labs NSD/ v/$1/ cpe:/a:nlnetlabs:nsd:$1/

# UltraDNS
# Unable to locate cpe info for Neustar UltraDNS
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}UltraDNS Resolver|s p/UltraDNS Resolver/
match domain m|\x07version\x04bind\0\0\x10\0\x03\x07VERSION\x04BIND\0\0\x10\0\x03.{7}UltraDNS Resolver|s p/UltraDNS Resolver/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}UltraDNS TLD Platform|s p/UltraDNS Resolver/

# Misc
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}ZyWALL DNS|s p/Zyxel ZyWALL dnsd/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}DNSServer\xc0\x0c|s p/Synology DNS Server/ cpe:/a:synology:dns/ cpe:/h:synology/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}Array SmartDNS\xc0|s p/Array SmartDNS/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}DraytekDNS-v([\d\.]+)|s p/Draytek DNS/ v/$1/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}ALU DNS ([\d\.]+) Build (\d+)|s p/Draytek DNS/ v/$1 build $2/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}gdnsd$|s p/Brandon Black gdnsd/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}Knot DNS ([\d.]+(?:-dev)?)|s p/cz.nic Knot DNS/ v/$1/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}rbldnsd (\d[\w.\/-]+) |s p/Michael Tokarev rbldnsd/ v/$1/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}djbdns[\s-](\d.\d+)|s p/D J Bernstein djbdns/ v/$1/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}djbdns|i p/D J Bernstein djbdns/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}Atlas Anchor ([\d\.]+)|s p/RIPE Atlas Anchor/ v/$1/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}Incognito DNS Commander ([\d.]+) \((built \w{3} \d+ \d{4})\)|s p/Incognito DNS Commander/ v/$1/ i/$2/
match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}Incognito DNS Service ([\d.]+) \((built \w{3} \d+ \d{4})\)|s p/Incognito DNS Service/ v/$1/ i/$2/

match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}Hi:[\w\.=: ]+\d{4}$| p/OzymanDNS DNS tunnel/

# *Probably* Check Point's Meta IP - ~8 seen during Internet survey
match domain m|n\x04bind\0\0\x10\0\x03\x07VERSION\x04BIND\0\0\x10\0\x03.{7}Meta IP DNS - BIND V([\d.]+)-REL \(Build (\d+)\)| p/Check Point Meta IP ISC BIND/ v/$1 build $2/ cpe:/a:isc:bind:$1/


# Not seen in Project Sonar version.bind survey 2017.08.18 and not tested
# during 2017.08.19 DNS version.bind fingerprint/matchline review
match domain m|\x07version\x04bind\0\0\x10\0\x03\x07VERSION\x04BIND\0\0\x10\0\x03.{7}Peticion no permitida/Query not allowed| p/ZyXEL Prestige 643 dns cache/ d/switch/
match domain m|^\0\x06\x81\x80\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x01\0\x01\0\0\0\x05\0\x04\xa3\xc0\x08\x06$| p/ArubaOS 3.3 named/ o/ArubaOS/ cpe:/o:arubanetworks:arubaos:3.3/

# These may be too generic, but unique so far unless corrected.
match domain m|^(?:..)?\0\x06\x81\x85\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03| p/Unbound/ cpe:/a:nlnetlabs:unbound/
match domain m|^(?:..)?\0\x06\x81\x04\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03| p/Simple DNS Plus/ o/Windows/ cpe:/a:jh_software:simple_dns_plus/ cpe:/o:microsoft:windows/a
match domain m|^(?:..)?\0\x06\x81\x84\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03| p/Cloudflare public DNS/
match domain m|^(?:..)?\0\x06\x81\x84\0\x01\0\0\0\0\0\x01\x07version\x04bind\0\0\x10\0\x03\0\0\)\x06\0\0\0\0\0\0\0| p/dnscrypt-proxy/ cpe:/a:dnscrypt:dnscrypt-proxy/
match domain m|^(?:..)?\0\x06\x85\x02\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03| p/PowerDNS/ cpe:/a:powerdns:powerdns/
match domain m|^(?:..)?\0\x06\x81\x05\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03| p/NLnet Labs NSD/ cpe:/a:nlnetlabs:nsd/
match domain m|^(?:..)?\0\x06\x81\x83\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03| p/dnsmasq/ cpe:/a:thekelleys:dnsmasq/

# Softmatch section
softmatch domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.{7}([^\0\xc0\x0c]+)|s i/unknown banner: $1/
softmatch domain m|\x07version\x04bind\0\0\x10\0\x03\x07VERSION\x04BIND\0\0\x10\0\x03.{7}([^\0\xc0\x0c]+)|s i/unknown banner: $1/

# the \x0_, \x8_, \x9_ below accounts for recursion / authenticated data flags
softmatch domain m|^(?:..)?\0\x06[\x80-\x90][\x01\x81\x91]\0\0\0\0\0\0\0\0$| i/generic dns response: FORMERR/
softmatch domain m|^(?:..)?\0\x06[\x80-\x90][\x02\x82\x92]\0\0\0\0\0\0\0\0$| i/generic dns response: SERVFAIL/
softmatch domain m|^(?:..)?\0\x06[\x80-\x90][\x04\x84\x94]\0\0\0\0\0\0\0\0$| i/generic dns response: NOTIMP/
softmatch domain m|^(?:..)?\0\x06[\x80-\x90][\x05\x85\x95]\0\0\0\0\0\0\0\0$| i/generic dns response: REFUSED/
# These echo the question back:
softmatch domain m|^(?:..)?\0\x06[\x80-\x90][\x01\x81\x91]\0\x01\0\0\0\0\0\0| i/generic dns response: FORMERR/
softmatch domain m|^(?:..)?\0\x06[\x80-\x90][\x02\x82\x92]\0\x01\0\0\0\0\0\0| i/generic dns response: SERVFAIL/
softmatch domain m|^(?:..)?\0\x06[\x80-\x90][\x04\x84\x94]\0\x01\0\0\0\0\0\0| i/generic dns response: NOTIMP/
softmatch domain m|^(?:..)?\0\x06[\x80-\x90][\x05\x85\x95]\0\x01\0\0\0\0\0\0| i/generic dns response: REFUSED/
# End of domain matchlines

# http://packetstormsecurity.com/files/91243/D-Link-DAP-1160-Unauthenticated-Remote-Configuration.html
match dcc m|^(?:..)?\0\x06\xf5\xff\0\0\x01\0| p/D-Link Click 'n Connect/ d/broadband router/


# INVALID-MAJOR-VERSION notification
softmatch isakmp m|^\0\x06\x01\0\0\x01\0\0\0\0\0\0\x07ver\x0b\x10\x05\0\0\0\0\0\0\0\0\(\0\0\0\x0c\0\0\0\x01\x01\0\0\x05|

match kerberos-sec m=^~[\x60-\x62]\x30[\x5e-\x60]\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11\x18\x0f(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z\xa5[\x03-\x05]\x02(?:\x03...|\x02..|\x01.)\xa6\x03\x02\x01\x3c\xa9\x04\x1b\x02NM\xaa\x170\x15\xa0\x03\x02\x01\0\xa1\x0e0\x0c\x1b\x06krbtgt\x1b\x02NM\xab\x16\x1b\x14No client in request=s p/MIT Kerberos/ i/server time: $1-$2-$3 $4:$5:$6Z/ cpe:/a:mit:kerberos/

# Symantec Antivirus (rtvscan.exe)
match symantec-av m|^\0\x06\x01\x01\0\x10..........$|s p/Symantec rtvscan antivirus/ cpe:/a:symantec:antivirus/

match tunnel-test m|^\0\x06\x01\0\0\x02\0\0\0\0\0\0$| p/Check Point tunnel_test/

match unreal m|^.[\x40\xc0].[\x20\x23\x32\x38].[\x40\xc0].[\x20\x23\x32\x38]|s p/Unreal Tournament 2004 game server/

match cisco-sla-responder m|^..\0\x08\0\x03[\0\r][\0\n]$|s p/Cisco SLA Responder/ d/router/ o/IOS/ cpe:/o:cisco:ios/a

match statd m|^r\xfe\x1d\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01$| p/NFS statd/

#DTLS 1.0/1.2 alert (there was no DTLS 1.1)
softmatch dtls m|^\x15\xfe[\xfd\xff]\0\0\0\0\0\0\0\0..\x02.\0\0\0\0\0|

match chargen m|^ !\"#\$%&'\(\)\*\+,-\./0123456789:;<=>\?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\\\]\^_`abcdefg\r\n!\"#\$%&'\(\)\*\+,-\./0123456789| p/Windows Vista chargen/ o/Windows Vista/ cpe:/o:microsoft:windows_vista/a


##############################NEXT PROBE##############################
Probe TCP DNSVersionBindReqTCP q|\0\x1E\0\x06\x01\0\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03|
rarity 3
ports 53,135,512-514,543,544,628,1029,13783,2068,2105,2967,5000,5323,5520,5530,5555,5556,6543,7000,7008
sslports 853
fallback DNSVersionBindReq

# All legitimate 'domain' matchlines for this probe should be placed in the the
# UDP DNSVersionBindReq probe section.

# https://github.com/haiwen/ccnet
match ccnet m|^\x01\x01\0\(\0\0\0\0([0-9a-f]{40})| i/peer ID $1/

# https://github.com/clementine-player/Android-Remote/wiki/Developer-Documentation
match clementine-remote m|^\0\0\0\x04\x08\x15\x10-| p/Clementine Music Player remote control/ cpe:/a:clementine:clementine/

match exec m|^\x01Login incorrect\.\n$|
# HP-UX B.11.00 A
match exec m|^\x01rexecd: Login incorrect.?\n$| p/HP-UX rexecd/ o/HP-UX/ cpe:/o:hp:hp-ux/a
match exec m|^\x01rexecd: Couldn't look up address for your host\n$| p/HP-UX rexecd/ o/HP-UX/ cpe:/o:hp:hp-ux/a
match exec m|^\x01rexecd: [-\d]+ The login is not correct\.\n| p/AIX rexecd/ o/AIX/ cpe:/o:ibm:aix/a
match exec m|^\x01rexecd: [-\d]+ Connexion incorrecte\.\n| p/AIX rexecd/ i/French/ o/AIX/ cpe:/o:ibm:aix/a
match exec m|^\x01INTERnet ACP AUXS failure  Status = %LOGIN-F-NOSUCHUSER\r\n\0$| p/OpenVMS execd/ o/OpenVMS/ cpe:/o:hp:openvms/a


# Last 8 bytes are little-endian NTFS timestamp. Date range here covers 1986-04-30 to 2056-10-16
match domaintime m|^\0\x1e\0\x06\x01\0\0\x01......[\xb0-\xff]\x01$| p/Greyware Domain Time II/

match goldengate m|^\0&  ERROR\tMGR Did Not Recognize Command\0| p/Oracle GoldenGate/ cpe:/a:oracle:goldengate/

match http m|^HTTP/1\.1 506 \r\nContent-Type: text/html\r\nServer: JavaWeb/0\r\n\r\n<html><body><h1>506 - IO Error</h1></body></html>$| p/AirDroid httpd/ d/phone/ o/Android/ cpe:/a:airdroid:airdroid/ cpe:/o:google:android/ cpe:/o:linux:linux_kernel/

match iscsi m|^\0\x1e\0\x02\0\0\0\x01\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| p/Synology DSM Snapshot Replication iSCSI LUN/

match ixia m=^\0.\x05\x02....\0\x01\x01@\0\0\0\0\0\0\0\0\0.\$Id: //ral_depot/products/IxChariot([\w._-]+)/(?:ENDPOINT|endpoint)/CODE/client\.c#\d+ \$\0\0\0..\0\x02\0\x0ce1_thread\0\0\x18main_process_incoming\0$= p/IxChariot/ v/$1/ i/Ixia XR100 performance monitor/

# Digital UNIX V4.0F login
match login m|^\x01Permission denied: Error 0$| p/Digital UNIX login/ o/Digital UNIX/ cpe:/o:dec:digital_unix/a
match login m|^\0\^A\^@\^@\^@\^@\^@\^@\^Gversion\^Dbind\^@\^@\^P\^@\n\r\n\r\n\r\n\r#################################################\n\r###                                           ###\n\r###  LSI Logic Series 4 SCSI RAID Controller  ###\n\r###      Copyright \d+, LSI Logic Inc\.       ###\n\r###                                           ###\n\r###      Series 4 Disk Array Controller       ###\n\r###        Serial number:  (\w+)         ###\n\r###        Network name:  ([-\w_.]+) *###| p/LSI Logic Series SCSI RAID rlogin/ i/Serial $1; Network name $2/
match login m|^\0\^A\^@\^@\^@\^@\^@\^@\^Gversion\^Dbind\^@\^@\^P\^@\n\r\n\r\n\r\n\r#####################################################################\n\r###                                                               ###\n\r###               Engenio Series 4, RAID Controller               ###\n\r###  Copyright 2003-2004, Engenio Information Technologies, Inc\.  ###\n\r###                                                               ###\n\r###                Series 4 Disk Array Controller                 ###\n\r###                  Serial number:  (\w+)                   ###\n\r###                     Network name:  ([\w._-]+) *###\n\r| p/IBM DS4400 NAS device rlogin/ i/Serial $1; Network name $2/ d/storage-misc/ cpe:/h:ibm:ds4400/a
match login m|^\0\r\nSorry, shell is locked\.\r\n$| p/FabricOS switch logind/ d/switch/ cpe:/o:brocade:fabric_os/
match login m|^\0\r\n\nLantronix MSS100 Version V([\d.]+)/\d+\(\d+\)\n\r\nType HELP at the 'Local_\d+> ' prompt for assistance\.\n\r\n\r\n\nUsername> | p/Lantronix MSS100 serial interface logind/ v/$1/ d/specialized/
match login m|^\[Thread \d+\(INITIAL\)\] at 0x\w+: Segmentation fault \(Stack bottom 0x0\)\n| p|Aficio/NRG/Ricoh printer logind| d/printer/
match login m|^\x01Winsock RSHD/NT: Protocol negotiation error\.\n\0$| p/Winsock RSHD/ o/Windows/ cpe:/o:microsoft:windows/a
# We've seen this on Cisco routers and also NetApp filers
match login m|^\x01Permission denied\.\n$| p|Cisco/NetApp logind|
match login m=^\x01Permission denied ?: Error (?:35|0|1)\r?\n?$= p/Tru64 Unix logind/ o/Tru64 UNIX/ cpe:/o:compaq:tru64/a
match login m|^\x01permission denied\.\n| p/Solaris logind/ o/Solaris/ cpe:/o:sun:sunos/a
match login m|^\x01UX:in\.rlogind: Permission denied\.\r\n| p/Siemens HiPath logind/
match login m|^\x01Permission denied : Error \d+\r\n|
match login m|^\x01rlogind: Acc\xe8s refus\xe9\.\r\n| p/AIX rlogind/ i/French/ o/AIX/ cpe:/o:ibm:aix/a
match login m|^\0\^A\^@\^@\^@\^@\^@\^@\^Gversion\^Dbind\^@\^@\^P\^@\n\r\n\r\n\r\n\r#+\n\r### +###\n\r###  LSI Logic Series 4 SCSI RAID Controller  ###.*Serial number:  1T84210104 |s p/LSI Series 4 RAID controller logind/ d/storage-misc/
match login m|^\0\r\nEL-(\d+) RealPort Server - US Patent No\. 6,047,319\r\n| p/Digi EtherLite $1 RealPort logind/ d/terminal server/
match login m|^\0\n\rSelect access level \(read, write, administer\): \w+ _vxTaskEntry| p/3Com LANplex switch logind/ d/switch/
match login m|^\0\^A\^@\^@\^@\^@\^@\^@\^Gversion\^Dbind\^@\^@\^P\^@\r\n-> shell restarted\.\r\n\r\n-> | p/ShoreTel VoIP phone logind/ d/VoIP phone/
match login m|^\x01TCPIP RLOGIN Connection refused\0\0$| p/OpenVMS logind/ o/OpenVMS/ cpe:/o:hp:openvms/a
match login m|^\0\r\n-> trcStack aborted: error in top frame\r\ntShell restarted\.\r\n\r\n-> !1 echo_recv: -1\.\r\n| p/ACT VoIP wifi phone logind/ d/VoIP phone/
match login m|^\0\r\nEL-32 EtherLite module\r\n\r\n| p/Digi EtherLite32 logind/
match login m|^\x01in\.rlogind: Permission denied\.\r\n| p/Microsoft Windows Services for Unix logind/ o/Windows/ cpe:/a:microsoft:windows_services_for_unix/ cpe:/o:microsoft:windows/a
match login m|^\x01rlogind: Host name for your address \([\d.]+\) unknown\.\r\n| p|A/UX logind| o|A/UX| cpe:/o:apple:a_ux/
# OpenBSD 2.3
# Solaris 9
match login m|^\x01rlogind: Permission denied\.\r\n$|
match login m|^\0\r\nlogin: | p/Airspan MiMAX WiMAX WAP logind/ d/WAP/

# HP-UX 11 Kerberized rlogin
match klogin m|^\x01rlogind: Login Incorrect\.\r\n$| p/HP-UX kerberized rlogin/ o/HP-UX/ cpe:/o:hp:hp-ux/a
match klogin m|^\x01rlogind: Kerberos Authentication not enabled\.\.\r\n| p/HP-UX kerberized rlogin/ i/disabled/ o/HP-UX/ cpe:/o:hp:hp-ux/a
# Solaris Kerberos authenticated login
match klogin m|^\x01rlogind: Kerberos authentication failed\.\r\n| p/Solaris kerberized rlogin/ o/Solaris/ cpe:/o:sun:sunos/a
match klogin m|^\x01rlogind: Kerberos authentication failed, exiting\.\r\n| p/Solaris kerberized rlogin/ o/Solaris/ cpe:/o:sun:sunos/a
match klogin m|^\x01klogind: Kerberos authentication failed\.\r\n| p/Kerberized rlogin/
match klogin m|^\x01eklogin: Kerberos authentication failed\.\r\n| p/Encrypted Kerberized rlogin/
match klogin m|^\x01eklogind: Kerberos authentication failed\.\r\n| p/Encrypted Kerberized rlogin/

# Solaris Kerberos authenticated remote shell
match kshell m|^\x01[kr]shd: Authentication failed: Bad sendauth version was sent\n| p/Solaris kerberised rsh/ o/Solaris/ cpe:/o:sun:sunos/a
match kshell m|^\x01krshd: Kerberos Authentication Failed\.\r\n| p/AIX kerberised rsh/ o/AIX/ cpe:/o:ibm:aix/a
match kshell m|^\x01krshd: Echec de l'authentification Kerberos\.\r\n\0| p/AIX kerberised rsh/ i/French/ o/AIX/ cpe:/o:ibm:aix/a
match kshell m|^\x01kshd: Authentication failed: | p/Kerberized rsh/ o/Unix/

match ssc-agent m|^\0\x1e\0\x06\0\t\0\0$| p/Novell NetWare ssc-agent/ o/NetWare/ cpe:/o:novell:netware/a
# http://www.apcupsd.com/ - apcupsd 3.8.5-1.3 on Linux 2.4.X
match apcupsd m|^\0\x11Invalid command\n\0\0\0$| p/apcupsd/

# Avocent AutoView 1000R KVM or HP 3x1x16 KVM or Dell IP KVM model 2161DS Console Switch
match kvm m|^BEEF\x83\0\0| p/KVM daemon/

match klogin m|^\x01krlogind: Kerberos Authentication Failed\.\r\n\0| p/AIX kerberized rlogin/ o/AIX/ cpe:/o:ibm:aix/a
match klogin m|^\x01krlogind: Echec de l'authentification Kerberos\.\r\n\0| p/AIX kerberized rlogin/ i/French/ o/AIX/ cpe:/o:ibm:aix/a
match klogin m|^\0\0's Password: $| p/AIX kerberized rlogin/ o/AIX/ cpe:/o:ibm:aix/a
match kshell m|^\x01rshd ?: [-\d]+ The host name for your address is not known\.\n| p/AIX (kerberized?) rshd/ o/AIX/ cpe:/o:ibm:aix/a
match kshell m|^\x01rshd ?: [-\d]+ Le nom d'h\xf4te correspondant \xe0 l'adresse est inconnu\.\n| p/AIX (kerberized?) rshd/ i/French/ o/AIX/ cpe:/o:ibm:aix/a
match kshell m|^\x01rshd: [-\d]+ The remote user login is not correct\.\n| p/AIX (kerberized?) rshd/ o/AIX/ cpe:/o:ibm:aix/a

match minecraft m|^\xff\0\x0eProtocol error| p/Minecraft game server/

match modbus m|^\0\x1e\0\x06\0\x03\0\x01\0| p/Modbus TCP/
match modbus m|^\0\x1e\0\x06\0\x03\0\x80\x01| p/Modbus TCP/

match pafserver m|^\0&\xa2\xf4\x04\x97\xbcNp\xe4\xc1\x7cI\xff\xf9\xe8\x0c\xd9\xac\xf1_u\xa0\x1d\x82X\0\xde\xd5\xdd\x19\xce\xc2\xe0\x92yD\xde|

match utrmcd m|^\x01in\.utrcmdd \(remote\): protocol error \(1\)\n\0| p/Sun Ray utrmcdd/ cpe:/a:sun:ray_server_software/

# 13724/tcp
match vnetd m|^1\0$| p/Veritas Netbackup Network Utility/ cpe:/a:symantec:veritas_netbackup/

# Sun Cobalt Adaptive Firewall 1.7-0
match pafserver m|^\0&\xeb\xefTQM\xee\[B| p/Sun Cobalt Adaptive Firewall/ o/Linux/ cpe:/o:linux:linux_kernel/a

match progress m|^\0\0\0\x01\0\x17\0\x14\0\x06\0\0\0.\0\0\0\0\0\0|s p/Progress Database/ cpe:/a:progress:database/

# RSA SecureID Ace Server 5
match sdlog m|^\0\0\0\x01\0\x17\0\x14\0\x06\0\0\0\x01\0\0\0\0\0\0$| p/RSA SecureID Ace Server/ cpe:/h:rsa:securid/

match freeciv m|^\0\x03\x02\0\.\x01\0\0\0\0Invalid name ''\0\+1\.14\.0 conn_info team\0\0\x03\x03$| p/Freeciv/ v/1.X/ cpe:/a:freeciv:freeciv:1/
match freeciv m|^\0\x03X\0.\x01\0\0\0\0Your client is too old\. To use this server please upgrade your client to a CVS version later than 2003-11-28 or Freeciv 1\.15\.0 or later\.\0\0\0\x03\0\0\x03\x01$| p/Freeciv/ v/2.X/ cpe:/a:freeciv:freeciv:2/
match freeciv m|^\0\x03X\0.\x01\0\0\0\0Tw\xc3\xb3j klient jest zbyt stary\. Aby wej\xc5\x9b\xc4\x87 na ten serwer musisz u\xc5\xbcywa\xc4\x87 klienta w wersji co najmniej 1\.15\.0\. \(Lub z CVS'a po 18\.11\.2003\)\.\0\0\0\x03\0\0\x03\x01$| p/Freeciv/ v/2.X/ i/Polish/ cpe:/a:freeciv:freeciv:2:::pl/
match freeciv m|^\0\x03X\0.\x01\0\0\0\0Votre client est trop vieux\. Pour utiliser ce serveur veuillez mettre votre client \xc3\xa0 jour avec une version Freeciv 2\.2 ou ult\xc3\xa9rieure\.\0\0\0\x03\0\0\x03\x01$| p/Freeciv/ v/2.X/ i/French/ cpe:/a:freeciv:freeciv:2:::fr/
match freeciv m|^\0(?:\x03\x58\0)?\x6a\x01\0\0\0\0Your client is too old\. To use this server, please upgrade your client to a Freeciv 2\.2 or later\.\0\0\0\x03\0\0\x03\x01$| p/Freeciv/ v/2.X/ cpe:/a:freeciv:freeciv:2/
match freeciv m|^\0\x03\x58\0\x16\x01\0\0\0\0Freeciv ([\d.]+)\0\0\0\x03\0\0\x03\x01$| p/Freeciv/ v/$1/ cpe:/a:freeciv:freeciv:$1/

match imaze-game m|^\0\x18\x82iMaze server JC/HUK ([\d.]+)$| p/iMaze game server/ v/$1/

match msrpc m|^\x05\0\r\x03\x10\0\0\0\x18\0\0\0v\x07\0\0\x04\0\x01\x05\0\0.\0$|s p/Microsoft RPC/ o/Windows/ cpe:/o:microsoft:windows/a

# http://msdn.microsoft.com/en-us/library/cc219293.aspx
# SPM 2015, Version: 2015.3.3
match mc-nmf m|^\x08Ihttp://schemas\.microsoft\.com/ws/2006/05/framing/faults/UnsupportedVersion| p/.NET Message Framing/ o/Windows/ cpe:/o:microsoft:windows/a

match ormi m|^\xe3\r\n\r\n\0\x01\0.\0vInvalid protocol verification, illegal ORMI request or request performed with an incompatible version of this protocol|s p/Oracle Remote Method Invocation/

match arkeia m|^\0\x05\0\0\0\0\0\0$| p/Arkeia Network Backup/

match qcheck m|^.*\$Id: //ral_depot/products/current/ENDPOINT/CODE/client\.c|s p/Ixia Q-Check network performance tester/

match qmqp m|^58:Dnetstring format error while receiving QMQP packet header,| p/Postfix qmqpd/

match sip m|^\x01\x11\0\x18\x01\0\0\x01\0\0\0\0\0\0\x07versi\0\t\0\x12\0\0\x06\0Global Failure\0\0| p/Kamailio sipd/ cpe:/a:kamailio:kamailio/

match sybase-adaptive m|^\x04\x01\0\(\0\0\0\0\xaa\0\x14\0\0\x0f\xa2\x01\x0eLogin failed\.\n\xfd\0\x02\0\x02\0\0\0\0$| p/Sybase Adaptive Server/ o/Windows/ cpe:/a:sybase:adaptive_server/ cpe:/o:microsoft:windows/a

match telecom-misc m|^\0\x1e\x02\x06\x01\0\0\0\0\0\0\xf1\0| p/Radio IP MTG gateway/ d/telecom-misc/

match warcraft m|^\0\0\x09$| p/World of Warcraft game server/

match upnp m|^HTTP/1\.0 414 Request-URI Too Long\r\nServer: Linux/([\w._-]+) UPnP/([\w._-]+) fbxigdd/([\w._-]+)\r\nConnection: close\r\n\r\n$| p/fbxigdd/ v/$3/ i/AliceBox PM203 UPnP; UPnP $2/ d/WAP/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/

match xtunnels m|^\0\x03\x04\0\x04$| p/XTunnels proxy server/

# Alert (Level: Fatal, Description: Unexpected Message|Protocol Version|Handshake Failure)
match ssl m|^\x15\x03[\x00-\x04]\0\x02\x02[\nF\x28]|

# DNS Server status request: http://www.rfc-editor.org/rfc/rfc1035.txt
##############################NEXT PROBE##############################
Probe UDP DNSStatusRequest q|\0\0\x10\0\0\0\0\0\0\0\0\0|
rarity 5
ports 53,69,135,1761

# Note when generating match lines - TCP DNS responses have two bytes at the beginning
# of the response that the UDP doesn't, otherwise they are the same. Account for this
# in the regex so that a matchline will work for both.

# Matches weird txids in bytes 0,1 (UDP) or 2,3 (TCP), we sent txid 0
# the \x0_, \x8_, \x9_ below accounts for recursion / authenticated data flags
softmatch domain m|^(?:..)?..\x90[\x01\x81\x91]\0\0\0\0\0\0\0\0$| i/generic dns response: FORMERR/
softmatch domain m|^(?:..)?..\x90[\x04\x84\x94]\0\0\0\0\0\0\0\0$| i/generic dns response: NOTIMP/
softmatch domain m|^(?:..)?..\x90[\x05\x85\x95]\0\0\0\0\0\0\0\0$| i/generic dns response: REFUSED/

# Responds with an A record for itself?
match domain m|^.{4,6}\x84\0\0\x01\0\x01\0\0\0\0[^\0]+\0\0\x01\0\x01[^\0]+\0\0\x01\0\x01\0\0\0\x1e\0\x04....$|s p/Incapsula WAF DNS/

match iodine m|^\x80\xa7\x84\0\0\x01\0\x01\0\0\0\0.*\0\0\x0a\0\x01\xc0\x0c\0\n\0\x01\0\0\0\0\0\x05BADIP$| p/iodine IP-over-DNS tunnel/ cpe:/a:kryo:iodine/


# This one below came from 2 tested Windows XP boxes
match msrpc m|^\x04\x06\0\0\x10\0\0\0\0\0\0\0|

match netprobe m|^\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$| p/Mega System Technologies NetProbe Lite environmental sensor/ d/specialized/

match tftp m|^\0\x05\0\x02\0The IP address is not in the range of allowable addresses\.\0| p/SolarWinds tftpd/ i/IP disallowed/ o/Windows/ cpe:/a:solarwinds:tftp_server/ cpe:/o:microsoft:windows/a
match tftp m|^\0\x05\0\0Invalid TFTP Opcode| p/Cisco tftpd/ cpe:/a:cisco:tftp_server/
match tftp m|^\0\x05\0\x04Illegal TFTP operation\0| p/Plan 9 tftpd/ o/Plan 9/ cpe:/o:belllabs:plan_9/a
match tftp m|^\0\x05\0\x04Error: Illegal TFTP Operation\0\0\0\0\0| p/Zoom X5 ADSL modem tftpd/ d/broadband router/ cpe:/h:zoom:x5/a
match tftp m|^\0\x05\0\x04Illegal operation\0$| p/Cisco router tftpd/ d/router/ o/IOS/ cpe:/a:cisco:tftp_server/ cpe:/o:cisco:ios/a
match tftp m|^\0\x05\0\x04Illegal operation error\.\0$| p/Microsoft Windows Deployment Services tftpd/ o/Windows/ cpe:/o:microsoft:windows/
# version 10.9.0.25
match tftp m|^\0\x05\0\x04Unknown operatation code: 0 received from [\d.]+:\d+\0| p/SolarWinds Free tftpd/ cpe:/a:solarwinds:tftp_server/
# Brother MFC-9340CDW
match tftp m|^\0\x05\0\x04illegal \(unrecognized\) tftp operation\0$| p/Brother printer tftpd/ d/printer/
# HP IMC 7.1
match tftp m|^\0\x05\0\0Not defined, see error message\(if any\)\.\0| p/HP Intelligent Management Center tftpd/ cpe:/a:hp:intelligent_management_center/
match tftp m|^\0\x05\0\x05Unknown transfer ID\0| p/TFTP Server SP/ o/Windows/ cpe:/a:tftp:tftp_server_sp/ cpe:/o:microsoft:windows/a

# TFTP error
softmatch tftp m|^\0\x05\0[\0-\x07][^\0]+\0$|

match landesk-rc m|^\0\0\0\0USER\x01\0\x10\0\x08\0:\xd0\x08\0:\xd0\x01\x01\.\0O\0\x03\0T\0\xff\xff\0\0\0\xfd\0\0\0\0\0\0\x02\0\0\0LANDeskWorkgroup Manager ver ([\d.]+)\0| p/LANDesk Workgroup Manager/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a


# DNS Server status request: http://www.crynwr.com/crynwr/rfc1035/rfc1035.html
##############################NEXT PROBE##############################
Probe TCP DNSStatusRequestTCP q|\0\x0C\0\0\x10\0\0\0\0\0\0\0\0\0|
rarity 7
ports 53,513,514,6050,41523
sslports 853
fallback DNSStatusRequest

# All legitimate 'domain' matchlines for this probe should be placed in the the
# DNSStatusRequest probe section.


# ARCserve Client Agent v4.0d for Solaris 2.x(Running on SunOS 5.8Generic_108528-13 sun4u)
match arcserve m|^\0\0s\0\0\0\0\0$| p/ARCserve Client Agent/ i/backup software/ cpe:/a:ca:arcserve_client_agent/
# ARCServe Win32 Client Agent v4.0
match arcserve m|^h\0\0\0\0\0\0\0$| p/ARCserve Client Agent/ i/backup software/ cpe:/a:ca:arcserve_client_agent/
# ARCserver Client Agent Discovery service on W2K3
match arcserve m|^([\w\d_-]+)\0$| p/ARCserve Discovery/ h/$1/ cpe:/a:ca:arcserve_client_agent/
match login m|^\0\r\n\nIQinVision IQeye3 Version ([vV].*)\n\r\nType HELP| p/IQinVision IQeye3 logind/ v/version $1/ d/webcam/
match login m|^\0\r\n\nLantronix ETS16 Version V([\d.]+)/\d+\(\d+\)\n\r\nType HELP at the 'BRTR-ETS16>' prompt for assistance\.\n\r\nUsername> | p/Lantronix ETS16 logind/ v/$1/ d/terminal server/ cpe:/h:lantronix:ets16:$1/
# Craftbukkit server build 860 (Minecraft v 1.6.6) http://bukkit.org
match minecraft m|^\xff\0\x0e\0P\0r\0o\0t\0o\0c\0o\0l\0 \0e\0r\0r\0o\0r$| p/Minecraft game server/
match shell m|^\0rsh: \x10: Command not supported\n| p/Ricoh rshd/ d/printer/

# TrinityCore
match wow m|^\0\0\t.{32}\x01.*?\0\x10..\0\0\0\0......([^\0]+)\x00([\d.]{7,15}:\d+)\0| p/World of Warcraft authserver/ i/realm: $1 on $2/

# Know the device but not the service.
# match unknown m|^\0\0\0\0\0\x03\0\x80\x01$| p/Weintek MT8000 touch screen/ d/media device/

##############################NEXT PROBE##############################
Probe UDP NBTStat q|\x80\xf0\0\x10\0\x01\0\0\0\0\0\0\x20\x43\x4bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0\x21\0\x01|
rarity 4
ports 137

# NBTStat queries use DNS query packet format and so will trigger responses from DNS services
# the \x0_, \x8_, \x9_ below accounts for recursion / authenticated data flags
softmatch domain m|^\x80\xf0[\x80\x81][\x02\x82\x92]\0\x01\0\0\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01$| i/generic dns response: SERVFAIL/
softmatch domain m|^\x80\xf0[\x80\x81][\x03\x83\x93]\0\x01\0\0\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01$| i/generic dns response: NXDOMAIN/

match domain m|^\x80\xf0\x81\x83\0\x01\0\0\0\0\0\0 ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\0\0!\0\x01| p/Mikrotik DNS/ d/router/

# NBT Response starts with a header:
# The following fields are each 2 bytes: transaction ID; Flags; question count; answer count; name service count; additional record count
# Next comes 34 bytes NUL-terminaed name
# then comes 2 byte fields: question type; question clss
# 4 byte TTL
# 2 byte rdata length
# 1 byte number of names
### -- End of header
# Next comes the given number of nbnames - each are a 15 byte name (space padded) followed by a one byte service type, and then 16 BIT flags
### -- End of name table - finally comes the footer:
# 48 - Adapter address (eg MAC addy)
# 8 bit fields: major version; minor version
# 16 bit fields: duration; frmps received; frmps transmitted; iframe receive errors; transmit aborts
# 32 bit fields: trasnmitted; received
# The remaining fields are all 16-bits: iframe transmit errors; number of receive buffers; tl_timeouts; tl_timeouts; free ncbs; ncbs;
#                                       max_ncbs; number of transmit buffers; max datagram; pending sessions; max sessions; packet_sessions

# I'm not convinced that these next 4 work on a very wide variety of
# machines.  I think most of the real matching comes in the next block.
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...(\w{1,15}) *\0\x04\0(\w{1,15}) *\0\x84\0\w{1,15} *\x03\x04\0\w{1,15} *\x04\0\w{1,15} *\x1e\x84\0\w{1,15} *\x1d\x04\0\x01\x02__MSBROWSE__\x02\x01\x84\0(\w{1,15}) *\x03|s p/Microsoft Windows XP netbios-ssn/ i/workgroup: $2 user: $3/ o/Windows XP/ h/$1/ cpe:/o:microsoft:windows_xp/
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...(\w{1,15}) *\0\x04\0(\w{1,15}) *\0\x84\0\w{1,15} *\x03\x04\0\w{1,15} *\x04\0\w{1,15} *\x1e\x84\0\w{1,15} *\x1d\x04\0\x01\x02__MSBROWSE__\x02\x01\x84\0\0|s p/Microsoft Windows XP netbios-ssn/ i/workgroup: $2/ o/Windows XP/ h/$1/ cpe:/o:microsoft:windows_xp/
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...(\w{1,15}) *\0\x04\0(\w{1,15}) *\0\x84\0\w{1,15} *\x03\x04\0\w{1,15} *\x04\0(\w{1,15}) *\x03\x04\0\w{1,15} *\x1e\x84\0|s p/Microsoft Windows XP netbios-ssn/ i/workgroup: $2 user: $3/ o/Windows XP/ h/$1/ cpe:/o:microsoft:windows_xp/
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...(\w{1,15}) *\0\x04\0(\w{1,15}) *\0\x84\0\w{1,15} *\x03\x04\0\w{1,15} *\x04\0\w{1,15} *\x1e\x84\0|s p/Microsoft Windows XP netbios-ssn/ i/workgroup: $2/ o/Windows XP/ h/$1/ cpe:/o:microsoft:windows_xp/

# It would be really nice if we could get username and/or OS
# information from this.  But it is quite hard to parse out the proper
# information unambiguously, especially with just regular expressions.
# But it certainly would be nice to get more info:
#
# nbtstat
#
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0\0..([\w\-]{1,15}) *\0D\0.*\0([\w\-]{1,15}) *\0\xc4\0|s p/Microsoft Windows netbios-ssn/ i/workgroup: $2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0\0..([\w\-]{1,15}) *\0D\0([\w\-]{1,15}) *\0\xc4\0|s p/Microsoft Windows netbios-ssn/ i/workgroup: $2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0\0...*\0([\w\-]{1,15}) *\0D\0.*\0([\w\-]{1,15}) *\0\xc4\0|s p/Microsoft Windows netbios-ssn/ i/workgroup: $2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0\0...*\0([\w\-]{1,15}) *\0D\0([\w\-]{1,15}) *\0\xc4\0|s p/Microsoft Windows netbios-ssn/ i/workgroup: $2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a

# Samba
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]{1,15})[\s]{0,14}\x20\x04\0.*?([\w\-]{1,15})[\s]{0,14}\0\x84\0\0\0\0\0\0\0|s p/Samba nmbd netbios-ns/ i/workgroup: $2/ h/$1/ cpe:/a:samba:samba/
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]{1,15})[\s]{0,14}\0\x04\0.*?([\w\-]{1,15})[\s]{0,14}\x1e\x84\0\0\0\0\0\0\0|s p/Samba nmbd netbios-ns/ i/workgroup: $2/ h/$1/ cpe:/a:samba:samba/

# The following lines contain very similar matches but allow for variations in ordering of Workstation (\0\x04\0) and Workgroup (\0\x84\0)
# Active Directory Controllers - service \x1c
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]{1,15})[\s]{0,14}\0\x04\0.*?[\w\-]{1,15}[\s]{0,14}\0\x84\0.*?([\w\-]{1,15})[\s]{0,14}\x1c\x84\0|s p/Microsoft Windows netbios-ns/ i/Domain controller: $2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...[\w\-]{1,15}[\s]{0,14}\0\x84\0.*?([\w\-]{1,15})[\s]{0,14}\0\x04\0.*?([\w\-]{1,15})[\s]{0,14}\x1c\x84\0|s p/Microsoft Windows netbios-ns/ i/Domain controller: $2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...[\w\-]{1,15}[\s]{0,14}\0\xc4\0.*?([\w\-]{1,15})[\s]{0,14}\0D\0.*?([\w\-]{1,15})[\s]{0,14}\x1c\xc4\0|s p/Microsoft Windows 2012 R2 netbios-ns/ i/Domain controller: $2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows_server_2012:r2/a

# Member servers, workgroup, etc
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]{1,15})[\s]{0,14}\0\x04\0.*?([\w\-]{1,15})[\s]{0,14}\0\x84\0|s p/Microsoft Windows netbios-ns/ i/workgroup: $2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]{1,15})[\s]{0,14}\0\x84\0.*?([\w\-]{1,15})[\s]{0,14}\0\x04\0|s p/Microsoft Windows netbios-ns/ i/workgroup: $1/ o/Windows/ h/$2/ cpe:/o:microsoft:windows/a
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]{1,15})[\s]{0,14}\x20\x04\0.*?([\w\-]{1,15})[\s]{0,14}\x1e\x84\0|s p/Microsoft Windows 10 netbios-ns/ i/workgroup: $2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows_10/

# The following allow more flexible ordering of Workstation (\0\x04\0) and Workgroup (\0\x84\0) and the number of other NetBIOS services between
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]{1,15})[\s]{0,14}.*\0([\w\-]{1,15})[\s]{0,14}\0\x84\0|s p/Microsoft Windows or Samba netbios-ns/ i/workgroup: $2/ h/$1/

# Apple seems to just include the Workstation service, with the permanent flag. Second matchline accounts for MAC address included in packet
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0\0A\x01([\w\-]{1,15})[\s]{0,14}\0d\0\0\0\0\0\0\0\0\0| p/Apple Mac OS X netbios-ns/ o/Mac OS X/ h/$1/ cpe:/o:apple:mac_os_x/a
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0\0A\x01([\w\-]{1,15})[\s]{0,14}\0d\0[^\0]{6}\0\0\0\0\0\0\0\0\0| p/Apple Mac OS X netbios-ns/ o/Mac OS X/ h/$1/ cpe:/o:apple:mac_os_x/a
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0\0A\x01([\w\-]{1,15})[\s]{0,14}\0\x04\0\0\0\0\0\0\0\0\0\0\0\0\0\0| p/Apple Mac OS X netbios-ns/ o/Mac OS X/ h/$1/ cpe:/o:apple:mac_os_x/a

match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]{1,15})[\s]{0,14}\0d\0.*\0([\w\-]{1,15})[\s]{0,14}\0\xe4\0|s p/Samba nmbd netbios-ns/ i/workgroup: $2/ h/$1/ cpe:/a:samba:samba/

match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0\0/\x00......\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0|s p/Microsoft Windows Mobile netbios-ns/ o/Windows/ cpe:/o:microsoft:windows/a

match netbios-ns m|^\x80\xf0\x85\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]{1,15}).*\04\0([\w\-]{1,15}) *\x1e\x84\0|s p/Novell NetWare netbios-ns/ i/workgroup: $2/ o/NetWare/ h/$1/ cpe:/o:novell:netware/a


#
# Samba has a version too
# nmbd version 2.2.7 on Linux 2.4.20
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]{1,15}).*\0([\w\-]{1,15}) *|s p/Samba nmbd netbios-ns/ i/workgroup: $2/ h/$1/ cpe:/a:samba:samba/

# From an acer PDA
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...\0\x80H'y\x86\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| p/WinCE netbios-ns/ o/Windows CE/ cpe:/o:microsoft:windows_ce/a

# From a mikrotik router
match netbios-ns m|^\x80\xf0\x85\x80\0\x01\0\0\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...\d+\.\d+ \0D\0\0\0| p/MikroTik router netbios-ns/ d/router/

match netbios-ns m|^\x80\xf0\x84\x00\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...\x01\x02__MSBROWSE__\x02\x01\x84\0(MACBOOKPRO-[0-9A-F]{4})\0.*\0([\w._ -]+)\x1d|s p/Apple Mac OS X netbios-ns/ i/workgroup: $2/ o/Mac OS X/ h/$1/ cpe:/o:apple:mac_os_x/

match netbios-ns m|^\x80\xf0\x85\x80\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]+) *\0\x04\0|s p/Xerox WorkCentre netbios-ns/ d/printer/ h/$1/
# Brother MFC-9340CDW
match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\x04\x93\xe0...([\w-]+)\0D\0......\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0|s p/Brother printer netbios-ns/ d/printer/ h/$1/


softmatch netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]{1,15})[\s]{0,14}| p/Unknown netbios-ns/ h/$1/
softmatch netbios-ns m|^\x80\xf0[\x80-\x8f].\0\0\0.\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01|

match ntp m|^\x04\x01\0\0\0\0\0\0\0\0\0\0LOCL....\0\0\0\0AAAAA\0\0!....\0\0\0\0....\0\0\0\0| p/Actiontec ntpd/ d/broadband router/

# Apparently used on OS X: http://support.apple.com/kb/ts1629
match osu-nms m|^\x08\x02\0\x03\x03\x11\0\0\x03\x03\x12\0\0\x03\x03\x13\0\0\x03\x03\x14\0\0\x06\x03\x15\0\0\0\0\0\x06\x03\x16\0\0\0\0\0\x03\x03\x18\0\0\x04\x03\x19\0\0\0\x06\x03!\0\0\0\0\0\x06\x03\"\0\0\0\0\0\x06\x03#\0\0\0\0\0\x06\x03\$\0\0\0\0\0\x06\x03%\0\0\0\0\0\x06\x03&\0\0\0\0$| p/OSU Network Monitoring System/

##############################NEXT PROBE##############################
Probe UDP Help q|help\r\n\r\n|
rarity 3
ports 7,13,37,42
match chargen m|@ABCDEFGHIJKLMNOPQRSTUVWXYZ|
match echo m|^help\r\n\r\n$|
# Solaris 8, 9
match daytime m=^[A-Z][a-z]{2} [A-Z][a-z]{2} +\d{1,2} +\d\d:\d\d:\d\d (?:19|20)\d\d\n\r$= p/Sun Solaris daytime/ o/Solaris/ cpe:/o:sun:sunos/a
# Mandrake Linux 9.2, xinetd daytime
match daytime m|^[0-3]\d [A-Z][A-Z][A-Z] 20\d\d \d\d:\d\d:\d\d \S+\r\n|
# Windows small services daytime
match daytime m|^\d{1,2}:\d\d:\d\d [AP]M \d{1,2}/\d\d/\d{4}\n$| p/Windows small service daytime/ o/Windows/ cpe:/o:microsoft:windows/a
match daytime m|^\d{1,2}:\d\d:\d\d \d{1,2}/\d\d/\d{4}\n$| p/Windows daytime/ o/Windows/ cpe:/o:microsoft:windows/a
match daytime m|^\d\d:\d\d:\d\d \d\d.\d\d.20\d\d\n$| p/Microsoft Windows International daytime/ o/Windows/ cpe:/o:microsoft:windows/a
match daytime m|^\w\w\w \w\w\w \d\d \d\d:\d\d:\d\d \d\d\d\d\r\n$| p/AIX daytime/ o/AIX/ cpe:/o:ibm:aix/a
match daytime m|^(\w\w\w \w\w\w \d\d \d\d:\d\d:\d\d \w+ \d\d\d\d)\r\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \0\0\0\x7f\xff\xec0\0\0\0\0\0\0\0\0\0\0\0\0\x04\x01Q\xa0\0\0\0\0\0\x01\0\x15\x90-d\0\0\0\0\0\0\0\0\x1c\0\0\xff\xfe\xff\xff\xff\xff\xc5:H\0\0\x16\xc3\xd8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff\xac\x10\x0b\x05\0\xff\0\x06T\xa3\0\0 !\"#\$%&'\(\)\*\+,-\./0123456789:;<=>\?@ABCDEFGHIJKLMNO\xd3\$\x12\xccTUVWOy\x94L\0\r\xd1z\0\0\0\0\x04\x02\x1b`\0\0\0\0\x04\x02\x1b`| i/time: $1/

match drweb m|^\x7csrv_realm=([^\x7c]+)\x7csrv_Uuid=[-\da-f]{36}\x7cdws9=\d+\x7cMajorVer=(\d+)\x7cMinorVer=(\d+)\x7c| p/DrWeb/ v/$2.$3/ i/realm: $1/ cpe:/a:drweb:drweb:$2.$3/
# TIME
match time m|^[\xd5-\xef]...$|s i/32 bits/
match time m|^[\xd5-\xef]....\0\0\0$|s i/64 bits/
# Solaris Internet Name Server (42/udp), see ien116.txt
match nameserver m|^help\r\n\r\n\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01| p/Solaris Internet Name Server/ i/IEN 116/ o/Solaris/ cpe:/o:sun:sunos/a
match nameserver m|^\x03\x03\x02$| p/Solaris Internet Name Server/ i/IEN 116/ o/Solaris/ cpe:/o:sun:sunos/a
match nameserver m|^\0\x06\x01\0\0\x01\0\0\x03\x03\x02$| p/Solaris Internet Name Server/ i/IEN 116/ o/Solaris/ cpe:/o:sun:sunos/a

match valve-steam m|^\xff\xff\xff\xff!L_\xa0.{28}\0\0\0\x08\x06\x10\x06\x18\x9c\xd3\x01\".([\w.-]+)0\x028| p/Valve Steam In-Home Streaming service/ h/$1/
match valve-steam m|^\xff\xff\xff\xff!L_\xa0| p/Valve Steam In-Home Streaming service/

##############################NEXT PROBE##############################
Probe TCP Hello q|EHLO\r\n|
rarity 8
ports 25,587,3025
sslports 465
totalwaitms 7500

match exalead m|^\? 1 illegal command\n\0| p/Exalead search appliance/

match smtp m|^220\s+(DP-\d+)\r\n250-Hello\r\n250-DSN\r\n| p/Panasonic smtpd/ v/$1/ i/Panasonic printer/ d/printer/
match smtp m|^220 ESMTP service ready\r\n250\x20ok\r\n| p/Rustock smtp backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a
match smtp m|^220 Hello [A-Z][a-z]{2}, .*\r\n501 Command \"EHLO\" requires an argument\r\n| p/Lotus Notes smtpd/ cpe:/a:ibm:lotus_notes/
match smtp m|^220 ([\w_.-]+) ESMTP\r\n250-[-\w_.]+\r\n250-AUTH LOGIN CRAM-MD5 PLAIN\r\n250-AUTH=LOGIN CRAM-MD5 PLAIN\r\n250-PIPELINING\r\n250 8BITMIME\r\n| p/Access Remote PC smtpd/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
match smtp m|^220 \[[\w_.-]+\] FTGate Server Ready\r\n250-([\w._-]+)\r\n| p/Floosietek FTGate smtpd/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
# NetWare GroupWise Internet Agent 7 SP3 beta
match smtp m|^220 ([\w_.-]+) Ready\r\n250-.*\r\n250-AUTH LOGIN\r\n(?:250-8BITMIME\r\n)?250-SIZE\r\n250 DSN\r\n| p/Novell NetWare GroupWise Internet Agent smtpd/ o/NetWare/ h/$1/ cpe:/a:novell:groupwise/ cpe:/o:novell:netware/a
match smtp m|^220 .* Ready\r\n250-.*\r\n250-AUTH LOGIN\r\n(?:250-8BITMIME\r\n)?250-SIZE\r\n250 DSN\r\n| p/Novell NetWare GroupWise Internet Agent smtpd/ o/NetWare/ cpe:/a:novell:groupwise/ cpe:/o:novell:netware/a
match smtp m|^220 \[[\w_.-]+\] ESMTP Ready\r\n501 HELO requires domain address\r\n| p/Canon imageRUNNER C5185 smtpd/ d/printer/ cpe:/h:canon:imagerunner_c5185/
match smtp m|^220 .* SMTP ready at .*\r\n501 Command \"EHLO\" requires an argument\r\n| p/Lotus Domino smtpd/ cpe:/a:ibm:lotus_domino/
match smtp m|^220 Hello\r\n501 Command \"EHLO\" requires an argument\r\n| p/Lotus Domino smtpd/ cpe:/a:ibm:lotus_domino/
match smtp m|^220 ([\w_.-]+)\r\n250-[\w._-]+ Axigen ESMTP hello\r\n| p/Axigen smtpd/ h/$1/ cpe:/a:gecad:axigen_mail_server/
match smtp m|^220 [^\r\n]*ESMTP[^\r\n]*\r\n501 ehlo requires domain/address - see RFC-2821 4\.1\.1\.1\r\n| p/qpsmtpd/ cpe:/a:ask_bjorn_hansen:qpsmtpd/
match smtp m|^220 ([\w_.-]+) ESMTP Service ready\r\n250-[\w_.-]+ Missing required domain name in EHLO, defaulted to your IP address \[[\d.]+\]\r\n| p/Critical Path smtpd/ h/$1/
match smtp m|^220 \r\n501 \r\n| p/Konica Minolta bizhub 350 printer smtpd/ d/printer/ cpe:/h:konicaminolta:bizhub_350/
match smtp m|^220 ([\w_.-]+) ESMTP SonicWALL \(([\d.]+)\)\r\n| p/SonicWALL Email Security smtpd/ v/$2/ d/security-misc/ h/$1/
match smtp m|^220 ([\w_.-]+) ready\r\n250-[\w_.-]+\r\n250 AUTH LOGIN PLAIN \r\n$| p/Freemail smtpd/ h/$1/
match smtp m|^554 SMTP synchronization error\r\n| p/Exim smtpd/ cpe:/a:exim:exim/
match smtp m|^220 ([\w._-]+)  ESMTP\r\n501 Syntax: EHLO hostname\r\n| p/Postfix smtpd/ h/$1/ cpe:/a:postfix:postfix/a
match smtp m|^220 ESMTP Postfix\r\n501 Syntax: EHLO hostname\r\n| p/Postfix smtpd/ cpe:/a:postfix:postfix/a
match smtp m|^220-\*{89}\r\n220 \*{32}\r\n250-Welcome [\w._-]+, nice to meet you\.\.\.\r\n250-AUTH=(?:\w+ ?)+\r\n250-AUTH(?: \w+)+\r\n250-SIZE \d+\r\n250-DSN\r\n250-ETRN\r\n250 XXXA\r\n| p/ArGoSoft smtpd/ o/Windows/ cpe:/o:microsoft:windows/a
match smtp m|^220 ESMTP Ready\r\n250-([\w._-]+) Hello \[[\d.]+\]\r\n250-SIZE\r\n250-PIPELINING\r\n250-DSN\r\n250-ENHANCEDSTATUSCODES\r\n250-STARTTLS\r\n250-X-ANONYMOUSTLS\r\n250-AUTH NTLM\r\n250-X-EXPS GSSAPI NTLM\r\n250-8BITMIME\r\n250-BINARYMIME\r\n250-CHUNKING\r\n250-XEXCH50\r\n250 XRDST\r\n| p/Microsoft Outlook Web Access smtpd/ h/$1/
match smtp m|^220 ([\w._-]+) ESMTP\r\n250-\1\r\n250-STARTTLS\r\n250-SIZE 50000000\r\n250-PIPELINING\r\n250 8BITMIME\r\n| p/qmail smtpd/ h/$1/ cpe:/a:djb:qmail/
match smtp m|^220  ESMTP\r\n501 5\.0\.0 EHLO requires domain address\r\n| p/Sendmail/ cpe:/a:sendmail:sendmail/a
match smtp m|^552 Invalid domain name in HELO command \(DLH use case\)\.\r\n| p/Lotus Notes smtpd/ cpe:/a:ibm:lotus_domino/
match smtp m|^220 ([\w.-]+) ESMTP \w\w\w, \d\d \w\w\w \d\d\d\d [\d:]{8} ([-+]?\d\d\d\d)\r\n550 Invalid or missing command argument\(s\)\r\n| p/MDaemon smtpd/ i/timezone: $2/ h/$1/ cpe:/a:alt-n:mdaemon/
match smtp m|^220 ([\w.-]+) Ready\r\n250-Requested mail action okay, completed\.\r\n250 STARTTLS\r\n| p/McAfee Email Gateway/ h/$1/ cpe:/a:mcafee:email_gateway/
match smtp m|^220 \S*[^\w.-]\S* ESMTP CommuniGate Pro [^\d].*\r\n250-([\w.-]+) domain name should be qualified \r\n| p/CommuniGate Pro SMTP/ h/$1/ cpe:/a:stalker:communigate_pro/
match smtp m|^220 (\w[\w.-]+) ESMTP\r\n501 Syntactically invalid EHLO argument\(s\)\r\n| p/Exim smtpd/ h/$1/ cpe:/a:exim:exim/
match smtp m|^220 ESMTP (?:\(NO U[BC]E\))* ?server ready at \w\w\w, \d\d \w\w\w \d\d\d\d [\d:]{8} ([-+]?\d\d\d\d)\r\n501 Command "EHLO" requires an argument\r\n| p/Lotus Notes smtpd/ i/timezone: $1/ cpe:/a:ibm:lotus_notes/
match smtp m|^220 ([\w._-]+) Mail ESMTP ready\r\n250-\1 Axigen ESMTP hello\r\n| p/Axigen smtpd/ h/$1/ cpe:/a:gecad:axigen_mail_server/
# Sometimes the hostnames don't match!
match smtp m|^220 ([\w._-]+) Mail ESMTP ready\r\n250-([\w._-]+) Axigen ESMTP hello\r\n| p/Axigen smtpd/ i/alt hostname: $2/ h/$1/ cpe:/a:gecad:axigen_mail_server/
match smtp m|^220 ([\w._-]+)[^\r\n]*\r\n250-[^ ]* \[[^]]+\], this server offers \d+ extensions\r\n250| p/MailEnable smtpd/ o/Windows/ h/$1/ cpe:/a:mailenable:mailenable/ cpe:/o:microsoft:windows/a

match smtp m|^220 $| p/OpenBSD spamd/

match smtp-proxy m|^220 ([-\w_.]+) .*\r\n250-[-\w_.]+ supports the following ESMTP extensions:\r\n250-SIZE \d+\r\n250-DSN\r\n250-8bitmime\r\n250 OK\r\n| p/Trend Micro IMSS smtp proxy/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
match smtp-proxy m|^220 ([\w._-]+) ESMTP [\w._-]+\r\n501 5\.5\.2 HELO requires domain address\r\n| p/SonicWALL Email Security Appliance smtp proxy/ d/proxy server/ h/$1/
match smtp-proxy m|^220 Ready to receive mail -=- ESMTP\r\n250-Ready to receive mail -=-\r\n250-AUTH LOGIN PLAIN\r\n250-AUTH=LOGIN PLAIN\r\n250-PIPELINING\r\n250 8BITMIME\r\n| p/PineApp Mail-SeCure smtp proxy/ cpe:/a:pineapp:mail-secure/
match smtp-proxy m|^220 MailStore SMTP Proxy Server\r\n250-([\w._-]+)\r\n250-STARTTLS\r\n250 MAILSTORE\r\n| p/MailStore smtp proxy/ h/$1/
match smtp-proxy m|^220 OutgoingFilter SMTP\r\n502 OutgoingFilter Command not implemented\r\n| p/Dr.Web SMTP-proxy/ cpe:/a:drweb:smtp-proxy/

##############################NEXT PROBE##############################
Probe TCP Help q|HELP\r\n|
rarity 3
ports 1,7,21,25,79,113,119,515,587,1111,1311,12345,2401,2627,3000,3493,6560,6666-6670,14690,22490
sslports 465,990
totalwaitms 7500

# http://www.computerpokercompetition.org/
match acpc m|^Usage: Valid commands are\nLIST\nCLEAR\nSTATUS\nKILL\nNEW\nCONFIG\nAUTONCONNECT\nGETINFO\nHELP\nFor specific help on each command, type HELP:COMMAND\r\r\n\n| p/Glassfrog computer poker server/

match aleph m|^96\r$| p/Aleph Integrated Library System/
match bitkeeper m|^@SERVER INFO@\nPROTOCOL=([\d.]+)\nVERSION=bk-([\w._-]+)\nUTC=\d+\nTIME_T=\d+\nROOT=([^\n]+)\nUSER=(?:[^\n]+)\nHOST=(?:[^\n]+)\nREALUSER=(?:[^\n]+)\nREALHOST=([^\n]+)\nPLATFORM=([^\n]+)\n| p/BitKeeper distributed VCS/ v/$2/ i/protocol $1; root $3; $5/ h/$4/ cpe:/a:bitmover:bitkeeper:$2/

match caldav m|^<head>\n<title>Error response</title>\n</head>\n<body>\n<h1>Error response</h1>\n<p>Error code 400\.\n<p>Message: Bad request syntax \('HELP'\)\.\n<p>Error code explanation: 400 = Bad request syntax or unsupported method\.\n</body>\n| p/Radicale calendar and contacts server/ i/Python BaseHTTPServer/ cpe:/a:kozea:radicale/ cpe:/a:python:python/

match chat m|^\r\n>STATUS\tset status\r\nINVISIBLE\tset invisible mode\r\nMAINWINDOW\tshow/hide main window\r\n| p/Simple Instant Messenger control plugin/

# CVSD (cvs chrooting service for pserver) cvsd 0.9.18
# CVS 1.11.5 pserver
match cvspserver m|^cvs \[pserver aborted\]: bad auth protocol start: HELP\r\n\n?$| p/cvs pserver/
# CVSNT pserver
match cvspserver m|^cvs \[server aborted\]: bad auth protocol start: HELP\r\n$| p/CVSNT cvs pserver/ cpe:/a:march-hare:cvsnt/
match cvspserver m|^cvs \[server aborted\]: bad auth protocol start: HELP\r\nerror  \n$| p/CVSNT cvs pserver/ cpe:/a:march-hare:cvsnt/
match cvspserver m|^cvsnt \[server aborted\]: bad auth protocol start: HELP\r\nerror  \n$| p/CVSNT cvs pserver/ cpe:/a:march-hare:cvsnt/
match cvspserver m|^cvsntsrv \[server aborted\]: bad auth protocol start: HELP\r\nerror  \n$| p/CVSNT cvs pserver/ cpe:/a:march-hare:cvsnt/
# Concurrent Versions System (CVS) 1.10.7 (client/server)
match cvspserver m|^cvs-pserver \[pserver aborted\]: bad auth protocol start: HELP\r\n\n| p/cvs pserver/

match cvspserver m|^-f \[pserver aborted\]: bad auth protocol start: HELP\r\n\n| p/SunOS cvs pserver/ o/SunOS/ cpe:/o:sun:sunos/a
match echo m|^HELP\r\n$|
match irc-proxy m|^:ezbounce!srv NOTICE \(unknown\) :\x02| p/ezbounce irc proxy/ o/Unix/
# ProFTPD 1.2.0
match ftp m|^220 FTP Server[^[]* \[([\w.-]+)\]\r\n214-The following commands are recognized \(\* =>'s unimplemented\)\.\r\n USER    PASS    ACCT\*   CWD     XCWD    CDUP    XCUP    SMNT\*   \r\n QUIT    REIN\*   PORT    PASV    TYPE    STRU\*   MODE\*   RETR    \r\n STOR    STOU\*   APPE    ALLO\*   REST    RNFR    RNTO    ABOR    \r\n DELE    MDTM    RMD     XRMD    MKD     XMKD    PWD     XPWD    \r\n SIZE    LIST    NLST    SITE    SYST    STAT    HELP    NOOP    \r\n214 Direct comments to | p/ProFTPD/ v/1.2.0/ o/Unix/ h/$1/ cpe:/a:proftpd:proftpd:1.2.0/a
# ProFTPD 1.2.5
match ftp m|^220 ([-.\w]+) FTP server ready\.\r\n214-The following commands are recognized \(\* =>'s unimplemented\)\.\r\n USER    PASS    ACCT\*   CWD     XCWD    CDUP    XCUP    SMNT\*   \r\n QUIT    REIN\*   PORT    PASV    TYPE    STRU    MODE    RETR    \r\n STOR    STOU\*   APPE    ALLO\*   REST    RNFR    RNTO    ABOR    \r\n DELE    MDTM    RMD     XRMD    MKD     XMKD    PWD     XPWD    \r\n SIZE    LIST    | p/ProFTPD/ v/1.2.5/ o/Unix/ h/$1/ cpe:/a:proftpd:proftpd:1.2.5/a
match ftp m|^220 FTP-Server on \[([-\w_.]+)\]\r\n214-The following commands are recognized \(\* =>'s unimplemented\)\.\r\n214-USER    PASS    ACCT\*   CWD     XCWD    CDUP    XCUP    SMNT\*   \r\n214-QUIT    REIN\*   PORT    PASV    TYPE    STRU    MODE    RETR    \r\n214-STOR    STOU\*   APPE    ALLO\*   REST    RNFR    RNTO    ABOR    \r\n214-DELE    MDTM    RMD     XRMD    MKD     XMKD    PWD     XPWD    \r\n214-SIZE    LIST| p/ProFTPD/ v/1.2.