\)\nuptime:    ([^\n]+)\n|s p/MongoDB http console/ v/$2/ i/git version $4; pdfile $3; Boost $SUBST(6,"_","."); uptime $7/ o/Linux $5/ h/$1/ cpe:/a:mongodb:mongodb:$2/ cpe:/o:linux:linux_kernel:$5/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n<html><head><title>mongodb ([\w._-]+):\d+ </title>.*<pre>db version v([\w._-]+), pdfile version ([\w._-]+)\ngit hash: nogitversion\nsys info: Linux [\w._-]+ ([\w._-]+) .* BOOST_LIB_VERSION=([\w._-]+)\n\ndblocked:  \d+ \(initial\)\nuptime:    ([^\n]+)\n|s p/MongoDB http console/ v/$2/ i/pdfile $3; Boost $SUBST(5,"_","."); uptime $6/ o/Linux $4/ h/$1/ cpe:/a:mongodb:mongodb:$2/ cpe:/o:linux:linux_kernel:$4/
match http m|^HTTP/1\.1 501 Not Implemented\r\nServer: sfcHttpd\r\nContent-Length: 0\r\nConnection: close\r\n\r\nHTTP/1\.1 400 Bad Request\r\nServer: sfcHttpd\r\nContent-Length: 0\r\nConnection: close\r\n\r\n| p/sfcHttpd/ i/SuperMicro IPMI Small Footprint CIM Broker/ cpe:/o:supermicro:intelligent_platform_management_firmware/
match http m|^HTTP/1\.1 501 Not Implemented\r\nServer: sfcHttpd\r\nContent-Length: 0\r\n\r\nHTTP/1\.1 400 Bad Request\r\nServer: sfcHttpd\r\nContent-Length: 0\r\n\r\n| p/sfcHttpd/
match http m|^HTTP/1\.0 400 Bad Request\r\n(?:[^\r\n]+\r\n)*?Server: CleanMail Service ([\w._-]+)\r\n|s p/CleanMail antispam http admin/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: lighttpd/([\w._-]+).*<\?xml version=\"1\.0\" encoding=\"iso-8859-1\"\?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\"\n         \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n <head>\n  <title>\d\d\d - [\w ]+</title>|s p/lighttpd/ v/$1/ cpe:/a:lighttpd:lighttpd:$1/
match http m|^HTTP/1\.1 405 Method Not Allowed\r\nAllow: GET,HEAD\r\nDate: .*\r\nServer: Genetic Lifeform and Distributed Open Server ([\w._-]+)\r\n| p/Hentai@Home httpd/ v/$1/
match http m|^\(null\) 400 Bad Request\r\nServer: nexg_httpd\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: keep-alive\r\nKeep-Alive: timeout=10, max=30\r\n\r\n| p/nexg_httpd/
match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nContent-Length: 0\r\ntv2-auth-digest: [\w=]+\r\n\r\n$| p/T-Home Entertain set-top box httpd/ d/media device/
match http m|^HTTP/1\.0 400 Bad Request\r\n(?:[^\r\n]+\r\n)*?Server: doubleTwist Sync \(Android\)\r\n|s p/doubleTwist httpd/ i/Android phone/ d/phone/ o/Linux/ cpe:/o:google:android/
match http m|^HTTP/1\.0 501 Unimplemented\r\nContent-Type: text/plain\r\nContent-Length: 17\r\n\r\n501 Unimplemented$| p/NetApp DFM httpd/
# Date is wrongly localized, e.g. "ven, 10 dic 2010 16:11:46 GMT".
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html\r\nConnection: close\r\nDate: .*\r\nContent-Length: 134\r\n\r\n<HTML><HEAD>\n<TITLE>400 Bad Request</TITLE>\n</HEAD><BODY>\n<H1>Method Not Implemented</H1>\nInvalid method in request<P>\n</BODY></HTML>\n$| p/Transmission BitTorrent management httpd/ cpe:/a:transmissionbt:transmission/
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Type: text/html\r\nCache-Control: public,max-age=86400\r\nPragma: cache\r\nExpires: .*\r\nDate: .*\r\nLast-Modified: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\n\r\n<html>\n<head>\n  <title>400 Bad Request</title>\n</head>\n<body bgcolor=\"ffffff\">\n  <h2>400 Bad Request<h2>\n  <p>\n  \n</body>\n</html>\n$| p/Transmission BitTorrent management httpd/ v/2.52/ cpe:/a:transmissionbt:transmission:2.52/
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nServer: UBServer ([\w._-]+)\r\nConnection: close\r\n\r\n$| p/UBServer/ v/$1/ i/NBS smart card printer/
match http m|^SAS/IntrNet Application Server Release ([\w._-]+) \((build \d+)\)\n\n$| p|SAS/IntrNet| v/$1 $2/
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: Aimetis-InfoService/([\w._-]+)\r\n| p/Aimetis InfoService httpd/ v/$1/ d/webcam/
match http m|^HTTP/0\.0 400 Bad request\r\nServer: Aos HTTP Server/([\w._-]+)\r\nHTTP/0\.0 400 Bad request\r\nServer: Aos HTTP Server/[\w._-]+\r\nHTTP/0\.0 400 Bad request\r\nServer: Aos HTTP Server/[\w._-]+\r\nHTTP/0\.0 400 Bad request\r\nServer: Aos HTTP Server/[\w._-]+\r\nHTTP/0\.0 400 Bad request\r\nServer: Aos HTTP Server/[\w._-]+\r\nHTTP/0\.0 400 Bad request\r\nServer: Aos HTTP Server/[\w._-]+\r\nHTTP/0\.0 400 Bad request\r\nServer: Aos HTTP Server/[\w._-]+\r\nHTTP/0\.0 400 Bad request\r\nServer: Aos HTTP Server/[\w._-]+\r\nHTTP/0\.0 400 Bad request\r\nServer: Aos HTTP Server/[\w._-]+\r\n| p/A2 httpd/ v/$1/ o/A2/ cpe:/o:eth:a2/
# Panasonic TV "VIERA GT30 Series" running "FreeBSD/8.0 UPnP/1.0 Panasonic-MIL-DLNA-SV/1.0"
match http m|^HTTP/1\.1 400 Bad Request\r\nCONNECTION: close\r\n\r\n$| p/Panasonic GT30 TV http admin/ d/media device/ o/FreeBSD 8.0/ cpe:/o:freebsd:freebsd:8.0/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nCache-Control: no-cache,no-store,no-cache\r\nContent-Type: application/json\r\nPragma: no-cache,no-cache\r\n\r\nHTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nCache-Control: no-cache,no-store,no-cache\r\nContent-Type: application/json\r\nPragma: no-cache,no-cache\r\n\r\n$| p/Microsoft Windows Live Mesh/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: Technicolor WebServer/([\w._-]+)\r\nContent-Type: text/html\r\nContent-Length: 42\r\n\r\nHTTP/1\.0 400 Bad Request: Missing method\r\n\r\n\r\n$| p/Technicolor TG787 VoIP gateway http admin/ v/$1/ d/VoIP adapter/
match http m|^HTTP/1\.1 501 Not implemented\r\nDate: .*\r\nServer: NetTalk-WebServer/([\d.]+)\r\n| p/CapeSoft NetTalk WebServer/ v/$1/
match http m|^HTTP/1\.0 400 Bad Request\r.*\nServer: ([^,]+), (UPnP/[\d.]+ DLNADOC/[\d.]+), Serviio/([\d.]+)\r\n|s p/Serviio media server httpd/ v/$3/ i/$2/ o/$1/
match http m|^HTTP/1\.1 404\r\nServer: NT-ware-EmbeddedTcpServer-HttpDevice/([\d.]+)\r\n| p|NT-ware uniFLOW/MOM httpd| v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WEBrick/([\d.]+) \(Ruby/([\d.]+)/([-\d]+)\)\r\n|s p/WEBrick httpd/ v/$1/ i/Ruby $2 ($3)/ cpe:/a:ruby-lang:ruby:$2/
match http m|^HTTP/1\.1 404 Not Found\r\n\r\n$| p|SAGE EAS Digital Endec remote audio monitor/level meter|
match http m|^\(null\) 400 Bad Request\r\nServer: \r\nDate: .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n| p/Arris TG862G http config/ d/WAP/ cpe:/h:arris:tg862g/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nConnection: close\r\nContent-Type: text/html\r\nServer: SNARE\r\nWWW-Authenticate: Digest realm=\"SNARE\", qop=\"auth\", nonce=\"[a-f0-9]+\", opaque=\"[a-f0-9]+\"\r\n\r\n| p/InterSect SNARE Server/ d/security-misc/ cpe:/a:intersectalliance:system_intrusion_analysis_and_reporting_environment/
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: Piolink Switch\r\n| p/Piolink ADC/
match http m|^HTTP/1\.1 501\r\nX-AV-Server-Info: av=\"5\.:0\"; cn=\"Sony Corporation\"; mn=\"([^"]+)\"; mv=\"([^"]+)\"\r\nX-AV-Physical-Unit-Info: pa=\"\1\"\r\nConnection: close\r\n| p/Sony $1 AV receiver http info/ v/$2/ d/media device/ cpe:/h:sony:$1:$2/
match http m|^HTTP/1\.1 200 OK\nContent-Type: text/html; charset=UTF-8\nContent-Length: \d+\n\n<html>\n<!--\n \* WiFi Keyboard - Remote Keyboard for Android\.\n \* Copyright \(C\) 2011 Ivan Volosyuk\n| p/WiFi Keyboard for Android/ d/phone/ o/Android/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: Keep-Alive\r\nContent-Length: \d+\r\nContent-Type: application/octet-stream\r\nDate: .*\r\nKeep-Alive: timeout=15; max=19\r\n\r\n\0\0\0\x03\0\0\0\x06error\0\0\0\0\0\0\0\x01\0\0\0\x05\0\0\0\x11no_save_password\0\0\0\0\0\0\0\x01\0\0\0\0\0\0\0\x08pencore| p/SoftEther VPN httpd/ cpe:/a:university_of_tsukuba:softether_vpn/
match http m|^HTTP/1\.0 401\r\nWWW-Authenticate: Digest realm=\"mongo\", nonce=\"abc\", algorithm=MD5, qop=\"auth\" \r\n\r\nnot allowed\n$| p/MongoDB simple REST interface/ v/1.5.0 or older/ cpe:/a:mongodb:mongodb/
match http m|^HTTP/1\.0 401\r\nWWW-Authenticate: Digest realm=\"mongo\", nonce=\"abc\", algorithm=MD5, qop=\"auth\" \r\nContent-Type: text/plain\r\n\r\nnot allowed\n$| p/MongoDB simple REST interface/ v/1.5.0 - 1.9.0/ cpe:/a:mongodb:mongodb/
match http m|^HTTP/1\.0 401\r\nWWW-Authenticate: Digest realm=\"mongo\", nonce=\"abc\", algorithm=MD5, qop=\"auth\" \r\nContent-Type: text/plain;charset=utf-8\r\n\r\nnot allowed\n$| p/MongoDB simple REST interface/ v/1.9.0 or later/ cpe:/a:mongodb:mongodb/
match http m|^HTTP/1\.0 401\r\nWWW-Authenticate: Digest realm=\"mongo\", nonce=\"abc\", algorithm=MD5, qop=\"auth\" \r\nContent-Type: text/plain;charset=utf-8\r\nConnection: close\r\nContent-Length: 12\r\n\r\nnot allowed\n| p/MongoDB simple REST interface/ v/3.1.1 or later/ cpe:/a:mongodb:mongodb/
match http m|^ 400 Invalid request\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 15\r\n\r\nInvalid request| p/Acutenix WVS Scheduler/
match http m|^HTTP/1\.[01] 400 Bad Request\r\nConnection: close\r\nContent-length: 0\r\n\r\n$| p/Ajenti http control panel/ cpe:/a:ajenti:ajenti/
match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\ncharset: UTF8\r\nContent-Type: text/html\r\n\r\n{\"STATUS\": \"REDIRECT\", \"RESPONSE\": \"mlicense\.html\"}| p/MONyog MySQL Monitor and Advisor/ cpe:/a:webyog:monyog/
match http m|^HTTP/1\.1 500 Server Error\r\nContent-Length: 42\r\nConnection: close\r\n\r\nError 500: Server Error\nBad request: \[\r\n\r\]| p/Mongoose httpd/ cpe:/a:cesanta:mongoose/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"Web UI Access\", nonce=\"[0-9a-f]{32}\", opaque=\"[0-9a-f]{32}\", stale=\"false\", algorithm=\"MD5\", qop=\"auth\"\r\ncontent-length: 0\r\n\r\n$| p/qBittorrent Web UI/ cpe:/a:qbittorrent:qbittorrent/
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .* GMT\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=300\r\nServer: MSOS/([\d.]+) mawebserver/([\d.]+)\r\n| p/Patton mawebserver httpd/ v/$2/ i/MSOS $1/ d/VoIP adapter/
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .* GMT\r\nConnection: close\r\nServer: RStudio\r\n\r\n$| p/RStudio IDE httpd/ cpe:/a:rstudio:rstudio/
match http m|^\(null\) 400 Bad Request\r\nServer: \r\n.*<HTML>\n *<HEAD><TITLE>400 Bad Request</TITLE></HEAD>\n *<BODY BGCOLOR=\"#cc9999\" TEXT=\"#000000\" LINK=\"#2020ff\" VLINK=\"#4040cc\">\n *<H4>400 Bad Request</H4>\nCan't parse request\.\n|s p/mini_httpd/ cpe:/a:acme:mini_httpd/
match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nServer: ArangoDB\r\nConnection: Close\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 0\r\n\r\n| p/ArangoDB admin httpd/ cpe:/a:arangodb:arangodb/
# Content-Type changed to application/json in 3.0
match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nServer: ArangoDB\r\nConnection: Close\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 0\r\n\r\n| p/ArangoDB admin httpd/ v/3.0 or 3.1/ cpe:/a:arangodb:arangodb/
# X-Content-Type-Options header added in 3.2.devel
match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nX-Content-Type-Options: nosniff\r\nServer: ArangoDB\r\nConnection: Keep-Alive\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 0\r\n\r\n| p/ArangoDB admin httpd/ v/3.2 or later/ cpe:/a:arangodb:arangodb/
match http m|^HTTP/1\.0 400 Bad Request\r\ndate: .*\r\npragma: no-cache\r\nconnection: close\r\ncontent-length: \d+ *\r\ncontent-type: text/html\r\n\r\n<html><head><title>Application Server Error</title>| p/SAP WebDispatcher/ cpe:/a:sap:web_dispatcher/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/plain\r\nCache-Control: no-cache\r\nConnection: \r\nDate: .* GMT\r\nServer: DT-UMESHKAL\r\nAccept-Ranges: None\r\nContent-Length: 4\r\n\r\n\r\n\r\n| p/Seagull BarTender printer driver httpd/ cpe:/a:seagull:bartender/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Length: 22\r\nContent-Type: text/plain\r\n\r\nMalformed Request-Line| p/CherryPy wsgiserver/ cpe:/a:cherrypy:cherrypy/
match http m|^HTTP/1\.1 400 Bad Request\nServer: Gateway Web Server/1\.0\nDate: .*\n\n| p/Mirasys WebClient server/ d/media device/ cpe:/a:mirasys:webclient/
# No idea what this is: it's not https://github.com/rasteron/PyLime
match http m|^HTTP/1\.1 413 Request Entity Too Large\r\nDate: .*\r\nServer: pyLime/([\w._-]+)\r\nContent-Type: text/html\r\n\r\n| p/pyLime httpd/ v/$1/
match http m|^HTTP/1\.1 405 Method Not Allowed\r\nConnection: close\r\nContent-Length: 0\r\n\r\n$| p/Thomson DSL router TR-069/ d/broadband router/
match http m|^HTTP/1\.0 400 Bad Request\r\ndate: .* GMT\r\npragma: no-cache\r\nconnection: close\r\ncontent-length: \d+ *\r\ncontent-type: text/html\r\nserver: SAP NetWeaver Application Server ([\d.]+) / ICM ([\d.]+)\r\n\r\n| p/SAP NetWeaver Application Server Internet Communication Manager httpd/ v/$1/ i/ICM $2/ cpe:/a:sap:netweaver:$1/
# port 40028
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: 22\r\nContent-Type: text/plain; charset=US-ASCII\r\nConnection: Close\r\n\r\nInvalid request line: | p/Amazon FireTV Stick/ d/media device/
# port 45571
match http m|^HTTP/1\.0 400 Fail\r\n\r\n$| p/Amazon FireTV Stick/ d/media device/
# ESM_SUITE: V9.4.1.0
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-type: text/html\r\n\r\n<HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1><PRE>HTTP-E-ENOURL-Request not followed by a URL\.\n\r\n</PRE></BODY></HTML>\n| p/EMC Smarts broker/ cpe:/a:emc:smarts/
match http m|^HTTP/1\.1 500 Internal Server Error\r\nConnection: close\r\nServer: NetData Embedded HTTP Server\r\n| p/NetData embedded httpd/ cpe:/a:firehol:netdata/
# Hosafe HOSAFE-2MB3W 1080P IP Security Camera
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Type: application/soap\+xml; charset=utf-8\r\nConnection: close\r\n\r\n$| p/Hosafe ONVIF camera SOAP httpd/ d/webcam/
# Cisco DPC3828S DOCSIS 3.0 SB-WiFi(3x3) Gateway, port 1900
match http m|^HTTP1\.1 405 Method Not Allowed\r\n$| p/Cisco DPC3828S WiFi cable modem/ d/WAP/ cpe:/h:cisco:dpc3828s/
match http m|^\r\n\r\n\0HTTP/1\.0 500 Internal Server Error\r\nContent-Length: 0\r\n\r\n| p/DeviceWISE Enterprise M2M httpd/ cpe:/a:telit:devicewise_m2m/
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nExpires: .*\r\nServer: PulsarCoreEmbeddedPlantServer/1\.0\r\nConnection: close\r\nCache-Control: public, max-age=2592000\r\nContent-Encoding: utf-8\r\nContent-Length: 28\r\nContent-Type: text/html\r\n\r\nIncorrect first header line | p/ThinKnx web ui/ d/specialized/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: \d+\r\n\r\n\r\n<!doctype html>\r\n<html>\r\n<head>\r\n    <meta charset='utf8'>\r\n    <meta http-equiv='x-ua-compatible' content='ie=edge'>\r\n    <title>Octopus Tentacle</title>| p/Octopus Tentacle/ cpe:/a:octopus:tentacle/
match http m|^HTTP/1\.1 403 Forbidden\r\nDate: .*\r\nServer: This is for PRTG Probes\r\n| p/PRTG remote probes httpd/ cpe:/a:paessler:prtg/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Length: 16\r\nContent-Type: text/plain\r\n\r\n400 Bad Request\n| p/Neato Botvac Connected/ d/specialized/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Length: 0\r\n\r\n| p/FRITZ!Box TR-069 service/ d/broadband router/
# "The 6258 port is for the older 1Password 3 extension"
# Also matches Daylite Server Admin caldav
softmatch http m|^HTTP/1\.1 405 Method Not Allowed\r\nContent-Length: 0\r\nConnection: close\r\nAccept-Ranges: bytes\r\nDate: .* GMT\r\n\r\n| p/1Password Agent or Daylite Server Admin caldav/

# full match including appliance model number under GetRequest
softmatch http m|^UNKNOWN 400 Bad Request\r\nServer: Check Point SVN foundation\r\n| p/Check Point SVN foundation/
# More complete match including API version under FourOhFourRequest
softmatch http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\n400 Bad Request| p|Golang net/http server| cpe:/a:golang:go/
# version available with GetRequest
softmatch http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: 40\r\nContent-Type: text/plain; charset=UTF-8\r\nDate: .*\r\n\r\nMultiple leading empty lines not allowed| p/Calibre Content Server httpd/ cpe:/a:kovid_goyal:calibre/

match http-proxy m%^HTTP/1\.0 400 Bad Request\r\nContent-Type: text/html\r\nPragma: no-cache\r\nConnection: close\r\nContent-Type: text/html; charset=(?:utf-8|us-ascii)\r\n\r\n<html><body>Invalid request<P><HR><i>This message was created by WinRoute Proxy</i></body></html>% p/WinRoute http proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\n.*<html><body>\t\t<i><h2>Invalid request:</h2></i><p><pre>Bad request format\.\n</pre><b>\t\t</b><p>Please, check URL\.<p>\t\t<hr>\t\tGenerated by Oops\.\t\t</body>\t\t</html>$|s p/Oops! http proxy/ d/proxy server/
match http-proxy m|^HTTP/1\.0 503 Internal error\r\nServer: awarrenhttp/([\w._-]+)\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html> <head> <title> Internal Error </title> </head> <body> <hr> <p> An internal server error occurred while processing your request\. Please contact administrator\.\n<BR> <BR> Reason: Could not relay request </p> </body> </html>$| p/awarrenhttp http proxy/ v/$1/ i/Cyberoam CR200 proxy server/ d/proxy server/
match http-proxy m|^<HTML><HEAD><TITLE>501 Not Implemented</TITLE></HEAD>\n<BODY><H2>501 Not Implemented</H2>\nThe requested method '' is not implemented by this server\.\n<HR>\n<I>httpd/1\.00</I></BODY></HTML>\n$| p/thttpd/ i/Blue Coat PacketShaper 3500 firewall/ d/firewall/ cpe:/a:acme:thttpd/ cpe:/h:bluecoat:packetshaper_3500/
match http-proxy m|^HTTP/1\.[01] (?:[^\r\n]*\r\n(?!\r\n))*?Server: Mikrotik HttpProxy\r\n|s p/MikroTik http proxy/
# Actually got over 600 spaces at the end of this, but that could be a fluke?
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nContent-Type: text/html\r\nPragma: no-cache\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><body>[^<]+<P><HR><i>[^<]*Kerio Control[^<]*?</i></body></html> {100}| p/Kerio Control http proxy/ cpe:/a:kerio:control/
#softmatch http-proxy m|^HTTP/1\.1 400 Bad Request\r\n\r\n$| p/sslstrip/

match hp-problemdiagnostics m|^<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<NETPATH_PROBE version=\"[\w._-]+\">\n\t<SOURCE device_type=\"HOST\">\n\t\t<DNS>([\w._-]+)</DNS>\n\t\t<IP_OUT>[\d.]+</IP_OUT>\n\t</SOURCE>\n\t<DESTINATION name=\"\" arguments=\"\">\n\t\t<ERROR code=\"3\">\n\t\t\t<MESSAGE>No destination specified</MESSAGE>\n\t\t</ERROR>\n\t</DESTINATION>\n</NETPATH_PROBE>\n\n$| p/HP Problem Diagnostics/ h/$1/

match icontrolav2 m|^E04\r\nR\r\n| p/Pioneer iControlAV2 control port/ d/media device/

# slident 0.0.19
match ident m|^0, 0: ERROR: UNKNOWN-ERROR\n$| p/slident/
# mlidentd 1.1 on Linux
# bqidentd on RSX-11M-PLUS
match ident m|^0,0:ERROR:UNKNOWN-ERROR\r\n$| p/mlidentd or bqidentd/
# This identd might be BSD derived:
match ident m|^2 , 0 : ERROR : UNKNOWN-ERROR\r\n$|
match ident m|^0 , 0 : ERROR : UNKNOWN-ERROR\r\n$|
# FreeBSD 4.8-RC inetd internal identd
match ident m|^0 , 0 : ERROR : INVALID-PORT\r\n$| p/FreeBSD identd/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a
# pidentd-3.1a19-157
match ident m|^ : ERROR : UNKNOWN-ERROR\r\n$| p/pidentd/
match ident m|^0, 0 : ERROR : X-INVALID-REQUEST\r\n$| p/Minidentd or fakeidentd/
# http://packages.debian.org/unstable/net/ident2.html
match ident m|^0 , 0 : ERROR : INVALID-PORT\r\n0 , 0 : ERROR : INVALID-PORT\r\n$| p/Ident2/
# midentd 2.3.1 on Linux
match ident m|^0, 0 : ERROR : INVALID-PORT\r\n| p/midentd/
#midentd 2.1 on Linux 2.4.21
match ident m|^0,0 : ERROR : INVALID-PORT\r\n| p/midentd/
# authd 1.4.3 on Linux
match ident m|^0 , 0 : ERROR :INVALID-PORT\r\n| p/authd/
match ident m|^: USERID : UNIX : CacheFlow Server\r\n| p/CacheFlow identd/ o/CacheOS/ cpe:/o:bluecoat:cacheos/
match ident m|^:USERID:OTHER:\d+-ident-is-a-completely-pointless-protocol-that-offers-no-security-or-traceability-at-all-so-take-this-and-log-it!\r\n| p/Fake identd/
match ident m|^ : USERID : UNIX : ([-\w_]+)$| p/Klient identd/ i/IRC Nick $1/
match ident m|^\r\n: ERROR : HIDDEN-USER\r\n$| p/Borderware Firewall identd/ d/firewall/
match ident m|^ : USERID : UNIX : [a-z]{4,8}\r\n$| o/Windows/ cpe:/o:microsoft:windows/a
match ident m|^1 , 1 : USERID : OTHER : chuck-the-bsd-deamon\r\n$| p/widentd/
match ident m|^,  : USERID : UNIX : [^\r\n]+\r\n$| p/FTPRush FTP client identd/ o/Windows/ cpe:/a:ftprush:ftprush/ cpe:/o:microsoft:windows/a
match ident m|^0 , 0 : ERROR : FORMAT-ERROR\r\n$| p/GTA GB-Ware firewall identd/ d/firewall/
match ident m|^,  : USERID : UNIX : ([-\w_]+)\r\n,  : USERID : UNIX : (?:[-\w_]+)\r\n$| p/Snak IRC client identd/ i/username: $1/
match ident m|^ : ERROR : INVALID-PORT\r\n| p/Quassel IRC/ cpe:/a:quassel:quassel/
match ident m|^0,0:ERROR:INVALID-PORT\r\n| p/NetBSD identd/ o/NetBSD/ cpe:/o:netbsd:netbsd/a

match ident m|^rc \(tcp113\): null list in concatenation\n| p/Plan 9 identd/ o/Plan 9/ cpe:/o:belllabs:plan_9/a

match imap m|^\* OK IMAP4 1\.0 server ready\r\n\* BAD Argument\r\n| p/Cisco VPN Concentrator 3000-series imapd/ d/terminal server/

match imond m|^ERR password required\r\nERR password required\r\n| p/imond fli4l router config/ d/router/
match imond m|^ERR administrator password required\r\nERR administrator password required\r\n$| p/imond fli4l router config/ d/router/
match imond m|^ERR\r\nERR\r\n$| p/imond fli4l router config/ d/router/

# Broken inetd configuration
# <27>Dec 19 17:37:37 inetd\[28433\]: execv /usr/openv/netbackup/bin/bpjava-msvc: No such file or directory
match inetd m|^<\d+>[A-Z][a-z][a-z] +\d+ \d+:\d+:\d+ inetd\[\d+\]: execv (/[-.\\/\w]+): (\w[\s\w.,-]+)$| p/inetd/ i/failed to exec $1: $2/

match intow m|^<status><code>9999</code><result>App\.Version is out of date please update your version of InTow Mobile</result>| p/InTow Mobile/ i/out of date/ o/iOS/ cpe:/o:apple:iphone_os/a

softmatch insteon-plm m|^\x15$| p/Insteon PLM/

match asf-rmcp m|^\0\0\0\x02\t\0\0\0\x01\0\0\0\0\0\0\0\0$| p/SuperMicro IPMI RMCP/ cpe:/o:supermicro:intelligent_platform_management_firmware/

# Diverse IRC bot
match ircbot m|^ \r\nSorry, that nickname format is invalid\.\r\r\n$| p/Diverse IRC bot/

match irc m|^:([-\w_.]+) 421 \r\n\r\n :\r\n\r\n unimplemented protocol request\r\n:[-\w_.]+ 421 \r\n\r\n :\r\n\r\n unimplemented protocol request\r\n| p/Crackalaka ircd/ h/$1/
match irc m|^:([-\w_.]+) 421  : Unknown command\r\n:[-\w_.]+ 421  : Unknown command\r\n| p/Free Lightweight IRC Program ircd/ h/$1/ cpe:/a:freenet:flip/

match irc-proxy m|^\+OK \r\n-ERR XXX authorization first\r\n$| p/muh irc proxy/

match irr m|^% No search key specified\n\n| p/Merit Internet Routing Registry/

match istat m|^<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?><isr athrej=\"1\"></isr>$| p/istatd server for iStat iPhone app/

# http://docs.getisymphony.com/display/ISYM28/Status+API
match isymphony-status m|^Error: Invalid command\.\nError: Invalid command\.\n$| p/iSymphony call manager Status API/

match itach m|^ERR 001\rERR 001\r| p/Global Cache iTach API/ d/bridge/

# http://java.decompiler.free.fr/?q=node/626
match jd-gui m|^\t$| p/JD-GUI Java decompiler/ v/0.3.3/

# Port 21. http://www.jabaco.org/board/p2043-orpg-in-jabaco-applet.html#post2043
match jrpgt m|^<<jrpgt!>>\x7c$| p/JRPGT game server/ o/Windows/ cpe:/o:microsoft:windows/

match jtag m|^\x55\x0a\x04\x0d\xe5$| p/Macraigor mpDemon JTAG debugger/ d/specialized/

match kerberos-sec m%^\x00\x00\x00.~.0.\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11\x18\x0f(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z\xa5[\x03-\x05]\x02(?:\x03...|\x02..|\x01.)\xa6\x03\x02\x01=\xa9.\x1b.([\w._-]+)\xaa%s p/MIT Kerberos/ i/server time: $1-$2-$3 $4:$5:$6Z/ h/$7/ cpe:/a:mit:kerberos:5/

match keyence-pc m|^ER,,02\rER,,02\r| p|Keyence EtherNet/IP module| d/specialized/

match labtech-redirector m|^\x02\0\0\x01B\t\0\0\x01B$| p/Labtech/ cpe:/a:labtech_software:labtech/

match laserfiche m|^HLO 0 0 \. 0 71\r\nContent-type: application/vnd\.laserfiche\.lrnp\r\n\r\nLRNP/1\.1\r\n\r\nlistener\r\nEND\r\nERR 0 1 \. 71 80\r\nContent-type: application/vnd\.laserfiche\.lrnp\r\n\r\n451 0 Invalid message \(-2001\)\r\nEND\r\n| p/Laserfiche document service/

match lastfm m|^ERROR: Command doesn't seem to be followed by a space followed by arguments\n$| p/Last.fm client/ cpe:/a:last:last.fm/
match lexlm m|^.\x08\0\0$|s p/Lexmark language monitor/

# Part of Linux net-snmp-5.0.6-17
match linuxconf m|^500 access denied: Check networking/linuxconf network access\r\n$| p/Linuxconf/ i/Access denied/ o/Linux/ cpe:/o:linux:linux_kernel/a
# Linuxconf 1.26r4
match linuxconf m|^500 access denied: Check config/networking/misc/linuxconf network access\r\n<p>\r\nBy default,| p/Linuxconf/ i/Access denied/ o/Linux/ cpe:/o:linux:linux_kernel/a

match lirc m|^BEGIN\n\r\nERROR\nDATA\n1\nbad send packet\nEND\nBEGIN\n\r\nERROR\nDATA\n1\nbad send packet\nEND\n| p/LIRC infrared receiver daemon/

match loglogic m|^\x02\x02$| p/LogLogic protocol/ d/security-misc/

match memcached m|^ERROR\r\nERROR\r\n$| p/Memcached/ cpe:/a:memcached:memcached/

match minecraft m|^\x0eYou need to log in!                                             $| p/Minecraft game server/
match multicraft m|^>ERROR - client not authorized\n>ERROR - client not authorized\n| p/Bitnami Multicraft/

# SnapMirror or SnapVault
match netapp-filer m|^\x0b\0\0\0$| p/NetApp filer data transfer/

match netasq-admin m|^200 code=00100200 msg=\"[^"]+\"\r\n200 code=00100200 msg=\"[^"]+\"\r\n$| p/Netasq firewall admin/ d/firewall/

match netbios-ssn m|^\x82\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$| p/Nepenthes honeypot netbios-ssn/

# Netsaint Status Daemon 2.15
match netsaint m|^Unknown command\n$| p/Netsaint Status Daemon/
match netsaint m|^ERROR No function requested from client\.| p/Nagios Statd Server/ cpe:/a:nagios:nagios/
match netsaint m|^ERROR: Unknown request number\.| p/NC_Net nagios server/ cpe:/a:nagios:nagios/

# NSClient - http://nsclient.ready2run.nl/
match nsclient m|^ERROR:Wrong password$| p/Netsaint Windows Client/
match nsclient m|^ERROR: Invalid password\.\nERROR: Invalid password\.\n$| p/NSClient++/ cpe:/a:nsclient:nsclient%2b%2b/
match nsclient m|^ERROR: No command specified\.\nERROR: No command specified\.\n$| p/NSClient++/ cpe:/a:nsclient:nsclient%2b%2b/

# http://olsr.org/?q=txtinfo_plugin
match olsrd-txtinfo m|^HTTP/1\.0 200 OK\nContent-type: text/plain\n\nTable: Links\nLocal IP\tRemote IP\tHyst\.\tLQ\tNLQ\tCost\n[\w._-]+\t[\w._-]+\t[\d.]+\t[\d.]+\t[\d.]+\t[\d.]+\t\n| p/olsrd txtinfo plugin/ v/0.6.3/
# Nulls?
match olsrd-txtinfo m|^HTTP/1\.0 200 OK\0Content-type: text/plain\n\0Table: Links\nLocal IP\tRemote IP\tHyst\.\tLQ\tNLQ\tCost\0[\w._-]+\t[\w._-]+\t[\d.]+\t[\d.]+\t[\d.]+\t[\d.]+\t\n| p/olsrd txtinfo plugin/ v/0.6.7/

match omniback m|^HP OpenView OmniBack II ([-.\w]+): INET, | p/HP OpenView OmniBackII/ v/$1/ cpe:/a:hp:omniback_ii:$1/

match omniinet m|^H\0P\0 \0D\0a\0t\0a\0 \0P\0r\0o\0t\0e\0c\0t\0o\0r\0 \0A\0\.\x00[0\0]*([\0\w._-]+):\0 \0I\0N\0E\0T\0,\0 \0i\0n\0t\0e\0r\0n\0a\0l\0 \0b\0u\0i\0l\0d\0 \x00([\0\d]+),\0 \0b\0u\0i\0l\0t\0 \0o\0n\0 \0.*\n\0\0\0$| p/HP Data Protector/ v/$P(1)/ i/build $P(2)/ cpe:/a:hp:data_protector:$P(1)/

# tcp/2368
match opentable-listener m|^OpenTable Listener Version ([\w._-]+)\r\n\r\nerror=Bad request\r\n\r\nOTRequestHandler ([\w._-]+) WebRequest\r\n\r\n\0$| p/OpenTable restaurant reservation listener/ v/$1/ i/request handler version $2/
# tcp/61031
match opentable m|^\xc1\x02\0\0\x14\0\0\0\0\0\0\0\0\0\0\0\x44\x28\0\0$| p/OpenTable restaurant reservation system/

match oracle-db-rmi m|^\0\0\xfa\xda\0\x02$| p/Oracle Database Lite RMI/ cpe:/a:oracle:database_lite/

match paromed m|^PCS-[\w._-]+,V([\w._-]+),OK\nERROR:102: ENERROR:102: EN| p/Paromed milling machine/ v/$1/ d/specialized/

match pathfinder-xml m|^<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?> <FatalError><Reason>Invalide XML!</Reason></FatalError>\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?> <FatalError><Reason>Invalide XML!</Reason></FatalError>\r\n| p/Avaya Scopia Pathfinder XML API/

# torque, Tera-scale Open-source Resource and QUEue manager (PBS)
# http://supercluster.org/torque
# maui, http://supercluster.org/maui
match pbs-maui m|^\+2\+15\+15056\+\d+\+\d+| p|PBS/Maui Roll| i/Rocks Cluster/ d/specialized/
# http://www.adaptivecomputing.com/blog-hpc/torque-protocols/
# "+2+1" = version 2.1
# "5+15058" = error 15058, PBSE_DISPROTO
# "+0" = aux code 0 ?
# "+7" = reply body type 7 ?
# "2+56" = string length 56
match pbs m|^\+2\+(\d)5\+15058\+0\+72\+56Bad DIS based Request Protocol MSG=cannot decode message| p/Portable Batch System/ v/2.$1/

match pmcd m|^\0\0\0\x14\0\0p\0\0\0\x03.\xff\xff\xfc\x11\x02\0..$|s p/SGI performance metrics collector daemon/ o/IRIX/ cpe:/o:sgi:irix:6.5/

match icy m|^OK2\r\nicy-caps:\d+\r\n\r\nOK\r\n$| p/Peercast/
match icy m|^HTTP/1\.0 200 OK\r\nContent-type: application/ogg\r\nicy-br:(\d+)\r\nicy-description:VirtualDJ Direct Broadcast\r\nicy-genre:\r\nicy-name:VirtualDJ\r\nicy-pub:0\r\nicy-url:http://www\.virtualdj\.com/\r\nServer: VirtualDJ\r\n\r\n| p/VirtualDJ streaming audio/ i/Bitrate $1/

match pgbouncer m|^E\0\0\0&SERROR\0C08P01\0Mbad packet header\0\0| p/PgFoundry PgBouncer PostgreSQL connection pooler/ v/1.5.2 or earlier/
match pgbouncer m|^E\0\0\x002SERROR\0C08P01\0Mbad packet header: '0d0a0d0a'\0\0| p/PgFoundry PgBouncer PostgreSQL connection pooler/ v/1.5.3 or later/

# Mercury/32 3.32 PH Server module on Windows XP
match ph-addressbook m|^598::Command not recognized\.\r\n598::Command not recognized\.\r\n$| p|Mercury/32 PH addressbook server| o/Windows/ cpe:/o:microsoft:windows/a

match pop3 m|^\+OK POP3 ([-.+\w]+) v(\d[-.\w]+) server ready\r\n| p/ipop3d/ v/$2/ h/$1/
match pop3 m|^\+OK POP3 \[([-.+\w]+)\] (\d[-.\w]+) server ready\r\n| p/ipop3d/ v/$2/ h/$1/
# iopd 2003debian0.0304182231-1
match pop3 m|^\+OK POP3 \[([-.\w]+)\] v(200[-.\w]+) server ready\r\n-ERR Null command\r\n-ERR Null command\r\n| p/ipopd/ v/$2/ h/$1/
# Solid POP3d 0.15
match pop3 m|^\+OK Solid POP3 server ready\r\n-ERR unknown command\r\n-ERR unknown command\r\n$| p/Solid POP3d/
# OS 400 V4R4M0
match pop3 m|^\+OK POP3 server ready\r\n-ERR invalid command\r\n$| p/IBM OS 400 pop3d/ o|OS/400| cpe:/o:ibm:os_400/a
# mailgate v3.5.177 on Win2K
match pop3 m|^\+OK pop server ready\r\n$| p/MailGate pop3d/ o/Windows/ cpe:/a:mailgate:mailgate/ cpe:/o:microsoft:windows/a
match pop3 m|^\+OK POP3 server ready <[-\w]+>\r\n-ERR Invalid command\r\n$| p/SmarterMail pop3d/ o/Windows/ cpe:/a:smartertools:smartermail/ cpe:/o:microsoft:windows/a
match pop3 m|^\+OK POP3\r\n-ERR Invalid command in current state\.\r\n| p/hMailServer pop3d/ o/Windows/ cpe:/o:microsoft:windows/a
match pop3 m|^\+OK XXX Private Mail server\r\n-ERR Invalid command in current state\.\r\n| p/hMailServer pop3d/ o/Windows/ cpe:/o:microsoft:windows/a
match pop3 m|^\+OK ([\w._-]+)\r\n-ERR Invalid command in current state\.\r\n-ERR Invalid command in current state\.\r\n| p/hMailServer pop3d/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
match pop3 m|^\+OK .*\r\n-ERR Invalid command in current state\.\r\n-ERR Invalid command in current state\.\r\n| p/hMailServer pop3d/ o/Windows/ cpe:/o:microsoft:windows/a
match pop3 m|^\+OK ([\w._-]+) Welcome\r\n-ERR Invalid command \(\) \(\) p1=\(\)\r\n-ERR Invalid command \(\) \(\) p1=\(\)\r\n| p/SurgeMail pop3d/ h/$1/ cpe:/a:netwin:surgemail/
match pop3 m|^-ERR Invalid command\.\r\n-ERR Invalid command\.\r\n| p/cPanel Courier pop3d/
match pop3 m|^\+OK POP3 ready\r\n-ERR invalid command\r\n| p/Zimbra Collabration Suite pop3d/ cpe:/a:zimbra:zimbra_collaboration_suite/
match pop3 m|^\+OK DavMail POP ready at [^\r\n]*\r\n-ERR unknown command\r\n-ERR unknown command\r\n| p/DavMail pop3d/
match pop3 m|^\+OK ([\w.-]+) POP3 ready\r\n-ERR Unkown command\r\n-ERR Unkown command\r\n| p/cbdev cmail pop3d/ h/$1/ cpe:/a:cbdev:cmail/
match pop3 m|^\+OK IBM Notes POP3 server version Release ([\d.]+)FP(\d+) HF(\d+) ready on ([^/]+)/(.+)\.\r\n| p/IBM Notes pop3d/ v/$1 FP$2 HF$3/ i/domain: $5/ h/$4/ cpe:/a:ibm:notes:$1:fp$2/
match pop3 m|^\+OK IBM Notes POP3 server version Release ([\d.]+)FP(\d+) ready on ([^/]+)/(.+)\.\r\n| p/IBM Notes pop3d/ v/$1 FP$2/ i/domain: $4/ h/$3/ cpe:/a:ibm:notes:$1:fp$2/
match pop3 m|^\+OK IBM Notes POP3 server version Release ([\d.]+) ready on ([^/]+)/(.+)\.\r\n| p/IBM Notes pop3d/ v/$1/ i/domain: $3/ h/$2/ cpe:/a:ibm:notes:$1/

match pop3 m|^\+OK [^\r\n]*\r\n-ERR Unknown command\.\r\n-ERR Unknown command\.\r\n| p/Dovecot pop3d/ cpe:/a:dovecot:dovecot/

# Perdition
match pop3-proxy m|^\+OK POP3 Ready ([-\w_.]+) \w+\r\n-ERR Null command, mate\r\n| p/Perdition pop3 proxy/ h/$1/ cpe:/a:horms:perdition/
match pop3-proxy m|^\+OK POP3 perditon ready on ([\w._-]+) \w+\r\n-ERR Null command, mate\r\n| p/Perdition pop3 proxy/ h/$1/ cpe:/a:horms:perdition/
match pop3-proxy m|^\+OK POP3Proxy ready\r\n-ERR Unknown command\r\n-ERR Unknown command\r\n| p/Astaro firewall pop3 proxy/ d/firewall/ cpe:/a:astaro:security_gateway_software/
match pop3-proxy m|^\+OK POP3Proxy ready on node \d+\r\n-ERR Unknown command\r\n-ERR Unknown command\r\n| p/Astaro firewall pop3 proxy/ d/firewall/ cpe:/a:astaro:security_gateway_software/

# Postgres 7.1.3
match postgresql m|^EInvalid packet length\0$| p/PostgreSQL DB/ cpe:/a:postgresql:postgresql/
# postgresql-7.2.3-5.73; linux 2.4.20-18.7 redhat 7.3
match postgresql m|^EFATAL 1:  invalid length of startup packet\n\0| p/PostgreSQL DB/ cpe:/a:postgresql:postgresql/
match postgresql m|^EFATAL:  ung\xfcltige L\xe4nge des Startpakets\n\0| p/PostgreSQL DB/ i/German/ cpe:/a:postgresql:postgresql::::de/
match postgresql m|^E\0\0\09SFATAL\0MExpecting a startup message, but received \r\0\0| p/Postgres-XC/ v/1.1/

# Port 6509.
match printer m|^\xff$| p/Panasonic mfpscdl.exe service/

# port 5200
match printeron m|^\xc4\t$| p/PrinterOn mobile print server/ d/print server/

match priv-print m|^\xc0\0\x12Data field missing$| p/AXIS 560 print server/ d/print server/ cpe:/h:axis:560/a

# Postfix qmqpd on Linux 2.4
match qmqp m|^58:Dnetstring format error while receiving QMQP packet header,$| p/Postfix qmqpd/ i/Quick Mail Queueing Protocol/ cpe:/a:postfix:postfix/
match qnap-transcode m|^\x01\0\0\0client's request is accepted\0{868}| p/QNAP NAS Transcoding Service/ d/storage-misc/
match rethinkdb-client m|^ERROR: This is the rdb protocol port! \(bad magic number\)\n$| p/RethinkDB client driver/ v/1.5.2 or earlier/
match rethinkdb-client m|^ERROR: this is the rdb protocol port \(bad magic number\)\n$| p/RethinkDB client driver/ v/1.6.0 -/
match rethinkdb-client m|^ERROR: This is the rdb protocol port \(bad magic number\).\n$| p/RethinkDB client driver/ v/1.13.0/
# TODO: Can we get better matching based on when that null terminator snuck in there?
match rethinkdb-client m|^ERROR: Received an unsupported protocol version\. This port is for RethinkDB queries\. Does your client driver version not match the server\?\n\0?| p/RethinkDB client driver/ v/1.13.2 or newer/

match realport m|^\xff\x17Access to unopened port.$|s p/Digi EtherLite 16 or 32 RealPort/ d/terminal server/
match realport m|^\xf0\xff\x14Port is out of range\0| p/Digi RealPort/ d/terminal server/
# Ximian Red Carpet Daemon 1.4.4 on RedHat Linux 9.0
match redcarpet m|^Status: 400 Bad Request\r\nContent-Length: 0\r\n\r\n| p/Ximian Red Carpet Daemon/

match rlm m|^\x01\0\x0c\0LYEfffffff0\0\0\0| p/Reprise License Manager/

match rsa-authmgr m|^-ERR Invalid command: \r\n-ERR Invalid command: \r\n| p/RSA Authentication Manager node manager/ cpe:/a:rsa:authentication_manager/

match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: AirTunes/([\w._-]+)\r\nAudio-Jack-Status: connected; type=analog\r\n\r\n| p/RogueAmoeba Airfoil rtspd/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match rtsp m|^RTSP/1\.0 400 CSeq required\r\nContent-Length: 0\r\n\r\n| p/BlueCherry DVR rtspd/ d/media device/

match s2-emerge m|^resolutions=\"4CIF\",\"2CIF\",\"CIF\",\"QCIF\"&mpeg_enabled=\"TRUE\"&jpeg_enabled=\"TRUE\"&alarms=\d+&relays=\d+&audio_in\[\]=0x3,0x0&audio_out=\[\]0x3,0x0\0{375,}| p/S2 eMerge Door Access Controller/

match samsung-twain m|^\xa8\x08C\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$| p/Samsung TWAIN/ i/SCX-4x28 series printer/ d/printer/

# nibuf.cpp 3073 is version 38.9
# After "NI (network interface)", the next 2 fields appear to be linked to version:
# \x00701\x0038\0 == 38.10
# \x00700\x0038\0 == 38.9
match saprouter m|^\0\0\0.NI_RTERR\0.\0\0\xff\xff\xff\xa3\0\0\0.\*ERR\*\x001\0Network packet too big\0-93\0NI \(network interface\)\x00\d+\x00\d+\0nibuf\.cpp\x00\d+\0NiBufIIn: message length 218762506 exceeds max \(10024\)\0([^\0]*)\0\0\0\x00\d+\0SAProuter ([\d.]+) \(SP(\d+)\) on '([^']+)'\0\0\0\0\0\*ERR\*\0\0\0\0\0| p/SAProuter/ v/$2 SP$3/ i/local time: $1/ h/$4/ cpe:/a:sap:network_interface_router:$2:sp$3/
match saprouter m|^\0\0\0.NI_RTERR\0.\0\0\xff\xff\xff\xa3\0\0\0.\*ERR\*\x001\0Network packet too big\0-93\0NI \(network interface\)\x00\d+\x00\d+\0nibuf\.cpp\x00\d+\0NiBufIIn: message length 218762506 exceeds max \(10024\)\0([^\0]*)\0\0\0\x00\d+\0SAProuter ([\d.]+) on '([^']+)'\0\0\0\0\0\*ERR\*\0\0\0\0\0| p/SAProuter/ v/$2/ i/local time: $1/ h/$3/ cpe:/a:sap:network_interface_router:$2/

match sdcomm m|^ERR 27$| p/RSA SecureID Ace Server/ cpe:/h:rsa:securid/

# https://github.com/elvanderb/TCP-32764
match scmm m|^MMcS\xff\xff\xff\xff\0\0\0\0| p/SerComm manufacturer backdoor/ d/broadband router/

match seagull-lm m|^\xf1\xf8\xf2\xf6\xf3\xf3\xf0\xf0\xf3\xf8\xf7\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xe2\xf6\xf5\xf6\xf9\xc5\xf9\xc3\0\xf0\xf0\xf3\xf1\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0$| p/BlueZone Seagull license manager/ o/Windows/ cpe:/o:microsoft:windows/a

match bindshell m|^bash: line 1: \$'\\r': command not found\nbash: line 2: \$'\\r': command not found\n| p/Bash shell/ i/**BACKDOOR**/ cpe:/a:gnu:bash/
match bindshell m|^bash: line 1: \r: command not found\nbash: line 2: \r: command not found\n| p/Bash shell/ i/**BACKDOOR**/ cpe:/a:gnu:bash/
match bindshell m|\r: bad character in file name: '/bin/\r'\n$| p/Plan 9 rc shell/ i/**BACKDOOR**/ o/Plan 9/ cpe:/o:belllabs:plan_9/a

match textui m|^\r\n <{5}-{35}>{5}\r\n <{5}    CipherLab  Ethernet Cradle {5}>{5}\r\n <{5}-{35}>{5}\r\n {10}\[Press 'Enter' to continue\.\]\r\nKernel Version: Kernel-([\w._-]+)\r\nLib Version: Ethernet Cradle-([\w._-]+)\r\nMACID: ([\dA-F:]+)\r\nIP: [\d.]+\r\nLocal Name: ([^\r\n]+)\r\n\r\n| p/CipherLab Ethernet Cradle command shell/ v/$2/ i/Kernel-$1; MAC: $3/ d/specialized/ h/$4/

# Softmatch because we have a new probe to try to get more info: SharpTV
softmatch sharp-remote m|^ERR\rERR\rERR\rERR\r| p/Sharp TV remote control/ d/media device/

match smtp m|^220 ([\w._-]+) ESMTP ready\r\n500 5\.5\.1 Command unrecognized\r\n500 5\.5\.1 Command unrecognized\r\n| p/Kerio MailServer smtpd/ h/$1/
match smtp m|^220 ([\w._-]+) ESMTP I2PNet Mailservice\r\n500 5\.5\.2 Error: bad syntax\r\n500 5\.5\.2 Error: bad syntax\r\n| p/I2P smtpd/ h/$1/

# Hopefully obsoleted by the SOCKS probes -Doug
#match socks m|^\0\[\r\n...\0$| p/Socks4/
#match socks m|^\x05\x01\0.\0\0\0\0\0\0$| p/Socks5/

match solfe m|^\x02\0\x01\xfb\xff\xfb\xff\xff\xff\xff\xffNOSUP| p/HP PNM Solid FlowEngine/

match softros-im m|^none\r\n$| p/Softros LAN Messenger instant messaging/

match spamassassin m|^SPAMD/1\.0 76 Bad header line: \r\n| p/SpamAssassin spamd/ cpe:/a:apache:spamassassin/

match sqlmonitor m|^\0\0\0\0\0$| p/Red-Gate SQL Monitor/ o/Windows/ cpe:/a:red-gate:sql_monitor/ cpe:/o:microsoft:windows/a

match starbound m|^\0\x08\0\0\x02\x9c| p/Starbound game server/

match stargazer m|^ERHD$| p/Stargazer Billing System/

# Giving some problems:
#match stickynote m|^\x01\0\0\0$| p/StickyNote windows freeware/ o/Windows/ cpe:/o:microsoft:windows/a

match sstp m|^SSTP/([\d.]+) 400 Bad Request\r\n\r\n\0$| p/Sakura Script Transfer Protocol/ i/Protocol $1/

match smux m|^A\x01\x02$| p/Linux SNMP multiplexer/ o/Linux/ cpe:/o:linux:linux_kernel/a

match sphereicall m|^\x01\0\0\0z\0\0\x003,DBServer,\d+,Restarts,\d+,\d+,UpTime,\d+,\d+,MediaServer| p/Sphericall DBServer MediaServer VoIP/

# http://www.getingeasia.com/products/healthcare-products/traceability-asset-management/t-doc-2000
match t-doc-2000 m|^READY \r\nERROR 10000 \"Unknown command\. Write HELP to get help\.\" \[Unknown\]\r\nERROR 10000 \"Unknown command\. Write HELP to get help\.\" \[Unknown\]\r\n| p/Getinge T-DOC 2000 hospital instrument management system/

# http://forum.ragezone.com/f440/guide-mini-setup-1-35-a-494256/
match talesofpirates-gate m|^\0\x02\0\x02\0\x02\0\x02\0\x02$| p/Tales of Pirates game gate server/

match telemecanique m|^220 Service ready on ([\w._-]+) system Version:([\w._:-]+) Subsystem:([\w._:-]+)\r\n500 Unsupported command\r\n| p/Telemecanique Magelis XBTGT 7340 industrial control/ v/$2/ i/Subsystem $3; Name $1/ d/specialized/

# This could go into the null probe, but the problem is that it is a prefix
# of what other routers (at least HP JetDirect printer telentd) send.
# And at least the JD sends the string below first, before it send the
# rest in other packets.  So it is best to capture this one here in
# GenericLines.
# Removed because of too many conflicts!
#match telnet m|^\xff\xfb\x03\xff\xfb\x01$| p/Nokia M1112 router telnetd/ d/router/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfc\"\r\n\r\n\n\rauthentication failed!\n\rpassword: | p/Effekta MH 6000 UPS telnetd/ d/power-device/
match telnet m|^\xff\xfc\"\xff\xfb\x01\r\nPassword: \r\nbad password\r\n| p|Campbell Scientific NL-100/105 Ethernet-to-serial bridge telnetd| d/bridge/
match telnet m|^\xff\xfb\x03\xff\xfd\x03\xff\xfb\x01\r\nUsername: \r\nPassword: \r\nAccess Denied\r\n| p/InterSystems CTELNETD/
match telnet m|^\xff\xfe\x01\xff\xfb\x01\xff\xfb\x1f\xff\xfb\x03\xff\xfd\x03\xff\xfe'\xff\xfc'\xff\xfc\"\xff\xfd\x1f\xff\xfa\x18\x01\xff\xf0\0\r\nWelcome to ([\w._-]+), please identify yourself\r\n\r\nuser:\r\r\npass:\*ReactOS Operating System \[Version ([\w._-]+)\]\r\n\(C\) Copyright [\d-]+ ReactOS Team\.\r\n\r\nC:\\ReactOS\\System32>| p/ReactOS telnetd/ v/$2/ i/no authentication/ h/$1/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\r\nUser:\r\n\r\nUser:\r\n\r\nUser:| p/Dell PowerConnect M6220-series switch telnetd/ d/switch/ cpe:/h:dell:powerconnect_m6220/
match telnet m|^\xff\xfb\x03\xff\xfb\x01\r\r\nUsername:\r\r\nError: Username must be non-NULL\r\r\nUsername:\r\r\nError: Username must be non-NULL\r\r\nUsername:| p/Enterasys 1H582-25 switch telnetd/ d/switch/ cpe:/h:enterasys:1h582-25/a
match telnet m|^\xff\xfb\x01\xff\xfb\x03\r\n\r \r\nlogin: \r\n| p/Embedded Data Systems HA7Net Ethernet adapter telnetd/ d/bridge/
match telnet m|^RGC011001002\r\nAST000200000000000000001111110110000\r\nR\r\nR\r\nR\r\nR\r\n| p/Pioneer VSX-2020 video receiver telnetd/ d/media device/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd!\r\n\r\n\d+:\d+:\d+  \d+ \w+ \d+\r\nEnter your user id: \x07| p/TigerLogic D3 Database telnetd/
match telnet m|^\n\rTA-004-PSTN-122M : CLI\n\rLogin : Login Incorrect\n\r\n\rLogin : Login Incorrect\n\r\n\rLogin : | p/Minitar MVA11A VoIP gateway telnetd/ d/VoIP adapter/ cpe:/h:minitar:mva11a/
match telnet m|^NAK COMMAND\r\n| p/Pollin AVR-NET-IO Ethernet module telnetd/
match telnet m|^\xff\xfd\x03\xff\xfb\x03\xff\xfd\x18\xff\xfd\x17Please wait\. The connection to your station is still in the process of being established\. Your last input has been discarded\.\r\nPlease wait\. The connection to your station is still in the process of being established\. Your last input has been discarded\.\r\n| p/Burroughs MCP telnetd/ o/Burroughs MCP/ cpe:/o:burroughs:mcp/
# KONICA MINOLTA 210 printer
match telnet m|^\n\rUser Name : \n\rPassword :\n\r\r\n\*\*\* Incorrect User Name or Password \*\*\*\r\n\n\rUser Name : | p/Konica Minolta printer telnetd/ d/printer/
match telnet m|^\xff\xfb\x03\xff\xfd\x03\xff\xfb\x01\xff\xfb\x03\r\nWelcome to MonarchNet2\r\nEnter Password:| p/Avery Dennison MonarchNet2 printer management system/
match telnet m|^Enter PIN>\nBAD PIN\n| p/Gigaset telnetd/ d/VoIP phone/
match telnet m|^\xff\r\nLogin: \r\nPassword: \r\n\r\nLogin incorrect\.\r\nPlease input Login ID again\.\r\n\r\nLogin: | p/Samsung CLP-315W telnetd/ d/printer/ cpe:/h:samsung:clp-315w/a
match telnet m|^\xff\xfd\x18\xff\xfa\x18\x01\xff\xf0\xff\xfb\x03\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x05\xff\xfd!\xff\xfb\x01TELNET_SERVER V([\d.]+) RTOS-UH \(c\)IEP,1995-\d\d\d\d ready\r\nUsername:| p/RTOS-UH telnetd/ v/$1/ o/RTOS-UH/ cpe:/o:universitathanover:rtos-uh/
match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01\xff\xfb\x03login as: \r\n\r\n's password: \x1b\[H\x1b\[J\r\nLogin failed, please check 'username', 'password' again\. If Caps-Lock enabled\?\r\n\r\nlogin as: | p/EnGenius telnetd/ d/WAP/
match telnet m|^LOGIN: \r\nlogin incorrect\r\n\r\nLOGIN: \r\nlogin incorrect\r\n\r\nLOGIN: | p/Lutron HomeWorks telnetd/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x01\xff\xfd\x18\r\0\r\nPassword: \x1b\[2J\x1b\[1;1H\x1b\[0m\x1b\[7m {25}\x1b\[0m +DS ([\w-]+) | p/Infortrend EonStor DS iSCSI host telnetd/ i/model: $1/ d/storage-misc/ cpe:/h:infortrend:esds_$1/
match telnet m|^\xff\xfb\0\xff\xfb\x01\xff\xfe\0\xff\xf9 \x1b\[1;36m Welcome to the \x1b\[1;31m LEDI NETWORK ITS 2\x1b\[1;36m Telnet Configuration Utility \r\n\r\nSerial Number:\t\t\x1b\[1;37m(\d+)\r\n\x1b\[1;36mMAC address:\t\t\x1b\[1;37m([\dA-F:]{17})\r\n\xff\xf9\r\nlogin: \xff\xf9\xff\xf9Password: \xff\xf9\xff\xf9\r\nLogin incorrect \(hit <C/R> to continue\)\r\n| p/LEDY Network ITS 2 telnet configuration utility/ i/serial: $1; MAC: $2/ d/specialized/ cpe:/h:gorgy-timing:ledi_network_its_2/
match telnet m|^Password: $| p/SmartThings hub telnetd/ cpe:/h:smartthings:hub/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\r\nPowerAlert TelNet Console: ([\d.]+)\r\nSerial Number:\t(\w+)\r\n\r\n\r \r\nlogin: \r\n| p/Tripp Lite PowerAlert telnetd/ v/$1/ i/sn: $2/ cpe:/a:tripp_lite:poweralert:$1/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\nLANIER Maintenance Shell\.   \n\rUser access verification\.\n\rPassword:| p/Lanier printer maintenance telnetd/ d/printer/
match telnet m|^login: password: bad login\r\nlogin: \0| p/Lutron RadioRA 2 home control system telnetd/

match textui m|^dubbo>$| p/Alibaba Dubbo remoting telnetd/ cpe:/a:alibaba:dubbo/
match textui m|^\n\rCMI Genus Setup\n\rProgram: *([\d-]+)\n\rVersion Info: *([\d.]+)\n\rMAC Address: *([A-F\d:]{17})\n\r\n\rPress <ENTER> to go into setup mode\.\n\r\n\rWelcome to Genus Setup\n\r\n\*{40}\n\rGENUS SETTINGS\n\rHost Name: *([\w.-]+)\n\r| p/CMI Genus timekeeper $1 setup/ v/$2/ i/MAC: $3/ h/$4/
match textui m|^too many clients, shut down int 15 seconds\n| p/Vizio television textui/ d/media device/

match tor-control m|^514 Authentication required\.\r\n$| p/Tor control port/ i/Authentication required/ cpe:/a:torproject:tor/
match univention-json m|^RESPONSE/None/53/application/json:  \n\{"status": 554, "message": "Unparsable message body"\}| p/Univention Management Console/ o/Linux/ cpe:/a:univention:univention_corporate_server/ cpe:/o:linux:linux_kernel/a

# Solaris 9
match uucp m|^login: Please enter user name: Password: $| p/Solaris uucpd/ o/Solaris/ cpe:/o:sun:sunos/a
# SunOS 4
match uucp m|^login: Password: Login incorrect\.$| p/SunOS uucpd/ o/SunOS/ cpe:/o:sun:sunos/a
match uucp m|^login: login: login: $| p/NetBSD uucpd/ o/NetBSD/ cpe:/o:netbsd:netbsd/
match uucp m|^login: uucpd: \d+-\d+ The user is not known\.\n| p/AIX uucpd/ o/AIX/ cpe:/o:ibm:aix/a

match upnp m|^HTTP/0\.0 400 Bad Request\r\nSERVER: Unspecified, UPnP/1\.0, Unspecified\r\nCONTENT-LENGTH: 50\r\nCONTENT-TYPE: text/html\r\n\r\n<html><body><h1>400 Bad Request</h1></body></html>| p/Belkin WeMo upnpd/ d/power-device/
match upnp m|^ 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: Net-OS (\d+)\.xx UPnP/([\d.]+)\r\n\r\n<HTML><HEAD><TITLE>501 Not Implemented</TITLE></HEAD><BODY><H1>Not Implemented</H1>The HTTP Method is not implemented by this server\.</BODY></HTML>\r\n| p/Digi NET+OS UPnPd/ i/UPnP $2/ o/NET+OS $1/ cpe:/o:digi:net%2bos:$1/
match upnp m|^HTTP/1\.1 400 Bad Request\r\nDATE: .*\r\nConnection: Keep-Alive\r\nServer: Sky Router UPnP\r\nContent-Length: 0\r\nContent-Type: text/xml; charset="utf-8"\r\nEXT:\r\n\r\n| p/Sky Home Hub SR102 upnpd/ d/broadband router/

match ups m|^32\r $| p/Cyber Power PowerPanelPlus UPS Server/ o/Windows/ cpe:/o:microsoft:windows/a

match whois m|^Process query: ''\nQuery recognized as IP(?:v4)?\.\nQuerying ([\w\d_.-]+):(\d+) with whois\.\n\n| p/gwhois/ i/Uses $1:$2/
match whois m|^Process query: ''\nQuery recognized as IP\.\n| p/gwhois/
match whois m|^%rwhois V-[\w:.-]+ ([-\w_.]+) \(by Network Solutions, Inc\. V-([\d.]+)\)\n| p/rwhois/ v/$2/ h/$1/
match whois m|^Query may not be an empty string\n| p/Public Interest Registry whois server/
match whois m|^WHOIS LIMIT EXCEEDED - SEE WWW\.PIR\.ORG/WHOIS FOR DETAILS\n| p/Public Interest Registry whois server/
match whois m=^ -{62}\n \| UNINET WHOIS Server {40}\|\n \| Created by i-DNS\.net\t\t\t\t\t      \|\n.* INFO: This domain name has not been registered\.\n=s p/Uninet whois/

match irr m|^%  No entries found for the selected source\(s\)\.\n$| p/Merit Internet Routing Registry whoisd/

match wincomm m|^128 System Incompatible Windows Communicator client or server version\r\n128 System Incompatible Windows Communicator client or server version\r\n| p/Windows Communicator/
match zebedee m|^\x02\x01$| p/Zebedee encrypted tunnel/

match bmc-perform-service m|^SDPACK$| p/BMC Perform Service Daemon/
# Grisoft AVG antivirus server (distributing virus database updates)

match nntp m|^200 Coruscant BBS News \(Synchronet NNTP Service v(\d[-.\w ]+)\)\r\n| p/Synchronet NNTP Service/ v/$1/ cpe:/a:rob_swindell:synchronet:$1/

match telnet m|^\xff\xfb\x01\n\rSSH service name not present in rcvd msg\n\rSSH Session task 0x\w+: Version Exchange Failed\n\r\n\r\n\rSSH service name not present in rcvd msg\n\r| p/Cisco Aironet 350-series WAP telnetd/ d/WAP/ cpe:/a:cisco:telnet/ cpe:/o:cisco:aironet_350/
match telnet m|^\xff\xfe\"\xff\xfb\x01\xff\xfb\x03User : \r\n\r?SpeedTouch \(([-\w]+)\)\r\n\r?Password : Invalid Password\r\n\r?Closing connection\r\n| p/Alcatel SpeedTouch DSL router/ i/MAC $1/ d/router/
match telnet m|^\xff\xfe\x01\xff\xfd\x03\xff\xfd\x18\xff\xfd\x1f\xff\xfb\x03\xff\xfb\x01\r\nAccount Name: \r\nPassword: \r\nThis copy of the Ataman Telnetd Server is registered as licensed to:\r\n\t(.+)\r\n\r\nLogin failed: unknown user name, password or privilege incorrect\.\r\n| p/Ataman telnetd/ i/Registerd to $1/ o/Windows/ cpe:/o:microsoft:windows/a
match telnet m|^Password:\xff\xfb\x01\n\rTry again, you polio:\n\n\rTry again, you polio:\n| p/VLC Player telnetd/ cpe:/a:videolan:vlc_media_player/
match telnet m=^\xff\xfb\x01\xff\xfb\x03\r\n\r\n\r\n +-+\r\n +\| Cyclades-PR4000: CyROS  V_([\d.]+)  \(.*\)     \|\r\n= p/Cyclades PR4000 router telnetd/ v/$1/ d/router/
# Billion 741GE or D-Link DSL2-300G
match telnet m|^\xff\xfb\x01\xff\xfb\x03\r\n\r\nLogin: \r\n\r\nYou must supply a username\r\n\r\nLogin: \r\n\r\nYou must supply a username\r\n\r\nLogin: | p/Billion or D-Link ADSL router telnetd/ d/router/
# Not sure if this is really a telnet service but many people reported it running on port23:
match telnet m|^\xff\xfb\x01$| p/SMC SMC2870W Wireless Ethernet Bridge/ d/bridge/
match telnet m|^\r\n\r\nThis is a FirstClass system, from Open Text Corporation\.\r\n\r\n\r\nFirstClass is an e-mail and conferencing system with a graphical user interface\.\r\n\r\n\r\nThe Command Line Interface is not available on this sy| p/FirstClass telnetd/ i/CLI disabled/ cpe:/a:opentext:firstclass/
match telnet m|^\xff\xfb\x01\r\nPassword:\r\nLogged in as guest\r\n| p/Linkstar Comsat router telnetd/ d/router/
match telnet m|^\xff\xfb\x01Login: \r\nLogin: \r\nLogin: | p/Lingo VoIP config telnetd/ d/VoIP adapter/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18\xff\xfd\x1f\r\nuser: \r\npassword: \r\n\r\nuser: | p/KIRK Wireless Server 600 telnetd/ d/VoIP adapter/
match telnet m|^\xff\xfb\x01\n\r-> \n\r-> \n\r-> | p/Coresma Phazer Docsis USB cable modem telnetd/ d/broadband router/
match telnet m|^bad password\r\n$| p/Cybersitter CLI/
match telnet m|^\xff\xfd\"\xff\xfb\x01SSE version ([\d.]+)\r\nCopyright [\d, ]+ by Motorola\r\nUsername:| p/Motorola Canopy WAP telnetd/ i/SSE $1/ d/telecom-misc/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\r\n\r\n\[ORiNOCO-AP-[-\w]+\]> Please enter password: \r\nIncorrect Password\r\n\r\n\[ORiNOCO-AP-[-\w]+\]> Please enter password: \r\n| p/ORiNOCO wireless router telnetd/ d/router/
match telnet m|^\xff\xfb\x01Password\? \r\n500 Configuration error\. Disconnecting!\n| p/Tru64 UNIX gated/ o/Tru64 UNIX/ cpe:/o:compaq:tru64/a
match telnet m|^\xff\xfb\x01\r\n\r\nlogin: \r\n\r\n\r\r\npassword: $| p/Welltech Wellgate VoIP adapter telnetd/ d/VoIP adapter/
match telnet m|^\xff\xfb\x03\xff\xfb\x01\xff\xfb\x1f\xff\xfd\x18Avocent CPS-810 S/W Version ([\d.]+)\r\nUsername: \r\nPassword: \r\nInvalid Login\r\nUsername: | p/Avocent CPS-810 serial port server telnetd/ v/$1/ d/specialized/ cpe:/h:avocent:cps-810/

match telnet m|^\xff\xfb\x01\xff\xfb\x03\nGestetner Maintenance Shell\.   \n\rUser access verification\.\n\rPassword:| p/Gestetner DSm622 maintenance telnetd/ d/printer/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\nNRG Maintenance Shell\.   \n\rUser access verification\.\n\rPassword:| p/NRG maintenance telnetd/ d/printer/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\nNRG Maintenance Shell\.   \n\rUser access verification\.\n\rlogin:| p/NRG maintenance telnetd/ d/printer/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\nRICOH Maintenance Shell\.   \n\rUser access verification\.\n\r| p/Ricoh maintenance telnetd/ d/printer/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\nRICOH Maintenance Shell\.   ([\w:]+)\n\rUser access verification\.\n\rPassword:| p/Ricoh maintenance telnetd/ i/MAC $1/ d/print server/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\nSAVIN Maintenance Shell\.   \n\rUser access verification\.\n\r| p/SAVIN printer telnetd/ d/printer/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\nTOSHIBA Maintenance Shell\.   \n\rUser access verification\.\n\rlogin:| p/Toshiba print server telnetd/ d/print server/

match telnet m|^\r\nPress return:\*\*\*\*\r\nEnter Password:| p/IPSentry telnetd/ o/Windows/ cpe:/o:microsoft:windows/a
match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x03\r\0\n\r\0\n\r\0\n\r\0\n- NetQue AppleTalk/NetWare/TCP/LAT Printer Server| p/EMULEX NetQue print server telnetd/ d/print server/
match telnet m|^\r\n\r\nUser Access Verification\r\n\r\nPassword: \r\nPassword: \r\nPassword: \r\n% Bad passwords\r\n| p/Cisco telnetd/ d/router/ o/IOS/ cpe:/a:cisco:telnet/ cpe:/o:cisco:ios/a
match telnet m|^\xff\xfb\x01\xff\xfe\"\xff\xfe\0\xff\xfd\x03\xff\xfd\x18\xff\xfd\x1f\r\n\r\n\r\nlogin: | p/freeSSHd telnetd/ o/Windows/ cpe:/a:freesshd:freesshd/ cpe:/o:microsoft:windows/a
match telnet m|^\xff\xfb\x01\x1b\[7l\x1b\[\?1l\x1b\[0m\x1b\[2JUsername: \x1b\[7l\x1b| p/CyberSwitching Dualcom power device rabbit 2000 embedded telnetd/ d/power-device/
match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfd!\xff\xfb\x01\xff\xfb\x03\r\r\nRead /disclaimer\.txt and have fun with yadi on your Nokia D-BOX2 - Kernel ([-\w_.]+) \(| p/Nokia D-BOX2 telnetd/ i/Linux $1/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel:$1/a
match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfd!\xff\xfb\x01\xff\xfb\x03\r\r\nPhilips D-BOX2 - Kernel ([\w._-]+) \(| p/Philips D-BOX2 telnetd/ i/Linux $1/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel:$1/a
match telnet m|^\xff\xfb\x01\n\rLogin: \n\r\n\r\n\rLogin: \n\rLogin: | p/Nortel Extranet Contivity Secure IP Services telnetd/ d/security-misc/ cpe:/h:nortel:contivity/
match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfd!\xff\xfb\x01\xff\xfb\x03\r\r\n\r\n\rlogin: \r\n\r\nLogin incorrect\r\n\r\nlogin: | p/Cisco Intrusion Prevention System telnetd/ d/security-misc/ o/IOS/ cpe:/a:cisco:telnet/ cpe:/o:cisco:ios/a
match telnet m|^ 105 Access denied\.\r\n 105 Access denied\.\r\n 105 Access denied\.\r\n 105 Access denied\.\r\n| p/ShroudBNC telnet config/
match telnet m|^User Name: \r\r\nPassword: \r\r\nRemote MAC address: | p/Airaya WAP diagnostics telnetd/ d/WAP/
match telnet m|^\xff\xfb\x01\r\nAP11G login: \r\n\r\nPassword: | p/OfficeConnect AP11G WAP telnetd/ d/WAP/
match telnet m|^\xff\xfb\x01\xff\xfb\x03Welcome to the Windows CE Telnet service on ([-\w_.]+)\r\n\r\nlogin: \n\r\nPassword:| p/Windows CE telnetd/ o/Windows CE/ h/$1/ cpe:/o:microsoft:windows_ce/a
match telnet m|^\xff\xfb\x01\xff\xfd\x03\xff\xfb\x03\x1b\[2J\x1b\[H \n\r\0\x1b\[H\x1b\[JPASSaPORT CS-(\d+)  SW V([-\w_.]+) , HW V([-\w_.]+)\r\n\r\n| p/RADLINX PASSaPORT CS terminal server telnetd/ i/$1 ports; SW $2; HW $3/ d/terminal server/
match telnet m|^\xff\xfb\x01\r\nlogin: \r\npassword: \r\nLogin incorrect!\r\n$| p/Netgear GS108T switch telnetd/ d/switch/ cpe:/h:netgear:gs108t/a
match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfb\x1fError2 negotiated with client \d+ and get 1 char is a a d\. \n\r\n\r\*+\n\r\*\* +\*\*\n\r\*\* IP Phone firmware +V([\w._-]+) | p/Thomson VoIP phone telnetd/ v/$1/ d/VoIP phone/
match telnet m|^\xff\xfb\x03\xff\xfb\x01\xff\xfb\x01\xff\xfb\x03\r\nLogin: \r\r\nPassword: \r\r\n\r\r\nLogin failed\r\r\n\r\r\nLogin: | p/Siemens SANTIS WAP telnetd/ d/WAP/
match telnet m|^Password: \xff\xfb\x01\r\nWrong password\.\r\nPassword: \r\nWrong password\.\r\nPassword: | p/VLC media player telnetd/ cpe:/a:videolan:vlc_media_player/
match telnet m|^\xff\xfb\x01\xff\xfd\x01\xff\xfe\x01\xff\xfd WxGoos-(\d+) v([\w._-]+) | p/WxGoos-$1 Climate Monitor telnetd/ v/$2/ d/specialized/
match telnet m|^\xff\xfd\0\xff\xfd\x03\xff\xfb\0\xff\xfb\x03\xff\xfb\x01\x03\x04\r\nPassword: \r\n\n\rComtrol DeviceMaster RTS   ModelID: (\d+) \n\r\rNS-Link ([\w._-]+) \n\rBuilt: .*\n\rIP Addr: [\d.]+  Mask: [\d.]+ Gateway: [\d.]+ \n\rMAC Addr: ([\w ]+) \n\r\n\r\r\n\rdm> \r\nInvalid Command\r\n\rdm>| p/Comtrol DeviceMaster RTS ethernet to serial telnetd/ i/Model $1; NS-Link $2; MAC $3/ d/specialized/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x01\xff\xfd\x18\r\0\r\nPassword: \r\nPassword incorrect\r\n| p/Sun StorEdge 3511 telnetd/ d/storage-misc/
match telnet m|^\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\xfb\x03AH4222\r\nLogin: \r\n\r\nPassword: | p/Club-Internet telnetd/ d/broadband router/
match telnet m|^\xff\xfe\x01\xff\xfb\x01\xff\xfc\"\xff\xfd\x1flogin: \r\nlogin: \r\nlogin: | p/GigaVUE-420 switch telnetd/ d/switch/
match telnet m|^\xff\xfb\x03\xff\xfb\x01\xff\xfe\x01-> \n\r-> \n\r-> | p/ser2net telnetd/
match telnet m|^\x1b\[24;1HUsername: \x1b\[\?25h\x1b\[24;1H\x1b\[\?25h\x1b\[24;11H\x1b\[24;11H\x1b\[\?25h\x1b\[24;11H\x1b\[24;1H\r\n\r\x1b\[\?25h\x1b\[24;11H\xff\xfd\x18\xff\xfb\x01\x1b\[2J\x1b\[\?7l\x1b\[3;23r\x1b\[\?6l\x1b\[1;1H\x1b\[\?25l\x1b\[1;1HProCurve (\w+) Switch (\w+)\r\n\rSoftware revision ([\w.]+)\r\n| p/HP ProCurve Switch $2 telnetd/ v/$3/ i/JetDirect $1/ d/switch/ cpe:/h:hp:procurve_switch_$2/ cpe:/o:hp:procurve_switch_software:$3/
match telnet m|^\xff\xfd\x18\xff\xfb\x01\x1b\[2J\x1b\[\?7l\x1b\[4;23r\x1b\[\?6l\x1b\[1;1H\x1b\[\?25l\x1b\[1;1HCopyright \(C\) 1991-\d\d\d\d Hewlett-Packard Co\..*\x1b\[1;1HHP ProCurve Switch ([\w-]+)\x1b|s p/HP ProCurve Switch $1 telnetd/ d/switch/ cpe:/h:hp:procurve_switch_$1/
match telnet m|^\xff\xfb\x01\r\nConfiguration Login: \r\n\r\n\r\nConfiguration Login: \r\nConfiguration Login: $| p/HP E1200 storage telnetd/ d/storage-misc/
match telnet m|^\r\nEnter Password: \r\nInvalid Password\.\r\nEnter Password: \r\nInvalid Password\.\r\nEnter Password: | p/WPI Network Power Switch (remote reboot) telnetd/ d/remote management/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\r\nWelcome to IFBD-HE05/06 TELNET Utility\.\r\nCopyright\(C\) 2005 Star Micronics co\., Ltd\.\r\n\r\n<< Connected Device >>\r\n    Device Model: (\w+) \(STR_T-001\)\r\n    NIC Product : IFBD-HE05/06\r\n    MAC Address : ([0-9A-F:]+)\r\n\r\n\r \r\nlogin: \r\n| p/Star Micronics $1 printer telnetd/ i/MAC address: $2/ d/printer/ cpe:/h:starmicronics:$1/a
match telnet m|^\xff\xfb\x01Username: \n\rPassword: \n\rUsername: | p/3Com 8760 WAP telnetd/ d/WAP/ cpe:/h:3com:8760/a
match telnet m|^\xff\xfb\x01\xff\xfb\x03\nLANIER Maintenance Shell\.   \n\rUser access verification\.\n\rlogin:| p/Ricoh Aficio printer telnetd/ d/printer/
match telnet m|^\xff\xfb\x01\r\nUser Name : \r\nUser Name : \r\nUser Name : | p/APC AP9630 network management telnetd/ d/power-device/
match telnet m|^\xff\xfb\x01\xff\xfb\x03\r\n\r\nWelcome to VIP-X ([\w._-]+) from [\w._-]+\r\nTLS invalid record length\r\n\r\n\r\n\r\ninvalid username\r\n\r\nTLS version 0300 not supported\r\nenter username  -> | p/Bosch VIP X1 video encoder telnetd/ d/webcam/ h/$1/
match telnet m|^\r\nUser ID:Password:\r\nUser ID:| p/NEC SL-series debug terminal/ d/VoIP phone/
match telnet m|^Commands: \n\t\[\x1b\[1;32m:d\x1b\[0m\]isable \[ category \x7c module \x7c all \]\n\t\[\x1b\[1;32m:e\x1b\[0m\]nable \[ category \x7c module \x7c all \]\n\t\[\x1b\[1;32m:s\x1b\[0m\]tatus\n\t\[\x1b\[1;32m:h\x1b\[0m\]elp\n\t\[\x1b\[1;32m:q\x1b\[0m\]uit\n\x1b\[1;31m\[E\]\[EncoderSrv\] /home/leonwang/platform/([\w._-]+)/Application_IPCAM/| p/Climax IP camera text UI/ i/model: $1/ cpe:/h:climax_technology:$1/
match telnet m|^\xff\xfb\x01\xff\xfb\x01Connected to EPSON Network Image Express !!!\r\n\r\nPassword: \r\n\r\nLogin successful \r\n| p/Epson Network Image Express telnetd/ i/no password/
match telnet m|^\xff\xfb\x01\xff\xfb\x01Connected to EPSON Network Image Express !!!\r\n\r\nPassword: \r\n| p/Epson Network Image Express telnetd/

match transbase m|^\0\0\+\x04\0\0\0@TransBase Multiplexer error report:\nIllegal request| p/Transbase Database/

match tsd m|^unknown command: \.  Try `help'\.\nunknown command: \.  Try `help'\.\n| p/OpenTSDB TSD/ i/also http/ cpe:/a:opentsdb:opentsdb/

match tsdns m|^[\d.]+:\$PORT$| p/TeamSpeak domain name server/

# MiniUPnP
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: Tomato UPnP/([\w.]+) MiniUPnPd/([\w.]+)\r\n|s p/MiniUPnP/ v/$2/ i/Tomato firmware; UPnP $1/ o/Linux/ cpe:/a:miniupnp_project:miniupnpd:$2/a cpe:/o:linux:linux_kernel/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: UPnP/Tomato ([\d.-]+) ([-\w_ ]+) UPnP/([\d.]+) MiniUPnPd/([\d.]+)\r\n|s p/MiniUPnP/ v/$4/ i/Tomato $1 $2 firmware; UPnP $3/ o/Linux/ cpe:/a:miniupnp_project:miniupnpd:$4/a cpe:/o:linux:linux_kernel/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: (RT-\w+) UPnP/([\w.]+) MiniUPnPd/([\w.]+)\r\n|s p/MiniUPnP/ v/$3/ i/Asus $1 WAP; UPnP $2/ d/WAP/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/h:asus:$1/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: AsusWRT/([\d.]+) UPnP/([\w.]+) MiniUPnPd/([\w.]+)\r\n|s p/MiniUPnP/ v/$3/ i/AsusWRT $1; UPnP $2/ d/WAP/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/o:asus:asuswrt:$1/
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: DrayTek/Vigor([\w._-]+) UPnP/([\w.]+) miniupnpd/([\w.]+)\r\n|s p/MiniUPnP/ v/$3/ i/DrayTek Vigor $1 router; UPnP $2/ d/broadband router/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/h:draytek:vigor_$1/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: Green Packet WiMax/([\w._-]+) UPnP/([\w.]+) miniupnpd/([\w.]+)\r\n|s p/MiniUPnP/ v/$3/ i/Green Packet WiMax $1 router; UPnP $2/ d/broadband router/ cpe:/a:miniupnp_project:miniupnpd:$3/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: ZTE/1.0 UPnP/([\w.]+) miniupnpd/([\w.]+)\r\n|s p/MiniUPnP/ v/$2/ i/ZTE broadband router; UPnP $1/ d/broadband router/ cpe:/a:miniupnp_project:miniupnpd:$2/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: OpenWRT/kamikaze UPnP/([\w._-]+) MiniUPnPd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$2/ i/OpenWrt Kamikaze; UPnP $1/ d/WAP/ o/Linux/ cpe:/a:miniupnp_project:miniupnpd:$2/a cpe:/o:linux:linux_kernel/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: OpenWRT/OpenWRT/Backfire__(r\d+)_ UPnP/([\w._-]+) MiniUPnPd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$3/ i/OpenWrt Backfire $1; UPnP $2/ d/WAP/ o/Linux/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/o:linux:linux_kernel/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: OpenWRT/OpenWRT/Backfire__unknown_ UPnP/([\w._-]+) MiniUPnPd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$2/ i/OpenWrt Backfire; UPnP $1/ d/WAP/ o/Linux/ cpe:/a:miniupnp_project:miniupnpd:$2/a cpe:/o:linux:linux_kernel/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: OpenWRT/OpenW[Rr][Tt]/Attitude_Adjustment__(r\d+)_ UPnP/([\w._-]+) MiniUPnPd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$3/ i/OpenWrt Attitude Adjustment $1; UPnP $2/ d/WAP/ o/Linux/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/o:linux:linux_kernel/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: OpenWRT/OpenWrt/Barrier_Breaker__(r\d+)_ UPnP/([\w._-]+) MiniUPnPd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$3/ i/OpenWrt Barrier Breaker $1; UPnP $2/ d/WAP/ o/Linux/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/o:linux:linux_kernel/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: OpenWRT/OpenWrt/Chaos_Calmer__(r\d+)_ UPnP/([\w._-]+) MiniUPnPd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$3/ i/OpenWrt Chaos Calmer $1; UPnP $2/ d/WAP/ o/Linux/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/o:linux:linux_kernel/a
# Lots of devices, all sorts
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: FedoraCore/(\d+) UPnP/([\w._-]+) MiniUPnPd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$3/ i/Fedora Core $1; UPnP $2/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/o:fedoraproject:fedora_core:$1/
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: Netgear/[\w._-]+ UPnP/([\w._-]+) miniupnpd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$2/ i/Netgear DG834G or WNDR3300 WAP; UPnP $1/ d/WAP/ cpe:/a:miniupnp_project:miniupnpd:$2/a cpe:/h:netgear:dg834g/ cpe:/h:netgear:wndr3300/
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: Arris/[\w._-]+ UPnP/([\w._-]+) miniupnpd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$2/ i/Arris TG862G WAP; UPnP $1/ d/WAP/ cpe:/a:miniupnp_project:miniupnpd:$2/a cpe:/h:arris:tg862g/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: neufbox/neufbox UPnP/([\w._-]+) MiniUPnPd/([\w._-]+)\r\n\r\n|s p/MiniUPnP/ v/$2/ i/Neufbox; UPnP $1/ d/broadband router/ cpe:/a:miniupnp_project:miniupnpd:$2/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: ASUSTeK UPnP/([\w._-]+) MiniUPnPd/([\w._-]+)\r\n\r\n|s p/MiniUPnP/ v/$2/ i/Asus; UPnP $1/ d/broadband router/ cpe:/a:miniupnp_project:miniupnpd:$2/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: Debian/([\w.]+) UPnP/([\w._-]+) MiniUPnPd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$3/ i/Debian $1; UPnP $2/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/o:debian:debian_linux:$1/
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: Debian/([\w.]+) UPnP/([\w._-]+) miniupnpd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$3/ i/Debian $1; UPnP $2/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/o:debian:debian_linux:$1/
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: Tenda UPnP/([\w._-]+) miniupnpd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$2/ i/Tenda broadband router; UPnP $1/ d/broadband router/ cpe:/a:miniupnp_project:miniupnpd:$2/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: Ubuntu/([\w._-]+) UPnP/([\w._-]+) miniupnpd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$3/ i/Ubuntu $1; UPnP $2/ o/Linux/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/o:canonical:ubuntu_linux:$1/ cpe:/o:linux:linux_kernel/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: Compal Broadband Networks, Inc/Linux/(\d[\w._-]+) UPnP/([\d.]+) MiniUPnPd/([\d.]+)\r\n|s p/MiniUPnP/ v/$3/ i/Compal Broadband Networks; UPnP $2/ o/Linux $1/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/o:linux:linux_kernel:$1/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: Linux/(([234]\.[\d.]+)[\w._-]+) UPnP/([\w._-]+) [Mm]ini[Uu][Pp]n[Pp]d/([\w._-]+)\r\n|s p/MiniUPnP/ v/$4/ i/Linux $1; UPnP $3/ o/Linux/ cpe:/a:miniupnp_project:miniupnpd:$4/a cpe:/o:linux:linux_kernel:$2/
match upnp m|^ 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: \d+\r\nServer: Linux/BHR4 UPnP/([\d.]+) MiniUPnPd/([\d.]+)\r\n| p/MiniUPnP/ v/$2/ i/Verizon FiOS BHR4 router; UPnP $1/ d/broadband router/ cpe:/a:miniupnp_project:miniupnpd:$2/a cpe:/h:verizon:bhr4/
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: SmoothWall Express/([\d.]+) UPnP/([\d.]+) MiniUPnPd/([\d.]+)\r\n|s p/MiniUPnP/ v/$3/ i/SmoothWall Express $1; UPnP $2/ d/firewall/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/o:smoothwall:smoothwall:$1/
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: MF60/([\d.]+) UPnP/([\d.]+) miniupnpd/([\d.]+)\r\n|s p/MiniUPnP/ v/$3/ i/ZTE MF60 $1; UPnP $2/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/h:zte:mf60/
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: UPnP/([\w._-]+) MiniUPnPd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$2/ i/UPnP $1/ cpe:/a:miniupnp_project:miniupnpd:$2/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: UPnP/([\w._-]+) MiniUPnPd\r\n|s p/MiniUPnP/ i/UPnP $1/ cpe:/a:miniupnp_project:miniupnpd/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: miniupnpd/([\w._-]+) UPnP/([\w._-]+)\r\n|s p/MiniUPnP/ v/$2/ i/UPnP $1/ cpe:/a:miniupnp_project:miniupnpd:$2/a

# MiniDLNA
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\n\r\n<HTML><HEAD><TITLE>501 Not Implemented</TITLE></HEAD><BODY><H1>Not Implemented</H1>The HTTP Method is not implemented by this server\.</BODY></HTML>\r\n| p/MiniDLNA/ cpe:/a:minidlna:minidlna/a
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: Debian/([\w._/-]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) MiniDLNA/([\w._-]+)\r\n| p/MiniDLNA/ v/$4/ i/Debian $1; DLNADOC $2; UPnP $3/ o/Linux/ cpe:/a:minidlna:minidlna:$4/a cpe:/o:debian:debian_linux:$1/ cpe:/o:linux:linux_kernel/
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: RedHatEnterpriseServer/([\w._/-]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) MiniDLNA/([\w._-]+)\r\n| p/MiniDLNA/ v/$4/ i/RHEL $1; DLNADOC $2; UPnP $3/ o/Linux/ cpe:/a:minidlna:minidlna:$4/a cpe:/o:linux:linux_kernel/ cpe:/o:redhat:enterprise_linux:$1/
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: Fedora/([\w._-]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) MiniDLNA/([\w._-]+)\r\n| p/MiniDLNA/ v/$4/ i/Fedora $1; DLNADOC $2; UPnP $3/ o/Linux/ cpe:/a:minidlna:minidlna:$4/a cpe:/o:fedoraproject:fedora:$1/ cpe:/o:linux:linux_kernel/
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: RAIDiator/([\w._-]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) MiniDLNA/([\w._-]+)\r\n| p/MiniDLNA/ v/$4/ i/RAIDiator $1; DLNADOC $2; UPnP $3/ o/Linux/ cpe:/a:minidlna:minidlna:$4/a cpe:/o:linux:linux_kernel/a cpe:/o:netgear:raidiator:$1/
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: Ubuntu/([\w._-]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) MiniDLNA/([\w._-]+)\r\n| p/MiniDLNA/ v/$4/ i/Ubuntu $1; DLNADOC $2; UPnP $3/ o/Linux/ cpe:/a:minidlna:minidlna:$4/a cpe:/o:canonical:ubuntu_linux:$1/
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: Gentoo/([\w._-]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) MiniDLNA/([\w._-]+)\r\n| p/MiniDLNA/ v/$4/ i/Gentoo $1; DLNADOC $2; UPnP $3/ o/Linux/ cpe:/a:minidlna:minidlna:$4/a cpe:/o:gentoo:linux:$1/
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: SUSE LINUX/n/a DLNADOC/([\w._-]+) UPnP/([\w._-]+) MiniDLNA/([\w._-]+)\r\n| p/MiniDLNA/ v/$3/ i/SUSE Linux; DLNADOC $1; UPnP $2/ o/Linux/ cpe:/a:minidlna:minidlna:$3/a cpe:/o:suse:suse_linux/
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: Linux/([\w._-]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) MiniDLNA/([\w._-]+)\r\n| p/MiniDLNA/ v/$4/ i/DLNADOC $2; UPnP $3/ o/Linux $1/ cpe:/a:minidlna:minidlna:$4/a cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: (?:Linux )?(([234]\.[\d.]+)[\w._-]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) MiniDLNA/([\w._-]+)\r\n| p/MiniDLNA/ v/$5/ i/Linux $1; DLNADOC $3; UPnP $4/ o/Linux/ cpe:/a:minidlna:minidlna:$5/a cpe:/o:linux:linux_kernel:$2/
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: OpenWrt Linux/([\w._-]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) MiniDLNA/([\w._-]+)\r\n| p/MiniDLNA/ v/$4/ i/OpenWrt; DLNADOC $2; UPnP $3/ o/Linux $1/ cpe:/a:minidlna:minidlna:$4/a cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: FreeBSD/([\w._-]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) MiniDLNA/([\w._-]+)\r\n| p/MiniDLNA/ v/$4/ i/DLNADOC $2; UPnP $3/ o/FreeBSD $1/ cpe:/a:minidlna:minidlna:$4/a cpe:/o:freebsd:freebsd:$1/
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer:  ?DLNADOC/([\w._-]+) UPnP/([\w._-]+) MiniDLNA/([\w._-]+)\r\n| p/MiniDLNA/ v/$3/ i/DLNADOC $1; UPnP $2/ cpe:/a:minidlna:minidlna:$3/a
# Catch-all for weird cases reporting OS incorrectly.
# Avoid any that match OS/version so we can add those as they are submitted
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: ([^/ ]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) MiniDLNA/([\w._-]+)\r\n| p/MiniDLNA/ v/$4/ i/OS: $1; DLNADOC $2; UPnP $3/ cpe:/a:minidlna:minidlna:$4/a

# ReadyDLNA (formerly miniDLNA)
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: RAIDiator/([\w._-]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) ReadyDLNA/([\w._-]+)\r\n| p/ReadyDLNA/ v/$4/ i/RAIDiator $1; DLNADOC $2; UPnP $3/ o/Linux/ cpe:/o:linux:linux_kernel/a cpe:/o:netgear:raidiator:$1/
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: Linux[ /]([\d.]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) ReadyDLNA/([\w._-]+)\r\n| p/ReadyDLNA/ v/$4/ i/DLNADOC $2; UPnP $3/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: ([\d._-]+)ReadyNAS DLNADOC/([\w._-]+) UPnP/([\w._-]+) ReadyDLNA/([\w._-]+)\r\n| p/ReadyDLNA/ v/$4/ i/ReadyNAS; DLNADOC $2; UPnP $3/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: (?:Linux )?(([234]\.[\d.]+)[\w._-]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) ReadyDLNA/([\w._-]+)\r\n| p/ReadyDLNA/ v/$5/ i/Linux $1; DLNADOC $3; UPnP $4/ o/Linux/ cpe:/o:linux:linux_kernel:$2/
# Catch-all for weird cases reporting OS incorrectly.
# Avoid any that match OS/version so we can add those as they are submitted
match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 149\r\nServer: ([^/ ]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) ReadyDLNA/([\w._-]+)\r\n| p/ReadyDLNA/ v/$4/ i/OS: $1; DLNADOC $2; UPnP $3/

match upnp m|^HTTP/1\.1 501 Not Implemented\r\nConnection: close\r\nContent-type: text/html\r\n\r\n<HTML><HEAD><TITLE>501 Not Implemented</TITLE></HEAD><BODY><H1>Not Implemented</H1>The HTTP Method is not implemented by this server\.</BODY></HTML>\r\n$| p/MiniUPnP/ cpe:/a:miniupnp_project:miniupnpd/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: Linux Mips ([\w._-]+) UPnP/([\w.]+) MiniUPnPd/([\w.]+)\r\n|s p/MiniUPnP/ v/$3/ i/Linux $1 (MIPS); UPnP $2/ o/Linux/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/o:linux:linux_kernel:$1/a
match upnp m|^ 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: SmoothWall Express/([\w._-]+) UPnP/([\w.]+) miniupnpd/([\w.]+)\r\n|s p/MiniUPnP/ v/$3/ i/SmoothWall Express $1; UPnP $2/ o/Linux/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/o:linux:linux_kernel/a
match upnp m|^ 501 Not Implemented\r.*\nServer: SDK ([\d.]+) UPnP/([\d.]+) MiniUPnPd/([\d.]+)\r\n|s p/MiniUPnP/ v/$3/ i/Netgear SDK $1; UPnP $2/ cpe:/a:miniupnp_project:miniupnpd:$3/a
match upnp m|^ 501 Not Implemented\r.*\nServer: SDK ([\d.]+) UPnP/([\d.]+) MiniUPnPd/([\d.]+)_MTK_v([\d_]+)\r\n\r\n|s p/MiniUPnP/ v/$3/ i|Linksys/Belkin WiFi range extender; SDK $1; UPnP $2; MTK $SUBST(4,"_",".")| cpe:/a:miniupnp_project:miniupnpd:$3/a
match upnp m|^HTTP/1\.1 400 Bad Request\r\nDATE: .*\r\nConnection: Keep-Alive\r\nServer: UPnP/([\d.]+)\r\nContent-Length: 0\r\nContent-Type: text/xml; charset=\"utf-8\"\r\nEXT:\r\n\r\n$| p/UPnP/ v/$1/ d/broadband router/
match upnp m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: *Linux/([-\w_.]+), UPnP/([-\w_.]+), TwonkyVision UPnP SDK/([-\w_.]+)\r\n|s p/TwonkyMedia UPnP/ i/Linux $1; UPnP $2; SDK $3/ o/Linux/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:$1/a
match upnp m|^HTTP/1\.1 400 Bad request\r\nServer: Reciva UPnP/([\w._-]+) Radio/([\w._-]+) DLNADOC/([\w._-]+)\r\nContent-length: 0\r\nConnection: close\r\n\r\n$| p/dnt IPdio radio UPnP/ v/$2/ i/UPnP $1; DLNADOC $3/ d/media device/
match upnp m|^HTTP/0\.0 400 Bad Request\r\nServer: ([\w._-]+) \d+/Service Pack (\d+), UPnP/([\d.]+), TVersity Media Server\r\n| p/TVersity Media Server UPnP/ v/$1 SP $2/ i/UPnP $3/ o/Windows/ cpe:/o:microsoft:windows/a
match upnp m|^HTTP/0\.0 400 Bad Request\r\nServer: Windows/([\w._-]+\.2600)/Service Pack (\d+), UPnP/([\d.]+), TVersity Media Server/([\w._-]+)\r\n| p/TVersity Media Server UPnP/ v/$4/ i/UPnP $3; Windows build $1/ o/Windows XP/ cpe:/o:microsoft:windows_xp::sp$2/
match upnp m|^HTTP/0\.0 400 Bad Request\r\nServer: Windows/([\w._-]+)\.6001/Service Pack (\d+), UPnP/([\d.]+), TVersity Media Server/([\w._-]+)\r\n| p/TVersity Media Server UPnP/ v/$4/ i/UPnP $3; Windows build $1/ o/Windows Vista/ cpe:/o:microsoft:windows_vista::sp$2/
match upnp m|^HTTP/0\.0 400 Bad Request\r\nServer: ([\w._-]+) 2/, UPnP/([\w._-]+), TVersity Media Server\r\n|s p/TVersity Media Server UPnP/ v/$1/ i/UPnP $2/ o/Windows/ cpe:/o:microsoft:windows/a
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nDATE: .*\r\nConnection: Keep-Alive\r\nServer: LINUX/([\w._-]+) UPnP/([\d.]+) BRCM400/([\d.]+)\r\n| p|Belkin/Linksys wireless router UPnP| i/UPnP $2; BRCM400 $3/ d/router/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nDATE: .*\r\nConnection: Keep-Alive\r\nServer: LINUX/([\w._-]+) UPnP/([\d.]+) ZyXEL-UPnP/([\w._-]+)\r\n| p/ZyXEL wireless router UPnP/ i/UPnP $2; ZyXEL-UPnP $3/ d/router/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/
match upnp m|^HTTP/1\.1 400 Bad Request\r\nServer: Symbian/([\w._-]+) UPnP/([\d.]+)\r\nContent-Length: 151\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<hr />\n</body></html>$| p/Nokia N85 media share/ i/SymbianOS $1; UPnP $2/ d/phone/ o/Symbian/ cpe:/o:symbian:symbian/
match upnp m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?SERVER: XboxUpnp/([\w._-]+) UPnP/([\w._-]+) Xbox/2\.0\.(\d+)\.0\r\n|s p/Microsoft Xbox 360 upnpd/ v/$1/ i/UPnP $2; Xbox Dashboard 2.0.$3.0/ o/Xbox 360/ cpe:/h:microsoft:xbox_360_kernel:$3/
match upnp m|^HTTP/0\.0 400 Bad Request\r\nSERVER: Linux/([\w._-]+) UPnP/([\w._-]+) SKY DLNADOC/([\w._-]+)\r\n\r\n| p/BSkyB router upnpd/ i/UPnP $2; DLNADOC $3/ d/broadband router/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/
# ISP-branded, could be Actiontec, ZyXEL, Westell, Motorola, Netopia, 2Wire, Cisco, Thompson.
match upnp m|^HTTP/1\.1 400 Bad Request\r\nDATE: .*\r\nServer: LINUX/([\w._-]+) UPnP/([\d.]+) CenturyLink-TR064/([\d.]+)\r\nContent-Length: 0\r\nContent-Type: text/xml; charset=\"utf-8\"\r\nEXT:\r\n\r\n| p/CenturyLink DSL modem upnpd/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/a
match upnp m|^HTTP/1\.1 400 Bad Request\r\nDATE: .*\r\nConnection: Keep-Alive\r\nServer: LINUX/([\w._-]+) UPnP/([\d.]+) CenturyLink-UPnP/([\d.]+)\r\nContent-Length: 0\r\nContent-Type: text/xml; charset=\"utf-8\"\r\nEXT:\r\n\r\n| p/CenturyLink DSL modem upnpd/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/a
match upnp m|^HTTP/1\.1 400 Bad Request\r\nCONTENT-TYPE: text/xml; charset="utf-8"\r\nDATE: .*\r\nEXT: \r\nSERVER: UPnP/([\d.]+) AwoX/([\d.]+)\r\nCONTENT-LENGTH: 0\r\n| p/AwoX upnpd/ v/$2/ i/UPnP $1/
match upnp m|^HTTP/1\.1 501 Not Implemented\r\n(?:[^\r\n]+\r\n)*?Server: ([34][\d.]+)(?:-generic)? Microsoft-Windows/[\d.]+ Windows-Media-Player-DMS/[\d.]+ DLNADOC/([\d.]+) UPnP/([\d.]+) QNAPDLNA/([\d.]+)\r\n|s p/QNAP DLNA/ v/$4/ i/DLNADOC $2; UPnP $3/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/a

# maybe shouldn't be softmatch, but we get such good info from the bit in the Server header
softmatch upnp m|^ 501 Not Implemented\r.*\nServer: [^\r\n]*UPnP/([\d.]+) MiniUPnPd/([\d.]+)\r\n|s p/MiniUPnP/ v/$2/ i/UPnP $1/ cpe:/a:miniupnp_project:miniupnpd:$2/a

match uptime-agent m|^ERR\n$| p/up.time server monitor/
# Version 5.3.0 - Is this a memory address?
match uptime-agent m|^ERR - Command '\xe0\xb6VU\xd8\xbaVU' not found\n| p/up.time server monitor/

match unreal-media m|^\xb1\x36\x00\x00\x19\x00\x00\x00\x30\x05\xff\x8f\x00\x00\x00\x00\x88\xff.\x03.\xef.\x00$|s p/Unreal Media Server/ o/Windows/ cpe:/o:microsoft:windows/

match signiant m|^dds_pc: _ms=([\w._-]+)\xfe_si=Process controller\xfe_mid=9010\xfe_sev=0\xfe_dt=\d+/\d+/\d+\xfe_tm=\d+:\d+:\d+\xfe_pkg=\xfe\n\n| p/Signiant Media Exchange/ h/$1/

match spy-net m=^tentarnovamente\|\r\ntentarnovamente\|\r\n= p/Spy-Net or CyberGate backdoor/ i/**BACKDOOR**/

# Vizio Smart TV model M501D-A2R on 8099/tcp w/ssl tunnel
match vizio-tv m|^ERROR\x7c101\x7cUnknown Message Type\x7cEND| p/Vizio Smart TV unknown service/ d/media device/

match vnc m|^0\x82\x01\n\x02\x82\x01\x01\0| p/Ultr@VNC/ v/1.0.8.0/ o/Windows/ cpe:/a:ultravnc:ultravnc:1.0.8.0/ cpe:/o:microsoft:windows/a

match bitkeeper m|^ERROR-Try help\nERROR-Try help\n$| p/Bitkeeper/
match webcache m|^HTTP/1\.0 400 Bad Request\r\nExpires: .*\r\nContent-Type: text/html\r\n\r\n<html>\n<head><title>Bad formed request or url</title>\n| p/webcache/
# Novell ZENworks for Desktops Imaging Proxy 4.01.03
# Not sure if this is netware specific (linux too?) -Doug
match zenimaging m|^\xff\xff\xfb&$| p/Novell ZENworks Imaging Proxy/ cpe:/a:novell:zenworks_desktops/

match ajp12 m|^Status: 400 Bad Request\r\nServlet-Error: Malformed data sent to JServ\r\n\r\n$| p/Apache Jserv/

match nuttcp m|^KO\nnuttcp-t: v([\d.]+): error scanning parameters\nmay be using older client version than server\n\r\nKO\n| p/nuttcp network throughput tester/ v/$1/
match backdoor m|^sh-2\.05b\$ | p/r0nin rootkit backdoor/

match upsd m|^ERR UNKNOWN-COMMAND\nERR UNKNOWN-COMMAND\n$| p/Network UPS Tools upsd/ v/2.6.1/ i/Synology DS209 NAS device/ d/storage-misc/ cpe:/h:synology:ds209/

match websense-eim m|^\0\x0c\r\n\0\x01\0\x01\0\0\0\0$| p/Websense EIM/ cpe:/a:websense:websense/

match websocket m|^HTTP/1\.1 400 \r\nServer: WebSocket\+\+/([\d.]+)\r\n\r\n| p/WebSocket++/ v/$1/ cpe:/a:zaphoyd:websocketpp:$1/
match websocket m|^HTTP/1\.1 404 WebSocket Upgrade Failure\r\nContent-Type: text/html\nServer: TooTallNate Java-WebSocket\r\n| p/Java-WebSocket/ cpe:/a:tootallnate:java-websocket/

match wesnoth m|^\0\0\0.\0\0\0\x1f\x02version\0\x04([\d.]+)\0\0\x02mustlogin\0\x05\x01\0|s p/Battle For Wesnoth game server/ v/$1/
match wesnoth m|^\0\0\0.\0\0\0.\x1f\x8b\x08\0\0\0\0\0\0\xff\x8b\.K-\*\xce\xcc\xcf\x8b\xe5\x8a\xd6\x873\x01 \xbc\x17\x06\x15\0\0\0| p/Battle For Wesnoth game server/

match workrave m|^\0\x26\x02\0\0\x06\0.[\d.]+:\d+\0\x01\0\x11\0\x04\0\x01\0\x03\0\xaa\x02\0\0\x06\0.[\d.]+:\d+\0\x01\0\x10\0\x88\0\x03\0\x0bmicro_pause\0\x20\x4c\xa4\x86\x8e\0\0\0\xb4\0\0\0\x01\0\0\0\0\0\0\0\0L\xa4\x86\x8d\0\0\0\xb4\0\0\0\x0arest_break\0|s p/Workrave/

match wrproxy m|^error wrproxy: Error parsing command line\0| p/Wind River wrproxy/ cpe:/a:windriver:workbench/

match wtam m|^WTAM/1\.0 401 Unrecognized Command\n\n$| p/Webtrends WTAM/

match wub-command m|^Command Shell\r\n\r\n% \r\n% | p/Wub httpd command console/

match xboxdebug m|^201- connected\r\n407- unknown command\r\n$| p/Microsoft XBox Debugging Kit/ d/game console/
match xns m|^HELLO XBOX!$| p/Relax XBOX file server/ d/game console/

match zabbix m|^ZBXD\x01.\0\0\0\0\0\0\0ZBX_NOTSUPPORTED|s p/Zabbix Monitoring System/ cpe:/a:zabbix:zabbix/

match zmodem m|^\*\*\x18B0100000023be50\r\x8a\x11$| p/ZMODEM/

# Know the device, but not the service.
# Port 2000.
# match unknown m|^\x20$| p/Samsung CLX-3175FW printer/ d/printer/


##############################NEXT PROBE##############################
Probe TCP GetRequest q|GET / HTTP/1.0\r\n\r\n|
rarity 1
ports 1,70,79,80-85,88,113,139,143,280,497,505,514,515,540,554,591,620,631,783,888,898,900,901,1026,1080,1042,1214,1220,1234,1314,1344,1503,1610,1611,1830,1900,2001,2002,2030,2064,2160,2306,2396,2525,2715,2869,3000,3002,3052,3128,3280,3372,3531,3689,3872,4000,4444,4567,4660,4711,5000,5427,5060,5222,5269,5280,5432,5800-5803,5900,5985,6103,6346,6544,6600,6699,6969,7002,7007,7070,7100,7402,7776,8000-8010,8080-8085,8088,8118,8181,8530,8880-8888,9000,9001,9030,9050,9080,9090,9999,10000,10001,10005,11371,13013,13666,13722,14534,15000,17988,18264,31337,40193,50000,55555
sslports 443,993,995,1311,1443,3443,4443,5061,5986,7443,8443,8531,9443,10443,14443,44443,60443

match adobe-crossdomain m|^<\?xml version=\"1\.0\"\?>\r\n<!DOCTYPE cross-domain-policy SYSTEM \"/xml/dtds/cross-domain-policy\.dtd\">\r\n<cross-domain-policy>\r\n    <!-- This is a master socket policy file -->\r\n    <!-- No other socket policies on the host will be permitted -->\r\n    <site-control permitted-cross-domain-policies=\"master-only\"/>\r\n    <!-- This will allow access to port 1800 -->\r\n    <allow-access-from domain=\"([^\"]*)\" to-ports=\"([^\"]*)\"/>\r\n</cross-domain-policy>\r\n| p/Adobe cross-domain policy/ i/Snom 870 VoIP phone; domain: $1; ports: $2/ d/VoIP phone/ cpe:/h:snom:870/

match ajp13 m|^AB\0\x13\x04\x01\x90\0\x0bBad Request\0\0\0AB\0\x02\x05\x01$| p/Apache Jserv/

match athinfod m|^athinfod: invalid query\.\n$| p/Athena athinfod/

match automate m|^\x031[\w+/]{54}nXAvc01KqG\x03\r\n$| p/AutoMate Task Service/ v/9/

# using line numbers to distinguish versions
# for f in *.tar.gz; do echo -en $f"\t"; tar --wildcards -xOf $f '*/amavisd' | grep -n -e '__DATA__' -e "Missing 'request'" | grep -B1 req | awk -F: '{a=$1-a}END{print a}'; done
# Avoiding pre- and rc- versions for brevity
match am-pdp m|^setreply=450 4\.5\.0 Failure:%20Missing%20'request'%20field%20at%20\(eval%20\d+\)%20line%20(?:187),%20<GEN\d+>%20line%20\d\.\r\n| p/amavisd-new AM.PDP/ v/2.3.0 - 2.3.2/ cpe:/a:ijs:amavisd_new:2.3/
match am-pdp m|^setreply=450 4\.5\.0 Failure:%20Missing%20'request'%20field%20at%20\(eval%20\d+\)%20line%20(?:190),%20<GEN\d+>%20line%20\d\.\r\n| p/amavisd-new AM.PDP/ v/2.3.3/ cpe:/a:ijs:amavisd_new:2.3.3/
match am-pdp m|^setreply=450 4\.5\.0 Failure:%20Missing%20'request'%20field%20at%20\(eval%20\d+\)%20line%20(?:195),%20<GEN\d+>%20line%20\d\.\r\n| p/amavisd-new AM.PDP/ v/2.4.0/ cpe:/a:ijs:amavisd_new:2.4.0/
match am-pdp m|^setreply=450 4\.5\.0 Failure:%20Missing%20'request'%20field%20at%20\(eval%20\d+\)%20line%20(?:207),%20<GEN\d+>%20line%20\d\.\r\n| p/amavisd-new AM.PDP/ v/2.4.1 - 2.4.2/ cpe:/a:ijs:amavisd_new:2.4/
match am-pdp m|^setreply=450 4\.5\.0 Failure:%20Missing%20'request'%20field%20at%20\(eval%20\d+\)%20line%20(?:208),%20<GEN\d+>%20line%20\d\.\r\n| p/amavisd-new AM.PDP/ v/2.4.3 - 2.4.4/ cpe:/a:ijs:amavisd_new:2.4/
match am-pdp m|^setreply=450 4\.5\.0 Failure:%20Missing%20'request'%20field%20at%20\(eval%20\d+\)%20line%20(?:210),%20<GEN\d+>%20line%20\d\.\r\n| p/amavisd-new AM.PDP/ v/2.4.5/ cpe:/a:ijs:amavisd_new:2.4.5/
match am-pdp m|^setreply=450 4\.5\.0 Failure:%20Missing%20'request'%20field%20at%20\(eval%20\d+\)%20line%20(?:214),%20<GEN\d+>%20line%20\d\.\r\n| p/amavisd-new AM.PDP/ v/2.5.0/ cpe:/a:ijs:amavisd_new:2.5.0/
match am-pdp m|^setreply=450 4\.5\.0 Failure:%20Missing%20'request'%20field%20at%20\(eval%20\d+\)%20line%20(?:217),%20<GEN\d+>%20line%20\d\.\r\n| p/amavisd-new AM.PDP/ v/2.5.1 - 2.5.4/ cpe:/a:ijs:amavisd_new:2.5/
match am-pdp m|^setreply=450 4\.5\.0 Failure:%20Missing%20'request'%20field%20at%20\(eval%20\d+\)%20line%20(?:230),%20<GEN\d+>%20line%20\d\.\r\n| p/amavisd-new AM.PDP/ v/2.6.0/ cpe:/a:ijs:amavisd_new:2.6.0/
match am-pdp m|^setreply=450 4\.5\.0 Failure:%20Missing%20'request'%20field%20at%20\(eval%20\d+\)%20line%20(?:185),%20<GEN\d+>%20line%20\d\.\r\n| p/amavisd-new AM.PDP/ v/2.7.0 - 2.7.2/ cpe:/a:ijs:amavisd_new:2.7/
match am-pdp m|^setreply=450 4\.5\.0 Failure:%20Missing%20'request'%20field%20at%20\(eval%20\d+\)%20line%20(?:188),%20<GEN\d+>%20line%20\d\.\r\n| p/amavisd-new AM.PDP/ v/2.8.0/ cpe:/a:ijs:amavisd_new:2.8.0/
match am-pdp m|^setreply=450 4\.5\.0 Failure:%20Missing%20'request'%20field%20at%20\(eval%20\d+\)%20line%20(?:193),%20<GEN\d+>%20line%20\d\.\r\n| p/amavisd-new AM.PDP/ v/2.8.1/ cpe:/a:ijs:amavisd_new:2.8.1/
match am-pdp m|^setreply=450 4\.5\.0 Failure:%20Missing%20'request'%20field%20at%20\(eval%20\d+\)%20line%20(?:196),%20<GEN\d+>%20line%20\d\.\r\n| p/amavisd-new AM.PDP/ v/2.9.0 - 2.10.1/ cpe:/a:ijs:amavisd_new:2/
match am-pdp m|^setreply=450 4\.5\.0 Failure:%20Missing%20'request'%20field%20at%20\(eval%20\d+\)%20line%20(?:197),%20<GEN\d+>%20line%20\d\.\r\n| p/amavisd-new AM.PDP/ v/2.11.0 - 2.11.1/ cpe:/a:ijs:amavisd_new:2.11/

match amqp m|^AMQP\x00\x00\x09\x01$| p/Advanced Message Queue Protocol/
match amqp m|^AMQP\x01\x01\x00\x0a$| p/Advanced Message Queue Protocol/

match as2 m|^HTTP/1\.1 404 Not Found\r\nServer: Cleo LexiCom/([\w._-]+) \(([^)]+)\)\r\n| p/Cleo LexiCom AS2/ v/$1/ o/$2/

# Kerio PF 4.0.11 unregistered - Service process (Port 44xxx?) on MS W2K SP4+
match keriopfservice m|^(HTTP/1\.0) 200 OK\r\nServer: Kerio Personal Firewall\r\n| p/Kerio PF 4 Service/ i/$1/

match backupexec-remote m|^\xf6\xff\xff\xff\x10\0\0\0\0\0\0\0\0\0\0\0$| p/Veritas Backup Exec Remote Agent/ cpe:/a:symantec:veritas_backup_exec/

match backdoor m|^:[-\w_.]+ 451 GET :\r\n| p/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a
match backdoor m|^<HTML>\n<HEAD>\n<TITLE>Directory /</TITLE>\n<BASE HREF=\"file:/\">\n</HEAD>\n<BODY>\n<H1>Directory listing of /</H1>| p/No-auth shell/ i/**BACKDOOR**/ o/Unix/

match banner-ivu m|^ERROR 10101_GROUP_NOT_FOUND\r\n| p/Banner Engineering iVu Command Channel/ d/specialized/

match beep m|^RPY \d \d \. \d \d+\r\nContent-Type: application/beep\+xml\r\n\r\n<greeting><profile uri='http://xml\.resource\.org/profiles/NULL/WIOServerProfile' /><profile uri='http://iana\.org/beep/TLS' /><profile uri='http://xml\.resource\.org/profiles/NULL/ChatServerProfile' /></greeting>END\r\n| p/Blackboard WebCT chat server/

match bentley-projectwise m|^ACKNOSEC$| p/Bentley Systems ProjectWise/

match bigant m|^HTTP/1\.1  403\naenflag:0\ncontent-length:0\nserver:AntServer\n\n| p/BigAnt Messenger server/

match bittorrent m|^Nice try\.\.\.\r\n$| p/Transmission Bittorrent client/ cpe:/a:transmissionbt:transmission/
match bitcoin-jsonrpc m|^HTTP/1\.0 405 Method Not Allowed\r\nContent-Type: text/html; charset=ISO-8859-1\r\n\r\nJSONRPC server handles only POST requests| p/Bitcoin or Litecoin JSON-RPC/

match bluecoat-logd m|^\x03\0\0\x01$| p/Blue Coat Reporter log server/

match brio m|^com\.sqribe\.null\0java\.lang\.String\0com\.sqribe\.transformer\.TransformerException\0java\.lang\.String\0TRCP version mismatch: Current version: (\d+) Client version: unknown\0$| p/Brio 8 business intelligence tool/ v/$1/

match caldav m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: negotiate \r\nWWW-Authenticate: digest nonce=\"\d+\", realm=\"/Search\", algorithm=\"md5\"\r\n(?:[^\r\n]+\r\n)*?Server: Twisted/([\w._-]+) TwistedWeb/([\w._-]+)\r\n|s p/TwistedWeb httpd/ v/$2/ i/Apple iCal Server; Twisted $1/ cpe:/a:twistedmatrix:twisted:$1/ cpe:/a:twistedmatrix:twistedweb:$2/a
match caldav m|^HTTP/1\.1 401 Unauthorized\r\n.*WWW-Authenticate: Basic realm=\"Zarafa CalDav Gateway\"\r\nContent-Length: 0\r\nServer: Zarafa\r\n| p/Zarafa CalDav Gateway/ cpe:/a:zarafa:zarafa/
match caldav m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CalendarServer/([\w._-]+)\(iCalServerv([\w._-]+)\) Twisted/([\w._-]+) TwistedWeb/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?DAV: 1|s p/TwistedWeb httpd/ v/$4/ i/Calendar and Contacts Server $1; iCalServer $2; Twisted $3/ o/Mac OS X/ cpe:/a:twistedmatrix:twisted:$3/ cpe:/a:twistedmatrix:twistedweb:$4/a cpe:/o:apple:mac_os_x/a
match caldav m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CalendarServer/([\w._()-]+) Twisted/([\w._-]+) TwistedWeb/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?DAV: 1|s p/TwistedWeb httpd/ v/$3/ i/Calendar and Contacts Server $1; Twisted $2/ cpe:/a:twistedmatrix:twisted:$2/ cpe:/a:twistedmatrix:twistedweb:$3/a
match caldav m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: WSGIServer/([\w._-]+) Python/([\w._-]+)\r\nContent-Length: \d+\r\nContent-type: text/html\r\n\r\n<!DOCTYPE html>\n<title>Radicale</title>Radicale works!| p/Radicale CalDAV CardDAV/ i/WSGIServer $1; Python $2/ cpe:/a:kozea:radicale/ cpe:/a:python:python:$2/ cpe:/a:python:wsgiref:$1/
match caldav m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 0\r\nWww-Authenticate: Digest realm=\"Daylite\", qop=\"auth\", nonce=\"[\dA-F]{8}-[\dA-F]{4}-[\dA-F]{4}-[\dA-F]{4}-[\dA-F]{12}\"\r\nAccept-Ranges: bytes\r\nDate: .* GMT\r\n\r\n| p/Daylite Server Admin/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a

match cassandra-native m|^\x83\0\0\0\0\0\0\0\x8c\0\0\0\0\0\x86io\.netty\.handler\.codec\.DecoderException: org\.apache\.cassandra\.transport\.ProtocolException: Invalid or unsupported protocol version: 71| p/Apache Cassandra/ i/native protocol version 3/ cpe:/a:apache:cassandra/
match cassandra-native m|^\x82\0\0\0\0\0\0\0\x8c\0\0\0\0\0\x86io\.netty\.handler\.codec\.DecoderException: org\.apache\.cassandra\.transport\.ProtocolException: Invalid or unsupported protocol version: 71| p/Apache Cassandra/ i/native protocol version 2/ cpe:/a:apache:cassandra/
match cassandra-native m|^\x81\0\0\0\0\0\0\0\x8c\0\0\0\0\0\x86io\.netty\.handler\.codec\.DecoderException: org\.apache\.cassandra\.transport\.ProtocolException: Invalid or unsupported protocol version: 71| p/Apache Cassandra/ i/native protocol version 1/ cpe:/a:apache:cassandra/
match cassandra-native m|^.\0\0\0\0\0\0\0.\0\0\0\n\0[eE]Invalid or unsupported protocol version \(71\); highest supported is (\d+) | p/Apache Cassandra/ v/2.2.0 - 2.2.9/ i/native protocol version $1/ cpe:/a:apache:cassandra:2.2/
match cassandra-native m|^.\0\0\0\0\0\0\0.\0\0\0\n\0[eE]Invalid or unsupported protocol version \(71\); the lowest supported version is (\d+) and the greatest is (\d+)| p/Apache Cassandra/ v/3.0.0 - 3.9/ i/native protocol version $1-$2/ cpe:/a:apache:cassandra:3/
match cassandra-native m|^.\x10\0\0\0\0\0\0.\0\0\0\n\0\\Invalid or unsupported protocol version \(71\); supported versions are \((\d+[^)]+)\)| p/Apache Cassandra/ v/3.10 or later/ i/native protocol versions $1/ cpe:/a:apache:cassandra:3/

match clickhouse m|^\x02e\0\0\0\x10DB::NetException/DB::NetException: Unexpected packet from client..0\. clickhouse-server\(StackTrace::StackTrace\(\)\+0x16\) \[0x[0-9a-f]+\]\n| p/ClickHouse DBMS/ cpe:/a:yandex:clickhouse/
softmatch clickhouse m|^HTTP/1\.0 400 Bad Request\r\n\r\nPort \d+ is for clickhouse-client program\.\r\nYou must use port \d+ for HTTP\.\r\n| p/ClickHouse DBMS/ cpe:/a:yandex:clickhouse/

match cryptonote m|^HTTP/1\.0 200 OK\nContent-Type: text/plain\nContent-Length: 20\n\nmining server online| p/node-cryptonote-pool CryptoNote miner/ i/Node.js/ cpe:/a:nodejs:node.js/
match csta m|^<HTML>\r\n<HEAD>\r\n<TITLE>CSTA-Mono Server Home Page </TITLE>\r\n| p/Alcatel OmniPCX Enterprise/ d/PBX/ cpe:/a:alcatel-lucent:omnipcx/

match daap m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .*\r\nContent-Length: 24\r\n\r\nCommand not implemented\.$| p/Amarok music player DAAP/
match daap m|^HTTP/1\.1 400 Bad Request\r\n(?:Date: .*\r\n)?DAAP-Server: iTunes/(\d[-.\w]+) \((.*)\)\r\n| p/Apple iTunes DAAP/ v/$1/ o/$2/ cpe:/a:apple:itunes:$1/
match daap m|^HTTP/1\.1 403 Forbidden\r\nDate: .*\r\nDAAP-Server: iTunes/(\d[-.\w]+) \((.*)\)\r\nContent-Type: application/x-dmap-tagged\r\nContent-Length: 0\r\n\r\n$| p/Apple iTunes DAAP/ v/$1/ o/$2/ cpe:/a:apple:itunes:$1/
match daap m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: mt-daapd/([-\w.]+)\r\n|s p/mt-daapd DAAP/ v/$1/
# Also "DAAP Music Sharing Plugin on rhythmbox 2.96"
match daap m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nContent-Length: 0\r\n\r\n$| p/mt-daapd DAAP/
match daap m|^HTTP/1\.1 \d\d\d .*\r\nDAAP-Server: daap-sharp\r\nContent-Type: application/x-dmap-tagged\r\nContent-Length: \d+\r\n\r\ninvalid session id| p/DAAPsharp DAAP/
match daap m|^HTTP/1\.0 400 Bad Request\nServer: Hughes Technologies Embedded Server \(persistent patch\)\r\n| p/daapd/ i/Hughes embedded/
match daap m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"forked-daapd web interface\"\r\nContent-Length: 92\r\nServer: forked-daapd/([\w._-]+)\r\n\r\n<html><head><title>401 Unauthorized</title></head><body>Authorization required</body></html>\r\n$| p/forked-daapd/ v/$1/
match daap m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"forked-daapd web interface\"\r\nContent-Type: text/html; charset=ISO-8859-1\r\n\r\n<html><head><title>401 Unauthorized</title></head><body>Authorization required</body></html>$| p/forked-daapd/

match dnet-keyproxy m|^HTTP/1\.0 302 Found\r\nLocation: http://www\.distributed\.net/\r\n\r\n$| p/Distributed.Net HTTP Keyproxy/

softmatch docker m|^HTTP/1\.0 404 Not Found\r\nContent-Type: application/json\r\nDate: .*\r\nContent-Length: 29\r\n\r\n\{"message":"page not found"\}\n| p/Docker remote API/

match drda m|^\0\x79\xd0\x02\xff\xff\0\x73\x12\x4c\0\x06\x11\x49\0\x08\0\x4e\x11S\0\xd3| p/IBM DRDA/
match drda m|^\0\x1b\xd0\x02\0\x01\0\x15\x12\x4c\0\x06\x11\x49\0\x08\0\x06\0\x0c\0\0\0\x05\x11\x4a\x03$| p/Apache Derby DRDA/ cpe:/a:apache:derby/

match dslcpe m|^GET: command not found\n\r   acog,          AutobootConfigOptionGet\n\r| p/dsl_cpe_control/ d/broadband router/

match econtagt m|^=\0\0\0$| p/Compuware ServerVantage EcoNTAgt/ cpe:/a:compuware:servervantage_agent/

match elasticsearch m|^This is not a HTTP port$| p/Elasticsearch binary API/ cpe:/a:elasticsearch:elasticsearch/
match emco-remote-screenshot m|^\x06!\x01\0\0\0\0\0\xff\xd8\xff\xe0\0\x10JFIF| p/EMCO Remote Screenshot/

match encase m|^....\x80\0\0\0\0\0\0\0........\0\0\0\0\0\0\0\0\x01\0\0\0F\0\0\0\xb0\x04\0\0\0\0\0\0\0\0\0\0\xff\xfe1\0\n\0m\0a\0i\0n\0\n\0n\0\n\0I\0n\0v\0a\0l\0i\0d\0 \0h\0e\0a\0d\0e\0r\0 \0c\0h\0e\0c\0k\0s\0u\0m\0\n\0\n\0..........| p/EnCase Servlet/

match eth-jsonrpc m|^HTTP/1\.0 200 OK\r\nContent-Type: application/json\r\nVary: Origin\r\nDate: .*\r\nContent-Length: \d+\r\n\r\n\{"jsonrpc":"([\d.]+)","error":\{"code":-32600,"message":"EOF"\}\}\n| p/Ethereum JSON-RPC/ i/jsonrpc $1/
match fhem m|^\n\[LaCrosseITPlusReader\.(\d[\w.]+) \w\w\w \d\d \d\d\d\d \(RFM\d+ f:\d+ t:[\d~]+\) \+ DHT\d+\]\r\n| p/LaCrosse IT+ Reader/ v/$1/ d/specialized/

# Digital UNIX 5.6
match finger m|^Login name: /         \t\t\tIn real life: \?\?\?\r\n\r\nLogin name: GET       \t\t\tIn real life: \?\?\?\r\n\r\nLogin name: HTTP/1\.0  \t\t\tIn real life: \?\?\?\r\n$| p/Digital UNIX fingerd/ o/Digital UNIX/ cpe:/o:dec:digital_unix/a
# Internet Rex v2.67 Beta 1a
match finger m|^No such user No such user N\n$| p/Internet Rex finger server/
# IQinVision IQeye3 security camera
match finger m|^\n Nodename:\s+(\w+)\r\n| p/IQinVision fingerd/ i/Camera/ d/webcam/ h/$1/
# FreeBSD 4.9-STABLE /usr/libexec/fingerd/
match finger m|^finger: /: no such user\r?\nfinger: GET: no such user\r?\nfinger: HTTP/1\.0: no such user\r?\n$| p/FreeBSD fingerd/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a
# Bay Networks Micro Annex Comm. Server R10.0
match finger m|^No such activity\.\r\n$| p/Bay Networks Micro Annex terminal server fingerd/ d/terminal server/
# Mercury/32 3.32 Finger Server module on Windows XP
match finger m|^GET / HTTP/1\.0 is not known at this site\.\r\n$| p|Mercury/32 fingerd| o/Windows/ cpe:/o:microsoft:windows/a
# ffingerd 1.28
match finger m|^That user does not want to be fingered\.\n$| p/ffingerd/
# Finger 0.17 from debian linux (which is from Linux netkit I believe)
# OpenBSD 2.3
match finger m|^finger: GET: no such user\.\nfinger: /: no such user\.\nfinger: HTTP/1\.0: no such user\.\n$| p|BSD/Linux fingerd| o/Unix/
# Linux port of in.fingerd from OpenBSD network tools - started with -w to show welcome banner
match finger m|^\r\nWelcome to Linux version (\d[-.\w]+) at ([-.\w]+) !\r\n\n.*\n\r\nfinger: GET: no such user\.|s p/OpenBSD fingerd/ i/ported to Linux/ o/Linux $1/ h/$2/ cpe:/o:linux:linux_kernel:$1/
# Redhat Linux from finger-server-0.17-9 RPM
match finger m|^finger: GET: no such user.\r\nfinger: /: no such user.\r\nfinger: HTTP/1.0: no such user.\r\n$| p/Linux fingerd/ o/Linux/ cpe:/o:linux:linux_kernel/a
# NetBSD 1.6ZA (berkeley fingerd 8.1 sibling)
match finger m|^finger: GET: no such user\nfinger: /: no such user\nfinger: HTTP/1\.0: no such user\n$| p/NetBSD fingerd/ cpe:/o:netbsd:netbsd/
# Solaris 9
match finger m|^Login       Name               TTY         Idle    When    Where\r\nGET                   \?\?\?\r\n/                     \?\?\?\r\nHTTP/1\.0              \?\?\?\r\n$| p/Sun Solaris fingerd/ o/Solaris/ cpe:/o:sun:sunos/a
# mlfingerd 1.1
match finger m|^Information for user 'GET\+20\+2F\+20HTTP\+2F1\.0':\r\nUnknown user\.\r\n$| p/mlfingerd/
# SGI IRIX 6.5.18f finger
match finger m|^Login name: GET       \t\t\tIn real life: \?\?\?\r\n$| p/SGI IRIX or NeXTSTEP fingerd/
# Windows fingerd
match finger m|^No such user\n$| p/Windows fingerd/ o/Windows/ cpe:/o:microsoft:windows/a
match finger m|^MSS100 Version V([\d/.]+)\(\d+\) - Time Since Boot: \d+:\d\d:\d\d\r\nName        pid     stat  pc       cpusec    stack    pr/sy   idle    tty\r\n| p/Lantronix MSS100 serial interface fingerd/ v/$1/ d/specialized/
match finger m|^finger: GET / HTTP/1\.0: no such user\n| p/efingerd/ o/Unix/ cpe:/a:radovan_garabik:efingerd/
match finger m|^ +-;;=\n +\.;M####\+\n| p/mIRC with ircN script fingerd/ o/Windows/ cpe:/o:microsoft:windows/a
match finger m|^User not found\r\n| p/XMail fingerd/ cpe:/a:davide_libenzi:xmail/
match finger m|^EMail       : [-\w_.]+@([-\w_.]+)\r\n  Real Name : \?\?\r\n  Home Page : \?\?\r\n| p/XMail fingerd/ h/$1/ cpe:/a:davide_libenzi:xmail/
match finger m|^\r\nIntegrated port\r\nPrinter Type: IBM Infoprint (.*)\r\n| p/IBM Infoprint $1 fingerd/ d/print server/ cpe:/a:ibm:infoprint_$SUBST(1," ","_")/
match finger m|^Login name: HTTP/1\.0       In real life: \?\?\?\r\n| p/OpenVMS fingerd/ o/OpenVMS/ cpe:/o:hp:openvms/a
match finger m|^No information available\r\n$| p/Post.Office fingerd/
match finger m|^finger: sorry, no such user\.\n$| p/xfingerd/
match finger m|^finger: HTTP/1\.0: no such user\.\r\n| p/BSD fingerd/ cpe:/a:bsd:fingerd/
match finger m|^no such user here\n$| p/MiamiDx fingerd/ o/AmigaOS/

match git m|^0077ERR \n  Your Git client has made an invalid request:\n  GET / HTTP/1\.0\r\n\r\n\n  Visit http://support\.github\.com for help$| p/Git/ i/GitHub/

match gnutella m|^HTTP/1\.[01] 404 Not Found\r\nServer: gtk-gnutella/(\d[-.\w]+) \(([^\)\r\n]+)\)\r\n| p/gtk-gnutella P2P client/ v/$1/ i/$2/
match gnutella m|^HTTP/1\.[01] 403 Browse Host Disabled\r\nServer: gtk-gnutella/(\d[-.\w]+) \(([^\)\r\n]+)\)\r\n| p/gtk-gnutella P2P client/ v/$1/ i/$2; browse host disabled/
match gnutella m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: gtk-gnutella/(\d[-\w.]+) \([-\d]+; GTK2; Linux i686\)\r\n.*sharing (\d+) files ([\d.]+ \w+) total</h3>\r\n|s p/gtk-gnutella P2P client/ v/$1/ i/Sharing $2 files, $3/ o/Linux/ cpe:/o:linux:linux_kernel/a

# LimeWire 3.5.8 on Suse Linux 8.1
match gnutella m|^HTTP/1\.1 406 Not Acceptable\r\n(?:\r\n)?$| p/LimeWire Gnutella P2P client/ cpe:/a:limewire:limewire/
match gnutella m|^HTTP/1\.0 406 Not Acceptable\r\nDate: .*\r\nServer: LimeWire/([\w._-]+)\r\n| p/LimeWire Gnutella P2P client/ v/$1/ cpe:/a:limewire:limewire:$1/
match gnutella m|^HTTP/1\.0 200\r\nServer: Mutella\r\n| p/Mutella Gnutella P2P client/
match gnutella m|^HTTP/1\.1 404 Not Found\r\nServer: giFT-Gnutella/(\d[-.\w]+)\r\n| p/GiFT P2P client gnutella module/ v/$1/
match gnutella m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Shareaza (\d\S+)|s p/Shareaza/ v/$1/
match gnutella m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: BearShare ([\d.]+)\r\n|s p/BearShare Gnutella P2P client/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match gnutella m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: BearShare ([\d.]+) \(([^)]+)\)\r\n|s p/BearShare Gnutella P2P client/ v/$1/ i/$2/ o/Windows/ cpe:/o:microsoft:windows/a
match gnutella m|^HTTP/1\.1 503 Web: Disabled\r\nServer: BearShare Pro ([\d.]+)\r\nContent-Length: \d+\r\n| p/BearShare Pro Gnutella P2P client/ v/$1/ i/Web disabled/ o/Windows/ cpe:/o:microsoft:windows/a
match gnutella m|^HTTP/1\.1 503 Web: Disabled\r\nServer: BearShare Lite ([\d.]+)\r\nContent-Length: \d+\r\n| p/BearShare Lite Gnutella P2P client/ v/$1/ i/Web disabled/ o/Windows/ cpe:/o:microsoft:windows/a
match gnutella m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: GhostWhiteCrab/([\d.]+)\r\nConnection: close\r\n\r\n| p/GhostWhiteCrab gnutella cache/ v/$1/
match gnutella m|^HTTP/1\.0 501 Not Implemented\r\nDate: .*\r\nServer: Frosty/([\w._-]+)\r\nContent-Length: 0\r\nConnection: Close\r\n\r\n| p/Frostwire P2P/ i/Frosty $1/

match gopher m|^HTTP/1\.0 200 Ok\r\nMIME-Version: 1\.0\r\nServer: GopherWEB/(\d[-.\w]+)\r\n| p/Internet Gopher Server/ i/Gopher+ protocol; GopherWeb $1/
match gopher m|^0'/GET / HTTP/1\.0' doesn't exist!\t\terror\.host\t1\r\n\.\r\n$| p/Bucktooth gopherd/
match gopher m|^3 --6 Bad Request\. \r\n\.\r\n$| p/Windows gopherd/ o/Windows/ cpe:/o:microsoft:windows/a
match gopher m|^3 --6 Ung\xfcltige Anforderung\. \r\n\.\r\n$| p/Windows gopherd/ i/German/ o/Windows/ cpe:/o:microsoft:windows/a
match gopher m|^3'/GET / HTTP/1\.0' does not exist \(no handler found\)\t\terror\.host\t1\r\n| p/pygopherd/
# GoFish is also a Gopher-to-HTTP gateway.
match gopher m|^HTTP/1\.0 500 Server Error\r\nServer: Server: GoFish/([\d.]+) \(Linux\)\r\n|s p/GoFish gopherd/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match gopher m|^3Sorry, but the requested token 'GET / HTTP/1\.0\r\n' could not be found\.\tErr\t([\w._-]+)\t\d+\r\n\.\r\n\r\n| p/Geomyidae/ h/$1/
match gopher m|^iUnable to locate requested resource\.\t\t([\w._-]+)\t\d+\r\n\.\r\n| p/Gopher Cannon/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/
match gopher m|^Error: File or directory not found!\r\n______________________________________________________________________\r\n              Gophered by Gophernicus/([\w._-]+) on archlinux/rolling | p/Gophernicus/ v/$1/ o/Linux/ cpe:/o:archlinux:arch_linux/ cpe:/o:linux:linux_kernel/
match gopher m|^iWelcome to Gophernicus!\t.*server version\.: Gophernicus/([\w._-]+)\t|s p/Gophernicus gopherd/ v/$1/
match gopher m|^HTTP/1\.1 400 Bad request\r\nContent-Type: text/html; charset=UTF-8\r\nServer: Motsognir\r\n.*<a href='gopher://([^/]+)/'|s p/Motsognir gopherd/ h/$1/ cpe:/a:mateusz_viste:motsognir/
match gopher-proxy m|^3That item is not currently available\.\r\n$| p/Symantec gopher proxy/

# GoverLan Remote Admin/Control (Tom Sellers)
match goverlan m|^\0\0\0\0/\x20HT| p/Goverlan Remote Administration/ cpe:/a:pjtech:goverlan/

match gpsd m|^GPSD,G=\?,E=\?,T=\?,T=\?,T=\?,P=\?\r\n| p/gpsd/ cpe:/a:gpsd_project:gpsd/
match gpsd-ng m|^{\"class\":\"VERSION\",\"release\":\"([\w._-]+)\",\"rev\":\"([\w._:-]+)\",\"proto_major\":\d+,\"proto_minor\":\d+}\r\n$| p/GPSD-NG/ v/$1 rev $2/

match groupwise m|^\xbc\xef\x16\0\xb5\xfe\x14\0\0\0\0 \xb5x3\x06a\x05\0\0\x16\0\xbc\xef\x1a\0\xb5\xfe\x18\0\0\0\0 d\xcf2\n\0\0\0\0\0\0\0\0\x1a\0\xbc\xef\x14\0\xb5\xfe\x0e\0\x02\0\x02!\x03\x16\x7f\$r\xe7\x14\0$| p/Novell GroupWise/ cpe:/a:novell:groupwise/

match hadoop-ipc m|^\0\0\0\0\x03\0\0\0\x7c\xff\xff\xff\xff\0\0\0\)org\.apache\.hadoop\.ipc\.RPC\$VersionMismatch\0\0\0>Server IPC version (\d+) cannot communicate with client version 47| p/Hadoop IPC/ i/IPC version $1/ cpe:/a:apache:hadoop/
match hadoop-ipc m|^\0\0\0\x7c{\x08\xff\xff\xff\xff\x0f\x10\x02\x18\t\"\)org\.apache\.hadoop\.ipc\.RPC\$VersionMismatch\*>Server IPC version (\d+) cannot communicate with client version \d+\x0e:\0@\x01| p/Hadoop IPC/ i/IPC version $1/ cpe:/a:apache:hadoop/
softmatch hadoop-ipc m|^HTTP/1\.1 404 Not Found\r\nContent-type: text/plain\r\n\r\nIt looks like you are making an HTTP request to a Hadoop IPC port\. This is not the correct port for the web interface on this daemon\.\r\n| p/Hadoop IPC/ cpe:/a:apache:hadoop/

# Responds with a binary protocol for other probes (GenericLines and RPCCheck).
match hillstone-vpn m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: /login\.html\r\nContent-Length: 157\r\nContent-Type: text/html\r\n\r\n<html><head><title>301 Moved Permanently</title></head><body>\n<h1>Moved Permanently</h1>\nMoved to: <a href=\"/login\.html\">/login\.html</a>\n<hr>\n</body></html>\n$| p/Hillstone SSL VPN/

match hp-logic-analyzer m|^\r\n\r0\.1/PTTH / TEG.\r\n$| p/HP 1662C logic analyzer/ d/specialized/

# Needs to go before the Apache match lines -Doug
match http-proxy m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache\r\n(?:[^\r\n]+\r\n)*?X-orenosp-filt:|s p/Orenosp reverse http proxy/
# Needs to go before BaseHTTPServer match lines.
match ovs-agent m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: BaseHTTP/([\d.]+) Python/([\w.]+)\r\n.*<title>Python: OVSAgentServer Document</title>|s p/Oracle OVSAgentServer/ v/22/ i/BaseHTTPServer $1; Python SimpleXMLRPCServer; Python $2/ cpe:/a:python:basehttpserver:$1/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: BaseHTTP/([\w._+-]+) Python/([\w._+-]+)\r\n.*<title>Supybot Web server index</title>|s p/BaseHTTPServer/ v/$1/ i/Supybot IRC bot HTTP stats; Python $2/ cpe:/a:python:basehttpserver:$1/a cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 200 Script output follows\r\nServer: BaseHTTP/([\w._-]+) Python/([\w._-]+)\r\n.*<title>Mercurial repositories index</title>|s p/BaseHTTPServer/ v/$1/ i/Mercurial hg serve; Python $2/ cpe:/a:python:basehttpserver:$1/a cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 200 Script output follows\r\nServer: BaseHTTP/([\w._-]+) Python/([\w._-]+)\r\n.*<title>: Mercurial repositories index</title>|s p/BaseHTTPServer/ v/$1/ i/Mercurial hg serve; Python $2/ cpe:/a:python:basehttpserver:$1/a cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: BaseHTTP/([\d.]+) Python/([\w.]+)\r\n.*<tt>This&nbsp;server&nbsp;exports&nbsp;the&nbsp;following&nbsp;methods&nbsp;through&nbsp;the&nbsp;XML-RPC&nbsp;protocol.</tt>|s p/BaseHTTPServer/ v/$1/ i/Python SimpleXMLRPCServer; Python $2/ cpe:/a:python:basehttpserver:$1/a cpe:/a:python:python:$2/

match http m|^HTTP/1\.0 \d\d\d .*\r\n(?:.*\r\n)?Server: MochiWeb/(\d[-.\w]+) \([-.'\w\s]+\)\r\n| p/MochiWeb Erlang HTTP library/ v/$1/ cpe:/a:mochiweb_project:mochiweb:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\n(?:.*\r\n)?Server: MochiWeb/(\d[-.\w]+) WebMachine/([.\d]*) \(.*\)\r\n| p/MochiWeb Erlang HTTP library/ v/$1/ i/WebMachine $2/ cpe:/a:mochiweb_project:mochiweb:$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: MochiWeb/([\w._-]+) \(Any of you quaids got a smint\?\)\r\n.*<title>RabbitMQ Management</title>|s p/MochiWeb Erlang HTTP library/ v/$1/ i/RabbitMQ management/ cpe:/a:mochiweb_project:mochiweb:$1/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nServer: MochiWeb/([\w._-]+) \(Any of you quaids got a smint\?\)\r\nLocation: http://[\w._-]+:(\d+)/\r\nDate: .*\r\nContent-Length: 0\r\n\r\n$| p/MochiWeb Erlang HTTP library/ v/$1/ i/RabbitMQ management; redirect to port $2/ cpe:/a:mochiweb_project:mochiweb:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: Apache/([\d.]+)\r\nPragma: no-cache\r\nDate: .*<title></title>\r\n.*\r\nvar my_upnp = 1;\r\n// backup log and config\r\nvar PM = \"7004ABR\";|s p/SMC 7004ABR broadband router  http config/ i/Identifies as Apache $1/ d/broadband router/ cpe:/h:smc:7004abr/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nPragma: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Login to the Router Web Configurator\"\r\n\r\n<html>\n  <head>\n  <title>401 Unauthorized</title>\n  </head>\n<body>\n\n<div align=\"center\">| p/DrayTek Vigor ADSL router webadmin/ d/broadband router/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: webfs/(\d[-.\w]+)\r\n| p/WebFS httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<HTML>\n<!-- Copyright IBM Corporation, 1999 -->\n<HEAD>\n<META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=| p/IBM switch webadmin/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: WebCam2000/(\d[-.\w]+) \(([-/.+\w]+); www\.stratoware\.com/webcam2000/\)\r\n| p/WebCam2000 httpd/ v/$1/ i/$2/
match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nServer: BWS/1\.0b3\r\n\r\n| p/Corel Paradox relational database web interface/ v/9.X/ i/Embedded BWS 1.0b3/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: WebSite/(\d[-.\w]+)\r\n| p/Deerfield VisNetic WebSite Professional/ v/$1/
match http m|^HTTP/1\.0 \d\d\d\r\nServer: Statistics Server (\d[-.\w]+)\r\n| p/DeepMetrix Statistics Server/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: Tue, 07 Oct 2003 12:26:05 GMT\r\nAllow: GET, HEAD\r\nServer: Spyglass_MicroServer/(\d[-.\w]+)\r\n\r\n<html>\n\n<head>\n\n<title>.*PhaserLink| p/Tektronix Phaser printer webadmin/ i/Ebedded Spyglass MicroServer $1/ d/printer/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: 3Com/v(\d[-.\w]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate:Basic realm=\"device\"\r\n|s p/3Com switch webadmin/ v/$1/
match http m|^HTTP/1\.0 401 Unauthorized\nDate: .*\nServer: Acme\.Serve/v(\d[-.\w ]+)\nConnection: close\nExpires: .*\nWWW-Authenticate: Basic realm=\"PowerChute network shutdown\"\n|s p/Acme.Serve/ v/$1/ i/APC Powerchute/ d/power-device/ cpe:/a:acme:acme.serve:$1/
match http m|^HTTP/1\.0 401 Unauthorized\nDate: .*\nServer: Acme\.Serve/v(\d[-.\w ]+) of \w+\nConnection: close\nExpires: .*\nWWW-Authenticate: Basic realm=\"PowerChute Network Shutdown\"\n|s p/Acme.Serve/ v/$1/ i/APC Powerchute/ d/power-device/ cpe:/a:acme:acme.serve:$1/
match http m|^HTTP/1\.0 302 Found\r\nLocation: /index\.htm\r\n\r\n| p/Alcatel Speedtouch ADSL router webadmin/ d/broadband router/
match http m|^HTTP/1\.0 404 Not Found\r\nServer: pks_www/(\d[-.\w]+)\r\n| p/OpenPGP public key server/ v/$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Apache/0\.6\.5\r\nPragma: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"System Setup\"\r\n| p/BenQ AWL wireless router webadmin/ d/broadband router/
# Orinoco bg-2000 Access Point
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Agranat-EmWeb/R([\w_]+)\r\nWWW-Authenticate: Basic realm=\"gateway\"\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Orinoco WAP http config/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
# ORiNOCO AP-600
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Virata-EmWeb/R([\w_]+)\r\nWWW-Authenticate: Basic realm=\"Access-Product\"\r\n| p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Orinoco WAP http config/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 200 OK\nConnection: close\nContent-type: image/gif\nPragma: no-cache\nContent-Length: 22528\n\nMZ| p/bobax.worm.c httpd/ o/Windows/ cpe:/o:microsoft:windows/a

# HP Printers
match http m|^HTTP/1\.1 200 OK\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nContent-Type: text/html;charset=ISO-8859-1\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n<HTML> \n<HEAD>\n<TITLE> | p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/HP LaserJet http config/ d/printer/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html;charset=ISO-8859-1\r\nExpires: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n<!DOCTYPE html\nPUBLIC | p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP LaserJet http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html;charset=utf-8\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n<!--  DOCTYPE tag is included to support the XHTML  -->\n<!DOCTYPE html\n   PUBLIC | p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP LaserJet http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Virata-EmWeb/R([\d_]+)\r\nLocation: https://([\d.]+)/\r\nContent-Type: text/html\r\nContent-Length: [89][0123456789]\r\n\r\n<HEAD><TITLE>Moved</TITLE></HEAD><BODY>| p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP LaserJet http config/ d/printer/ h/$2/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 301 Resource Moved\r\nCONTENT-LENGTH: 0\r\n(?:[^\r\n]+\r\n)*?SERVER: HP-ChaiSOE/([\d.]+)\r\n|s p/HP-ChaiSOE/ v/$1/ i/HP LaserJet http config/ d/printer/
match http m|^HTTP/1\.1 301 Resource Moved\r\nCONTENT-LENGTH: 0\r\nEXPIRES: .*\r\nLocation: /hp/device/this\.LCDispatcher\r\nCACHE-CONTROL: no-cache\r\nSERVER: HP-ChaiSOE/([\d.]+)\r\n-ONNECTION: Keep-Alive\r\n\r\n| p/HP-ChaiSOE/ v/$1/ i/HP LaserJet http config/ d/printer/
match http m|^HTTP/1\.1 200 OK\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nContent-Type: text/html;charset=ISO-8859-1\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n<HTML> \n<HEAD>\n<TITLE> | p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/HP LaserJet http config/ d/printer/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Virata-EmWeb/R([\d_]+)\r\nLocation: https://([\d.]+)/\r\nContent-Type: text/html\r\nContent-Length: 90\r\n\r\n<HEAD><TITLE>Moved</TITLE></HEAD><BODY>| p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP Color LaserJet 3500 http config/ d/printer/ h/$2/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:color_laserjet_3500/a
match http m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Virata-EmWeb/R([\d_]+)\r\nAccept-Ranges: none\r\nLocation: https://([\d.]+)/\r\nContent-Type: text/html\r\nContent-Length: 90\r\n\r\n| p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP Officejet Pro L7680 http config/ d/printer/ h/$2/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:officejet_pro_l7680/a
match http m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R([\d_]+)\r\n.*\n\n\n<title> HP Color LaserJet 2840  /|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP Color LaserJet 2840 http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:color_laserjet_2840/a
match http m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R([\d_]+)\r\n.*<title>HP Officejet Pro (\w+)(?: A\w+)?</title>\n|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP Officejet Pro $2 http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:officejet_pro_$2/a
match http m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R([\d_]+)\r\n.*<title>HP Officejet (\w+) series</title>|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP Officejet $2 http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:officejet_$2/a
match http m%^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?.*\r\nServer: Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html; ?charset=UTF-8\r\nExpires: .*<title>HP (Color |)LaserJet ([\w._ -]+)&nbsp;&nbsp;&nbsp;%si p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP $2LaserJet $3 printer http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\n.*<title>HP LaserJet (\w+)&nbsp;&nbsp;&nbsp;|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP LaserJet $2 printer http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:laserjet_$2/a
match http m|^HTTP/1\.0 \d\d\d Server: \$ProjectRevision: ([\w._-]+) \$\r\n.*<title>HP LaserJet (\w+)&nbsp;&nbsp;&nbsp|s p/HP LaserJet $2 printer http config/ v/$1/ d/printer/ cpe:/h:hp:laserjet_$2/a
match http m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R([\d_]+)\r\n.*<title>HP Photosmart ([\w._+-]+) series</title>|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP Photosmart $2 series printer http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m=^HTTP/1\.1 [45]\d\d .*\r\nServer: HP HTTP Server; (?:HP )+([^-]+) (?:series |MFP )?- \w+; Serial Number: (\w+);=s p/HP $1 printer http config/ i/Serial $2/ d/printer/ cpe:/h:hp:$1/
match ipp m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nServer: HP HTTP Server; HP ([^;]+?) - (\w+); Serial Number: (\w+); (?:[\w_]+ )?Built:[^{]+ {\w+, ASIC id 0x[\da-f]+}\r\n\r\n$| p/HP $1 ipp/ i/model $2; serial $3/ d/printer/ cpe:/h:hp:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: \$ProjectRevision: ([\w._-]+) \$\r\n.*<title>HP LaserJet (\w+)</title>|s p/HP LaserJet $2 printer http config/ v/$1/ d/printer/ cpe:/h:hp:laserjet_$2/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: \$ProjectRevision: ([\w._-]+) \$\r\n.*<title>HP Color LaserJet (\w+)</title>|s p/HP Color LaserJet $2 http config/ v/$1/ d/printer/ cpe:/h:hp:laserjet_$2/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: \$ProjectRevision: ([\w._-]+) \$\r\n.*<title>HP LaserJet (\w+)(?: MFP)&nbsp;&nbsp;&nbsp;[\d.]+</title>|s p/HP LaserJet $2 printer http config/ v/$1/ d/printer/ cpe:/h:hp:laserjet_$2/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: \$ProjectRevision: ([\w._-]+) \$\r\n.*<title>HP LaserJet Professional (\w+)&nbsp;&nbsp;&nbsp;[\d.]+</title>|s p/HP LaserJet $2 printer http config/ v/$1/ d/printer/ cpe:/h:hp:laserjet_$1/
match http m|^HTTP/1\.1 200 OK\r\nTransfer-Encoding: chunked\r\n.*<title>\r\n[0-9A-F]+\r\nHP LaserJet Professional (\w+)\r\n|s p/HP LaserJet $1 printer http config/ d/printer/ cpe:/h:hp:laserjet_$1/

match http m|^HTTP/1\.0 200 OK\nServer: stats\.mod/(\d[-.\w]+)\n| p/Eggdrop stats.mod web statistics module/ v/$1/ cpe:/a:eggheads:eggdrop/
match http m|^HTTP/1\.1 200 OK\r\nServer: PPR-httpd/(\d[-.\w]+)\r\n| p/PPR print spooling daemon ppradmin/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: RAC_ONE_HTTP (\d[-.\w]+)\r\n| p/Dell Embedded Remote Access card httpd/ v/$1/ d/terminal server/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>EpsonNet WebAssist Rev\.(\d[-.\w]+)</TITLE>| p/EpsonNet WebAssist printer configuration/ v/$1/ d/printer/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><META HTTP-EQUIV=\"Content-type\" CONTENT=\"text/html; charset=iso-8859-1\">\r\n<TITLE>Lexmark ([-/.+\w]+)</TITLE>| p/Lexmark printer webadmin/ i/Lexmark $1/ d/printer/
# GenericLines has Server: thttpd.
match http m|^HTTP/1\.0 200 OK\r\nExpires: Sun, 27 Feb 1972 08:00:00 GMT\r\n.*<title>Lexmark ([\w._/ +-]+)</title>|s p/thttpd/ i/Lexmark $1 printer http config/ d/printer/ cpe:/a:acme:thttpd/ cpe:/h:lexmark:$1/
match http m|^HTTP/1\.0 200 OK\nServer: III (\d[-.\w]+)\n| p/Innovative Interfaces Innopac httpd/ v/$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"CISCO_WEB\"\r\n| p/Cisco DSL router webadmin/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\w.]+)\r\n\r\n<HTML>\n<HEAD>\n<TITLE>Cisco Systems, Inc\.</TITLE>.*Cisco IP Phone ([-\w_]+)|s p/Allegro RomPager/ v/$1/ i/Cisco IP Phone $2/ d/VoIP phone/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nRAKeepAliveHeader: \.+\r\n| p/RemotelyAnywhere remote PC management httpd/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: RemotelyAnywhere/([\d.]+)\r\n|s p/RemotelyAnywhere remote PC management httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Ipswitch-IMail/(\d[-.\w]+)\r\n| p/Ipswitch IMail web service/ v/$1/ o/Windows/ cpe:/a:ipswitch:imail:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: IMail_Monitor/(\d[-.\w]+)\r\n| p/Ipswitch IMail Monitor web service/ v/$1/ o/Windows/ cpe:/a:ipswitch:imail:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Ipswitch Web Calendaring /(\d[-.\w]+)\r\n| p/Ipswitch IMail Web Calendar/ v/$1/ o/Windows/ cpe:/a:ipswitch:imail:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nSet-Cookie:WhatsUp={[-\w]+}; path=/\r\nContent-Type: text/html\r\nServer: Ipswitch ([\d.]+)\r\n| p/Ipswitch WhatsUp httpd/ v/$1/ o/Windows/ cpe:/a:ipswitch:whatsup/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n<html><head><title>Authentication Form</title></head><BODY BGCOLOR=\"#000000\" TEXT=\"#00FF00\"><p><h3 align=left><font face=\"arial,helvetica\">Client Authentication Remote Service</font>| p/Check Point Firewall-1 Client Authentication httpd/ cpe:/a:checkpoint:firewall-1/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n.*<title>\n  Authentication Form.*Client Authentication Remote \nService</font>.*FireWall-1 message: User: <p> <P>\n|s p/Check Point Firewall-1 Client Authentication httpd/ cpe:/a:checkpoint:firewall-1/
match http m|^HTTP/1\.0 200\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<TITLE>Error</TITLE>\n<BODY>\n<H1>Error</H1>\nFW-1 at ([-\w_.]+): Failed to connect to the WWW server\.</BODY>\r\n| p/Check Point Firewall-1 httpd/ h/$1/ cpe:/a:checkpoint:firewall-1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"FW-1\"\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<TITLE>Error</TITLE>\n<BODY>\n<H1>Error 401</H1>\n\nFW-1 at ([-\w_.]+):| p/Check Point Firewall-1 httpd/ h/$1/ cpe:/a:checkpoint:firewall-1/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nPragma: no-cache\r\n(?:X-Frame-Options: DENY\r\n)?Cache-Control: no-cache\r\n\r\n<html>\r\n<head>\r\n<meta http-equiv="Content-type" content="text/html; charset=iso-8859-1">\r\n<title>Client Authentication</title>\r\n</head>\r\n<body bgcolor="#7E7E7E">\r\n\t<table style="color:white;" width="100&#37">| p/Check Point VPN-1 Client Authentication httpd/ cpe:/a:checkpoint:vpn-1/

match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Check Point SVN foundation| p/Check Point SVN foundation httpd/ d/firewall/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: HP-UX_Apache-based_Web_Server/(\d[-.\w]+) (.*)\r\n| p/HP Apache-based httpd/ v/$1/ i/$2/ o/HP-UX/ cpe:/h:hp:apache-based_web_server:$1/ cpe:/o:hp:hp-ux/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: HP-UX_Apache-based_Web_Server\r\n| p/HP Apache-based httpd/ o/HP-UX/ cpe:/h:hp:apache-based_web_server/ cpe:/o:hp:hp-ux/a
match http m|^HTTP/1\.1 302 Moved\r\nContent-type: text/html\r\nConnection: close\r\nLocation: /1[012]\d{8}/l\r\n\r\n<H1>Document| p/Novell NetMail ModWeb webmail/ cpe:/a:novell:netmail/
match http m=^GIF89a\xa8\0-\0\xf7\0\0\x03\x03\x03\x83\x83\x83\xc4\xc4\xc4\xfe\x02\x02\xc9\x85c\x85|\xb5\xe2\xe2\xe2\xca\xa2\x8e\xd4RRCCC\xdeb\"\xa5\xa5\xa5\xe7\xc5= p/Tweak XP web advertisement blocker/
# Management interface for Xerox Phaser printers.
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nExpires: .*\r\nLast-Modified: .*\r\nPragma: no-cache\r\nServer: Allegro-Software-RomPager/(\d[-.\w]+)\r\n\r\n<HTML>\n<!--Copyright \(c\) Xerox Corporation | p/Allegro RomPager/ v/$1/ i/Xerox printer http admin/ d/printer/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nExpires: .*\r\nLast-Modified: .*\r\nPragma: no-cache\r\nServer: Allegro-Software-RomPager/(\d[-.\w]+)\r\n\r\n<html>\n<head>\n<title>\nHome - \nPhaser (\w+)</title>\n|s p/Allegro RomPager/ v/$1/ i/Xerox printer http admin; printer $2/ d/printer/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"CentreWare_IS_Admin\"\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n| p/Allegro RomPager/ v/$1/ i/Xerox Phaser http admin/ d/printer/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Type: text/html\r\nDate: .*Server: Allegro-Software-RomPager/([\d.]+)\r\n\r\n<html>\n<head>\n<title>\nAccueil - \nPhaser (\w+)</title>|s p/Allegro RomPager/ v/$1/ i/Xerox printer webadmin; printer $2; French/ d/printer/ cpe:/a:allegro:rompager:$1:::fr/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n.*<title>\nXerox&nbsp;Phaser (\w+)\n-\nStatus\n</title>|s p/Xerox Phaser printer http admin/ i/model: $1/ d/printer/ cpe:/h:xerox:phaser_$1/

match http m|^HTTP/1\.0 302 Moved Temporarily\r\nserver: IronPort httpd/(\d[-.\w]+)\r\n| p/IronPort mail appliance admin websever/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R(\d[-.\w]+)\r\nContent-Type: text/html\r\nExpires: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n\n<html>\n<head><title>(CopperJet [-.+\w ]+)</title>| p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Allied Data CopperJet ADSL modem; $2/ d/broadband router/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\nServer: dhttpd/(\d[-.\w]+)\r\n| p/dhttpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Snap Appliance, Inc\./(\d[-.\w]+)\r\n| p/Snap Appliance storage system webadmin/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<HTML>\n<FRAMESET COLS=\"105,\*\" FRAMEBORDER=NO BORDER=0\nFRAMESPACING=0>\n<FRAME SRC=\"/side\.html\" SCROLLING=NO>\n<FRAME SRC=\"/startupdata\.html\">\n</FRAMESET>\n</HTML>\n$| p/Motorola cable modem webadmin/ d/broadband router/
match http m|^HTTP/1\.0 200 OK\nDate: .*\nServer: Intel NetportExpressPro/(\d[-.\w]+)\n| p/Intel NetportExpress Pro print server webadmin/ v/$1/ d/print server/
match http m|^HTTP/1\.0 200 Ok\r\nContent-Type: text/html; charset=\"utf-8\"\r\n\r\n<HTTP>\r\n<HEAD>\r\n  <TITLE>MythTV Status</TITLE>| p/MythTV Linux PVR webadmin/ o/Linux/ cpe:/o:linux:linux_kernel/a

# Very specific... Will probably have to be changed when MythTV changes their CSS...
match http m|^HTTP/1\.[01] 200 .*<style type=\"text/css\" title=\"Default\" media=\"all\">\r\n  <!--\r\n  body {|s p/MythTV Linux PVR webadmin/ o/Linux/ cpe:/o:linux:linux_kernel/a

match http m|^HTTP/1\.0 302 Found\r\nLocation: http://[-.+\w]+:32\d\d\d/\r\n\r\n$| p/Sun Solaris Management Console/ i/Apache Tomcat/ o/Solaris/ cpe:/a:apache:tomcat/ cpe:/o:sun:sunos/a
# Cyclades PR2000 Router
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"PR2000 - Login\"\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/ ?([\w.]+)\r\n\r\n.*</H1>This object on the Cyclades PR2000 - RomPager server is protected|s p/Allegro RomPager/ v/$1/ i/Cyclades PR2000 router http admin/ d/router/ cpe:/a:allegro:rompager:$1/
# 3Com OfficeConnect 812 Router telnetd
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"OCR-([-.\w]+)\"\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/(\d[-.\w]+)\r\n| p/Allegro RomPager/ v/$2/ i/3Com OfficeConnect Router http admin; OfficeConnect OCR-$1/ d/router/ cpe:/a:allegro:rompager:$2/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"APC Management Card\"\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/ ?([\w.]+)\r\n\r\n| p/Allegro RomPager/ v/$1/ i/APC Management Web Server/ d/power-device/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"PDU\"\r\nServer: Allegro-Software-RomPager/ ?([\w.]+)\r\n\r\n<HTML>\n<HEAD>\n<TITLE>Protected Object</TITLE>\n</HEAD>\n<BODY BGCOLOR=\"WHITE\">\n<H1>Protected Object</H1>\nThis object on the MasterSwitch Web Server is protected\.| p/Allegro RomPager/ v/$1/ i/APC masterswitch http config/ d/power-device/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"MasterSwitch Plus\"\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/ ?([\w.]+)\r\n\r\n<HTML>\n<HEAD>\n<TITLE>Protected Object</TITLE>.*This object on the APC Management Web Server is protected\.|s p/Allegro RomPager/ v/$1/ i/APC masterswitch http config/ d/power-device/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\">\n.*<META NAME=Copyright CONTENT=\"Copyright \(c\) 2003 3Com Corporation\. All Rights Reserved\.\">\n.*<META http-equiv=\"3Cnumber\" content=\"([-.\w]+)\">\n|s p/3Com OfficeConnect router webadmin/ i/3Com` $1/ d/router/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/ ?([\w.]+)\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML//EN\">\n\n<html>\n\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; iso-8859-1\">\n<title>Summit Management Interface</title>|s p/Allegro RomPager/ v/$1/ i/Summit Management Interface/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\w.]+)\r\n\r\n\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\">\n<html>\n<head>\n<title>\n([^&\r\n]+)&nbsp;- Status</title>|s p/Allegro RomPager/ v/$1/ i/Roku Sound Bridge http config; name $2/ d/media device/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"\r\n\r\n<title>401 Unauthorized</title><body><h1>401 Unauthorized</h1></body>| p/Acer Warplink Firewall Router webadmin/ d/router/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: httpd\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Sitecom WL-([-.\w]+)\"\r\n| p/Sitecom $1 http config/ d/WAP/ cpe:/h:sitecom:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"SitecomWL([\w._-]+)\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n401 Unauthorized\.| p/Sitecom WL-$1 WAP http config/ d/WAP/ cpe:/h:sitecom:wl-$1/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\"><html><body bgcolor=\"#C0C0C0\" text=\"#000000\" vlink=\"#800080\" link=\"#0000FF\"><P><h1>TempTrax Digital Thermometer</h1>| p/SensaTronics TempTrax Digital Thermometer/ d/specialized/
match http m|^HTTP/1\.1 401 Unauthorised\r\nServer: Zeus/(\d[-.\w]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: basic realm=\"Zeus Admin Server\"\r\n|s p/Zeus httpd Admin Server/ v/$SUBST(1,"_",".")/ cpe:/a:zeus:zeus_web_server:$SUBST(1,"_",".")/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Zeus/(\d[-.\w]+)\r\n|s p/Zeus httpd/ v/$1/ cpe:/a:zeus:zeus_web_server:$1/
match http m|^HTTP/1\.0 404 File not Found\r\nServer: SPiN ChatSystem/(\d[-.\w]+)\r\n| p/SPiN web chat system/ v/$1/

# IP_SHARER WEB
match http m|^HTTP/1\.0 200 Document follows\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nContent-type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\">\n\n<html><head><title>Setup</title>| p/IP_SHARER WEB/ v/$1/ i/Siemens SpeedStream SS2601/ d/router/ cpe:/a:siemens:ip_sharer_web:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nContent-type: text/html\r\nConnection: close\r\n\r\nunknown \(([\d.]+)\) is managing this device| p/IP_SHARER WEB/ v/$1/ i/TRENDnet router http config; being managed by $2/ d/router/ cpe:/a:trendnet:ip_sharer_web:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: IP_SHARER WEB ([\w._-]+)\r\n.*<meta name=\"description\" content=\"Belkin (\d+)\">|s p/IP_SHARER WEB/ v/$1/ i/Belkin $2 wifi router http config/ d/WAP/ cpe:/a:belkin:ip_sharer_web:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: IP_SHARER WEB ([\w._-]+)\r\n.*<title>Setup</title>.*type=\"text/javascript\">\nfunction loadnext\(\)|s p/IP_SHARER WEB/ v/$1/ i/TRENDnet TW100-BRV204 router http config; no admin pass/ d/router/ cpe:/a:trendnet:ip_sharer_web:$1/ cpe:/h:trendnet:tw100-brv204/a
match http m=^HTTP/1\.0 200 OK\r\nServer: IP_SHARER WEB ([\w._-]+)\r\n.*<title>TRENDnet \| TW100-BRF114 \| Setup</title>=s p/IP_SHARER WEB/ v/$1/ i/TRENDnet TW100-BRF114 router http config/ d/router/ cpe:/a:trendnet:ip_sharer_web:$1/ cpe:/h:trendnet:tw100-brf114/a
match http m|^HTTP/1\.0 401 Unauthorized\nServer: IP_SHARER WEB ([\w._-]+)\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"NETGEAR WP([-\w+]+)\"\r\n\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 WAP http config/ d/WAP/ cpe:/a:netgear:ip_sharer_web:$1/ cpe:/h:netgear:$2/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(AT-\w+)\"\r\nContent-type: text/html\r\n\r\n401 Unauthorized| p/IP_SHARER WEB/ v/$1/ i/Allied Telesyn $2 WAP http config/ d/broadband router/ cpe:/a:alliedtelesyn:ip_sharer_web:$1/ cpe:/h:alliedtelesyn:$2/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"BEFSR41W\"\r\nContent-type: text/html\r\n\r\n401 Unauthorized| p/IP_SHARER WEB/ v/$1/ i/Linksys BEFSR41W router http config/ d/router/ cpe:/a:linksys:ip_sharer_web:$1/ cpe:/h:linksys:befsr41w/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(DG[\w]+)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 WAP http config/ d/WAP/ cpe:/a:netgear:ip_sharer_web:$1/ cpe:/h:netgear:$2/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(FM\w+)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 http config/ d/broadband router/ cpe:/a:netgear:ip_sharer_web:$1/ cpe:/h:netgear:$2/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(FR[-.\w+]+)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 firewall router http config/ d/router/ cpe:/a:netgear:ip_sharer_web:$1/ cpe:/h:netgear:$2/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"NeedPassword\"\r\nContent-type: text/html\r\nConnection: close\r\n\r\n401 Unauthorized$| p/IP_SHARER WEB/ v/$1/ i/TRENDnet TW100-BRV204 router http config; admin pass set/ d/router/ cpe:/a:trendnet:ip_sharer_web:$1/ cpe:/h:trendnet:tw100-brv204/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"NeedPassword\"\r\nContent-type: text/html\r\n\r\n401 Unauthorized| p/IP_SHARER WEB/ v/$1/ i|Airlink/Sitecom wireless router| d/router/ cpe:/a:airlink:ip_sharer_web:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(NR[\w+]+)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 router http config/ d/router/ cpe:/a:netgear:ip_sharer_web:$1/ cpe:/h:netgear:$2/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(WGPS[\w+]+)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 print server http config/ d/print server/ cpe:/a:netgear:ip_sharer_web:$1/ cpe:/h:netgear:$2/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"WRT54GC\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Linksys WRT54GC http config/ d/WAP/ cpe:/a:linksys:ip_sharer_web:$1/ cpe:/h:linksys:wrt54gc/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"WYR-G54\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Buffalo Airstation WYR-G54 WAP http config/ d/WAP/ cpe:/a:buffalo:ip_sharer_web:$1/ cpe:/h:buffalo:airstation_wyr-g54/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nContent-type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\">\n<html><head>\n<meta name=\"description\" content=\"SOHO Version ([\d.]+)\">\n\n<title>Setup</title>\n| p/IP_SHARER WEB/ v/$1/ i/SpeedStream router http config; SOHO Version $2/ d/router/ cpe:/a:speedstream:ip_sharer_web:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nContent-type: text/html\r\n\r\nunknown \(.*\) is managing this device| p/IP_SHARER WEB/ v/$1/ i/SpeedStream router http config/ d/router/ cpe:/a:speedstream:ip_sharer_web:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"FVS114\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear ProSafe FVS114 firewall http config/ d/firewall/ cpe:/a:netgear:ip_sharer_web:$1/ cpe:/h:netgear:prosafe_fvs114/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"FWG114P\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear FWG114P wireless firewall http config/ d/firewall/ cpe:/a:netgear:ip_sharer_web:$1/ cpe:/h:netgear:fwg114p/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"MR814v2\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear MR814v2 wireless router http config/ d/router/ cpe:/a:netgear:ip_sharer_web:$1/ cpe:/h:netgear:mr814v2/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(WGR614[^"]*)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 router http config/ d/router/ cpe:/a:netgear:ip_sharer_web:$1/ cpe:/h:netgear:$2/a

# PRINT_SERVER WEB
match http m|^HTTP/1\.0 200 Document follows\r\nServer: PRINT_SERVER WEB ([\w._-]+)\r\n.*<meta name=\"description\" content=\"([\w-]+) \d+\">\n\n<title>NetGear Print Server Setup</title>|s p/PRINT_SERVER WEB/ v/$1/ i/Netgear $2 print server http config/ d/print server/ cpe:/a:netgear:print_server_web:$1/ cpe:/h:netgear:$2/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: PRINT_SERVER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"NeedPassword\"\r\nContent-type: text/html\r\n| p/PRINT_SERVER WEB/ v/$1/ i/Netgear Mini print server http config/ d/print server/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: PRINT_SERVER WEB ([\w._-]+)\r\nContent-type: text/html\r\n\r\n<html><head><title>NETGEAR Setup</title>| p/PRINT_SERVER WEB/ v/$1/ i/Netgear print server http config/ d/print server/
match http m|^HTTP/1\.0 200 Document follows\r\nServer: PRINT_SERVER WEB ([\w._-]+)\r\nContent-type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\">\n<html><head><title>NETGEAR Setup</title>| p/PRINT_SERVER WEB/ v/$1/ i/Netgear PS110 print server http config/ d/print server/ cpe:/h:netgear:ps110/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: PRINT_SERVER WEB ([\d.]+)\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"NeedPassword\"\r\n\r\n401 Unauthorized$| p/PRINT_SERVER WEB/ v/$1/ i/Linksys wireless print server http config/ d/print server/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: PRINT_SERVER WEB ([\d.]+)\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"NETGEAR PS121v2\"\r\n| p/PRINT_SERVER WEB/ v/$1/ i/Netgear PS121v2 print server http config/ d/print server/ cpe:/h:netgear:ps121v2/a
match http m|^HTTP/1\.0 200 Document follows\r\nServer: PRINT_SERVER WEB ([\w._-]+)\r\n.*<title>Print Server Setup</title>.*name=\"main\" src=\"ps_stat\.htm\"|s p/PRINT_SERVER WEB/ v/$1/ i/LevelOne FPS-3001TXU print server http config/ d/print server/ cpe:/h:levelone:fps-3001txu/a

# Netgear FR314 Firewall Router
match http m|^HTTP/1\.0 200 OK\r\nServer: NETGEAR Firewall\r\n| p/Netgear FR-series firewall router http config/ d/router/
# Netgear FVS318 Firewall/Router
match http m|^HTTP/1\.0 200 OK\r\nServer: Netgear\r\nContent-Type: text/html\r\nPragma: no-cache\r\nLast Modified: .*\r\nConnection: close\r\n\r\n.*<title>\r\t\t\tNETGEAR Router \r|s p/Netgear FVS318 router http config/ d/router/ cpe:/h:netgear:fvs318/a
# Netgear RP614 firmware version 4.12
match http m%^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"((?:RP|WGU)\w+)\"\r\nServer: Embedded HTTPD v([\w._-]+), % p/Delta Networks Embedded HTTPD $2/ i/Netgear $1 router http config/ d/broadband router/ cpe:/h:netgear:$1/
# CiscoSecure ACS 3.1 on Windows 2000 Server
# Cisco Secure ACS for Windows 2000
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nContent-length: \d+\r\n\r\n<html>\r\n<head>\r\n<title>CiscoSecure ACS Login</title>| p/Cisco Secure ACS web interface/ o/Windows/ cpe:/a:cisco:secure_access_control_server/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nContent-length: \d+\r\n\r\n<html>\r\n<head>\r\n<title>CiscoSecure ACS for Windows 2000/NT Login</title>\r\n| p/Cisco Secure ACS web interface/ o/Windows/ cpe:/a:cisco:secure_access_control_server/ cpe:/o:microsoft:windows/a
# Pix Device Manager (PDM) version 3.01
match http m|^HTTP/1\.[01] 401 Unauthorized\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"PIX\"|s p/Cisco PIX Device Manager/ d/firewall/ cpe:/o:cisco:pix_firewall_software/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: DHost/(\d[-.\w]+) HttpStk/(\d[-.\w]+)\r\n| p/Novell eDirectory DHOST httpd/ v/$1/ i/HttpStk: $2; used by iMonitor/ o/Unix/ cpe:/a:novell:edirectory/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: 3ware/(\d[-.\w]+)\r\n| p/3Ware web interface/ v/$1/ i/RAID storage/

match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Cherokee\r\n|s p/Cherokee httpd/ cpe:/a:cherokee-project:cherokee/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Cherokee/([-.\w]+)\r\n|s p/Cherokee httpd/ v/$1/ cpe:/a:cherokee-project:cherokee:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Cherokee/([-.\w]+) \(Debian GNU/Linux\)\r\n|s p/Cherokee httpd/ v/$1/ i/Debian/ o/Linux/ cpe:/a:cherokee-project:cherokee:$1/ cpe:/o:debian:debian_linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Cherokee/([-.\w]+) \(Ubuntu\)\r\n|s p/Cherokee httpd/ v/$1/ i/Ubuntu/ o/Linux/ cpe:/a:cherokee-project:cherokee:$1/ cpe:/o:canonical:ubuntu_linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Cherokee/([-.\w]+) \(openSUSE Build Service\)\r\n|s p/Cherokee httpd/ v/$1/ i/OpenSUSE/ o/Linux/ cpe:/a:cherokee-project:cherokee:$1/ cpe:/o:novell:opensuse/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Cherokee/([-.\w]+) \(Gentoo Linux\)\r\n|s p/Cherokee httpd/ v/$1/ i/Gentoo/ o/Linux/ cpe:/a:cherokee-project:cherokee:$1/ cpe:/o:gentoo:linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Cherokee/([-.\w]+) \(UNIX\)\r\n|s p/Cherokee httpd/ v/$1/ o/Unix/ cpe:/a:cherokee-project:cherokee:$1/

match http m|^HTTP/1\.0 200 OK\r\nServer: HomeSeer\r\n| p/HomeSeer Home Control Web Interface/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 401 \r\nWWW-Authenticate: Basic realm=\"HomeSeer\d+\"\r\n\r\n| p/HomeSeer Home Control Web Interface/ o/Windows/ cpe:/o:microsoft:windows/a
# Multitech MultiVoip 410 VoIP gateway
match http m|^HTTP/1\.1 200 OK\r\nServer: RTXCweb Software (\d[-.\w]+)\r\nDate: .*\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<META HTTP-EQUIV=\"PRAGMA\" CONTENT=\"NO-CACHE\">\r\n<META HTTP-EQUIV=\"EXPIRES\" CONTENT=\"-1\">\r\n<script language = \"Javascript\">\r\nvar title_string = \" v \[Firmware - [\w ]+\]| p/RTXCweb/ v/$1/ i/Multitech MultiVoip VoIP gateway http config/ d/VoIP adapter/
# NetComm NB1300 ADSL Modem/Router
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: WindWeb/(\d[-.\w]+)\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"([-./\w ]+)\"\r\nContent-Type: text/html\r\n\r\n| p/WindWeb/ v/$1/ i/$2 router http config/ d/broadband router/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: SimpleServer:WWW/(\d[-.\w]+)\r\n| p/AnalogX SimpleServer httpd/ v/$1/ o/Windows/ cpe:/a:analogx:simpleserver_www:$1/ cpe:/o:microsoft:windows/a
# Xitami - Try to match PHP first!
match http m|^HTTP/1\.[01] \d\d\d .*\r\nContent-Length: \d+\r\nX-Powered-By: ([-/.\w ]+)\r\nContent-Type: .*\r\nServer: Xitami\r\n| p/Xitami httpd/ i/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Xitami\r\n|s p/Xitami httpd/
match http m|^ERROR: Malformed startup string$| p/Xitami httpd admin port/
match http m|^HTTP/1\.1 500 Server Error\r\nConnection: close\r\nContent-Length: \d+\r\nDate: .*\r\nServer: Radio UserLand/(\d[\w .]+)-([-.\w ]+)\r\n\r\n| p/Radio Userland blog server/ v/$1/ i/$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: (?:prod )?[Ff]red (\d[-.\w]+) \(build (\d+)\) HTTP Servlets\r\n\r\n|s p/Freenet Fred anonymous P2P/ v/$1 build $2/
match http m|^HTTP/1\.0 200 Ok\r\nServer: diva_httpd\r\n| p/Eicon Diva ISDN card configuration server/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Resin/(\d[-.\w]+)\r\n| p/Caucho Resin JSP engine/ v/$1/ cpe:/a:caucho:resin:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nMIME-Version: 1\.0\r\nServer: linuxconf/(\d[-.\w]+)\r\n| p/Linuxconf web configuration server/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: TinyWeb/([\d.]+)\r\n|s p/Tinyweb httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WebSitePro/(\d[-.\w]+)\r\n|s p/O'Reilly WebSite Pro/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Lucent Security Management Admin Server \r\n| p/Lucent Security Management Admin Server/ i/Lucent VPN Firewall/ cpe:/a:lucent:security_management_server/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: thttpd/(\d[-.+\w]+) ([\w?]+)\r\n| p/thttpd/ v/$1 $2/ cpe:/a:acme:thttpd:$1_$2/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: thttpd/(\d[-.+\w]+) ([\w?]+) Built-in PHP| p/thttpd/ v/$1 $2/ i/Built-in PHP/ cpe:/a:acme:thttpd:$1_$2/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: thttpd\r\n| p/thttpd/ cpe:/a:acme:thttpd/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: PHP/([\d.]+)\r\nServer: thttpd/([\w.]+) PHP/([\d.]+)\r\n|s p/thttpd/ v/$2/ i/PHP $1 ($3)/ cpe:/a:acme:thttpd:$2/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: thttpd/([\w.]+) PHP/([\d.]+)\r\n|s p/thttpd/ v/$1/ i/PHP $2/ cpe:/a:acme:thttpd:$1/ cpe:/a:php:php:$2/

match http m|^HTTP/1\.[01] (?:[^\r\n]*\r\n(?!\r\n))*?Server: FirstClass/(\d[-.\w]+)\r\n|s p/FirstClass/ v/$1/ cpe:/a:opentext:firstclass:$1/
match http m|^HTTP/1\.1 400 Bad request\r\nServer: Citrix Web PN Server\r\n| p/Citrix Metaframe ICA Browser/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: HP-ChaiServer/(\d[-.\w]+)\r\nContent-length: 0\r\n\r\n|s p/HP JetDirect printer webadmin/ i/HP-ChaiServer $1/ d/printer/
# mldonkey-2.5-3 http port on Linux 2.4.21
match http m|^HTTP/1\.[01] 404 Not Found\r\nServer: MLdonkey\r\nConnection: close\r\nContent-Type: application/x-bittorrent\r\nContent-length: 0\r\n\r\n| p/MLDonkey multi-network P2P web interface/
match http m%^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"(?:MLdonkey|P2P)\"\r\n% p/MLDonkey multi-network P2P web interface/
# Docupoint Discovery 3.0(Apache) on Windows 2000 Professional
match http m|^<html>\r<head><title>Docupoint Discovery</title>\r<META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; CHARSET=UTF-8\">\r| p/Docupoint Discovery search engine/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.1//EN\" \"http://www\.w3\.org/TR/xhtml11/DTD/xhtml11\.dtd\">\n<html><head><title>BitTorrent download info</title>\n?</head>\n<body>\n<h3>BitTorrent download info</h3>\n<ul>\n<li><strong>tracker version:</strong> (\d[-.\w]+)</li>|s p/BitTorrent P2P tracker/ v/$1/ i/bttrack.py/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: eMule\r\n.*<title>eMule (\d[-.\w]+) |s p/eMule P2P/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: eMule\r\n.*<title>eMule Plus (\d[-.\w]+) |s p/eMule Plus P2P/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: eMule\r\n.*<title>Web Interface ([\w._-]+)</title>|s p/eMule P2P/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: eMule\r\n|s p/eMule P2P/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: embedded\r\n.*<title>eMule ([\w._-]+) \[MorphXT v([\w._-]+)\]|s p/eMule MorphXT P2P/ v|$1/$2|
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: aMule\r\n.*<title>aMule (\d[-.\w]+) - Web Control Panel</title>|s p/aMule P2P/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: aMule\r\n| p/aMule P2P/
match http m|^HTTP/1\.0 200 OK\r\nServer: Agent-ListenServer-HttpSvr/1\.0\r\n.*<ComputerName>([-.\w]+)</ComputerName><version>([\d\.]+)</version>|s p/Network Associates ePolicy Orchestrator/ v/$2/ h/$1/ cpe:/a:mcafee:epolicy_orchestrator_agent:$2/
# Network Associates EPO 3.0
match http m|^HTTP/1\.0 200 OK\r\nServer: Agent-ListenServer-HttpSvr/1\.0\r\n.*<ComputerName>([-.\w]+)</ComputerName>|s p/Network Associates ePolicy Orchestrator/ h/$1/ cpe:/a:mcafee:epolicy_orchestrator_agent/
match http m|^HTTP/1\.0 403 Forbidden\r\nServer: Agent-ListenServer-HttpSvr/1\.0\r\n| p/Network Associates ePolicy Orchestrator/ cpe:/a:mcafee:epolicy_orchestrator_agent/
match http m|^HTTP/1\.0 401 Unauthorized\r\nSPIPE-Authenticate: {[-\w]+}\r\n\r\n$| p/Network Associates ePolicy Orchestrator/ cpe:/a:mcafee:epolicy_orchestrator_agent/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: [dD]ebut/(\d[-.\w]+)\r\n|s p/Debut embedded httpd/ v/$1/ i|Brother/HP printer http admin| d/printer/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: kpf\r\n| p/KDE Public Fileserver/
match http m|^HTTP/1\.1 200 OK\r\nServer: Netscape-FastTrack/(\d[-.\w]+)\r\n| p/Sun Iplanet httpd/ v/$1/ cpe:/a:netscape:fasttrack_server:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: dwhttpd/(\d[-.\w]+) \(([^\r\n\)]+)\)\r\nContent-type: text/html\r\n\r\n.*<TITLE>AnswerBook2: Personal Library</TITLE>\n|s p/Sun AnswerBook2 httpd/ v/$1/ i/$2/ cpe:/a:sun:solaris_answerbook2:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: enCoreXpress/(\d[-.\w]+)\r\n|s p/enCoreXpress MOO/ v/$1/ i|http://lingua.utdallas.edu/encore|
# Lispweb 2.0 Allegro Common Lisp.
match http m|^HTTP/1\.0 \d\d\d .*\nMime-Version: .*\nServer: LispWeb (\d[-.\w]+) \(acl\)\n| p/Lispweb httpd/ v/$1/
# World Client for MDaemon (www.altn.com) on Windows 2000
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: WDaemon/(\d[-.\w]+)\r\n| p/World Client WDaemon httpd/ v/$1/ i/Alt-N MDaemon webmail/ o/Windows/ cpe:/a:altn:mdaemon/ cpe:/o:microsoft:windows/a
# pop3proxy web interface from spambayes 1.0a5 on Linux
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: close\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\">\r\n<html>\r\n<head>\r\n<title id=\"title\">Home</title>\r\n<meta content=\"no-cache\" http-equiv=\"Pragma\"/>\r\n<meta content=\"no-cache\" http-equiv=\"Cache\"/>\r\n| p/Spambayes pop3proxy web interface/
# Oracle XML Database - SuSe Linux 8.1 Personal, Linux 2.4.19, Oracle9i Database
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle XML DB/(Oracle[\w]+ Enterprise Edition Release) (\d[-.\w]+) |s p/Oracle XML DB Enterprise Edition httpd/ v/$2/ i/$1/ cpe:/a:oracle:database_server:$2::enterprise/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle XML DB/Oracle Database\r\n|s p/Oracle XML DB Enterprise Edition httpd/ cpe:/a:oracle:database_server:::enterprise/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Oracle9iAS \((\d[-.\w]+)\) Containers for J2EE\r\n| p/Oracle 9iAS J2EE httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Oracle9iAS/(\d[-.\w]+) Oracle HTTP Server\r\n| p/Oracle 9iAS httpd/ v/$1/ cpe:/a:oracle:http_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Oracle9iAS\r\n| p/Oracle 9iAS httpd/ cpe:/a:oracle:http_server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nAllow: .*\r\nServer: Oracle9iAS-Web-Cache/(\d[-.\w]+)\r\n| p/Oracle 9iAS Web Cache/ v/$1/ cpe:/a:oracle:application_server_web_cache:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle9iAS/(\d[-.\w]+)  Lotus-Domino Oracle9iAS-Web-Cache/(\d[-.\w]+) |s p/Lotus Domino httpd/ i/Proxied by Oracle9iAS $1 Web Cache $2/ cpe:/a:ibm:lotus_domino_web_server/ cpe:/a:oracle:application_server_web_cache:$2/
match http m|^HTTP/1\.1 401 Unauthorized.*\r\nWWW-Authenticate:.*\r\nDate:.*\r\nServer:Criston Precision Agent (\d[-_.\w]+)| p/Criston Precision Agent/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: ALT-N SecurityGateway ([0-9]+.[0-9]+.[0-9]+)| p/ALT-N SecurityGateway httpd/ v/$1/

# ntop - lots of submissions
match ntop-http m|^HTTP/1\.0 \d\d\d .*\nServer: ntop/(\d[-.\w]+) [^\r\n]*\([\w\d-]*linux[\w\d-]*\)\r?\n|s p/Ntop web interface/ v/$1/ o/Linux/ cpe:/a:ntop:ntop:$1/ cpe:/o:linux:linux_kernel/a
match ntop-http m|^HTTP/1\.0 \d\d\d .*\nServer: ntop/(\d[-.\w]+) \([\w\d.-]*freebsd[\w\d.-]*\)\r?\n|s p/Ntop web interface/ v/$1/ o/FreeBSD/ cpe:/a:ntop:ntop:$1/ cpe:/o:freebsd:freebsd/a
match ntop-http m|^HTTP/1\.0 \d\d\d .*\nServer: ntop/(\d[-.\w]+) \(([-.\w]+)\)\n|s p/Ntop web interface/ v/$1/ i/$2/ cpe:/a:ntop:ntop:$1/
match ntop-http m|^HTTP/1\.0 \d\d\d .*\nServer: ntop/(\d[-.\w]+) \([^\)\r]+\)\r\n|s p/Ntop web interface/ v/$1/ cpe:/a:ntop:ntop:$1/
match ntop-http m|^HTTP/1\.0 \d\d\d .*Server: ntop/([-\w_.]+)|s p/Ntop web interface/ v/$1/ cpe:/a:ntop:ntop:$1/
match ntop-http m|^HTTP/1\.0 401 Unauthorized to access the document\nWWW-Authenticate: Basic realm=\"ntop HTTP server\"\n| p/Ntop web interface/ cpe:/a:ntop:ntop/
match ntop-http m|^HTTP/1\.0 \d\d\d .*Server: ntop/([\d.]+) SourceForge \.tgz \(([-\w_.]+)\)\r\n|s p/Ntop web interface/ v/$1 SourceForge .tgz/ i/platform $2/ cpe:/a:ntop:ntop:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apt-proxy (\d[-.\w]+)\r\n|s p/Debian Apt-proxy/ v/$1/
match http m|^HTTP/1\.0 404 NON-EXISTENT BACKEND\r\n\r\n$| p/Debian Apt-proxy/ i/Broken: no backend/
# This one is too general; I'm not including it -Doug
#match http m|^HTTP/1\.0 404 Not Found(\r\nConnection: close)?\r\n\r\n$| p/Debian Apt-proxy/

match http m|^HTTP/1\.0 200 OK\r\nServer: eHTTP v([\w._-]+)\r\n.*<title>\s*([\w._-]+)\s*-\s*(?:HP )?(?:\w+ )?ProCurve Switch ([\w._-]+)|s p/eHTTP/ v/$1/ i/HP ProCurve Switch $3 http config/ h/$2/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:procurve_switch_$3/ cpe:/o:hp:procurve_switch_software/
match http m|^HTTP/1\.0 200 OK\r\nServer: eHTTP v([\w._-]+)\r\n.*<title>\s*(?:HP )?(?:\w+\s+)?ProCurve Switch ([\w._-]+)|s p/eHTTP/ v/$1/ i/HP ProCurve Switch $2 http config/ d/switch/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:procurve_switch_$2/ cpe:/o:hp:procurve_switch_software/
match http m|^HTTP/1\.0 200 OK\r\nServer: eHTTP v([\w._-]+)\r\n.*<title>\s*([\w._-]+)\s*-\s*(?:HP )?(?:\w+ )?ProCurve ([\w._-]+) Switch|s p/eHTTP/ v/$1/ i/HP ProCurve Switch $3 http config/ h/$2/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:procurve_switch_$3/ cpe:/o:hp:procurve_switch_software/
match http m|^HTTP/1\.0 200 OK\r\nServer: eHTTP v([\w._-]+)\r\n.*<title>\s*(?:HP )?(?:\w+\s+)?ProCurve ([\w._-]+) Switch|s p/eHTTP/ v/$1/ i/HP ProCurve Switch $2 http config/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:procurve_switch_$2/ cpe:/o:hp:procurve_switch_software/
match http m|^HTTP/1\.0 200 OK\r\nServer: eHTTP v([\w._-]+)\r\n.*<title>\s*([ \w._-]+?)\s*-\s*(?:HP )?(?:\w+ )?ProCurve Switch ([\w._-]+)|s p/eHTTP/ v/$1/ i/HP ProCurve Switch $3 http config; "$2"/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:procurve_switch_$3/ cpe:/o:hp:procurve_switch_software/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: eHTTP v([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"HP ([-.\w]+)\"\r\n\r\n|s p/eHTTP/ v/$1/ i/HP $2 http config/ d/switch/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:$2/a cpe:/o:hp:procurve_switch_software/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: eHTTP v([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"ProCurve (J\w+)\"\r\n\r\n|s p/eHTTP/ v/$1/ i/HP ProCurve Switch $2 http config/ d/switch/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:procurve_switch_$2/ cpe:/o:hp:procurve_switch_software/
# HP ProCurve 1810G - 24 GE, P.2.2, eCos-2.0, CFE-2.1
match http m|^HTTP/1\.1 200 OK\r\nServer: Web Server\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n\r\n   <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\">\n<HTML>\n<HEAD>\n   <TITLE>Login</TITLE>| p/HP ProCurve Switch 1810G http config/ d/switch/ cpe:/h:hp:procurve_switch_1810g/ cpe:/o:hp:procurve_switch_software/
match http m|^HTTP/1\.0 200 OK\r\nServer: eHTTP v([\w._-]+)\r\n.*<title>HP Virtual Stack</title>\n<!-- Changed by: Jon A\. LaRosa, 26-Apr-2000 -->\n|s p/eHTTP/ v/$1/ i/HP ProCurve Switch 2626 http config/ d/switch/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:procurve_switch_2626/ cpe:/o:hp:procurve_switch_software/
match http m|^HTTP/1\.0 200 OK\r\nServer: eHTTP v([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 115\r\nCache-Control: no-cache\r\nSet-Cookie: sessionId =;path=/; postId=[^;]*; \r\n\r\n<html>\r\n<head>\r\n<meta http-equiv=\"Refresh\"\r\ncontent=\"1;url=html/nhome\.html\">\r\n</head>\r\n\r\n<body>\r\n</body>\r\n</html>\r\n| p/eHTTP/ v/$1/ i/HP 2530 switch http config/ d/switch/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:2530/
# 5406zl, 2920-POE+, 2530-48G
match http m|^HTTP/1\.0 200 OK\r\nServer: eHTTP v([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: sessionId ?=\w|s p/eHTTP/ v/$1/ i/HP switch http config/ d/switch/ cpe:/a:ehttp:ehttp:$1/


match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Sun-ONE-Application-Server/([\w._-]+)\r\n|s p/Sun ONE Application Server/ v/$1/ cpe:/a:sun:one_application_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: SunONE WebServer ([\w._-]+)\r\n|s p/Sun ONE Web Server/ v/$1/ cpe:/a:sun:one_web_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Sun-ONE-Web-Server/([\w._-]+)\r\n|s p/Sun ONE Web Server/ v/$1/ cpe:/a:sun:one_web_server:$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Sun ONE Web Server ([\w._-]+)\r\n|s p/Sun ONE Web Server/ v/$1/ cpe:/a:sun:one_web_server:$1/

match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: IBM_HTTP_Server/(\d[-.\w]+) +(?:Apache/)?(\d[-.\w]+) \(([^\r\n]+)\)\r\n|i p/IBM HTTP Server/ v/$1/ i/Derived from Apache $2; $3/ cpe:/a:ibm:http_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: IBM_HTTP_Server/(\d[-.\w]+) +(?:Apache/)?(\d[-.\w]+)\r\n|i p/IBM HTTP Server/ v/$1/ i/Derived from Apache $2/ cpe:/a:ibm:http_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: IBM_HTTP_SERVER/(\d[-.\w]+) +Apache/(\d[-.\w]+) \(Unix\) DAV/([\d.]+)\r\n| p/IBM HTTP Server/ v/$1/ i/Derived from Apache $2; DAV $3/ o/Unix/ cpe:/a:ibm:http_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: IBM_HTTP_SERVER/(\d[-.\w]+) +Apache/(\d[-.\w]+) \(Unix\) PHP/([\d.]+)\r\n| p/IBM HTTP Server/ v/$1/ i/Derived from Apache $2; PHP $3/ o/Unix/ cpe:/a:ibm:http_server:$1/ cpe:/a:php:php:$3/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: IBM_HTTP_SERVER/(\d[-.\w]+) +Apache/(\d[-.\w]+) \(Unix\) mod_jk\r\n| p/IBM HTTP Server/ v/$1/ i/Derived from Apache $2; using mod_jk/ o/Unix/ cpe:/a:ibm:http_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: IBM_HTTP_Server/(\d[-.\w]+) (Apache/.*)\r\n| p/IBM HTTP Server/ v/$1/ i/Derived from $2/ cpe:/a:ibm:http_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: IBM_HTTP_Server/(\d[-.\w]+) (Apache/.*) \(Win32\)\r\n|s p/IBM HTTP Server/ v/$1/ i/Derived from $2/ o/Windows/ cpe:/a:ibm:http_server:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: IBM_HTTP_Server/(\d[-.\w]+) \(Win32\)\r\n|s p/IBM HTTP Server/ v/$1/ i/Derived from Apache/ o/Windows/ cpe:/a:ibm:http_server:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: IBM_HTTP_Server/(\d[-.\w]+) \(Unix\)\r\n|s p/IBM HTTP Server/ v/$1/ i/Derived from Apache/ o/Unix/ cpe:/a:ibm:http_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: IBM_HTTP_Server\r\n| p/IBM HTTP Server/ i/Derived from Apache/ cpe:/a:ibm:http_server/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: IBM_HTTP_Server\r\n|s p/IBM HTTP Server/ i/Derived from Apache/ cpe:/a:ibm:http_server/


# Embedded HTTP Server: http://xaxxon.slackworks.com/ehs/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Embedded HTTP Server ([\w_.]+)\r\nWWW-Authenticate: Basic realm=\"(USR\d+)\"\r\nConnection: close\r\n\r\n| p/Embedded HTTP Server/ v/$1/ i/USRobotics $2 wireless router http config/ d/router/ cpe:/h:usrobotics:$2/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Embedded HTTP Server *([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"DI-(\w+) *\"\r\n| p/Embedded HTTP Server/ v/$1/ i/D-Link DI-$2 http config/ d/WAP/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Embedded HTTP Server v([\w._-]+)\r\n.*<body bgcolor=\"#DAE3EB\"|s p/Embedded HTTP Server/ v/$1/ i/SMC wireless router http config/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Embedded HTTP Server v([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"DWL-810\+\"\r\n| p/Embedded HTTP Server/ v/$1/ i/D-Link DWL-810+ WAP http config/ d/WAP/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Embedded HTTP Server V([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(DWL-[\w+-.]+)\"\r\n| p/Embedded HTTP Server/ v/$1/ i/D-Link $2 WAP http config/ d/WAP/ cpe:/h:dlink:$2/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Embedded HTTP Server USR([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"([^"]+)\"\r\nConnection: close\r\n\r\n<| p/Embedded HTTP Server/ v/$1/ i/USRobotics router http config; name $2/ d/router/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Embedded HTTP Server ([\w._-]+)    \r\nWWW-Authenticate: Basic realm=\"([^"]+)\"\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#ffffff\"><H4>401 Unauthorized</H4></BODY></HTML>\n$| p/Embedded HTTP Server/ v/$1/ i/D-Link DWL-9000+ WAP http config; name $2/ d/WAP/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Embedded HTTP Server ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"AP0F1D85\"\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#ffffff\"><H4>401 Unauthorized</H4></BODY></HTML>\n| p/Embedded HTTP Server/ v/$1/ i/Topcom skyracer 544 router http config/ d/router/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Embedded HTTP Server ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"([^"]+)\".*\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#ffffff\"><H4>401 Unauthorized</H4></BODY></HTML>\n|s p/Embedded HTTP Server/ v/$1/ i/D-Link DWL-624 WAP http config; name $2/ d/WAP/ cpe:/h:dlink:dwl-624/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Embedded HTTP Server ([\w._ -]+)\r\nWWW-Authenticate: Basic realm=\"AP-Router\"\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#ffffff\"><H4>401 Unauthorized</H4></BODY></HTML>\n| p/Embedded HTTP Server/ v/$1/ i/Topcom wireless router http config/ d/router/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Embedded HTTP Server ([\w._-]+) *\r\nWWW-Authenticate: Basic realm=\"(DWL-[-+.\w]+)\"\r\n| p/Embedded HTTP Server/ v/$1/ i/D-Link $2 http config/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Embedded HTTP Server ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"([-+.\w]+)\"\r\nConnection:| p/Embedded HTTP Server/ v/$1/ i/D-Link $2 http config/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Embedded HTTP Server v([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(DWL-[-+.\w]+)\"\r\nConnection: close\r\n\r\n| p/Embedded HTTP Server/ v/$1/ i/D-Link $2 http config/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Embedded HTTP Server V([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"802\.11g Wireless Broadband Router\"\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#ffffff\"><H4>401 Unauthorized</H4></BODY></HTML>\n| p/Embedded HTTP Server/ v/$1/ i/Topcom Skyr@cer WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Embedded HTTP Server\.\r\n.*<meta http-equiv=\"refresh\" content=\"0; URL=/cgi-bin/welcome\.cgi\">|s p/Embedded HTTP Server/ i/Linksys RVL200 VPN router http config/ d/router/ cpe:/h:linksys:rvl200/a
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Embedded HTTP Server\.\r\n.*<meta http-equiv=\"refresh\" content=\"0; URL=/scgi-bin/index\.htm\">|s p/Embedded HTTP Server/ i/Netgear ProSafe firewall http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Embedded HTTP Server\.\r\n.*<meta http-equiv=\"refresh\" content=\"0; URL=/scgi-bin/platform\.cgi\">|s p/Embedded HTTP Server/ i/Cisco firewall http config/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\nServer: Embedded Web Server\r\n.*<TITLE>Enterasys Login</TITLE>|s p/Embedded HTTP Server/ i/Enterasys C5124 switch http config/ d/switch/ cpe:/h:enterasys:c5124/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Embedded HTTP Server ([\d.]+)\r\n| p/Embedded HTTP Server/ v/$1/
# The "malformed or illegal" matches a Boa server elsewhere in the file.
match http m|^HTTP/1\.0 400 Bad Request\r\nDate: .*\r\nServer: Embedded HTTP Server\.\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\n\r\n<HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD>\n<BODY><H1>400 Bad Request</H1>\nYour client has issued a malformed or illegal request\.\n</BODY></HTML>\n$| p/Boa httpd/ i/BillionGuard router/ d/router/ cpe:/a:boa:boa/
# Maybe a different "Embedded HTTP Server."
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"VPN\"\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nConnection: close\r\nServer: Embedded HTTP Server v([\d.]+), \d+, Magic Control Technology Inc\.\r\n\r\n| p/Magic Control Technology Embedded HTTP Server/ v/$1/ i/IOGear BOSS http config/ d/storage-misc/

# D-Link DWL-1000AP webadmin
match http m|^HTTP/1\.0 200 OK\r\nServer: PSIWBL/(\d[-.\w]+)\r\nDate: .*Title: www\r\n\r\n<HTML>\n <HEAD>\n   <meta http-equiv=\"Refresh\" content=\"0; url=/startup/startup\.shtml\">\n </HEAD>\n <BODY>\n </BODY>\n</HTML>$|s p/PSIWBL/ v/$1/ i/D-Link http config/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"(DIR-\w+)\"\r\n|s p/D-Link $1 WAP http config/ d/WAP/ cpe:/h:dlink:$1/a
# D-Link DWL-1000AP Wireless Access Point
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: PSIWBL/(\d[-.\w]+)\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Enter Password \(Leave User Name Empty\)\"\r\n| p/PSIWBL/ v/$1/ i/D-Link http config/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: WhatsUp_Gold/(\d[-.\w]+)\r\n| p/Ipswitch WhatsUp Gold/ v/$1/ cpe:/a:ipswitch:whatsup_gold:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(MR[-.\w]+)\"\r\nContent-Type: text/html\r\nServer: ZyXEL-RomPager/(\d[-.\w]+)\r\n\r\n| p/ZyXEL RomPager/ v/$2/ i|Netgear $1 WAP/router http config| d/WAP/ cpe:/a:zyxel:rompager:$2/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(R[PT][-.\w]+)\"\r\nContent-Type: text/html\r\nServer: ZyXEL-RomPager/(\d[-.\w]+)\r\n\r\n| p/ZyXEL RomPager/ v/$2/ i/Netgear $1 router http config/ d/router/ cpe:/a:zyxel:rompager:$2/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: ZyXEL-RomPager/([\w._-]+)\r\n|s p/ZyXEL RomPager/ v/$1/ cpe:/a:zyxel:rompager:$1/
# Netgear MR814 wireless router remote administration, Firmware 4.13 Aug 20 2003
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(MR[-.+\w]+)\"\r\nServer: Embedded HTTPD v(\d[-.\w]+), (.*)\r\n| p/Embedded HTTPD/ v/$2/ i/Netgear $1 WAP http config; $3/ d/WAP/ cpe:/h:netgear:$1/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Prestige ([-.\w ]+)\"\r\nContent-Type: text/html\r\nServer: ZyXEL-RomPager/(\d[-.\w ]+)\r\n\r\n| p/ZyXEL Prestige webadmin/ v/$2/ i/Prestige model $1/ cpe:/a:zyxel:rompager:$2/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Prestige ([-.\w ]+)\"\r\nContent-Type: text/html\r\nServer: RomPager/(\d[-.\w ]+) ([-./\w]+)\r\n\r\n| p/ZyXEL Prestige webadmin/ v/$2/ i/Prestige model $1; $3/ cpe:/a:zyxel:rompager:$2/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Roxen/(\d[-.\w]+)\r\n|s p/Roxen/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Roxen\r\n|s p/Roxen/
# A-link (Avaks) Hasbani Web Server on RoadRunner 44b ADSL Router
match http m|^HTTP/1\.1 403 Forbidden\r\nServer: WindWeb/(\d[-.\w]+)\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Home Gateway\"\r\nContent-Type: text/html\r\n\r\nHasbani Web Server| p/WindWeb/ v/$1/ i/A-link Hasbani http config/ d/broadband router/ cpe:/a:windriver:windweb:$1/
# Sambar Server V5.3 on Windows NT
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: SAMBAR ([\d.]+)\r\n| p/Sambar/ v/$1/ cpe:/a:sambar:sambar_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: SAMBAR\r\n| p/Sambar/ cpe:/a:sambar:sambar_server/
match http m|^HTTP/1\.1 .*\r\nDate: .*\r\nServer: aEGiS_nanoweb/(\d[-.\w]+) \(([^\)]+)\)\r\n| p/AEGiS Nanoweb httpd/ v/$1/ i/$2/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WebLogic WebLogic Server (\d[-.\w]+(?: SP\d+)?) +\w\w\w|s p/WebLogic applications server/ v/$1/ cpe:/a:oracle:weblogic_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WebLogic ([\d.]+) Service Pack (\d+) [^\r\n]+\r\n|s p/WebLogic applications server/ v/$1/ i/Service Pack $2/ cpe:/a:oracle:weblogic_server:$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: WebLogic Server ([\d.]+ SP\d+) | p/WebLogic httpd/ v/$1/ cpe:/a:oracle:weblogic_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Date: .*<META NAME=\"GENERATOR\" CONTENT=\"WebLogic Server\">\n|s p/WebLogic httpd/ cpe:/a:oracle:weblogic_server/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Connection: close\r\nDate: .*\nX-Powered-By: Servlet/([\w._-]+) JSP/([\w._-]+)\r\n|s p/Oracle WebLogic Server/ i/Servlet $1; JSP $2/ cpe:/a:oracle:jsp:$2/ cpe:/a:oracle:weblogic_server/
# Samba 3.0.0rc4-Debian
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"SWAT\"\r\n| p/Samba SWAT administration server/ cpe:/a:samba:samba/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nDate: .*\n<TITLE>Samba Web Administration Tool</TITLE>|s p/Samba SWAT administration server/ cpe:/a:samba:samba/
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>.*</TITLE></HEAD><BODY><H1>.*</H1>Samba is configured to deny access from this client\n<br>Check your \"hosts allow\" and \"hosts deny\" options in smb\.conf <p></BODY></HTML>\r\n\r\n$| p/Samba SWAT administration server/ i/Access denied/ cpe:/a:samba:samba/
match http m|^HTTP/1\.0 500 Server Error\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>500 Server Error</TITLE></HEAD><BODY><H1>500 Server Error</H1>chdir failed - the server is not configured correctly<p></BODY></HTML>\r\n\r\n| p/Samba SWAT administration server/ i/broken/ cpe:/a:samba:samba/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: icecast/(\d[-.\w]+)\r\n| p/Icecast streaming media server/ v/$1/ cpe:/a:xiph:icecast:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Icecast (\d[-.\w]+)\r\n| p/Icecast streaming media server/ v/$1/ cpe:/a:xiph:icecast:$1/
match http m|^HTTP/1\.0 404 Not Available\r\nContent-Type: text/html\r\n\r\n<b>Could not parse XSLT file</b>\r\n| p/Icecast streaming media server/ cpe:/a:xiph:icecast/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n.*<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n<title>Icecast for ([\w._-]+ \[Station\])</title>\n<link rel=\"stylesheet\" type=\"text/css\" href=\"style\.css\">|s p/Icecast streaming media server/ i/$1/ cpe:/a:xiph:icecast/
match http m|^HTTP/1\.0 \d\d\d [^\r\n]*\r\n.*<title>Icecast Streaming Media Server</title>\n|s p/Icecast streaming media server/ cpe:/a:xiph:icecast/
match http m=^HTTP/1\.1 200 OK\r\nContent-Type: (?:audio/mpeg|application/x-ogg)\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-cache, no-store\r\n\r\n= p/mpd/ i/Music Player Daemon streaming media server/
match http m|^HTTP/1\.0 200 OK\r\nServer: HP-Web-Server-(\d[-.\w]+)\r\n.*<!-- framework\.ini ([A-Z]:\\[-.\w \\]+)-->|s p/HP Web Jetwebadmin/ v/$1/ i/framework.ini: $2/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nServer: HP-Web-Server-(\d[-.\w]+)\r\n.*<!-- framework\.ini (/[\w\\/-_. ]+)-->|s p/HP Web Jetwebadmin/ v/$1/ i/framework.ini: $2/ o/Unix/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: HP Web Jetadmin (\d[-.\w]+)\r\n| p/HP Web Jetadmin print server http config/ v/$1/ d/print server/ cpe:/a:hp:web_jetadmin:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: HP Web Jetadmin/(\d[-.\w]+) (.*)\r\n| p/HP Web Jetadmin print server http config/ v/$1/ i/$2/ d/print server/ cpe:/a:hp:web_jetadmin:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: HP-Web-JetAdmin-(\d[-.\w]+)\r\n| p/HP Web Jetadmin print server http config/ v/$1/ d/print server/ cpe:/a:hp:web_jetadmin:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Tomcat Web Server/(\d[-.\w ]+) \( ([^)]+) \)\r\n|s p/Apache Tomcat/ v/$1/ i/$2/ cpe:/a:apache:tomcat:$1/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Tomcat Web Server/(\d[-.\w ]+)\r\n\r\n|s p/Apache Tomcat/ v/$1/ cpe:/a:apache:tomcat:$1/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Servlet-Engine: Tomcat Web Server/(\d[-.\w]+) \(([^\)]+)\)\r\n|s p/Apache Tomcat/ v/$1/ i/$2/ cpe:/a:apache:tomcat:$1/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Servlet-Engine: Tomcat Web Server/(\d[-.\w]+) \(([^\)]+)\) \(([^\)]+)\)\r\n|s p/Apache Tomcat/ v/$1/ i/$2; $3/ cpe:/a:apache:tomcat:$1/a
match http m|^HTTP/1\.1 \d\d\d [^\r\n]+\r\nContent-Type: text/html;charset=.*\r\nServer: Apache\r\n\r\n[\r\n]*<!DOCTYPE html>.*<title>Apache Tomcat/(\d[\w._-]+)(?: - Error report)?</title>|s p/Apache Tomcat/ v/$1/ cpe:/a:apache:tomcat:$1/a
match http m|^HTTP/1\.0 200 OK\r\nServer: 3ware/(\d[-.\w]+)\r\n.*<title>3ware 3DM - No remote access</title>|s p/3Ware 3DM Raid Daemon/ v/$1/ i/Access denied/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: publicfile|s p/publicfile httpd/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Apache\r\n.*<title>BIG-IP&reg;- Redirect</title>|s p/Apache httpd/ i/F5 BIG-IP load balancer/ d/load balancer/ cpe:/a:apache:http_server/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Apache\r\n.*<title>VisualSVN Server</title>|s p/Apache httpd/ i/VisualSVN/ cpe:/a:apache:http_server/
# X-KBOX-WebServer and X-KBOX-Version headers have same info
match http m|^HTTP/1\.1 200 OK\r.*\nServer: Apache\r.*\nX-DellKACE-Appliance: (\w+)\r\nX-DellKACE-Host: ([\w.-]+)\r\nX-DellKACE-Version: ([\d.]+)\r\n|s p/Dell KACE Management Appliance/ v/$3/ i/model $1; Apache httpd/ d/remote management/ h/$2/ cpe:/a:dell:kace_$1_systems_management_appliance_software:$3/ cpe:/h:dell:kace_$1_systems_management_appliance/
match http m|^HTTP/1\.1 401 Authorization Required\r\nDate: .*\r\nServer: Apache\r\nWWW-Authenticate: Digest realm=\"Sage Digital ENDEC\"| p/Apache httpd/ i|SAGE Digital ENDEC EAS/CAP receiver unit| cpe:/a:apache:http_server/

match http m|^HTTP/1\.[01] \d\d\d.*\r\nDate: .*\r\nServer: Apache-AdvancedExtranetServer/(\d[-.\w]+) \(Mandrake ?[Ll]inux/[-.\w]+\) (.*)\r\n| p/Apache Advanced Extranet Server httpd/ v/$1/ i/$2/ o/Linux/ cpe:/a:apache:http_server:$1/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d.*\r\nDate: .*\r\nServer: Apache-AdvancedExtranetServer/(\d[-.\w]+) \(Mandrake ?[Ll]inux/[-.\w]+\)\r\n| p/Apache Advanced Extranet Server httpd/ v/$1/ o/Linux/ cpe:/a:apache:http_server:$1/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d.*\r\nDate: .*\r\nServer: Apache-AdvancedExtranetServer/(\d[-.\w]+) \(Linux-Mandrake/[-.\w]+\)\r\n| p/Apache Advanced Extranet Server httpd/ v/$1/ o/Linux/ cpe:/a:apache:http_server:$1/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d.*\r\nDate: .*\r\nServer: Apache-AdvancedExtranetServer/(\d[-.\w]+) \(Linux-Mandrake/[-.\w]+\) (.*)\r\n| p/Apache Advanced Extranet Server httpd/ v/$1/ i/$2/ o/Linux/ cpe:/a:apache:http_server:$1/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d.*\r\nDate: .*\r\nServer: Apache-AdvancedExtranetServer/(\d[-.\w]+)\r\n| p/Apache Advanced Extranet Server httpd/ v/$1/ o/Linux/ cpe:/a:apache:http_server:$1/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d.*\r\nDate: .*\r\nServer: Apache-AdvancedExtranetServer\r\n|s p/Apache Advanced Extranet Server httpd/ o/Linux/ cpe:/a:apache:http_server/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d.*\r\nDate: .*\r\nServer: ?(.*) Apache-AdvancedExtranetServer/(\d[-.\w]+) \(Mandrakelinux/[-.\w]+\) ?(.*)\r\n| p/Apache Advanced Extranet Server httpd/ v/$2/ i/$1 $3/ o/Linux/ cpe:/a:apache:http_server:$2/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d.*\r\nDate: .*\r\nServer: Apache-AdvancedExtranetServer/(\d[-.\w]+) \(Mandriva Linux/PREFORK-([-\w_.]+)\) (.*)\r\n| p/Apache Advanced Extranet Server httpd/ v/$1/ i/Mandriva $2; $3/ o/Linux/ cpe:/a:apache:http_server:$1/ cpe:/o:mandriva:linux/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache-AdvancedExtranetServer/([\d.]+) \(Mandrakelinux/PREFORK-([-\w_.]+)\) ?([^\r\n]*)\r\n|s p/Apache Advanced Extranet Server httpd/ v/$1/ i/Mandrake $2; $3/ o/Linux/ cpe:/a:apache:http_server:$1/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache Tomcat/(\d[-.\w]+)|s p/Apache Tomcat/ v/$1/ cpe:/a:apache:tomcat:$1/a
match http m|^HTTP/1\.[01] \d\d\d.*\r\nServer: Apache[- ]Coyote/(\d[-\d.]+)\r\n.*/Tomcat-(\d[-\d.]+)\r\n|s p|Apache Tomcat/Coyote JSP engine| v/$1/ i/Tomcat $2/ cpe:/a:apache:coyote_http_connector:$1/ cpe:/a:apache:tomcat:$2/
match http m|^HTTP/1\.[01] \d\d\d.*\r\nServer: Apache[- ]Coyote/(\d[-\d.]+)\r\n|s p|Apache Tomcat/Coyote JSP engine| v/$1/ cpe:/a:apache:coyote_http_connector:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache/([\w._-]+) Ben-SSL/([\w._-]+) \(Unix\)\r\n|s p/Apache httpd/ v/$1/ i/Ben-SSL $2/ o/Unix/ cpe:/a:apache:http_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*<address>Apache Server at ([\w._-]+) Port \d+</address>\n</body></html>\n$|s p/Apache httpd/ h/$1/ cpe:/a:apache:http_server/a
# https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/http/http_protocol.c
match http m|^HTTP/1\.1 401 Authorization Required\r\n(?:[^\r\n]+\r\n)*?Server: Apache\r\n(?:[^\r\n]+\r\n)*?\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<html><head>\n<title>401 Authorization Required</title>\n</head><body>\n<h1>Authorization Required</h1>\n<p>This server could not verify that you\nare authorized to access the document\nrequested\.  Either you supplied the wrong\ncredentials \(e\.g\., bad password\), or your\nbrowser doesn't understand how to supply\nthe credentials required\.</p>\n</body></html>\n$|s p/Apache httpd/ cpe:/a:apache:http_server/

# Apache Stronghold
match http m|^HTTP/1\.[01] \d\d\d.*\r\nDate:.*\r\nServer: Stronghold/([-.\w]+) Apache/([-.\w]+)| p/Apache Stronghold httpd/ v/$1/ i/based on Apache $2/ cpe:/a:redhat:stronghold:$1/
softmatch http m|^HTTP/1\.[01] \d\d\d.*\r\nDate:.*\r\nServer: Stronghold| p/Apache Stronghold httpd/ i/based on Apache/ cpe:/a:redhat:stronghold/


match ssl/http m|^HTTP/1.1 400 Bad Request\r\n.*?Server: nginx/([\d.]+)[^\r\n]*?\r\n.*<title>400 The plain HTTP request was sent to HTTPS port</title>|s p/nginx/ v/$1/ cpe:/a:igor_sysoev:nginx:$1/
match ssl/http m|^HTTP/1.1 400 Bad Request\r\n.*<title>400 The plain HTTP request was sent to HTTPS port</title>|s p/nginx/ cpe:/a:igor_sysoev:nginx/
match http m|^HTTP/1\.[01] \d\d\d.*?\r\nServer: nginx\r\n|s p/nginx/ cpe:/a:igor_sysoev:nginx/
match http m|^HTTP/1\.[01] \d\d\d.*\r\nServer: nginx/([\d.]+)\r\n|s p/nginx/ v/$1/ cpe:/a:igor_sysoev:nginx:$1/
match http m|^HTTP/1\.[01] \d\d\d.*\r\nServer: nginx/([\d.]+) \(Ubuntu\)\r\n|s p/nginx/ v/$1/ i/Ubuntu/ o/Linux/ cpe:/a:igor_sysoev:nginx:$1/ cpe:/o:canonical:ubuntu_linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d.*\r\nServer: nginx/([\d.]+) \+ ([^\r\n]*)\r\n|s p/nginx/ v/$1/ i/$2/ cpe:/a:igor_sysoev:nginx:$1/

# Citrix NFuse 2.0 on MS IIS 5.0
match http m|^HTTP/1\.[01].*\r\nServer: Microsoft-IIS/([-.\w]+)\r\n(?:[^\r\n]+\r\n)*?Content-Location: http://[^/]+/nfuse.htm\r\n.*\r\n---- NFuse ([-.\w]+) \(Build |s p/Citrix NFuse/ v/$2/ i/Microsoft IIS $1/ o/Windows/ cpe:/a:microsoft:internet_information_services:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01].*\r\nServer: Microsoft-IIS/([-.\w]+)\r\n|s p/Microsoft IIS httpd/ v/$1/ o/Windows/ cpe:/a:microsoft:internet_information_services:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01].*\r\nServer: Microsoft-IIS/([-.\w]+) (mod_perl/[-.\w]+ Perl/[-.\w]+)\r\n|s p/Microsoft IIS httpd/ v/$1/ i/$2/ o/Windows/ cpe:/a:microsoft:internet_information_services:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nDate: .+\r\nServer: Tomcat/([-.\w]+)\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServlet-Engine: Tomcat/[-.\w]+ \(Java ([-.\w]+); SunOS ([-.\w]+) (\w+); java\.vendor=Sun Microsystems Inc\.\)\r\n| p/Solaris management console server/ i/Java $2; Tomcat $1; SunOS $3 $4/ o/SunOS/ cpe:/a:apache:tomcat:$1/ cpe:/a:sun:jre:$2/ cpe:/o:sun:sunos:$3/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CommuniGatePro/([-.\w ]+)\r\n|s p/CommuniGate Pro httpd/ v/$1/ cpe:/a:stalker:communigate_pro/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: DSS ([-.\w]+) Admin Server/([-.\w]+)|s p/DarwinStreamingServer/ v/$1/ i/Admin Server $2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: QTSS (\d[-.\w]+) Admin Server/(\d[-.\w]+)\r\n| p/Apple QTSS Admin Server/ v/$2/ i/from QTSS $1/ cpe:/a:apple:quicktime_streaming_server:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: fnord/(\d[-.\w]+)\r\n| p/Fnord httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Fnord\r\n| p/Fnord httpd/
match http m=^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<title>Not Found</title>(?:This host is not served here\.|No such file or directory\.)$= p/Fnord httpd/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: MiniServ/([\d.]+)\r\n|s p/MiniServ/ v/$1/ i/Webmin httpd/
match http m|^HTTP/1.1 200 OK\r\nServer: NetWare-Enterprise-Web-Server/([-.\w]+)\r\n| p/Novell NetWare enterprise web server/ v/$1/ o/NetWare/ cpe:/o:novell:netware/a
match http m|^HTTP/1.1 302 Object Moved Temporarily\r\nServer: NetWare HTTP Stack\r\n| p/Novell NetWare HTTP Stack/ i/HTTPSTK.NLM/ o/NetWare/ cpe:/o:novell:netware/a
match http m|^HTTP/1.1 \d\d\d [\w ]+\r\nServer: NetWare HTTP Stack\r\n| p/Novell NetWare HTTP Stack/ i/HTTPSTK.NLM/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: HTTPd-WASD/([-.\w]+) OpenVMS/(.*)\r\n| p/WASD httpd/ v/$1/ i/$2/ o/OpenVMS/ cpe:/o:hp:openvms/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: HTTPd-WASD/([-.\w]+) OpenVMS/(.*)\r\n| p/WASD httpd/ v/$1/ i/$2/ o/OpenVMS/ cpe:/o:hp:openvms/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Lotus-Domino/Release-(\d[-.\w]+)\r\n|s p/Lotus Domino httpd/ v/$1/ cpe:/a:ibm:lotus_domino_web_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Lotus-Domino/Release-(\d[-.\w]+)\(Intl\)\r\n|s p/Lotus Domino International httpd/ v/$1/ cpe:/a:ibm:lotus_domino_web_server:$1::intl/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Lotus-Domino/Release\r\n|s p/Lotus Domino httpd/ cpe:/a:ibm:lotus_domino_web_server/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Lotus-Domino/(\d[-.\w]+)\r\n|s p/Lotus Domino httpd/ v/$1/ cpe:/a:ibm:lotus_domino_web_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Lotus-Domino(?:/0)?\r\n|s p/Lotus Domino httpd/ cpe:/a:ibm:lotus_domino_web_server/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Domino-Go-Webserver/([\d.]+)\r\n|s p/Lotus Domino Go httpd/ v/$1/ cpe:/a:ibm:lotus_domino:$1/

# G-Net BB0060 ADSL Modem (I'm not sure this is GlobespanVirata, but that is
# what the t3lnetd on this device said).
match http m|^HTTP/1.1 302 Document Follows\r\nLocation: /hag/pages/home.ssi\r\n\r\n$| p/GlobespanVirata httpd/ i/on broadband router/
match http m|^HTTP/1.0 200 OK\r\nServer:HTTP/1.0\r\n.*<title>Hewlett Packard</title>|s p/HP Jetdirect httpd/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: EHTTP/([\d.]+)\r\nPragma:no-cache\r\nContent-Type:text/html\r\n\r\n<html> \n<head>\n<title> \n(.*) \n- HP \w+ ProCurve Switch (\w+)\n</title>| p/eHTTP/ v/$1/ i/HP ProCurve Switch $3 http config/ d/switch/ h/$2/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:procurve_switch_$3/ cpe:/o:hp:procurve_switch_software/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: EHTTP/([\d.]+)\r\nWWW-Authenticate: Basic realm=\"HP ([-.\w]+)\"\r\n| p/eHTTP/ v/$1/ i/HP $2 switch http admin/ d/switch/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:$2/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/([-.\w]+)\r\n(?:[^\r\n]+\r\n)*?\r\n\n<!--\nFile name: index\.html\n\nThis is the 'parent' file that calls the individual child frames\. \nThis is the file that is first accessed when the user types http://<ipaddress> \nin the browser toolbar\. \n\nThe UI Architecture consists of a total of 4 frames\. This file calls 3 high-level |s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP LaserJet printer http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:laserjet/
match http m|^HTTP/1\.0 \d{3} .*\r\nServer: CompaqHTTPServer/([\w\d.]+)\r\n|s p/Compaq Insight Manager HTTP server/ v/$1/ cpe:/a:hp:compaqhttpserver:$1/
match http m|^HTTP/1\.1 401 Authorization Required\r\nWWW-Authenticate: Basic realm="Linksys ([\w._-]+)"\r\n| p/Linksys router http config/ i/device model $1/ d/WAP/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: httpd\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Dell TrueMobile ([\d.]+) Wireless Broadband Router\"\r\n| p/Dell TrueMobile $1 wireless router http config/ d/WAP/ cpe:/h:dell:truemobile_$1_wireless_broadband_router/
match http m|^HTTP/1\.[01] 401 Unauthorized\r\nServer: httpd\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Linksys ([\w._-]+)\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n| p/Linksys $1 WAP http config/ d/WAP/ cpe:/h:linksys:$1/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: httpd\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"(WRT[-\w]+)\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n| p/Linksys $1 router http config/ d/WAP/ cpe:/h:linksys:$1/a
match http m|^HTTP/1\.0 401 Unauthorized\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"(WRT[^"]+)\"\r\n\r\n<HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY><H1>401 Unauthorized</H1>\n\n</BODY>\n| p/Linksys $1 router http config/ d/WAP/ cpe:/h:linksys:$1/a
match http m|^HTTP/1\.0 401 Not Authorized\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nPragma: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Linksys WRT55AG\"\r\n\r\n\r\nAuthorization Required\r\n\r\n| p/RapidLogic httpd/ v/$1/ i/Linksys WRT55AG WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:linksys:wrt55ag/a
match http m|^HTTP/1\.1 401 Not Authorized\r\nServer: Rapid Logic/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"([^"]*)\"\r\n|s p/RapidLogic httpd/ v/$1/ i/Linksys $2 WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:linksys:$2/a
match http m|^HTTP/1\.[01] 401 Unauthorized\r\nWWW-Authenticate: Basic realm="MET-(\w+)"\r\n| p/Linksys $1 http config/ d/router/ cpe:/h:linksys:$1/a
# Notice the spelling mistake in the HTML
match http m|^HTTP/1\.0 401 Bad Request\r\nServer: httpd\r\nDate: .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Bad Request</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H4>401 Bad Request</H4>\nCann't use wireless interface to access web\.\n</BODY></HTML>\n| p/Linksys WRT54G WAP http config/ i/Wireless admin disabled/ d/WAP/ cpe:/h:linksys:wrt54g/a
match http m|^<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\">\r\n<HTML><HEAD><TITLE>Bad Request</TITLE>.*<H4>401 Bad Request</H4>Cann't use wireless interface to access web\.\";|s p/Linksys WRT54G WAP http config/ i/Wireless admin disabled/ d/WAP/ cpe:/h:linksys:wrt54g/a
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\nDate:.*\n\t\t<title>(WRT54\w+) - Info</title>|s p/DD-WRT milli_httpd/ i/Linksys $1 WAP http config/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 Ok\r\nContent-Type: text/html\r\nServer: httpd\r\nDate: .*\r\nConnection: close\r\nCache-Control: no-store, no-cache, must-revalidate\r\nCache-Control: post-check=0, pre-check=0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\n<html>\n\t<head>\n\t\t<meta http-equiv=\"Content-Type\" content=\"application/xhtml\+xml; charset=iso-8859-1\" />\n\t\t<link rel=\"icon\" href=\"images/favicon\.ico\" type=\"image/x-icon\" />\n\t\t<link rel=\"shortcut icon\" href=\"images/favicon\.ico\" type=\"image/x-icon\" />\n\t\t<script type=\"text/javascript\" src=\"common\.js\"></script>\n\t\t<script type=\"text/javascript\" src=\"lang_pack/english\.js\"></script>\n\t\t<script type=\"text/javascript\" src=\"lang_pack/language\.js\"></script>| p/DD-WRT milli_httpd/ d/broadband router/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Linksys WRT300N\"\r\n| p/Linksys WRT300N WAP http config/ d/WAP/ cpe:/h:linksys:wrt300n/a
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: Boa/([\w._-]+) \(([^)]+)\)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Linksys ([\w._-]+)\"\r\n|s p/Boa/ v/$1/ i/Linksys $3 WAP http config; $2/ cpe:/a:boa:boa:$1/ cpe:/h:linksys:$3/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: httpd\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Shared Storage Drive\"\r\n| p/Maxtor Shared Storage NAS http config/ d/storage-misc/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: httpd\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"NETWORK HDD\"\r\n| p/Argosy Research HD363N Network HDD http config/ d/storage-misc/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: httpd\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"SimpleShare \(default user name is admin and password is simple\)\"\r\n| p/SimpleShare WAP http config/ d/WAP/

match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: httpd\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Alcatel Lucent ([\w._-]+) ([\w._-]+)\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n$| p/Alcatel-Lucent $1 WAP http config/ v/$2/ d/WAP/ cpe:/h:alcatel-lucent:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: httpd\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"(RT-[^"]+)\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n| p/Asus $1 WAP http config/ d/WAP/ cpe:/h:asus:$1/a

match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Insight Manager (\d)\r\n\r\n|s p/Compaq Insight Manager/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-cache, no-store, must-revalidate\r\nExpires: 0\r\nContent-Type: text/html\r\n\r\n| p/GNU Httptunnel/
# Blue Coat Port 80 Security Appliance Model: Blue Coat SG400 Software Version: SGOS 2.1.6044 Software Release id: 19480 Service Pack 4
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: /Secure/Local/console/index\.htm\r\n\r\n$| p/Blue Coat Security Appliance HTTP admin interface/ o/SGOS/ cpe:/o:bluecoat:sgos/a
match http m|^HTTP/1\.1 401 Authentication Required\r\nWWW-Authenticate: Basic realm=\"[\d.]+\"\r\nRefresh: 0;URL=\"/Secure/Local/console/logout\.htm\"\r\nServer: BlueCoat-Security-Appliance\r\n| p/Blue Coat SG210 http proxy config/ d/proxy server/ o/SGOS/ cpe:/o:bluecoat:sgos/a
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: AkamaiGHost\r\n| p/AkamaiGHost/ i|Akamai's HTTP Acceleration/Mirror service|
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Netscape-Enterprise/([-. \w]+)\r\n|s p/Netscape Enterprise httpd/ v/$1/ cpe:/a:netscape:enterprise_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Netscape-Enterprise/([-. \w]+)\r\n|s p/Netscape Enterprise httpd/ v/$1/ cpe:/a:netscape:enterprise_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Netscape-Enterprise/([\w._-]+) ([^\r]+)\r\n|s p/Netscape Enterprise httpd/ v/$1/ i/$2/ cpe:/a:netscape:enterprise_server:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r?\nDate: .*\r?\nServer: NCSA/([\d.]+)\r?\n| p/NCSA httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Netscape-FastTrack/(\d[-.\w]+)\r\n| p/Netscape FastTrack web server/ v/$1/ cpe:/a:netscape:fasttrack_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: (Oracle[-.\w/]+) Oracle HTTP Server ([-.\w]+)|s p/Oracle HTTP Server/ v/$1/ i/$2/ cpe:/a:oracle:http_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle HTTP Server Powered by Apache\r\n|s p/Oracle HTTP Server Powered by Apache/ cpe:/a:oracle:http_server/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle HTTP Server Powered by Apache/([-.\w]+)\r\n|s p/Oracle HTTP Server Powered by Apache/ v/$1/ cpe:/a:oracle:http_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle HTTP Server Powered by Apache/([-.\w]+) \(Win32\) ([^\r\n]+)\r\n|s p/Oracle HTTP Server Powered by Apache/ v/$1/ i/$2/ o/Windows/ cpe:/a:oracle:http_server:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle HTTP Server Powered by Apache/([-.\w]+) \(Unix\) ([^\r\n]+)\r\n|s p/Oracle HTTP Server Powered by Apache/ v/$1/ i/$2/ o/Unix/ cpe:/a:oracle:http_server:$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Pragma: no-cache\r\nServer: Allegro-Software-RomPager/ ?([\w.]+)\r\n\r\n<HTML><head>\n<META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=iso-8859-1\">\n<TITLE></TITLE></HEAD><frameset framespacing=\"0\" BORDER=\"false\" frameborder=\"0\" rows=\"90,\*\">\n  <frame NAME=\"fLogo\" scrolling=\"no\" noresize src=\"/html/Hlogo\.html\"|s p/Allegro RomPager/ v/$1/ i/D-Link DSL-300g or g+ http config/ d/broadband router/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Please enter your user name and password on (DSL-[\w+]+)\"\r\n|s p/D-Link $1 http config/ d/broadband router/ cpe:/h:dlink:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"(DSL-[\w+]+) Admin Login\"\r\n|s p/D-Link $1 http config/ d/broadband router/ cpe:/h:dlink:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic Realm=\"(DSL-[\w._-]+) Admin Login\"\r\n|s p/D-Link $1 http config/ d/broadband router/ cpe:/h:dlink:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"IntelEmbeddedWeb@Express460T\"\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/([\w.]+)\r\n| p/Allegro RomPager/ v/$1/ i/Intel 460T Standalone Switch/ cpe:/a:allegro:rompager:$1/
# Some D-Link Switches
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/ ?([\w.]+)\r\n\r\n.*DES-(\d+) Web Management|s p/Allegro RomPager/ v/$1/ i/D-Link DES-$2 switch http config/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/ ?([\w.]+)\r\n\r\n.*<TITLE>.*?(DES-\d+).*?</TITLE>|s p/Allegro RomPager/ v/$1/ i/D-Link $2 Switch http config/ cpe:/a:allegro:rompager:$1/ cpe:/h:dlink:$2/a

# iCal 3.6
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Wapapi/([\w._-]+)\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\r\n<head><title>iCal Tutorial:  Introduction</title></head>|s p/Wapapi/ v/$1/ i/Brown Bear iCal web calendar/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Wapapi/([\w._-]+)\r\nContent-Type: text/html\r\n.*<META name=\"description\" content=\"iCal Web Calendar Server by Brown Bear Software www\.brownbearsw\.com\">\r\n|s p/Wapapi/ v/$1/ i/Brown Bear iCal web calendar/

match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Virata-EmWeb/R([\w_]+)\r\nWWW-Authenticate: Basic realm=\"Administration Tools\"\r\n\r\n401 Unauthorized\r\n$| p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Netscreen administrative web server/ d/firewall/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\w_]+)\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n.*<link rel=\"SHORTCUT ICON\" href=\"/favicon\.ico\">\n\n<title>Login</title>|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Netscreen administrative web server/ d/firewall/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Web/R([\w_]+)\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\n(?:[^\r\n]+\r\n)*?\r\n<html>\n<head>\n\n<script language=\"javascript\">\n|s p/Web/ v/$SUBST(1,"_",".")/ i/Netscreen administrative web server/ d/firewall/

# Phaser860 Printer
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nAllow: GET, HEAD\r\nServer: Spyglass_MicroServer/(\d[-.\w]+)\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<HTML><HEAD><TITLE>Not Found</TITLE></HEAD>\r\n<BODY>The requested URL was not found\.</BODY></HTML>\r\n| p/Spyglass MicroServer/ v/$1/ d/printer/
# Cisco Catalyst 3500-XL switch IOS 12.0(5)XU
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nContent-[Tt]ype: text/html\r\nExpires: .*\r\nWWW-Authenticate: Basic realm=\"level 15 access\"\r\n| p/Cisco IOS http config/ d/switch/ o/IOS/ cpe:/o:cisco:ios/a
# Cisco 828 G.SHDSL
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: cisco-IOS/(\d[-.\w ]+) HTTP-server/(\d[-().\w ]+)\r\n| p/Cisco IOS http config/ v/$2/ i/IOS $1/ o/IOS/ cpe:/o:cisco:ios/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: cisco-IOS\r\n| p/Cisco IOS http config/ o/IOS/ cpe:/o:cisco:ios/a
match http m|^HTTP/1\.0 200 OK \nServer: cisco-IOS Technologies/([\w._-]+) HTTP-server\n| p/Cisco IOS http config/ v/$1/ o/IOS/ cpe:/o:cisco:ios/a
# Xerox Document Centre (DocuCentre) 425
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\nAllow: GET, HEAD\r\nServer: Xerox_MicroServer/([-.\w]+)\r\nExpires: .*\r\nCache-Control: no-cache\r\n\r\n<HTML>\n<HEAD>\n<TITLE>([-.+ \w]+)</TITLE>| p/Xerox MicroServer httpd/ v/$1/ i/on $2/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\nAllow: GET, HEAD\r\nServer: Xerox_MicroServer/([-.\w]+)\r\n| p/Xerox MicroServer httpd/ v/$1/ i|usually a printer/copier|
match http m=^HTTP/1\.1 200 OK\r\n.*<!-- Copyright \(c\) (?:\d+, \d+|\d+-\d+), Fuji Xerox Co\., Ltd\. All Rights Reserved\. -->.*<TITLE>\r\nDocument Centre (\w+) - [\d.]+\r\n</TITLE>=s p/FujiXerox Document Centre $1 http config/ d/printer/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nAllow: GET, HEAD\r\nServer: Spyglass_MicroServer/(\d[-.\w]+)\r\nLast-Modified: .*\r\nExpires: .*\r\nPragma: no-cache\r\n\r\n\n<html> \n<head>\n   <meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n   <meta name=\"keywords\" content=\"printer; embedded web server; int| p/Spyglass MicroServer/ v/$1/ i/embedded in printer/ d/printer/
match http m|^HTTP/1\.0 500 Internal Server Error\r\nServer: Cougar (\d[-.\w]+)\r\n\r\n$| p/Microsoft Windows Media Services/ v/$1/ o/Windows/ cpe:/a:microsoft:windows_media_services:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: video/x-ms-asf\r\nCache-Control: max-age=0, no-cache\r\nServer: Cougar/(\d[-.\w]+)\r\n| p/Microsoft Windows Media Services/ v/$1/ o/Windows/ cpe:/a:microsoft:windows_media_services:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: NetApp//?(\d[-.\w]+)\r\n|s p/NetApp filer httpd/ v/$1/ o/Data ONTAP/ cpe:/a:netapp:data_ontap/ cpe:/o:netapp:data_ontap/a
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/(\d[\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Frameset//EN\"\r\n\t\t\t\"http://www\.w3\.org/TR/REC-html40/frameset\.dtd\">\r\n<HTML>\r\n<HEAD>\r\n\t<TITLE>Netopia Router Web </TITLE>| p/Netopia RapidLogic admin server/ v/$1/ d/router/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: WebSTAR/(\d[-.()\w]+) ID/| p/WebSTAR httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: 4D_WebSTAR_S/([\d.]+) \(MacOS X\)\r\n| p/WebSTAR httpd/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Agranat-EmWeb/R([\w_]+)\r\nWWW-Authenticate: Basic realm=\"accessPoint\"\r\n\r\n401 Unauthorized\r\n$| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Orinoco AP-200 webadmin/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 404 NO_STREAM_FOUND\r\nConnection: close\r\n\r\n$| p/Chain Cast P2P streaming service/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: Rex/(9\.0\.0\.\d+)\r\n| p/Chain Cast support service/ v|Rex/$1|
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: Boa/(\d[-.\w]+) \(with Intersil Extensions\)\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"WG602 v2\"\r\n| p/Boa httpd/ v/$1 (with Intersil Extensions)/ i/Netgear WG602v2 wireless router http config/ d/router/ cpe:/a:boa:boa:$1/ cpe:/h:netgear:wg602v2/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: Boa/(\d[-.\w]+) \(with Intersil Extensions\)\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"LOGIN Enter Password \(default is medion, ignore username\)\"\r\n| p/Boa/ v/$1 (with Intersil Extensions)/ i/Medion router http config/ d/router/ cpe:/a:boa:boa:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: Boa/(\d[-\w_.]+) \(with Intersil Extensions\)\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Enter Password \(Leave User Name Empty\)\"\r\n| p/Boa/ v/$1 (with Intersil Extensions)/ i/CN3000 WAP http config/ d/WAP/ cpe:/a:boa:boa:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Boa/([-\w_.]+)\r\nWWW-Authenticate: Basic realm=\"Broadband Router\"\r\n| p/Boa/ v/$1/ i/Arescom NetDSL ADSL router http config/ d/broadband router/ cpe:/a:boa:boa:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Boa/(\d[-.\w]+)\r\n| p/Boa HTTPd/ v/$1/ cpe:/a:boa:boa:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: (\d[-.\w]+)\r\n.*<title>GNUMP3d |s p/GNUMP3d streaming server/ v/$1/ cpe:/a:gnu:gnump3d:$1/

match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Jetty\((\d[-.\w]+)\)\r\n\r\n<html>\n  <head><title>Wildfire HTTP Binding Service</title></head>|s p/Jetty/ v/$1/ i/Wildfire HTTP Bindings/ cpe:/a:mortbay:jetty:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Jetty\((\d[-.\w]+)\)\r\n\r\n.*Contexts known to this server are: <ul><li><a href=\"/ninan/\">/ninan|s p/Jetty/ v/$1/ i/Ninan usenet downloader http interface/ cpe:/a:mortbay:jetty:$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: Jetty/(\d[-.\w]+) \(([^)\r\n]+)\)?\r\n| p/Jetty/ v/$1/ i/$2/ cpe:/a:mortbay:jetty:$1/
match http m|^HTTP/1\.[01] (?:[^\r\n]*\r\n(?!\r\n))*?Server: Jetty\(([\w._-]+)\)\r\n|s p/Jetty/ v/$1/ cpe:/a:mortbay:jetty:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: MortBay-Jetty-([-\w_.]+)\r\n|s p/Jetty/ v/$1/ cpe:/a:mortbay:jetty:$1/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<HTML>\n<HEAD>\n<TITLE>Error 404 - Not Found</TITLE>\n<BODY>\n<H2>Error 404 - Not Found\.</H2>\nNo context on this server matched or handled this request\.| p/Jetty/ cpe:/a:mortbay:jetty/

match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WebSphere Application Server/([-\w_.]+)\r\n|s p/IBM WebSphere Application Server/ v/$1/ cpe:/a:ibm:websphere_application_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: JRun Web Server/([\d.]+)\r\n|s p/JRun Web Server/ v/$1/ cpe:/a:adobe:jrun:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: JRun Web Server\r\n|s p/JRun Web Server/ cpe:/a:adobe:jrun/
match http m|^401 Access denied\r\nWWW-Authenticate: Negotiate \r\nContent-length: 0\r\n\r\n| p/Microsoft IIS WebDAV/ v/5.0/ i/access denied/ o/Windows/ cpe:/a:microsoft:internet_information_services:5.0/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Type: text/html\r\nWWW-Authenticate: Negotiate\r\nWWW-Authenticate: NTLM\r\nX-Powered-By: ASP\.NET\r\n| p/Microsoft IIS WebDAV/ o/Windows/ cpe:/a:microsoft:internet_information_services/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: RomPager/([-.\w/ ]+)\r\n|s p/Allegro RomPager/ v/$1/ i/ZyXEL ZyWALL 2/ cpe:/a:allegro:rompager:$1/

match http m|^HTTP/1\.0 200 OK\r\nServer: Gordian Embedded([\d.]+)\r\n.*<title>IQeye3|s p/Gordian httpd/ v/$1/ i/IQinVision IQeye3 webcam http config/ d/webcam/
match http m|^HTTP/1\.0 200 OK\r\nServer: Gordian Embedded([\d.]+)\r\nContent-type: text/html\r\n(?:[^\r\n]+\r\n)*?\r\n\n<HTML>\n<HEAD>\n<TITLE>Lantronix ThinWeb Manager ([\d.]+): Home</TITLE>\n|s p/Gordian httpd/ v/$1/ i/Lantronix ThinWeb Manager $2 http config/
match http m|^HTTP/1\.0 200 OK\r\nServer: Gordian Embedded([\d.]+)\r\nContent-type: text/html\r\nDate: .*\r\nLast-Modified: .*\r\nExpires: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n<html>\n<head>\n<title>Lantronix Web Manager</title>\n| p/Gordian httpd/ v/$1/ i|Lantronix MSS/100 http config|
match http m|^HTTP/1\.0 403 Forbidden\r\nServer: Gordian Embedded([\d.]+)\r\n.*<HTML>\n<HEAD>\n<TITLE>Lantronix - Authentication for ([^<]+)</TITLE>\n|s p/Gordian httpd/ v/$1/ i/Lantronix MSSVIA http config/ h/$2/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: IDSL MailGate (\d[-.\w]+)\r\n| p/MailGate web proxy/ v/$1/ cpe:/a:mailgate:mailgate:$1/
match http m|^HTTP/1\.0 \d\d\d .*<TITLE>The AXIS 200 Home|s p/AXIS 200/ d/webcam/
# A couple little easter eggs! -Doug (who else?)
match http m|^HTTP/1\.1 \d\d\d .*\nServer: Anti-Web V([\d.]+) \([\w .-]+\)\n| p/Anti-Web httpd/ v/$1/ i/Best httpd out there!/
match http m|^HTTP/1\.1 \d\d\d .*\nServer: Anti-Web HTTPD V([\d.]+) \([\w .-]+\)\n| p/Anti-Web httpd/ v/$1/ i/Best httpd out there!/
match http m|^HTTP/1\.1 400 Bad Request\r?\nServer: Antiweb/([\w._-]+)\r?\n| p/Antiweb/ v/$1/ i/Best httpd out there!/ o/Unix/
match http m|^HTTP/1\.0 200 OK\r\nServer: ArGoSoft Mail Server Pro for WinNT/2000/XP, Version [\d.]+ \(([\d.]+)\)\r\n| p/ArGoSoft Mail Server Pro httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
# Lantronix ThinWeb Manager
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nLocation: /iw/webdesk/login/\r\nX-Cache: MISS from .*\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n| p/Interwoven TeamSite/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: OpenSA/([\d.]+) / Apache/([\d.]+) \((\w*)\) mod_ssl/([\d.]+) OpenSSL/([\d.]+)\r\n.*<LINK REL=\"SHORTCUT ICON\" HREF=\"http://([\w.-_]+)/iss\.ico\">\r\n<TITLE> System Scanner Vista Welcome Page </TITLE>\r\n|s p/ISS System Scanner Vista/ i|OpenSA/$1 Apache/$2 mod_ssl/$4 OpenSSL/$5| o/$3/ h/$6/ cpe:/a:openssl:openssl:$5/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: OpenSA/([\d.]+) / Apache/([\d.]+) \(Win32\) ([^\r\n]+)\r\n| p/OpenSA httpd/ v/$1/ i/Apache $2; $3/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: BaseHTTP/([\d.]+) Python/([\w.]+) edna/([\d.]+)\r\n| p/BaseHTTPServer/ v/$1/ i/Edna Streaming MP3 Server $3; Python $2/ cpe:/a:python:basehttpserver:$1/a cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 404 Path not found: /\r\nServer: BaseHTTP/([\d.]+) Python/([\w.]+)\r\n(?:[^\r\n]+\r\n)*?Content-Length: 198\r\n\r\n<head>\n<title>Error response</title>\n</head>\n<body>\n<h1>Error response</h1>\n<p>Error code 404\.\n<p>Message: Path not found: /\.\n<p>Error code explanation: 404 = Nothing matches the given URI\.\n</body>\n$|s p/BaseHTTPServer/ v/$1/ i/Open ERP XML-RPC; Python $2/ cpe:/a:python:basehttpserver:$1/a cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: Speed Touch WebServer/([\d.]+)\r\nContent-type: text/html\r\nContent-length: \d*\r\n\r\nHTTP/1\.0 400 Bad Request\r\n: Invalid or incomplete request\.\r\n\r\n| p/Alcatel Speedtouch ADSL router httpd/ v/$1/ d/router/
match http m|^HTTP/1\.0 302 Found\r\nLocation: http://[\w._-]+:(\d+)\r\n\r\nHTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: 112\r\n\r\n<HTML><HEAD><TITLE>HTTP/1\.0 404 Not Found</TITLE></HEAD><BODY>\r\n<H1>HTTP/1\.0 404 Not Found\.</H1>\r\n</BODY></HTML>$| p/Technicolor TG787 VoIP gateway http admin/ i/redirect to port $1/ d/VoIP adapter/
# Management Interface for Netscape FastTrack web server 2.01
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Netscape-Administrator/([\d.]+)\r\n| p/Netscape FastTrack Administrator/ v/$1/ cpe:/a:netscape:fasttrack_server:$1/
# Siemens SpeedStream 2-port SS2601 Router
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?WWW-Authenticate: Basic realm=\"InterMapper\"\r\n(?:[^\r\n]+\r\n)*?Server: InterMapper/([\d.]+)\r\n|s p/InterMapper Network Monitor httpd/ v/$1/

match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nMIME-version: 1\.0\r?\nServer: ZOT-PS-(\d+)/([\w._-]+)\r?\nWWW-Authenticate: Basic realm=\"(TL-[\w._-]+)\"\n| p/Zero One Technology $1 httpd/ v/$2/ i/TP-LINK $3 print server/ d/print server/ cpe:/h:tp-link:$3/ cpe:/h:zero_one_tech:$1/
# Branded as Longshine, TRENDnet, TP-LINK, IOGear, Hawking
# Date is usually (always?) Mon, 24 Sep 2001 18:00:00 GMT
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .* GMT\r\nMIME-version: 1\.0\r?\nServer: ZOT-PS-(\d+)/([\w._-]+)\r?\n| p/Zero One Technology $1 httpd/ v/$2/ d/print server/ cpe:/h:zero_one_tech:$1/


match http m|^HTTP/1\.0 302 Temporarily Moved\nLocation: /winamp\?page=main\nConnection: close\nContent-type: text/html\n\n<html>\n<head>\n<title>Winamp Web Interface</title>| p/Winamp Web Interface/ cpe:/a:nullsoft:winamp/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Lasso/([\d.]+)\r\n\r\n|s p/Lasso httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: BaseHTTP/([\d.]+) Python/([\w.]+)\r\nDate: .*<title>Roundup trackers index</title></head>\n<body><h1>Roundup trackers index</h1>|s p/BaseHTTPServer/ v/$1/ i/Roundup issue tracker; Python $2/ cpe:/a:python:basehttpserver:$1/a cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: BaseHTTP/([\d.]+) Python/([\w.]+)\r\n.*<title>Ajaxterm</title>|s p/BaseHTTPServer/ v/$1/ i/Ajaxterm; Python $2/ cpe:/a:python:basehttpserver:$1/a cpe:/a:python:python:$2/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: fwlogwatch[ /]([\d.]+) 200\d/\d\d/\d\d \(C\) Boris Wesslowski| p/fwlogwatch/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nServer: GNUMP3d ([-\w_.]+)\r\n| p/GNUMP3d streaming server/ v/$1/ cpe:/a:gnu:gnump3d:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nServer: ([\d.]+)\r\nContent-type: text/html; charset=utf-8\r\nSet-Cookie: theme=Tabular;path=/; expires=.*;\r\nConnection: close\r\n\r\n| p/GNUMP3d/ v/$1/ cpe:/a:gnu:gnump3d:$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: HTTP/x\.y\.z \(Unix\) PHP/x\.y\.z mod_ssl/x\.y\.z SSL/x\.y\.z\r\nLast-Modified: .*\r\nETag: \".*\"\r\nAccept-Ranges: bytes\r\nContent-Length: .*\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML>\n<HEAD>\n<TITLE>Loading\.\.\.</TITLE>\n| p/Coldfusion httpd/ i/SSL support/ o/Unix/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nServer: SIMS/([\w.]+)\r\n\r\n<HTML>\r<HEAD>\r  <TITLE>Stalker Internet Mail Server: Setup Entrance</TITLE>\r</HEAD>\r<BODY BGCOLOR=white>\r\r<H2><TABLE WIDTH=\"100%\" BORDER=0 CELLSPACING=0 CELLPADDING=0>\r<TR>\r<TD><H3><IMG SRC=\"/Icon\.gif\" ALIGN=MIDDLE>([-\w_.]+)</H3>| p/Stalker Mail Server web config/ v/$1/ o/Mac OS/ h/$2/ cpe:/o:apple:mac_os/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache  -OOPS Development Organization-\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: ([^\r\n]+)\r\n|s p/Apache - OOPS Devel Org/ i/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache  -OOPS Development Organization-\r\n|s p/Apache - OOPS Devel Org/
match http m|^HTTP/1\.0 200 OK\nDATE: .*\nPragma: no-cache\nServer: Delta UPSentry\n| p/Sentry Bulldog UPS httpd/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Gatling/([\d.]+)\r\n|s p/Gatling httpd/ v/$1/
# PolyCom ViewStation 128
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Viavideo-Web\r\n|s p/Polycom ViewStation/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d .*\nDate: .*\nMIME-version: [\d.]+\nServer: Micro-HTTP/([\d.]+)\nContent-type: text/html\n.*Copyright Tektronix, Inc\.|s p/Tektronix printer httpd/ i|Micro-HTTP/$1| d/printer/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: IBM HTTP Server/([\w]+)\r\n| p/IBM httpd/ v/$1/ cpe:/a:ibm:http_server:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: SAlive/ ([\d.]+)\r\n|s p/Servers Alive network monitor/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nContent-Type:text/html\r\nContent-Length:\d+\r\n\n\n<HTML>\n<HEAD>\n<TITLE>Not Supported</TITLE>\n</HEAD>\n<body>\n\n<H1 ALIGN=CENTER>The Command sent is not Supported</H1>\n\n\n</BODY>\n</HTML>\n\n\0\0| p/NetWare FTP stats httpd/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Abyss/([-\w.]+)-Linux AbyssLib/([\d.]+)\r\n|s p/Abyss httpd/ v/$1/ i|AbyssLib/$2| o/Linux/ cpe:/a:aprelium:abyss_web_server_x1:$1/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Abyss/([-\w.]+) \(Win32\) AbyssLib/([\d.]+)\r\n|s p/Abyss httpd/ v/$1/ i|AbyssLib/$2| o/Windows/ cpe:/a:aprelium:abyss_web_server_x1:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Abyss/([-\w.]+)-Win32 AbyssLib/([\d.]+)\r\n|s p/Abyss httpd/ v/$1/ i|AbyssLib/$2| o/Windows/ cpe:/a:aprelium:abyss_web_server_x1:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Abyss/([-\w.]+)-MacOS X AbyssLib/([\d.]+)\r\n|s p/Abyss httpd/ v/$1/ i|AbyssLib/$2| o/Mac OS X/ cpe:/a:aprelium:abyss_web_server_x1:$1/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Abyss/([-\w.]+)-Linux AbyssLib/([\d.]+)\r\nWWW-Authenticate: Basic Realm=\".*Abyss Web Server Console\"\r\n|s p/Aprelium Abyss httpd console/ i/Abyss $1; AbyssLib $2/ o/Linux/ cpe:/a:aprelium:abyss_web_server_x1:$1/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Abyss/([-\w.]+) \(Win32\) AbyssLib/([\d.]+)\r\nWWW-Authenticate: Basic Realm=\".*Abyss Web Server Console\"\r\n|s p/Aprelium Abyss httpd console/ i/Abyss $1; AbyssLib $2/ o/Windows/ cpe:/a:aprelium:abyss_web_server_x1:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: LseriesWeb/([\w.-]+) \(HP_UNIQUE\)\r\n| p/HP Tape Library Web Interface Software httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: AOLserver/([\w+.]+)\r\n|s p/AOLserver httpd/ v/$1/ cpe:/a:aol:aolserver:$1/
match http m=^HTTP/1\.[01] \d\d\d .*\r\nServer: uIP/([\d.]+) (?:http://www\.sics\.se/~adam/uip/|\(http://dunkels\.com/adam/uip/\))\r\n= p/uIP/ v/$1/ cpe:/a:adam_dunkels:uip:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"DI-514\"\r\n\r\n<title>401 Unauthorized</title><body><h1>401 Unauthorized</h1></body>| p/D-Link DI-514 router http config/ d/router/ cpe:/h:dlink:di-514/a
match http m|^HTTP/1\.0 302 Redirect\r\nServer: GoAhead-Webs\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http(s?)://SwitchViewIP\.Avocent\.com/splashscreen\.asp\r\n| p/GoAhead WebServer/ i/Avocent Switchview http$1 config/ d/switch/ cpe:/a:goahead:goahead_webserver/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Orion/([\d.]+)\r\n| p/Orion Java Application Server httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Agent-ListenServer-HttpSvr/([\d.]+)\r\n| p/Network Associates ePO Agent/ i/Agent ListenServer $1/ o/Windows/ cpe:/a:mcafee:epolicy_orchestrator_agent/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: close\r\nDate: .*\r\nServer: RMC Webserver ([\d.]+)\r\n| p/RMC httpd/ v/$1/ i/Dell Embedded Remote Access Card/ d/remote management/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: TwistedWeb/([\w.]+)\r\n|s p/TwistedWeb httpd/ v/$1/ cpe:/a:twistedmatrix:twistedweb:$1/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Twisted/([\d.]+) TwistedWeb/SVN-Trunk\r\n|s p/TwistedWeb httpd/ v/SVN-Trunk/ i/Twisted $1/ cpe:/a:twistedmatrix:twisted:$1/ cpe:/a:twistedmatrix:twistedweb:svn-trunk/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Twisted/([-\w_.+]+) TwistedWeb/\[twisted\.web\d+, version ([^]]+)\]\r\n|s p/TwistedWeb httpd/ v/$2/ i/Twisted $1/ cpe:/a:twistedmatrix:twisted:$1/ cpe:/a:twistedmatrix:twistedweb:$2/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Twisted/([\w._-]+) TwistedWeb/\[OPSI\.web\d+, version ([^]]+)\]\r\n|s p/TwistedWeb httpd/ v/$2/ i/Twisted $1; OPSI client management system/ cpe:/a:twistedmatrix:twisted:$1/ cpe:/a:twistedmatrix:twistedweb:$2/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 141\r\nServer: Twisted/([\w._+-]+) TwistedWeb/([\w._+-]+)\r\nDAV: 1, access-control\r\nDate: .*\r\nContent-Type: text/html\r\nWWW-Authenticate: digest nonce=\"\d+\", realm=\"/Search\", algorithm=\"md5\"\r\nConnection: close\r\n\r\n<html><head><title>Unauthorized</title></head><body><h1>Unauthorized</h1><p>You are not authorized to access this resource\.</p></body></html>$| p/TwistedWeb httpd/ v/$2/ i/Twisted $1; Mac OS X teamsserver/ o/Mac OS X/ cpe:/a:twistedmatrix:twisted:$1/ cpe:/a:twistedmatrix:twistedweb:$2/a cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: Twisted/([\w._-]+) TwistedWeb/([\w._-]+)\r\n.*<meta name=\"generator\" content=\"\">\n<meta name=\"apple_required_ui_revision\" content=\"\">\n<meta name=\"apple_collab_uid\" content=\"\">\n|s p/TwistedWeb httpd/ v/$2/ i/Twisted $1; Mac OS X teamsserver/ o/Mac OS X/ cpe:/a:twistedmatrix:twisted:$1/ cpe:/a:twistedmatrix:twistedweb:$2/a cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.[01].*\r\nServer: Twisted/([\.\d]+) TwistedWeb/([\.\d]+)|s p/TwistedWeb httpd/ v/$2/ i/Twisted $1/ o/Mac OS X/ cpe:/a:twistedmatrix:twisted:$1/ cpe:/a:twistedmatrix:twistedweb:$2/a cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Connection: close\r\nContent-Length: \d+\r\nContent-Type: text/html.*\r\n\r\n<!DOCTYPE html\nPUBLIC.*\n<title>MikroTik RouterOS Managing Webpage</title>\n|s p/MikroTik router config httpd/ d/router/ cpe:/o:mikrotik:routeros/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html.*\r\n\r\n<!DOCTYPE html PUBLIC.*<title>RouterOS router configuration page</title>|s p/MikroTik router config httpd/ d/router/ o/RouterOS/ cpe:/o:mikrotik:routeros/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Azureus ([\d.]+)\r\n|s p/Azureus Bittorrent tracker httpd/ v/$1/ cpe:/a:azureus:azureus:$1/
match http m|^HTTP/1\.1 401 BAD\r\nWWW-Authenticate: Basic realm=\"Azureus - Swing Web Interface\"\r\n\r\nAccess Denied\r\n| p/Azureus Bittorrent webui plugin/ i/Access denied/ cpe:/a:azureus:azureus/
match http m|^HTTP/0\.9 200 Document follows\r\nConnection: close\r\nMIME-Version: 1\.0\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n.*<html> \r\n<head> \r\n   <title>Thomson Cable Modem Diagnostics</title>\r\n|s p/Thomson Cable Modem Web Diagnostics/ d/broadband router/
match http m|^HTTP/1\.0 200 Ok\r\nServer: micro_httpd\r\n.*<title>Thomson Cable Modem Diagnostics</title>\r\n|s p/micro_httpd/ i/Thomson Cable Modem Web Diagnostics/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: GoAhead-Webs\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: https://(iDRAC-\w+)(?::443)?(?:/Applications/dellUI/login\.htm)?\r\n\r\n| p/GoAhead WebServer/ i/Dell iDRAC http config/ d/remote management/ h/$1/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: GoAhead-Webs\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n| p/GoAhead WebServer/ cpe:/a:goahead:goahead_webserver/a
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: FortiWeb-([\d.]+)\r\n| p/Fortinet FortiWifi 60 http config/ i/FortiWeb $1/ d/router/ cpe:/h:fortinet:fortiwifi_60/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Serverdoc Remote\"\r\nConnection: close\r\n\r\n\r\n| p/Serverdoc remote httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\n<title>BNBT Tracker Info</title>\n|s p/BNBT Bittorrent Tracker/
match http m|^HTTP/1\.1 200 OK\r\nServer: AnomicHTTPD \(www\.anomic\.de\)\r\n| p/AnomicHTTPD/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nPragma: no-cache\r\n.*\n<html lang=\"(..)\">\n<head>\n<title>POPFile |s p/POPFile web control interface/ i/Lang: $1/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n\n\n\n\t\n\n\n\t\n\n\n\n\n\n<!--  -->\n\n\n\n<!-- \$R..file: i_pagestart\.shtm,v \$  -->\n<html>\n<head>\n| p/Axis 5400 print server web config/ d/print server/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nAllow: GET, HEAD\r\nServer: Spyglass_MicroServer/([\w.]+)\r\n\r\n<html>\n\n<head>\n\n<title>  Software de administraci&#243;n de impresora PhaserLink  </title>\n\n| p/Spyglass_MicroServer/ v/$1/ i/Tektronix Phaser printer http config/ d/printer/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nConnection: close\r\nServer: Microsoft-WinCE/([\d.]+)\r\n| p/ChipPC Extreme httpd/ o/Windows CE $1/ cpe:/o:microsoft:windows_ce/a
match http m|^HTTP/1\.1 403 Forbidden\r\nDate: .*\r\nServer: Microsoft-WinCE/([\w._-]+)\r\nContent-Type: text/html\r\nContent-Length: 125\r\n\r\n<html><head><title>Access Denied</title></head><body><B>Access denied\.</B><P>The action requested is forbidden\.</body></html>$| p/Crestron automation system httpd/ d/media device/ o/Windows CE $1/ cpe:/h:crestron/ cpe:/o:microsoft:windows_ce:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: DManager\r\nMIME-version: 1\.0\r\nWWW-Authenticate: Basic realm=\"surgemail| p/SurgeMail webmail/ i/DNews based/ cpe:/a:netwin:surgemail/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: DManager\r\n| p/DNews Web Based Manager/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IDS-Server/([\d.]+)\r\n| p/IDS-Server httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Connection: keep-alive\r\nContent-Type: text/HTML\r\nContent-Length: \d+\r\nServer: Indy/([\d.]+)\r\nSet-Cookie: .*\r\n\r\n<!-- header\.html -->.*TeamSpeak|s p/Indy httpd/ v/$1/ i/TeamSpeak 1.X http admin/ cpe:/a:indy:httpd:$1/ cpe:/a:teamspeak:teamspeak_classic/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Connection: keep-alive\r\nContent-Type: text/HTML\r\nContent-Length: \d+\r\nServer: Indy/([\d.]+)\r\nSet-Cookie: .*<title>TeamSpeak 2 - Server-Administration</title>|s p/Indy httpd/ v/$1/ i/TeamSpeak 2.X http admin/ cpe:/a:indy:httpd:$1/ cpe:/a:teamspeak:teamspeak2/
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: close\r\nContent-Type: text/plain\r\nServer: Indy/([\d.]+)\r\n\r\n| p/Indy httpd/ v/$1/ i/TiVo Home Media Option/ cpe:/a:indy:httpd:$1/
match http m|^HTTP/1\.0 \d\d\d .*\nDate: .*\nServer: FrontPage-PWS32/([\d.]+)\n| p/FrontPage Personal Webserver/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: WindWeb/([\d.]+)\r\nConnection: close\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"Home Gateway\"\r\n\r\n<html>\r\n\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1252\">\r\n<meta name=\"GENERATOR\" content=\"Microsoft FrontPage 4\.0\">\r\n<meta name=\"ProgId\" content=\"FrontPage\.Editor\.Document\">\r\n<title>Pirelli Smart Gate</title>\r\n\r\n| p/WindWeb/ v/$1/ i/Pirelli Smartgate Ethernet DSL router web config/ d/router/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 \d\d\d .*Server: TSM_HTTP/([\d.]+)\n|s p/TSM httpd/ v/$1/ i/Tivoli Storage Manager http interface/ cpe:/a:ibm:tivoli_storage_manager:$1/
match http m|^HTTP/1\.0 \d\d\d .*Server: ADSM_HTTP/([\d.]+)\nContent-type: text/html\n\n<HEAD>\n<TITLE>\nServer Administration\n</TITLE>\n\n<META NAME=\"IBMproduct\" CONTENT=\"ADSM\">\n<META NAME=\"IBMproductVersion\" CONTENT=\"([\d.]+)\">.*Storage Management Server for AIX|s p/ADSM httpd/ v/$1/ i/Tivoli Storage Manager http interface $2/ o/AIX/ cpe:/a:ibm:tivoli_storage_manager:$2/ cpe:/o:ibm:aix/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: ADSM_HTTP/([\d.]+)\r\nContent-type: text/html\r\n\r\n<html><head><title>Server Administration</title></head><body><h1>Not Supported</h1><p>ANR4747W The web administrative interface is no longer supported\. Begin using the Integrated Solutions Console instead\.</p></body></html>| p/Tivoli Storage Manager http interface/ v/$1/ i/discontinued/ cpe:/a:ibm:tivoli_storage_manager:$1/
match http m|^HTTP/1\.0 \d\d\d .*Server: ADSM_HTTP/([\d.]+)\r?\n.*<TITLE>\nServer Administration\n</TITLE>.*<META NAME=\"IBMproductVersion\" CONTENT=\"([\d.]+)\">.*<TITLE>\nAdministrator Login\n</TITLE>.*Storage Management Server for Windows|s p/ADSM httpd/ v/$1/ i/Tivoli Storage Manager http interface $2/ o/Windows/ cpe:/a:ibm:tivoli_storage_manager:$2/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: EPSON-HTTP/([\d.]+)\r\n| p/Epson printer httpd/ v/$1/ d/printer/
match http m|^HTTP/1\.0 200 OK\r\nContent-length: \d+\r\nContent-type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\" \"http://www\.w3\.org/TR/REC-html40/loose\.dtd\">\n<HTML>\n<HEAD>\n<TITLE>ADSL ROUTER Control Panel</TITLE>\n</HEAD>\n| p/Dynalink RTA DSL router http config/ d/router/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: ENI-Web/R([\d_.]+)\r\nContent-Type: text/html\r\nExpires: .*\r\nLast-Modified: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n<html>\n\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n<title>SpeedStream (\d+) Management Interface</title>\n</head>\n\n| p/ENI-Web httpd/ v/$1/ i/SpeedStream $2 router http config/ d/router/
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nServer: ENI-Web/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"standard@\d+\"\r\n\r\n401 Unauthorized\r\n| p/ENI-Web httpd/ v/$1/ i/SpeedStream router http config/ d/router/

match http m|^HTTP/1\.1 403 Forbidden \( The server denies the specified Uniform Resource Locator \(URL\)\. Contact the server administrator\.  \)\r\n| p/Microsoft ISA httpd/ o/Windows/ cpe:/a:microsoft:isa_server/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 401 Unauthorized \( The server requires authorization to fulfill the request\. Access to the Web server is denied\. Contact the server administrator\.  \)\r\n| p/Microsoft ISA httpd/ o/Windows/ cpe:/a:microsoft:isa_server/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 400 Bad Request \( The data is invalid\.  \)\r\nVia:| p/Microsoft ISA Server http proxy/ o/Windows/ cpe:/a:microsoft:isa_server/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 403 Forbidden \( The ISA Server denied the specified Uniform Resource Locator \(URL\)\.  \)| p/Microsoft ISA httpd/ o/Windows/ cpe:/a:microsoft:isa_server/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 500 \( The server denied the specified Uniform Resource Locator \(URL\)\. Contact the server administrator\.  \)| p/Microsoft ISA httpd/ o/Windows/ cpe:/a:microsoft:isa_server/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 500 \(  Connection refused \)\r\n| p/Microsoft ISA httpd/ o/Windows/ cpe:/a:microsoft:isa_server/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 500 \( No data record is available\. For more information about this event, see ISA Server Help\.  \)\r\n| p/Microsoft ISA httpd/ o/Windows/ cpe:/a:microsoft:isa_server/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 500 Internal Server Error \( An internal error occurred\.  \)\r\n| p/Microsoft IIS httpd/ o/Windows/ cpe:/a:microsoft:internet_information_services/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .* \( El servidor requiere autorizaci\xf3n para satisfacer la petici\xf3n\. Acceso al servidor Web denegado\. P\xf3ngase en contacto con el administrador del servidor\.  \)| p/Microsoft ISA httpd/ i/Spanish/ o/Windows/ cpe:/a:microsoft:isa_server::::es/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .* \( La p\xe1gina debe visualizarse en un canal seguro \(es decir, en un nivel de sockets seguro\)\. P\xf3ngase en contacto con el administrador del servidor\.  \)| p/Microsoft ISA httpd/ i/Spanish/ o/Windows/ cpe:/a:microsoft:isa_server::::es/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .* \( El servidor deniega la direcci\xf3n URL \(Uniform Resource Locator\) especificada\. P\xf3ngase en contacto con el administrador del servidor\.  \)| p/Microsoft ISA httpd/ i/Spanish/ o/Windows/ cpe:/a:microsoft:isa_server::::es/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 403 Forbidden \( Der Server hat den angegebenen URL \(Uniform Resource Locator\) verweigert\. Wenden Sie sich an den Serveradministrator\.  \)\r\n| p/Microsoft IIS httpd/ i/German/ o/Windows/ cpe:/a:microsoft:internet_information_services::::de/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 403 Forbidden \( Der Server hat die angegebene URL verweigert\. Wenden Sie sich an den Serveradministrator\.  \)\r\n| p/Microsoft IIS httpd/ i/German/ o/Windows/ cpe:/a:microsoft:internet_information_services::::de/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 403 Forbidden \( The server denied the specified Uniform Resource Locator \(URL\)\. Contact the server administrator\.  \)\r\n| p/Microsoft IIS httpd/ o/Windows/ cpe:/a:microsoft:internet_information_services/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 403 Forbidden \( Der Server hat den angegebenen URL verweigert\. Wenden Sie sich an den Serveradministrator\.| p/Microsoft IIS httpd/ i/German/ o/Windows/ cpe:/a:microsoft:internet_information_services::::de/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 403 Forbidden \( Le serveur a refus\xc3\xa9 l'URL \(Uniform Resource Locator\) sp\xc3\xa9cifi\xc3\xa9e\. Contactez l'administrateur du serveur\.| p/Microsoft IIS httpd/ i/French/ o/Windows/ cpe:/a:microsoft:internet_information_services::::fr/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 403 Forbidden \( El servidor deneg\xc3\xb3 la direcci\xc3\xb3n URL \(Uniform Resource Locator\) especificada\. P\xc3\xb3ngase en contacto con el administrador del servidor\.| p/Microsoft IIS httpd/ i/Spanish/ o/Windows/ cpe:/a:microsoft:internet_information_services::::es/ cpe:/o:microsoft:windows/a

# MS ISA Server 2000 enterprise edition on windows 2000 advanced server
match http-proxy m|^HTTP/1\.1 502 Proxy Error \( The Uniform Resource Locator \(URL\) does not use a recognized protocol\. Either the protocol is not supported or the request was not typed correctly\. Confirm that a valid protocol is in use \(for example, HTTP for a Web request\)\.  \)\r\nVia: 1\.1 ([\w.-]+)\r\n| p/Microsoft ISA Server http proxy/ o/Windows/ h/$1/ cpe:/a:microsoft:isa_server/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 502 Proxy Error \( L'URL \(Uniform Resource Locator\) n'utilise pas de protocole reconnu\. Le protocole n'est pas pris en charge, ou la demande n'a pas \xc3\xa9t\xc3\xa9 saisie correctement\. V\xc3\xa9rifiez qu'un protocole valide est utilis\xc3\xa9, par exemple HTTP pour une demande Web\.  \)\r\nVia: 1\.1 ([\w.-]+)\r\n| p/Microsoft ISA Server http proxy/ i/French/ o/Windows/ h/$1/ cpe:/a:microsoft:isa_server::::fr/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 502 Proxy Error \( La direcci\xc3\xb3n URL \(Uniform Resource Locator\) no utiliza un protocolo reconocido\. El protocolo no es compatible o la petici\xc3\xb3n no se escribi\xc3\xb3 correctamente\. Confirme que se utiliza un protocolo v\xc3\xa1lido \(por ejemplo, HTTP para una petici\xc3\xb3n de web\)\.  \)\r\nVia: 1\.1 ([\w.-]+)\r\n| p/Microsoft ISA Server http proxy/ i/Spanish/ o/Windows/ h/$1/ cpe:/a:microsoft:isa_server::::es/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 502 Proxy Error \( O URL n\xc3\xa3o usa um protocolo reconhecido\. N\xc3\xa3o h\xc3\xa1 suporte para o protocolo ou a solicita\xc3\xa7\xc3\xa3o n\xc3\xa3o foi digitada corretamente\. Confirme se um protocolo v\xc3\xa1lido est\xc3\xa1 em uso \(por exemplo, HTTP para uma solicita\xc3\xa7\xc3\xa3o da Web\)\.  \)\r\nVia: 1\.1 ([\w.-]+)\r\n| p/Microsoft ISA Server http proxy/ i/Portuguese/ o/Windows/ h/$1/ cpe:/a:microsoft:isa_server::::pt/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 502 Proxy Error \( Die URL \(Uniform Resource Locator\) verwendet ein unbekanntes Protokoll\. Entweder wird das Protokoll nicht unterst\xc3\xbctzt, oder die Anforderung wurde nicht richtig eingegeben\. Vergewissern Sie sich, dass ein g\xc3\xbcltiges Protokoll, wie z\.B\. HTTP f\xc3\xbcr eine Webanforderung, verwendet wird\.  \)\r\nVia: 1\.1 ([\w.-]+)\r\n| p/Microsoft ISA Server http proxy/ i/German/ o/Windows/ h/$1/ cpe:/a:microsoft:isa_server::::de/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 502 Proxy Error \( L'Uniform Resource Locator \(URL\) non utilizza un protocollo conosciuto\. Il protocollo non \xc3\xa8 supportato oppure la richiesta non \xc3\xa8 stata digitata correttamente\. Confermare la validit\xc3\xa0 del protocollo in uso \(ad esempio, HTTP per una richiesta Web\)\.  \)\r\nVia: 1\.1 ([\w.-]+)\r\n| p/Microsoft ISA Server http proxy/ i/Italian/ o/Windows/ h/$1/ cpe:/a:microsoft:isa_server::::it/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 502 Proxy Error \( URL-\xd0\xb0\xd0\xb4\xd1\x80\xd0\xb5\xd1\x81 \xd0\xbd\xd0\xb5 \xd0\xb8\xd1\x81\xd0\xbf\xd0\xbe\xd0\xbb\xd1\x8c\xd0\xb7\xd1\x83\xd0\xb5\xd1\x82 \xd0\xbf\xd0\xbe\xd0\xb4\xd0\xb4\xd0\xb5\xd1\x80\xd0\xb6\xd0\xb8\xd0\xb2\xd0\xb0\xd0\xb5\xd0\xbc\xd1\x8b\xd0\xb9 \xd0\xbf\xd1\x80\xd0\xbe\xd1\x82\xd0\xbe\xd0\xba\xd0\xbe\xd0\xbb\. \xd0\x9f\xd1\x80\xd0\xbe\xd1\x82\xd0\xbe\xd0\xba\xd0\xbe\xd0\xbb \xd0\xbd\xd0\xb5 \xd0\xbf\xd0\xbe\xd0\xb4\xd0\xb4\xd0\xb5\xd1\x80\xd0\xb6\xd0\xb8\xd0\xb2\xd0\xb0\xd0\xb5\xd1\x82\xd1\x81\xd1\x8f, \xd0\xbb\xd0\xb8\xd0\xb1\xd0\xbe \xd0\xb7\xd0\xb0\xd0\xbf\xd1\x80\xd0\xbe\xd1\x81 \xd0\xb2\xd0\xb2\xd0\xb5\xd0\xb4\xd0\xb5\xd0\xbd \xd0\xbd\xd0\xb5\xd0\xbf\xd1\x80\xd0\xb0\xd0\xb2\xd0\xb8\xd0\xbb\xd1\x8c\xd0\xbd\xd0\xbe\. \xd0\xa3\xd0\xb1\xd0\xb5\xd0\xb4\xd0\xb8\xd1\x82\xd0\xb5\xd1\x81\xd1\x8c, \xd1\x87\xd1\x82\xd0\xbe \xd0\xb8\xd1\x81\xd0\xbf\xd0\xbe\xd0\xbb\xd1\x8c\xd0\xb7\xd1\x83\xd0\xb5\xd1\x82\xd1\x81\xd1\x8f \xd0\xb2\xd0\xb5\xd1\x80\xd0\xbd\xd1\x8b\xd0\xb9 \xd0\xbf\xd1\x80\xd0\xbe\xd1\x82\xd0\xbe\xd0\xba\xd0\xbe\xd0\xbb \(\xd0\xbd\xd0\xb0\xd0\xbf\xd1\x80\xd0\xb8\xd0\xbc\xd0\xb5\xd1\x80 HTTP \xd0\xb4\xd0\xbb\xd1\x8f \xd0\xb2\xd0\xb5\xd0\xb1-\xd0\xb7\xd0\xb0\xd0\xbf\xd1\x80\xd0\xbe\xd1\x81\xd0\xbe\xd0\xb2\)\.  \)\r\nVia: 1\.1 ([\w.-]+)\r\n| p/Microsoft ISA Server http proxy/ i/Russian/ o/Windows/ h/$1/ cpe:/a:microsoft:isa_server::::ru/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 502 Proxy Error \( \xe7\xbb\x9f\xe4\xb8\x80\xe8\xb5\x84\xe6\xba\x90\xe5\xae\x9a\xe4\xbd\x8d\xe5\x99\xa8\(URL\)\xe6\x9c\xaa\xe4\xbd\xbf\xe7\x94\xa8\xe5\x8f\xaf\xe4\xbb\xa5\xe8\xaf\x86\xe5\x88\xab\xe7\x9a\x84\xe5\x8d\x8f\xe8\xae\xae\xe3\x80\x82\xe5\x8d\x8f\xe8\xae\xae\xe4\xb8\x8d\xe5\x8f\x97\xe6\x94\xaf\xe6\x8c\x81\xe6\x88\x96\xe9\x94\xae\xe5\x85\xa5\xe7\x9a\x84\xe8\xaf\xb7\xe6\xb1\x82\xe4\xb8\x8d\xe6\xad\xa3\xe7\xa1\xae\xe3\x80\x82\xe8\xaf\xb7\xe7\xa1\xae\xe8\xae\xa4\xe6\x89\x80\xe4\xbd\xbf\xe7\x94\xa8\xe7\x9a\x84\xe5\x8d\x8f\xe8\xae\xae\xe6\x9c\x89\xe6\x95\x88\(\xe4\xbe\x8b\xe5\xa6\x82\xef\xbc\x8c\xe4\xb8\xba Web \xe8\xaf\xb7\xe6\xb1\x82\xe4\xbd\xbf\xe7\x94\xa8 HTTP\)\xe3\x80\x82  \)\r\nVia: 1\.1 ([\w.-]+)\r\n| p/Microsoft ISA Server Web Proxy/ i/Chinese (Simplified)/ o/Windows/ h/$1/ cpe:/a:microsoft:isa_server::::zh/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 502 Proxy Error \( \xe7\xb5\xb1\xe4\xb8\x80\xe8\xb3\x87\xe6\xba\x90\xe5\xae\x9a\xe4\xbd\x8d\xe5\x99\xa8 \(URL\) \xe6\xb2\x92\xe6\x9c\x89\xe4\xbd\xbf\xe7\x94\xa8\xe5\xb7\xb2\xe8\xbe\xa8\xe8\xad\x98\xe7\x9a\x84\xe9\x80\x9a\xe8\xa8\x8a\xe5\x8d\x94\xe5\xae\x9a\xe3\x80\x82\xe5\xa6\x82\xe6\x9e\x9c\xe4\xb8\x8d\xe6\x98\xaf\xe4\xb8\x8d\xe6\x94\xaf\xe6\x8f\xb4\xe9\x80\x9a\xe8\xa8\x8a\xe5\x8d\x94\xe5\xae\x9a\xef\xbc\x8c\xe5\xb0\xb1\xe6\x98\xaf\xe9\x8d\xb5\xe5\x85\xa5\xe7\x9a\x84\xe8\xa6\x81\xe6\xb1\x82\xe4\xb8\x8d\xe6\xad\xa3\xe7\xa2\xba\xe3\x80\x82\xe8\xab\x8b\xe7\xa2\xba\xe8\xaa\x8d\xe4\xbd\xbf\xe7\x94\xa8\xe4\xb8\xad\xe7\x9a\x84\xe9\x80\x9a\xe8\xa8\x8a\xe5\x8d\x94\xe5\xae\x9a\xe6\x9c\x89\xe6\x95\x88 \(\xe4\xbe\x8b\xe5\xa6\x82 Web \xe8\xa6\x81\xe6\xb1\x82\xe7\x9a\x84 HTTP\)\xe3\x80\x82  \)\r\nVia: 1\.1 ([\w.-]+)\r\n| p/Microsoft ISA Server Web Proxy/ i/Chinese (Traditional)/ o/Windows/ h/$1/ cpe:/a:microsoft:isa_server::::zh_tw/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 502 Proxy Error \( URL\(Uniform Resource Locator\)\xec\x97\x90\xec\x84\x9c \xec\x9d\xb8\xec\x8b\x9d\xeb\x90\x9c \xed\x94\x84\xeb\xa1\x9c\xed\x86\xa0\xec\xbd\x9c\xec\x9d\x84 \xec\x82\xac\xec\x9a\xa9\xed\x95\x98\xec\xa7\x80 \xec\x95\x8a\xec\x8a\xb5\xeb\x8b\x88\xeb\x8b\xa4\. \xec\xa7\x80\xec\x9b\x90\xeb\x90\x98\xec\xa7\x80 \xec\x95\x8a\xeb\x8a\x94 \xed\x94\x84\xeb\xa1\x9c\xed\x86\xa0\xec\xbd\x9c\xec\x9d\xb4\xea\xb1\xb0\xeb\x82\x98 \xec\x9e\x85\xeb\xa0\xa5\xed\x95\x9c \xec\x9a\x94\xec\xb2\xad\xec\x9d\xb4 \xec\x98\xac\xeb\xb0\x94\xeb\xa5\xb4\xec\xa7\x80 \xec\x95\x8a\xec\x8a\xb5\xeb\x8b\x88\xeb\x8b\xa4\. \xec\x98\xac\xeb\xb0\x94\xeb\xa5\xb8 \xed\x94\x84\xeb\xa1\x9c\xed\x86\xa0\xec\xbd\x9c\xec\x9d\x84 \xec\x82\xac\xec\x9a\xa9\xed\x95\x98\xea\xb3\xa0 \xec\x9e\x88\xeb\x8a\x94\xec\xa7\x80 \xed\x99\x95\xec\x9d\xb8\xed\x95\x98\xec\x8b\xad\xec\x8b\x9c\xec\x98\xa4\. \xec\x98\x88\xeb\xa5\xbc \xeb\x93\xa4\xec\x96\xb4 \xec\x9b\xb9 \xec\x9a\x94\xec\xb2\xad\xec\x9d\x98 \xea\xb2\xbd\xec\x9a\xb0\xec\x97\x90\xeb\x8a\x94 HTTP\xec\x9e\x85\xeb\x8b\x88\xeb\x8b\xa4\.  \)\r\nVia: 1\.1 ([\w.-]+)\r\n| p/Microsoft ISA Server Web Proxy/ i/Korean/ o/Windows/ h/$1/ cpe:/a:microsoft:isa_server::::ko/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 502 Proxy Error \( Uniform Resource Locator \(URL\) \xe8\xaa\x8d\xe8\xad\x98\xe3\x81\x95\xe3\x82\x8c\xe3\x81\xa6\xe3\x81\x84\xe3\x82\x8b\xe3\x83\x97\xe3\x83\xad\xe3\x83\x88\xe3\x82\xb3\xe3\x83\xab\xe3\x82\x92\xe4\xbd\xbf\xe7\x94\xa8\xe3\x81\x97\xe3\x81\xa6\xe3\x81\x84\xe3\x81\xbe\xe3\x81\x9b\xe3\x82\x93\xe3\x80\x82\xe3\x83\x97\xe3\x83\xad\xe3\x83\x88\xe3\x82\xb3\xe3\x83\xab\xe3\x81\x8c\xe3\x82\xb5\xe3\x83\x9d\xe3\x83\xbc\xe3\x83\x88\xe3\x81\x95\xe3\x82\x8c\xe3\x81\xa6\xe3\x81\x84\xe3\x81\xaa\xe3\x81\x84\xe3\x81\x8b\xe3\x80\x81\xe8\xa6\x81\xe6\xb1\x82\xe3\x81\x8c\xe6\xad\xa3\xe3\x81\x97\xe3\x81\x8f\xe5\x85\xa5\xe5\x8a\x9b\xe3\x81\x95\xe3\x82\x8c\xe3\x81\xbe\xe3\x81\x9b\xe3\x82\x93\xe3\x81\xa7\xe3\x81\x97\xe3\x81\x9f\xe3\x80\x82\xe6\x9c\x89\xe5\x8a\xb9\xe3\x81\xaa\xe3\x83\x97\xe3\x83\xad\xe3\x83\x88\xe3\x82\xb3\xe3\x83\xab \(Web \xe8\xa6\x81\xe6\xb1\x82\xe3\x81\xab\xe3\x81\xaf HTTP \xe3\x81\xaa\xe3\x81\xa9\) \xe3\x81\x8c\xe4\xbd\xbf\xe7\x94\xa8\xe3\x81\x95\xe3\x82\x8c\xe3\x81\xa6\xe3\x81\x84\xe3\x82\x8b\xe3\x81\x93\xe3\x81\xa8\xe3\x82\x92\xe7\xa2\xba\xe8\xaa\x8d\xe3\x81\x97\xe3\x81\xa6\xe3\x81\x8f\xe3\x81\xa0\xe3\x81\x95\xe3\x81\x84\xe3\x80\x82  \)\r\nVia: 1\.1 ([\w.-]+)\r\n| p/Microsoft ISA Server http proxy/ i/Japanese/ o/Windows/ h/$1/ cpe:/a:microsoft:isa_server::::ja/ cpe:/o:microsoft:windows/a

match http-proxy m|^HTTP/1\.1 502 Proxy Error \( L'URL \(Uniform Resource Locator\) n'utilise pas de protocole reconnu\. Soit le protocole n'est pas pris en charge, soit la demande n'a pas \xe9t\xe9 tap\xe9e correctement\.| p/Microsoft ISA Server Web Proxy/ i/French/ o/Windows/ cpe:/a:microsoft:isa_server::::fr/ cpe:/o:microsoft:windows/a
softmatch http-proxy m|^HTTP/1\.1 502 Proxy Error \( [^\r\n]+  \)\r\nVia: 1\.1 ([\w.-]+)\r\n| p/Microsoft ISA Server http proxy/ o/Windows/ h/$1/ cpe:/a:microsoft:isa_server/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 407 Proxy Authentication Required \( The ISA Server requires authorization to fulfill the request\. Access to the Web Proxy service is denied\.  \)\r\n| p/Microsoft ISA Server Web Proxy/ i/Proxy auth required/ o/Windows/ cpe:/a:microsoft:isa_server/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 407 Proxy Authentication Required \( El servidor ISA requiere autorizaci\xc3\xb3n para completar la petici\xc3\xb3n\. Acceso denegado al servicio de proxy web\.  \)\r\n| p/Microsoft ISA Server Web Proxy/ i/Spanish; Proxy auth required/ o/Windows/ cpe:/a:microsoft:isa_server::::es/ cpe:/o:microsoft:windows/a
match http-proxy m|^IsException=TRUE\r\nExceptionMsg=| p/Microsoft ISA Server Web Proxy/ o/Windows/ cpe:/a:microsoft:isa_server/ cpe:/o:microsoft:windows/a

match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>SMC Barricade Wireless Broadband Router</TITLE>| p/SMC Barricade WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n.*<HTML><HEAD><TITLE>SMC Barricade Broadband Router</TITLE>|s p/SMC Barricade router http config/ d/broadband router/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Monkey/([\d.]+) \(Linux\)\r\n|s p/Monkey httpd/ v/$1/ o/Linux/ cpe:/a:monkey-project:monkey_http_daemon:$1/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Monkey/([\d.]+)\r\n|s p/Monkey httpd/ v/$1/ cpe:/a:monkey-project:monkey_http_daemon:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Monkey Server\r\n| p/Monkey httpd/ cpe:/a:monkey-project:monkey_http_daemon/
match http m|^HTTP/1\.0 \d\d\d .*\nDate: .*\nPragma: no-cache\n      Server: wr_httpd/([\d.]+)\n| p/wr_httpd embedded httpd/ v/$1/
match http m|^HTTP/1\.0 401 Authorization Required\r\nContent-length: 0\r\nWWW-Authenticate: Basic realm=\"Cayman-2E\"\r\n\r\n| p/Cayman 2E router http config/ d/router/
match http m|^HTTP/1\.0 401 Authorization Required\r\nContent-length: 0\r\nWWW-Authenticate: Basic realm=\"Cayman-DSL\"\r\n\r\n| p/Cayman DSL router http config/ d/router/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html\r\nDate: .*\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n<h1>Bad Request \(Invalid .*\)</h1>$| p/Microsoft IIS httpd/ cpe:/a:microsoft:internet_information_services/
match http m|^HTTP/1\.0 200 OK\nMIME-version: 1\.0\nContent-type: text/html\n\n<html>\n<head><title> XTide Tide Prediction Server </title>| p/xtide Tide prediction httpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nServer: Agranat-EmWeb/R([\d_.]+)\r\nWWW-Authenticate: Basic realm=\"User\"\r\n\r\n401 Unauthorized\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Nortel Bay router http config/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nPragma: no-cache\r\n.*<title>DTA310 Web Configuration Pages</title></head>|s p/DTA310 VoIP router http config/ d/VoIP adapter/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\nContent-length: \d+\n\n<html><head><title></title>.*<font size=\"5\"><a href=\"PrintSir\.htm\">Enter PrintSir utilities</font><|s p/Edimax Printserver httpd/ d/print server/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: FSPMS/([\d.]+) \(Win32\)|s p/F-Secure Policy Manager Server httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"SpeedTouch \(([-\w]+)\)\"\r\n\r\n| p/SpeedTouch DSL router http config/ i/MAC $1/ d/router/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: RapidLogic/([\d.]+)\r\nMIME-version: [\d.]+\r\nContent-type: text/html\r\nDate: .*<META NAME=\"GENERATOR\" Content=\"Visual Page 2\.0 for Windows\">\r\n|s p/RapidLogic httpd/ v/$1/ i/Brocade Silkworm Fibreswitch http config/ d/switch/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Netscape-Commerce/([\d.]+)\r\n| p/Netscape-Commerce httpd/ v/$1/ cpe:/a:netscape:commerce_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nWWW-Authenticate: Basic Realm=\"DSLink 200 U/E\"\r\n| p/DSLink 200 DSL router http config/ d/router/
match http m|^HTTP/1\.1 \d\d\d .*\r\nContent-Type: text/html\r\nDate: .*\r\nServer: TUX/([\d.]+) \(Linux\)\r\n| p/TUX httpd/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nExpires: .*\r\nContent-Type: text/html\r\n\r\n\n<html>\n\n  <head>\n    <meta http-equiv=\"content-type\" content=\"text/html;charset=iso-8859-1\">\n    \n    <title>Remote UI &lt;Top Page&gt; :  ; [\d ]+</title>\n| p/Canon LBP-2000 printer httpd/ d/printer/ cpe:/h:canon:lbp-2000/
match http m|^HTTP/1\.0 200 OK\r\n.*<title>Remote UI &lt;Top Page&gt; : iR(\w+) ;|s p/Canon imageRUNNER $1 printer http config/ d/printer/ cpe:/h:canon:imagerunner_$1/
match http m|^HTTP/1\.1 200 OK\r\n.*<title>Remote UI \(Top Page\):&nbsp;(MF\w+) Series|s p/Canon $1 printer http config/ d/printer/ cpe:/h:canon:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: 2Wire-Gateway/([-\w_.]+)\r\n| p/2Wire HomePortal router http config/ i/Firmware $1/ d/router/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: 2wire Gateway ([\d.]+)\r\n|s p/2Wire HomePortal http config/ v/$1/ d/broadband router/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: 2wire Gateway\r\n|s p/2Wire HomePortal router http config/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nServer: Agranat-EmWeb/R([\d_]+)\r\n.*<title>2Wire HomePortal</title>|s p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/2Wire HomePortal router http config/ d/router/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/
match http m|^HTTP/1\.0 200 OK\r\nPragma:no-cache\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<title>AXIS ([\d/+]+); IP address: [\d.]+</title>\n| p/AXIS $1 print server http config/ d/print server/ cpe:/h:axis:$1/a
match http m|^HTTP/1\.0 \d\d\d.*<TITLE>Lantronix Web Manager ([\d.]+) : Home</TITLE>|s p/Lantronix Web Manager/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"DI-(\w+)\"\r\n\r\n| p/D-Link DI-$1 http config/ d/WAP/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nWWW-Authenticate: Basic Realm=\"D-Link ([-\w_.]+) Router\"\r\n| p/D-Link $1 router http config/ d/WAP/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"administration\"\r\n\r\n401 Unauthorized\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Efficient Networks router http config/ d/router/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a

match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!--CAS:0003--><HTML><HEAD><SCRIPT LANGUAGE=JavaScript><!--\ndocument\.write\(\"<TITLE>\"\)\nvar l1=\"713P\"| p/D-Link DI-713P wireless access point http config/ d/WAP/
match http m|^HTTP/1\.0 401 NG\r\nWWW-Authenticate: Basic realm=\"AirLive W([\w._-]+)\"\r\n\r\n<!--CAS:0003-->Unauthorized| p/AirLive W$1 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 401 NG\r\nWWW-Authenticate: Basic realm=\"(RT-[\w._-]+)\"\r\n\r\n<!--CAS:0003-->Unauthorized| p/Asus $1 WAP http config/ d/WAP/ cpe:/h:asus:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!---CAS:0003--><HTML><HEAD><TITLE>SMC Barricade Wireless Broadband Router</TITLE>| p/SMC Barricade wireless broadband router http config/ d/broadband router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!---CAS:0003--><HTML><HEAD><TITLE>Broadband NAT Router Web-Console</TITLE>| p/Digtus DN-11001 broadband router http config/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!---CAS:0003--><HTML><HEAD>\n<TITLE>Wireless Broadband NAT Router Web-Console| p/Safecom SWBR 54000 WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!---CAS:0003--><HTML><HEAD>\n<TITLE>(FBR-[\w._-]+)  Broadband NAT Router Web-Console</TITLE>| p/LevelOne $1 router http config/ d/router/ cpe:/h:levelone:$1/a
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!---CAS:0003--><HTML><HEAD>\n<TITLE>(WBR-[\w._-]+) Wireless Broadband NAT Router Web-Console</TITLE>| p/LevelOne $1 router http config/ d/router/ cpe:/h:levelone:$1/a
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!---CAS:0003--><HTML><HEAD><TITLE>Broadband NAT Router Web-Console</TITLE>| p/ArtDio ARU-504 broadband router http config/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!---CAS:0003--><HTML><HEAD><TITLE>U\.S\. Robotics Broadband Router Configuration</TITLE>| p/USRobotics ADSL router http config/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!---CAS:0003--><HTML><HEAD>\n<TITLE> Broadband NAT Router Web-Console           </TITLE>|s p/D-Link DGE-530T network adapter http config/

match http m|^HTTP/1\.0 200 OK\r\ncontent-type:text/html\r\n\r\n<HTML><HEAD><TITLE>WWWinamp</TITLE>| p/WWWinamp remote control httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Length: \d+\r\n.*<TITLE>Live view / - AXIS 205(?: Network Camera)? version ([\d.]+)</TITLE>\n|s p/AXIS 205 network camera web interface/ v/$1/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: [\d.]+\r\nContent-type: text/html\r\n\r\n<html>\r\n  <title>VT1000v Status</title>| p/RapidLogic httpd/ v/$1/ i/Motorola VT1000v VoIP Adapter http config/ d/VoIP adapter/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:motorola:vt1000v/a
match http m|^HTTP/1\.0 200 Okay\r\nDate: .*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head><title>home\.htm</title>| p/NetComm NS4000 network camera http interface/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nContent-Type: \(null\)\r\nConnection: close\r\n\r\n([-\w_.]+)\n$| p/IRC Services http stats/ h/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Oracle Application Server Containers for J2EE\r\n| p/Oracle Application Server httpd/ cpe:/a:oracle:application_server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Oracle Application Server Containers for J2EE 10g \(([\d.]+)\)\r\n| p/Oracle Application Server httpd/ v/$1/ cpe:/a:oracle:application_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Oracle Application Server Containers for J2EE 10g \(([\d.]+)\) - Developer Preview\r\n| p/Oracle Application Server httpd/ v/$1/ i/Developer preview/ cpe:/a:oracle:application_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Oracle-Application-Server-(\d+[a-z])\r\n| p/Oracle Application Server $1 httpd/ cpe:/a:oracle:application_server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Oracle-Application-Server-(\d+[a-z])/([\d.]+) Oracle-HTTP-Server\r\n| p/Oracle Application Server $1 httpd/ v/$2/ cpe:/a:oracle:application_server:$2/ cpe:/a:oracle:http_server/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle-Application-Server-(\d+[a-z])/([\d.]+) Oracle-HTTP-Server|s p/Oracle Application Server $1 httpd/ v/$2/ cpe:/a:oracle:application_server:$2/ cpe:/a:oracle:http_server/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: OracleAS-Web-Cache-(\d+[a-z])/([\d.]+)\r\n|s p/OracleAS Web Cache $1/ v/$2/ cpe:/a:oracle:application_server_web_cache:$2/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle-Application-Server-(\d+[a-z])/([\d.]+) Oracle-HTTP-Server OracleAS-Web-Cache-(\d+[a-z])/([\d.]+) |s p/Oracle Application Server $1 httpd/ v/$2/ i/OracleAS-Web-Cache-$3 $4/ cpe:/a:oracle:application_server_web_cache:$4/ cpe:/a:oracle:http_server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Oracle-HTTP-Server\r\n| p/Oracle HTTP Server/ cpe:/a:oracle:http_server/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle Containers for J2EE\r\n.*<TITLE>Oracle Application Server 10g Release 3 \(([\d.]+)\)|s p/Oracle Application Server 10g httpd/ v/$1/ i/Oracle Containers for J2EE/ cpe:/a:oracle:application_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle Containers for J2EE\r\n.*<title>Oracle Containers for J2EE 10g Release 3 \(([\d.]+)\)|s p/Oracle Application Server 10g httpd/ v/$1/ i/Oracle Containers for J2EE/ cpe:/a:oracle:application_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle Containers for J2EE\r\n.*<TITLE>Welcome to Oracle Containers for J2EE 10g \(([\w._-]+)\)</TITLE>|s p/Oracle Application Server 10g httpd/ v/$1/ i/Oracle Containers for J2EE/ cpe:/a:oracle:application_server:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-type: text/html\r\nCache-Control: public\r\nPragma: cache\r\nExpires: .*\r\nWWW-Authenticate: Basic realm=\"Linksys (WR\w+)\"\r\n| p/Linksys $1 router http config/ d/router/ cpe:/h:linksys:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?content-length: \d+\r\ncontent-type: text/html\r\ndate: .*<title>MikroTik RouterOS Managing Webpage</title>|s p/MikroTik httpd/ cpe:/o:mikrotik:routeros/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Askey Software ([\d.]+)\r\n.*<title>Scientific.A..anta WebStar Cable Modem</title>.*|si p/Scientific Atlanta WebStar cable modem http config/ i/Askey Software $1/ d/broadband router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nServer: XES 8830 WindWeb/([\d.]+)\r\n| p/WindWeb/ v/$1/ i|Xerox 8830 printer/plotter| d/printer/ cpe:/a:windriver:windweb:$1/ cpe:/h:xerox:8830/a
match http m|^HTTP/1\.1 401 Unauthorized \r\nServer:httpd\r\nDate: .*\r\nContent-Type:text/html\r\nWWW-Authenticate: Basic realm=\"U\.S\.Robotics\"\r\nConnection:close\r\n\r\n<HTML> <Title> 401 unAuthorized </title>                   <body> <H1> 401 unauthorized request </H1></body>                   </HTML>| p/USRobotics router http config/ d/broadband router/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd.*Basic realm=\"USR ADSL Gateway\"\r\n|s p/micro_httpd/ i/USRobotics router http config/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: WN/([\d.]+)\r\n| p/WN httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"DWL-700AP\"\r\n\r\n| p/D-Link DWL-700AP router http config/ d/router/ cpe:/h:dlink:dwl-700ap/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nServer: WindWeb/([\d.]+)\r\nDate: .*\r\nContent-Type: \r\n\r\n<html>\n<head>\n<title>DW6000 System Control Center</title>| p/WindWeb/ v/$1/ i/Hughes DW6000 satellite router http config/ d/router/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nServer: WindWeb/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"HUGHES Terminal\"\r\n\r\n<html>\n<head>\n<title>HN7000S System Control Center</title>|s p/WindWeb/ v/$1/ i/Hughes HN7000S satellite router http config/ d/router/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"DM602 \"\r\nContent-type: text/html\r\nContent-length: 0\r\n\r\n/\"\r\nContent-type: text/html\r\nContent-length: 0\r\n\r\n| p/Netgear DM602 router http config/ d/router/ cpe:/h:netgear:dm602/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"EvoCam\"| p/EvoCam http interface/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: GST ([\d.]+) .*\r\n| p/Linksys WAP11 http config/ i/Firmware $1/ d/router/ cpe:/h:linksys:wap11/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nConnection: [Cc]lose\r\nServer: LANCOM ([\w._+/-]+) Office ([\w. /]+)\r\n| p|Lancom DSL/$1 router http config| v/$2/ d/router/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nConnection: Close\r\nServer: LANCOM ([\w._+/-]+) Wireless ([\w. /]+)\r\n| p/Lancom $1 wireless router http config/ v/$2/ d/router/ cpe:/h:lancom:$1/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nConnection: Close\r\nServer: LANCOM ([\w._+/-]+) ADSL/ISDN ([\w. /]+)\r\n| p|Lancom $1 DSL/ISDN router http config| v/$2/ d/router/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nConnection: Close\r\nServer: LANCOM ([\w._+/-]+) VPN (?:\(Annex B\) )?([\w. /]+)\r\n| p/Lancom $1 VPN http config/ v/$2/ d/security-misc/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\n.*<title>Cisco Systems, Inc\. VPN (\d+) Concentrator|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Cisco VPN $2 Concentrator http config/ d/terminal server/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 403 Forbidden\r\nServer: Web Server\r\n\r\n$| p/Cisco VPN Concentrator http config/ d/terminal server/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Web Server\r\nLocation: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<HEAD><TITLE>Moved</TITLE></HEAD><BODY><A HREF=\".*\">Moved</A></BODY>\r\n$| p/Cisco VPN Concentrator http config/ d/terminal server/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Web Server\r\nLocation: https://[\d.]+/webvpn\.html\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<HEAD><TITLE>Moved</TITLE></HEAD><BODY><A HREF=\"https://[\d.]+/webvpn\.html\">Moved</A></BODY>\r\n| p/Cisco VPN Concentrator http config/ d/terminal server/
match http m|^HTTP/1\.1 200 OK\r\nServer: Web Server\r\n.*\n<title>Cisco Systems, Inc\. VPN (\d+) Concentrator \[VPN-EPUL\]</title>|s p/Cisco VPN $1 Concentrator http config/ d/terminal server/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: BrowseAmp\r\n| p/BrowseAmp WinAmp webcontrol plugin/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><META HTTP-EQUIV=\"Content-type\" CONTENT=\"text/html; charset=iso-8859-1\">\r\n<TITLE>Dell Laser Printer (\w+)</TITLE>| p/Dell Laser Printer $1 http config/ d/printer/
match http m|^HTTP/1\.0 401 Password Required\r\nWWW-Authenticate: Basic realm= StarVoice\r\nServer: GoAhead-Webs\r\n| p/GoAhead WebServer/ i/Aethra Starvoice DSL router http config/ d/router/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Thy/([\d.]+) Debian/[\w/]+ \([^)]+\) GnuTLS/([\d.]+) zlib/([\d.]+)\r\n| p/Thy httpd/ v/$1/ i/Debian; GnuTLS $2; zlib $3/ o/Linux/ cpe:/o:debian:debian_linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Thy/([\d.]+) Debian \(\w+\) GnuTLS/([\d.]+) zlib/([\d.]+)\r\n| p/Thy httpd/ v/$1/ i/Debian; GnuTLS $2; zlib $3/ o/Linux/ cpe:/o:debian:debian_linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Thy/([\d.]+) zlib/([\d.]+)\r\n| p/Thy httpd/ v/$1/ i/zlib $2/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: FileMakerPro/([\w.]+) WebCompanion/([\w.]+)\r\n| p/WebCompanion httpd $2/ i/FileMakerPro $1/ cpe:/a:filemaker:filemaker_pro:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: FileMakerPro/([\d.]+)\r\n|s p/FileMakerPro httpd/ v/$1/ cpe:/a:filemaker:filemaker_pro:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: AdSubtract ([\d.]+)\r\n| p/AdSubtract httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer:ATMEL Embedded Webserver\r\nWWW-Authenticate: Basic realm=\"Linksys WAP11\",\r\n\r\n| p/ATMEL embedded httpd/ i/Linksys WAP11 http config/ d/router/ cpe:/h:linksys:wap11/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"Linksys WAP11\"\r\n\r\n| p/Linksys WAP11 http config/ d/router/ cpe:/h:linksys:wap11/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: bozohttpd/(\w+)\r\n|s p/bozohttpd/ v/$1/ cpe:/a:eterna:bozohttpd:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Null httpd ([\d.]+)\r\n|s p/Null httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\nServer: Dune/([\d.]+)\r\n| p/Dune httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Meredydd Luff's Surfboard/([\d.]+) \(UNIX/\w+\)\r\n| p/Surfboard httpd/ v/$1/ o/Unix/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: zawhttpd ([\d.]+)\r\n| p/zawhttpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\nDate: .*\nServer: NeepHttpd/([\d.]+) \(Linux\)\n| p/NeepHttpd/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nConnection: close\r\nServer: WindWeb/([\d.]+)\r\nDate: .*\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"Home Gateway\"\r\n\r\nHasbani Web Server Error Report:| p/WindWeb/ v/$1/ i/Conexant DSL router http config/ d/router/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1.0 401 Unauthorized\r\nConnection: close\r\nServer: WindWeb/([\d\.]+)\r\nDate: .*\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm="(AG \w+)"\r\n| p/WindWeb/ v/$1/ i/Nomadix $2 router http config/ d/router/ cpe:/a:windriver:windweb:$1/ cpe:/h:nomadix:$2/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: WindWeb/([\d.]+)\r\nWWW-Authenticate: Basic realm=\"Home Gateway\"\r\nContent-Type: text/html\r\nDate: .*\r\nAge: 0\r\n\r\nHasbani Web Server Error Report:<HR>\n<H1>Server Error: 401 Unauthorized</H1>\r\n<P><HR><H2>Access denied</H2><P><P><HR><H1>/doc/index\.htm</H1><P>| p/WindWeb/ v/$1/ i/3Com router http config/ d/router/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 403 Forbidden\r\nConnection: close\r\nServer: WindWeb/([\d.]+)\r\nDate: .*\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"Home Gateway\"\r\n\r\nHasbani Web Server Error Report:<HR>\n<H1>Server Error: 403 Forbidden</H1>\r\n<P><HR><H2>Access denied</H2><P>| p/WindWeb/ v/$1/ i/eTec DSL router http config/ d/router/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: AKCP Embedded Web Server\r\n.*<font color=#FFCC66>Uptime Devices</font>|s p/AKCP embedded httpd/ i|UptimeDevices Sensorprobe temp/humidity http config| d/specialized/
match http m|^HTTP/1\.[01] \d\d\d.*\r\nServer: SHS\r\n|s p/Small Home Server httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\nLast-Modified: .*\r\nContent-length: \d+\r\n\r\n<html>\n<head>\n\t<title>PXES on P\d+</title>| p/PXES Linux Thin Client httpd/ d/terminal/ o/Linux/ cpe:/o:linux:linux_kernel/a

match http m|^HTTP/1\.1 401 Access Denied Still Working\r\nWWW-Authenticate: Basic realm=.*\r\nServer: cpsrvd/([\w._-]+)\r\n|s p/cPanel httpd/ v/$1/ i/unauthorized/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 401 Access Denied Still Working\r\nWWW-Authenticate: Basic realm=\"[^"]+\"\r\nConnection: close\r\nSet-Cookie: logintheme=cpanel;| p/cPanel httpd/ i/unauthorized/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d .*\nServer: cpaneld/([\d.]+)\n|s p/cPanel httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*\nServer: cpsrvd/([\d.]+)\r\n|s p/cPanel httpd/ v/$1/ o/Unix/

match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n.*<title>(DWL-\w+)</title>|s p/Allegro RomPager/ v/$1/ i/D-Link $2 WAP http config/ d/WAP/ cpe:/a:allegro:rompager:$1/ cpe:/h:dlink:$2/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?MIME-Version: [\d.]+\r\nServer: CERN/([\d.]+)\r\n.*alert\(\"\\r\\nThis version of your browser cannot support the router's configuration completely\. Please refer to the router's CD-ROM for upgrade information\.\"\);|s p/CERN httpd/ v/$1/ i/Edimax BR-6004 broadband router http config/ d/broadband router/ cpe:/h:edimax:br-6004/
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: close\r\nDate: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServer: Web-Server/([\d.]+)\r\n\r\n<HTML>\n<FRAMESET ROWS=\"82,40,\*\"| p/Web-Server httpd/ v/$1/ i|NRG/Ricoh copier http config| d/printer/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Savant/([\d.]+)\r\n| p/Savant httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Connection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n.*<th width=\"50%\">TiVo Web Project - TCL - v([\d.]+)&nbsp;</th><th>&nbsp;|s p/TiVo Web Project http interface/ v/$1/ d/media device/
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: close\r\nContent-Type: text/plain\r\nContent-Length: \d+\r\nServer: TiVo Server/([\d.]+)\r\n\r\n| p/TiVo Desktop httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: WebTopia/([\w.]+) \(Unix\)\r\n| p/Archetopia WebTopia httpd/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Connection: close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n.*C<small>ISCO<font height=10 size=2> S<small>YSTEMS<br>|s p/Cisco IP Phone http config/ d/VoIP phone/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Apache/([\d.]+)\+NITI ([^\r\n]+)\r\n| p/Net Integration Modified Apache httpd/ v/$1/ i/$2/ cpe:/a:apache:http_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Microsoft ASP\.NET Web Matrix Server/([\d.]+)\r\n| p/Microsoft ASP.NET Web Matrix httpd/ v/$1/ o/Windows/ cpe:/a:microsoft:asp.net/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Type: text/html\r\n\r\n.*<TITLE>Lexmark Optra (\w+)</TITLE>|s p/Lexmark Optra $1 printer http config/ d/printer/ cpe:/h:lexmark:optra_$1/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Type: text/html\r\n\r\n.*<TITLE>Lexmark Optra SC (\w+)</TITLE>|s p/Lexmark Optra SC $1 printer http config/ d/printer/ cpe:/h:lexmark:optra_sc_$1/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: GWS/([\d.]+)\r\n|s p/Google httpd/ v/$1/ i/GWS/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: GFE/([\d.]+)\r\n|s p/Google httpd/ v/$1/ i/GFE/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: GWS-GRFE/([\d.]+)\r\n|s p/Google httpd/ v/$1/ i/GWS-GRFE/ o/Linux/ cpe:/o:linux:linux_kernel/a

# These should hopefully match before the more general Ubicom line in GenericLines
match http m|^HTTP/1\.1 \d\d\d .*\r\nCache-control: no-cache\r\nServer: Ubicom/(\d[-.\w ]+)\r\nContent-Length: \d+\r\nWWW-Authenticate: Basic realm=\"Linksys WET54G\"\r\n| p/Ubicom httpd/ v/$1/ i/Linksys WET54G wireless bridge http config/ d/bridge/ cpe:/a:ubicom:httpd:$1/ cpe:/h:linksys:wet54g/a
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nCache-control: no-cache\r\nServer: Ubicom/(\d[-.\w ]+)\r\nLocation: login\.html\r\n\r\n$| p/Ubicom httpd/ v/$1/ i/SMC SMC2870W Wireless bridge http config/ d/bridge/ cpe:/a:ubicom:httpd:$1/ cpe:/h:smc:smc2870w/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Ubicom/([\d.]+)\r\n.*<title>(DI-\w+)</title>\n|s p/Ubicom httpd/ v/$1/ i/D-Link $2 router http config/ d/router/ cpe:/a:ubicom:httpd:$1/ cpe:/h:dlink:$2/a
match http m=^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nServer: Ubicom/([\d.]+)\r\nContent-Type: text/html\r\n\r\n\xef\xbb\xbf.*<title>TRENDnet TEW-([\w ]+) Router \|\r\n\t\t Login\r\n\t</title>=s p/Ubicom httpd/ v/$1/ i/TRENDnet TEW-$2 WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/
match http m=^HTTP/1\.0 200 200 OK\r\n.*Server: Ubicom/([\d.]+)\r\n.*\n\t<title>D-LINK SYSTEMS, INC\. \| WIRELESS ROUTER  :\n\t\t Login\n\t</title>=s p/Ubicom httpd/ v/$1/ i/D-Link DIR-655 WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/ cpe:/h:dlink:dir-655/a
match http m%^HTTP/1\.0 200 OK\r\n.*Server: Ubicom/([\d.]+)\r\n.*<link rel=\"stylesheet\" rev=\"stylesheet\" href=\"/substyle_(DIR-\w+)\.css\" type=\"text/css\" />.*<title>D-LINK SYSTEMS, INC\. \| WIRELESS ROUTER  :\r\n         Login\r\n    </title>%s p/Ubicom httpd/ v/$1/ i/D-Link $2 WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/ cpe:/h:dlink:$2/a
match http m=^HTTP/1\.0 200 OK\r\n.*Server: Ubicom/([\d.]+)\r\n.*<title>D-LINK SYSTEMS, INC\. \| WIRELESS ROUTER  :\r\n         Login\r\n    </title>=s p/Ubicom httpd/ v/$1/ i/D-Link DIR-655 WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/ cpe:/h:dlink:dir-655/a
match http m=^HTTP/1\.0 200 OK\r\n.*Server: Ubicom/([\d.]+)\r\n.*<title>D-LINK SYSTEMS, INC\. \| WIRELESS ROUTER :\r\r\nLogin\r\r\n</title>=s p/Ubicom httpd/ v/$1/ i/D-Link WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/

match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: GoAhead-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Default: admin/1234\"\r\n| p/GoAhead WebServer/ i/Router with realtek 8181 chipset http config/ d/router/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.0 \d\d\d .*\r\nCache-Control: max-age=3600\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\"> \n<title>Base Station Management Tool</title>\n<META HTTP-EQUIV=\"MSThemeCompatible\"| p/Microsoft Wireless Base Station http config/ d/router/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Length: 169\r\nContent-Type: text/html\r\nLocation: /Volumes/\r\n\r\n<head><title>Moved Temporarily</title></head>\r\n<body><h2>Moved Temporarily!</h2>\r\n<p>The requested resource has been temporarily movedto a new location\.\r\n</p>\r\n</body>\r\n$| p/AXIS StorPoint CD http config/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nContent-length: \d+\r\n.*<!-- \(c\) Copyright Axis Communications.*Network CD-ROM Server</h2>|s p/AXIS StorPoint CD http config/ d/storage-misc/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n.*<title>Cisco Systems, Inc\. VPN 3002 Hardware Client|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Cisco VPN 3002 http config/ d/security-misc/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: \d+\r\nServer: Boche/([\d.]+) xmmsd/([\d.]+)\r\n\r\n| p/Boche httpd/ v/$1/ i/xmmsd xmms http admin $2/ o/Unix/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: libwww-perl-daemon/([\d.]+)\r\n| p/libwww-perl-daemon httpd/ v/$1/ cpe:/a:gisle_aas:libwww-perl:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: \r\nContent-Type: text/html; charset=iso-8859-1\r\nDate: .*\r\nLast-Modified: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n<HTML>\n<HEAD>\n  <META HTTP-EQUIV=Refresh CONTENT=\"0; URL=/cgi-bin/index\.cgi\">\n</HEAD>\n</HTML>\n\n| p/Barracuda Spam firewall http config/ d/firewall/

match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n\r\n.*<title>MiniShare</title>\r\n.*<td class=\"total\" colspan=\"2\">Total: (\d+) files</td><td class=\"totalsize\">([^<]+)</td></tr>\r\n</table>\r\n<hr><p class=\"versioninfo\"><a href=\"http://minishare\.sourceforge\.net/\">MiniShare ([\d.]+)</a>|s p/MiniShare http interface/ v/$3/ i/$1 files, $2 shared/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n\r\n.*<title>MiniShare</title>\r\n.*<td class=\"total\" colspan=\"2\">Total: (\d+) files</td><td class=\"totalsize\">([^<]+)</td></tr>|s p/MiniShare http interface/ i/$1 files, $2 shared/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n\r\n.*<title>MiniShare</title>\r\n|s p/MiniShare http interface/ o/Windows/ cpe:/o:microsoft:windows/a

match http m|^<html>\n<head>\n<title>Touchstone Status</title>\n<META HTTP-EQUIV=\"Pragma\"| p/Arris Touchstone Cable Modem http config/ d/router/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: MACOS_Personal_Websharing\r\n.*<meta name=Title content=\"([^"]+)\">|s p/Mac OS X Personal Websharing httpd/ i/Name $1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
# Server line is odd. Somebody's idea of a joke?
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Sinclair ZX-81 Spectrum\r\n| p/Urchin Web Statistics httpd/ cpe:/a:google:urchin/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: WWW File Share Pro\r\n| p/WWW File Share Pro httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 302 Redirect\r\nServer: GoAhead-Webs\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nExpires: 0\r\n<META http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8559-1\">\r\nLocation: http://\(null\)/index\.html\r\n\r\n| p/GoAhead WebServer/ i/ASUS SL6000 series router http config/ d/router/ cpe:/a:goahead:goahead_webserver/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: HP Apache-based Web Server/(\d[\w.]+) \(Unix\)\r\n| p/HP Apache-based httpd/ v/$1/ o/HP-UX/ cpe:/h:hp:apache-based_web_server:$1/ cpe:/o:hp:hp-ux/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: HP Apache-based Web Server/(\d[\w.]+) \(Unix\) ?([^\r\n]+)\r\n| p/HP Apache-based httpd/ v/$1/ i/$2/ o/HP-UX/ cpe:/h:hp:apache-based_web_server:$1/ cpe:/o:hp:hp-ux/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection:close\r\nHost:([-\w_.]+)\r\nServer:WebSVR Version ([^\r\n]+)\r\n| p/WebSVR httpd/ v/$2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Internet Firewall\r\n| p/3Com OfficeConnect Firewall http config/ d/firewall/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Router/([\d.]+)\r\nContent-Type: text/html\r\nPragma: no-cache\r\nExpires: 0\r\nConnection: close\r\nWWW-Authenticate: Basic Realm=\"Login as admin\"\r\n\r\n| p/Router httpd/ v/$1/ i/D-Link DI-804V VPN router http config/ d/router/ cpe:/h:dlink:di-804v/a
match http m|^<html>\n<title>NETGEAR Web Smart Switch</title>\n<frameset rows='109,\*' framespacing=0 frameborder=no>\n <frame name=top src=top\.htm scrolling=no>\n| p/Netgear FS526T Switch http config/ d/switch/ cpe:/h:netgear:fs526t/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>NETGEAR Web Smart Switch</TITLE>\r\n| p/Netgear FS726TP switch http config/ d/switch/ cpe:/h:netgear:fs726tp/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<HTML>\n<HEAD>\n<TITLE>NETGEAR Web Smart Switch</TITLE>\n| p/Netgear GS724T Switch http config/ d/switch/ cpe:/h:netgear:gs724t/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n.*\n<html><head><title>NETGEAR Web Smart Switch</title>|s p/Netgear GS108T switch http config/ d/switch/ cpe:/h:netgear:gs108t/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\n.*\n<html>\n<title>NETGEAR Web Smart Switch</title>|s p/Netgear GS716T switch http config/ d/switch/ cpe:/h:netgear:gs716t/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: swcd/([\d.]+)\r\n| p/swcd httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: LiveStats Reporting Server\r\n.*<TITLE>DeepMetrix LiveStats ([\d.]+) - Login</TITLE>|s p/DeepMetrix LiveStats httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Embedded HTTPD v([\d.]+), \d+\(c\) Delta Networks Inc\.\r\n.*<title>NETGEAR Router</title>|s p/Delta Networks Embedded HTTPD/ v/$1/ i/Netgear router http config/ d/router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Embedded HTTPD v([\d.]+), \d+\(c\) Delta Networks Inc\.\r\n| p/Delta Networks Embedded HTTPD/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nAllow: .*\r\nServer: Spyglass_MicroServer/([\w.]+)\r\n| p/Spyglass Microserver embedded httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d.*<title>Metasploit Framework Web Console v([-\w_.]+)</title>|s p/Metasploit Framework web console/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nHTTP/1\.0 200 OK\r\nServer: (\w+)\r\nConnection: close\r\nCache-Control: must-revalidate = no-cache\r\nContent-Type: text/html\r\nExpires: 0\r\nLast-Modified: 0\r\n\r\n<html><head>\r\n<title>Netgear Access Point http config</title>| p/$1/ i/Netgear WG602 wireless router http config/ d/router/ cpe:/h:netgear:wg602/a
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=iso-8859-1\r\nServer: Grandstream/([\d.]+)\r\n\r\n<HTML><HEAD><TITLE>Login Page</TITLE>.*<font size=4 color=\"ffffffff\">Welcome to Grandstream IP Phone</font>|s p/Grandstream httpd/ v/$1/ i/BudgeTone-100 VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html;charset=iso-8859-1\r\nContent-Length: \d+\r\nServer: Grandstream (BT\w+) ([\w._-]+)\r\n| p/Grandstream $1 VoIP phone http config/ v/$2/ d/VoIP phone/ cpe:/h:grandstream:$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Grandstream\r\n.*<title>Grandstream Device Configuration</title>\n.*<form action=\"dologin\.htm\" method=\"post\" name=\"loginForm\">\n|s p/Grandstream GXV-3000 VoIP phone http config/ d/VoIP phone/ cpe:/h:grandstream:gxv-3000/
match http m|^HTTP/1\.0 200 OK\n.*<title>Grandstream Device Configuration</title>\n.*<form action=\"/cgi-bin/dologin\" method=\"post\" name=\"loginForm\">|s p/Grandstream HT502 VoIP router http config/ d/VoIP adapter/ cpe:/h:grandstream:ht502/
match http m|^HTTP/1\.1 200 OK\r\n.*<title>Grandstream Device Configuration</title>\r\n.*<form action=\"dologin\.htm\" method=\"post\" name=\"loginForm\">|s p/Grandstream HT286 VoIP router http config/ d/VoIP adapter/ cpe:/h:grandstream:ht286/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Tcl-Webserver/([\d.]+) .*CRADLE VERSION ([\d.]+) CONTENTS TEMPLATE\r\n|s p/Tcl-Webserver/ v/$1/ i/Cradle Web-Access httpd $2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Tcl-Webserver/([\d.]+) .*\r\n| p/Tcl-Webserver/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ListManagerWeb/([\w.]+) \(based on Tcl-Webserver/([\d.]+)\)\r\n|s p/Lyris ListManagerWeb/ v/$1/ i/based on Tcl-Webserver $2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nContent-type: text/html\r\nExpires: .*\r\nWWW-Authenticate: Basic realm=\"level \d+ access\"\r\n\r\n<HEAD><TITLE>Authorization Required</TITLE></HEAD><BODY><H1>Authorization Required</H1>Browser not authentication-capable or authentication failed\.</BODY>\r\n\r\n| p/Cisco wireless router http config/ d/router/
match http m|^HTTP/1\.0 401 Unauthorized \nContent-type:text/html\nExpires: .*\nWWW-Authenticate: Basic realm=\"access\"\n\n<HEAD><TITLE>Authorization Required</TITLE></HEAD><BODY BGCOLOR=#FFFFFF><H1>Authorization Required</H1>Browser not authentication-capable or authentication failed\.</BODY>\n\n| p/Cisco Catalyst switch http config/ d/switch/ o/IOS/ cpe:/o:cisco:ios/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nContent-type: text/html\r\nExpires: .*\r\nWWW-Authenticate: Basic realm=\"access\"\r\n\r\n<HEAD><TITLE>Authorization Required</TITLE>.*Browser not authentication-capable or authentication failed|s p|Cisco switch/router http config| o/IOS/ cpe:/o:cisco:ios/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: 4D_WebStar_(\w+)/([\d.]+)\r\n| p/4D WebStar $1/ v/$2/ o/Mac OS/ cpe:/o:apple:mac_os/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Got-Fish: Pike v([\d.]+ release \d+)\r\n(?:[^\r\n]+\r\n)*?Server: Caudium/([^\r\n]+)\r\n|s p/Caudium httpd/ v/$2/ i/Pike $1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Caudium/([^\r\n]+)\r\n|s p/Caudium httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Caudium\r\n|s p/Caudium httpd/

match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?MIME-Version: [\d.]+\r\nServer: JC-HTTPD/([\d.]+)\r\n.*<title>(C[-+\w]+)</title>|s p/Oki Data $2 printer http config/ i/JC-HTTPD $1/ d/printer/ cpe:/h:oki:data_$2/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?MIME-Version: [\d.]+\r\nServer: JC-HTTPD/([\d.]+)\r\n.*<TITLE>(IB-[-+\w]+)</TITLE>|s p/Kyocera $2 printer http config/ i/JC-HTTPD $1/ d/printer/ cpe:/h:kyocera:$2/a
match http m|^HTTP/1\.1 200 OK\r\nMIME-Version: 1\.0\r\nServer: JC-HTTPD/([\w._-]+)\r\n.*<title>Network USB Hub</title>|s p/JC-HTTPD/ v/$1/ i/Belkin Network USB Hub http config/
match http m|^HTTP/1\.1 200 OK\r\nMIME-Version: 1\.0\r\nServer: JC-HTTPD/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Content-Length: 748\r\n.*\r\n<frame name=topframe noresize scrolling=no src=\"\./top\.htm\">\r\n<frame name=main src=\"\./eng/start/start\.htm\">\r\n|s p/JC-HTTPD/ v/$1/ i/Kyocera FS-1030D printer http config/ d/printer/ cpe:/h:kyocera:fs-1030d/a
match http m|^HTTP/1\.1 200 OK\r\nMIME-Version: 1\.0\r\nServer: JC-HTTPD/([\d.]+)\r\n.*<title>Imagistics\w+ - TOP PAGE -</title>|s p/JC-HTTPD/ v/$1/ i/Sharp Imagistics printer http config/ d/printer/
match http m|^HTTP/1\.1 200 OK\r\nMIME-Version: 1\.0\r\nServer: JC-HTTPD/([\d.]+)\r\n.*<title>Sharp(AR-\w+) - TOP PAGE -</title>|s p/JC-HTTPD/ v/$1/ i/Sharp $2 network card http config/ d/printer/
match http m|^HTTP/1\.1 404 Not Found\r\nMIME-Version: 1\.0\r\nServer: JC-HTTPD/([\d.]+)\r\nConnection: close\r\nContent-Type: text/html;\r\nContent-Length: 306\r\nAccept-Ranges: none\r\n\r\n<HTML>\r\n<HEAD><META HTTP-EQUIV=\"content-type\" CONTENT=\"text/html; charset=x-sjis\">\r\n<TITLE>HTTP 1\.0/404</TITLE>\r\n|s p/JC-HTTPD/ v/$1/ i/Sharp AR-M550N printer http config/ d/printer/ cpe:/h:sharp:ar-m550n/a
# Sharp, Ricoh
match http m|^HTTP/1\.1 \d\d\d .*\r\nMIME-Version: 1\.0\r\nServer: JC(-S?)HTTPD/([\d.]+)\r\n| p/JC$1HTTPD/ v/$2/ d/printer/
match http m|^HTTP/1\.1 200 OK\r\nMIME-Version: 1\.0\r\nServer: JC-HTTPD/([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nAccept-Ranges: none\r\n\r\n<html>\r\n<head>\r\n<title>(SX-\w+)</title>\r\n| p/JC-HTTPD/ v/$1/ i/Silex $2 USB bridge http config/ d/bridge/ cpe:/h:silex:$2/
match http m|^HTTP/1\.1 200 OK\r\nMIME-Version: 1\.0\r\nServer: JC-HTTPD/([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html;charset=x-sjis\r\nContent-Length: \d+\r\nAccept-Ranges: none\r\n\r\n<HTML><HEAD><TITLE>([\w._-]+/[\w._-]+) HomePage</TITLE>.*<NOFRAMES>This page is only for InternetExplorer3\.0\(or later\) and NetScape Navigator3\.0\(or later\)\.</NOFRAMES>|s p/JC-HTTPD/ v/$1/ i/Star Micronics TSP700 printer/ d/printer/ h/$2/ cpe:/h:starmicronics:tsp700/a

match http m|^HTTP/1\.0 (?:[^\r\n]*\r\n(?!\r\n))*?Date: .*<html>\n<head>\n<title> Sun Java\(tm\) System Messenger Express </title>|s p/Sun Java System Messenger Express httpd/ cpe:/a:sun:java_system_messenger_express/
match http m|^HTTP/1\.0 (?:[^\r\n]+\r\n)+?\r\n<html>\n<head>\n<title>Login : Messenger Express</title>\n<script>\n|s p/Netscape Messenger Express httpd/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*<title>Sun Java\[tm\] System Calendar Express (\d+) ([\w]+)</title>|s p/Sun Java System Calendar Express $1 httpd/ v/$2/ cpe:/a:sun:java_system_calendar_server:$2/
match http m|^HTTP/1\.0 200 OK\n\n<title>.* NDT server</title>\n| p/NDT httpd/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: GeoHttpServer\r\n| p/GeoVision GeoHttpServer for webcams/ d/webcam/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: ATR/([\d.]+)\r\nWWW-Authenticate: Basic realm=\"ATI Switch\"\r\n| p/ATR httpd/ v/$1/ i/Allied Telesyn Rapier switch http config/ d/switch/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: ATR-HTTP-Server/([\d.]+)\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"Allied Telesyn Rapier (\w+)\"\r\n| p/ATR httpd/ v/$1/ i/Allied Telesyn Rapier $2 switch http config/ d/switch/ cpe:/h:alliedtelesyn:rapier_$2/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: UPS_Server/([\d.]+)\r\n.*\r\n<TITLE>ConnectUPS Web/SNMP Card</TITLE>|s p/UPS_Server httpd/ v/$1/ i|Powerware ConnectUPS WEB/SNMP Card http config| d/power-device/
match http m|^HTTP/1\.0 401 ;unauthorized\r\nServer: UPS_Server/([\w._-]+)\r\nContent-Type: text/html\r\nConnection: Close\r\nSet-Cookie: ups=\d+\r\nWWW-Authenticate: Basic realm=\"UPS Web Card\"\r\n| p/UPS_Server httpd/ v/$1/ i/Eaton 9355 UPS http config/ d/power-misc/
match http m|^HTTP/1\.0 200 ;OK\r\nServer: UPS_Server/([\w._-]+)\r\nContent-Type: text/html\r\nConnection: Close\r\n\r\n<html>\n<head>\n<title>UPS Properties</title>\n| p/MGE UPS_Server httpd/ v/$1/ d/power-device/
match http m|^HTTP/1\.0 200 ;OK\r\nServer: UPS_Server/([\w._-]+)\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nExpires: Thu, 26 Oct 1995 00:00:00 GMT\r\nConnection: Close\r\n\r\n<html>\n<head>\n<title>UPS Properties</title>\n| p/APC UPS_Server httpd/ v/$1/ i/APC 66074 network management card/ d/power-device/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: PortWise mVPN \(www\.portwise\.com\)\r\n|s p/PortWise mVPN httpd/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: WYM/([\d.]+)\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Camera Server\"\r\n| p/WYM httpd/ v/$1/ i/IP-Video embedded camera http config/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\r\n\r\n<head>\r\n<title>Mercury HTTP Services</title>\r\n| p|Mercury/32 httpd| o/Windows/ cpe:/o:microsoft:windows/a
# Wow! Temperature of the device! The Java version seems to be incorrect, though, so I'm excluding it
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Java/[\d.]+\r\nContent-type: text/html\r\nContent-length: \d+\r\n\r\n.*<TITLE>TINIWebServer</TITLE>.*Current temperature ([\d.]+) F<BR>|s p/TINIWebServer Java httpd/ i/Device temperature $1F/ o/TiniOS/ cpe:/o:systronix:tinios/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .*\nThe requested URL '' was not found on the Divar\.<p>\nReturn to|s p/Bosch Divar closed circuit camera http config/ d/webcam/
match http m|^HTTP/1\.0 501 Unsupported method \('GET'\)\r\nServer: BaseHTTP/([\d.]+) Python/([\w.]+)\r\n| p/BaseHTTPServer/ v/$1/ i/Python $2/ cpe:/a:python:basehttpserver:$1/a cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Cable Modem\"\r\nContent-length: \d+\r\nContent-type: text/html\r\nConnect: Keep-Alive\r\n\r\n<html>\r\n<head><title>401 Unauthorized</title></head>\r\n<body><h1>401 Unauthorized</h1>\r\n<p>Access to this resource is denied; your client has not supplied the correct authentication\.</p></body>\r\n</html>\r\n| p|Coresma/Belkin Cable Modem httpd| d/router/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"NETGEAR (WGR\w+)\"\r\nContent-type: text/html\r\n\r\n<html>\r\n<head><title>401 Unauthorized</title></head>\r\n<body><h1>401 Unauthorized</h1>\r\n<p>Access to this resource is denied; your client has not supplied the correct authentication\.</p></body>\r\n</html>\r\n$| p/Netgear $1 WAP http config/ d/WAP/ cpe:/h:netgear:$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R([\d_]+)\r\n.*<!-- Begin Hiding\n         netscapeVersion =|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP Deskjet 5800 http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:deskjet_5800/a
match http m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R([\d_]+)\r\n.*\n\n<title></title>\n\n\n\n\n<script language=\"JavaScript1\.1\">\n<!-- Begin Hiding\n netscapeVersion =|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i|HP PhotoSmart/Deskjet printer http config| d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 200 OK\r\nServer: Sun_Ray_Admin_Server/([\d.]+)\r\n| p/SunRay http config/ v/$1/ o/Solaris/ cpe:/a:sun:ray_server_software/ cpe:/o:sun:sunos/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: WatchGuard Firewall\r\nwww-authenticate: Digest realm=\"WatchGuard SOHO (.+) Configuration\"| p/WatchGuard SOHO $1 http config/ d/firewall/ cpe:/h:watchguard:soho_$1/a
match http m|^HTTP/1\.1 200 OK\r\nServer: WindWeb/([\d.]+)\r\nConnection: close\r\n.*\r\n<title>Cisco Web Accessible Phone Settings</title>\r\n|s p/WindWeb/ v/$1/ i/Cisco 7935 IP Phone Conference Station http config/ d/VoIP phone/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"NETGEAR (D\w+)\"\r\n| p/Netgear $1 router http config/ d/router/ cpe:/h:netgear:$1/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"NETGEAR (DG[-\w+]+) \"| p/Netgear $1 router http config/ d/router/ cpe:/h:netgear:$1/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"NETGEAR DG\w+  \"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n<head>\n\n<meta name=\"description\" content=\"DG(\w+) FR \d+\">\n| p/Netgear DG$1 FR WAP http config/ i/French/ d/WAP/ cpe:/h:netgear:dg$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"NETGEAR (\w+) *\"\r\n| p/Netgear $1 router http config/ d/broadband router/ cpe:/h:netgear:$1/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"NETGEAR (\w+) ADSL2\+ Modem\"\r\n| p/Netgear $1 ADSL router http config/ d/broadband router/ cpe:/h:netgear:$1/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: NetPort Software ([\d.]+)\r\n.*<TITLE>Connection Information</TITLE><!-- Copyright\(C\) \d+ Efficient Ne..orks -->|s p/NetPort httpd/ v/$1/ i/Efficient Networks Speedstream DSL router http config/ d/router/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: NetPort Software ([\d.]+)\r\n| p/NetPort httpd/ v/$1/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html\r\nDate: .*\r\nContent-Length: \d+\r\nVia: [\d.]+ Application and Content Networking System Software ([\d.]+)\r\n| p/Cisco ACNS http cache/ v/$1/ o/IOS/ cpe:/a:cisco:application_and_content_networking_system_software:$1/ cpe:/o:cisco:ios/a
match http m|^HTTP/1\.0 \d\d\d .*<a href=\"http://www\.cisco\.com/\">Application and Content Networking (?:System )?Software ([\d.]+)</a>\)\n</BODY></HTML>\n|s p/Cisco ACNS httpd/ v/$1/ o/IOS/ cpe:/a:cisco:application_and_content_networking_system_software:$1/ cpe:/o:cisco:ios/a
match http m|^HTTP/1\.0 \d\d\d .*<title>VLC media player</title>\n|s p/VLC media player http interface/ cpe:/a:videolan:vlc_media_player/
match http m|^HTTP/1\.0 \d\d\d .*<a href=\"http://www\.videolan\.org/\">VLC media player ([\d.]+)[^<]+</a> \(http interface\)</h2>\n|s p/VLC media player http interface/ v/$1/ cpe:/a:videolan:vlc_media_player:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nContent-Type: text/html\r\nDate: .*\r\nLast-Modified: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"WebAdmin\"\r\n\r\n<HTML>\n<HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\" TEXT=\"#000000\" LINK=\"#2020ff\" VLINK=\"#4040cc\">\n| p/ActionTec DSL http config/ d/broadband router/
match http m|^HTTP/1\.0 302 Document Follows\r\nLocation: https?:///private/welcome\.ssi\r\nConnection: close\r\n\r\n$| p|BladeCenter/IBM RSA2 http config| d/remote management/
match http m|^HTTP/1\.0 200 OK\r\nServer: \r\nContent-Type: text/html; charset=iso-8859-1\r\nDate:.*//inserted by Edward on 2004/01/07 for user pressing \"Enter\" to login if \"Username\" and \"Password\" are right|s p/D-Link DSL router http config/ d/router/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: OmniHTTPd/([\d.]+)\r\n|s p/OmniHTTPd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: OmniSecure/([\w.]+)\r\n|s p/OmniSecure httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\n\r\n<HTML><HEAD><META HTTP-EQUIV=\"refresh\" CONTENT=\"0;URL=/bluedragon/nonadmin\.cfm\"></HEAD></HTML>\n\n| p/Blue Dragon Built-in httpd/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: MirandaWeb/([\d.]+)\r\n|s p/MirandaWeb http plugin for Miranda-IM/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n.*<title>OfficeConnect Wireless 11g Cable/DSL Gateway</title>\n|s p/3Com OfficeConnect wireless router http config/ d/router/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n.*<title>OfficeConnect 11Mbps Wireless Access Point</title>\n|s p/3Com OfficeConnect wireless access point http config/ d/router/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Mirapoint/([-\w_.]+)\r\n| p/Mirapoint email appliance http interface/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*<title>Network Storage Link for USB 2\.0 Disks</title>\r\n\r\n|s p/Linksys NSLU2 http config/ d/storage-misc/ cpe:/h:linksys:nslu2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Unknown\r\n.*<title>NetEnforcer Manager</title>|s p/Allot NetEnforcer bandwidth management http config/ d/load balancer/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: \r\nContent-Type: text/html; charset=iso-8859-1\r\n.*<meta name=\"description\" content=\"(DG\d+)\">\r\n<title>NetGear Gateway Setup</title>|s p/Netgear $1 router http config/ d/router/ cpe:/h:netgear:$1/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: LabVIEW/([\d.]+)\r\n| p/National Instruments LabVIEW integrated httpd/ v/$1/ d/specialized/ cpe:/a:ni:labview:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: [\d.]+/[\d.]+\r\n.*<link rel=\"stylesheet\" href=\"\.\./www/neronet\.css\" type=\"text/css\">|s p/NeroNET Nero Burning ROM http plugin/ cpe:/a:nero:neronet/
match http m|^HTTP/1\.1 302 Found\r\nLocation: http://www\.cfauth\.com/\?cfru[\w=]+\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n| p/CacheFlow http cache/ o/CacheOS/ cpe:/o:bluecoat:cacheos/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: Groove-Relay/([\d.]+)\r\n| p/Groove-Relay http service/ v/$1/ cpe:/a:microsoft:groove_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Askey Software ([\d.]+)\r\nDate: .*\r\nContent-type: text/html\r\n\r\n<html>\r\n\r\n<head>\r\n<title>Cable Modem Web Page</title>\r\n<meta name=\"GENERATOR\" content=\"Microsoft FrontPage 4\.0\">\r\n| p/Askey httpd/ v/$1/ i/Motorola VoIP adapter http config/ d/VoIP adapter/
match http m|^HTTP/1\.0 200 OK\r\nServer: Askey/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\n\r\n.*<b>This \r\n        website is blocked by the URL filter of Wireless Router\. Please browse to another \r\n        site or go back\.</b>|s p/Askey httpd/ v/$1/ i/Siemens Gigaset SE505 WAP http config/ d/WAP/ cpe:/h:siemens:gigaset_se505/a

match http m|^HTTP/1\.0 404 File Not Found\r\nContent-Type: text/html\r\n\r\n<b>The source you requested could not be found\.</b>\r\n$| p/Icecast http statistics plugin/ cpe:/a:xiph:icecast/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n.*<title>Icecast Streaming Media Server</title>\n|s p/Icecast http statistics plugin/ cpe:/a:xiph:icecast/
match http m|^HTTP/1\.0 200 OK\r\n.*title>Security</title>.*font size=4 face=Arial>This unit is password protected</font></p><p align=center><font size=3 face=Arial>Please enter the correct password  to access the web pages</font>|s p|VoIP/POTS gateway http config| d/VoIP adapter/

match http m|^HTTP/1\.0 \d\d\d .*<title>CiscoSecure ACS Login</title>|s p/Cisco Secure ACS login/ o/IOS/ cpe:/a:cisco:secure_access_control_server/ cpe:/o:cisco:ios/a
match http m|^HTTP/1\.0 \d\d\d .*<title>CiscoSecure ACS Trial Login</title>\r\n|s p/Cisco Secure ACS login/ i/Trial version/ o/IOS/ cpe:/a:cisco:secure_access_control_server/ cpe:/o:cisco:ios/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: httpd\r\n.*<title>Motorola HomeNet Product </title>|s p/Motorola broadband router http config/ d/broadband router/
match http m|^HTTP/1\.0 200 OK\nServer: Olicom/v([\d.]+)\nExpires: .*\nContent-Length: \d+\n\n<html>\r\n\r\n<head>\r\n<title>(CF\w+) Olicom Fast Ethernet L3 Switch \([\d.]+\)</title>| p/Olicom httpd/ v/$1/ i/Olicom $2 switch http config/ d/switch/ cpe:/h:olicom:$2/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n<html><head>\n<title>\n  Authentication Form \n</title> \n</head> \n \n<BODY BGCOLOR=\"#000000\" TEXT=\"#00FF00\"> \n\n<p> \n<h3 align=left><font face=\"arial,helvetica\">Client Authentication Remote \nService</font></h3>| p/Check Point firewall client authentication httpd/ d/firewall/
match http m|^HTTP/1\.[01] 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: CPWS/([^\s]+).*content=\"WEBUI LOGIN PAGE\" /><TITLE>Gaia</TITLE>.*var version='([\d\w.]+)';var formAction|s p/Check Point firewall SmartPortal/ v/$2/ i/CPWS $1/ d/firewall/
match http m|^HTTP/1\.0 500 Internal Server Error\r\nCONTENT-LENGTH: 42\r\n\r\nYour request cannot be properly processed\.$| p/DVR 2400 Security Camera web interface/ d/webcam/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: IBM-HTTP-Server/([\d.]+)\r\n| p/IBM httpd/ v/$1/ cpe:/a:ibm:http_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Agranat-EmWeb/R([\d_]+)\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nETag: \"[^"]+\"\r\n.*<FRAME NAME=\"logon\" SRC=\"logon\.html\" SCROLLING=\"auto\">\n</FRAMESET>\n<BODY BGCOLOR=\"#FFFFFF\">\n</BODY>\n</HTML>\n|s p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Nortel BayStack switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: WebSnmp Server Httpd/([\d.]+)\r\n| p/Apache WebSnmp module/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\nContent-type: text/html\n.*<frame src=\"PrintServer\.htm\" name=\"PrintServer\" scrolling=\"auto\">.*<a href=\"PrintServer\.htm\">Enter PrintServer utilities</font>|s p|Gembird/Hawking/Netgear print server http config| d/print server/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"ADSL Router \(ANNEX A\)\"\r\n.*System Authentication Failed\.|s p/TRENDnet DSL router http config/ d/router/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Plan9\r\n|s p/Plan 9 httpd/ o/Plan 9/ cpe:/o:belllabs:plan_9/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: IceWarp WebSrv/([\d.]+)\r\n| p/IceWarp webmail httpd/ v/$1/ cpe:/a:icewarp:webmail:$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: IceWarp/([\d.]+)\r\n| p/IceWarp webmail httpd/ v/$1/ cpe:/a:icewarp:webmail:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nServer: WindWeb/([\d.]+)\r\nDate: .*\r\nContent-Type: \r\n\r\n<html>\n<head>\n<title>DW([\d]+) System Control Center</title>| p/WindWeb/ v/$1/ i/Hughes DirecWay $2 satellite router http config/ d/router/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.1 \d\d\d .*\nDate: .*\nServer: BBIagent\.Net/([\d.]+) Powered by HKSP\.COM\n| p/BBIagent.Net httpd/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 Ok\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nExpires: 0\r\nSet-Cookie: hpRibSession=;| p/HP Remote Lights-Out Edition II http config/ d/remote management/ cpe:/h:hp:integrated_lights-out/
match http m|^HTTP/1\.1 200 Ok\r\n.*Copyright 2001,2003 Hewlett-Packard Development Company.*<title>\r\nData Frame - Browser not HTTP 1\.1 compatible\r\n</title>|s p/HP Remote Lights-Out http config/ d/remote management/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/ ([\d.]+)\r\n\r\n<HTML><HEAD>\n<script Language=\"JavaScript\">\nfunction login\(\)\n{\ntop\.location = \"/alogin\.htm\"\n}\nfunction delay\(\)|s p/Allegro RomPager/ v/$1/ i/APC Masterswitch power controller http admin/ d/power-device/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"Masterswitch\"\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n| p/Allegro RomPager/ v/$1/ i/APC Masterswitch power controller http admin/ d/power-device/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.[01] 403 Forbidden\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/ *([\w._-]+)\r\n.*<H1>Notice</H1>\nSomeone is currently logged into the APC Management Web Server\.<p>|s p/Allegro RomPager/ v/$1/ i/APC Masterswitch power controller http admin; server busy/ d/power-device/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: BASIC realm=\"Administrator or User\"\r\n\r\nPassword Error\. \r\n\r\n$| p/D-Link web camera http config/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d .*\nContent-Length: \d+\n.*<B>Cable Modem Description :</B>.*<P>ZyXEL Prestige (\w+), HW V([\d.]+), SW ZyNOS V([\d.]+)\(|s p/ZyXEL Prestige $1 router http config/ i/HW version $2; ZyNOS $3/ d/broadband router/ o/ZyNOS/ cpe:/h:zyxel:prestige_$1/a cpe:/o:zyxel:zynos/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: micro_httpd\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"ZyXEL\"\r\n| p/micro_httpd/ i/ZyXEL Cable Modem http config/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(FVL[\w+]+)\"\r\nContent-type: text/html\r\n\r\n401 Unauthorized| p/Netgear $1 router http config/ d/router/ cpe:/h:netgear:$1/a

match http m|^HTTP/1\.0 200 Ok\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML><FRAMESET COLS=\"23%,\*\"><FRAME NAME=\"side\" SRC=\"MENUNET\.htm\"><FRAME NAME=\"middle\" SRC=\"HOME\.htm\"></FRAMESET><NOFRAMES>Your Browser must support frames to view this page\.</NOFRAMES></HTML>$| p/OkiLan 6020e print server http config/ d/print server/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Web-Server/([\d.]+)\r\nContent-Type: text/html; charset=UTF-8\r\n.*<title>Web Image Monitor</title>\n|s p/Web-Server httpd/ v/$1/ i/Ricoh Aficio printer web image monitor/ d/printer/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Web-Server/([\d.]+)\r\nContent-Type: text/html; charset=UTF-8\r\n.*<title>websys default page</title>\n|s p/Web-Server httpd/ v/$1/ i/Ricoh Aficio printer web image monitor/ d/printer/
match http m|^HTTP/1\.0 \d\d\d .*\r\nSet-Cookie: ssnid=[^;]+; path=/;\r\nContent-Type: text/html; charset=[Uu][Tt][Ff]-8\r\nWWW-Authenticate: Basic realm=\"sapbc\"\r\n| p/SAP Business Connector/ cpe:/a:sap:business_connector/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Type: text/html\r\n.*<!-- Copyright \(c\) \d+-\d+, Fuji Xerox Co\., Ltd\. All Rights Reserved\. -->\r\n.*<TITLE>\r\nDocuColor (\d+) - [\d.]+\r\n</TITLE>|s p/Xerox DocuColor $1 printer http config/ d/printer/ cpe:/h:xerox:docucolor_$1/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nContent-Type: text/html\r\nDate: .*\r\nAllow: GET, HEAD\r\nServer: Spyglass_MicroServer/([-\w_.]+)\r\n\r\n<html>\n\n<head>\n\n<title>  PhaserLink Printer Management Software  </title>| p/Spyglass_MicroServer/ v/$1/ i/Tektronix PhaserLink printer http config/ d/printer/
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html\r\n\r\n<HTML><TITLE>Lexmark Optra ([^<]+)</TITLE>| p/Lexmark Optra $1 printer http config/ d/printer/ cpe:/h:lexmark:optra_$1/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Rapid Logic/([\d.]+)\r\n.*<!-- Copyright &#copy; \d+-\d+ Hewlett Packard Company\. All rights reserved\. -->\r\n.*<title>hp business inkjet ([^<]+)</title>|s p/RapidLogic httpd/ v/$1/ i/HP Business Inkjet $2 printer http config/ d/printer/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:hp:business_inkjet_$2/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: OpenLink-Web-Configurator/([\d.]+)\r\n| p/OpenLink http config/ v/$1/
match http m|^HTTP/1\.0 401 Unauthorized\nServer: wr_httpd/([\d.]+) .*\nWWW-Authenticate: Basic realm=\"WebRamp \(use wradmin as the User Name\)\"\n| p/wr_httpd/ v/$1/ i/Webramp router http config/ d/router/
match http m|^HTTP/1\.1 \d\d\d .*{FONT: bold 10pt Arial,Helvetica,sans-serif; COLOR: white;}.*{FONT: 10pt Arial,Helvetica,sans-serif; COLOR: black; BORDER: Medium White None; border-collapse: collapse}.*{\tCOLOR: #b5b5e6}.*{COLOR: #b5b5e6}.*src=Gozila\.js>|s p/Linksys BEFW11S4 router http config/ d/router/ cpe:/h:linksys:befw11s4/a
match http m|^<html>\n<title>(DGS-\w+) *(?:Login)?</title>\n| p/D-Link $1 Gigabit switch http config/ d/switch/ cpe:/h:dlink:$1/
match http m|^HTTP/1\.1 401 Authorized Required\r\nWWW-Authenticate: Basic realm=\"Linksys WML(\w+)\"\r\n| p/Linksys WML$1 media device http config/ d/media device/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CERN/([-\w.]+)\r\n|s p/CERN httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\n<TITLE>KONICA MINOLTA PageScope Light for (Di\d+)</TITLE>\r\n|s p/Konica Minolta Di$1 printer http config/ i/PageScope Light/ d/printer/
match http m|^HTTP/1\.1 \d\d\d .*\r\n<title>KONICA MINOLTA PageScope Web Connection</title>\r\n|s p/Konica Minolta PageScope Web Connection/ d/printer/
match http m|^HTTP/1\.1 \d\d\d .*\r\n<TITLE>KONICA MINOLTA PageScope Web Connection for (\w+)</TITLE>\r\n|s p/Konica Minolta $1 printer http config/ i/PageScope Web Connection/ d/printer/ cpe:/h:konicaminolta:$1/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: Embperl/([\w.]+) Apache/([\w.]+) \(Fedora\)\r\n| p/Apache httpd/ v/$2/ i/Embperl $1; Fedora/ o/Linux/ cpe:/a:apache:http_server:$2/ cpe:/a:ecos:embperl:$1/ cpe:/o:fedoraproject:fedora/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: Embperl/([\w.]+) Apache/([\w.]+) \(Debian GNU/Linux\) (.*)\r\n| p/Apache httpd/ v/$2/ i/Embperl $1; Debian; $3/ o/Linux/ cpe:/a:apache:http_server:$2/ cpe:/a:ecos:embperl:$1/ cpe:/o:debian:debian_linux:$3/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: Embperl/([\w.]+) Apache/([\w.]+) \(Debian GNU/Linux\)\r\n| p/Apache httpd/ v/$2/ i/Embperl $1; Debian/ o/Linux/ cpe:/a:apache:http_server:$2/ cpe:/a:ecos:embperl:$1/ cpe:/o:debian:debian_linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: SiteScope/([\d.]+) .*\r\n| p/Mercury SiteScope Application Managment httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: \r\nDate: .*\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\">\n<html>\n<head>\n<title>OSBRiDGE (\w+) Login Page</title>\n|s p/OSBRiDGE $1 router http config/ d/router/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: SilverStream Server/([\d.]+)\r\n\r\n|s p/SilverStream Application Server httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*<title>Welcome to Squeezebox</title>|s p/Slim Devices Squeezebox http config/ d/media device/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: PicoWebServer\r\n| p/Newmad PicoWebServer/ d/PDA/ o/Windows CE/ cpe:/o:microsoft:windows_ce/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: tivo-httpd-1:([^\r\n]+)\r\n| p/TiVo To Go httpd/ v/$1/ d/media device/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Dahlia/([\d.]+) \([^)]+\)\r\n.*<title>Sony Library Administration Menu</title>\r\n|s p/Dahlia httpd/ v/$1/ i/Sony Storestation http interface/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\n.*<th width=\"50%\">TivoWebPlus Project - v([\d.]+)&nbsp;</th>|s p/TiveWebPlus Project httpd/ v/$1/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\n.*<TITLE>Main Menu \[[\w._-]+\]</TITLE>.*<A title=\"Return to Main Menu\" HREF=\"/\">TivoWebPlus</A>|s p/TiveWebPlus Project httpd/ d/media device/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WEBrick/([\d.]+) \(Ruby/([\d.]+)/([-\d]+)\)\r\n|s p/WEBrick httpd/ v/$1/ i/Ruby $2 ($3)/ cpe:/a:ruby-lang:ruby:$2/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WEBrick/([\d.]+) \(Ruby/([\d.]+)/([-\d]+)\) OpenSSL/([-\w_.]+)\r\n|s p/WEBrick httpd/ v/$1/ i/Ruby $2 ($3); OpenSSL $4/ cpe:/a:openssl:openssl:$4/ cpe:/a:ruby-lang:ruby:$2/
match http m|^HTTP/1\.0 \d\d\d .*<title>FRITZ!Box|s p/FRITZ!Box http config/ d/broadband router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>404 Not Found \(ERR_NOT_FOUND\)</TITLE></HEAD><BODY><H1>404 Not Found</H1><BR>ERR_NOT_FOUND<HR><B>AR7 Webserver</B>| p/FRITZ!Box router http config/ i/TI AR7 chip/ d/router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: WebCam2000/([\d.]+) \(Windows; http://www\.webcam2000\.info/\)\r\n| p/WebCam2000 httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 401 Login failed!\r\nServer: micro_httpd\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"WRT54GXv2\"\r\n| p/micro_httpd/ i/Linksys WRT54GXv2 http config/ d/broadband router/ cpe:/a:acme:micro_httpd/ cpe:/h:linksys:wrt54gxv2/a
match http m|^HTTP/1\.0 \d\d\d(?:[^\r\n]+\r\n)*?\r\n<HTML>\n<HEAD><TITLE>OpenWrt</TITLE>|s p/OpenWrt BusyBox httpd/ d/WAP/ o/Linux/ cpe:/a:busybox:busybox/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 \d\d\d .*\n\t\t<title>OpenWrt Administrative Console</title>|s p/OpenWrt BusyBox httpd/ d/WAP/ o/Linux/ cpe:/a:busybox:busybox/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 \d\d\d .*<meta http-equiv=\"refresh\" content=\"0; URL=/?cgi-bin/webif[\w/.]+sh\" />\n|s p/OpenWrt BusyBox httpd/ d/WAP/ o/Linux/ cpe:/a:busybox:busybox/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"OpenWrt\"\r\n\r\n|s p/Linksys WRT OpenWrt http config/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"WRT54GS\"\r\n|s p/Linksys WRT54GS WAP http config/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"[Tt]omato\"\r\n|s p/Linksys WRT54G WAP http config/ i/Tomato firmware/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"WRT(\w+)\"\r\n|s p/Tomato WAP firmware httpd/ i/Linksys WRT$1 WAP/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nContent-Type: text/html; charset=utf-8\r\nCache-Control: no-cache, no-store, must-revalidate, private\r\nExpires: Thu, 31 Dec 1970 00:00:00 GMT\r\nPragma: no-cache\r\nWWW-Authenticate: Basic realm=\"[^"]*\"\r\nConnection: close\r\n\r\n<html><head><title>Error</title></head><body><h2>401 Unauthorized</h2> Unauthorized</body></html>$| p/Tomato WAP firmware httpd/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Linksys WAG(\w+) ?\"\r\n|s p/Linksys WAG$1 WAP http config/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Linksys WRT(\w+)\"\r\n|s p/Linksys WRT$1 WAP http config/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 \d\d\d .*var path='http://www\.axis\.com/cgi-bin/prodhelp\?prod=axis_(\d+)&ver=([\d.]+)|s p/AXIS $1 print server http config/ v/$2/ cpe:/h:axis:$1/a
match http m|^HTTP/1\.0 200 OK\r\nHTTP/1\.0 200 OK\r\nServer: ap\r\n.*<title>NetGear Remote Bridge Setup</title>|s p/Netgear ethernet Bridge http config/ d/bridge/

match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\n.*<TITLE>optiPoint ([\w .]+) Home Page</TITLE>|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Siemens optiPoint $2 VoIP phone http config/ d/VoIP phone/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:siemens:optipoint_$2/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\n.*<TITLE>optiPoint(\d+)Entry Home Page</TITLE>|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Siemens optiPoint $2 entry http config/ d/VoIP phone/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\n.*<TITLE>optiPoint(\d+)Standard Home Page</TITLE>|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Siemens optiPoint $2 standard http config/ d/VoIP phone/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\n.*<TITLE>optiPoint(\d+)Advance Home Page</TITLE>|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Siemens optiPoint $2 advance http config/ d/VoIP phone/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a

match http m|^HTTP/\d\.\d \d\d\d .*\r\nServer: Mathopd/([\w.]+)\r\n| p/Mathopd httpd/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: ml_www/(.*)\r\n| p/ml_www WinAmp control httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 302 Redirect\r\nServer: GoAhead-Webs\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://Netlinx/WebControl\.asp\r\n\r\n| p/GoAhead WebServer/ i|AMX NetLinx A/V control| d/media device/ cpe:/a:goahead:goahead_webserver/ cpe:/o:harman:amx_firmware/
match http m|^HTTP/1\.0 200 OK \r\nCache-Control: max-age=60\r\nContent-type: text/html; charset=ISO-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Frameset//EN\" >\r\n<HTML>\r\n    <HEAD><TITLE>SandvallsangFSK: (\w+)</TITLE>| p/Kirk $1 VoIP gateway http config/ d/VoIP adapter/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nPragma: no-cache\r\n.*<title>POPFile Control Center</title>\n|s p/POPFile http control center/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n(?:[^\r\n]+\r\n)*?Pragma: no-cache\r\n.*<title>POPFile Control Center</title>\r\n|s p/POPFile http control center/ v/1.1.1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: fhttpd/([\d.]+)\r\n| p/fhttpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nCache-Control: no-cache\r\n\r\n<html>\r\n<head><meta charset=\"utf-8\">\r\n<title> Home </title>\r\n<script language=\"JavaScript\">\r\n<!--\r\n// the start of Cookie related function\r\nfunction getCookieVal \(offset\) {  \r\n| p/Samsung ML-2251N printer http config/ d/printer/ cpe:/h:samsung:ml-2251n/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"Siemens Web User Interface\"\r\n\r\n401 Unauthorized\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Siemens router http config/ d/router/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\" /\"\r\nContent-type: text/html\r\nContent-length: 0\r\n\r\n$| p|Casi-Rusco camera/Bestelco VoIP phone http config|
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: MyServer ([-\w.]+)\r\n|s p/MyServer httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Quantum Corporation\./([\d.]+)\r\n| p/Quantum backup appliance http config/ v/$1/ d/storage-misc/
match http m|^<html><head><title>ServiceRegistry</title><META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\"></head><basefont size=\"2\" face=\"Arial\" color=\"Black\">.*<br><h1><i>ServiceRegistry</i></h1>\r\nAvailable commands:\r\n<ul>| p/HP SAN Manager ServiceRegistry httpd/
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"HP ISEE @| p/HP ISEE httpd/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Simple java\r\n.*<title>hp OpenView storage area manager - GUI download</title>|s p/Simple java httpd/ i/HP OpenView Storage Area Manager http config/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Micro-Web\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<TITLE> HP StorageWorks MSL Tape Library Management Console </TITLE>\n| p/Micro-Web/ i/HP StorageWorks MSL Tape Library http config/ d/storage-misc/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: RapidLogic/([\d.]+)\r\n.*<HTML>\n<HEAD>\n<TITLE>Switch Explorer</TITLE>\n|s p/RapidLogic httpd/ v/$1/ i/Fabric switch http config/ d/switch/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Mono-XSP Server/([\d.]+) Unix\r\n| p/Mono-XSP .NET httpd/ v/$1/ o/Unix/ cpe:/a:mono:xsp:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: SimpleHTTP/([\d.]+) Python/([\d.]+)\r\n| p/Karrigell Python httpd/ i/SimpleHTTP $1; Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Cougar ([\d.]+)\r\n|s p/VideoLAN Server streaming media/ i/Cougar $1/
match http m|^HTTP/1\.0 404 Not found\r\n.*<title>Error 404</title>.*<a href=\"http://www\.videolan\.org\">VideoLAN</a>|s p/VideoLAN Server streaming media/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-type: text/html; charset=UTF-8\r\nCache-Control: no-cache\r\nContent-Length: \d+\r\n.* - - - - >\r?\n<  index\.html: VLC media player web interface\r?\n|s p/VLC media player http interface/ cpe:/a:videolan:vlc_media_player/
match http m|^HTTP/1\.0 \d\d\d .*<title>mikrotik routeros > administration</title>.*font-size: 9px\">mikrotik routeros ([\d.]+) administration|s p/MikroTik router http config/ i/RouterOS $1/ d/router/ cpe:/o:mikrotik:routeros:$1/
match http m|^HTTP/1\.0 \d\d\d .*<title>mikrotik routeros > administration</title>|s p/MikroTik router http config/ d/router/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: thttpd-alphanetworks/([\d.]+)\r\nContent-Type: text/html\r\nDate: .*\r\nLast-Modified: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Broadband Router\"\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD><BODY onLoad=javascript:document\.forms\[0\]\.submit\(\);>| p/thttpd-alphanetworks/ v/$1/ i/FiberLine router http config/ d/router/ cpe:/a:alphanetworks:thttpd:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: RMC Webserver ([\d.]+)\r\n.*<title>Remote Access Controller</title>|s p/Dell Remote Access Controller http interface/ v/$1/ d/remote management/ cpe:/h:dell:remote_access_card/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"PROJECTOR[3]?\" \r\nContent-Type: text/html\r\n\r\n<HTML><BODY><H2>HTTP Error 401 - Unauthorized</H2><HR></BODY></HTML>| p/Panasonic Video Projector http config/ d/media device/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Footprint ([\d.]+)/FPMCP\r\n| p/Sandpiper Footprint http load balancer/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: LogMeIn Web Gateway\r\n| p/LogMeIn remote access web gateway/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: ArGoSoft Mail Server Freeware, Version [\d.]+ \(([\d.]+)\)\r\n| p/ArGoSoft Mail Server Freeware httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\nServer: Fastream NETFile Web Server ([\d.]+)\r\n| p/Fastream httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 \(OK\) \r\nPragma: No-Cache\r\nCache-Control: no-cache\r\nDate: .*\r\nServer: HTTP Server\r\n.*Copyright \d+, \d+ Nortel Networks\.|s p/WindWeb/ i/Nortel Extranet switch http config/ d/switch/ cpe:/a:windriver:windweb/
match http m|^<html>\n<title>24-Port 10/100M Fast Ethernet Web Smart Switch</title>\n<frameset rows='60,\*'.*<frame name=main src=cgi_login noresize>\n|s p/TRENDnet SMART24B switch http config/ d/switch/ cpe:/h:trendnet:smart24b/a
match http m|^HTTP/1.0 403 Forbidden\r\nServer: SI3PHX1/([\d.]+)\r\n| p/Prolexic DDoS protected httpd/ i|SI3PHX1/$1|
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: WebServer ([\d.]+)\r\nLast-Modified: .*\r\nETag: \"[-\w]+\"\r\nAccept-Ranges: bytes\r\n| p/Cryptologic httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: WebServer/([\d.]+)\r\n.*<META http-equiv=\"Refresh\" content=\"0; Url=/trane/tsws/login\.htm\" >\n  <title>redirect</title>|s p/Trane Tracer Summit building control httpd/ v/$1/ d/remote management/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: HDS Hi-Track Server/([\d.]+)\r\n| p/Hi-Track httpd/ v/$1/ i/Hitachi Data System http config/ d/storage-misc/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: WebTrends HTTP Server ([\w.]+)\r\n| p/Webtrends httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: WebTrends HTTP Server \r\n| p/Webtrends httpd/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Desktop On-Call HTTPD V([\d.]+)\r\n| p/IBM Desktop On-Call httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: OCServer\r\nContent-Type: text/html\r\n\r\n\n\n<!-- WebConnect HTML -->| p/OCServer httpd/ i/WebConnect http service/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: ENI-Web/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"standard@3Com\"\r\n\r\n| p/ENI-Web httpd/ v/$1/ i/Speedstream DSL router http config/ d/router/
match http m|^HTTP/1\.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=180\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<META HTTP-EQUIV=\"EXPIRES\" CONTENT=\"0\">\n<meta http-equiv=\"Pragma\" Content=\"No-cache\">\n</head>\n<body>\n<center>\n<h3><BR>Sorry, the switch is already being managed\. Concurrent management is not allowed!\n</center>\n</body></html>\n\0| p/Compex switch http config/ d/switch/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: \r\n(?:[^\r\n]+\r\n)*?\r\n<HTML>\n<HEAD>\n<TITLE>Actiontec</TITLE>\n\n|s p/Actiontec DSL router http config/ d/router/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: JavaWebServer/([\d.]+) \r\nContent-Length: .*<HEAD>\n<TITLE>CentreVu Explorer II</TITLE>\n|s p/JavaWebServer/ v/$1/ i/Lucent CentreVu Explorer II http config/ d/telecom-misc/
match http m|^<!-- saved from url=\(\d+\)http://internet\.e-mail -->\n<html>\n\n<head>\n<title>HTML-Konfiguration</title>\n\n| p/micro_httpd/ i/Deutsche Telekom wireless router http config/ d/router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 \d\d\d .*\nWWW-Authenticate: Basic realm=\"Web Host Manager\"\nConnection: close\nServer: whostmgr/([\d.]+)\n| p/whostmgr httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: RMC Webserver ([\d.]+)\r\nLast-Modified: .*\r\nAllow: GET, HEAD\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>TopTools Remote Control</TITLE>\r\n| p/RMC httpd/ v/$1/ i/HP TopTools http control/
# HP OpenView ITO agent (probably version 7.25) on Windows, port 381
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?server: BBC (\d[-.\w]+); com\.hp\.openview\.Coda (\d[-.\w]+)\r\n\r\n|s p/BBC httpd/ v/$1/ i/HP OpenView ITO agent - Coda $2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?server: BBC (\d[-.\w]+); com\.hp\.openview\.bbc\.LLB[Ss]erver (\d[-.\w]+)\r\n\r\n|s p/BBC httpd/ v/$1/ i/HP OpenView ITO agent - LLB server $2/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Servertec-IWS/([\d.]+)\r\n| p/Servertec IWS Java httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: DirectUpdate/([\d.]+)\r\n| p/DirectUpdate dynamic IP updater/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CCS/Jigsaw/([\d.]+)\r\n|s p/Commerce One httpd/ i/Java Jigsaw $1/ cpe:/a:w3:jigsaw:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: VisiBroker/([\d.]+)\r\n\r\n|s p/Borland VisiBroker CORBA httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Compaq Insight Manager XE ([\d.]+)\r\n|s p/Compaq Insight Manager XE httpd/ v/$1/ cpe:/a:compaq:insight_manager_xe:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ISS-PXServer/([\d.]+)\r\n|s p/ISS-PXServer httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Jigsaw/([\w.-]+)\r\n|s p/Java Jigsaw httpd/ v/$1/ cpe:/a:w3:jigsaw:$1/
match http m|^Language received from client: .*\nSetlocale: .*\n| p/AIX Web-based System Manager/ o/AIX/ cpe:/o:ibm:aix/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nServer: gnump3d2 ([\d.]+) \([\d/]+\)\r\n| p/GNUMP3d streaming server/ v/$1/ cpe:/a:gnu:gnump3d:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: SpyBot([\d.]+)\r\n| p/SpyBot httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?\r\n<HTML>\n<HEAD><TITLE>NBX NetSet</TITLE>\n|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/3Com SuperStack 3 NBX switch http config/ d/switch/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: WWW-KODEKS/([\d.]+)\r\n| p/Knowledge On Demand httpd/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Ares ([\d.]+)\r\nConnection: Keep-Alive\r\n\r\n| p/Ares Galaxy P2P httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Paws/([\d.]+)\r\n.*<title>ParaSoft LicenseServer  ([\d.]+)</title>|s p/Paws/ v/$1/ i/ParaSoft LicenseServer $2/
match http m|^HTTP/1\.1 ERROR\r\nServer: Server: Paws/([^\r\n]+)\r\nDate: \d.*\r\nExpires: .*\r\nContent-type: text/html\r\nContent-length: 2\r\n\r\n\r\n$| p/Paws/ v/$1/ i/ParaSoft Concerto software development platform/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/plain\r\n\r\nNode: \d+\n| p/DSpy D2OL statistics httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nServer: WindWeb/([\d.]+)\r\nDate: .*\r\nContent-Type: text/html\r\n\r\n<HTML>\n<HEAD>\n<TITLE>Horizon Monitor  HTML</TITLE>\n| p/WindWeb/ v/$1/ i/Sun Tape Library http config/ d/storage-misc/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: monit ([\d.]+)\r\n| p/monit httpd/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Red Carpet Daemon/([\d.]+)\r\n\r\n| p/Red Carpet httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: CL-HTTP/([\d.]+) \(LispWorks; ([\d.]+)\)\r\n| p/CL-HTTPd/ v/$1/ i/LispWorks $2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: SAP-Internet-SapDb-Server/([\d.]+)\r\n| p/SAP Internet DB httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: JTALKServer\r\n| p/JTALKServer httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"HostMonitor's Web Service\"\r\n\r\n| p/HostMonitor Web Service/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: iSoft Commerce Suite Server\r\n| p/iSoft Commerce Suite httpd/
match http m|^HTTP/1\.1 \d\d\d .*\.\r\nServer: MS \.NET Remoting, MS \.NET CLR ([\d.]+)\r\n| p/MS .NET Remoting httpd/ i/.NET CLR $1/ o/Windows/ cpe:/a:microsoft:.net_framework:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: BSE ([\d.]+)\r\n| p/BSE httpd/ v/$1/ i/Pinnacle Showcenter http config/ d/media device/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: WebMail/([\d.]+)\r\nDate: .*\r\nContent-type: text/html\r\n\r\n<!-- top\.txt -->\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>WebMail Server</TITLE>\r\n| p/True North Soft WebMail httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 \r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>MX G2000 DEDICATED FILE SERVER</TITLE>| p/Murex G2000 file server httpd/
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nExpires: \d+\r\nCache-Control: no-cache\r\nServer: Indy/([\d.]+)\r\nLocation: /prtg\.htm\r\nSet-Cookie: PRTG4SESSION=| p/Indy httpd/ v/$1/ i/Paessler PRTG bandwidth monitor/ cpe:/a:indy:httpd:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nExpires: \d+\r\nCache-Control: no-cache\r\nServer: Indy/([\d.]+)\r\nLocation: /allsensors\.htm\r\n\r\n<HTML><BODY><B>301 Moved Permanently</B></BODY></HTML>\r\n| p/Indy httpd/ v/$1/ i/Paessler PRTG bandwidth monitor/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nExpires: \d+\r\nCache-Control: no-cache\r\nServer: Indy/([\d.]+)\r\nLocation: /sensorlist\.htm\r\n\r\n| p/Indy httpd/ v/$1/ i/Paessler PRTG bandwidth monitor/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Indy/([\d.]+)\r\nWWW-Authenticate: Basic realm=\"Please enter your login for PRTG(\d)\"\r\n|s p/Indy httpd/ v/$1/ i/Paessler PRTG SNMP $2 bandwidth monitor/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 301 Moved Permanently\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 56\r\nExpires: 0\r\nCache-Control: no-cache\r\nServer: Indy/([\w._-]+)\r\nLocation: /login\.htm\r\n\r\n<HTML><BODY><B>301 Moved Permanently</B></BODY></HTML>\r\n| p/Indy httpd/ v/$1/ i/Paessler PRTG bandwidth monitor/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: PRTG/([\w._-]+)\r\n|s p/Indy httpd/ v/$1/ i/Paessler PRTG bandwidth monitor/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: _httpd\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"\.\"\r\nContent-type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H4>401 Unauthorized</H4>\nAuthorization required\.\n</BODY></HTML>\n| p/Kaspersky AntiVirus http admin/ v/4.X/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Indy/([\d.]+)\r\n.*\r\n<title>Server Monitor Lite</title>\r\n|s p/Indy httpd/ v/$1/ i/Pure Networking Server Monitor Lite http interface/ cpe:/a:indy:httpd:$1/
match http m|^HTTP/1\.0 .*\r\nConnection: close\r\nDate: .*\r\nServer: JavaOpServer\r\n| p/JavaOp httpd/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: SmarterTools/([\d.]+)\r\n.*SmarterStats.*; Professional Edition - v\.([\d.]+) - Customer Login Page\r\n|s p/SmarterTools httpd/ v/$1/ i/SmarterStats $2 http interface/ cpe:/a:smartertools:smarterstats:$2/ cpe:/a:smartertools:smartertools_web:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Project Engine Server\r\n| p/Project Engine Server httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Indy/([\d.]+)\r\nWWW-Authenticate: Basic realm=\"NetStatus Professional\"\r\n|s p/Indy httpd/ v/$1/ i/NetStatus Professional/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: McAfee-Agent-HttpSvr/([\d.]+)\r\n| p/McAfee Agent httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: HoneydHTTP/([\d.]+) Python/([\d.]+)\r\n| p/Honeyd httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: 3ware/([\d.]+)\r\n.*<title>3ware 3DM2 - ([-\w_.]+) - Summary</title>|s p/3ware 3DM2 Serial RAID http config/ v/$1/ d/storage-misc/ h/$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: 3ware/([\d.]+)\r\n.*<title>3DM2 - ([-\w_.]+) - Summary</title>|s p/3ware 3DM2 Serial RAID http config/ v/$1/ d/storage-misc/ h/$2/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: unknown\r\nLocation: https://xweb-ext/__extraweb__/\r\nSet-Cookie: EXTRAWEB_REFERER=| p/Aventail SSL VPN Concentrator http config/ d/security-misc/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Accept: application/vnd\.syncml\+xml, application/vnd\.syncml\+wbxml\r\nCache-Control: no-store\r\nServer: MultiSync Plugin\r\n\r\nNo such file or directory\.|s p/SyncML PIM sync server for MultiSync/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: C4D/([\d.]+)\r\n| p/Cinema 4D Renderer http interface/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: servermgrd\r\nConnection: close\r\nContent-Type: text/html\r\n.*<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3\.2 Final//EN\"><HTML>\r\n<HEAD>\r\n<TITLE>Server Admin module list</TITLE>|s p/Apple Server Monitor http interface/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 401 Authorization Required\r\nServer: servermgrd\r\nWWW-Authenticate: Basic realm = \"Server Admin\"\r\n.*The server could not verify that you are authorized to access the requested content\.<P>\r\n<HR>\r\n</BODY></HTML>\r\n\r\n|s p/Apple Server Monitor http interface/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 401 Authorization Required\r\nServer: servermgrd\r\nSupportsXMLRPC\r\nSupportsBinaryPlist\r\nContent-Type: \xe2\x80\xa0%\xc6\x92<\r\n| p/Mac OS X Server Admin http config/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 404 Not Found\r\nServer: servermgrd\r\nConnection: close\r\nContentType: text/html\r\n| p/Apple Server Monitor http interface/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: BBC ([\d.]+) ; /Hewlett-Packard/OpenView/AutoDiscovery/com\.hp\.openview\.OvAgency\.OvAgencyCommand [\d.]+\r\n\r\n|s p/BBC httpd/ v/$1/ i/HP OpenView AutoDiscovery http interface/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Server: Sun-Java-System/Application-Server\r\n|s p/Sun Java System Application Server httpd/ i/Servlet $1/ cpe:/a:sun:java_system_application_server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Sun-Java-System/Application-Server\r\n| p/Sun Java System Application Server httpd/ cpe:/a:sun:java_system_application_server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Sun-Java-System-Application-Server/([^\r\n]+)\r\n| p/Sun Java System Application Server httpd/ v/$1/ cpe:/a:sun:java_system_application_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Sun-Java-System-Web-Server/([\d.]+)\r\n| p/Sun Java System httpd/ v/$1/ cpe:/a:sun:java_system_web_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Server: Sun Java System Application Server Platform Edition ([\d_.]+)\r\n|s p/Sun Java System Application Server Platform Edition httpd/ v/$2/ i/Servlet $1/ cpe:/a:sun:java_system_application_server:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Server: Sun Java System Application Server ([\w._-]+)\r\n|s p/Sun Java System Application Server httpd/ v/$2/ i/Servlet $1/ cpe:/a:sun:java_system_application_server:$2/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\d.]+)\r\n\r\n.*<title>Netopia Home Page</title>|s p/Allegro RomPager/ v/$1/ i/Netopia DSL router http config/ d/router/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"Netopia-(\w+)\"\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n| p/Allegro RomPager/ v/$2/ i/Netopia $1 router http config/ d/router/ cpe:/a:allegro:rompager:$2/ cpe:/h:netopia:$1/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Type: text/html\r\nDate: .*\r\nPragma: no-cache\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n\n<html>\n<head>\n<title>\nNetopia Router</title>\n|s p/Allegro RomPager/ v/$1/ i/Netopia Cayman 334x router http config/ d/router/ cpe:/a:allegro:rompager:$1/ cpe:/h:netopia:cayman_334x/a
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=BIG5\r\nPragma: No-cache\r\nServer: ACOS HTTPD/([\d.]+)\r\nCache-Control: no-cache\r\n.*<title>Authorization Page</title>.*action=\"checkAuthorization\" target=\"_self\">\r\n|s p/ACOS httpd/ v/$1/ i/Foxconn VoIP TRIO 3C http config/ d/VoIP phone/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: AltaVista Avhttpd ([\d.]+)\r\n| p/Altavista Enterprise Search httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Servage\.net Cluster \(Enhanced Apache\) \(Unix\) (.*)\r\n| p/Servage.net enhanced Apache/ i/$1/
match http m|^HTTP/1\.1 \d\d\d(?:[^\r\n]+\r\n)*?\r\n<!-- Login\.html -->\n\n\n.*<title>Login</title>.*colors\n\ndk blue: #adc3dc\nlt blue: #d2dae3\norange: #ee7d00\nlt orange: #FDDF97\n|s p/Aruba router http config/ d/router/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nLocation: https://securelogin\.arubanetworks\.com/| p/Aruba router secure http config/ d/router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nAccept-Ranges: none\r\n.*<title>Citrix Administration Tool</title>| p/Citrix Secure Gateway http admin/ o/Windows/ cpe:/a:citrix:secure_gateway/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 301 Moved Permanently\r\nCache-Control: no-cache\r\nConnection: close\r\nAccept-Ranges: none\r\nLocation: /CitrixLogonPoint/AccessGateway/\r\n\r\n| p/Citrix Secure Gateway http admin/ o/Windows/ cpe:/a:citrix:secure_gateway/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 301 Moved Permanently\r\nCache-Control: no-cache\r\nConnection: close\r\nAccept-Ranges: none\r\nLocation: /CitrixLogonPoint/Secured/\r\n\r\n| p/Citrix Secure Gateway http admin/ o/Windows/ cpe:/a:citrix:secure_gateway/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 301 Moved Permanently\r\nCache-Control: no-cache\r\nConnection: close\r\nAccept-Ranges: none\r\nLocation: https://([\w._-]+)/CitrixLogonPoint/Default/\r\nContent-Length: 0\r\n\r\n$| p/Citrix Access Gateway firewall http config/ d/firewall/ o/Windows/ h/$1/ cpe:/a:citrix:access_gateway/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Type: text/html; charset=utf-8\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-store\r\n.*<title>Instant Virtual Extranet</title>|s p/Juniper Seca HTTPS VPN appliance/ d/security-misc/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Nucleus WebServ\r\nWWW-Authenticate: Basic realm=\"/\"\r\n.*<H1>Authorization Required</H1></BODY></HTML>\r\n|s p/Nucleus WebServ/ i/Allied Telesyn 802x switch http config/ d/switch/ cpe:/h:alliedtelesyn:802x/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>Spectrum24 Access Point</title>\r\n\r\n| p/RapidLogic httpd/ v/$1/ i/Symbol Spectrum24 access point http config/ d/router/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"VoIP Configuration Web Server\"\r\nContent-type: text/html\r\n\r\n<html>\r\n<body><h1>401 Unauthorized</h1></body></html>\r\n$| p/Welltech Wellgate VoIP adapter http config/ d/VoIP adapter/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Thunderstone-Texis/([\d.]+)\r\n| p/Thunderstone Texis search appliance http config/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"B49G\"\r\n| p/Gigabyte B49G WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nServer: WoWEmu\r\n| p/WoWEmu httpd/ i/World of Warcraft emulated server/
match http m=^HTTP/1\.1 \d\d\d .*\r\nServer: InkHTTP/([\d.]+) Python/([\d.]+)\r\nDate: .*<title>Wirehog \| =s p/Wirehog http transfer interface/ i/InkHTTP $1; Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 \d\d\d .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>   IP PHONE 2 V([\d.]+)         </TITLE>| p/NG VoIP Phone 2 http config/ v/$1/ d/VoIP phone/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\nConnection: close\r\n\r\n<!DOCTYPE html.*\n<title>WikiHome</title>\n</head>\n<body>\n<div id='header'>\n<form method='get' action='/?Search'>\n<table border='0' width='100%'>\n<tr>\n<td align='left' ><strong>WikiHome</strong>  \( <a href='\?edit' title='Edit this wiki page contents\. \[alt-j\]' accesskey='j'>Edit</a> \)|s p/Didiwiki httpd/
match http m|^HTTP/1\.0 400 Wrong Port\r\nServer: ConferenceRoom/IRC\r\nConnection: Close\r\nContent-type: text/html\r\n\r\n<HTML><HEAD><TITLE>Connection to Wrong Port</TITLE></HEAD>\r\n<BODY>You have connected to an IRC server as if it were a web server</BODY>\r\n</HTML>\r\n| p/ConferenceRoom ircd/
match http m|^HTTP/1\.1 400 Bad Request\r\nServer:httpd\r\nDate: .*\r\nContent-Type:text/html\r\n\r\n<html><title>400 Bad Request </title>                         <body> <h1> Bad Request or Syntax Error/Not able to                         understand the request| p/Sagem F@st router httpd/ d/router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: NETID/([\d.]+)\r\n| p/Optivity NetID httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: WYM/([\d.]+)\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nLast-Modified: .*\r\n\r\n<HTML>\n<HEAD>\n<TITLE>IP Camera</TITLE>\n| p/WYM httpd/ v/$1/ i/Aviosys IP Camera http config/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<H1>\w+: A WebGroup/Virtual Host to handle / has not been defined\.</H1><BR><H3>\w+: A WebGroup/Virtual Host to handle [-\w_.:/]+ has not been defined\.</H3><BR><I>IBM WebSphere Application Server</I>| p/IBM WebSphere httpd/ cpe:/a:ibm:websphere_application_server/
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<H1>\w+: Un host WebGroup/Virtual per la gestione / non \xe8 stato definito\.</H1><BR><H3>\w+: A WebGroup/Virtual Host to handle [-\w_.:/]+ has not been defined\.</H3><BR><I>IBM WebSphere Application Server</I>| p/IBM WebSphere httpd/ i/Italian/ cpe:/a:ibm:websphere_application_server::::it/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<H1>\w+: Un host WebGroup/Virtual per la gestione / non \xe8 stato definito\.</H1><BR><H3>SRVE0017W: Un host WebGroup/Virtual per la gestione / non \xe8 stato definito\.</H3><BR><I>IBM WebSphere Application Server</I>| p/IBM WebSphere httpd/ i/Italian/ cpe:/a:ibm:websphere_application_server::::it/
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html;charset=ISO-8859-1\r\n\$WSEP: \r\nContent-Language: .*\r\nServer: WebSphere Application Server/([\d.]+)\r\n| p/IBM WebSphere httpd/ v/$1/ cpe:/a:ibm:websphere_application_server:$1/
match http m|^HTTP/1\.0 \d\d\d .*\t<title>Strongdc\+\+ webserver - Login Page</title>\t|s p/StrongDC++ httpd/
match http m|^HTTP/1\.0 200 OK\r\nServer: HellBot\r\n| p/HellBot Trojan httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: ENI-Web/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"standard@Modem\"\r\n\r\n| p/ENI-Web httpd/ v/$1/ i/Efficient SpeedStream router http config/
match http m|^<html>\n<title>48-Port 10/100/1000Mbps Web-Smart Gigabit Ethernet Switch</title>\n| p/D-Link 48-Port switch http config/ d/switch/ cpe:/h:dlink:48-port/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: MailEnable-HTTP/([\d.]+)\r\n| p/MailEnable httpd/ v/$1/ o/Windows/ cpe:/a:mailenable:mailenable:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nServer: Indy/([\d.]+)\r\n\r\n<HTML><BODY><B>200 OK</B></BODY></HTML>\r\n| p/Indy httpd/ v/$1/ i/WebRoot SpySweeper http config/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: Close\r\nContent-Type: text/html\r\nDate: .*\r\nLocation: login\.php\r\nServer: Kerio Embedded WebServer ([\d.]+)\r\nX-Powered-By: PHP/([\d.]+)\r\n\r\n| p/Kerio Embedded httpd/ v/$1/ i/PHP $2/ o/Windows/ cpe:/a:php:php:$2/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nServer: Agranat-EmWeb/R([\d._]+)\r\nWWW-Authenticate: Basic realm=\"read@\"\r\n\r\n401 Unauthorized\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/3Com SuperStack II Switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: and-httpd/(\d+\.\d+\.[-.\w]+) \(Debug\)|s p/and-httpd/ v/$1/ i/Debug version/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: and-httpd/(\d+\.\d+\.[-.\w]+) ([^\r\n]+)|s p/and-httpd/ v/$1/ i/$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: and-httpd/(\d+\.\d+\.[-.\w]+)|s p/and-httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: and-httpd|s p/and-httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: httpd\r\nDate: .*\r\nWWW-Authenticate: Basic\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H4>401 Unauthorized</H4>\nAuthorization required\.\n</BODY></HTML>\n| p/Linksys Wireless-G DSL router http config/ d/router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nPragma: no-cach\r\nContent-Type: text/html; charset=windows-1251\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>UserGate report area</TITLE>\r\n| p/UserGate http report area/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^<HTML>\r\n<HEAD>\r\n<TITLE>UserGate report area</TITLE>\r\n| p/UserGate http report area/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Kerio MailServer ([\d.]+) patch (\d+)\r\n\r\n|s p/Kerio MailServer http config/ v/$1 patch $2/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: VOIP\r\nWWW-Authenticate: Digest realm=\"VOIP\", nonce=\"\w+\", opaque=\"\w+\",| p/ACT VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: KHAPI/([\d.]+) \(Linux\)\r\n|s p/KHAPI httpd/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
# HP OpenView ITO agent (probably version 7.25) on Windows, port 383
# Moved from RTSPRequest because fallback can take care of it
match http m|^HTTP/1\.1 \d\d\d.*\r\nContent-Type: text/html(?:; charset=us-ascii)?\r\nServer: Microsoft-HTTPAPI/([\d.]+)\r\n| p/Microsoft HTTPAPI httpd/ v/$1/ i|SSDP/UPnP| o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Mediasurface/([\d.]+)\r\n| p/Mediasurface CMS httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: RapidLogic/([\d.]+)\r\n.*<TITLE>WireSpeed Data Gateway</TITLE>|s p/RapidLogic httpd/ v/$1/ i/WireSpeed Data Gateway router http config/ d/router/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: SmarterTools/([\d.]+)\r\n.*SmarterStats|s p/SmarterTools SmarterStats httpd/ v/$1/ o/Windows/ cpe:/a:smartertools:smarterstats/ cpe:/a:smartertools:smartertools_web:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: SmarterTools/([\d.]+)\r\n| p/SmarterTools httpd/ v/$1/ o/Windows/ cpe:/a:smartertools:smartertools_web:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*<HTML><HEAD><TITLE>Scientific-Altanta WebStar Cable Modem</TITLE>|s p/Scientific-Altanta WebStar Cable Modem http config/ d/broadband router/
# WebStar DPC2100 and EPC2100
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: micro_httpd\r\n.*<title>Scientific-Altanta WebStar Cable Modem</title>|s p/micro_httpd/ i/Scientific Atlanta WebStar Cable Modem http config/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 302 Redirect\r\n.*\r\nServer: GoAhead-Webs\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://Device/config/log_off_page\.htm\r\n\r\n| p/GoAhead WebServer/ i/Dell PowerConnect http config/ d/switch/ cpe:/a:goahead:goahead_webserver/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Enable Mode\"\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n<HTML><HEAD><TITLE><script>document\.location\.href='/config/AccessNotAllowedPage\.htm'| p/Allegro RomPager/ v/$1/ i/Dell PowerConnect http config/ d/switch/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 \d\d\d(?:[^\r\n]+\r\n)*?\r\n<BODY><CENTER><BR><BR><strong><font size=5 face=verdana>SRW224 24-Port 10/100 \+ 2-Port Gigabit <BR>|s p/Linksys SRW224 gigabit switch http config/ d/switch/ cpe:/h:linksys:srw224/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: close\r\nCache-Control: no-cache\r\nServer: SQ-WEBCAM\r\n| p/dvr1614n web-cam httpd/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: BeOS/PoorMan\r\n|s p/BeOS poorman httpd/ o/BeOS/ cpe:/o:be:beos/
match http m|^HTTP/1\.0 200\r\nContent-type: text/html\r\n\r\n<HTML>\r\n<HEAD><TITLE>WJ-NT104 MAIN PAGE</TITLE></HEAD>\r\n| p/Panasonic WJ-NT104 network camera httpd/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: TwistedWeb/([\d.]+)\r\n\r\n.*<title>Punjab |s p/TwistedWeb httpd/ v/$1/ i/Punjab HTTP -> XMMP proxy/ cpe:/a:twistedmatrix:twistedweb:$1/a
match http m|^HTTP/1\.1 \d\d\d .*<title>I\.M\. Everywhere</title>|s p/Trillian IM Everywhere http plugin/ o/Windows/ cpe:/a:trillian:trillian/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Grandstream/([\d.]+)\r\n\r\n|s p/Grandstream VoIP phone http config/ v/$1/ d/VoIP phone/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(RV042)\"\r\n| p/thttpd/ i/Linksys $1 VPN router http config/ d/router/ cpe:/a:acme:thttpd/ cpe:/h:linksys:$1/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(RV0041)\"\r\n.*<h2>401 Unauthorized<h2>\n  <p>\n  Authorization required for the URL\.\n</body>\n</html>\n$|s p/thttpd/ i/Linksys $1 router http config/ d/router/ cpe:/a:acme:thttpd/ cpe:/h:linksys:$1/a
match http m|^HTTP/1\.0 200 OK\r\nServer: Router/([\d.]+)\r\n.*<TITLE>Cable/xDSL Wireless Router</TITLE>|s p/SparkLAN WX-2211A wireless router http config/ v/$1/ d/router/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: LiteServe/([\d.]+)\r\n| p/Perception LiteServe httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: httpd-impacct/([\d.]+) ([\d/]+)\r\n| p/Zonet ZSR0104CP router http config/ v/$1/ i/Released $2/ d/router/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: YAZ/([\w._-]+)\r\n|s p/YAZ Z39.50 http interface/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: svea_httpd/([\d.]+) ([^\r\n]+)\r\n| p/svea_httpd/ v/$1 $2/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: svea_httpd/([\d.]+)\r\n| p/svea_httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Microsoft-PWS/([\d.]+)\r\n| p/Microsoft Peer Web Services httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Microsoft-PWS-95/([\d.]+)\r\n| p/Microsoft Peer Web Services 95 httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 302 Found\r\nConnection: Close\r\nLocation: /iw-cc/command/iw\.base\.show_done_page| p/Interwoven TeamSite game proxy httpd/
match http m|^HTTP/1\.0 302 Found\r\nLocation: http://xbtt\.sourceforge\.net/\r\n\r\n| p/xbtt bittorrent tracker httpd/
match http m|^HTTP/1\.1 302 Found\r\nLocation: http://([-\w_.]+)/.*<FONT face=\"Helvetica\">\n<big>Redirect \(authentication_redirect_to_virtual_host\)</big>|s p/Blue Coat http config/ h/$1/
match http m|^HTTP/1\.0 200 OK\nServer: EntropyChat ([\d.]+)\n| p/cPanel EntropyChat httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: Jaguar Server Version ([\d.]+)\r\n.*<TITLE>Sybase EAServer Version ([\d.]+)\n</TITLE>|s p/Jaguar/ v/$1/ i/Sybase EAServer $2/ cpe:/a:sybase:easerver:$2/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Jetty\(EAServer/([\w._ -]+)\)\r\n|s p/Jetty/ i/Sybase EAServer $1/ cpe:/a:mortbay:jetty/ cpe:/a:sybase:easerver:$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: BRS-WebWeaver/([\d.]+)\r\n| p/BRS WebWeaver httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: eSoft/([\d.]+) \(Unix\)\r\n| p/eSoft emumail webmail httpd/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nServer: tigershark/([\d.]+) | p/tigershark httpd/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 200 Document Follows\r\n.*CONTENT=\"TANDBERG ASA \(http://www\.tandberg\.net\)\">\r\n<meta name=\"description\"\r\ncontent=\"TANDBERG is a leading global provider of videoconferencing|s p/Tandberg video conferencing http config/ d/media device/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nContent-type: text/html\r\nServer: Tandberg Television Web server\r\n| p/Tandberg Television httpd/ d/media device/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"([^\"]+)\"\r\n.*\r\n.*\r\nServer :Tandberg Television Web server\r\n| p/Tandberg Television httpd/ i/Realm: $1/ d/media device/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\n\n<!-- \n#ident \"%W%\"\n# Copyright \(c\) 2\d+ SteelEye Technology Inc\. - Mountain View, CA, USA\n################### LifeKeeper| p/SteelEye LifeKeeper cluster http config/ o/Unix/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Ubicom/([\d.]+)\r\n.*<title>D-Link Gaming Router : Login</title>|s p/Ubicom httpd/ v/$1/ i/D-Link gaming router http config/ d/router/ cpe:/a:ubicom:httpd:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\d.]+)\r\n\r\n<HTML>\n<HEAD>\n<TITLE>LANIER 5613 / LANIER Network Printer D model-Network Administration</TITLE>|s p/Allegro RomPager/ v/$1/ i/Lanier 5613 network printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 \d\d\d .*\nServer: Novell-HTTP-Server/([\w.]+)\n.*<TITLE>GroupWise WebAccess</TITLE>|s p/Novell-HTTP-Server/ v/$1/ i/Novell GroupWise webmail/ cpe:/a:novell:groupwise_webaccess/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Novell-Agent ([\w._-]+) \(Linux\)\r\n.*<TITLE>GroupWise Monitor  - Status</TITLE>|s p/Novell GroupWise Monitor/ v/$1/ o/Linux/ cpe:/a:novell:groupwise/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.0 \d\d\d .*\nDate: .*\nServer: Novell-HTTP-Server/([\w._-]+)\n| p/Novell httpd $1/
match http m|^HTTP/1\.0 400\r\nContent-Type: text/html\r\n\r\n<html><head><title>Error</title></head><body>\r\n<h2>ERROR: 400</h2>\r\nHost name unspecified\.\n<br>\r\n</body></html>\r\n$| p/Teros application firewall/ d/firewall/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Intoto ?Http ?Server..([\d.]+)\r\n|s p/Intoto httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nConnection: close\r\nServer: httrack-small-server\r\n| p/httrack offline browsing httpd/ o/Windows/ cpe:/a:httrack:httrack/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: GeneWeb/([\d.]+)\r\n| p/GeneWeb httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*USEMAP=.SwitchMasthead ALT=\\\"Fast Ethernet Switch 8275-416\\|s p/IBM 8275-416 switch http config/ d/switch/ cpe:/h:ibm:8275-416/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: jabberd ([\d.]+)\r\n| p/jabberd httpd/ v/$1/ cpe:/a:jabberd:jabberd:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html>\n\t<head>\n\t\t<title>Enigma Web Interface</title>\n\t| p/Dreambox DVB Enigma httpd/ d/media device/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: VB150\r\n.*<title>WebView Livescope</title>|s p/Canon WebView VB150 http config/ d/webcam/ cpe:/h:canon:webview_vb150/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: iGuard Embedded Web Server/([\w.]+) \((FPS\d+)\) SN:([-\w]+)\r\n| p/iGuard Embedded Web Server/ v/$1/ i/iGuard $2 FingerPrint Scanner http config; SN: $3/ d/security-misc/
match http m|^HTTP/1\.0 \d\d\d .*<title>SP200X Web Configuration Pages</title>|s p/SignalSys SP200X VoIP http config/ d/VoIP adapter/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Beagle-XSP Server/([\d.]+) Unix\r\nX-Powered-By: ([^\r\n]+)\r\n| p/Beagle XSP/ v/$1/ i/$2/ o/Unix/
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"Instant Internet\"\r\n\r\n| p/Nortel Instant Internet remote access httpd/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: NetworkActiv-Web-Server/([\d.]+)\r\n|s p/NetworkActiv httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: ATEN HTTP Server\(V([\d.]+)\)\r\n| p/Aten httpd/ v/$1/ i/Aten KVM http config/
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-authenticate: basic realm=\"Vina Technologies eLink 200\"\r\n| p/Vina Technologies eLink 200 http config/ d/router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-authenticate: basic realm=\"Vina Technologies T1 Integrator\"\r\n| p/Vina Technologies T1 Integrator http config/ d/telecom-misc/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: CPWS\r\n| p/Connectra Check Point Web Security httpd/ d/security-misc/ cpe:/a:checkpoint:connectra/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Agranat-EmWeb/R([-\w_.]+)\r\nWWW-Authenticate: Basic realm=\"Efficient Networks Web User Interface\"\r\n\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Efficient Networks router http config/ d/router/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Niagara Web Server/([\d.]+)\r\nNiagara-Release: ([-\w_.]+)\r\n|s p/Sun Niagara httpd/ v/$1/ i/Niagara release $2/
#The following two lines are for the Tridium Niagara embedded device httpd, NOT the Sun (now Oracle) Solaris httpd - Tom
match http m|^HTTP/1\.[01] \d\d\d .*\r\nNiagara-Platform: ([^\r\n]+).*Server: Niagara Web Server/([\d.]+)\r\n|is p/Tridium Niagara httpd/ v/$2/ d/specialized/ o/$1/ cpe:/a:tridium:niagara:$2/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Niagara Web Server/([\d.]+)\r\n|is p/Tridium Niagara httpd/ v/$1/ d/specialized/ cpe:/a:tridium:niagara:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: The Knopflerfish HTTP Server\r\n|s p/Knopflerfish httpd/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: HTTP\r\n.*<title>Inventel</title>|s p/Inventel router http config/ d/router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Nanox WebServer\r\n| p/Nanox Web Digital Video Recorder http config/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nServer: NetPort Software ([\d.]+)\r\nDate:.* - VSX 7000</title>|s p/NetPort httpd/ v/$1/ i/Polycom VSX 7000 video conferencer http config/ d/webcam/
match http m|^HTTP/1\.0 200 OK\r\nServer: Firewall\r\n.*<TITLE>WatchGuard Configuration Settings</TITLE>|s p/WatchGuard Firebox Soho Firewall http config/ d/firewall/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?WWW-Authenticate: Digest  realm=\"spa user\", domain=\"/\".*<title>Sipura SPA Configuration</title>|s p/Sipura SPA VoIP http config/ d/VoIP adapter/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: ipMonitor ([\d.]+)\r\n| p/MediaHouse ipMonitor httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] \d\d\d .*\nServer: Tarantella/([\d.]+)\n| p/Tarantella httpd/ v/$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: RealServer ([\d.]+)\r\n.*<H2>Access to RealServer 5\.0 Administration Denied</H2></HTML>\n|s p/RealServer httpd/ v/$1/ i/Access denied/
match http m|^HTTP/1\.0 \d\d\d .*<TITLE>AXIS ([\d]+) Camera Server</TITLE>|s p/AXIS $1 camera httpd/ d/webcam/ cpe:/h:axis:$1/
match http m|^HTTP/1\.0 \d\d\d .*<TITLE>The AXIS 200\+ Home Page</TITLE>|s p/AXIS 200+ camera httpd/ d/webcam/ cpe:/h:axis:200%2b/
match http m|^HTTP/1\.0 200 OK\r\n.*<TITLE>AXIS 2400 Video Server</TITLE>|s p/AXIS 2400 video httpd/ d/webcam/ cpe:/h:axis:2400/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Web Crossing/([\d.]+)\r\n|s p/Web Crossing collaboration httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Kannel/([\d.]+)\r\n| p/Kannel SMS proxy httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/(\d[-.\w]+)\r\n\r\n.*<title>ExtremeWare Management Interface</title>|s p/Allegro RomPager/ v/$1/ i/Extreme Networks switch http config/ d/switch/ o/ExtremeWare/ cpe:/a:allegro:rompager:$1/ cpe:/o:extremenetworks:extremeware/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/(\d[-.\w]+)\r\n\r\n<HTML>\n<HEAD>\n<TITLE>AudioCodes\n</TITLE>|s p/Allegro RomPager/ v/$1/ i/AudioCodes VoIP gateway http config/ d/VoIP adapter/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"Switched Rack PDU\"\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n| p/Allegro RomPager/ v/$1/ i/APC switched rack PDU http config/ d/power-device/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"IES-1000 \w+-\d+\"\r\nContent-Type: text/html\r\nServer: ZyXEL-RomPager/([\d.]+)\r\n\r\n| p/ZyXEL RomPager/ v/$1/ i/ZyXEL IES-1000 DSLAM http config/ d/telecom-misc/ cpe:/a:zyxel:rompager:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: DIONIS/([\d.]+)\r\n| p/DIONIS httpd/ v/$1/
match http m|^HTTP/1\.0 400 Bad-Request\nHTTP/1\.0 200 OK\r\n.*Aironet BR500E V([\d.]+)</td>|s p/Cisco Aironet BR500E wireless bridge http config/ v/$1/ d/WAP/ cpe:/h:cisco:aironet_br500e/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"4AFXS Configuration Web Server\"\r\n| p/SunComm 4AFXS VoIP gateway http config/ d/VoIP adapter/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ATR-HTTP-Server/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Allied Telesyn AR410\"\r\n|s p/ATR httpd/ v/$1/ i/Allied Telesyn AR410 http config/ d/router/ cpe:/h:alliedtelesyn:ar410/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle_Web_Listener/([\d.]+)EnterpriseEdition\r\n|s p/Oracle Web Listener Enterprise Edition/ v/$1/ cpe:/a:oracle:apex:$1::enterprise/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle_Web_Listener/([\d.]+)AdvancedEdition\r\n|s p/Oracle Web Listener Advanced Edition/ v/$1/ cpe:/a:oracle:apex:$1::advanced/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle_Web_listener_?([^\r\n]+)\r\n|s p/Oracle Web Listener/ v/$1/ cpe:/a:oracle:apex:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: VOMwebserver v([\d.]+)\r\n|s p/VOMwebserver/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: RapidLogic/([\d.]+)\r\n.*<TITLE>Net2Phone Init Page</TITLE>|s p/RapidLogic httpd/ v/$1/ i/Net2Phone VoIP adapter http config/ d/VoIP adapter/ cpe:/a:rapidlogic:httpd:$1/

match http m|^HTTP/1\.0 \d\d\d .*<title>IT Temperature Monitor: ([^<]+)</title>.*<TD>Model:</TD><TD width=10 rowspan=3><BR></TD><TD>([-\w_.]+)</TD><TD width=20 rowspan=3><BR></TD><TD>Firmware Version:</TD><TD width=10 rowspan=3><BR></TD><TD>([\d.]+)</TD>|s p/Sensatronics $2 remote temperature monitor httpd/ i/name $1; Firmware version $3/ d/specialized/
match http m|^HTTP/1\.0 \d\d\d .*<title>IT Temperature monitor: ([^<]+)</title>.*<TD>Model:</TD><TD width=10 rowspan=7><BR></TD><TD>([-\w_.]+)</TD>.*<TD>Firmware Version:</TD><TD>([\d.]+)</TD>|s p/Sensatronics $2 remote temperature monitor httpd/ i/name $1; Firmware version $3/ d/specialized/

match http m|^HTTP/1\.1 \d\d\d .*<font color=#FFFFFF size=5>Cisco ATA 186 \(SIP\)</font>|s p/Cisco ATA 186 SIP http config/ d/VoIP adapter/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: AKCP Embedded Web Server| p/AKCP embedded httpd/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\d.]+)\r\n.*<meta content=\"Printer with Embedded Web Server\"|s p/Allegro RomPager/ v/$1/ i/Xerox Phaser 4500 printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:xerox:phaser_4500/a
match http m|^HTTP/1\.0 200 OK\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>JetDirect Home Page</TITLE>\r\n\r\n</HEAD>\r\n<BODY>\r\n<P>\r\nWelcome to the HP JetDirect print server!\r\n| p/HP JetDirect printer http config/ d/printer/
match http m|^HTTP/1\.0 200 OK\r\nServer: JVC/([\d.]+)\r\n.*<html>\r\n<head>\r\n.*<title>V\.Networks|s p/JVC V.Networks video httpd/ v/$1/ d/media device/
match http m|^HTTP/1\.0 401\r\nServer: JVC/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?\r\n<html><body><h1>401 Unauthorized</h1></body></html>\r\n|s p/JVC V.Networks video httpd/ v/$1/ i/Authentication enabled/ d/media device/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?WWW-Authenticate: Digest  realm=\"pap user\".*<title>Linksys PAP2 Configuration</title>|s p/Linksys PAP2 VoIP http config/ d/VoIP adapter/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: SWS-([\d.]+)\r\n|s p/Sun WebServer/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*<title>Dominion SX32</title>|s p/Raritan Dominion SX32 http config/ d/terminal server/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Sensorsoft-Remote-Watchman-Enterprise/([\d.]+)\r\n| p/Sensorsoft Remote Watchman Enterprise/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 302 Found\r\nLocation: /cgi-bin/guestimage\.html\r\nContent-type: text/html; charset=ISO-8859-1\r\nCache-Control: no-cache\r\n\r\n.*<title>\r\nRedirect to guestimage: /cgi-bin/guestimage\.html\r\n|s p/thttpd/ i/Mobotix M10 PRISMB web cam http config/ d/webcam/ cpe:/a:acme:thttpd/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nContent-Length: 0\r\nLocation: /\?[a-z\d]{7,8}\r\n| p/Urchin RSS aggregator/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Meridian Data/([\d.]+)\r\n| p/Meridian Quantum Snap! http config/ v/$1/ d/storage-misc/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Login\"\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY><H1>401 Unauthorized Access Attempt</H1>\nYou are not authorized to access the requested file\.</BODY></HTML>$| p/Cisco VG248 http config/ d/telecom-misc/
match http m|^HTTP/1\.0 200 Ok\r\n.*<H1>(ZBR\d+) - ZebraNet PrintServer</H1>|s p/ZebraNet $1 print server http config/ d/print server/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: GoAhead-Webs\r\nDate: (?:[^\r\n]*\r\n(?!\r\n))*?WWW-Authenticate: Basic realm=\"Wireless Access Point\"\r\n.*\r\n<html><head><title>Document Error: Unauthorized</title></head>\r\n\t\t<body><h2>Access Error: Unauthorized</h2>\r\n\t\twhen trying to obtain <b>/</b><br><p>Access to this document requires a User ID</p></body></html>\r\n\r\n|s p/GoAhead WebServer/ i/Ovislink WAP http config/ d/WAP/ cpe:/a:goahead:goahead_webserver/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"(WN-\w+)\"\r\n.*<title> Authorization warning</title>|s p/Ovislink $1 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nServer: HyNetOS/([\d.]+)\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>EverFocus EDSR Applet \(([\d.]+)\)</TITLE>| p/EverFocus webcam http config/ i/EDSR Applet $2; HyNetOS $1/ d/webcam/ o/HyNetOS/ cpe:/o:hyperstone:hynetos:$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<title>MoBif TA-200 Configuration</title>\n| p/MoBif TA-200 http config/ d/VoIP adapter/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\w.]+)\r\n\r\n.*<title>PagePro 9100 / PagePro 9100</title>\n.*<a href=\"http://www\.minolta-qms\.com\">|s p/Allegro RomPager/ v/$1/ i/Minolta 9100 printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:minolta:9100/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nContent-type: text/html\r\n\r\n<HTML><HEAD><TITLE>OkiLAN (\w+)</TITLE>| p/OkiData printer http config/ i/OkiLAN $1/ d/printer/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: IPCheck/([\d.]+) *\r\n\r\n|s p/IPCheck httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Aragorn\r\nWWW-Authenticate: Basic realm=\"Please enter User name and password\"\r\n| p/Aastra 480i VoIP phone http config/ d/VoIP phone/ cpe:/h:aastra:480i/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Aragorn\r\nWWW-Authenticate: Basic realm=\"Aastra ([\w._ -]+)\"\r\n| p/Aastra $1 VoIP phone http config/ d/VoIP phone/ cpe:/h:aastra:$1/
match http m|^HTTP/1\.1 200 Ok\r\nServer: snom embedded\r\n.*\n<TITLE>snom ?(\w+)(?:-[\dA-F]+)?</TITLE>\n|s p/Snom $1 VoIP phone http config/ d/VoIP phone/ cpe:/h:snom:$1/a
match http m|^HTTP/1\.1 403 Forbidden\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nCache-Control: no-store\r\nServer: snom embedded\r\n.*<TITLE>snom VoIP phone: Error</TITLE>|s p/Snom 300 VoIP phone http config/ i/secure connection required/ d/VoIP phone/ cpe:/h:snom:300/a
match http m|^HTTP/1\.1 200 Ok\r\nServer: snom embedded\r\n.*\n<html>\n<head>\n\n<title>snom 105 VoIP Phone :: Home</title>|s p/Snom 105 VoIP phone http config/ d/VoIP phone/ cpe:/h:snom:105/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"main@SP1\"\r\nContent-type: text/html\r\n {34}\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/CyberIQ HyperFlow 3 switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 200 OK\r\nAllow:GET\r\nContent-Type:text/html\r\nExpires: .*\r\nContent-Length:\d+\r\n\r\n<HTML><HEAD><TITLE>Ringdale Printserver </TITLE>| p/Ringdale print server http config/ d/print server/
match http m|^HTTP/1\.0 302 Found\nLocation: /login\.ews\r\nCache-Control: no-store\nContent-Type: text/html\r\n\r\n| p/Emerald Management Suite httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"FXO Configuration Web Server\"\r\nContent-type: text/html\r\n\r\n<html>\r\n<body><h1>401 Unauthorized</h1></body></html>\r\n| p/Tandem NSK D40 http config/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: glass/([\d.]+) Python/([-\w.]+)\r\n| p/IronPort AsyncOS http config/ i/glass $1; Python $2/ o/AsyncOS/ cpe:/a:python:python:$2/ cpe:/o:cisco:asyncos/a
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=iso-8859-1\r\nPragma: No-cache\r\nServer: ACOS HTTPD/([\d.]+)\r\nCache-Control: no-cache\r\n(?:[^\r\n]+\r\n)*?\r\n<html>\r\n<head>\r\n<title>neuf telecom</title>\r\n|s p/ACOS httpd/ v/$1/ i/Neuf Box router http config/ d/router/
match http m|^HTTP/1\.0 200 OK\r\nServer: U S Software Web Server\r\n.*<html>\n<head>\n<title>StorageLoader</title>\n|s p/Tandberg Data StorageLoader http config/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nServer: U S Software Web Server\r\n.*<html>\r\n<head>\r\n<title>StorageLoader</title>\r\n|s p/Tandberg Data StorageLoader Ultrium LTO http config/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: VykTor XML WinAmp Server/([\d.]+)\r\nMIME-version: [\d.]+\r\n.*<title>Snow Crash</title>\r\n|s p/Snowcrash WinAmp http control plugin/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*\n<TITLE>\nGigaset M740 AV - Experimentelles Web-Interface\n</TITLE>\n|s p/Siemens Gigaset M740 http config/ d/media device/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Spinnaker/([\d.]+)\r\n| p/Searchlight Software Spinnaker httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 401 Authorization Required\nWWW-Authenticate: Basic realm=\"HERCULES\"\n| p/Hercules mainframe emulator http config/
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\n(?:X-Frame-Options: SAMEORIGIN\r\n)?Location: https://pgpuniversal_| p/PGP Universal httpd/ cpe:/a:pgp:universal_server/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle/([\d.]+)\r\nWWW-Authenticate: Basic realm=\"XDB\"\r\n|s p/Oracle XDB httpd/ v/$1/ cpe:/a:oracle:database_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle XML DB/Oracle Database\r\nWWW-Authenticate: Basic realm=\"XDB\"\r\n|s p/Oracle XDB httpd/ cpe:/a:oracle:database_server/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Oracle XML DB/Oracle9i Release ([^\r\n]+)\r\n|s p/Oracle XDB httpd/ v/$1/ cpe:/a:oracle:database_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\n<meta name=\"GENERATOR\" content=\"Active WebCam ([\d.]+) \(http://www\.pysoft\.com\) \[Unregistered\]\">\r\n\r\n|s p/Active WebCam httpd/ v/$1/ i/Unregistered/ d/webcam/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: GoAhead-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Venturi NMS\"\r\n| p/GoAhead WebServer/ i/Venturi wireless accelerator http config/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?server: SAP Web Application Server \(([-\w_.;]+)\)\r\n|s p/SAP Web Application Server/ v/$1/ cpe:/a:sap:netweaver:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"SIP Phone\"\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>401 Unauthorized Ip Phone Access</title>\r\n| p/Tecom Co. SIP-Phone http config/ d/VoIP phone/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: SentinelKeysServer/([\w._-]+)\r\n| p/SafeNet Sentinel Keys License Monitor httpd/ v/$1/ i/Java Console/ cpe:/a:safenet-inc:sentinel_keys_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Techno Vision Security System Ver\. ([\d.]+)\r\n| p/Techno Vision Security System http config/ v/$1/ d/webcam/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: webcamXP\r\n\r\n<html><head><title>.*</title><meta name=\"generator\" content=\"webcamXP PRO v([\d.]+)\">|s p/webcamXP PRO http config/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: webcamXP\r\n|s p/webcamXP httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: webcamXP (\d+)\r\n|s p/webcamXP httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Rapidsite/Apa/([\d.]+) \(Unix\) (.*)\r\n| p|Rapidsite/Apa httpd| v/$1/ i/$2/ o/Unix/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Rapidsite/Apa\r\n| p|Rapidsite/Apa httpd|
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"Sip Utility Set\", nonce=| p/Avaya 4602 VoIP phone http config/ d/VoIP phone/ cpe:/h:avaya:4602/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Sun-ILOM-Web-Server/([\d.]+)\r\n| p/Sun Integrated Lights-Out httpd/ v/$1/ d/remote management/ cpe:/h:sun:integrated_lights-out:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Apple Embedded Web Server/([\d.]+)\r\n| p/Apple Embedded httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: iPrism-httpd/v3 \(Unix\) ssl_enabled ossl\r\n| p/St. Bernard iPrism firewall http config/ i/ssl enabled/ d/firewall/ o/Unix/
match http m|^HTTP/1\.0 403 Forbidden\r\nServer: iPrism/v3\r\n| p/St. Bernard iPrism firewall http config/ d/firewall/
# ExtremeWare XOS was renamed ExtremeXOS in version 12.0
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: XOS (\w+)\r\n| p/ExtremeWare XOS httpd/ v/$1/ o/ExtremeXOS/ cpe:/o:extremenetworks:extremeware_xos/
match http m|^HTTP/1\.0 200 Okay\r\nConnection: close\r\nServer: BaseSwitch 801FM\r\nContent-Type: text/html\r\n\r\n<HTML>\n<HEAD><TITLE>Welcome to Transtec AG WEBServer</TITLE>| p/Transtec BaseSwitch 801FM http config/ d/switch/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nContent-Length: 0\r\nWWW-Authenticate: Basic realm=\"Authenticated_User@P330\"\r\n\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Avaya P330 switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a cpe:/h:avaya:p330/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Systinet Server for Java/([\d.]+) \(([^)]+)\)\r\n| p/Systinet Server for Java/ v/$1/ i/$2/
match http m|^HTTP/1\.1 200 OK\r\nServer: Miralix License Server\r\n| p/Miralix license server httpd/ o/Windows/ cpe:/o:microsoft:windows/a

match http m=^HTTP/1\.0 \d\d\d .*\r\nServer: (EWS-NIC\w+)/([\d.]+)\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<title>Dell (?:Laser Printer|Color Laser|MFP Laser) ([\w+]+)</title>\n= p/$1/ v/$2/ i/Dell $3 laser printer http config/ d/printer/ cpe:/h:dell:$3/
match http m=^HTTP/1\.1 \d\d\d .*\r\nServer: (EWS-NIC\w+)/([\d.]+)\r\n.*<title>\r\nDell (\w+) (?:Color Laser|MFP)</title>=s p/$1/ v/$2/ i/Dell $3 printer http config/ d/printer/ cpe:/h:dell:$3/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: (EWS-NIC\w+)/([\d.]+)\r\n.*<title>(Phaser \w+) - Phaser [\w-]+</title>|s p/$1/ v/$2/ i/Xerox $3 printer http config/ d/printer/ cpe:/h:xerox:$3/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: (EWS-NIC\w+)/([\d.]+)\r\n.*<title>(WorkCentre \w+)</title>|s p/$1/ v/$2/ i/Xerox $3 printer http config/ d/printer/ cpe:/h:xerox:$3/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: (EWS-NIC\w+)/([\d.]+)\r\n|s p/$1/ v/$2/ i/Xerox printer http config/ d/printer/

match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: tracd/([-\w_.]+) Python/([-\w_.]+)\r\n| p/Tracd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Sametime Server \(Meeting Services\) ([\d.]+)\r\n\r\n| p/IBM Lotus Sametime httpd/ v/$1/ cpe:/a:ibm:lotus_sametime:$1/
# Not sure if this is used anywhere other than the debian
# apt caching server "approx"...
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: OCaml HTTP Daemon\r\n| p/OCaml httpd/
match http m|^HTTP/1\.0 200 OK\nContent-Type: text/plain\nContent-Length: \d+\n\nerror\nno table param specified\n| p/Ingenuity Works ATRT minidb/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Anapod Manager ([\w.]+)\r\n| p/Anapod iPod Explorer httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: IISGuard\r\n| p/Troxo IISGuard/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*<title>Smart VoIP IAD Web Configuration Pages</title>|s p/Patton SmartLink 4020 VoIP adapter http config/ d/VoIP adapter/ cpe:/h:patton:sl4020/ cpe:/o:patton:smartware/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: DesktopAuthority/([\d.]+)\r\n|s p/ScriptLogic DesktopAuthority httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 302 Please login\.\nDate: .*\nServer: (P560\.GSI\.[\d.]+)\n| p/Gemtek P560 WAP http config/ v/$1/ d/WAP/ cpe:/h:gemtek:p560/a
match http m|^HTTP/1\.0 302 Please login\.\nDate: .*\nServer: RG4000\.CMC\.([\d.]+)\n| p/RG4000 Access Control Gateway/ v/$1/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\n\r\n<HTML>\r\r\n<BODY>\r\r\n\r\r\n<APPLET CODE=\"SimpleCamApplet2\.class\" CODEBASE=\"http://([-\w_.]+)/.*\" WIDTH=\"(\d+)\" HEIGHT=\"(\d+)\">| p/SimpleCam httpd/ i/Webcam resolution: $2x$3/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: LogMeIn/([\d.]+)\r\n|s p/LogMeIn httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: MacroMaker\r\n| p/MacroMaker httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m=^HTTP/1\.0 \d\d\d .*\r\nServer: NI Service Locator/([\w._-]+) \((?:SLServer|LabVIEW)\)\r\n= p/National Instruments LabVIEW service locator httpd/ v/$1/ cpe:/a:ni:labview:$1/
match http m|^HTTP/1\.1 406 Not Acceptable\r\nServer: Phex ([\d.]+)\r\n\r\n| p/Phex HTML-Shared File Export httpd/ v/$1/
match http m|^HTTP/1\.1 403 Browsing disabled\r\nServer: Phex ([\d.]+)\r\n\r\n$| p/Phex HTML-Shared File Export httpd/ v/$1/
match http m|^HTTP/1\.0 200 NoPhrase\r\n.*\r\n<HTML>\r\n<HEAD>\r\n<TITLE>\[JMX RI/([\d.]+)\] Agent View</TITLE>|s p/Sun Java Management Extensions Reference Installation httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nETag: \"[\w_]+\"\r\nAccept-Ranges: bytes\r\nContent-Length: 79\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html>\n<script language=javascript>\n\ntop\.location=\"/login\";\n\n</script>\n</html>\n| p|Fortinet VPN/firewall http config| d/firewall/
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\nDate: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<script>\ntop\.location\.href=\"/login_en\.htm\";\n</script>\n\n| p/Siemens Gigaset SE505 WAP http config/ d/WAP/ cpe:/h:siemens:gigaset_se505/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nServer: Gigaset ([^\r\n]+)\r\n| p/Siemens Gigaset $1 WAP http config/ d/WAP/ cpe:/h:siemens:gigaset_$1/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: Keep-Alive\r\nServer: Siemens Gigaset C450 IP\r\n| p/Siemens Gigaset C450 IP VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: Keep-Alive\r\nServer: Siemens Gigaset ([^\r\n]+)\r\n| p/Siemens Gigaset $1 WAP http config/ d/WAP/ cpe:/h:siemens:gigaset_$1/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"dbox\"\r\n\r\nAccess denied\.\r\n| p/Dbox2 Neutrino httpd/ d/media device/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: nhttpd/([\w._-]+) \(yhttpd_core/([\w._-]+)\)\r\n.*<title>dbox yWeb</title>|s p/nhttpd/ v/$1/ i/dbox yWeb http config; based on yhttpd_core $2/ d/media device/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: nhttpd/([\w._-]+) \(yhttpd_core/([\w._-]+)\)\r\n|s p/nhttpd/ v/$1/ i/based on yhttpd_core $2/
match http m|^HTTP/1\.0 \d\d\d .*<meta http-equiv=\"powerstate\" content=\"Switch Port7,0\">\n<meta http-equiv=\"powerstate\" content=\"Switch Port8,0\">\n<TITLE>ExpPowerControl</TITLE>|s p/Expert Power Control NET http config/ d/power-device/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: aidex/([\d.]+) \(Win32\)\r\n| p/aidex httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: httpd\r\n.*<!-- \r\n\(c\) 2003 Motorola, Inc\. All Rights Reserved\. \r\n-->\r\n\r\n<title>Motorola HomeNet Product WE800G</title>\r\n|s p/Motorola HomeNet WE800G http config/ d/bridge/ cpe:/h:motorola:homenet_we800g/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: httpd\r\n.*<!-- \r\n\(c\) 2003 Motorola, Inc\. All Rights Reserved\. \r\n-->\r\n\r\n<title>Motorola HomeNet Product WR850G</title>\r\n|s p/Motorola HomeNet WR850G http config/ d/broadband router/ cpe:/h:motorola:homenet_wr850g/a
match http m|^HTTP/1\.0 200 Ok Welcome to VOC\r\nServer: Voodoo chat daemon ver perl ([^\r\n]+)\r\n| p/Voodoo chat daemon httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: AP HTTP Server\r\nSet-Cookie: LogIn=0\r\n.*<frame name=\"top\" src=\"/cgibin/entry\" marginwidth=\"10\" marginheight=\"10\" scrolling=\"auto\" frameborder=\"0\">\n    <frame name=\"center\" src=\"/user/images/selected/logslct\.gif|s p/Nortel Integrated Conference bridge http config/ i/AP HTTPd/ d/bridge/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Polycom SoundPoint IP Telephone HTTPd\r\n| p/Polycom SoundPoint VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: BISW_SDR\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"WebAdmin\"\r\nPragma: no-cache\r\n| p|Billion/TeleWell ADSL modem http config| d/broadband router/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n.*getElementById\(\"cTextChg\"\)\.innerHTML = \"<p>Die soeben durchgef&uuml;hrte System&uuml;berpr&uuml;fung hat ergeben,<br>\" \+\n \"dass ihr Bildschirm nicht die minimal erforderliche Aufl\xf6sung hat\.</p>|s p/T-Com Speedport W 501V WAP http config/ i/German/ d/WAP/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: David-WebBox/([\w.]+) \((\d+)\)\r\n| p/David WebBox httpd/ v/$1.$2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>WireSpeed Dual Connect</TITLE>\r\n\r\n<META http-equiv=\"PRAGMA\" content=\"NO-CACHE\"></META>\r\n\r\n| p/Westell C90 ADSL router http config/ v/RapidLogic httpd $1/ d/broadband router/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:westell:c90/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nMIME-Version: 1\.0\r\nDate: .*\r\nServer: PeopleSoft RENSRV/v([\d.]+)\r\n| p/Peoplesoft REN Server httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nExpires: .*\r\nPragma: no-cache\r\n\r\n<HTML><HEAD><TITLE>Actiontec</TITLE>\n|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Actiontec R1524SU http config/ d/broadband router/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:actiontec:r1524su/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: HFS ([^\r\n]+)\r\n|s p/HttpFileServer httpd/ v/$1/ o/Windows/ cpe:/a:rejetto:httpfileserver:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Set-Cookie: HFS_SID=0\.\d{15}; path=/|s p/HttpFileServer httpd/ o/Windows/ cpe:/a:rejetto:httpfileserver/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Ultraseek/([\d.]+)\r\n| p/Ultraseek httpd/ v/$1/ cpe:/a:ultraseek:ultraseek:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Cache-control: no-cache\r\nContent-length: \d+\r\nContent-type: text/html\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>LANB Remote Upgrade Authentication</TITLE>\r\n.*<FONT face=\"Arial Black\" color=black size=5>VoIP Card Remote Upgrade</FONT>|s p/LG Electronics VoIP board http config/ d/VoIP adapter/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: CherryPy/([\w._-]+)\r\n.*Hi, this is ehcp-python background proses, under development now\.\.\.|s p/CherryPy httpd/ v/$1/ i/Easy Hosting Control Panel/ cpe:/a:cherrypy:cherrypy:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: IVC Enterprise Video Server\r\n| p/IVC Enterprise Video Server http config/ d/webcam/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Network Camera\"\r\nContent-Type: text/html\r\nServer: Network Camera\r\n\r\n<HTML>\n<HEAD>\n<TITLE>Protected Object</TITLE></HEAD><BODY>\n<H1>Protected Object</H1>This object is protected\.<P>\n</BODY></HTML>| p/Vivotek 3102 Camera http config/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d .*<ADDRESS>Cheyenne/([\d.]+) Server at ([-\w_.]+) Port \d+</ADDRESS>\n|s p/Cheyenne httpd/ v/$1/ h/$2/
match http m|^HTTP/1\.1 \d\d\d\r\n(?:[^\r\n]+\r\n)*?\r\n<HTML>\r\n<HEAD>\r\n<title>Lantronix WEB-Manager</title>\r\n|s p/Lantronix Universal Device Server http config/
match http m|^<HTML><HEAD><META HTTP-EQUIV=refresh CONTENT=30; \n\t\turl=status\.html><TITLE>Stratasys Modeler Queue &amp; Job Status</TITLE>| p/Stratasys Modeler Queue printer http config/ d/printer/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: GoAhead-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"ATAboy2-| p/GoAhead WebServer/ i/InfiniSAN ATAboy2 http config/ d/storage-misc/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Micro-Web\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<P><TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=\"100%\">\n<TR><TD WIDTH=\"100%\" ALIGN=CENTER>\n<APPLET CODE=\"Login\.class\" WIDTH=545 HEIGHT=418\nALT=\"\[ Login applet is not available \]\">\n| p/Micro-Web/ i/Overland Storage Neo2000 http config/ d/storage-misc/
match http m|^HTTP/1\.1 200\r\nContent-type: text/html\r\nConnection: close\r\nCONTENT-LENGTH: \d+\r\n\r\n<html>\r\n <head>\r\n  <title>([\w._-]+)</title>\r\n| p/Allen-Bradley $1 http config/ cpe:/h:allen_bradley:$1/
match http m|^HTTP/1\.0 200 OK    \r\nServer: A-B WWW/([\d.]+)\r\n.*<img src=\"/images/rockcolor\.gif|s p/Allen-Bradley WWW httpd/ v/$1/ i/Rockwell Automation Ethernet Processor http config/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: NetPort Software ([\d.]+)\r\nDate: .*\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<meta http-equiv=\"content-type\" content=\"text/html;charset=Shift_JIS\">\r\n<title>NEC Projector LAN Control</title>\r\n| p/NetPort httpd/ v/$1/ i/NEC Projector http config/ d/media device/
match http m|^HTTP/1\.1 \d\d\d .*\nContent-Length: \d+\nPragma: no-cache\nExpires: 0\nConnection: close\n\n<HTML><HEAD><TITLE>Bridgit Conferencing Server</TITLE>| p/Bridgit Conferencing httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nContent-Length: \d+\r\nPragma: no-cache\r\nExpires: 0\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML>\n<HEAD><TITLE>\nSMART - SMART Bridgit - Download Conferencing Software\n</TITLE>| p/Bridgit Conferencing httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Web Server\r\n.*\n<title>Cisco Systems, Inc\. VPN 3000 Concentrator \[vpn-conc-3030\]</title>\n|s p/Cisco VPN 3000 Concentrator http config/ d/security-misc/ cpe:/o:cisco:vpn_3000_concentrator_series_software/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nLocation: /webct/entryPageIns\.dowebct\r\n| p/WebCT httpd/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Henry/([\d.]+)\r\nno-cache: set-cookie\r\nSet-Cookie: Customer=\"-[\d_]+\";| p/Henry httpd/ v/$1/ i/NEC Aspire WebPro http config/ d/telecom-misc/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: GoAhead-Webs\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nP3P: CP=\"NON DSP CURa OUR NOR UNI\"\r\nLocation: http://[\d.]+/auth\.asp\r\n\r\n<html><head></head><body>\r\nMoved to this <a href=\"http://[\d.]+/auth\.asp\">location</a>\.\r\n<!-- response_code_begin ERIC_RESPONSE_OK| p/GoAhead WebServer/ i|Peppercon/Paradox alarm system http config| d/remote management/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.0 404 Not Found\r\nServer: TABS http server/([\d.]+)\r\nDate: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE> 404 File Not Found</TITLE>\r\n</HEAD>\r\n\r\n<BODY>\r\n<h2>File Not Found</h2>\r\n</BODY>\r\n</HTML>| p/TABS httpd/ v/$1/ i/Server Observer Network Monitor/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 401\r\nConnection: close\r\nContent-Type: text/plain\r\nWWW-Authenticate: Basic Realm=\"Vibe Streamer\"\r\n\r\n\r\nAccess denied| p/Vibe Streamer httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*<!-- Copyright \(c\) 2000-2002, Fuji Xerox Co\., Ltd\. All Rights Reserved\. -->\r\n<HTML>\r\n<HEAD>\r\n<META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=ISO-8859-1\">\r\n<TITLE>\r\nWorkCentre (\w+) -|s p/Xerox WorkCentre $1 http config/ d/printer/ cpe:/h:xerox:workcentre_$1/a
match http m|^HTTP/1\.1 \d\d\d .*<!-- Copyright \(c\) \d+-\d+, Fuji Xerox Co\., Ltd\. All Rights Reserved\. -->\r\n<HTML>\r\n<HEAD>\r\n<META http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1252\">\r\n<TITLE>\r\nXerox WorkCentre ((?:Pro )?\w+) -|s p/Xerox WorkCentre $1 http config/ d/printer/ cpe:/h:xerox:workcentre_$1/a
match http m|^HTTP/1\.1 \d\d\d .*<!--\s+/\*-+\*\\\s+Copyright \(c\) 2002-2006 Xerox Corporation\. All Rights Reserved\..*<title>\s*XEROX WORKCENTRE|s p/Xerox WorkCentre http config/ d/printer/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<body><h2>HTTP/1\.1 404 Not Found</h2></body>| p/VypressChat httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 Ok\r\nDate: .*\r\nMIME-Version: 1\.0\r\nServer: Rogatkin's JWS based on Acme\.Serve/.Revision: ([\d.]+) .\r\nLast-modified: .*\r\nContent-Range: bytes [-\d/]+\r\nAccept-Ranges: bytes\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\r\n<head>\r\n<title>\r\nblank page\r\n</title>\r\n<META HTTP-EQUIV=\"Refresh\" CONTENT=\"2;URL=about:blank\">\r\n</head>\r\n<body>\r\nThere is nothing to see here, please move along!\r\n</body>\r\n</html>\r\n| p/JWS based on Acme.Serve/ v/$1/ i/SageTV PVR remote control/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nServer: SnapStream\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nConnection: close\r\nContent-Type:text/html\r\n\r\n<html>\r\n<body>\r\n<h1>Beyond TV Web Admin Redirector</h1>| p/SnapStream Beyond TV http config/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nServer: SnapStream Web Server/([\d.]+)\r\n.*<title>\r\nBeyond TV - Web Admin Redirector\r\n</title>\r\n<meta HTTP-EQUIV=\"REFRESH\" CONTENT=\"2; URL=http://([\w_.-]+):(\d+)\">\r\n|s p/SnapStream Web Server/ v/$1/ i/Beyond TV http config; redirect to port $3/ d/media device/ h/$2/
match http m|^HTTP/1\.0 401 Unauthorized\nWWW-Authenticate: Basic realm=\"Server Manager\"\n\nYou must login to continue\n| p/ServerCP httpd/
match http m|^HTTP/1\.0 200 OK\r\ncontent-type: text/html\r\nconnection: close\r\npragma: no-cache\r\nX-Powered-By: PHP/([\d.]+)\r\nContent-type: text/html\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"DTD/xhtml1-transitional\.dtd\">\n<html><head>\n<style type=\"text/css\"><!--\nbody {background-color: #ffffff;| p/Miranda mbot plugin/ i/PHP $1/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.0 200 OK\r\ncontent-type: text/html\r\nconnection: close\r\npragma: no-cache\r\nX-Powered-By: PHP/([\d.]+)\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"DTD/xhtml1-transitional\.dtd\">\n<html><head>\n<style type=\"text/css\">\nbody {background-color: #ffffff;| p/Mianda mbot plugin/ i/PHP $1/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Freechal P2P/([\d.]+)\r\n| p/Freechal P2P httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Httpinfo olsrd plugin ([\d.]+) HTTP/1\.1\r\n| p/olsrd http info plugin/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 OK \r\nServer: Simple java\r\nDate: .*\r\nContent-length: \d+\r\nLast Modified: .*\r\nContent-type: text/html\r\n\r\n<html><head><title> RAID webConsole ([-\w_.]+)</title>| p/Intel Java RAID webConsole/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nLast-Modified: .*\n<HTML><HEAD><TITLE>Gopher</TITLE></HEAD><BODY>Welcome to Gopherspace!  You are browsing Gopher through\na Web interface right now\.|s p/pygopherd web-gopher gateway/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: DirectAdmin Daemon v([\d.]+) Registered to ([^\r\n]+)\r\n| p/DirectAdmin httpd/ v/$1/ i/Registered to $2/ cpe:/a:directadmin:directadmin:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: DirectAdmin Daemon v([\d.]+) Registered to \r\n| p/DirectAdmin httpd/ v/$1/ cpe:/a:directadmin:directadmin:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nConnection: close\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"dreambox\"\r\n\r\n| p/Dreambox httpd/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=180\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n.*<H2>Wireless LAN Access Point Management</H2><br>\n    <Form method=\"POST\" action=\"act_login\">\n|s p/Compex Wifi APN NetPassage http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\n\r\n<HTML><HEAD><TITLE>WinRoute Pro - Web Interface</TITLE>| p/Kerio WinRoute Pro firewall http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 302 Found\r\nCache-Control: no-cache\r\nConnection: Close\r\nContent-Length: 0\r\nContent-Type: application/octet-stream\r\nDate: .*\r\nLocation: /nonauth/login\.php\r\nPragma: no-cache\r\nServer: Kerio WinRoute Firewall Embedded Web Server\r\n\r\n| p/Kerio WinRoute firewall http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\ndate: .*\r\nserver: WebSEAL/([\d.]+) \(Build (\d+)\)\r\n| p/Tivoli Access Manager WebSEAL httpd/ v/$1 build $2/ cpe:/a:ibm:tivoli_access_manager_for_e-business:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Indy/([\d.]+)\r\n.*\r\n<GOTO href=\".*/kiss\.php\"|s p/Indy httpd/ v/$1/ i/FreeKiSS DVD player http config/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\n.*\n<title>SHARED STORAGE DRIVE</title>\n|s p/Maxtor Shared Storage Plus http config/ d/storage-misc/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: VCS-VideoJet-Webserver\r\n.*<title>VCS AG VideoJet 1000</title>|s p/VCS AG VideoJet 1000 http config/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nServer: VCS-VideoJet-Webserver\r\n.*<title>browser_capture</title>\r\n<script type=\"text/javascript\" for=document event=\"onkeydown\(\)\" language=\"JScript\">if\(window\.event\.keyCode==\"123\"\)|s p/VCS-VideoJet-Webserver httpd/ i/Bosch VIP X1 video encoder http config/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: DVSS-HttpServer/([\d.]+)\r\n| p/DVSS Herculese DVR http config/ v/$1/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: Close\r\nContent-Type: text/html\r\nServer: pcastd ([\d.]+)\r\n| p/Buffalo Linkstation http config/ i/pcastd $1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: BigFixHTTPServer/([\d.]+)\r\n| p/BigFix enterprise patch management httpd/ v/$1/
match http m|^HTTP/1\.0 200\r\nContent-Type:text/html\r\n\r\n<!--SELECTserver Full Page Header-->\r\n<html>\r\n\r\n<head>\r\n<title>\r\nSELECTserver: License Manager\r\n| p/Bentley SELECTserver license manager/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Catalyst: ([\d.]+)\r\n\r\n|s p/Catalyst Framework httpd/ v/$1/
match http m|^HTTP/1\.0 301 moved \(redirection follows\)\r\nServer: BaseHTTP/([\d.]+) Python/([\w.]+)\r\nDate: .*\r\nContent-type: text/html\r\nLocation: http://([-\w_.:]+)/viewcvs/\r\n\r\n| p/BaseHTTPServer/ v/$1/ i/ViewCVS http interface; Python $2/ h/$3/ cpe:/a:python:basehttpserver:$1/a cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: GoAhead-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"DCM-202\"\r\n| p/GoAhead WebServer/ i/D-Link DCM-202 Docsis Cable Modem http config/ d/router/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: micro_httpd\r\n.*\r\n<title>Belkin Wireless DSL Router</title>\r\n|s p/micro_httpd/ i/Belkin Wireless ADSL http config/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 \d\d\d .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>VPAD01 V([\d.]+) *</TITLE>| p/E-Tech VPAD01 http config/ v/$1/ d/VoIP adapter/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Quick 'n Easy Web Server\r\n|s p/Quick 'n Easy Web Server httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: SentinelProtectionServer/([\d.]+)\r\n| p/SafeNet Sentinel Protection Server/ v/$1/ o/Windows/ cpe:/a:safenet-inc:sentinel_protection_installer:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: WatchGuard Firewall\r\nwww-authenticate: Digest realm=\"WatchGuard Firebox Local User\"| p/WatchGuard Firewall http config/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\nServer: InterNiche Technologies WebServer ([\d.]+)\r\nDate: .*\r\nContent-type: text/html\r\nConnection: Close\r\n\r\n<html>\r\n<head>\r\n<title>CAN@Net II| p/InterNiche CAN@net II ethernet bridge http config/ v/$1/ d/bridge/
match http m|^HTTP/1\.1 200 OK\r\nServer: InterNiche Technologies WebServer ([\w._-]+)\r\n.*<title>Welcome to Canopy</title>\r\n</head>\r\n\r\n<body>\r\n<p>\r\nPress <a href=\"http:index\.htm\?mac_esn=(\w+)\">Here</a>|s p/InterNiche Technologies WebServer/ v/$1/ i/Motorola Canopy WAP http config; MAC: $2/ d/WAP/
match http m|^HTTP/1\.[01] 200 OK\r\nServer: InterNiche Technologies WebServer ([\w._-]+)\r\n| p/InterNiche Technologies WebServer/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate:.*<title>Welcome to VMware ESX Server ([\d.]+)</title>\n\n|s p/VMware ESX Server httpd/ v/$1/ cpe:/o:vmware:esx:$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*document\.write\(\"<title>\" \+ ID_EE?SX_Welcome \+ \"</title>|s p/VMware ESXi Server httpd/ cpe:/o:vmware:esxi/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html.*\n<meta name=robots content=\"none\">\n<title>Secure&#32;Access&#32;SSL&#32;VPN</title>\n\n|s p/Juniper Networks Secure Access SSL VPN http config/ d/security-misc/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html.*\n<meta name=robots content=\"none\">\n<title>Sign&#32;in&#32;to&#32;begin&#32;\xf92\0\0\xa8o\xee\"\xa8o\xee\"sion&#46;</title>\n\n|s p/Juniper Networks Secure Access SSL VPN http config/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\n\r\n<HTML>\n<HEAD>\n  <TITLE>WireSpeed Dual Connect</TITLE>\n\n| p/RapidLogic httpd/ v/$1/ i/Westell WireSpeed Dual Connect ADSL router http config/ d/router/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\n.* This is a WebSEAL error message template file\.|s p/Tivoli Access Manager WebSEAL httpd/ cpe:/a:ibm:tivoli_access_manager_for_e-business/
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Frameset//EN\">\n<html>\n\n<head>\n<title>Web Smart Switch</title>| p/3Com Baseline 2816 switch http config/ d/switch/ cpe:/h:3com:baseline_2816/a
match http m|^HTTP/1\.0 200 OK\r\nServer: SimpleHTTP/([\d.]+) Python/([\d.]+)\r\nDate:.*<title>AmaroK playlist</title>\n\n|s p/AmaroK media player http interface/ i/SimpleHTTP $1; Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: LANDesk Management Agent/([\d.]+)\r\n| p|LANDesk/Intel Management Agent http config| v/$1/ cpe:/a:landesk:landesk_management_suite:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: PowerSchool\r\n| p/PowerSchool student information system httpd/
match http m|^HTTP/1\.0 (?:[^\r\n]*\r\n(?!\r\n))*?Server: NetWare GroupWise POA ([\d.]+)\r\n|s p/NetWare GroupWise POA httpd/ v/$1/ o/NetWare/ cpe:/a:novell:groupwise:$1/ cpe:/o:novell:netware/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Webserver\r\n.*\n\tXerox Corporation \(R\)\n\t\(c\) Xerox Corporation 2002 - 2004\.\n|s p/Xerox WorkCentre Pro httpd/ d/printer/ cpe:/h:xerox:workcentre_pro/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Webserver\r\n.*\tCopyright \(c\) 2002-2006 Xerox Corporation\. All Rights Reserved\. \n\n|s p/Xerox WorkCentre Pro httpd/ d/printer/ cpe:/h:xerox:workcentre_pro/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Intrinsyc deviceWEB v([\d.]+)\r\n| p/Intermec CK31 http config/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Hitachi Web Server ([-\d.]+)\r\n| p/Hitachi Web Server httpd/ v/$1/
match http m|^HTTP/1\.1 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Hitachi Web Server\r\n|s p/Hitachi Web Server httpd/
match http m|^HTTP/1\.1 \d\d\d .*<address>MLDonkey/([\w._-]+) at|s p/MLDonkey http interface/ v/$1/
match http m|^HTTP/1\.1 401 \r\nServer: PrintSir WEBPORT ([\d.]+)\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Default password:1234\"\r\n\r\n401 Unauthorized - User authentication is required\.| p/PrintSir WEBPORT/ v/$1/ i/Hawking HP1SU Printserver http config; default password "1234"/ d/print server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: GoAhead-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"(GN-\w+)\"\r\n| p/GoAhead WebServer/ i/Gigabyte $1 WAP http config/ d/WAP/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm="(GN-\w+)"|s p/Gigabyte $1 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200\r\nContent-type: text/html\r\nConnection: close\r\nCONTENT-LENGTH: \d+\r\n\r\n.*\r\n<meta http-equiv=\"refresh\" content=\"1; URL=secure/ltx_conf\.htm\">|s p/Lantronix XPort embedded ethernet http config/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: FreeBrowser/([\d.]+) \(Win32\)\r\n| p/FreeBox FreeBrowser http interface/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: GG/([\d.]+) \(Unix\) Debian GNU/Linux\r\nWWW-Authenticate: Basic realm=\"gg zone\"\r\n| p/Ruchomy Terminal Gadu-Gadu http interface/ v/$1/ i/Debian/ o/Linux/ cpe:/o:debian:debian_linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.0 \d\d\d .*\r\nSet-Cookie: SESSIONID=-1 \r\nServer: Easy File Sharing Web Server v([\w.]+)\r\n| p/Easy File Sharing Web Server httpd/ v/$1/ o/Windows/ cpe:/a:efssoft:easy_file_sharing_web_server:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*<title>Welcome to the Galty client depl</title>\r\n|s p/Galty Technologies GaltyExplorer httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Adaptec ASM ([\d.]+)\r\n| p|Adaptec/IBM ServeRAID Management http config| v/$1/ d/storage-misc/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: darkstat/([\d.]+)\r\n| p/darkstat network analyzer httpd/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Rumpus\r\n| p/Rumpus httpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: HTTPD\r\n.*\r\n<title>([\w-]+) Network Camera</title>|s p/Panasonic $1 webcam http config/ d/webcam/ cpe:/h:panasonic:$1/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Medusa/([\w.]+)\r\n.*\n<head>\n<meta name=\"Author\" content=\"DeStar, made by Holger Schurig\"|s p/Medusa httpd/ v/$1/ i/Destar Asterisk PBX http config/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Medusa/([\w.]+)\r\n.*<title>Sophos Anti-Virus - Home</title>\n\n|s p/Medusa httpd/ v/$1/ i/Sophos Anti-Virus Home http config/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?Server: Medusa/([\w._-]+)\r\n.*<title>Supervisor Status</title>\n  <link href=\"stylesheets/supervisor\.css\" rel=\"stylesheet\" type=\"text/css\" />|s p/Medusa httpd/ v/$1/ i/Supervisor process manager/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Medusa/([\w._-]+)\r\n|s p/Medusa httpd/ v/$1/ i/Supervisor process manager/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"Nortel p-Class GbE2 Switch@[\d.]+\"\r\n\r\n401 Unauthorized\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Nortel p-Class GbE2 switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: Keep-Alive\r\nAccept-Ranges: bytes\r\nKeep-Alive: timeout=15, max=100\r\nContent-Type: text/html\r\nExpires: 0\r\n\r\n\n<html>\n<title>Apt-cacher version ([\d.]+)\n| p|apt-cache/apt-proxy httpd| v/$1/ o/Linux/ cpe:/a:debian:apt-cacher:$1/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 Ok\nDate: .*\nContent-type: text/html\n\n<font size=\"-4\">\nIf you can read this, you are sitting too close to the monitor\.\n</font>\n| p/Unknown trojan/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\n.*<meta http-equiv=\"refresh\" content=\"0; URL=/cgi-bin/status\.sh\" />\n\t\t<title>La Fonera</title>|s p/La Fonera WAP http config/ d/WAP/
match http m|^<html>\n<title>DES-(\w+) +(?:Login)?</title>\n| p/D-Link DES-$1 switch http config/ d/switch/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n.*<title>Broadaband Voice Telephone Adapter</title>\r\n|s p/RapidLogic httpd/ v/$1/ i/VG112-D51 VoIP CPE http config/ d/VoIP adapter/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Browser\"\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n<HTML>\n<HEAD>\n<TITLE>Protected Object</TITLE>\n</HEAD>\n<BODY>\n<H1>Protected Object</H1>\n<br>This page requires a login to access\.<br><br>You have <b>failed to login properly</b>\.  Try again\.<P>\n\n</BODY>\n</HTML>\n| p/Allegro RomPager/ v/$1/ i/Kronos 4500 Clock http config/ o/VxWorks/ cpe:/a:allegro:rompager:$1/ cpe:/o:windriver:vxworks/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nWww-Authenticate: Basic REALM=\"snom\"\r\nContent-Type: text/plain\r\nContent-Length: 22\r\n\r\nUnauthorized request\r\n| p/Snom 300 VoIP phone http config/ d/VoIP phone/ cpe:/h:snom:300/a
match http m|^HTTP/1\.1 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Reactivity Gateway\r\n|s p/Reactivity XML Security Gateway/
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\nDate: .*\n<title>WL700g Web Manager</title>|s p/Asus WL700gE Wireless Storage router http config/ d/WAP/
match http m|^<html>\n<title>24-Port 10/100Mbps \+ 2 Combo Copper/SFP PoE Management Switch</title>\n| p/D-Link DES-1526 switch http config/ d/switch/ cpe:/h:dlink:des-1526/a
match http m|^HTTP/1\.0 200 Ok\r\nServer: Embeded_httpd\r\nDate: .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\r\n\r\n<head>\r\n<META NAME=\"GENERATOR\" Content=\"Multi-Functional Broadband NAT Router \(R([\d.]+)\)\">| p/Ambit DOCSIS router http config/ i/R$1/ d/router/
match http m|^HTTP/1\.1 200 OK\r\n.*\n<META NAME=\"GENERATOR\" Content=\"Multi-Functional Broadband NAT Router \(R([\d.]+)\)\">\n|s p|NTL/Ambit DOCSIS router http config| i/R$1/ d/router/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: qHTTPs\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\nLast-modified: .*\r\nContent-length: \d+\r\n\r\n<html>\r\n<head>\r\n<title>JUPSMON</title>| p/qHTTPs/ i/Generex JAVA UPSMON http config/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: qHTTPs\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\nLast-modified: .*\r\nContent-length: \d+\r\n\r\n<head>\r\n<meta http-equiv='refresh' content='0; URL=\./cgi-bin/ups_view\.exe\?-ups_view'>\r\n</head>\r\n<body>\r\n</body>\r\n</html>\r\n$| p/qHTTPs/ i/APC UPSMan http interface/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<html>\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\r\n<title>8 Port Gigabit Switch</title>\r\n| p/Longshine LCS-GS8208-A switch http config/ d/switch/
match http m|^<html>\r\n<head>\r\n<meta http-equiv=\"Content-Language\" content=\"it\">\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1252\">\r\n<meta http-equiv=\"Refresh\" content=\"10\">\r\n<title>UPS web page</title>\r\n| p/Netman UPS monitor http config/ d/power-device/
match http m|^HTTP/1\.1 200 Ok\r\nServer: NAE Server\r\nContent-Length: 73\r\nConnection: close\r\n\r\n<html><center><h1>NAE Server Health Check Succeeded\.</h1></center></html>| p/Ingrian i3xx health monitor httpd/ d/security-misc/
match http m|^HTTP/1\.1 302 Tempor\xe4r verschoben\r\nConnection: close\r\nContent-Type: text/html\r\nServer: Indy/([\d.]+)\r\nLocation: /Wikipedia/\r\n\r\n| p/Indy httpd/ v/$1/ i/German Wikipedia DVD browser/ cpe:/a:indy:httpd:$1:::de/
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\n.*\n<title>HP Media Vault: [^<]*</title>|s p/HP Media Vault http config/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nServer: WindWeb/([\d.]+)\r\nDate: .*\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<title>(\w+) System Control Center</title>\n| p/WindWeb/ v/$1/ i/Hughes $2 satellite modem http config/ cpe:/a:windriver:windweb:$1/
# auther??
match http m|^HTTP/1\.0 200 OK\r\nServer: Camera Web Server/([\d.]+)\r\nAuther: Steven Wu\r\n| p|D-Link/Airlink IP webcam http config| v/$1/ d/webcam/
match http m|^HTTP/1\.0 200 OK\r\nServer: Web Server/([\d.]+)\r\nAuther: Steven Wu\r\n| p/D-Link print server http config/ v/$1/ d/print server/
match http m|^HTTP/1\.0 401 Authorization Required\r\nconnection: Close\r\ncontent-type: text/html\r\nserver: NEWS/([\w._-]+ \(Funk\)) \(Windows 2000\)\r\n| p/NEWS httpd/ v/$1/ i/Juniper Steel-Belted Radius http config/ o/Windows 2000/ cpe:/o:microsoft:windows_2000/
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nWWW-Authenticate: basic realm=IRC Services\r\nContent-Type: text/html\r\nContent-Length: 14\r\n\r\nAccess denied\.| p/ircservices httpd/
match http m|^HTTP/1\.0 \d\d\d .*\r\nSet-Cookie: Ipswitch={| p/Ipswitch WhatsUp Professional httpd/ o/Windows/ cpe:/a:ipswitch:whatsup::professional/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK.*\r\n\tThis machine cannot be used for administration\.\r\n|s p/Cisco Secure ACS httpd/ i/administration disabled/ d/router/ cpe:/a:cisco:secure_access_control_server/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Wusage\"\r\n| p/Wusage httpd/
match http m|^HTTP/1\.1 401 \r\nServer: PrintSir WEBPORT ([\d.]+)\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Default password:sitecom\"\r\n\r\n| p/PrintSir WEBPORT httpd/ v/$1/ i/Sitecom print server http config; default password "sitecom"/ d/print server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Sphere V([^\r\n]+)\r\n| p/Ultima online sphere httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: BlueDragon Server ([\d.]+)\r\n| p/New Atlanta BlueDragon httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: WSTL CPE ([\d.]+)\r\n| p/Westell cable modem http config/ v/$1/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\n.*\r\n<title>Welcome to VMware VirtualCenter ([\d.]+)</title>|s p/VMware VirtualCenter httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: vdradmind/([-\w_.]+)\r\n| p/vdradmin http config/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 \d\d\d .*<TITLE>Actiontec MegaControl Panel</TITLE>|s p/Actiontec router http config/ d/router/
match http m|^HTTP/1\.1 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"Sony Network Camera (SNC-\w+)\"\r\nContent-Type: text/html\r\nServer: NetEVI/([\d.]+)\r\n| p/Sony webcam $1 http config/ v/NetEVI httpd $2/ d/webcam/ cpe:/h:sony:webcam_$1/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: TiVo Calypso for Mac OS X\r\n| p/TiVo Calypso Desktop/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 0 \(null\)\r\nContent-Length: 0\r\n\r\n| p/Simpserver MSN encryption or DAAP from Rhythmbox httpd/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Java/([-\w_.]+) javax\.wbem\.client\.adapter\.http\.transport\.HttpServerConnection\r\n|s p/Java $1 http.transport.HttpServerConnection httpd/ cpe:/a:oracle:jre:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n.*\nExtend-sharp-setting-status: 0\r\n\r\n<HTML>\r\n<HEAD><META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=iso-8859-1\">\r\n<TITLE>TOP PAGE</TITLE>\r\n|s p/RapidLogic httpd/ v/$1/ i/Sharp Imagistics printer http config/ d/printer/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Mon, 1 Jan 2001 12:00:00 GMT\nExtend-sharp-setting-status: 0\r\n\r\n.*<title>(AR-\w+)</title>|s p/RapidLogic httpd/ v/$1/ i/Sharp $2 printer http config/ d/printer/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:sharp:$2/a
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n.*\nExtend-sharp-setting-status: 0\r\n.*<title>([A-Z][A-Z0-9-]+)</title>\n|s p/RapidLogic httpd/ v/$1/ i/Sharp $2 printer http config/ d/printer/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:sharp:$2/a
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Mon, 1 Jan 2001 12:00:00 GMT\nExtend-sharp-setting-status: 0\r\n.*<meta http-equiv=\"Expires\" content=\"Thu, 01 Dec 1994 16:00:00 GMT\">.*<title>(\w+)</title>|s p/RapidLogic httpd/ v/$1/ i/Sharp $2 Imagistics printer/ d/printer/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Agranat-EmWeb/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"HP p-Class GbE2 Switch|s p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/HP p-Class GbE2 switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: HttpServer\r\nDate: .*\r\nContent-type: text/plain\r\nContent-length: \d+\r\nWWW-Authenticate: Basic realm=\"Pylon Anywhere Secure Gateway\"\r\n\r\nUnauthorized| p/Pylon Anywhere Secure Gateway http config/ d/security-misc/
match http m=^HTTP/1\.1 \d\d\d .*\t\t\t<TITLE> (?:KONICA MINOLTA|MINOLTA-QMS) magicolor (\w+ DL) </TITLE>\r\n=s p/Konica Minolta Magicolor $1 printer http config/ d/printer/ cpe:/h:konicaminolta:magicolor_$1/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Authentication\"\r\n\r\n<HEAD><TITLE>Authorization Required</TITLE></HEAD><BODY><H1>Authorization Required</H1>Browser not authentication-capable or authentication failed\.</BODY>\n\n|s p/Cisco Adaptive Security Appliance http config/ d/firewall/ cpe:/h:cisco:asa/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\n.*\n\n  <title>HP LaserJet (\w+) Series|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP LaserJet $2 Series http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:laserjet_$2/

match http m|^HTTP/1\.0 200 Data follows\r\nDate: .*\r\nServer: Radia Integration Server([^\r\n]+)\r\n| p/HP Radia Integration Server httpd/ v/$1/
match http m|^HTTP/1\.0 200 Data follows\r\nDate: .*\r\nServer: HP Client Automation \(httpd-managementportal\) \r\n| p/HP Client Automation httpd/ i/management portal/
match http m|^HTTP/1\.0 200 Data follows\r\nDate: .*\r\nServer: HP Client Automation \(httpd-patchmanager\) \r\n| p/HP Client Automation httpd/ i/patch manager/
match http m|^HTTP/1\.0 200 Data follows\r\nDate: .*\r\nServer: HP Client Automation \(httpd-rps\) \r\n| p/HP Client Automation httpd/ i/rps/
match http m|^HTTP/1\.0 200 Data follows\r\nDate: .*\r\nServer: HP Client Automation \(httpd-pm\) \r\n| p/HP Client Automation httpd/ i/policy server/
match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nServer: HP Client Automation Messaging Service ([\w._-]+)\r\n| p/HP Client Automation httpd/ v/$1/ i/messaging service/

match http m|^HTTP/1\.1 302 Document Follows\r\nLocation: /hag/pages/home\.ssi\r\n\r\nHTTP/1\.1 302 Document Follows\r\nLocation: /hag/pages/home\.ssi\r\n\r\nConnection: close\r\n\r\n| p/D-Link DSL-504G ADSL router http config/ d/router/ cpe:/h:dlink:dsl-504g/a
match http m|^HTTP/1\.0 302 Redirection\r\nDate: .*\r\nServer: iGuard Embedded Web Server/([-\w_.]+) \(\w+\) SN:([-\w]+)\r\nPragma: no-cache\r\nLocation: /Admins/index\.html\r\n\r\n| p/iGuard access control system http config/ v/$1/ i/Serial $2/ d/security-misc/
# Not sure if this will match all:
match http m|^HTTP/1\.0 200 OK\r\nDate: [A-Z]{3}.*</head>\n<body>\n<p>You will automatically be redirected to a secure connection in 2 seconds\.</p>\n</body>\n</html>\n|s p/HP 9000 http service/ o/HP-UX/ cpe:/o:hp:hp-ux/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: LiteSpeed\r\n|s p/LiteSpeed httpd/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: LiteSpeed/([\w. ]+)\r\n|s p/LiteSpeed httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*Powered By <a href='http://www\.litespeedtech\.com'>LiteSpeed Web Server</a>|s p/LiteSpeed httpd/
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\n.*<script type=\"text/javascript\" src=\"lang_pack/language\.js\"></script>\n\t\t<link type=\"text/css\" rel=\"stylesheet\" href=\"style/[-\w_.]+/style\.css\" />\n\t\t<!--\[if IE\]>|s p/DD-WRT milli_httpd/ i/Linksys WRT54G http config/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a

match http m|^HTTP/1\.1 401 N/A\r\nServer: TP-LINK Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Web Smart Switch\"| p/TP-LINK Web Smart Switch http config/ d/switch/
match http m%^HTTP/1\.1 (?:401 (?:|N/A|Unauthorized)|200 OK)\r\nServer: (?:Router|Router Webserver|TP-LINK Router)\r\nConnection: close\r\n(?:Content-Type: text/html\r\n)?WWW-Authenticate: Basic realm=\"TP-LINK (?:Portable |AC\d+ )?(?:Wireless|WiFi) (?:(?:Lite )?(?:N|G) (?:3G(?:/4G)? )?)?(?:Dual Band |Nano )?(?:Gigabit )?(?:AP|Router|Access Point|Range Extender) ([\w /+-]+)\"\r\n% p/TP-LINK $1 WAP http config/ d/WAP/ cpe:/h:tp-link:$1/a
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router Webserver\r\nConnection: close\r\nWWW-Authenticate: Basic realm="TP-LINK Wireless Entertainment Adapter ([^"]+)"| p/TP-LINK $1 wireless adapter http config/ cpe:/h:tp-link:$1/
match http m|^HTTP/1\.1 401 N/A\r\nServer: TP-LINK Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"TP-LINK Router ([\w+-]+)\"\r\n| p/TP-LINK $1 router httpd/ d/broadband router/ cpe:/h:tp-link:$1/a
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"TP-LINK SOHO Router (R[\w/]+)\"| p/TP-LINK $1 WAP http config/ d/WAP/ cpe:/h:tp-link:$1/
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"(TL-\w+) SOHO Router \w+ Series\"\r\n| p/TP-LINK $1 router http config/ d/router/ cpe:/h:tp-link:$1/
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"(TL-\w+)\xcf\xb5\xc1\xd0 SOHO\xbf\xed\xb4\xf8\xc2\xb7\xd3\xc9\xc6\xf7\"\r\nContent-Type: text/html\r\n\r\nWeb Server Error Report:<HR>\n<H1>Server Error: 401 N/A</H1>\r\nOperating System Error Nr:3997698: /userRpm/index\.htm <P><HR><H2>Access denied / wrong user name or password</H2><P><P><HR><H1>/userRpm/index\.htm</H1><P><HR>$| p/TP-LINK $1 router http config/ d/router/ cpe:/h:tp-link:$1/
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"DYNEX (DX-E402)\"| p/DYNEX $1 router http config/ i/manufacturer TP-LINK/ d/broadband router/ cpe:/h:dynex:$1/
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router Webserver\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"\d+Mbps Wireless \w+ Router (RNX-\w+)\"\r\n| p/Rosewill $1 WAP http config/ i/manufacturer TP-LINK/ d/WAP/ cpe:/h:rosewill:$1/
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router Webserver\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Wireless \w+ Router (WRN\w+)\"\r\n| p/Intelbras $1 WAP http config/ i/manufacturer TP-LINK/ d/WAP/ cpe:/h:intelbras:$1/
match http m%^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"\d+Mbps AV\d+(?: WiFi| Wireless(?: N)?) Powerline Extender (WPA[\w._-]+)\"\r\n% p/TP-LINK $1 powerline extender http config/ d/WAP/ cpe:/h:tp-link:$1/
match http m%^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"\d+Mbps AV\d+(?: Nano| Gigabit)? Powerline Extender (PA[\w._-]+)\"\r\n% p/TP-LINK $1 powerline extender http config/ d/switch/ cpe:/h:tp-link:$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: Router Webserver\r\nConnection: close\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm="TP-LINK AV\d+(?: Gigabit)? Powerline(?: ac)? WiFi Extender (TL-\w+)"\r\n| p/TP-LINK $1 powerline WiFi extender http config/ d/WAP/ cpe:/h:tp-link:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm="\d+Mbps Wireless \w+ Router (TL-\w+)"\r\n| p/TP-LINK $1 WAP http config/ d/WAP/ cpe:/h:tp-link:$1/a
match http m|^HTTP/1\.0 200 OK\r\nServer: Terayon/([\d.]+)\r\nContent-type: text/html\r\n\r\n<html><head><title>Cable Modem Information Center</title>| p/Terayon cable modem http config/ v/$1/ d/broadband router/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Tornado/([-\w_.]+)\r\n| p/Puakma Tornado httpd/ v/$1/
match http m|^<html><head><title>Cannot find server</title></head><body>\n<br>Access to this web page is currently unavailable\.<P><HR></BODY></HTML>\n$| p/Arris cm450 cable modem http config/ d/broadband router/ cpe:/h:arris:cm450/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"RV082\"\r\n| p/Linksys RV082 VPN router http config/ d/router/ cpe:/h:linksys:rv082/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Linksys WAG54GS|s p/Linksys WAG54GS broadband router http config/ d/broadband router/ cpe:/h:linksys:wag54gs/a
match http m|^HTTP/1\.1 \d\d\d .*href=\"images/favicon\.ico\">\n<title>NETGEAR ProSafe\x99 - Welcome to Configuration Manager Login</title>\n<!--\nCopyright \(c\) 2005-2006 TeamF1|s p/Netgear ProSafe FVS338 VPN firewall http config/ d/firewall/
match http m|^HTTP/1\.1 \d\d\d .*<link rel=\"icon\" type=\"image/ico\" href=\"images/favicon\.ico\">\n<title>NETGEAR ProSafe&#8482; - Welcome to Configuration Manager Login</title>\n<!--\nCopyright \(c\) 2005-2007 TeamF1, Inc\. \(www\.TeamF1\.com\)\nAll rights reserved\.\n-->|s p/Netgear ProSafe VPN firewall http config/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\n.*<title>NETGEAR ProSafe&#8482; - Welcome to Configuration Manager Login</title>\n<!--\nCopyright \(c\) 2005-2009 TeamF1, Inc\. \(www\.TeamF1\.com\)\nAll rights reserved\.\n-->\n|s p/Netgear ProSafe FVX538 VPN firewall http config/ d/firewall/
match http m|^HTTP/1\.0 \d\d\d .*\r\nMime-Version: 1\.0\r\nServer: Web Transaction Server For ClearPath MCP ([\d.]+)\r\n| p/Unisys ClearPath MCP http config/ v/$1/
match http m|^HTTP/1\.0 401 Access Denied\r\nWWW-Authenticate: NTLM\r\nContent-Length: 24\r\nContent-Type: text/html\r\n\r\nError: Access is Denied\.| p/Microsoft IIS httpd/ v/3.X/ o/Windows/ cpe:/a:microsoft:internet_information_services:3/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: AnomicHTTPD \(www\.anomic\.de\)\r\n|s p/Anomic YaCy P2P Search Engine httpd/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: SnapStream\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nConnection: close\r\nContent-Type:text/html\r\n\r\n<html>\r\n<head>\r\n<title>\r\nBeyond TV - Web Admin Redirector\r\n| p/SnapStream Media Beyond TV PVR http config/ d/media device/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: thttpd-alphanetworks/([\d.]+)\r\nWWW-Authenticate: Basic realm=\"(DI-\w+)\"\r\n|s p/thttpd-alphanetworks/ v/$1/ i/D-Link $2 router http config/ d/router/ cpe:/a:alphanetworks:thttpd:$1/ cpe:/h:dlink:$2/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: thttpd-alphanetworks/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?.*\r\nWWW-Authenticate: Basic realm=\"BRL-04UR\"\r\n\r\n|s p/thttpd-alphanetworks/ v/$1/ i/Planex BRL-04UR router http config/ d/router/ cpe:/a:alphanetworks:thttpd:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: M900\w*-HTTP-Server/([\d.]+)\r\nContent-Type: text/html\r\n\r\n<html><head><title>(M900\w*) AP</title>| p/Trango $2 AP http config/ v/$1/ d/broadband router/
match http m|^HTTP/1\.1 401 Unauthorised\r\nServer: ATR-HTTP-Server/([\d.]+)\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"Allied Telesyn AT-(AR\w+)\"\r\n| p/Allied Telesyn $2 router http config/ v/$1/ d/router/ cpe:/h:alliedtelesyn:$2/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nConnection: close\r\nServer: Yaws/([-\w_.]+) Yet Another Web Server\r\n| p/Yaws httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nConnection: close\r\nServer: Yaws ([\w._-]+)\r\n| p/Yaws httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Web Server\r\n.*<IMG SRC = \"/base/images/netgear_(\w+)_banner\.gif\"|s p/Netgear $1 gigabit switch http config/ d/switch/ cpe:/h:netgear:$1/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Centile Embedded HTTPSd server/([\d.]+)\r\n| p/Centile VoIP adapter http config/ v/$1/ d/VoIP adapter/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nConnection: close\r\nWWW-Authenticate: Digest realm=\"DUALCOM-\d+.USER\",| p/CyberSwitching Dualcom power device http config/ i/rabbit 2000 embedded/ d/power-device/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: PWLib-HTTP-Server/([\d.]+) PWLib/([\d.]+)\r\n.*<HTML>\r\n\r\n<HEAD>\r\n<TITLE>Welcome to OpenMCU</TITLE>|s p/PWLib httpd/ v/$1/ i/OpenMCU http interface; PWLib $2/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: PWLib-HTTP-Server/([\w._-]+) PWLib/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Expires: Tue, 01 Jan 1980 00:00:00 GMT\r\n.*<title>SOPHO (\w+) In-System Gateway</title>|s p/PWLib http/ v/$1/ i/Philips Sopho $3 PBX http config; PWLib $2/ d/PBX/
match http m|^HTTP/1\.1 200 Ok\r\nServer: micro_httpd\r\n.*<title>3Com - OfficeConnect ADSL Wireless 108Mbps 11g Firewall Router</title>|s p/micro_httpd/ i/3Com OfficeConnect ADSL WAP http config/ d/WAP/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 404 Not found\n\0$| p/nohttpd 404 responding httpd/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: ICONAG web server \(Ver\.: ([-\w_.]+)\)\r\n| p/ICONAG building control http config/ v/$1/ d/specialized/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Environmental Monitoring Unit\"\r\nContent-Type: text/html\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n| p/Allegro RomPager/ v/$1/ i/APC Environmental Monitoring Unit http config/ d/specialized/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>Westell VersaLink Wireless Gateway</TITLE>| p/RapidLogic httpd/ v/$1/ i/Westell VersaLink WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.1 \d\d\d\r\nContent-Length:\d+\r\nContent-Type: text/html\r\n\r\n<html><head><link rel=\"stylesheet\" type=\"text/css\" href=\"/viawarp\.css\" />| p/Nova viaWARP httpd/ o/Windows/ cpe:/o:microsoft:windows/a
# Looks more general than a media device
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Type: text/html\r\nServer: wizd ([^\r\n]+)\r\n| p/wizd media viewer httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nServer: XES WindWeb/([\d.]+)\r\n| p/WindWeb/ v/$1/ i/XES Synergix printer http config/ d/printer/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 200 OK\r\nPragma:no-cache\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<title>INTERMEC ([\d+/]+); IP| p/Intermec $1 print server http config/ d/print server/ cpe:/h:intermec:$1/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: GoAhead-Webs\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"CameraServer\"\r\n| p/GoAhead WebServer/ i/AirLink 101 SkyIPCam http config/ d/webcam/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\n.*<title>BVA8055 Web Configuration Pages</title>|s p/Leadtek BVA8055 VoIP adapter http config/ d/VoIP adapter/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: KTorrent/(\d[-\w_.]+)\r\n|s p/Ktorrent web interface/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Wildcat/v([-\w_.]+)\r\n|s p/Wildcat Interactive Net Server httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\d.]+)\r\n\r\n<HTML>\n<HEAD>\n<TITLE>NRG (\w+) .*Network Printer D Model-Network Administration</TITLE>.*<FONT SIZE=\+2>Unit Serial Number (\w+)</FONT>|s p/Allegro RomPager/ v/$1/ i/NRG $2 printer http config; serial $3/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:nrg:$2/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Ethernut ([^\r\n]+)\r\n| p/Ethernut demo httpd/ v/$1/ o|Nut/OS| cpe:/o:ethernut:nut_os/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Mongrel ([\d.]+)\r\n|s p/Mongrel httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Micro-Web\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<FORM ACTION=/LoginPostData\.fn METHOD=POST>\r\n<INPUT TYPE=HIDDEN NAME=BrowserId VALUE=\w+>\r\n<TABLE ALIGN=CENTER BORDER=3 CELLPADDING=8 CELLSPACING=1 WIDTH=600 BGCOLOR=\"#C0C0C0\">\r\n<TR><TH COLSPAN=1><BIG><BIG>Login to the Remote Management Interface</BIG></BIG>| p/Micro-Web/ i/HP MSL5000 storage http config/ d/storage-misc/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WindWeb/([\d.]+)\r\n.*\"/js/branding_utils\.js\"></script>\r\n<script language=\"JavaScript\"><!--\nvar iPortIndex = 0; \nvar iProtocol = 0; \nvar serialPort = 1|s p/WindWeb/ v/$1/ i/HP MSL5000 storage config/ d/storage-misc/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WindWeb/([\d.]+)\r\n.*\"/js/branding_utils\.js\"></script>\r\n\r\n<script language=\"JavaScript\"><!--\nvar ConfigDirty = 1\nvar routerMode = 1\nvar modularRouter = 0\nvar szFCHostName = \"none\"\n|s p/WindWeb/ v/$1/ i/HP E1200 storage config/ d/storage-misc/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"read@\"\r\n\r\n<META HTTP-EQUIV=refresh CONTENT=0;URL=/util/401\.html>| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/3com Corebuilder switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 401 Unauthorized\nDATE: .*\nWWW-Authenticate: Basic realm=\"Delta UPS Web\"\nServer: Delta UPSentry\n| p/Belkin Bulldog UPS Monitor http config/ d/power-device/
match http m|^HTTP/1\.0 \d\d\d .*<h3>BitTorrent download info</h3>\n<ul>\n<li><strong>tracker version:</strong> ([-\w_.]+) \(BitTornado\)</li>|s p/BitTornado tracker/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: ChatSpace/([\d.]+)\r\n| p/Akiva ChatSpace httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\n<title>EMC Connectrix Management</title>|s p/EMC Connectrix http config/
match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\nContent-type: text/html\r\n\r\n<html>404 Not Found \(Error 3\)<BR></html>$| p/ESET NOD32 windows anti-virus http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 Document follows\nContent-Type: text/html\nContent-length: \d+\n\n<html>\n<head>\n<title>BeanShell Remote Session</title>\n| p/BeanShell java scripting http console/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: IntellipoolHTTPD/([\d.]+)\r\n|s p/Intellipool Network Monitor http config/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: MX4J-HTTPD/([\d.]+)\r\n.*<title>CruiseControl - Agent View</title>|s p/MX4J/ v/$1/ i/JMX CruiseControl http config/
match http m|^HTTP/1\.0 401 Authentication requested\r\nWWW-Authenticate: Basic realm=\"MX4J\"\r\nServer: MX4J-HTTPD/([\w._-]+)\r\n\r\n$| p/MX4J/ v/$1/ i/OpenNMS http admin/
match http m|^HTTP/1\.0 \d\d\d .*/cgi-bin/prodhelp\?prod=axis_540\+/542\+&ver=([\d.]+)&|s p|AXIS 540+/542+ print server http config| v/$1/ d/print server/
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nRIPT-Server: iTunesLib/([-\w_.]+) \(Mac OS X\)\r\n| p/Apple TV http config/ i/iTunesLib $1/ d/media device/ cpe:/a:apple:apple_tv/ cpe:/o:apple:mac_os_x/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Vistabox\r\n| p/Convision Vistabox security camera http config/ d/webcam/
match http m|^HTTP/1\.0 200 Document follows\r\nServer: ISOCOR web500gw ([\d.]+)\r\n| p/Eudora Worldmail http config/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 Reply from server\r\nServer: MERCUR Messaging 2005\r\n| p/Mercur Webmail httpd/ o/Windows/ cpe:/a:atrium:mercur/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 Document follows\r\nDate: .*\r\nServer: Proofpoint/([\d.]+)\r\n| p/Proofpoint email security http config/ v/$1/ d/security-misc/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><head><title>IVM Answering Attendant</title>| p/IVM Answering Attendant httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 302 Found\r\nContent-Length: 0\r\nConnection: Close\r\nContent-Type: text/html\r\nLocation: /search\?site=[-\w_.]+&client=[-\w_.]+&| p/GoogleMini Search Appliance httpd/
match http m|^HTTP/1\.0 200 OK\r\nX-Powered-By: PHP/([-\w_.]+)\r\n.*\n<title>(N\d+ - N\d+)</title>\n.*// Share Explorer\n|s p/Hammer $2 myshare http config/ i/PHP $1/ d/storage-misc/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\n.*<!--- Vendor:LINKSYS\nModelName:DD-WRT\n.*\nRF SSID:([^\r\n]+)\n|s p/DD-WRT milli_httpd/ i/Linksys WAP http config; SSID $1/ d/WAP/
match http m|^HTTP/1\.0 200 OK \r\n.*<title>: innovaphone (\w+)</title>|s p/Innovaphone $1 VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.0 200 OK \r\n.*<title>NAT: innovaphone (\w+)</title>|s p/Innovaphone $1 VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: SSLX_SSESHID=\w+;Path=/;Secure\r\nLocation: https://[\d.]+/showHome\.do\r\n| p/SSL Explorer browser-based VPN httpd/ i/halfd Half-Life server management/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nContent-Type: text/html\r\nExpires: .*\r\nSet-Cookie: SSLX_SSESHID=| p/SSL Explorer browser-based VPN httpd/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: SSLX_SSESHID=| p/SSL Explorer browser-based VPN httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Gigabit Web Smart Switch\"\r\n\r\n| p/micro_httpd/ i/Justec gigabit ethernet switch http config/ d/switch/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: Rex/([-\w_.]+)\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nPragma: client-id=| p/Rex media encoder http config/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: alevtd/([\d.]+)\r\n| p/alevtd for videotext pages httpd/ v/$1/
match http m|^HTTP/1\.0 200 200 OK\r\nCache-control: max-age=300\r\nServer: Ubicom/([\d.]+)\r\n.*<title>Wireless Bridge : Login</title>|s p/Ubicom httpd/ v/$1/ i/Senao WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nConnection: Close\r\nServer: Synchronet BBS for Win32  Version ([-\w_.]+)\r\n.*<h1 id=\"siteName\">([^<]+)</h1>|s p/Synchronet BBS httpd/ v/$1/ i/BBS name $2/ o/Windows/ cpe:/a:rob_swindell:synchronet:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: (DCS-\w+)\r\n|s p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(DCS-\w+)\"\r\n| p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Slinger/([-\w_.]+)\r\n| p/Panasonic DVR slinger http config/ v/$1/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nDate: .*Server: lighttpd/([\d.]+)\r\n\r\n\n<html>\n<head>\n<title>Shared Storage Manager</title>\n\n|s p/lighttpd/ v/$1/ i/Western Digital My Book http config/ d/storage-misc/ o/Linux/ cpe:/a:lighttpd:lighttpd:$1/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: mini_httpd/([-\w_.]+)/astlinux (\w+)\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nWWW-Authenticate: Basic realm=\"\.\"\r\n| p/mini_httpd/ v/$1/ i/Pointca PBX http config; astlinux $2/ d/PBX/ o/Linux/ cpe:/a:acme:mini_httpd:$1/ cpe:/o:linux:linux_kernel:$2/
match http m|^HTTP/1\.1  200 OK\r\n.*<p:DeviceName>D-Link (DIR-[-\w_.+]+)</p:DeviceName>.*<p:FirmwareVersion>([^<]+)</p:FirmwareVersion>|s p/D-Link $1 WAP http config/ i/FW $2/ d/WAP/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.1 403 Forbidden\r\nDate: .*\r\nServer: RoamAbout Switch Manager Services ([^\r\n]+)\r\nContent-length: 0\r\n\r\n| p/Enterasys RoamAbout Switch Manager http config/ v/$1/
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([-\w_.]+)\r\n.*<title>NBX NetSet</title>\n<META NAME=\"robots\" CONTENT=\"noindex,noarchive,nofollow\">\n<!-- \(c\) Copyright, 3Com Corporation or its subsidiaries|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/3Com NBX NetSet VoIP adapter http config/ d/VoIP adapter/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([-\w_.]+)\r\n.*<title> HP Color LaserJet ([-\w_.]+)|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP LaserJet $2 http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:laserjet_$2/
match http m|^<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML//EN\">\n<html>\n  <head>\n    <title>404 Entity Not Found</title>\n.*The requested file or stream was not found on this server\.|s p/Icecast streaming media server/ cpe:/a:xiph:icecast/
match http m|^HTTP/1\.0 403 too few slashes in URI /\r\nContent-[tT]ype: text/html\r\n\r\n| p|apt-cache/apt-proxy httpd| o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CosminexusComponentContainer\r\n|s p/Cosminexus httpd/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: GoAhead-Webs\r\n.*<!-- response_code_begin ERIC_RESPONSE_OK|s p/GoAhead WebServer/ i|Supermicro IPMI/Paradox Alarm http config| d/remote management/ cpe:/a:goahead:goahead_webserver/a
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<html><head><title>GC-100 Network Adapter</title>| p/Global Cache GC-100 http config/ d/media device/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: JAGeX/([-\w_.]+)\r\n|s p/JAGeX Java gaming httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"BSkyB (\w+) \"\r\n| p/BSkyB $1 http config/ d/broadband router/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"WBR-(\w+)\"\r\n| p/LevelOne WBR-$1 http config/ d/broadband router/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: \r\n.*<meta name=\"description\" content=\"DG(\w+) \d+\">\n|s p/Netgear DG$1 http config/ d/broadband router/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?\r\nconnection: Keep-Alive\r\ncontent-length:.*<script src=\"all/kernel/public/lib/rc/js/system/currentVersion\.xjs\?command=WSTGetVersion\" type=\"text/javascript\"></script>|s p/Samsung SyncThru http config/ d/printer/ cpe:/a:samsung:syncthru_web_service/
# Samsung CLX-3175FW
match http m|^HTTP/1\.0 200 OK\r\n.*<title>SyncThru Web Service</title>\r\n\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\r\n\r\n<script src=\"js/cookieCode\.js\">|s p/Samsung SyncThru http config/ d/printer/ cpe:/a:samsung:syncthru_web_service/
match http m|^HTTP/1\.0 \d\d\d .*<title>LaCie EdMini NAS</title>|s p/Lacie BigDisk NAS http config/ d/storage-misc/
match http m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R([\d_]+)\r\n.*<title>HP Color LaserJet (\w+)|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP LaserJet $2 http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:laserjet_$2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: BarracudaHTTP ([\d.]+)\r\n| p/BarracudaHTTP/ v/$1/ i/Barracuda Networks Load Balancer http config/ d/load balancer/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: BarracudaHTTP ([\d.]+)\r\n| p/BarracudaHTTP/ v/$1/ i/Barracuda Networks Spam & Virus Firewall http config/ d/firewall/ cpe:/h:barracudanetworks:spam_%26_virus_firewall_600:-/
# Looks like Apache. --Ed.
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: BarracudaHTTP ([\w._-]+)/([\w._-]+) \(Unix\) ([^\r]+)\r\n(?:[^\r\n]+\r\n)*?Location: https?://([\w._-]+)|s p/Apache/ v/$2/ i/Barracuda firewall http config; BarracudaHTTP $1; $3/ d/firewall/ o/Unix/ h/$4/ cpe:/a:apache:http_server:$2/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WindWeb/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"i\.LON\"\r\n|s p/WindWeb/ v/$1/ i/i.LON 100e2 Internet Server http config/ d/remote management/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: BASIC realm=\"Administrator or User\"\r\n\r\nPassword Error\. $| p/D-Link DCS-900 webcam http config/ d/webcam/ cpe:/h:dlink:dcs-900/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Yaws/([-\w_.]+) Yet Another Web Server\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: SMSESSION=logout; .*Set-Cookie: nortelxnetid=logout;|s p/YAWS httpd/ v/$1/ i/Nortel VPN Gateway http config/ d/security-misc/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: SAP Internet Graphics Server\r\n|s p/SAP Internet Graphics Server httpd/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?server: SAP Message Server, release (\d+)|s p/SAP Message Server httpd/ v/release $1/
match http m|^HTTP/1\.0 \d\d\d(?:[^\r\n]+\r\n)*?\r\n<html>\n<script language=JavaScript>\nfunction show\(\)\n{\n\tform1\.submit\(\);\n}\n</script>\n<body onload=\"show\(\);\">\n<form name=form1 action=\"/cgi-bin/webconfig\?page=first&action=check\">\n</form>\n</body>\n</html>\n|s p/D-Link DHP-540 VoIP Phone http config/ d/VoIP phone/ cpe:/h:dlink:dhp-540/a
match http m|^HTTP/1\.0 200 OK\r\nServer: ScanAlert\r\n| p/ScanAlert Hacker Safe scanner httpd/ d/security-misc/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: ATR-HTTP-Server/([\d.]+)\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"Allied Telesyn AT-8748XL\"\r\n| p/ATR httpd/ v/$1/ i/Allied Telesyn AT-8748XL switch http config/ d/switch/ cpe:/h:alliedtelesyn:at-8748xl/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?WWW-Authenticate: Basic realm=\"Linksys WAP51AB\"\r\n|s p/Linksys WAP51AB http config/ d/WAP/ cpe:/h:linksys:wap51ab/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\nLocation: http://ns5gt/redirect\.html\r\n|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Netscreen NS5GT firewall http config/ d/firewall/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\nLocation: http://[\d.]+/redirect\.html\r\n|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Juniper SSG5 or SSG140 firewall http config/ d/firewall/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\d.]+)\r\n\r\n<HTML>\n<HEAD>\n<TITLE>Cisco Systems, Inc\.</TITLE>.*Cisco Systems, Inc\. IP Phone CP-7940G \(|s p/Allegro RomPager/ v/$1/ i/Cisco CP-7940G VoIP phone http config/ d/VoIP phone/ cpe:/a:allegro:rompager:$1/ cpe:/h:cisco:cp-7940g/a
match http m|^HTTP/1\.0 200 OK\r\nServer: SysMaster Web Server/([\d.]+)\r\nContent-Length: \d+\r\nConnection: close\r\nContent-type: text/html;\r\n\r\n<script>\nif\(document\.all\)\n\tlocation=\"app_ie\.htm\";\nelse\n\tlocation=\"app_mz\.htm\";\n</script>| p/SysMaster httpd/ v/$1/ i/Tornado M10 media center http config/ d/media device/
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"Linksys-CIT400\"\r\n| p/Linksys CIT400 VoIP phone http config/ d/VoIP phone/ cpe:/h:linksys:cit400/a
match http m|^HTTP/1\.0 200 OK\r\nAllow: GET, POST, OPTIONS\r\nServer: EDA HTTP LISTENER/([\d.]+)\r\n.*<form name=\"form\" action=\"webconsole\" method=\"POST\" >|s p/EDA httpd/ v/$1/ i/WebFOCUS http console/
match http m|^HTTP/1\.0 200 OK\r\nAllow: GET, POST, OPTIONS\r\nServer: EDA HTTP LISTENER/([\d.]+)\r\n.*<FORM NAME=\"form\" ACTION=\"/cgiatt\.exe\" METHOD=\"POST\" >|s p/EDA httpd/ v/$1/ i/WebFOCUS http console/
# Netgear WG302v1 or Linksys WRT54G v8
match http m|^HTTP/1\.0 301 Moved Premanently\r\nLocation: https://[\d.]+/\r\nContent-type: text/html\r\n\r\n<html><head><title>Access Denied</title></head><body><h1>You must use SSL based http\(HTTPS\) server\.</h1></body></html>$| p/Netgear or Linksys WAP http config/ d/WAP/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: https:///\r\nContent-type: text/html\r\n\r\n<html><head><title>Access Denied</title></head><body><h1>You must use SSL based http\(HTTPS\) server\.</h1></body></html>$| p/ZyXEL ZyWALL SSL 10 SSL-VPN appliance http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\nServer: ARGUS/([\d.]+)\r\n.*\r\n<TITLE>Intel Wireless Gateway</TITLE>|s p/ARGUS httpd/ v/$1/ i/Intel Wireless Gateway http config/ d/WAP/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Conceptronic C54APRA2\+\"\r\n\r\n|s p/Conceptronic C54APRA2+ WAP http config/ d/WAP/
match http m|^HTTP/1\.0 401 Unauthorized\n.*\r\nWWW-Authenticate: Basic realm=\"AirStation\"\r\n|s p/Buffalo AirStation http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Indy/([\d.]+)\r\n.*<img src=\"Webimages/RaidenMAILD\.jpg\" border=\"0\" id=\"raidenLogo\">|s p/Indy httpd/ v/$1/ i/RaidenMAIL http config/ cpe:/a:indy:httpd:$1/
match http m|^HTTP/1\.1 200 Document follows\r\nServer: ELOG HTTP ([-\w_.]+)\r\n| p/ELOG blog httpd/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"iRMC@.*<title>RemoteView&reg; iRMC Web Server</title>|s p/iRMC RemoteView httpd/ d/remote management/
match http m|^HTTP/1\.1 \d\d\d .*:: Welcome to ZyXEL (P-\w+) \(([-\w_.]+)\) ::\.|s p/ZyXEL $1 broadband router http config/ d/broadband router/ h/$2/ cpe:/h:zyxel:$1/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Web Server\r\n.*<title>Dell OpenManage Switch Administrator</title>|s p/Dell OpenManage switch http config/ d/switch/
match http m|^HTTP/1\.0 \d\d\d .*<SCRIPT language=JavaScript>\r\n\tvar PIN_change_attempted = false;\r\n\tvar Login_failed = false;\r\n\tvar password_label = \"\";\r\n</SCRIPT>\r\n<!--\r?\nNote: the opening and closing HTML tags are deliberately omitted from\r?\nthis file\.|s p/Citrix Access Gateway httpd/ o/Windows/ cpe:/a:citrix:access_gateway/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\nServer: Micro Focus DSD ([-\w_.]+)\r\n| p/Micro Focus Directory Server httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\nServer: SCO I2O Dialogue Daemon ([-\w_.]+) \n|s p/SCO I2O Dialogue Daemon httpd/ v/$1/
match http m|^HTTP/1\.1 404 OK\r\nServer: Lotus Expeditor Web Container/([-\w_.]+)\r\n| p/Lotus Notes Expeditor httpd/ v/$1/ cpe:/a:ibm:lotus_expeditor:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Cpanel::Httpd like Apache\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"cPanel WebDisk\"\r\n\r\n|s p/cPanel WebDisk httpd/ o/Linux/ cpe:/o:linux:linux_kernel/a

match http m|^HTTP/1\.0 302 FOUND\r\nServer: PasteWSGIServer/([-\w_.]+) Python/([-\w_.]+)\r\nDate: .*location: /login/login\r\npragma: no-cache\r\ncache-control: no-cache\r\nset-cookie:  hellahella=|s p/PasteWSGIServer/ v/$1/ i/HellaHella httpd; Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 200 OK\r\nServer: PasteWSGIServer/([-\w_.]+) Python/([-\w_.]+)\r\n.*<title>Welcome to Pylons!</title>|s p/PasteWSGIServer/ v/$1/ i/Pylons web framework; Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 200 OK\r\nServer: PasteWSGIServer/([-\w_.]+) Python/([-\w_.]+)\r\n.*<div id=\"loggerheadCont\">|s p/PasteWSGIServer/ v/$1/ i/Bazaar loggerhead httpd; Python $2/ cpe:/a:python:python:$2/

match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: NessusWWW\r\n(?:[^\r\n]+\r\n)*?Content-Length: 6518\r\n.*<!-- saved from url=\(0016\)http://localhost -->\n<html lang=\"en\">\n\n<!-- \nSmart developers always View Source\. \n\nThis application was built using Adobe Flex.*<title>Nessus</title>|s p/NessusWWW/ v/4.2.2 - 4.49RC1/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:4/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: NessusWWW\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\n.*<!-- saved from url=\(0016\)http://localhost -->\n<html lang=\"en\">\n\n<!-- \nSmart developers always View Source\. \n\nThis application was built using Adobe Flex.*<title>Nessus</title>|s p/NessusWWW/ v/4/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:4/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: NessusWWW\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\n.*<title>Restart needed!</title>.*<body bgcolor=\"#2b4e67\">.*<link type=\"text/css\" href=\"jqueryui18\.css\" rel=\"stylesheet\" />|s p/NessusWWW/ v/5.0.2/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:5.0.2/
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Server: NessusWWW\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Location: https://[\w:._-]+/loading/\r\nCache-Control: \r\nExpires: 0\r\nPragma : \r\n\r\n|s p/NessusWWW/ v/4.2.2 - 4.49RC1/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:4/
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Server: NessusWWW\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Location: https://[\w:._-]+/html5\.html\r\nCache-Control: \r\nExpires: 0\r\nPragma : \r\n\r\n|s p/NessusWWW/ v/5.0.3/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:5.0.3/
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Server: NessusWWW\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Location: https:///html5\.html\r\nCache-Control: \r\nExpires: 0\r\nPragma: \r\n\r\n|s p/NessusWWW/ v/5.2.6/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:5.2.6/
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nServer: NessusWWW\r\n(?:[^\r\n]+\r\n)*?Content-Type: application/json\r\n(?:[^\r\n]+\r\n)*?Location: https://[\w:._-]+/nessus6\.html\r\nCache-Control: \r\nExpires: 0\r\nPragma: \r\n\r\n|s p/NessusWWW/ v/6/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:6/
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nServer: NessusWWW\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Location: https://[\w:._-]+/nessus6\.html\r\n|s p/NessusWWW/ v/6/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:6/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: NessusWWW\r\n(?:[^\r\n]+\r\n)*?\r\n<!doctype html>\n<html lang="en">\n    <head>\n        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />\n        <meta charset="utf-8" />\n        <meta name="viewport" content="width=device-width, initial-scale=1\.0, maximum-scale=1\.0, user-scalable=0" />\n        <meta name="apple-mobile-web-app-capable" content="yes" />\n        <link rel="apple-touch-icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJgAAACYCAIAAACXoLd2AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyNpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8\+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6e|s p/NessusWWW/ v/6.4/ i/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus:6.4/
match http m|^HTTP/1\.1 \d\d\d .*\r\nCache-Control: \r\nX-Frame-Options: DENY\r\n(?:Etag: [a-z0-9]{32}\r\n)?Content-Type: .*\r\nDate: : .*\r\nConnection: close\r\nServer: NessusWWW\r\n| p/NessusWWW/ v/6.7 - 6.9/ cpe:/a:tenable:nessus:6/
match ssl/http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 349\r\nServer: NessusWWW\r\nDate: : | p/Nessus vulnerability scanner http UI/ cpe:/a:tenable:nessus/


# CAMEO-httpd
match http m=^HTTP/1\.0 200 Ok\r\nServer: CAMEO-httpd\r\n.*<title>D-LINK CORPORATION \| WIRELESS AP \| LOGIN</title>=s p/CAMEO httpd/ i/D-Link DAP-1150 WAP http config/ d/WAP/ cpe:/h:dlink:dap-1150/
match http m=^HTTP/1\.0 200 Ok\r\nServer: CAMEO-httpd\r\n.*<title>D-LINK SYSTEMS, INC \| WIRELESS AP \| LOGIN</title>=s p/CAMEO httpd/ i/D-Link DAP-1160 WAP http config/ d/WAP/ cpe:/h:dlink:dap-1160/
match http m=^HTTP/1\.0 200 Ok\r\nServer: CAMEO-httpd\r\n.*<title>D-LINK SYSTEMS, INC\. \| WIRELESS AP : LOGIN</title>=s p/CAMEO httpd/ i/D-Link DAP-1360 WAP http config/ d/WAP/ cpe:/h:dlink:dap-1360/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CAMEO-httpd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"DWL-G700AP Login\"\r\n|s p/CAMEO httpd/ i/D-Link DWL-G700AP http config/ d/WAP/ cpe:/h:dlink:dwl-g700ap/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: CAMEO-httpd\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"802\.11g WLAN Login\"\r\n| p/CAMEO httpd/ i/TRENDnet WAP http config/ d/WAP/


match http m=^HTTP/1\.0 302 (?:Temporary|Object) [Mm]oved\r\nServer: Cisco AWARE ([-\w_.]+)\r\n= p/Cisco ASA firewall http config/ i/Cisco AWARE $1/ d/firewall/ o/IOS/ cpe:/o:cisco:ios/a
match http m|^HTTP/1\.0 200 OK\r\n.*<title>Remote Buddy by IOSPIRIT</title>|s p/IOSPIRIT Remote Buddy http config/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nServer: Asterisk/[\w_+]+-([-\w_.+]+) \(| p/Asterisk http config/ v/$1/ cpe:/a:digium:asterisk:$1/
match http m|^HTTP/1\.1 501 Not Implemented\r\nCIMError: Only POST and M-POST are implemented\r\n\r\n$| p/OpenPegasus CIMServer/
match http m|^HTTP/1\.1 200 OK\r\nDate: (?:[^\r\n]*\r\n(?!\r\n))*?Server: \r\n.*ACTION=\"/cgi-bin/cgi_authenticate\">\n<P ALIGN=\"left\"><B><FONT SIZE=\"5\" face=\"Tahoma\">User Firewall Authentication|s p/WatchGuard Firebox http config/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\n.*<TITLE>Divar Web Client</TITLE>|s p/Bosch Divar Security Systems http config/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([-\w_.]+)\r\nMIME-version: 1\.0\r\nPragma: no-cache\r\nContent-type: text/html\r\n\r\n<script language=\"javascript\">\n<!--\ntop\.location\.href=\"duplicate\.htm\";//-->\n</script>\n\r\n$| p/3Com OfficeConnect WAP http config/ v/$1/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w._-]+)\r\nMIME-version: 1\.0\r\n.*<title>802\.11g AP setup page</title>.*function doLogin\(\)\n{\nvar f=document\.submit_form ;\t\nf\.submit_login_password\.value;|s p/RapidLogic httpd/ v/$1/ i/3Com OfficeConnect WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 200 Ok\rServer: httpd\r.*\t\r\r<TITLE>3Com - OfficeConnect Wireless Cable/DSL Router</TITLE>|s p/3Com OfficeConnect WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\n\n<html>\n<head>\n<meta name=\"description\" content=\"Belkin ([-\w_.+]+)\">\n| p/Belkin $1 WAP http config/ d/WAP/ cpe:/h:belkin:$1/a
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nServer: Ubicom/([\w._-]+)\r\n.*<title>D-Link Print Server - Server Information</title>|s p/Ubicom httpd/ v/$1/ i/D-Link print server http config/ d/print server/ cpe:/a:ubicom:httpd:$1/
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nServer: Ubicom/([\w._-]+)\r\n.*href=\"/substyle_DIR-(6\d+)\.css\"|s p/Ubicom httpd/ v/$1/ i/D-Link DIR-$2 WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/
match http m|^HTTP/1\.0 200 200 OK\r\nServer: Ubicom/([\w._-]+)\r\n.*<!--@TEMPLATE:build/cooker/webgen/cooker_nonav_template\.html@-->|s p/Ubicom httpd/ v/$1/ i/D-Link DIR-625 WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/ cpe:/h:dlink:dir-625/a
match http m|^HTTP/1\.0 200 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Ubicom/([\w._-]+)\r\n.*<link rel=\"stylesheet\" rev=\"stylesheet\" href=\"/substyle_DIR-625\.css\"|s p/Ubicom httpd/ v/$1/ i/D-Link DIR-625 WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/ cpe:/h:dlink:dir-625/a
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: ActiveGrid/([-\w_.]+)\r\n| p/ActiveGrid httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: ISS-HttpMod/([-\w_.]+)\r\n| p/Intelligent Security Systems webcam httpd/ v/$1/ d/webcam/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Linksys RVS4000\n \"| p/Linksys RVS4000 security router http config/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: httpdevil/([-\w_.]+)\r\n| p/httpdevil/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: ADSM_HTTP/([-\w_.]+)\r\nContent-type: text/html\n\n<HEAD>\n<TITLE>\nServer Administration\n</TITLE>.*<META NAME=\"IBMproductVersion\" CONTENT=\"([\d.]+)\">|s p/IBM AIX Storage Management $2 http config/ v/$1/ d/storage-misc/ o/AIX/ cpe:/o:ibm:aix/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Conexant-EmWeb/R([\d_]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Connecting to router\".*\(C\) Copyright \w+ Allied Telesis|s p/Conexant-EmWeb/ v/$SUBST(1,"_",".")/ i/Allied Telesis broadband router http config/ d/broadband router/ cpe:/a:conexant:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.[01] \d\d\d .*\nServer: TIB/Rendezvous ([-\w_.]+)\n|s p/TIB Rendezvous http config/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Snug/([-\w_.]+)\r\n|s p/Snug httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: NetPort Software ([\d.]+)\r\n.*\n<title>([-\w_.]+) - VSX 8000</title>|s p/NetPort httpd/ v/$1/ i/Polycom VSX 8000 http config/ d/webcam/ h/$2/ cpe:/h:polycom:vsx_8000/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Grandstream GXP2000 ([-\w_.]+)\r\n\r\n|s p/Grandstream GXP2000 http config/ v/$1/ d/VoIP adapter/ cpe:/h:grandstream:gxp2000/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: D-Link Internet Camera\r\n.*<title>(DCS-\w+)</title>|s p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.0 200 Ok\r\nServer: micro_httpd\r\n.*var isRouter\t='1' \? '1' : '0';\r\nvar\tisPS\t\t='' \? '' : '0';\r\nvar isAPmode\r\nif\('vlan1' =='' .. '1'=='0'\)\r\n\tisAPmode='1';\r\nelse\tisAPmode='0';\r\nvar bssid = '([\w:]+)';|s p/micro_httpd/ i/Belkin WAP http config; BSSID $1/ d/WAP/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 200 OK\n.*Server: SWILL/([-\w_.]+)\n|s p/SWILL httpd/ v/$1/
match http m|^HTTP/1\.1 .*<p:Type>GatewayWithWiFi</p:Type><p:DeviceName>D-Link DGL-4300</p:DeviceName>|s p/D-Link DGL-4300 WAP http config/ d/WAP/ cpe:/h:dlink:dgl-4300/a
match http m|^HTTP/1\.1 200 OK.*\r\nServer: IPL T S2/([-\w_.]+)\r\n|s p/Extron IPL T S2 http config/ v/$1/ d/media device/
match http m|^HTTP/1\.0 200 Ok\r\nServer: \r\n.*<title>RWO-CPE-PLUS-G Login Page</title>|s p/mini_httpd/ i/Demarc RWO WAP http config/ d/WAP/ cpe:/a:acme:mini_httpd/
match http m|^HTTP/1\.1 200 OK.*\r\nServer: Web Server\r\n.*<TITLE>Netgear System Login</TITLE>.*<IMG SRC = \"/base/images/Netgear_fsm(\w+)_banner\.gif\"|s p/Netgear FSM$1 switch http config/ d/switch/
match http m|^HTTP/1\.1 200 OK.*\r\nServer: Web Server\r\n.*<TITLE>NetGear FSM7352S</TITLE>|s p/Netgear FSM7352S switch http config/ d/switch/ cpe:/h:netgear:fsm7352s/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: FM Web Publishing\r\n|s p/FileMaker Web Publishing httpd/
match http m|^HTTP/1\.1 \d\d\d Snakelet output follows\r\nServer: Snakelets/([-\w_.]+) Python/([-\w_.]+)\r\n| p/Snakelets httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDocuCentre Color (\d+) -|s p/Fuji Xerox DocuCentre Color $1 http config/ d/printer/ cpe:/h:fuji:xerox_docucentre_color_$1/a
match http m|^HTTP/1\.1 \d\d\d .*Fuji Xerox Co\..*\r\n<TITLE>B6300 -|s p/Fuji Xerox B6300 printer http config/ d/printer/ cpe:/h:fuji:xerox_b6300/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Boa/([-\w_.]+) \(with Intersil Extensions\)\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"CONNECT2AIR AP-600RP-USB LOGIN Enter Password \(default is connect\)\"\r\n|s p/Boa/ v/$1/ i/Fujitsu Siemens CONNECT2AIR AP-600RP-USB WAP http config; default password "connect"/ d/WAP/ cpe:/a:boa:boa:$1/ cpe:/h:fujitsu:siemens_connect2air_ap-600rp-usb/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nServer: NetworkScanner WebServer Ver([\w._-]+)\r\nCache-Control: no-cache\r\nContent-Type: TEXT/HTML\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>([\w._-]+)</TITLE>| p/Kyocera $2 printer http config/ v/$1/ d/printer/ cpe:/h:kyocera:$2/
match http m|^HTTP/1\.1 200 OK\r\n.*<title>Colloquy</title>|s p/Colloquy IRC web gateway/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 \d\d\d .*content=\"VMware Server is virtual infrastructure software.*\n\n<title>VMware Server ([-\w_.]+)</title>|s p/VMware Server http config/ v/$1/ cpe:/a:vmware:server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([-\w_.]+)\r\n.*<font color=\"#FFFFFF\" size=\"4\">Cisco Systems, Inc\. IP Phone CP-7960 \(|s p/Allegro RomPager/ v/$1/ i/Cisco CP-7960 VoIP phone http config/ d/VoIP phone/ cpe:/a:allegro:rompager:$1/ cpe:/h:cisco:cp-7960/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: InterMapper/([-\w_.]+)\r\n|s p/Dartware InterMapper httpd/ v/$1/
match http m|^HTTP/1\.0 401 Authenticate\nWWW-Authenticate: Basic realm=\"P4Web\"\n| p/Perforce P4Web httpd/
match http m|^HTTP/1\.1 200\r\n.*<!--SELECTserver Full Page Header-->\r\n<html>\r\n\r\n<head>\r\n<title>\r\nSELECTserver: License Manager\r\n</title>|s p/SELECTserver license manager httpd/
match http m|^HTTP/1\.0 200 Document follows\r\nDate: .*\r\nServer: WebminServer\r\n| p/WebminServer httpd/
match http m|^HTTP/1\.1 200 OK.*\* Zimbra Collaboration Suite Web Client\n|s p/Zimbra http config/ cpe:/a:zimbra:zimbra_collaboration_suite/
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Location: https://[\d.:]+/zimbraAdmin\r\n|s p/Zimbra admin http config/ cpe:/a:zimbra:zimbra_collaboration_suite/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?WWW-Authenticate: Basic realm=\"CANOPY ([-\w]+)\"\r\n|s p/Motorola Canopy WAP http config/ i/MAC $1/ d/WAP/
match http m|^HTTP/1\.0 200 Document follows\nMIME-Version: 1\.0\nServer: Java Cell Server\n.*<title>dCache service</title>|s p/dCache httpd/ i/Distributed Storage Node/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nDate:.*\r\nServer: HighPoint Raidman WebServer/([-.\w\d]+)\r\nAccept-Ranges: bytes\r\n| p/HighPoint Raidman web config http/ v/$1/ d/storage-misc/
match http m|^HTTP/1\.1 404 Not Found\r\nconnection: close\r\ncontent-type: text/html\r\ndate: .*\r\nserver: Ruckus/([\d.]+)\r\n\r\n| p/Ruckus Media Player/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
#Novell Groupwise HTTP services
match http m|^HTTP/1\.0 \d\d\d .*\r\n(?:Date: .*\r\n)?Server: GroupWise MTA ([-_.\d\w\(\) ]+)\r\n| p/Novell GroupWise MTA httpd/ v/$1/ o/Unix/ cpe:/a:novell:groupwise:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\n(?:Date: .*\r\n)?Server: GroupWise POA ([-_.\d\w\(\) ]+)\r\n| p/Novell GroupWise POA httpd/ v/$1/ i/Post Office Agent/ o/Unix/ cpe:/a:novell:groupwise:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\n(?:Date: .*\r\n)?Server: GroupWise GWIA ([-_.\d\w\(\) ]+)\r\n| p/Novell GroupWise GWIA httpd/ v/$1/ i/GroupWise Internet Agent/ o/Unix/ cpe:/a:novell:groupwise:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\n(?:Date: .*\r\n)?Server: Messenger-MA ([-_.\d\w\(\) ]+)\r\n| p/Novell Messenger httpd/ v/$1/ i/Messenger Agent/ o/Unix/
match http m|^HTTP/1\.0 200 .*\r\nDate: .*\r\nContent-Length: .*\r\nContent-Type: .*\r\n\r\n<html>\r\n<head>\r\n<title>Novell Messenger Download</title>| p/Novell Messenger download httpd/ o/Unix/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Hunchentoot ([\w._-]+)\r\n|s p/Hunchentoot httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: AllegroServe/([\w._-]+)\r\n|s p/Franz Allegroserve httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Hop\r\n|s p/HOP httpd/
match http m|^HTTP/1\.1 200 OK\r\nServer: minituner\r\n| p|BMC/Marimba Management http config|
match http m|^HTTP/1\.1 200 Channel Listing\r\nServer: Marimba-Transmitter/([\d.]+)\r\n| p|BMC/Marimba Transmitter| v/$1/
match http m|^HTTP/1\.0 500 Internal Server Error\r\nContent-type: text/html; charset=UTF-8\r\n\r\n<html><META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=UTF-8\"><body>\r\nInternal Server Error</body>\r\n</html>\r\n| p|BMC/Marimba Management http config| i/Error Condition/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"tuner\"\r\n| p|BMC/Marimba Management http config|
match http m|^HTTP/1\.0 200 OK\r\nServer: Henry/\d\.\d\r\n|s p/NEC Electra Elite IPK II WebPro/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: WebZerver/V([\w._-]+)\r\n.*<title>\nAxonix\nSuperCD - cdserver\n  </title>|s p/Axonix SuperCD http config/ i/WebZerver $1/ d/media device/
match http m|^<html>\n<title>DES-2108 +</title>| p/D-Link DES-2108 switch http config/ d/switch/ cpe:/h:dlink:des-2108/a
match http m|^HTTP/1\.1 \d\d\d .*<title>MD Evol Web</title>|s p/Ericsson MD Evolution PBX http config/ d/PBX/
match http m|^HTTP/1\.0 200 OK\r\nServer: NetPort Software ([\w._-]+)\r\nDate: .*\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>On Board Remote Management</title>| p/NetPort httpd/ v/$1/ i/Dell PowerVault 124T http config/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\nServer: AV-TECH (AV\w+) Video Web Server\n| p|Gadspot/Avtech $1 webcam http config| d/webcam/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Minix httpd ([\w._-]+)\r\n| p/Minix httpd/ v/$1/ o/Minix/ cpe:/a:minix:httpd:$1/ cpe:/o:minix:minix/a
match http m|^HTTP/1\.1 200 Ok\r\nServer: micro_httpd\r\n.*<title>ADSL Router</title>\r\n\r\n\r\n<script language=\"javascript\">\r\n<!--\r\nvar ModemVer='(DSL-[\w._+-]+)';|s p/D-Link $1 http config/ d/broadband router/ cpe:/a:acme:micro_httpd/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.0 200 OK\r\n.*<TITLE>HTML-Konfiguration</TITLE>\n<SCRIPT language=\"JavaScript\" src=\"/cgi-bin/webcm\?getpage=\.\./html/js_top\.txt\"|s p/T-Com Speedport W 501V http config/ i/German/ d/broadband router/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Mime-Version: 1\.0\r\n.*<TITLE>HTML-Konfiguration</TITLE>\n<SCRIPT type=\"text/javascript\" src=\"/html/dom\.js\">|s p/T-Com Speedport W 101V http config/ i/German/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nServer: Apache\r\n.*<TITLE>HTML-Konfiguration</TITLE>.*prodname=\"Speedport_W_(\w+)_Typ_B\";|s p/T-Com Speedport W $1 http config/ i/German/ d/broadband router/
match http m|^HTTP/1\.0 200 OK\r\nServer: Apache\r\n.*<title>HTML-Konfiguration</title>.*<style type=\"text/css\">\r\n#startseite|s p/T-Com Speedport W 700 http config/ i/German/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: must-revalidate, no-store\r\nConnection: close\r\n\r\n<html>\n<style>\ntable\.stat th, table\.stat td {\n  font-family:\tVerdana, Geneva, sans-serif;\n  font-size : 11px;\n  color: blue;\n  border: 0px solid;\n  white-space: nowrap;\n}\n| p/Linksys SPA942 VoIP phone http config/ d/VoIP phone/ cpe:/h:linksys:spa942/a
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: must-revalidate, no-store\r\nConnection: close\r\n\r\n<html>\n<style>\ntable\.menu1 td \{\n  font-family:\tVerdana, Geneva, sans-serif;\n  font-size : 13px;\n  border: 0px solid;\n  color: blue;\n  white-space: nowrap;\n\}\ntable\.menu1 td a| p/Linksys SPA2102 VoIP phone http config/ d/VoIP phone/ cpe:/h:linksys:spa2102/a
match http m|^HTTP/1\.1 200 OK\r\nMIME-Version: 1\.0\r\nServer: OKIDATA-HTTPD/([\w._-]+)\r\n.*<title>([^<]+)</title>|s p/OKIDATA httpd/ v/$1/ i/Oki $2 printer http config/ d/printer/ cpe:/h:oki:$2/a
match http m|^HTTP/1\.0 200 OK\r\nServer: NetPort Software ([\w._-]+)\r\n.*<title>([^-<\r\n]+) - VSX 8000</title>\n<link rel=\"stylesheet\" href=\"sabrestyle\.css\"|s p/NetPort httpd/ v/$1/ i/Polycom VSX 8000 http config $2/ d/webcam/ cpe:/h:polycom:vsx_8000/a
match http m|^HTTP/1\.0 200 OK\r\nServer: NetPort Software ([\w._-]+)\r\n.*<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n    <meta http-equiv=\"no-cache\">\n    <link rel=\"stylesheet\" href=\"sabre\.css\"|s p/NetPort httpd/ v/$1/ i/Polycom VSX 8000 http config/ d/webcam/ cpe:/h:polycom:vsx_8000/a
match http m|^HTTP/1\.0 303 Redirecting\r\nServer: httpd/[\d.]+ Python/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Cache-Control: no-store,no-cache,must-revalidate,max-age=0,post-check=0,pre-check=0\r\n.*<title>: Redirecting\n</title>\n<meta http-equiv=\"Refresh\" content=\"0; URL=http://([\w._-]+):\d+/login\"|s p/IronPort Mailflow http config/ i/Python $1/ d/specialized/ h/$2/ cpe:/a:python:python:$1/
match http m|^<html><head><title>Task Manager Server Report</title></head>| p/Dolbey Fusion Focus Task Manager httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: XGATE-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"NB(\w+) Wireless Router\"\r\n| p/NetComm NB$1 WAP http config/ i/XGATE-Webs/ d/WAP/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: XGATE-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"XG6546p2 Wireless Router\"\r\n| p/XAVi XG6546p Wireless Gateway/ i/XGATE-Webs/ d/WAP/
match http m%^HTTP/1\.0 200 Ok\r\nServer: micro_httpd\r\n.*\r\nvar isRouter\t='1' \? '1' : '0';\r\nvar\tisPS\t\t='' \? '' : '0';\r\nvar isAPmode\r\nif\('[\w-]*' =='' \|\| '1'=='0'\)\r\n\tisAPmode='1';\r\nelse\tisAPmode='0';\r\nvar bssid = '([\w:]+)';%s p/micro_httpd/ i/Belkin WAP http config; BSSID $1/ d/WAP/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: Close\r\nDate: .*\r\nServer: Eye-Fi Agent/([\w._-]+) \(Windows| p/Eye-Fi Manager httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: micro_httpd\r\nCache-Control: no-cache\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"U\.S\. Robotics ADSL Gateway\"\r\n| p/micro_httpd/ i/USRobotics ADSL router http config/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 401 Unauthorized\n.*\r\nWWW-Authenticate: Basic realm=\"3Com AirProtect Sentry\"\r\n|s p/3Com AirProtect Sentry http config/ d/security-misc/
match http m|^HTTP/1\.1 200 OK\r\nServer: WindWeb/([\w._-]+)\r\n.*<SCRIPT LANGUAGE=\"JavaScript\">\r\n<!--\r\n  function change_Time\(\) {\r\n    window\.location = '\./cgi/mts_login\.cgi'\r\n|s p/WindWeb/ v/$1/ i/Iwatsu ADIX PBX http config/ d/PBX/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nServer: WindWeb/([\w._-]+)\r\n.*<title>TrueTime - NTS-200 Web Interface -|s p/WindWeb/ v/$1/ i/TrueTime NTS-200 http config/ d/specialized/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.1 302 Found\r\nConnection: Keep-Alive\r\nServer: \r\n.*<!-- this page must have 520 bytes or more, ie is a wonderfull program -->.*<html>\r\n<head>\r\n<title>302-Found</title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\r\n</head>\r\n<body>\r\n<h1>302-Found</h1>\r\n<a href='/login\.html\?id=\d+'>/login\.html</a>|s p|Siemens Gigaset PBX/TARGA DIP VoIP phone http config|
match http m|^HTTP/1\.1 302 Found\r\nConnection: Close\r\nServer: \r\n.*<!-- this page must have 520 bytes or more, ie is a wonderfull program -->.*<html>\r\n<head>\r\n<title>302-Found</title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\r\n</head>\r\n<body>\r\n<h1>302-Found</h1>\r\n<a href='/login\.html\?id=\d+'>/login\.html</a>|s p/Siemens Gigaset A580, DX800A, or S450 VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.0 200 OK\r\nServer: SimpleHTTP/([\d.]+) Python/([\d.]+)\r\n.*<HTML>\n<TITLE>WifiZoo v([\w._-]+) - Control Panel</TITLE>|s p/WifiZoo http control panel/ v/$3/ i/SimpleHTTP $1; Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/
match http m|^HTTP/1\.1 200 OK\r\n.*\n\n\t\t<title>PGP Universal - Page Not Found</title>\n|s p/PGP Universal httpd/ cpe:/a:pgp:universal_server/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: PWS/([\w._-]+)\r\n| p/PWS httpd/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\nCache-Control: no-cache\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Wireless ADSL2\+ Router\"\r\n| p/micro_httpd/ i/Dynalink RTA1025W WAP http config/ d/WAP/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 401 \r\nServer: GoAhead-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"AirMagnet SmartEdge Sensor\"\r\n| p/GoAhead WebServer/ i/AirMagnet SmartEdge Sensor http config/ d/specialized/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: http\r\n(?:[^\r\n]+\r\n)*?Connection: close\r\nWWW-Authenticate: Basic realm=\"Login to Vigor 3300\"\r\n\r\n|s p/DrayTek Vigor 3300 router http config/ d/router/ cpe:/h:draytek:vigor_3300/a
match http m|^HTTP/1\.0 200 OK\r\n.*<link rel=\"stylesheet\" type=\"text/css\" href=\"/musicpal_ie6\.css\" />\r\n<!\[endif\]-->\r\n<title>Freecom MusicPal</title>|s p/Freedom MusicPal/ d/media device/
match http m|^HTTP/1\.1 200 Document follows\r\nConnection: Close\r\nServer: Micro-Web\r\n.*<title>Oasis Semiconductor, Inc\.</title>.*<b>Welcome to a live demo of the TCP/IP network stack running Micro-Web!</b>.*\r\nSystem Up Time:  ([^\r\n<]+)\r\n(?:[^\r\n]+\r\n)*?MAC Address:\r\n([\w:]+)\r\n|s p/Oasis Micro-Web/ i/Uptime $1; MAC $2/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n<html><head><title>VDR Channel Listing</title>| p/VDR Streamdev plugin httpd/ d/media device/
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Agranat-EmWeb/R([\d_]+)\r\n.*<SCRIPT LANGUAGE=JavaScript>\nvar helpUrl = \"\";\n//Ip we are coming from\nvar ip=document\.domain;\n\n|s p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Avaya G350 Media Gateway http config/ d/media device/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w._-]+)\r\nMIME-version: [\d.]+\r\n.*md5\(document\.logonForm\.username\.value \+ \":\" \+ document\.logonForm\.password\.value \+ \":\" \+ \"\w+\"\);  // sets the hidden field value to whatever md5 returns\.\r\n|s p/RapidLogic httpd/ v/$1/ i/Thomson ST2030 VoIP phone http config/ d/VoIP phone/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:thomson:st2030/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: BCReport/([\w._-]+)\r\n| p/Blue Coat Reporter httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Blue Coat Reporter\r\n.*<title>Blue Coat Reporter ([\d.]+)</title>|s p/Blue Coat Reporter httpd/ v/$1/
match http m|^HTTP/1\.1 401 Authentication Required\r\nConnection: close\r\n\r\n$| p/Blue Coat Reporter httpd/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nX-Powered-By: ASP\.NET\r\n| p/Microsoft IIS httpd/ o/Windows/ cpe:/a:microsoft:internet_information_services/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WYM/([\w._-]+)\r\n.*<META NAME=\"Author\" CONTENT=\"ChenXiaohui\">\r\n<meta http-equiv='Relfresh' content='5' />|s p/WYM httpd/ v/$1/ i/Gadspot NC1000-L10 webcam http config/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WYM/([\w._-]+)\r\n.*<TITLE>Video Server \(V([\w._-]+)\)</TITLE>\n<META NAME=\"Author\" CONTENT=\"ChenXiaohui\">\n<!-- Get Server or DVR-->|s p/WYM httpd/ v/$1/ i/Gadspot Video Server $2 http config/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>TallyGenicom Intelliprint (\w+)</TITLE>\r\n| p/TallyGenicom Intelliprint $1 http config/ d/printer/
match http m|^HTTP/1\.0 \d\d\d .*\r\n<META HTTP-EQUIV=\"Content-Style-Type\" content=\"text/css\">\r\n<TITLE>[^\r\n<]+ WJ-HD220 [^\r\n<]+</TITLE>|s p/Panasonic WJ-HD220 http config/ d/media device/
match http m|^HTTP/1\.1 \d\d\d .*<title>([\w-]+) Network Camera</title>|s p/Panasonic $1 webcam http config/ d/webcam/ cpe:/h:panasonic:$1/a
match http m|^HTTP/1\.0 200 OK\r\n.*<TITLE>Network Camera</TITLE>.*<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1;URL=CgiStart\">|s p/Panasonic BB-HCM331 Network Camera http config/ d/webcam/
match http m|^HTTP/1\.1 302 Object Moved\r\nServer: NS_([\w._-]+)\r\nLocation: http://([\w._-]+)/wts\r\n| p/NS httpd/ v/$1/ i/Windows Terminal Server/ o/Windows/ h/$2/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w._-]+)\r\n.*<TITLE>ProLine</TITLE>.*setTimeout\( \"window\.location\.href = 'homeSumBS\.htm'\", 100 \) ;   // 0\.1 second delay\r\n</script>|s p/RapidLogic httpd/ v/$1/ i/ProLine ADSL router http config/ d/broadband router/ cpe:/a:rapidlogic:httpd:$1/
match http m|^<HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY><H1>Error</H1>Bad request or resource not found\.</BODY></HTML>\0$| p/Panasonic DP-1820E printer http config/ d/printer/ cpe:/h:panasonic:dp-1820e/a
match http m|^HTTP/1\.0 200 OK\r\nServer: Contiki/([\w._-]+) http://www\.sics\.se/(?:~adam/)?contiki/\r\n| p/Contiki httpd/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: GoAhead-Webs\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Wireless Router \(username: admin\)\"\r\n.*<body background=/menu-images/config_bg\.gif>|s p/GoAhead WebServer/ i/ZyXEL P-330W WAP http config/ d/WAP/ cpe:/a:goahead:goahead_webserver/ cpe:/h:zyxel:p-330w/a
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n.*<title>Canopy Home Page</title>\r\n.*<frame name=\"leftFrame\" noresize src=\"smleft\.html\">\r\n|s p/Motorola Canopy WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 Ok\r\nServer: micro_httpd\r\n.*cfeVersion = '1\.0\.37-0\.7';\nif \(cfeVersion\.charAt\(9\) == '7'\)\n   document\.writeln\(\"<title>Tecom AH4222</title>\"\);\nelse\n   document\.writeln\(\"<title>Tecom AH4021</title>|s p/micro_httpd/ i/Tecom AH4222 router http config/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 200 Ok\r\nServer: micro_httpd\r\n.*cfeVersion = '1\.0\.37-0\..';\nif \(cfeVersion\.charAt\(9\) == '7'\)\n   document\.writeln\(\"<title>Tecom AH4222</title>\"\);\nelse\n   document\.writeln\(\"<title>Tecom AH4021</title>|s p/micro_httpd/ i/Tecom AH4021 router http config/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Please enter your user name and password on C54APRA\"\r\n|s p/Conceptronic C54APRA WAP http config/ d/WAP/ cpe:/h:conceptronic:c54apra/a
match http m|^HTTP/1\.1 200 Ok\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nSet-Cookie: SessId=.*HREF=\"/theme/main\.css\".*TD\.calMonth SPAN\n|s p/Floosietek FTgate webmail httpd/
match http m|^HTTP/1\.1 200 Ok\r\nServer: FTGate ([\w._-]+)\r\nDate: \d\d\d\d/\d\d/\d\d \d\d:\d\d:\d\d  GMT\r\n| p/Floosietek FTgate webmail httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html;\r\n.*<TITLE>Aastra ([\w._+-]+)</TITLE>|s p/Aastra $1 VoIP phone http config/ d/VoIP phone/ cpe:/h:aastra:$1/a
match http m|^HTTP/1\.0 200 OK\r\n.*<img src=\"images/chumby_logo\.png\">.*<font size=10>Welcome to Chumby</font>|s p/Chumby chumbhttpd/ d/media device/
match http m|^HTTP/1\.1 200 OK\n.*<resolved count='\d+' ommitted='\d+' chumbhowld_ver='([\w._-]+)'>|s p/Chumby chumbhowld/ v/$1/ d/media device/
match http m|^HTTP/1\.1 200 OK\r \nContent-type: text/xml\r\n.*<resolved count='\d+' ommitted='\d+' chumbhowld_ver='([\w._-]+)'>\n</resolved>\r\n|s p/Chumby One chumbhowld/ v/$1/ d/media device/
match http m|^HTTP/1\.1 200 OK\r \nContent-type: text/xml\r\n.*<resolved count='\d+' ommitted='\d+' chumbhowld_ver='([\w._-]+)'>\n<resolve interface='\d+' name='([\w._-]+)' type='_http\._tcp\.'|s p/Chumby One chumbhowld/ v/$1/ d/media device/ h/$2/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<html>\r\n.*if \(window != top\) {\r\n\t\t\t\t\t\t// Load page in the top frame\.\r\n\t|s p/Dell OpenManage httpd/ d/remote management/ cpe:/a:dell:openmanage/
match http m|^HTTP/1\.1 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"Linksys BEFSR41v3\"\r\n| p/Linksys BEFSR41v3 http config/ d/broadband router/ cpe:/h:linksys:befsr41v3/a
match http m|^HTTP/1\.1 200 OK\r\n.*<title>ZyWALL ([\w._+-]+)</title>|s p/ZyXEL ZyWALL $1 http config/ d/security-misc/
match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Server:  \r\n)?Cache-Control: no-cache, private\r\nPragma: no-cache\r\nExpires: Mon, 16 Apr 1973 13:10:00 GMT\r\n.*<title>ZyWALL ([ \w._+-]+)</title>|s p/ZyXEL ZyWALL $1 http config/ d/security-misc/ cpe:/h:zyxel:zywall_$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Server:  \r\n)?Cache-Control: no-cache, private\r\nPragma: no-cache\r\nExpires: Mon, 16 Apr 1973 13:10:00 GMT\r\n.*<title>(U[\w._+-]+)</title>|s p/ZyXEL ZyWALL $1 http config/ d/security-misc/ cpe:/h:zyxel:zywall_$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Server:  \r\n)?Cache-Control: no-cache, private\r\nPragma: no-cache\r\nExpires: Mon, 16 Apr 1973 13:10:00 GMT\r\n|s p/ZyXEL ZyWALL http config/ d/security-misc/
match http m|^HTTP/1\.1 200 OK\r\nContent-length: \d+\r\nExpires: -1\r\nContent-type: application/sxp\r\nPragma: no-cache\r\nCache-control: no-cache\r\n\r\n\(ls \)| p/Xen http config/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"NB5580\"\r\n| p/Netcomm NB5580 http config/ d/broadband router/ cpe:/h:netcomm:nb5580/a
match http m|^HTTP/1\.0 302 Found\nServer: Alpha_webserv\nDate: .*\r\nContent-Type: text/html\nAccept-Ranges: bytes\nLocation: /public/login\.htm\nX-Pad: avoid browser bug\n\n| p/D-Link DIR-100 http config/ d/broadband router/ cpe:/h:dlink:dir-100/a
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n.*<font color=\"#FFFFFF\" size=\"4\">Cisco Systems, Inc\. IP Phone (CP-\w+) \( (\w+) \)|s p/Allegro RomPager/ v/$1/ i/Cisco $2 VoIP phone http config; serial $3/ d/VoIP phone/ cpe:/a:allegro:rompager:$1/ cpe:/h:cisco:$2/a
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n\r\n<HTML>\n<HEAD>\n<TITLE>NetBotz Network Monitoring Appliance -  </TITLE>|s p/Allegro RomPager/ v/$1/ i/NetBotz network monitor http config/ d/security-misc/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 302 Redirect\r\nServer: GoAhead-Webs\r\nDate: .*\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://Device/config/log_off_page\.htm\r\n|s p/GoAhead WebServer/ i/LinkSys SLM2024 or SRW2008 - SRW2016 switch http config/ d/switch/ cpe:/a:goahead:goahead_webserver/a
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: WebtoB/([\w._-]+)\r\n| p/TmaxSoft WebtoB httpd/ v/$1/
match http m|^HTTP/1\.0 200 .*<head><meta http-equiv=\"refresh\" content=\"0; URL=cgi-bin/webif/info\.awx\" /><title>Webif&sup2; Administration Console</title>|s p/X-WRT Webif WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\n.*<TITLE>\r\nWorkCentre (\d+) - [\d.]+\r\n</TITLE>|s p/Fuji-Xerox WorkCentre $1 printer http config/ d/printer/
match http m|^HTTP/1\.0 200 OK\r\n.*<title>VoIP ATA400 \(4FXS\) Web Configuration Pages</title>|s p/4FXS ATA400 VoIP adapter http config/ d/VoIP adapter/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Linksys (WAG\w+)\n\"\r\n| p/Linksys $1 WAP http config/ d/WAP/ cpe:/h:linksys:$1/a
match http m|^HTTP/1\.[01] 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: iPhone lighttpd\r\n|s p/iPhone lighttpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n.*<A HREF=\"/nic/printerstat\"><IMG SRC=\"/nic/Images/but3\.jpg\"|s p/Allegro RomPager/ v/$1/ i/Kyocera 7035 printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:kyocera:7035/a
match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: ALEX_.*\r\nServer: Alexandrie\d+ \(by GBConcept\)\r\n|s p/GBConcept Alexandrie httpd/
match http m|^HTTP/1\.0 200 OK\r\nServer: XmskSvr\r\nContent-Type: text/plain\r\nContent-Length: \d+\r\n\r\nX-MSK http Server ([\w._-]+) | p/Xensoft X-MSK httpd/ v/$1/
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n.*<TITLE>RICOH FAX (\w+) / RICOH Network Printer|s p/Allegro RomPager/ v/$1/ i/Richoh $2 printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.[01] 401 Unauthorized.*\r\nWWW-Authenticate: Basic [rR]ealm=\"DSL-(\w+)\"|s p/D-Link $1 DSL router http config/ d/broadband router/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.1 200 .*<title>Apt-cacher version ([\w._-]+): Daemon mode</title>|s p/Apt-cacher httpd/ v/$1/ cpe:/a:debian:apt-cacher:$1/
match http m|^HTTP/1\.1 404 .*<title>Not Found, APT Reconfiguration required</title>|s p/Apt-cacher-ng httpd/ i/misconfigured/ cpe:/a:debian:apt-cacher/
match http m|^HTTP/1\.0 200 OK\r\nServer: inets/develop\r\n.*{\"couchdb\": \"Welcome\", \"version\": \"([\w._-]+)\"}\n|s p/CouchDB REST httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: MochiWeb/1\.0 \(.*?\)\r\nDate: .*\r\nContent-Type: text/plain;charset=utf-8\r\nContent-Length: \d+\r\nCache-Control: must-revalidate\r\n\r\n{\"couchdb\":\"Welcome\",\"version\":\"([^"]+)\",\"couchbase\":\"([^"]+)\"}\n| p/CouchDB REST httpd/ v/$1/ i/couchbase $2/ cpe:/a:mochiweb_project:mochiweb/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\nCache-Control: no-cache\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"DSL Router\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H4>401 Unauthorized</H4>\nAuthorization required\.\n| p/micro_httpd/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 200(?:[^\r\n]+\r\n)*?\r\n\r\n<HTML><HEAD><TITLE>Lankacom RouterOS Managing Webpage</TITLE>|s p/Lankacom router http config/ d/router/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Comanche/([\w._-]+) \(unix\) \r\n|s p/Comanche smalltalk httpd/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\n\r\n.*<br>Ability FTP Server ([\w._-]+) by Code-Crafters<br>|s p/Code-Crafters Ability FTP Server http interface/ v/$1/ o/Windows/ cpe:/a:code-crafters:ability_ftp_server:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: WYM/([\w._-]+)\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Welcome to IPCam !\"\r\n| p/WYM httpd/ v/$1/ i/Grandtec wifi webcam http config/ d/webcam/
match http m|^HTTP/1\.0 404 Error 404 : Domain Not Found.*\r\nServer: MMM BosServer/([\w._-]+)\r\n|s p/MMM BosServer httpd/ v/$1/
match http m|^HTTP/1\.0 200 CREATED\r\nDate: .*\r\nExpires: .*\r\nServer: WhatsUp_Gold/([\w._-]+)\r\n| p/WhatsUp Gold httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nServer: SNARE/([\w._-]+)\r\nMIME-version: [\d.]+\r\nContent-type: text/html\r\n\r\n<HTML><head><title>InterSect Alliance - Information Technology Security</title>| p/InterSect Alliance SNARE httpd/ v/$1/ cpe:/a:intersectalliance:system_intrusion_analysis_and_reporting_environment:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: SimpleHTTP/([\w._-]+) Python/([\w._-]+)\r\n.*<title>NPAD Diagnostics|s p/NPAD Diagnostics httpd/ i/SimpleHTTP $1; Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/
match http m|^HTTP/1\.1 401 Unathorized\r\nWWW-Authenticate: BASIC realm=\"PY Software Active WebCam\"\r\n| p/PY Software Active webcam httpd/ d/webcam/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Linksys WAG200G \"\r\n| p/Linksys WAG200G http config/ d/WAP/ cpe:/h:linksys:wag200g/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"Thomson_cwmp_([\w._-]+)\", nonce=| p/Thomson TR-069 remote access/ v/$1/ d/broadband router/
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Thomson\"\r\nConnection: close\r\nPragma: no-cache\r\n\r\n<html><head><title>HTTP 401 - Unauthorized</title></head><body><h4>HTTP 401 - Unauthorized</h4><p>Authorization is required to access the configuration server\.<p>You must enter the correct username and/or password\.</body></html>\r\n$| p/Thomson TWG850 router http config/ d/router/ cpe:/h:thomson:twg850/
match http m|^HTTP/1\.0 200 OK\r\nServer: sks_www/([\w._-]+)\r\n| p/SKS OpenPGP Key Server httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nCOMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition\r\n| p/Microsoft Commerce Server 2002 httpd/ o/Windows/ cpe:/a:microsoft:commerce_server:2002/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\n<title>EpsonNet WebManager</title>|s p/EpsonNet WebManager httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nServer: SilverStream Server/([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"Novell exteNd Application Server\"\r\n| p/SilverStream httpd/ v/$1/ i/Novell exteNd Application Server/
match http m|^HTTP/1\.0 \d\d\d .*<title>EvoCam</title>\n</head>\n\n<body bgcolor=\"e3e3e3\">\n<center>\n<applet archive=\"evocam\.jar\" code=\"com\.evological\.evocam\.class\"|s p/Evological Evocam http config/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.0 200\r\n.*<font size=\"1\" face=\"Verdana\" color=\"#FF3300\">UDS10/100/IAP\r\nVersion ([\w._-]+)&nbsp;|s p/Lantronix UDS10 ethernet-serial http config/ v/$1/ d/specialized/
match http m|^HTTP/1\.1 200 OK\r\nServer: TriActive MicroAgent \(([\w._-]+)\)\r\n| p/TriActive MicroAgent httpd/ v/$1/
match http m|^HTTP/1\.0 302 Found\r\nLocation: /login\.app\r\nContent-Lenght: 0\r\n\r\n$| p/NetXMS httpd/
match http m|^HTTP/1\.1 200 OK\r\nCONTENT-LANGUAGE:\r\nCONTENT-LENGTH: 0\r\nCONTENT-TPYE: text/xml\r\nDATE: .*\n\r\n\r\n\(null\)| p/Syabas Popcorn Hour media player http config/ d/media device/ cpe:/h:syabas:popcorn_hour/
match http m|^HTTP/1\.0 404 Not Found\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>404 Not Found</TITLE><H1>Requested file not exist! \(404 Not Found\)</H1>\n<BR>\n</BODY></HTML>\n$| p/Syabas Popcorn Hour media player BitTorrent interface/ d/media device/ cpe:/h:syabas:popcorn_hour/
match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nServer: RadiaMessagingService/([\w._-]+)\r\n| p/HP SIM NVDKIT.exe http config/ i/RadiaMessagingService $1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Virata-EmWeb/R([\d_]+)\r\n.*<hr noshade size=\"3\" width=\"100%\">\n<p class=\"alert\">\nYou need to supply a valid user name and password\.\n|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Allied Data CopperJet http config/ d/broadband router/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nServer: SMSSMTPHTTP\r\n| p/Symantec smtp mail security http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: MediabolicMWEB/([\w._-]+)\r\n|s p/Mediabolic http config/ v/$1/ d/storage-misc/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: MediabolicMWEB/\r\nConnection: close\r\n\r\n<h1>Error</h1>Page not found!\r\n$|s p/Mediabolic http config/ i/Thecus N5200 NAS/ d/storage-misc/ cpe:/h:thecus:n5200/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Ubicom/([\w._-]+)\r\n.*<title>SMC StreamEngine Router : Login</title>|s p/Ubicom httpd/ v/$1/ i/SMC StreamEngine router http config/ d/router/ cpe:/a:ubicom:httpd:$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: d-Box network\r\n\r\n| p/Dreambox streaming audio httpd/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nDate: .*\r\nServer: jtvchat\r\n\r\n<html>\n<head><title>Justin\.tv chat servers</title>| p/justin.tv chat server httpd/
match http m|^HTTP/1\.0 200 OK\r\n.*\r\n<TITLE>bric_web_gui</TITLE>\r\n</HEAD>\r\n<BODY bgcolor=\"#555577\">\r\n<!-- URL's used in the movie-->\r\n<!-- text used in the movie-->|s p/Comrex Access BRIC http config/ d/telecom-misc/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w._-]+)\r\n.*<!-- saved from url=\(\d+\)http://internet\.e-mail -->.* \r\n<link href=\"miniAP\.css\"|s p/RapidLogic httpd/ v/$1/ i/3Com 7760 WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:3com:7760/a
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: I\.T\. Watchdogs, Inc\. Embedded Web Server \(v([\w._-]+)\)\r\n| p/I.T. Watchdogs Embedded httpd/ v/$1/ d/specialized/
match http m|^HTTP/1\.0 200 (?:OK)?\r\nServer: A-B WWW/([\w._-]+)\r\n.*<title>1763-|s p/Allen-Bradley 1763 MicroLogix 1100 logic controller http config/ i/A-B WWW $1/ d/specialized/
match http m|^HTTP/1\.0 200 OK\r\nPragma:no-cache\r\n.*<title>IBM NPS 540\+/542\+; IP address:|s p|IBM NPS 540+/542+ print server http config| d/print server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: UltiDev Cassini/([\w._-]+)\r\n| p/UltiDev Cassini httpd/ v/$1/ o/Windows/ cpe:/a:ultidev:cassini:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Swiftbase Ltd\. Embedded Web Server \(v([\w._-]+)\)\r\n.*<TITLE>Swift-CM2</TITLE>|s p/Swiftbase Ltd. Climate Monitor http config/ v/$1/ d/specialized/
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n.*<title>\nLexmark C500</title>|s p/Allegro RomPager/ v/$1/ i/Lexmark C500 printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:lexmark:c500/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Siemens ADSL SL2-141\"\r\n|s p/micro_httpd/ i/Siemens SL2-141 ADSL router http config/ d/broadband router/ cpe:/a:acme:micro_httpd/ cpe:/h:siemens:sl2-141/a
match http m|^HTTP/1\.0 401 Not Authorized\r\nServer: RapidLogic/([\w._-]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Modem Secure\"\r\n| p/RapidLogic httpd/ v/$1/ i/Westell Wirespeed DSL modem http config/ d/broadband router/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: NT40\r\n.*<title>NT([\w._-]+) - Multiprotocol chat tool</title></head><body><BR><BR><center><b>NT4\.0 Network</b><br><br>Server: (\S+) - \(([\w._-]+)\)<br>Local users connected: (\d+) // Connected to \d+ servers</center><br>Service uptime: ([\d:]+)<br>|s p/NT4.0 Multiprotocol Chat httpd/ v/$1/ i/Name $2; Users $4; Uptime $5/ h/$3/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: http server\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nWWW-Authenticate: Basic realm=\"Citadel\"\r\n| p/Atera Networks Citadel firewall http config/ d/firewall/
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: IST OIS\r\n.*<title>Phone&nbsp;Station&nbsp;Information</title>|s p/AllWorx 9212 VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: Agranat-EmWeb/R([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"GbE2c Ethernet Blade Switch for HP c-Class BladeSystem\"\r\n\r\n401 Unauthorized\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/HP GbE2c Ethernet Blade Switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: Agranat-EmWeb/R([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(GbE2c) L2/L3 Ethernet Blade Switch(?: \(TACACS server enabled\))?\"\r\n\r\n401 Unauthorized\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/HP $2 Ethernet Blade Switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 200 Okay\r\n(?:[^\r\n]+\r\n)*?Server: PLT Scheme\r\n|s p/PLT Scheme httpd/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Swazoo ([\w._-]+) Smalltalk Web Server\r\n| p/Swazoo Smalltalk httpd/ v/$1/
match http m|^HTTP/1\.1 401 OK\r\nContent-Length: 0\r\nConnection: Keep-Alive\r\nWWW-Authenticate: Basic realm=\"/\"\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nEXT: UCoS, UPnP/1\.0, UDI/1\.0\r\n| p/Universal Devices Insteon home automation http config/ d/specialized/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: AUTHKEY=\r\n.*<TITLE>Welcome to Mailtraq WebMail</TITLE>|s p/Mailtraq WebMail httpd/ o/Windows/ cpe:/a:mailtraq:mailtraq/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nServer: TopLayer/([\w._-]+)\r\n.*ALT=\"Welcome to the AppSwitch\"|s p|Top Layer Networks AppSafe/AppSwitch IDS http config| v/$1/
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Mbedthis-AppWeb/([\w._-]+)\r\n.*<title>BT Home Hub manager - Home</title>|s p/Mbedthis-Appweb/ v/$1/ i/BT Home Hub http config/ d/broadband router/ cpe:/a:mbedthis:appweb:$1/
match http m|^HTTP/1\.1 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: MoxaHttp/([\w._-]+)\r\n.*<TITLE>NPort Web Console</TITLE>|s p/MoxaHttp/ v/$1/ i/Moxa NPort serial to IP http config/ d/specialized/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: MoxaHttp/([\w._-]+)\r\n|s p/MoxaHttp/ v/$1/ d/specialized/
match http m|^HTTP/1\.1 200 OK\r\nDate: Wed, 19 Feb 2003 09:00:00 GMT\r\nServer: Http/1\.0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nContent-length: 22016\r\nSet-Cookie: ChallID=\d+\r\n\r\n| p/MoxaHttp/ d/specialized/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-store\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html>\n<style>a{text-decoration:none}</style>\n<body vlink=black bgcolor=\"#99ccff\">\n<center>\n<h1>Invalid Access</h1>\n</center>\n</p></body>\n</html>\n\n\n| p/Cisco ATA186 VoIP adapter http config/ d/VoIP adapter/ cpe:/h:cisco:ata186/a
match http m|^HTTP/1\.0 200 OK\r\nServer: http server ([\w._-]+)\r\nContent-type: text/html; charset=\(null\)\r\n.*<script>location\.href=\"http://\"\+location\.hostname\+\":\"\+8080\+\"/\";</script></head></html>\n$|s p/QNAP TS-109 NAS http config/ v/$1/ d/storage-misc/ cpe:/h:qnap:ts-109/
match http m|^HTTP/1\.0 200 OK\r\nServer: http server ([\w._-]+)\r\n.*<title>NAS</title>\n<script language=\"JavaScript\">\n\nfunction setCookie\(name, value, expires\)\n|s p/QNAP TS-109-II NAS http config/ v/$1/ d/storage-misc/ cpe:/h:qnap:ts-109-ii/
match http m|^HTTP/1\.0 200 OK\r\nServer: http server ([\w._-]+)\r\n.*<script>\npr=\(document\.location\.protocol == 'https:'\) \? 'https' : 'http';\npt=\(location\.port == ''\) \? '' : ':' \+ location\.port;\nredirect_suffix = \"/redirect\.html\?count=\"\+Math\.random\(\);|s p/QNAP TS-219, TS-239, or TS-509 NAS http config/ v/$1/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nServer: http server ([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Content-length: 553\r\n.*{\nlocation\.href=pr\+\"://\"\+location\.hostname\+pt\+redirect_suffix;\n}\nelse\t//could be ipv6 addr\n|s p/QNAP HS-210 or TS-219P NAS http config/ v/$1/ d/storage-misc/ cpe:/h:qnap:ts-219p/
# TS-659 or TS-859U-RP+
# QNAP NAS TS-809U, QNAP HS-210
match http m|^HTTP/1\.0 200 OK\r\nServer: http server ([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Content-length: 291\r\n.*if\(location\.hostname\.indexOf\(':'\) == -1\){location\.href='http://'\+location\.hostname\+':'\+8080\+'/';\n}|s p/QNAP HS-210, TS-659, TS-809U, or TS-859U NAS http config/ v/$1/ d/storage-misc/ o/Linux/ cpe:/o:linux:linux_kernel:2.6/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: http server 1\.0\r\n| p/QNAP NAS http config/ d/storage-misc/
match http m|^HTTP/1\.0 302 Found\r\nServer: http server ([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Location: https://\r\n<HTML><HEAD><TITLE>302 Found</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H2>302 Found</H2>\nThe actual URL is '/'\.\n$|s p/QNAP TS-419P+ NAS http config/ v/$1/ d/storage-misc/ cpe:/h:qnap:ts-419p%2b/
match http m|^HTTP/1\.0 501 Not Implemented\r\nServer: http server ([\w._-]+)\r\nContent-type: text/html\r\n.*<script type=\"text/javascript\" src=\"/ajax_obj/extjs/adapter/ext/ext-base\.js\"></script>\n<script> IEI_NAS_BUTTON_BACK=\"Back\";</script>|s p/QNAP Turbo or TS-459 Pro+ NAS http config/ v/$1/ d/storage-misc/
match http m|^HTTP/1\.0 404 no application for: /\r\nServer: HttpServer\r\n\r\n$| p/Galleon TiVo Application Port http config/ d/media device/
match http m|^HTTP/1\.0 404 File not found\r\nServer: HttpServer\r\n\r\n$| p/Galleon TiVo Publishing Port http config/ d/media device/
match http m|^HTTP/1\.1 302 Redirect\r\nServer: GoAhead-Webs\r\nDate: .*\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://\(null\)/config/log_off_page\.htm\r\n\r\n| p/GoAhead WebServer/ i/Dell PowerConnect Gigabit switch http config/ d/switch/ cpe:/a:goahead:goahead_webserver/a
match http m|^HTTP/1\.0 301 Moved Permanently\r\nContent-Length: 0\r\nConnection: close\r\nLocation: /main/main\.html\r\nServer: debut/([\w._-]+)\r\n\r\n| p/debut httpd/ v/$1/ i/Brother MFC-8860DN printer http config/ d/printer/ cpe:/h:brother:mfc-8860dn/a
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nServer: Avocent DSView ([\w._/-]+)\r\nLocation: https://([\w._-]+)/dsview/\r\nConnection: close\r\n\r\n| p/Avocent DSView remote management httpd/ v/$1/ h/$2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: RAID HTTPServer/([\w._-]+)\r\n| p/Sun StorEdge 3511 http config/ v/$1/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n.*<title>Samsung Printer Status</title>.*var contentURI = \"/general/printerDetails\.htm\"|s p/Samsung printer http config/ d/printer/
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nServer: Ubicom/([\w._-]+)\r\n.*<title>NETGEAR WNHDE111 |s p/Ubicom httpd/ v/$1/ i/Netgear WNHDE111 WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/ cpe:/h:netgear:wnhde111/a
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Server\r\n.*<title>[nN]euf ?box -&nbsp;Accueil</title>|s p/SFR Neuf Box DSL modem http config/ d/broadband router/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Axigen-Webmail\r\n|s p/Axigen webmail httpd/ cpe:/a:gecad:axigen_mail_server/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Axigen-Webadmin\r\n|s p/Axigen webadmin httpd/ cpe:/a:gecad:axigen_mail_server/
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n\r\n<HTML><HEAD>\n<META NAME=\"GENERATOR\" CONTENT=\"Microsoft FrontPage 3\.0\">\n<TITLE></TITLE>.*<frame NAME=\"fInfo\" scrolling=\"no\" noresize src=\"/html/Hlogin\.html\"|s p/Allegro RomPager/ v/$1/ i/Amer.com SSR22i switch http config/ d/switch/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nServer: eSoft\r\nX-Powered-By: PHP/([\w._-]+)\r\nLocation: https://ThreatWall/\r\n| p/eSoft ThreatWall IPS http config/ i/PHP $1/ d/security-misc/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: NetPort Software ([\w._-]+)\r\nDate: .*\r\nContent-type: text/html\r\n\r\n<html>\n<head>\n<title>(.*) - VSX 7000A</title>| p/NetPort httpd/ v/$1/ i/Polycom VSX 7000A http config; name $2/ d/webcam/ cpe:/h:polycom:vsx_7000a/a
match http m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Virata-EmWeb/R([\w._-]+)\r\nLocation: https://[\w._-]+/\+webvpn\+/index\.html\r\n| p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Cisco WebVPN http config/ d/security-misc/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 200 OK\r\nServer: dtHTTPd/([\w._-]+)\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\"><HTML><HEAD><TITLE>(UX-\w+)</TITLE>| p/dtHTTPd/ v/$1/ i/Sharp Broadband $2 Fax http config/ d/printer/ cpe:/h:sharp:$2/
match http m|^HTTP/1\.0 200 OK\r\nServer: dtHTTPd/([\w._-]+)\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\"><HTML><HEAD><TITLE>(FO-\w+)</TITLE>| p/dtHTTPd/ v/$1/ i/Sharp $2 printer http config/ d/printer/ cpe:/h:sharp:$2/
match http m|^HTTP/1\.1 200 OK\r\nServer: Conexant-EmWeb/R([\w._-]+) SIPGT/([\w._-]+)\r\n.*<title>Login page</title>.*<img src=\"images/ixlogga\.gif\"|s p/Conexant-EmWeb/ v/$SUBST(1,"_",".")/ i/Intertex IX68 WAP http config; SIPGT $2/ d/WAP/ cpe:/a:conexant:emweb:$SUBST(1,"_",".")/a cpe:/h:intertex:ix68/a
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n.*<title>NOTE: The requested URL could not be retrieved</title>.*background-image: url\(/html/de/images/bg_ramp\.jpg\);\r\n|s p/AVM FRITZ!Box WAP http config/ d/WAP/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n.*<title>Note: The requested URL could not be retrieved\.</title>.*background-image: url\(\.\./\.\./de/images/bg_ramp\.jpg\);\n|s p/AVM FRITZ!Box WLAN 7270 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: \d+\r\nContent-Type: text/html.*\r\nPragma: no-cache\r\nServer: Webserver\r\nWWW-Authenticate: Basic realm=\"HTTPS Access\"\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized \(ERR_ACCESS_DENIED\)</TITLE></HEAD><BODY><H1>401 Unauthorized</H1><BR>ERR_ACCESS_DENIED<HR><B>Webserver</B>| p/AVM FRITZ!Box WAP http config/ d/WAP/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: lighttpd[/ ]([\d.]+) \(([^)]+)\)\r\n|si p/lighttpd/ v/$1/ i/$2/ cpe:/a:lighttpd:lighttpd:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: lighttpd[/ ]([\d.]+)\r\n|si p/lighttpd/ v/$1/ cpe:/a:lighttpd:lighttpd:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: lighttpd|si p/lighttpd/ cpe:/a:lighttpd:lighttpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\nCache-Control: no-cache\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"U\.S\. Robotics ADSL Router\"\r\n| p/micro_httpd/ i/USRobotics USR9107A ADSL http config/ d/broadband router/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\nDate: .*<SCRIPT language=Javascript src=\"language_us\.js\"></SCRIPT>\n<SCRIPT>assign_var\(\);</SCRIPT>\n<SCRIPT language=JavaScript src=\"showMenu\.js\"></SCRIPT>\n<SCRIPT>\n\tvar helpItem \t='indexa';|s p/Belkin N1 F5D8231-4 WAP http config/ d/WAP/ cpe:/h:belkin:n1_f5d8231-4/a
match http m|^<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/1999/REC-html401-19991224/loose\.dtd\">\n<HTML>\n<HEAD>\n<TITLE>Mac OS X Personal Web Sharing</TITLE>.*<H1>Your website here\.</H1>|s p/REALbasic 2008 example httpd/
match http m|^HTTP/1\.1 200\r\n.*<TITLE>ProjectorView Control System</TITLE>.*CODE=com\.mitsubishi\.x500u\.X500UApplet\.class\r\n|s p/Mitsubishi Projector XD1000 http config/ d/media device/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\nCache-Control: no-cache\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Wireless Router\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H4>401 Unauthorized</H4>\nAuthorization required\.\n| p/Asus wl-600g WAP http config/ d/WAP/ cpe:/a:acme:micro_httpd/ cpe:/h:asus:wl-600g/a
match http m|^HTTP/1\.0 301 Moved Permanently\r\nCache-Control: no-cache\r\nConnection: close\r\nPragma: no-cache\r\nLocation: /TopAccess/default\.htm\r\nServer: TOSHIBA TEC CORPORATION\r\n| p/Toshiba Tec printer http config/ d/printer/
match http m|^HTTP/1\.0 303 See Other\r\nLocation: http://[\w._-]+:8080\r\n\0 .*\rContent-Length: 0\r\n\r\n| p|Toshiba e-STUDIO 233 copier/printer/fax http config| d/printer/
match http m|^HTTP/1\.1 302 Redirect\r\nServer: GoAhead-Webs\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://[\w._-]+/index\.asp\r\n\r\n<html><head></head><body>\r\n\t\tThis document has moved to a new| p/GoAhead WebServer/ i/Dell PowerConnect 3024 switch http config/ d/switch/ cpe:/a:goahead:goahead_webserver/ cpe:/h:dell:powerconnect_3024/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: GoAhead-Webs\r\nDate: .*\r\nConnection: Close\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://\xee{64}/index\.html\r\n\r\n<html><head></head><body>\r\n\t\tThis document has moved to a new| p/GoAhead WebServer/ i/Allen-Bradley ControlLogix 1769-L35E automation controller http config/ d/specialized/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.1 200 OK\n\n<html>\n<head>\n<title>Touchstone Status</title>| p/Arris Touchstone cable modem http config/ d/broadband router/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\nCache-Control: no-cache\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"ROTAL Wireless ADSL2\+ Router\"\r\n| p/micro_httpd/ i|ROTAL/Dynalink WAP http config| d/WAP/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Oversee Webserver v([\w._-]+)\r\n| p/Oversee httpd/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: GlobalSCAPE-Secure Server/([\w._-]+)\r\n| p/GlobalSCAPE Secure Server httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: GlobalSCAPE-EFTServer/([\w._-]+)\r\n| p/GlobalSCAPE EFT Server httpd/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm=\"\"\r\nContent-Length: .*\r\nCache-control: private\r\nPragma: no-cache\r\nConnection: close\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\n\r\n| p/GlobalSCAPE EFT Server httpd/
match http m|^<html>\n\n<head>\n<title>HTML-Konfiguration</title>\n\n<SCRIPT language=\"JavaScript\">\n<!--\n\n\nfunction rahmen\(but,high\)| p|Targa WR500/Speedport WV500V WAP http config| i/Bitswitcher firmware/ d/WAP/
match http m|^\[ menu  \]   - Control packet filtering\r\n5 - Logs            \[ menu  \]   - Alarm and log control\r\n6HTTP/1\.0 200 OK\r\n.*<font color=\"#ffffff\">Aironet BR500E V([\w._-]+)</td>|s p/Cisco Aironet BR500E WAP http config/ v/$1/ d/WAP/ cpe:/h:cisco:aironet_br500e/a
match http m|^HTTP/1\.1 401 Authorization Required\r\nDate: .*\r\nServer: mini-http/([\w._-]+) \(unix\)\r\nConnection: close\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=user\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">| p/Kemp 2500 load balancer http config/ i/mini-http $1/ d/load balancer/ o/Unix/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: \"Pi3Web/([\w._-]+)\"\r\n|s p/Pi3Web httpd/ v/$1/
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"VoIP841\"\r\n(?:[^\r\n]+\r\n)*?Server: simple httpd ([\w._-]+)\r\n|s p/simple httpd/ v/$1/ i/Philips DECT VoIP841 http config/ d/VoIP phone/ cpe:/h:philips:dect_voip841/a
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"SPH200D\"\r\n(?:[^\r\n]+\r\n)*?Server: simple httpd ([\w._-]+)\r\n|s p/simple httpd/ v/$1/ i/Netgear SPH200D http config/ d/VoIP phone/ cpe:/h:netgear:sph200d/a
match http m|^HTTP/1\.1 403 Forbidden\r\nServer: Mediasite Web Server/([\w._-]+)\r\nDate: .*\r\nContent-Length: \d+\r\nHttpConnection: Close\r\n| p/SonicFoundry MediaSite httpd/ v/$1/ d/media device/
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Mbedthis-Appweb/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: PHP/([\w._-]+)\r\n.*<title>([\w._-]+) : Log In - Juniper Networks Web Management</title>|s p/Mbedthis-Appweb/ v/$1/ i/Juniper router http config; PHP $2; name $3/ d/router/ cpe:/a:mbedthis:appweb:$1/ cpe:/a:php:php:$2/
match http m|^HTTP/1\.1 302 Redirect\r\nServer: GoAhead-Webs\r\n(?:[^\r\n]+\r\n)*?Location: https://Device/config/log_off_page\.htm\r\n|s p/GoAhead WebServer/ i/Linksys SRW2024 switch http config/ d/switch/ cpe:/a:goahead:goahead_webserver/ cpe:/h:linksys:srw2024/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Type: text/html\r\nConnection: close\r\n(?:Pragma: no-cache\r\n)?WWW-Authenticate: Basic realm=\"Netcam\"\r\nContent-Length: 17\r\n\r\n401 Unauthorized\n$| p/Airlink 101 or TRENDnet TVIP-422w webcam http config/ d/webcam/ cpe:/h:trendnet:tvip-422w/a
match http m|^HTTP/1\.1 503 Service Unavailable\r\nServer: NS([\w._-]+)\r\nContent-Length:\d+\r\n| p/Citrix NetScaler httpd/ v/$1/ d/load balancer/
match http m|^HTTP/1\.1 [45]\d\d (.*)\r\nContent-Length: ?\d+\r\nConnection: close\r\nCache-Control: no-cache,no-store\r\nPragma: no-cache\r\n\r\n<html><body>(?:<b>)?Http/1\.1 \1| p/Citrix NetScaler httpd/ d/load balancer/
match http m|^HTTP/1\.1 500 Internal Server Error\r\nContent-Length:71\r\nConnection: close\r\nCache-Control: no-cache,no-store\r\nPragma: no-cache\r\n\r\n<html><body><b>Http/1\.1 Internal Server Error 31    </b></body> </html>$| p/Citrix NetScaler httpd/ d/load balancer/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nLast-Modified: .*\r\nContent-Language: en\r\nContent-Length: \d+\r\nServer: Wireless Network Camera\r\n\r\n<html>\r\n<frameset rows=\"2000,0\" border=\"0\" frameborder=\"no\" framespacing=\"0\">| p/LevelOne WCS-2030 webcam http config/ d/webcam/ cpe:/h:levelone:wcs-2030/a
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: wg_httpd/([\w._-]+)\(based Boa/([\w._-]+)\)\r\n.*<title>WebEye Index Page</title>\n<meta name=\"generator\" content=\"WebGateInc\">|s p/wg_httpd/ v/$1/ i/WebGateInc WebEye webcam http config; based on Boa $2/ d/webcam/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Nano HTTPD library\r\n|s p/Ferhat Ayaz's Nano httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Transmission\r\nWWW-Authenticate: Basic realm=\"Transmission\"\r\n| p/Transmission BitTorrent management httpd/ i/unauthorized/ cpe:/a:transmissionbt:transmission/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: Transmission\r\nContent-Type: text/html; charset=ISO-8859-1\r\n| p/Transmission BitTorrent management httpd/ i/unauthorized/ cpe:/a:transmissionbt:transmission/
match http m|^HTTP/1\.0 403 Forbidden\r\nServer: Transmission\r\nContent-Type: text/html; charset=ISO-8859-1\r\n| p/Transmission BitTorrent management httpd/ i/unauthorized/ cpe:/a:transmissionbt:transmission/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nServer: Transmission\r\nLocation: .*?/web/\r\nContent-Type: text/html; charset=ISO-8859-1\r\n\r\n| p/Transmission BitTorrent management httpd/ cpe:/a:transmissionbt:transmission/
match http m|^HTTP/1\.0 409 Conflict\r\nServer: Transmission\r\n| p/Transmission BitTorrent management httpd/ cpe:/a:transmissionbt:transmission/
match http m|^HTTP/1\.1 200 .*<meta http-equiv=\"Refresh\" content=\"2; url=/transmission/web/\">\r\n.*<p>redirecting to <a href=\"/transmission/web\">/transmission/web/</a></p>|s p/Transmission BitTorrent management httpd/ cpe:/a:transmissionbt:transmission/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: GoAhead-Webs\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"WebAdmin\"\r\n.*<p>Access to this document requires a User ID</p>|s p/GoAhead WebServer/ i/TeleWell TW-EA510 ADSL router http config/ d/broadband router/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Enigma2 WebInterface Server ([\w._-]+) \r\n|s p/Enigma2 Dreambox http config/ v/$1/ d/media device/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: DPH-140\r\nWWW-Authenticate: Digest realm=\"DPH-140\"| p/D-Link DPH-140 VoIP phone http config/ d/VoIP phone/ cpe:/h:dlink:dph-140/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Topfield PVR Web Server\"\r\n\r\n| p/Topfield HDPVR satellite decoder http config/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nAccept-Ranges: bytes\r\nContent-Type: text/html\r\n\r\n.*<font size=\+3>WAGO-Ethernet TCP/IP PFC</font>.*<td>Firmware revision</td>\n\n<td>([^<]+)</td>.*<td>Hardware address</td>\n\n<td>(\w+)</td>|s p/Wago ethernet controller http config/ v/$1/ i/MAC $2/
match http m|^HTTP/1\.0 200 OK\r\nServer: vxTri's Versatile Smart Server \(TVSS\) V ([\w._-]+)\r\nSet-Cookie: Intoto=.*<title> Login Screen </title>|s p/vxTri's Versatile Smart Server httpd/ v/$1/ i/Adtran Netvanta 2100 VPN Gateway http config/ d/security-misc/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Hauppauge's DVB EPG Webserver v([\w._-]+)\r\n| p/Hauppauge DVB EPG http config/ v/$1/ d/media device/
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: HCW_DVB_EPG_SERVER_([\w._-]+)\r\n.*<title>Hauppauge EPG</title>\r\n|s p/Hauppauge DVB EPG http config/ v/$SUBST(1,"_",".")/ d/media device/
match http m|^HTTP/1\.0 200 Ok.*<IMG SRC=\"compaq\.gif\" ALT=\"COMPAQ\"><BR>\r\n<H3>Remote Insight Lights-Out Edition<BR></H3>|s p|HP/Compaq Integrated Lights-Out http config| d/remote management/ cpe:/h:hp:integrated_lights-out/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nCache-Control: no-cache\r\n\r\n<html>\n<head>\n<title> Home </title>\n<script src=\"script/cookieCode\.js\"></script>\n<script language=\"JavaScript\">\n<!--\nfunction SetDefLanguage\(\)\n| p/Xerox Phaser 3500 http config/ d/printer/ cpe:/h:xerox:phaser_3500/a
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nServer: Ubicom/([\w._-]+)\r\n.*<title>WGA600N Wireless Gaming Adapter  :\r\n\t\t Login\r\n\t</title>|s p/Ubicom httpd/ v/$1/ i/Linksys WGA600N WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/ cpe:/h:linksys:wga600n/a
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Expires: -1\r\n.*<title>NetGear GS(\w+)</title>|s p/NetGear GS$1 switch http config/ d/switch/
match http m|^HTTP/1\.1 400 Error in MIME message\r\n$| p/Wyse Winterm 1200 LE terminal http config/ d/terminal/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Web Server\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"WebAdmin\"\r\n.*<p class=\"alert\">Web configuration is protected\.</p>\n\n<p><a href=\"Javascript:history\.go\(-1\)\">|s p/D-Link DSL2-300G http config/ d/broadband router/ cpe:/h:dlink:dsl2-300g/a
match http m|^HTTP/1\.0 200 .*<title>BPA430 Web Configuration Pages</title></head><script LANGUAGE=\"JavaScript\" src=\"menu\.js\">|s p/Packet8 BPA430 VoIP phone http config/ d/VoIP phone/ cpe:/h:packet8:bpa430/a
match http m|^HTTP/1\.0 200 Document follows\r\nServer: ADH-Web\r\n.*<meta name=\"author\" content=\"Dedicated Micros \(info@dmicros\.com\)\">|s p/ADH-Web httpd/ i/Dedicated Micros Digital Sprite 2 DVR http config/ d/media device/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"FR114W\"\r\nContent-type: text/html\r\n\r\n401 Unauthorized| p/NetGear FR114W WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Mbedthis-Appweb/([\w._-]+)\r\n.*<title>Openstage IP Phone User</title>.*<meta name='author' content='Siemens AG,|s p/Mbedthis-Appweb/ v/$1/ i/Siemens Openstage VoIP phone http config/ d/VoIP phone/ cpe:/a:mbedthis:appweb:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: Splunkd\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<response>\n  <messages>\n    <msg type=\"WARN\">Remote login disabled because you are using a free license which does not provide authentication\.|s p/Splunkd httpd/ i/free license; remote login disabled/ cpe:/a:splunk:splunk/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Splunkd\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<!--This is to override browser formatting; see server\.conf\[httpServer\] to disable\.|s p/Splunkd httpd/ cpe:/a:splunk:splunk/
match http m|^HTTP/1\.0 200 OK\r\n.*<!-- General javascripts -->.*var path='http://www\.axis\.com/cgi-bin/prodhelp\?prod=axis_([\w._-]+)&ver=([\w._-]+)&|s p/AXIS $1 print server http config/ v/$2/ d/print server/ cpe:/h:axis:$1/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServer: Indy/([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"KutinSoft Reboot Service\"\r\n| p/Indy httpd/ v/$1/ i/KutinSoft reboot service http config/ o/Windows/ cpe:/a:indy:httpd:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\n.*VMware Server provides a virtual machine platform, which can be managed by VMware VirtualCenter Server\.\">\r\n\r\n<title>VMware Server 2</title>|s p/VMware Server http config/ v/2/ cpe:/a:vmware:server:2/
match http m|^HTTP/1\.1 200 OK\r\n.*document\.write\(\"<title>\" \+ ID_VC_Welcome \+ \"</title>\"\);.*<meta name=\"description\" content=\"VMware VirtualCenter|s p/VMware Server http config/
match http m|^HTTP/1\.0 200 Ok\r\nServer: UI-WebServer V([\w._-]+)\r\n| p/UI-View Automatic Packet Reporting System httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Pragma: no-cache\r\n.*<!--- Page\(\d+\)=\[Login\] --->.*<TITLE>Verizon</TITLE>|s p/Verizon FIOS Actiontec http config/ d/broadband router/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n.*<!--- Page\(\d+\)=\[\] --->.*<TITLE>Management Console</TITLE>|s p/USRobotics USR8200 firewall http config/ d/firewall/ cpe:/h:usrobotics:usr8200/a
match http m|^HTTP/1\.1 200 OK\r\nServer: Synacast Media Server/([\w._-]+)\r\nConnection: close\r\n\r\n| p/Synacast Media Server http config/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: DCLK-HttpSvr\r\n| p/DoubleClick advertising httpd/
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nServer: Mono-HTTPAPI/([\w._-]+)\r\n.*<H1>Ooops!</H1><P>The page you requested has been obsconded with by knomes\. Find hippos quick!</P>|s p/Mono-HTTPAPI/ v/$1/ i/OpenSimulator http config/ cpe:/a:mono:mono:$1/
match http m|^HTTP/1\.0 404 NotFound\r\nContent-type: text/html\r\n(?:[^\r\n]+\r\n)*?Server: Tiny WebServer\r\n.*<H1>Ooops!</H1><P>The page you requested has been obsconded with by knomes\. Find hippos quick!</P><P>If you are trying to log-in, your link parameters should have: &quot;-loginpage http:///\?method=login -loginuri http:///&quot; in your link </P></BODY></HTML>|s p/C# Webserver/ i/OpenSimulator http config/ cpe:/a:gauffin_telecom:c%23_webserver/
# Based on Gauffin C# Webserver
match http m|^HTTP/1\.0 302 Redirect\r\nlocation: /login\.html\r\nDate: .*\r\nContent-Length: 0\r\nContent-Type: \r\nServer: Tiny WebServer\r\nConnection: close\r\nSet-Cookie: xsrf-token=| p/Duplicati httpserver/ cpe:/a:duplicati:httpserver/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: NetGate \r\nConnection: close\r\nContent-Type: text/html\r\n| p/AT&T NetGate VPN http config/ d/security-misc/
# Version 6.0.74
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Gateway \r\nConnection: close\r\nContent-Type: text/html\r\n| p/AT&T NetGate VPN http config/ d/security-misc/
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServer: Indy/([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"Atis Web-Server Autentica| p/Indy httpd/ v/$1/ i/Atis Surveillance camera http config/ d/webcam/ cpe:/a:indy:httpd:$1/
match http m|^HTTP/1\.0 200 KDH1_STC_OK\r\nServer: KDH/([\w_.-]+) \(([\w:]+)\)\r\n.*<title>IBM Tivoli Monitoring Service Index</title>|s p/KDH httpd/ v/$1 $2/ i/IBM Tivoli Monitoring http config/ d/remote management/
match http m|^HTTP/1\.0 401 Unauthorized\r\nMIME-Version: [\d.]+\r\nServer: SNMP Research DR-Web Agent/([\w._-]+)\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"DR-Web\"\r\n| p/SNMP Research DR-Web http config/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Winstone Servlet Engine v([\w._-]+)\r\nX-Hudson: ([\w._-]+)\r\nX-Hudson-CLI-Port: (\d+)\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: Servlet/([\w._-]+) \(Winstone/[\w._-]+\)\r\n|s p/Winstone Servlet Engine/ v/$1/ i/Hudson $2; Servlet $4; CLI port $3/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Winstone Servlet Engine v([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: Servlet/([\w._-]+) \(Winstone/[\w._-]+\)\r\n|s p/Winstone Servlet Engine/ v/$1/ i/Servlet $2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Winstone Servlet Engine v([\w._-]+)\r\n| p/Winstone Servlet Engine/ v/$1/
match http m|^HTTP/1\.0 403 Forbidden\r\nServer: Winstone Servlet Engine v([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: Servlet/([\w._-]+) \(Winstone/[\w._-]+\)\r\n|s p/Winstone Servlet Engine/ v/$1/ i/Servlet $2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nServer: SilverStream Server/([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"SilverStream\"\r\n| p/Silverstream web application management httpd/ v/$1/
match http m|^HTTP/1\.0 200 (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n.*<TITLE>SONY NSP-100 Main Page</TITLE>|s p/Allegro RomPager/ v/$1/ i/Sony NSP-100 network player http config/ d/media device/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 302 Not Found\r\nConnection: close\r\nLocation: /user/login\r\nAccept-Ranges: none\r\nServer: Sockso\r\n\r\n$| p/Sockso personal music player httpd/
match http m|^HTTP/1\.1 302 Not Found\r\nConnection: close\r\nLocation: /user/login\r\nServer: Sockso\r\n\r\n| p/Sockso personal music player httpd/
match http m|^HTTP/1\.1 303 See Other\r\nContent-Type: text/html\r\nContent-Length: 0\r\nLocation: https://[\d.]+:443/webvpn\.html\r\nSet-Cookie: webvpncontext=| p/Cisco WebVPN http config/
# This one must come after the one above to avoid matching IP address as hostname
match http m|^HTTP/1\.1 303 See Other\r\nContent-Type: text/html\r\nContent-Length: 0\r\nLocation: https://([\w.-]+):\d+/webvpn\.html\r\nSet-Cookie: webvpncontext=| p/Cisco WebVPN http config/ h/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nExpires: -1\r\n Cache-Control: no-cache\r\n.*<title>Contivity VPN Client</title>|s p/Contivity VPN Client httpd/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n.*<title>RemoteView</title>.*<frame name=\"menu\" src=\"Menu_main\.htm\" target=\"parent\.work\"|s p/Kguard Security DVR http config/ d/webcam/
match http m|^HTTP/1\.0 200 OK\r\n.*<title>LaCie Network Space NAS</title>.*<meta http-equiv=\"refresh\" content=\"0;url=/cgi-bin/public/login\">|s p/LaCie Network Space NAS http config/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nServer: Development/([\w._-]+) Python/([\w._-]+)\r\n| p/Google App Engine httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 200 OK\r\nServer: Development/([\w._-]+)\r\n| p/Google App Engine httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<html><head><title>APC Back-UPS HS 500\(BackUPS500\0\)</title>| p/APC Back-UPS HS 500 http config/ d/power-device/
match http m|^HTTP/1\.1 500 Internal Server Error\r\nConnection: close\r\nContent-Type: text/plain\r\nContent-Length: 16\r\n\r\nEAccessViolation$| p/TiVo Desktop Server http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 401 Not Authorized\r\nServer: RapidLogic/([\w._-]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Secure Realm\"\r\n\r\n\r\nAuthorization Required\r\n\r\n$| p/RapidLogic httpd/ v/$1/ i/3Com OfficeConnect WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 401 Not Authorized\r\nServer: RapidLogic/([\w._-]+)\r\nMIME-version: 1\.0\r\nPragma: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Secure Realm\"\r\n\r\n\r\nAuthorization Required\r\n\r\n$| p/RapidLogic httpd/ v/$1/ i/Linksys WAP55AG WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:linksys:wap55ag/a
match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\n\r\n.*<br>Ability Mail Server ([\w._-]+) by Code-Crafters<br>|s p/Code-Crafters Ability Mail Server http config/ v/$1/ o/Windows/ cpe:/a:code-crafters:ability_mail_server:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html><head><title>Available Databases - Banshee DAAP Browser</title>| p/Banshee DAAP browser httpd/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: FlashCom/([\w._-]+)\r\n.*<html><head><title>Wowza Media Server ([^<]*)</title></head>|s p/Adobe Flash Media Server/ v/$1/ i/Wowza Media Server $2/ cpe:/a:adobe:flash_media_server:$1/ cpe:/a:wowza:wowza_media_server:$SUBST(2," ","_")/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: FlashCom/([\w._-]+)\r\n.*<html><head><title>Wowza Streaming Engine ([^<]*)</title></head>|s p/Adobe Flash Media Server/ v/$1/ i/Wowza Streaming Engine $2/ cpe:/a:adobe:flash_media_server:$1/ cpe:/a:wowza:wowza_media_server:$SUBST(2," ","_")/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: FlashCom/([\w._-]+)\r\n.*<html><head><title>Wowza ([^<]*)</title></head>|s p/Adobe Flash Media Server/ v/$1/ i/Wowza $2/ cpe:/a:adobe:flash_media_server:$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: FlashCom/([\w._-]+)\r\n.*<\?xml version=\"1\.0\" encoding=\"utf-8\"\?>\n<result>\n\t<level>error</level>\n\t<code>NetConnection\.Connect\.Rejected</code>|s p/Adobe Flash Media Server/ v/$1/ cpe:/a:adobe:flash_media_server:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Length: \d+(?:\r\n)?Content-Type: text/html\r\n\r\n\r\n<html><body>This site is running <a href='http://www\.TeamViewer\.com'>TeamViewer</a>\.| p/TeamViewer httpd/ cpe:/a:teamviewer:teamviewer/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html><body>This site is running <a href='http://www\.TeamViewer\.com'>TeamViewer</a>\.| p/TeamViewer httpd/ cpe:/a:teamviewer:teamviewer/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html><body>This site is running <a href='http://www\.TeamViewer\.com'>TeamViewer</a>\.| p/TeamViewer httpd/ cpe:/a:teamviewer:teamviewer/
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nContent-Type: application/octet-stream\r\nConnection: close\r\nHTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Length: 181\r\nContent-Type: text/html\r\n\r\n<html><body>This site is running <a href='http://www\.TeamViewer\.com'>TeamViewer</a>\.| p/TeamViewer httpd/ cpe:/a:teamviewer:teamviewer/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Type: text/html\r\n\r\n.*<p>Not a recognized search path\.</p>\n<hr />\n<p><i>MWSearch on localhost</i></p>\n</body>\n</html>\r\n|s p/MediaWiki Lucene powered search httpd/
match http m|^HTTP/1\.0 500 Internal Server Error\r\nDate: \r\nServer: \r\nContent-Length: \d+ \r\nContent-Type: text/html\r\n\r\n.*<title>Error Page 500</title>|s p/ESET NOD32 anti-virus update httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 500 Internal Server Error\r\nDate: .*\r\nAccept-Ranges: none\r\nContent-Length: \d+ \r\nContent-Type: text/html\r\n\r\n.*<title>Error Page 500</title>|s p/ESET NOD32 anti-virus update httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/xml; charset=utf-8: \r\n.*<VendorName>D-Link Systems</VendorName><ModelDescription>Xtreme N GIGABIT Router</ModelDescription><ModelName>DIR-([^<]+)</ModelName><FirmwareVersion>([^<]+)</FirmwareVersion>|s p/D-Link Xtreme $1 WAP http config/ i/Firmware $2/ d/WAP/ cpe:/h:dlink:xtreme_$1/a
match http m%^HTTP/1\.0 200 OK\r\n.*<meta http-equiv="refresh" content="0; URL=/(?:cgi-bin/luci|404)" />\n</head>.*href="/cgi-bin/luci">%s p/LuCI Lua http config/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: LuCIttpd/([\d.]+)\r\n| p/LuCIttpd/ v/$1/ d/WAP/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: LuCId-HTTPd/([\d.]+)\r\n| p/LuCId-HTTPd/ v/$1/
match http m|^HTTP/1\.0 401 Not Authorised\r\nServer: Majestic-12 WebServer v([\w._-]+)\r\n| p/Majestic-12 httpd/ v/$1/
match http m|^HTTP/1\.0 405 Method not allowed: Method not allowed by server: GET\r\nDate: .*\r\nCache-Control: no-cache\r\nServer: openwbem/([\w._-]+) \(CIMOM\)\r\n| p/Openwbem CIMOM httpd/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"Network Monitor\"\r\nConnection: close\r\n\r\n<html><body><font size=\"2\"><b>You could not be authenticated by the GFI N\.S\.M\. web server\.| p/GFI Network Service Monitor http config/

match http m|^HTTP/1\.1 \d\d\d .*\r\n.*X-Powered-By: Servlet/([\w._-]+)\r\nServer: GlassFish[ /]v([\w._ -]+)\r\n| p/Sun GlassFish/ v/$2/ i/Servlet $1/ cpe:/a:sun:glassfish_server:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\w._-]+)\r\nServer: GlassFish Server Open Source Edition ([\w._ -]+)\r\n|s p/Sun GlassFish Open Source Edition/ v/$2/ i/Servlet $1/ cpe:/a:sun:glassfish_server:$2::open_source/
match http m|^HTTP/1\.1 \d\d\d .*\r\n.*X-Powered-By: Servlet/([\w._-]+) JSP/([\w._-]+) \(GlassFish Server Open Source Edition ([\w._ -]+) Java/Sun Microsystems Inc\./([\w._-]+)\)\r\n| p/Sun GlassFish Open Source Edition/ v/$3/ i/JSP $2; Servlet $1; Java $4/ cpe:/a:oracle:jsp:$2/ cpe:/a:sun:glassfish_server:$3::open_source/ cpe:/a:sun:jre:$4/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: GlassFish Server Open Source Edition ([\w._-]+)\r\nX-Powered-By: Servlet/([\w._ -]+)\r\n|s p/Sun GlassFish Open Source Edition/ v/$1/ i/Servlet $2/ cpe:/a:sun:glassfish_server:$1::open_source/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\d.]+)\r\nServer: Sun GlassFish Enterprise Server v([\w._ -]+)\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: JSF/([\d.]+)\r\n|s p/Sun GlassFish/ v/$2/ i/Servlet $1; JSF $3/ cpe:/a:sun:glassfish_server:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\d.]+)\r\nServer: Sun GlassFish Enterprise Server v([\w._ -]+)\r\n|s p/Sun GlassFish/ v/$2/ i/Servlet $1/ cpe:/a:sun:glassfish_server:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\d.]+)\r\nServer: Sun GlassFish Communications Server ([\w._ -]+)\r\n|s p/Sun GlassFish Communications Server/ v/$2/ i/Servlet $1/ cpe:/a:sun:glassfish_server:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Sun GlassFish Enterprise Server v([\d.]+)\r\nX-Powered-By: Servlet/([\d.]+)\r\n|s p/Sun GlassFish/ v/$1/ i/Servlet $2/ cpe:/a:sun:glassfish_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Sun GlassFish Enterprise Server v([\d.]+)\r\n|s p/Sun GlassFish/ v/$1/ cpe:/a:sun:glassfish_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\w._-]+) JSP/([\w._-]+) \(Oracle GlassFish Server ([\w._-]+) Java/Sun Microsystems Inc\./([\w._-]+)\)\r\n|s p/Oracle GlassFish/ v/$3/ i/Servlet $1; JSP $2; Java $4/ cpe:/a:oracle:glassfish_server:$3/ cpe:/a:oracle:jsp:$2/ cpe:/a:sun:jre:$4/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\w._-]+) JSP/([\w._-]+) \(Oracle GlassFish Server ([\w._-]+) Java/Oracle Corporation/([\w._-]+)\)\r\n|s p/Oracle GlassFish/ v/$3/ i/Servlet $1; JSP $2; Java $4/ cpe:/a:oracle:glassfish_server:$3/ cpe:/a:oracle:jre:$4/ cpe:/a:oracle:jsp:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\w._-]+) JSP/([\w._-]+) \(GlassFish Server Open Source Edition +([\w._-]+) +Java/Oracle Corporation/([\w._-]+)\)\r\n|s p/Oracle GlassFish/ v/$3/ i/Servlet $1; JSP $2; Java $4/ cpe:/a:oracle:glassfish_server:$3::open_source/ cpe:/a:oracle:jre:$4/ cpe:/a:oracle:jsp:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: GlassFish Server Open Source Edition ([\w._ -]+)\r\n|s p/Sun GlassFish Open Source Edition/ v/$1/ cpe:/a:sun:glassfish_server:$1::open_source/

match http m|^HTTP/1\.[01] 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: IndigoWebServer/([\w_.-]+)\r\n|s p/Perceptive Automation Indigo http config/ v/$1/ d/specialized/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: llink-daemon/([\w._-]+) \(build (\d+)\)\r\n| p/llink media streamer httpd/ v/$1 build $2/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<html xmlns:o=\"urn:schemas-microsoft-com:office:office\"\r\n.*<title>Now SMS</title>|s p/Now SMS http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 Ok\r\n.*<title>\r\nData Frame - Browser not HTTP 1\.1 compatible\r\n</title>.*Your browser must support HTTP 1\.1 to view iLO web pages\.|s p/HP Integrated Lights-Out http config/ d/remote management/ cpe:/h:hp:integrated_lights-out/
match http m|^HTTP/1\.0 200 Okay\r\nServer: Optenet CCOTTA ([\w._-]+)\r\nContent-Type: text/html\r\n\r\n<html><head><title>Optenet CCOTTA Status</title>| p/Optenet Mailsecure CCOTTA http config/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><head><title>Axon</title>| p/Axon VoIP Exchange virtual PBX httpd/ o/Windows/ cpe:/o:microsoft:windows/a
# Version 2.21
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><head><title>Axon - Login</title>| p/Axon VoIP Exchange virtual PBX httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: OctoWebSvr/COM\r\n|s p/SLWebMail Supervisor http config/
match http m|^HTTP/1\.1 200 OK\r\n.*<meta name=\"COPYRIGHT\" content=\"&copy; \d+ Cisco Systems\. All Rights Reserved\.\">.*<title>ACE 4710 DM - Login</title>|s p/Cisco Application Control Engine 4710 DM http config/ d/load balancer/ cpe:/a:cisco:application_control_engine_software/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: ODS/([\w._-]+)\r\n| p|Apple ODS DVD/CD Sharing Agent httpd| v/$1/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: ODS/([\w._-]+)\r\n| p|Apple ODS DVD/CD Sharing Agent httpd| v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: CompaqHTTPServer/([\w._-]+) HPE? System Management Homepage/([\d.]+) httpd/([\w.+]+)\r\n| p/CompaqHTTPServer/ v/$1/ i/HP System Management $2; httpd $3/ cpe:/a:hp:compaqhttpserver:$1/ cpe:/a:hp:system_management_homepage:$2/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: CompaqHTTPServer/([\w._-]+) HPE? System Management Homepage/([\d.]+)\r\n| p/CompaqHTTPServer/ v/$1/ i/HP System Management $2/ cpe:/a:hp:compaqhttpserver:$1/ cpe:/a:hp:system_management_homepage:$2/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: CompaqHTTPServer/([\w._-]+) HPE? System Management Homepage\r\n| p/CompaqHTTPServer/ v/$1/ i/HP System Management/ cpe:/a:hp:compaqhttpserver:$1/ cpe:/a:hp:system_management_homepage/
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"PENTAGRAM Cerberus ([^"]*)\"\r\n| p/Pentagram Cerberus $1 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 302 Document Follows\r\nLocation: http:///index\.html\r\nConnection: close\r\n\r\n| p/Crestron PRO2 automation system httpd/ d/specialized/ o/2-Series/ cpe:/o:crestron:2-series/
match http m|^HTTP/1\.1 200 Document Follows\r\n.*<META content=\"text/html; charset=windows-1252\" http-equiv=Content-Type>\n<meta NAME=\"AUTHOR\" CONTENT=\"TANDBERG ASA \(http://www\.tandberg\.net\)\">\n|s p/Tandberg 2500 video conferencing http config/ d/webcam/
match http m|^HTTP/1\.0 401 Unauthorized\r\nPragma: no-cache\r\nWWW-Authenticate: Digest realm=\"[^"]*\", domain=\"/\", nonce=\"[0-9a-f]{10}\", algorithm=\"MD5\", qop=\"auth\"\r\nWWW-Authenticate: Basic realm=\"rut-nort-vc02\"\r\nContent-Type: text/html\r\nContent-Length: 236\r\n\r\n| p/Tandberg 3000 MXP video conferencing http config/ d/webcam/
match http m|^HTTP/1\.0 200 Ok\r\nContent-Type: text/html\r\nServer: httpd\r\n.*<title>Router - Info</title>\n\n|s p/DD-WRT milli_httpd/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\n.*<title>BitTorrent Download Manager</title>\r\n|s p/BitTorrent Download Manager httpd/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: GoAhead-Webs\r\n(?:[^\r\n]+\r\n)*?Location: https?://vxtarget/esm_loginMain\.htm\r\n\r\n|s p/GoAhead WebServer/ i/Mitel 3300 PBX controller/ d/PBX/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.1 302 Redirect\r\nServer: GoAhead-Webs\r\n(?:[^\r\n]+\r\n)*?Location: https?://3100icp/esm_loginMain\.asp\r\n\r\n|s p/GoAhead WebServer/ i/Mitel 3100 PBX controller/ d/PBX/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Grandstream (\w+) ([\d.]+)\r\n|s p/Grandstream $1 http config/ v/$2/
match http m|^HTTP/1\.0 401 Login failed!\r\nServer: micro_httpd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"WRT54GX4\"\r\n|s p/micro_httpd/ i/WRT54GX4 WAP config/ d/WAP/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Server: SAP J2EE Engine/([\d.]+)\r\n|s p/SAP J2EE Engine httpd/ v/$1/ i/SAP NetWeaver/ cpe:/a:sap:j2ee_engine:$1/ cpe:/a:sap:netweaver/
match http m|^HTTP/1\.1 302 Found\r\nconnection: close\r\nlocation: http://([\w._-]+):\d+/index\.html\r\nserver: SAP J2EE Engine/([\w._-]+)\r\ndate: .*\r\n\r\n$| p/SAP J2EE Engine httpd/ v/$2/ i/SAP NetWeaver/ h/$1/ cpe:/a:sap:j2ee_engine:$2/ cpe:/a:sap:netweaver/
match http m|^HTTP/1\.0 404 Not found\r\nSet-Cookie: ARPT=\w+web-disp2-\w+; path=/\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: \d+\r\nserver: SAP NetWeaver Application Server / ABAP ([\w._-]+)\r\n| p/SAP J2EE Engine httpd/ i/SAP NetWeaver Application Server; ABAP $1/ cpe:/a:sap:j2ee_engine/ cpe:/a:sap:netweaver/
match http m|^HTTP/1\.0 404 Not found\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: \d+\r\nserver: SAP NetWeaver Application Server / ABAP ([\w._-]+)\r\n| p/SAP J2EE Engine httpd/ i/SAP NetWeaver Application Server; ABAP $1/ cpe:/a:sap:j2ee_engine/ cpe:/a:sap:netweaver/
match http m|^HTTP/1\.[01] 404 Not found\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: \d+\r\n\r\n<!DOCTYPE html PUBLIC"-//W3C//DTD HTML 4\.01Transitional//EN"><html><head><title>Logon Error Message</title>| p/SAP J2EE Engine httpd/ cpe:/a:sap:j2ee_engine/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n.*<TITLE>Versalink</TITLE>.*\"window\.location\.href = 'homeSumBS\.htm'\"|s p/RapidLogic httpd/ v/$1/ i/Westell Versalink model C90-327W30-06 WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:westell:versalink_model_c90-327w30-06/a
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n.*<TITLE>VBrick Integrated Web Server \(IWS\) Login</TITLE>|s p/RapidLogic httpd/ v/$1/ i/VBrick 4300 video encoder http config/ d/media device/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nPragma: no-cache\r\nContent-type: text/html\r\n\r\n<script language=\"javascript\">\n<!--\ntop\.location\.href=\"default\.htm\";//-->\n</script>\n\r\n$| p/RapidLogic httpd/ v/$1/ i/3Com 3CRWE454G75 WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:3com:3crwe454g75/a
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\n\r\n<html><head><meta http-equiv='Content-Type' content='text/html; charset=iso8859-1'><META http-equiv=Refresh content=\"0; URL=https://[\d.]+/\"></head><body bgcolor=#FFFFFF></body></html>\r\n$| p/RapidLogic httpd/ v/$1/ i/Netgear WAG102 WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:netgear:wag102/a
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nLocation: /main\.html\r\n\r\n\r\n$| p/RapidLogic httpd/ v/$1/ i/Sharp MX-2700N printer/ d/printer/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:sharp:mx-2700n/a
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nServer: ZING-(\d+/[\d.]+) \([0-9a-f]{32}; [\w-]+\) ([^\r\n]*)\r\n\r\n$| p/ZING httpd/ v/$1/ i/SanDisk Sansa Connect MP3 player; $2/ d/media device/
match http m|^HTTP/1\.0 503 Service Unavailable\r\nContent-Type: text/html\r\nContent-Length: 169\r\n\r\n<html><head><title>503 Service Unavailable</title></head><body><h1>503 Service Unavailable</h1><p>The service is not available\. Please try again later\.</p></body></html>$| p/Alcatel-Lucent OmniPCX PBX httpd/ d/PBX/ cpe:/a:alcatel-lucent:omnipcx/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm=\"\.\"\r\nContent-type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H4>401 Unauthorized</H4>\nAuthorization required\.\n<HR>\n</BODY></HTML>\n$| p/Alcatel-Lucent OmniPCX PBX httpd/ d/PBX/ cpe:/a:alcatel-lucent:omnipcx/
match http m|^HTTP/1\.0 301 Moved Permanently \r\nContent-Type: text/html\r\nDate: .*\r\nLocation: /fusionreactor/\r\n\r\nRedirecting, please wait\.$| p/FusionReactor web server monitor/
match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: wgt_http ([\d.]+)\r\nWWW-Authenticate: Basic realm=\"Anlage\"\r\nConnection: close\r\n$| p/wgt_http/ v/$1/ i/Eumex 704PC ADSL router/ d/broadband router/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Alvarion-Webs\r\nDate: THU JAN 01 01:04:22 1970\r\nWWW-Authenticate: Basic realm=\"Alvarion\"\r\n.*<html><head><title>Document Error: Unauthorized</title></head>\r\n\t\t<body><h2>Access Error: Unauthorized</h2>\r\n\t\t<p>Access to this document requires a User ID</p></body></html>\r\n\r\n$|s p/Alvarion-Webs/ i/Alvarion BreezeMAX WiMAX WAP http config/ d/WAP/
match http m|^HTTP/1\.0 400 Bad Request\r\nPragma: no-cache\r\nContent-type: text/html\r\n\r\n<html>\n  <head>\n  <title>400 Bad Request !!!</title>| p/DrayTek Vigor ADSL router httpd/ d/broadband router/
match http m|^HTTP/1\.0 200 ;OK\r\nServer: \?\?\?\?\?\?\?\?\?\?\?\?\?\?\r\nContent-Type: text/html\r\nConnection: Close\r\n\r\n<HTML>\n<TITLE>Jacarta interSeptor\n</TITLE>| p/Jacarta interSeptor environmental monitor http/ d/specialized/
match http m|^HTTP/1\.0 302 Document Follows\r\nLocation: http:///index\.htm\r\nConnection: close\r\n\r\n| p/Dell PowerVault TL4000 http config/ d/storage-misc/
match http m|^HTTP/1\.0 302 Found\r\nConnection: close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: -1\r\nLocation: https?://[\d.]+/login\.htm\r\n\r\n.*Click <a href=\"https?://[\d.]+/login\.htm\">Here</a> to proceed\.\n|s p/3Com Baseline Switch 2948-SFP Plus web config/ d/switch/
match http m|^HTTP/1\.0 401 Unauthorized\.\r\nWWW-Authenticate: Basic realm=\"GAI-Tronics\"\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized\.</TITLE>\r\n</HEAD><BODY>\r\n<H1>401 Unauthorized</H1>The requested URL / requires authorization\.<P>\r\n<HR>\r\n</BODY></HTML>\r\n$| p/GAI-Tronics Commander VoIP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nServer: HBHTTP POGOPLUG - ([\d.]+) - Linux\r\nDate: .*\r\n\r\n$| p/HBHTTP/ v/$1/ i/Pogoplug NAS device/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 500 Server Error\r\nContent-Length: 0\r\nServer: HBHTTP POGOPRO - ([\w._-]+) - Linux\r\nDate: .*\r\nConnection: close\r\n\r\n$| p/HBHTTP/ v/$1/ i/Pogoplug Pro NAS device/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 500 Server Error\r\nContent-Length: 0\r\nServer: HBHTTP DISCOVERY - (\d[\w._-]+) - Linux\r\n| p/HBHTTP/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nExpires: Thu, 26 Oct 1995 00:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\d.]+)\r\n.*<title>Emerson Network Power IntelliSlot Web/(\d+) Card</title>|s p/Allegro RomPager/ v/$1/ i|Emerson Network Power IntelliSlot Web/$2 card| d/power-device/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w.]+)/?\r\nConnection: close\r\nContent-Length: 0\r\n\r\n|s p/VMware Server 2 http config/ h/$1/ cpe:/a:vmware:server:2/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nServer: WindWeb/([\d.]+)\r\nDate: .*\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"HP\"\r\n.*<script language=\"JavaScript\" src=\"/js/module_utils\.js\"></script>\r\n<script language=\"JavaScript\" src=\"/js/branding_utils\.js\">|s p/WindWeb/ v/$1/ i/HP E1200 storage http config/ d/storage-misc/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 200 OK\nServer: Dave Solin's Web Daemon v\. ([\d.]+)\n.*window\.location = '/servlets/com\.marimba\.servlets\.TunerAdmin';\r\n|s p/Dave Solin's Web Daemon/ v/$1/ i/BMC HTTP service/
# Date in fingerprint was "\xd0\xa4\xaf\*\$\x99@".
match http m|^HTTP/1\.0 200 Output Follows\nServer: Apache Embedded Server\nDate: .......\n.*<title>NewCS Management Console\.\.</title>|s p/NewCS satellite card sharing system http config/ d/media device/
match http m|^HTTP/1\.0 200 Output Follows\nServer: Apache Embedded Server\nDate: \nConnection: close\nContent-Type: text/html\n\n<html>\r\n<head>\r\n<title>NewCS Management Console\.\.</title>|s p/NewCS satellite card sharing system http config/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\n.*<TITLE>CCcam info pages</TITLE><BODY><H2>Welcome to CCcam ([\d.]+) server </H2>|s p/CCcam card sharing system http config/ v/$1/
match http m|^HTTP/1\.1 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"CCcam Server\"\r\n.*<TITLE>CCcam info pages</TITLE>|s p/CCcam card sharing system http config/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: MacHTTP/([\d.]+)\r\n|s p/MacHTTP/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Wub ([\d.]+)\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0\r\nexpires: Sun, 01 Jul 2005 00:00:00 GMT\r\n| p/Wub/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n.*<TITLE></TITLE>\r\n.*<meta http-equiv=\"refresh\" content=\"0; URL=/wcd/js_error\.xml\">\r\n|s p/Konica Minolta PageScope Web Connection httpd/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: sw-cp-server/([\d.]+)\r\n.*<script language=\"javascript\" type=\"text/javascript\" src=\"/javascript/common\.js\?plesk_version=([\w.-]+)\"/>|s p/sw-cp-server httpd/ v/$1/ i/Parallels Plesk WebAdmin version $2/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: sw-cp-server\r\n.*<script language=\"javascript\" type=\"text/javascript\" src=\"/javascript/common\.js\?plesk_version=([\w._-]+)\"/>|s p/sw-cp-server httpd/ i/Parallels Plesk WebAdmin version $1/
match http m|^HTTP/1\.0 500 Internal Server Error\r\nConnection: close\r\nX-UA-Compatible: IE=EmulateIE7\r\n(?:[^\r\n]+\r\n)*?P3P: CP=\"NON COR CURa ADMa OUR NOR UNI COM NAV STA\"\r\n(?:[^\r\n]+\r\n)*?Server: sw-cp-server\r\n|s p/sw-cp-server httpd/ i/Parallels Plesk WebAdmin/
match http m|^HTTP/1\.1 200 OK\r\nServer: Web Server\r\n X-UA-Compatible: IE=EmulateIE7\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n.*<title>Switch</title>|s p/Cisco SG200 switch http admin/ d/switch/ cpe:/h:cisco:sg200/
match http m|^HTTP/1\.0 200 OK\r\n.*<title>Web-Thermograph</title>\r\n|s p/W&T Web-Thermograph http config/ i|firmware 1.50/1.30| d/specialized/
match http m|^HTTP/1\.0 200 OK\r\n.*<title>Web-Thermograph NTC, 10/100BT, 12-24V</title>\r\n|s p/W&T Web-Thermograph NTC http config/ i/firmware 1.53/ d/specialized/
match http m|^HTTP/1\.1 200 OK\r\nStatus:200 OK\r\n(?:[^\r\n]+\r\n)*?Server: RMC Webserver ([\d.]+)\r\n.*<TITLE>VTM</TITLE>|s p/RMC Webserver/ v/$1/ i/Stratus ftServer VTM/ d/remote management/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"ActiontecBHR\"| p/Actiontec TR069 remote access/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: RemoteSupportManager/([\d.]+)\r\n.*<title>Remote Support Manager</title>|s p/RemoteSupportManager/ v/$1/ i/n-able remote management/
match http m|^HTTP/1\.1 200 OK\r\n.*location\.href=\"DE1100u\.html\";\r\n|s p/Ricoh Aficio MP C4000 http config/ d/printer/ cpe:/h:ricoh:aficio_mp_c4000/a
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Server: Vernier/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Location: https://[\d.]+:447/\r\n|s p/Vernier Networks Access Manager http config/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\n\n<html>\r\n<head>\r\n<title></title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1252\">\r\n<style type=\"text/css\">\r\n<!--\r\n\.leftLink {|s p/Belkin F5D76324 WAP http config/ d/WAP/ cpe:/h:belkin:f5d76324/a
match http m|^HTTP/1\.1  200 OK\r\nConnection: close\r\nContent-Type: text/xml; charset=utf-8\r\n\r\n.*<p:ModelDescription>SMC ([\w-]+)</p:ModelDescription>.*<p:FirmwareVersion>([\d., ]+)</p:FirmwareVersion>| p/SMC $1 WAP http config/ i/firmware version $2/ cpe:/h:smc:$1/a
match http m|^HTTP/1\.1 200 OK\r?\nContent-type: text/html; charset=utf-8\r\nServer: WebCit ([\d.]+) / Citadel ([\d.]+)\n| p/WebCit/ v/$1/ i/Citadel $2/ cpe:/a:citadel:ux:$2/ cpe:/a:citadel:webcit:$1/
match http m|^HTTP/1\.1 200 OK\nContent-type: text/html; charset=utf-8\r\nServer: WebCit v([\d.]+) / \n| p/WebCit/ v/$1/ i/Citadel/ cpe:/a:citadel:ux/ cpe:/a:citadel:webcit:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nDate: .*\r\nServer: HTTP/1\.1 compliant\r\n.*<!--\n \*\n \* File: index\.html\n \*\n \* Rajat Hingad rhingad@cisco\.com\n \*\n \* Copyright \(c\) 2001, 2002, 2003, 2004 by Cisco Systems, Inc\.\n \* All rights reserved\.\n \*\n \* This file calls the idm\.jnlp of the PDM\.\n \*\n \*-->\n\n<html>\n<head>\n <meta http-equiv=\"Refresh\" content=\"1; URL=idm/index\.html\">\n</head>\n$|s p/Cisco IPS Device Manager (IDM)/ d/security-misc/
match http m|^HTTP/1\.0  401 Unauthorized \r\nContent-type: text/html \r\nWWW-Authenticate: Basic realm=\"ULTAMUS RAID manager\"\r\n\r\n| p/Overland Storage Ultamus RAID manager/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html(?:; charset=UTF-8)?\r\n\r\n.*background:url\(data:image/gif;base64,R0lGODdhAQAeAIQeAJub/5yc/6Cf/6Oj/6am/6qq/66u/7Gx/7S0/7i4/7u8/7\+//8LD/8bG/8nK/83N/9HQ/9TU/9fX/9va/97e/\+Lh/\+Xl/\+no/\+3t//Dw//Pz//b3//v7//7\+/////////ywAAAAAAQAeAAAFGCAQCANRGAeSKAvTOA8USRNVWReWaRvXhQA7\)|s p/streamdev VDR plugin/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Tntnet/([\w._-]+)\r\n.*<title>VDR-Live - Anmelden</title>|s p/Tntnet/ v/$1/ i/LIVE VDR http config/ cpe:/a:tntnet:tntnet:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Conexant-EmWeb/R([\d_]+)\r\n| p/Conexant-EmWeb/ v/$SUBST(1,"_",".")/ cpe:/a:conexant:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 200 OK\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n<title>Login</title>\n.*<font class=tdBigTitle>Connect to 192\.168\.0\.200</font>\n|s p/D-Link DGS-1224T switch http config/ d/switch/ cpe:/h:dlink:dgs-1224t/a
match http m|^HTTP/1\.1 200 OK\r\n.*<meta name=\"Author\" content=\"FireBrick Ltd\">\n<meta name=\"Description\" content=\"FireBrick (\d+) Control pages\">|s p/FireBrick $1 firewall http config/ d/firewall/ cpe:/h:firebrick:$1/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Date: Wed, 31 Dec 1969 15:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Wed, 31 Dec 1969 15:00:00 GMT\r\n.*<title>PROJECTOR NETWORK SETTINGS</title>.*<!--\nvar mac=\"([0-9A-F]{12})\";\n.*var vMdl=\"(\w+)_Series\";\nvar vVer=\"([\d.]+)\";|s p/NEC $2 series projector http config/ i/firmware version $3; MAC $1/ d/media device/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: EdgePrism/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Connection: close\r\n\r\n\n\n|s p/EdgePrism/ v/$1/ i/Limelight Networks Content Delivery Network/
match http m|^HTTP/1\.1 200 Ok\r\nServer: micro_httpd\r\n.*<TITLE>DSL-(\w+)</TITLE>.*var hostname = \"([\w_.-]+)\";\r\nvar FWTmp = \"(V[\w.]+)\"\.split\(\"_\"\);|s p/micro_httpd/ i/D-Link DSL-$1 ADSL router http config; firmware $3/ d/broadband router/ h/$2/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 200 OK\r\ndate: .*\r\ncontent-type: text/html\r\nconnection: close\r\nserver: Lenel Embedded Web Server/([\d.]+)\r\n\r\n| p/Lenel Embedded Web Server/ v/$1/ i/OnGuard 2008 security system management/ d/security-misc/ cpe:/a:lenel:embedded_web_server:$1/
match http m|^HTTP/1\.0 200 OK\r\ncontent-type: text/html\r\nconnection: close\r\nserver: Lenel Embedded Web Server/([\d.]+)\r\ndate: .*\r\n\r\n| p/Lenel Embedded Web Server/ v/$1/ cpe:/a:lenel:embedded_web_server:$1/
match http m|^HTTP/1\.1 200 Document follows\r\nConnection: Close\r\nServer: Micro-Web\r\nContent-type: text/html\r\nLast-modified: .*\r\nContent-length: 476\r\n\r\n$| p/Micro-Web/ i|Symantec Firewall/VPN 200| d/firewall/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: \r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"System\"\r\n.*<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY><H1>401 Unauthorized</H1>\nYour client does not have permission to get URL / from this server\.\n</BODY></HTML>\n$|s p/Edgewater Networks Edgemarc 4562 VoIP gateway web config/ d/VoIP adapter/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"server\r\n.*<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY><H1>401 Unauthorized</H1>\nYour client does not have permission to get URL / from this server\.\n</BODY></HTML>\n$|s p/DVR Systems webcam http interface/ d/webcam/
match http m|^HTTP/1\.1 204 No Content\nServer: PRS\nDate: .*\n\n$| p/Alcatel-Lucent OmniTouch Unified Communication VoIP gateway/ d/PBX/
match http m|^<html>\n<title>USRobotics 10/100/1000 Mbps 48-Port Smart Switch Login</title>.*<td>&nbsp; System Name\n<td>&nbsp; ([\w-]+)\n.*<td>&nbsp; Location Name\n<td>&nbsp; ([\w -]+)\n|s p/USRobotics USR997748 switch http config/ i/location: $2/ h/$1/ cpe:/h:usrobotics:usr997748/a
match http m|^HTTP/1\.1 401 Authorization Required\nDate: .*\r\nWWW-Authenticate: Basic realm=\"AddPac\"\nContent-Length: 72\n\n<HTML><BODY>You must be authenticated to use this service</BODY></HTML>\n$| p/AddPac AP200B VoIP gateway http config/ d/VoIP adapter/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: NAShttpd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Default ([\w._-]+:[\w._-]+)\"\r\n|s p/NAShttpd/ i/default login: $1/
match http m|^HTTP/1\.1 200 OK\r\n.*if \(needToConfirm\) {\r\n return \"Leaving this page will end the remote help session\";\r\n} else {\r\nneedToConfirm = true;\r\n}\r\n}\r\n</script>|s p/SimpleHelp remote desktop httpd/
match http m|^HTTP/1\.0 302 Object Moved\r\n(?:[^\r\n]+\r\n)*?Location: /\+CSCOE\+/logon\.html\r\nSet-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure\r\n|s p/Cisco ASA firewall http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure\r\nSet-Cookie: webvpn=;.*/\+CSCOE\+/logon\.html|s p/Cisco ASA firewall http config/ d/firewall/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\n(?:[^\r\n]+\r\n)*?Server: Mbedthis-Appweb/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: _appwebSessionId_=|s p/Mbedthis-Appweb/ v/$1/ i/Iomega StorCenter ix2 NAS device/ d/storage-misc/ cpe:/a:mbedthis:appweb:$1/ cpe:/h:iomega:storcenter_ix2/a
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Type: text/html\r\nLocation: /EnterpriseController\r\n| p/GoogleMini search appliance httpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Huawei SmartAX (\w+)\"\r\n|s p/micro_httpd/ i/Huawei SmartAX $1 ADSL router http config/ d/broadband router/ cpe:/a:acme:micro_httpd/ cpe:/h:huawei:smartax_$1/a
match http m|^HTTP/1\.0 200 OK Content-type: text/html\r\n\r\n.*<H2>57066 Minolta Network Configuration Sheet 1 of 2\n\n</H2>.*Serial Number: *(\d+)\n.*Ethernet Address: *([0-9A-F.]+).*F/W Version: *([\w.]+ \(\w+\)).*Print Server Name: *([\w_.-]+)|s p/Minolta PagePro 20 printer http config/ i/serial number: $1, MAC: $2, firmware $3/ d/printer/ h/$4/ cpe:/h:minolta:pagepro_20/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(DCS-\w+)\"\r\n(?:[^\r\n]+\r\n)*?Server: WIC-2300\r\n|s p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(DCS-\w+)\"\r\n(?:[^\r\n]+\r\n)*?Server: DCS-\w+\r\n|s p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: BASIC realm=(DCS-\w+)\r\n\r\nPassword Error\. $| p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/
match http m|^HTTP/1\.0 400 bad url /\r\nServer: TinyHTTPProxy/([\d.]+) ([^\r\n]+)\r\n| p/TinyHTTPProxy/ v/$1/ i/$2/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-store\r\nExpires: -1\r\n.*<script src=\"/dana-na/css/ds\.js\"></script>|s p/Juniper SA2000 or SA4000 VPN gateway http config/ d/security-misc/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-store\r\nExpires: -1\r\n.*by Pulse Secure, LLC\..*<script src=\"/dana-na/css/ds_[a-f0-9]+\.js\"></script>|s p/Pulse Secure VPN gateway http config/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<html xml:lang=\"en\" xmlns=\"http://www\.w3\.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\r\n<title>FMS : Freenet Message System</title>| p/Freenet Message System web client/
match http m|^HTTP/1\.1 400 Bad Request\r\n(?:[^\r\n]+\r\n)*?Server: Profense\r\n|s p/Profense web application firewall/ d/firewall/
match http m|^HTTP/1\.0 200 Ok\r\nServer: NET-DK/([\d.]+)\r\n.*<title>Touchstone Status</title>|s p/NET-DK/ v/$1/ i/Arris Touchstone TM702B VoIP modem/ d/VoIP adapter/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: MediaBox HTTPd Server/([\d.]+) \(Unix\)\r\n|s p/MediaBox HTTPd Server/ v/$1/ o/Unix/
match http m|^HTTP/1\.1 200 OK\r\nServer: cab/([\d.]+) \(([^)]+)\)\r\n.*<TITLE>cab AdminApplet</TITLE>|s p/cab/ v/$1/ i/AdminApplet $2/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n\r\n<head><meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\" /><title>Everything</title>| p/voidtools Everything search engine httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: sessionId=.*<HTML>\n<HEAD>\n\n<TITLE>Cisco Systems Login</TITLE>\n|s p/Cisco 4400 wireless LAN controller httpd/ d/remote management/
match http m|^HTTP/1\.0 200 OK\r\n.*<title>:: ThinStation ::</title>.*<h2>Thinstation ([\w._-]+) on ([\w._-]+) :: Main page</h2>|s p/ThinStation http admin/ v/$1/ o/Linux/ h/$2/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"ADSL Router \(ANNEX B\)\"\r\n.*<meta HTTP-EQUIV=\"Expires\" CONTENT=\"Mon, 06 Jan 1990 00:00:01 GMT\">.*<meta name=\"description\" content=\"806GA M 2073\">|s p/Allnet ALL0277DSL ADSL router http config/ d/broadband router/ cpe:/h:allnet:all0277dsl/a
match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w._-]+)/\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 56\r\n\r\n<HTML><BODY><H1>301 Moved Permanently</H1></BODY></HTML>$| p/VMware ESXi Server httpd/ h/$1/ cpe:/o:vmware:esxi/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"PCS-1 Web Control\"\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\d.]+)\r\n|s p/Allegro RomPager/ v/$1/ i/Sony PCS-1 video conferencing http config/ d/webcam/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Ubicom/([\d.]+)\r\n.*<title>D-Link Gaming Router :\r\n\t\t Login\r\n\t</title>|s p/Ubicom/ v/$1/ i/D-Link DGL-4500 WAP http config/ d/WAP/ cpe:/h:dlink:dgl-4500/a
match http m|^HTTP/1\.1 307 Temporary Redirect\r\nConnection: keep-alive,close\r\n(?:[^\r\n]+\r\n)*?Location: http://([\w._-]+)/servlet/StartServlet\r\nServer: PEWG/([\d.]+)\r\n|s p/PEWG/ v/$2/ i/OCE print server/ d/print server/ h/$1/
match http m|^HTTP/1\.1 401 Authorization Required\r\n.*www-authenticate:Basic realm=\"(\w+)v(\d+)POE \(([0-9A-F]{12})\)\"\r\n|s p/InterTel $1 VoIP phone http config/ i/firmware $2; MAC $3/ d/VoIP phone/
match http m|^HTTP/1\.1 401 Authorization Required\r\n.*www-authenticate:Basic realm=\"(\d+)i \(([0-9A-F]{12})\)\"\r\n|s p/InterTel $1 VoIP phone http config/ i/MAC $2/
match http m|^HTTP/1\.1 401 Authorization Required\r\n.*www-authenticate:Basic realm=\"IP Resource Card \(IPRC\)\(id=[0-9A-F]+\)\"\r\n|s p/InterTel IPRC VoIP management card/ d/PBX/
match http m|^HTTP/1\.1 200 OK\r\n.*<title>Ethernetov\xfd teplom\xecr TME od Papouch s\.r\.o\.</title>|s p/Papouch TME Ethernet thermometer http interface/
match http m|^HTTP/1\.1 200 OK\r\nServer: SMC Internet Update Manager\r\nConnection: Keep-Alive\r\nContent-Type: text\r\nDate: .*\r\nContent-Length: 61\r\n\r\n<HTML>Avira Internet Update Manager ist betriebsbereit</HTML>$| p/Avira SMC Internet Update Manager/
match http m|^HTTP/1\.1 200 OK\r\nServer: Avira Update Manager\r\nConnection: Keep-Alive\r\nContent-Type: text\r\nDate: .*\r\nContent-Length: 52\r\n\r\n<HTML>Avira Update Manager ist betriebsbereit</HTML>| p/Avira Update Manager/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w._-]+)/\r\nConnection: close\r\nContent-Length: 0\r\n\r\n$| p/VMware ESX 3.5 Server httpd/ h/$1/ cpe:/o:vmware:esx:3.5/
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\n.*<SCRIPT language=Javascript src=\"language_us\.js\"></SCRIPT>.*<SCRIPT>assign_var\(\);</SCRIPT>.*<SCRIPT language=JavaScript src=\"showMenu\.js\"></SCRIPT>.*<SCRIPT>|s p/DD-WRT milli_httpd/ i/Belkin F5D8235-4 WAP http config/ d/WAP/ cpe:/h:belkin:f5d8235-4/a
match http m|^HTTP/1\.1 200 OK\r\n.*<title>MiFi(\d+) Mobile Hotspot</title><meta name=description content=Sprint020>|s p/Novatel MiFi $1 WAP http config/ d/WAP/ cpe:/h:novatel:mifi_$1/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Connection: keep-Alive\r\n.*<meta name=description content=VZ018>|s p/Verizon MiFi 2200 E7C5 WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Connection: close\r\n.*<meta name=description content=VZ025>|s p/Verizon MiFi 4510L WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: fec/([\w._-]+) \(([^)]+)\)\r\n.*<TITLE>Funkwerk (\w+)-TTextil - Home Page</TITLE>|s p/fec/ v/$1/ i/Funkwerk bintec $3 router; $2/ d/router/ cpe:/h:funkwerk:bintec_$3/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: fec/([\w._-]+) \(([^)]+)\)\r\n.*<title> Configuration </title>\n</head>\n<body onload=\"location\.href='/esi/795104/esi\.cgi\?page=status-index\.xml';\">|s p/fec/ v/$1/ i/Funkwerk bintec RS230a router; $2/ d/router/ cpe:/h:funkwerk:bintec_rs230a/a
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nServer: fec/([\w._-]+) \(([^)]+)\)\r\n(?:[^\r\n]+\r\n)*?Content-Length: 162\r\n.*<title> Configuration </title>\n</head>\n<body onload=\"location\.href='/esi/787100/esi\.cgi\?page=status-index\.xml';\">|s p/fec/ v/$1/ i/Funkwerk bintec R232B router; $2/ d/router/ cpe:/h:funkwerk:bintec_r232b/a
match http m|^HTTP/1\.1 200 OK\n.*<TITLE>IOGEAR MF Print Server</TITLE>|s p/IOGear GMFPSU22W6 print server http config/ d/print server/ cpe:/h:iogear:gmfpsu22w6/a
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: httpd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"DD-WRT\"\r\n|s p/DD-WRT milli_httpd/
match http m|^HTTP/1\.0 401 Bad Request\r\n(?:[^\r\n]+\r\n)*?Server: httpd\r\n.*<H4>401 Bad Request</H4>\nCan't use wireless interface to access GUI\.\n</BODY></HTML>\n$|s p/DD-WRT milli_httpd/
match http m|^HTTP/1\.0 302 Look here\r\nLocation: /rom/default\.html\r\nContent-Length: 0\r\n\r\n$| p/Intermec P4i label printer http config/ d/printer/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nDate: .*\d\r\nServer: quark-([\w._-]+)\r\n| p/quark/ v/$1/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: GoAhead-Webs\r\n(?:[^\r\n]+\r\n)*?Location: http://([\w._-]+)/login\.asp\r\n|s p/GoAhead WebServer/ i/Sonitrol building access control system http config/ h/$1/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.1 400 Bad Request\r\n.*<P>Your request can't be recognized by Tvants Broadcast Server\. Please visit <A href=\"http://www\.tvants\.com/\">www\.tvants\.com</A> for more information\.</P>|s p/Tvants Broadcast Server httpd/ d/media device/
match http m|^HTTP/1\.0 404 Not Found\r\nSERVER: corega ([\w-]+)\r\nCONTENT-LENGTH: 48\r\nCONTENT-TYPE: text/html\r\n\r\n<html><body><h1>404 Not Found</h1></body></html>$| p/Corega $1 router http config/ d/router/
match http m|^HTTP/1\.0 200 Failed to find service name in request URI and no default service available\r\n.*x-trapeze-fault-response: y\r\n(?:[^\r\n]+\r\n)*?Server: Trapeze-Srv/([\d.]+)\r\n.*<SOAP-ENV:Fault rowsetMode=\"struct\" xmlns=\"http://www\.trapezegroup\.com/\"><faultcode tcftype='10'>SOAP-ENV:Client</faultcode><faultstring tcftype='10'>Failed to find service name in request URI and no default service available</faultstring><detail tcftype='10'></detail></SOAP-ENV:Fault>|s p/Trapeze-Srv/ v/$1/ i/Trapeze Mobile Data Terminal SOAP over HTTP/
match http m|^HTTP/1\.0 401 Default login not authorized to perform this action\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"/INOVAS/NovusDFM-trunk-[\w-]+/Config/([\w_.-]+)\"\r\n(?:[^\r\n]+\r\n)*?Server: Trapeze-Srv/([\d.]+)\r\n|s p/Trapeze-Srv/ v/$2/ i/Trapeze NOVUS http config/ h/$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Trapeze-Srv/([\d.]+)\r\n.*<TITLE>Trapeze Service Shell response</TITLE>|s p/Trapeze-Srv/ v/$1/ i/Trapeze Service Shell/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Trapeze-Srv/([\d.]+)\r\n|s p/Trapeze-Srv/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?server: httpd\.js\r\n.*<title>Songbird WebRemote</title>|s p/httpd.js/ i/Songbird WebRemote/
match http m|^HTTP/1\.0 302 Temporary moved\r\nContent-Length: 0\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nConnection: Close\r\nDate: .*\r\n(?:X-Frame-Options: SAMEORIGIN\r\n)?Location: https:///\r\n\r\n| p/Cisco ASA firewall http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\nServer: Baby Web Server\r\n| p/Baby Web Server/ o/Windows/ cpe:/o:microsoft:windows/a
# BAIDA by Yandex (yandex.ru).
match http m|^HTTP/1\.1 \d\d\d [^\r\n]*\r\n(?:[^\r\n]+\r\n)*?Server: BAIDA/([\w._-]+)\r\n|s p/BAIDA/ v/$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: httpd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"([^"]+)\"\r\n|s p/DD-WRT milli_httpd/ h/$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: httpd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"\"\r\n|s p/DD-WRT milli_httpd/
match http m|^HTTP/1\.0 200 OK\r\n.*<!--- Page\(\d+\)=\[Line Settings\] --->.*<TITLE>Console Alice Access Gateway</TITLE>|s p/Alice Gate 2 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: alice_cookie_session_id=\d+; path=/;\r\n.*<!--- Page\(\d+\)=\[Modem Alice\] --->.*<TITLE>Alice Gate VOIP 2 plus Wi-Fi - Modem Alice</TITLE>|s p/Alice Gate VoIP 2 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: alice_cookie_session_id=\d+; path=/;\r\n.*<!--- Page\(9001\)=\[Stato Modem\] --->.*<TITLE>Alice Gate VOIP 2 plus Wi-Fi - Stato Modem</TITLE>|s p/Alice Gate VoIP 2 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: cookie_session_id_0=\d+; path=/;\r\n.*<!--- Page\(\d+\)=\[\] --->.*<TITLE>Alice Gate 2 [Pp]lus - Stato [Mm]odem</TITLE>|s p/Alice Gate 2 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 401 Unauthorized\r\nPragma: no-cache\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Demo9\"\r\nContent-Type: text/html\r\nContent-Length: 236\r\n\r\n|s p/Tandberg codec T150 http config/ d/VoIP phone/ cpe:/h:tandberg:codec_t150/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: OTDAV/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Www-Authenticate: Digest realm=\"Olive Toast WebDAVServer\"|s p/Olive Toast WebDAVServer/ v/$1/ i/OTDAV; iPhone/ d/phone/
match http m|^HTTP/1\.0 302 Moved\r\nServer: HASP LM/([\w._-]+)\r\nDate: .*\r\nLocation: /_int_/index\.html\r\nContent-[Tt]ype: text/html\r\nContent-[Ll]ength: 106\r\n| p|Aladdin/SafeNet HASP license manager| v/$1/ o/Windows/ cpe:/a:safenet-inc:hasp_license_manager:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 403 Forbidden\r\nServer: HASP LM/([\w._-]+)\r\nDate: .*\r\nContent-[Tt]ype: text/html\r\nContent-[Ll]ength: 137\r\n\r\n<title>403 Forbidden</title>\n<h1>403 Forbidden</h1>\nAccess to this resource has been denied to you\.\n<p>Please contact the administrator\.\n$| p|Aladdin/SafeNet HASP license manager| v/$1/ o/Windows/ cpe:/a:safenet-inc:hasp_license_manager:$1/ cpe:/o:microsoft:windows/a
match http m|^HTT/1\.0 401 Not Authorized\r\nServer: HASP LM/([\w._-]+)\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"HASP License Manager\"\r\nContent-type: text/html\r\nContent-length: 151\r\n\r\n<title>401 Not Authorized</title>\n<h1>401 Not Authorized</h1>\nYou need proper authorization to use this resource\.\n<p>Please contact the administrator\.\n$| p/Sentinel HASP license manager/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 400 Bad Request\nDate: .*\nServer: HASP Server/([\d.]+) \(MSWin32\)\nContent-Length: 95\nConnection: close\nContent-Type: text/html\n\n<HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H2>400 - Bad Request</H2></BODY></HTML>$| p/Aladdin HASP license manager/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: Mbedthis-Appweb/([\d.]+)\r\nDate: .*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-length: 130\r\n\r\n<HTML><HEAD><TITLE>Document Error: Bad Request</TITLE></HEAD>\r\n<BODY><H2>Access Error: 400 -- Bad Request</H2>\r\n</BODY></HTML>\r\n\r\n$| p/Mbedthis-Appweb/ v/$1/ i/Dell iDRAC6 http config/ d/remote management/ cpe:/a:mbedthis:appweb:$1/ cpe:/h:dell:idrac6/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: httpd\r\nDate: .*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-length: 130\r\n\r\n<HTML><HEAD><TITLE>Document Error: Bad Request</TITLE></HEAD>\r\n<BODY><H2>Access Error: 400 -- Bad Request</H2>\r\n</BODY></HTML>\r\n\r\n$| p/Mbedthis-Appweb/ i/Dell iDRAC6 http config/ d/remote management/ cpe:/a:mbedthis:appweb/ cpe:/h:dell:idrac6/
match http m|^RTSP/1\.0 400 Bad Request\r\nServer: \r\nDate: .*\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60, max=2000\r\nContent-Type: text/html\r\nContent-length: 130\r\n\r\n<HTML><HEAD><TITLE>Document Error: Bad Request</TITLE></HEAD>\r\n<BODY><H2>Access Error: 400 -- Bad Request</H2>\r\n</BODY></HTML>\r\n\r\n$| p/Mbedthis-Appweb/ i/Thomson Technicolor broadband router http admin/ d/broadband router/ cpe:/a:mbedthis:appweb/
match http m|^HTTP/1\.0 301 Moved Permanently\r\n(?:[^\r\n]+\r\n)*?Server: Mbedthis-Appweb/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?Location: https://:443/start\.html\r\n\r\n$|s p/Mbedthis-Appweb/ v/$1/ i/Dell iDRAC6 http config/ d/remote management/ cpe:/a:mbedthis:appweb:$1/ cpe:/h:dell:idrac6/
match http m|^HTTP/1\.1 200 Ok\r\nServer: micro_httpd\r\n.*<TITLE>Verizon</TITLE>.*<SCRIPT>\nfunction fnGo\(\)|s p/micro_httpd/ i/Actiontec GT704-WGB ADSL WAP http config/ d/WAP/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 200 Ok\r\nServer: micro_httpd\r\n.*<title>Linksys Cable Modem : Status : Modem</title>|s p/micro_httpd/ i/Linksys BEFCMU10 cable modem http config/ d/broadband router/ cpe:/a:acme:micro_httpd/ cpe:/h:linksys:befcmu10/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Netgear\"\r\nConnection: close\r\nPragma: no-cache\r\n\r\n<html><head><title>401 Unauthorized</title>.*<form name=\"RgAuthentication\" action=\"/goform/RgAuthentication\" method=\"POST\">|s p/Netgear CVG834G cable modem http config/ d/broadband router/ cpe:/h:netgear:cvg834g/a
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nConnection: close\r\n\r\n.*<title>Hollis</title>.*<td id=b>Indoor</td><td id=c bgcolor=green>([\d.]+)</td><td id=b>&deg;F</td></tr><tr><td id=b>Indoor Set Temp\.</td><td id=c><input type=text name=setTemp size=10 maxlength=10 value=([\d.]+)></td><td id=b>&deg;F&nbsp;<input type=submit name=7 value=\"Apply\"></td></tr><tr><td id=b>Outdoor temp</td><td id=c bgcolor=green>([\d.]+)</td><td id=b>&deg;F</td></tr></table></form></body></html>$| p/ControlByWeb httpd/ i/Temperature (F): indoor $1 (set to $2), outdoor $3/ d/specialized/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 26 Oct 1995 00:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?Server: IPC@CHIP\r\n.*<TITLE>IPC@CHIP&reg; Main Page</TITLE>|s p/Beck IPC@CHIP embedded httpd/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: IPC@CHIP\r\n.*<title>Start</title>|s p/Beck IPC@CHIP embedded httpd/ i/SolarLog 200 power monitor httpd/ d/power-misc/ cpe:/h:solarlog:200/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Z-World Rabbit\r\n.*<TITLE>EC3 332 \(Rev\. (\d+)\) Web Configuration and Monitoring</TITLE>|s p/Z-World Rabbit microcontroller httpd/ i/Emerson EC3 332 coldroom controller rev. $1/ d/specialized/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Z-World Rabbit\r\n.*<title>(CPON-[\w._-]+)</title>|s p/Z-World Rabbit microcontroller httpd/ i/Advanced Media Technologies $1 optical TV node/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nServer: http server/everfocus\r\n.*<meta http-equiv=\"refresh\" content=\"0;url=/login\.html\?1600&1\">|s p/Everfocus webcam http config/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nServer: Netwave IP Camera\r\n| p/Netwave IP camera http config/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\n.*<TITLE>&nbsp; &nbsp; &nbsp; ETHM-1 &nbsp; &nbsp; &nbsp; </TITLE>|s p/Satel ETHM-1 alarm control unit/ d/specialized/

match http m|^HTTP/1\.1 [25]00 (?:[^\r\n]*\r\n(?!\r\n))*?Server: KM-MFP-http/V([\d.]+)\r\n|s p/Kyocera MFP httpd/ v/$1/ d/printer/

match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?Server: dcs-lig-httpd\r\n|s p/D-Link DCS-2121 webcam http config/ d/webcam/ cpe:/h:dlink:dcs-2121/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Date: \d\d\d\d-\d\d-\d\d [^\r\n]*\r\n(?:[^\r\n]+\r\n)*?Server: IWeb/([\d.]+)\r\n.*<title>VisionWEB</title>.*<meta name=\"AUTHOR\" content=\"Insignis Technologies\" />.*<meta name=\"DESCRIPTION\" content=\"Linearis VisionWEB\. Cieffe srl, manufactures and markets CCTV digital video recorders and Remote Surveillance products for the security market\" />|s p/IWeb/ v/$1/ i/March Networks VisionWEB webcam http config/ d/webcam/
match http m|^HTTP/1\.1 401 Not Authorized\r\nWWW-Authenticate: Basic realm=\"Communicator Jablotron (\w+)\"\r\n\r\n| p/Jablotron $1 alarm http control/ d/security-misc/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(ES-\w+) at [^"]*\"\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\w.]+)\r\n|s p/Allegro RomPager/ v/$2/ i/ZyXEL $1 switch http config/ d/switch/ cpe:/a:allegro:rompager:$2/ cpe:/h:zyxel:$1/a
match http m|^HTTP/1\.0 200 OK\r\nServer: uhttpd/([\w._-]+)\r\n.*<title>NETGEAR Router ([\w._-]+) </title>|s p/uhttpd/ v/$1/ i/Netgear $2 WAP http config/ d/WAP/ cpe:/h:netgear:$2/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: uhttpd/([\w._-]+).*WWW-Authenticate: Basic realm=\"NETGEAR ([\w-]+)\"\r\n|s p/uhttpd/ v/$1/ i/Netgear $2 WAP http config/ d/WAP/ cpe:/h:netgear:$2/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Serv-U/([\w._-]+)\r\n| p/Rhinosoft Serv-U httpd/ v/$1/ cpe:/a:serv-u:serv-u:$1/
match http m|^HTTP/1\.1 302 Redirection\r\nServer: BlueIris-HTTP/([\d.]+)\r\n| p/BlueIris/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: basic realm=\"Protected area\"\r\n.*<title>401 Unauthorized</title>\n.*<!-- Padding: \n        #############################################\n|s p/Breach ModSecurity Apache monitor httpd/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: CSPSESSIONID=\d+; path=/;\r\nCACHE-CONTROL: no-cache\r\nCONNECTION: Close\r\n.*<!-- Copyright \(c\) 2002 InterSystems Inc\. ALL RIGHTS RESERVED\. -->.*<b>CSP Error</b>|s p/InterSystems Cache Objects httpd/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: application/octet-stream\r\nCache-Control: no-cache\r\n\r\nOggS| p/VLC media streaming httpd/ i/Ogg/ cpe:/a:videolan:vlc_media_player/
match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 334\r\n\r\n<\?xml version='1\.0'\?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\"><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/></head><body><h1>404 Not Found</h1></body></html>$| p/ejabberd http admin/ cpe:/a:process-one:ejabberd/
match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 330\r\n\r\n<\?xml version='1\.0'\?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html xmlns='http://www\.w3\.org/1999/xhtml' xml:lang='en' lang='en'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8'/></head><body><h1>Not found</h1></body></html>$| p/ejabberd http admin/ cpe:/a:process-one:ejabberd/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: Asterisk/([\w._+-]+)\r\n| p/Asterisk/ v/$1/ d/PBX/ cpe:/a:digium:asterisk:$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: SMART Web Server\r\n.*<title>SMART Technologies Connected SMART Interactive Products</title>.*SMART Room: ([\w_.-]+)</H2>|s p/SMART Web Server/ i/SMART Board whiteboard http config/ h/$1/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\n(?:[^\r\n]+\r\n)*?Server: Firefly Media Server/([^\r\n]+)\r\n|s p/Firefly Media Server http config/ v/$1/ cpe:/a:fireflymediaserver:firefly_media_server:$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: AvatronHTTP \(com\.avatron\.AirSharing,([\d.]+)\)\r\n|s p/AvatronHTTP/ v/$1/ i/Air Sharing app/ d/phone/ o/iOS/ cpe:/o:apple:iphone_os/a
# https://git.torproject.org/checkout/tor/master/doc/spec/dir-spec.txt
match http m|^HTTP/1\.0 503 Directory unavailable\r\n\r\n| p/Tor directory/ cpe:/a:torproject:tor/
# DirPortFrontPage set in torrc.
match http m|^HTTP/1\.0 200 OK\r\nDate: (?:[^\r\n]*r\n(?!\r\n))*?Content-Type: text/html\r\nContent-Encoding: identity\r\nContent-Length: \d+\r\nExpires: .*\r\n\r\n| p/Tor directory/ cpe:/a:torproject:tor/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: Zarafa iCal Gateway ([^\r\n]+)\r\n|s p/Zarafa iCal Gateway httpd/ v/$1/ cpe:/a:zarafa:zarafa:$1/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nLocation: https?://([\w._-]+):(\d+)/symantec\.html\r\nContent-Length: 0\r\n| p/Symantec Endpoint Protection Manager httpd/ i/redirect to port $2/ h/$1/ cpe:/a:symantec:endpoint_protection_manager/
match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: JSESSIONID=\w+; Path=/; Secure; HttpOnly\r\n.*<title>Symantec Endpoint Protection Manager</title>|s p/Symantec Endpoint Protection Manager httpd/ cpe:/a:symantec:endpoint_protection_manager/
match http m|^HTTP/1\.0 200 OK\r\nServer: UOS\r\n.*<title>3Com Log On</title>|s p/3Com X5 Unified Security Platform IPS http config/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\nServer: UOS\r\n.*<title>TippingPoint Log On</title>\r\n<meta http-equiv=\"Cache-Control\" content=\"no-store\" />.*<!--\r\n////////////////////////////////////////////\r\n// Copyright TippingPoint 2002, 2003, 2004 and 2005\r\n|s p/HP TippingPoint 110 or 1200E IPS http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\nServer: UOS\r\n.*<title>TippingPoint Log On</title>\n<meta http-equiv=\"Cache-Control\" content=\"no-store\" />.*<!--\n////////////////////////////////////////////\n// Copyright TippingPoint 2002, 2003, 2004 and 2005\n|s p/HP TippingPoint 1200E or 5000E IPS http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\nServer: UOS\r\n.*<title>TippingPoint Log On \x7c LSM - Device \(tp\)</title>\r\n\r\n<meta http-equiv=\"Cache-Control\" content=\"no-store\" />.*<!--\r\n////////////////////////////////////////////\r\n// Copyright TippingPoint 2002, 2003, 2004 and 2005\r\n|s p/HP TippingPoint 10 IPS http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\nServer: SpaceMon/([\d.]+)\r\n.*<TITLE>SpaceMon</TITLE>.*SpaceMon Administrator: ([^<]*)<BR>|s p/IPWorx SpaceMon storage monitor httpd/ v/$1/ i/administrator: $2/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.[01] 400 Bad Request\r\nServer: CloudFront\r\n| p/Amazon CloudFront httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Freetz \(([\w._-]+):([\w._-]+)\)\"\r\n.*<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY><H1>401 Unauthorized</H1>\n\n</BODY></HTML>\n|s p/BusyBox httpd/ i/Freetz firmware for AVM FRITZ!Box; login $1:$2/ d/WAP/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-type: text/html\r\nAccept-Ranges: bytes\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"GeneralUser/Administrator\"\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H2>401 Unauthorized</H2>\n<HR>\nAuthorization required for the URL '/'\.\n</BODY></HTML>\n$| p/thttpd/ i/Panasonic BB-HCM511A Network camera http config/ d/webcam/ cpe:/a:acme:thttpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"router\"\r\n.*<h2>401 Unauthorized<h2>\n  <p>\n  Authorization required for the URL\.\n</body>\n</html>\n|s p/thttpd/ i/Linksys RV082 WAP http config/ d/WAP/ cpe:/a:acme:thttpd/ cpe:/h:linksys:rv082/
match http m|^HTTP/1\.0 200 Document follows\r\n(?:[^\r\n]+\r\n)*?Server: Unknown\r\n.*<TITLE> Guardian Digital WebTool Login </TITLE>|s p/EnGuarde Linux Guardian Digital Webtool http admin/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\nServer: Apache\r\nContent-Type: text/html\r\nContent-Length: 3587\r\nConnection: close\r\n\r\n\n<html>\n<head>\n<!-- \n     Copyright \(C\) 2005-2006 Aviv Raff \(with minor modifications by HDM for the MSF module\)\n     From: http://aviv\.raffon\.net/2005/12/11/MozillaUnderestimateVulnerabilityYetAgainPlusOldVulnerabilityNewExploit\.aspx\n     Greets: SkyLined, The Insider and shutdown \n-->| p|Metasploit multi/browser/mozilla_compareto exploit|
match http m|^HTTP1\.1 200 OK\r\nServer: WIBU-SYSTEMS HTTP Server/ Version ([^\r\n]*)\r\n| p/WIBU-SYSTEMS HTTP Server/ v/$1/ i/CodeMeter copy prevention dongle http config/ d/specialized/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: AppleIDiskServer-([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"([\w._-]+)\"\r\n|s p/Apple iDisk Server/ v/$1/ i/online storage access/ h/$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ASSP/([^\r\n]+)\n|s p/ASSP Anti-Spam Proxy httpd/ v/$1/
match http m|^HTTP/1\.0 302 Found\r\n(?:[^\r\n]+\r\n)*?Location: https://([\w._-]+)/[^\r\n]*\r\n.*<TITLE>Novell iChain</TITLE>|s p/Novell iChain http admin/ o/NetWare/ h/$1/ cpe:/a:novell:ichain/ cpe:/o:novell:netware/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Connection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\n.*<HTML>\r\n<HEAD>\r\n<TITLE></TITLE>\r\n<SCRIPT ID=clientEventHandlersJS LANGUAGE=javascript>\r\n<!--\r\nfunction loadpasswd\(\)\r\n{\r\n\ttop\.location = \"index\.htm\"\r\n}\r\nsetTimeout\(\"loadpasswd\(\)\",1\);\r\n//-->\r\n</SCRIPT>\r\n</HEAD>\r\n<BODY>\r\n</BODY>\r\n</HTML>\r\n$|s p/GoldStar iPECS 50B PBX http config/ d/PBX/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure\r\n.*<title>VMware View Portal</title>|s p/VMware View Manager httpd/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure; HttpOnly\r\n.*<title>VMwareView Portal</title>|s p/VMware View Manager httpd/
match http m|^HTTP/1\.1 200 OK\r\ncache-control: no-cache\r\nContent-Length: \d+\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure.*<title>VMware View Portal</title>|s p/VMware View Manager httpd/
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .* GMT\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>VMware View</title>| p/VMware View Manager httpd/
match http m|^HTTP/1\.1 403 Forbidden\r\nServer: Norman Security/([\d.]+)\r\nContent-Type: text/html\r\nConnection: Close\r\nContent-Length: 90\r\n\r\n<html><title>Norman Security Error</title><body><br><h2>403 - Forbidden</h2></body></html>$| p/Norman Security Endpoint Protection httpd/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Norman Security/([\d.]+)\r\n.*<html><title>Norman Security Error</title><body><br><h2>401 - Unauthorized</h2></body></html>$|s p/Norman Security Endpoint Protection httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n.*<!-- \$Header: index\.html 115\.2 2003/03/18 21:32:39 hfux ship \$ -->.*<TITLE>Oracle Applications Rapid Install</TITLE>|s p/Oracle Rapid Install httpd/

match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Connection: \S+)?\r\nContent-Type: text/html\r\n(?:X-Frame-Options: DENY\r\n)?Content-Length: \d+\r\n\r\n.*<meta name="description" content="VMware Converter">|s p/VMware vCenter Converter httpd/ v/4/
match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Connection: \S+)?\r\nContent-Type: text/html\r\n(?:X-Frame-Options: DENY\r\n)?Content-Length: \d+\r\n\r\n.*<meta name="description" content="VMware vSphere|s p/VMware vSphere http config/
match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Connection: \S+)?\r\nContent-Type: text/html\r\n(?:X-Frame-Options: DENY\r\n)?Content-Length: \d+\r\n\r\n.*<meta name="description" content="VMware vCenter Converter Standalone">|s p/VMware vCenter Converter httpd/ v/4.3/

match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 273\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>Root Index</TITLE></HEAD><BODY><UL><LI><A HREF=\"/ccm-notify\">/ccm-notify</A></LI>\r\n<LI><A HREF=\"/ccm-proxy\">/ccm-proxy</A></LI>\r\n<LI><A HREF=\"/ccm-update\">/ccm-update</A></LI>\r\n<LI><A HREF=\"/config_public/\">/config_public/</A></LI>\r\n</UL></BODY></HTML>\r\n$| p/RSA SecurID 2.0 RADIUS http config/ d/security-misc/ cpe:/h:rsa:securid:2.0/
match http m|^HTTP/1\.1 400 Bad Request\r\n(?:[^\r\n]+\r\n)*?Server: LapLink ([\d.]+)\r\n|s p/Laplink file transfer httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\n\n<HTML>\n<HEAD>\n<TITLE>[\w._-]+ - Hallo!</TITLE>| p/Xrelayd SSL engine httpd/ i/OpenWrt/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 OK\r\nServer: jToolkitHTTP/([\w._-]+) Python/([\d.]+)\r\n| p/jToolkit web framework httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 200 Document follows\r\n(?:[^\r\n]+\r\n)*?Server: PureMessage Web Server\r\n|s p/Sophos PureMessage spam filter http interface/
match http m|^HTTP/1\.0 200 OK\r\nServer: iCanWebServer/([\d.]+)\r\n.*<TITLE>Network Camera Viewer</TITLE>|s p/iCanWebServer/ v/$1/ d/webcam/
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Location: https://([\w._-]+):(\d+)/zimbra/\r\n|s p/Zimbra http config/ i/redirect to https on port $2/ h/$1/ cpe:/a:zimbra:zimbra_collaboration_suite/
match http m|^HTTP/1\.1 302 Found\r\n(?:Date: .*\r\n)?Expires: .*\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nPragma: no-cache\r\n(?:X-Frame-Options: SAMEORIGIN\r\n)?Content-Type: text/html; charset=[Uu][Tt][Ff]-8\r\nContent-Language: en-US\r\nLocation: https://[^/]+/[^?]*\?zinitmode=http\r\nContent-Length: 0\r\n\r\n$| p/Zimbra http config/ i/redirect to https/ cpe:/a:zimbra:zimbra_collaboration_suite/
match http m|^HTTP/1\.0 400 String index out of range: -1\r\nContent-Type: text/html\r\n\r\n$| p/Bluecat Networks Proteus IPAM or Enterasys Dragon IDS http config/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 302 Found\r\ncontent-type: text/html;charset=utf8\r\ncache-control: no-cache\r\ncontent-length: 0\r\nlast-modified: .*\r\ndate: .*\r\nconnection: close\r\nlocation: /login\?continue=%2f\r\n\r\n$| p/Alterator remote management httpd/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 403 Forbidden\r\n(?:[^\r\n]+\r\n)*?Server: Alfred/([\d.]+)\r\n|s p/Alfred RenderMan control httpd/ v/$1/
match http m|^HTTP/1\.0 200 Ok\r\n(?:[^\r\n]+\r\n)*?Server: AXIS ThinWizard/v([\d.]+)\r\n|s p/AXIS ThinWizard printer management httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: <xxxx>\r\nContent-Length: 1057\r\n.*<TITLE>Bad Browser</TITLE>|s p/Siemens HG 1500 router http config/ cpe:/h:siemens:hg_1500/a
match http m|^HTTP/1\.1 403 Forbidden\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\d.]+)\r\n.*Correct authorization is required for this area\. Either your browser does not perform authorization, or your authorization has failed\. RomPager server by Digest Access Authentication, which is not supported by your browser\.<P>\nReturn to <A HREF=\"\">last page</A><P>\n\n</BODY>\n</HTML>\n$|s p/AudioCodes Mediant 200 VoIP gateway http config/ d/VoIP adapter/ cpe:/a:allegro:rompager:$1/ cpe:/h:audiocodes:mediant_200/a
match http m|^HTTP/1\.1 200 OK\r\nServer: WHC chatroom\r\n| p/Fifi chat server http interface/
match http m|^HTTP/1\.0 200 OK\r\nServer: Xunlei Http Server/([\d.]+)\r\n| p/Xunlei BitTorrent http interface/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n.*<\?xml version=\"1\.0\" encoding=\"utf-8\"\?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xmlns:v=\"urn:schemas-microsoft-com:vml\" xml:lang=\"en\" lang=\"en\">\n  <head>\n    <!--\n    ShellInABox - Make command line applications available as AJAX web applications\n|s p/ShellInABox httpd/
match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nDate: .*\r\nServer: Java/([-\d_.]+) javax\.wbem\.client\.adapter\.http\.transport\.HttpServerConnection\r\nContent-Length: 0\r\n\r\n| p/Solaris WBEM web management httpd/ i/Java $1/ o/Solaris/ cpe:/a:sun:jre:$1/ cpe:/o:sun:sunos/a
match http m|^HTTP/1\.1 200 OK\r\n.*<TITLE>MGI ZOOM Image Server</TITLE>.*Version: ([^\n]*)\n\t\tBuild: (\d+)<build/><BR>\n|s p/Zoom Image Server httpd/ v/$1 build $2/
match http m|^HTTP/1\.0 200 OK\r\nServer: upshttpd/([\d.]+)\r\n| p/upshttpd/ v/$1/ i/Effekta UPS http config/ d/power-device/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: ZNC ZNC ([\d.]+) - by prozac@rottenboy\.com\r\n| p/ZNC IRC bouncer http config/ v/$1/ cpe:/a:znc:znc:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: (?:ZNC )?ZNC ([-\w_.+]+) (?:by prozac )?- http://znc\.sourceforge\.net\r\n| p/ZNC IRC bouncer http config/ v/$1/ cpe:/a:znc:znc:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: ZNC ([\w_.+-]+) - http://znc\.sourceforge\.net\r\n| p/ZNC IRC bouncer httpd/ v/$1/ cpe:/a:znc:znc:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: ZNC - http://znc\.sourceforge\.net\r\n| p/ZNC IRC bouncer httpd/ v/0.090 - 0.096/ cpe:/a:znc:znc/
# https://github.com/znc/znc/commit/087f01e99b9a1523a2962e05e4e878de0a41a367 - configure.ac.
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ZNC - http://znc\.in\r\n|s p/ZNC IRC bouncer http config/ v/0.097 or later/ cpe:/a:znc:znc/
match http m|^HTTP/1\.0 403 Access Denied\r\n\r\nWeb Access is not enabled\.\r\n$| p/ZNC IRC bouncer http config/ i/not enabled/ cpe:/a:znc:znc/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .* GMT\r\nServer: ZNC (?:- )?([\w._-]+) - http://znc\.in\r\n| p/ZNC IRC bouncer web ui/ v/$1/ cpe:/a:znc:znc:$1/
match http m|^HTTP/1\.0 404 <no description>\r\nDate: .*\r\nServer: XMLD HTTPServer/([\d.]+)\r\n\r\n$| p/XMLD HTTPServer/ v/$1/ i/Citrix XML Service/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Mono\.WebServer2/([\w._-]+) Unix\r\nX-AspNet-Version: ([\d.]+)\r\n|s p/Mono.WebServer2/ v/$1/ i/MonoDoc httpd; ASP.NET $2/ o/Unix/ cpe:/a:microsoft:asp.net:$2/ cpe:/a:mono:xsp:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\n.*WWW-Authenticate: Basic realm=\"Cayman-([\w]+)\"\r\n.*Server: Allegro-Software-RomPager/([\d.]+)\r\n| p/Allegro RomPager/ v/$2/ i/Cayman $1 DSL router/ d/broadband router/ cpe:/a:allegro:rompager:$2/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 26 Oct 1995 00:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n.*<PRE>\*{60}<BR>\* WARNING ALERT: AUTHORIZED USERS ONLY! +\*<BR>\* +\*<BR>\* All activities conducted on this system may be monitored \*<BR>|s p/Allegro RomPager/ v/$1/ i/NetIron XMR 4000 router http config/ d/router/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: 2NAS_LIGHT\r\n|s p/2NAS_LIGHT/
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: sfcHttpd\r\nContent-Length: 0\r\n\r\n$| p/sfcHttpd/ i/VMware Studio VAMI CIM broker/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: BLOBJ\.httpd\r\n.*<meta name='generator' content='BLOBJ WE ([\d.]+)'>|s p/BLOBJ.httpd/ i/BLOBJ Web Edition $1/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: THEO\+Server/([\d.]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"THEOS Web-based Maintenance\"\r\n|s p/THEO+Server/ v/$1/ i/THEOS Corona http config/ o/THEOS/ cpe:/o:theos:theos/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: CouchDB/([\w._-]+) \(Erlang ([^)]*)\)\r\n| p/CouchDB httpd/ v/$1/ i/Erlang $2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"[\w._-]+\"\r\nServer: CouchDB/([\w._-]+) \(Erlang ([^)]*)\)\r\n| p/CouchDB httpd/ v/$1/ i/Erlang $2; unauthorized/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: Httpd-Webs\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Linksys (WR[\w+]+) ver\. (\d+)\"\r\n|s p/Linksys $1v$2 WAP http config/ d/WAP/
match http m|^HTTP/1\.1 204 No Content\r\nConnection: close\r\nServer: AChat\r\n\r\n| p/AChat chat system httpd/
match http m|^HTTP/1\.0 200\r\n.*<title>AVTECH Software, Inc\. - TemPageR (\w+) - Real-Time Temperature Monitor For IT &amp; Facilities Environment Monitoring</title>|s p/Avtech TemPageR $1 temperature monitor httpd/
match http m|^HTTP/1\.0 403 Access denied\.  Please consult the http-access directive in the User's Guide for more information\.\r\nContent-Type: text/html\r\n\r\n<html><body>Access denied\.  Please consult the http-access directive in the User's Guide for more information\.</body></html>\r\n$| p/Port25 PowerMTA mail gateway http admin/
match http m|^HTTP/1\.1 302 Found\r\nLocation: https?:///logon\.htm\r\nContent-Length: 0\r\nServer: Intel\(R\) Active Management Technology ([\w._-]+)\r\n\r\n$| p/Intel Active Management Technology User Notification Service http admin/ v/$1/ cpe:/h:intel:active_management_technology:$1/
match http m|^HTTP/1\.1 303 See Other\r\nLocation: /logon\.htm\r\nContent-Length: 0\r\nServer: Intel\(R\) Active Management Technology ([\w._-]+)\r\n\r\n| p/Intel Active Management Technology User Notification Service httpd/ v/$1/ cpe:/h:intel:active_management_technology:$1/
match http m|^HTTP/1\.1 405 Method Not Allowed\r\nContent-type: text/HTML\r\nAllow: POST\r\nContent-Length: 43\r\nServer: ChapuraSyncMgrServer/([\w._-]+)\r\nDate: .*\r\n\r\n<html><h1>Invalid Method</h1><hr>GET</html>$| p/Chapura SyncManager httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n<html>\n<head>\n<meta http-equiv=\"Content-type\" content=\"text/html; charset=iso-8859-1\">\n<title>Client Authentication</title>| p|Check Point VPN-1/UTM NGX firewall http admin| v/R70/ d/firewall/ cpe:/a:checkpoint:connectra_ngx:r70/
match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 82\r\n\r\n<HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY>unknown uri in pks request</BODY>\r\n$| p/Seahorse http keyserver/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/xml; charset=utf-8: \r\nConnection: close\r\n\r\n.*<ModelName>([^<]*)</ModelName><FirmwareVersion>([^>]*)</FirmwareVersion>|s p/D-Link $1 WAP Home Network Administration Protocol (SOAP over HTTP)/ v/$2/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: KM_HTTP-Server/([\d.]+)\r\n.*<title>Kyocera Command Center</title>|s p/KM_HTTP-Server/ v/$1/ i/Kyocera 4050 printer http config/ cpe:/h:kyocera:4050/a
match http m|^HTTP/1\.0 200 OK\r\nServer: Apache/0\.6\.5\r\n.*<title>Web Server . Gigaset (\S+) WLAN dsl</title>|s p/Siemens Gigaset $1 WAP http config/ d/WAP/ cpe:/h:siemens:gigaset_$1/a
match http m|^HTTP/1\.0 302 Found\r\nServer: Apache/0\.6\.5\r\n(?:[^\r\n]+\r\n)*?Location: /relink_web\.stm|s p/Siemens Gigaset WAP http config/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nServer: Apache/0\.6\.5\r\n.*src="top\.stm\?pn1=ho3\.gif&pn2=ad1\.gif"|s p/Philips SNB5600 WAP http config/ d/WAP/ cpe:/h:philips:snb5600/a
match http m|^HTTP/1\.0 200 OK\r\nServer: Apache/0\.6\.5\r\n.*var PM="BBR-4MG";\n|s p/SMC7908VoWBRA ADSL router http config/ d/broadband router/
match http m=^HTTP/1\.[01] 302 .+(Location|LOCATION): .+/UE/welcome_login\.html=s p/Allegro RomPager/ i/Siemens Gigaset SX762 WAP http config/ d/WAP/ cpe:/a:allegro:rompager:$1/ cpe:/h:siemens:gigaset_sx762/a
match http m|^HTTP/1\.[01] \d\d\d .*<title>Welcome to eDR400--login</title>|s p/EverFocus PowerPlex eDR400 security camera http config/ d/webcam/
match http m|^HTTP/1\.[01] 401 Unauthorized\r\nWWW-Authenticate: Basic realm="NETGEAR (WNR\w+)"\r\n| p/Netgear $1 WAP http config/ d/WAP/ cpe:/h:netgear:$1/a
match http m|^HTTP/1\.[01] 302 Redirect\r\nSet-Cookie: CrushAuth=| p/CrushFTP httpd/ cpe:/a:crushftp:crushftp/
match http m|^HTTP/1\.[01] 401 Unauthorized\r\nWWW-Authenticate: Basic realm="(WGR\w+)"\r\n| p/Netgear $1 WAP http config/ d/WAP/ cpe:/h:netgear:$1/a
match http m|^HTTP/1\.1 401 Unauthorized\r\n.*Server: NetIXServer \(([\d\.]+)\)\r\n| p/NetIXServer http admin/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\nWWW-Authenticate: Digest realm="i3micro VRG", nonce="\d+", qop="auth", algorithm=MD5| p/i3micro VRG VoIP adapter http config/ d/VoIP adapter/
match http m|^HTTP/1\.0 302 Found\r\nLocation: /control/userimage.html\r\n| p/Mobotix Camera http config/ d/webcam/
match http m|^HTTP/1.0 401 Unauthorized\r\nDate: .*\r\nConnection: close\r\nServer: Microsoft-WinCE/5.0\r\nSet-Cookie: .*\r\nWWW-Authenticate: Basic Realm="Kesseltronics"| p/Kesseltronics car wash tunnel http config/ d/specialized/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1.0 200\r\nContent-type: text/html\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n<html>\r\n<head><title>BARIX Instreamer| p/Barix Instreamer audio encoder http config/ d/media device/
match http m|^HTTP/1.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm="PortServer (TS \w+)"| p/Digi Portserver $1 terminal server http config/ d/terminal server/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Mbedthis-Appweb/([\w.-]+)\r\n(?:[^\r\n]+\r\n)*?\r\n\n<HTML>\n<HEAD>\n  <META HTTP-EQUIV=\"Refresh\" CONTENT=\"0; URL=/esp/login\.esp\">\n</HEAD>\n<BODY>\n</BODY>\n</HTML>\n\n$|s p/Mbedthis-Appweb/ v/$1/ i/PA-4050 firewall http config/ d/firewall/ cpe:/a:mbedthis:appweb:$1/
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>Bad Request</TITLE></HEAD><BODY><h3>Error: Bad HTTP Request</h3></BODY></HTML>$| p/ZoneAlarm Z100G firewall http config/ d/firewall/ cpe:/h:zonealarm:z100g/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server:  \r\n(?:[^\r\n]+\r\n)*?\r\n<html>\n<head>\n<title>ZyWALL ([\w -]+)</title>\n|s p/ZyXEL ZyWALL $1 firewall http config/ d/firewall/ cpe:/h:zyxel:zywall_$1/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: ALPHA-WebServer/([\w.]+)\r\n| p/ALPHA-WebServer/ v/$1/
# EqualLogic PeerStorage PS100E iSCSI storage array running firmware v4.1.4.
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w.]+)\r\n.*<title>vmgrp1 Group Manager</title>\n|s p/RapidLogic httpd/ v/$1/ i/EqualLogic PeerStorage PS100E NAS device/ d/storage-misc/ cpe:/a:rapidlogic:httpd:$1/
# EqualLogic PeerStorage PS100E iSCSI storage array running firmware 2.3.6.
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w.]+)\r\n.*<title>nwkgrp2 Group Manager</title>\n|s p/RapidLogic httpd/ v/$1/ i/EqualLogic PeerStorage PS100E NAS device/ d/storage-misc/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: rg_cookie_session_id=\d+; path=/; expires=Fri, 01 Jan 2038 00:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?Location: http://[\w._-]+:(\d+)/index\.cgi\?active%5fpage=9069&req%5fmode=0&strip%5fpage%5ftop=0\r\n|s p/Pirelli DRG A125G WAP http config/ i/redirect to port $1/ d/WAP/ cpe:/h:pirelli:drg_a125g/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nServer: jDownloader HTTP Server\r\nContent-Type: text/html\r\nContent-Length: 0\r\n\r\n$| p/jDownloader httpd/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nServer: jDownloader HTTP Server\r\nContent-Type: text/html\r\nContent-Length: 46\r\n\r\nJDRemoteControl - Malformed Request\. use /help$| p/jDownloader httpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"JDownloader\"\r\n\r\n$| p/jDownloader httpd/ i/unauthorized/
match http m|^HTTP/1\.0 200 OK\r\nServer: lwIP/([\w._-]+) \(http://www\.sics\.se/~adam/lwip/\)\r\n.*<title>Stellaris&reg; ([\w._-]+) Evaluation Kit</title>|s p/lwIP/ v/$1/ i/Stellaris $2 microcontroller/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: .*\r\nDate: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\n\r\n<!--- Page\(\d+\)=\[Ouverture de session\] ---><HTML><HEAD><SCRIPT language=\"Javascript\"><!--\n/\*\n \* A JavaScript implementation of the RSA Data Security, Inc\. MD5 Message\n \* Digest Algorithm, as defined in RFC 1321\.\n \* Version 2\.1 Copyright \(C\) Paul Johnston 1999 - 2002\.\n \* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet\n \* Distributed under the BSD License\n \* See http://pajhome\.org\.uk/crypt/md5 for more info\.\n \*/\n\n| p/Sagem Livebox WAP http config/ d/WAP/
match http m%^HTTP/1\.0 200 OK\r\n.*<title>(?:Livebox|HNM)</title>\n\t\t<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">\n\t\t<meta http-equiv=\"Content-language\" content=\"fr\">\n\t\t<meta name=\"author\" content=\"Nicolas VIVIEN\">\n\t\t<meta name=\"Copyright\" content=\"SAGEM COMMUNICATIONS\">%s p/Sagem Livebox WAP http config/ d/WAP/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nConnection: close\r\nLocation: index\.htm\r\nServer: WMI (V[\w._-]+)\r\n\r\n$| p/WMI/ v/$1/ i/3Com 5500G-EI switch http config/ d/switch/ cpe:/h:3com:5500g-ei/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: W3MFC/([\w._-]+)\r\nAllow: GET, POST, HEAD\r\n.*<TITLE>Lan2net Statistics</TITLE>|s p/W3Mfc/ v/$1/ i/Lan2net firewall http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html;charset=utf-8\r\n(?:[^\r\n]+\r\n)*?Mime-Version: 1\.0\r\n.*<title>FRITZ!WLAN Repeater</title>|s p|FRITZ!WLAN Repeater N/G http config| d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; Charset=UTF-8;\r\n\r\n<html><title>Installed templates</title>.*<a href=\"/foobar2000controller/index\.html\">foobar2000controller</a>| p/foobar2000 media player http config/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html; Charset=UTF-8\r\nConnection: close\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\">\r\n<html><head><title>(.*) - foobar2000</title>|s p/foobar2000 media player httpd/ i/now playing: $1/
match http m|^HTTP/1\.1 301 Redirection\r\nServer: Cegid-WEB-Access-Server/([\w._-]+)\r\n| p/Cegid-WEB-Access-Server/ v/$1/
match http m|^HTTP/1\.1 200 Ok\r\nServer: micro_httpd\r\n.*<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"it\" lang=\"it\">\n<head>\n\t<title>Vodafone</title>|s p/micro_httpd/ i/Vodafone Station WAP http config/ cpe:/a:acme:micro_httpd/
match http m=^<html>\n<head>\n<title>TRENDnet \| (TEG-\w+) \| Login</title>= p/TRENDnet $1 switch http config/ d/switch/ cpe:/h:trendnet:$1/a
match http m|^HTTP/1\.1 200 OK\r\nServer: Web Server\r\n.*top\.location\.href = \"/hp_login\.html\";\r\n</script>\r\n\r\n\r\n<BODY style=\"text-align: center\" onload=\"document\.forms\[0\]\.login\.focus\(\);CheckError\(\)\">\r\n<FORM METHOD=\"POST\" ACTION=\"/hp_login\.html\">|s p/HP Procurve 1810G switch http config/ d/switch/ cpe:/h:hp:procurve_switch_1810g/ cpe:/o:hp:procurve_switch_software/
match http m|^HTTP/1\.0 302\r\nLocation: /Portal0000\.htm\r\n.*<HTML><HEAD><TITLE>Error</TITLE></HEAD>\r\n<BODY><CENTER><H2>/<BR><BR>302 : MOVED TEMPORARILY</H2></CENTER></BODY></HTML>$|s p/Siemens Simatic S7-300 PLC httpd/ d/specialized/
match http m|^HTTP/1\.0 302 Object Moved\r\nContent-Type:text/html\r\nContent-Length: 0\r\nConnection: close\r\nLocation: /Default\.mwsl\r\n\r\n$| p/Siemens Simatic S7-1200 PLC httpd/ d/specialized/
match http m|^HTTP/1\.0 302 Object Moved\r\nContent-Type:text/html\r\nContent-Length: 0\r\nConnection: close\r\nLocation: /Default\.html\r\n\r\n$| p/Siemens Simatic HMI MiniWeb httpd/ d/specialized/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"Web Management\"\r\n\r\n<html><title>401 Unauthorized</title><body>401 Unauthorized</body></html>$| p/Foundry EdgeIron switch http config/ d/switch/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: Close\r\nContent-Type: text/html\r\n\r\nThe specified URL cannot be found<!--(?:0123456789){50}01234-->\r\n| p/Barracuda Web Application Firewall/ d/firewall/
match http m|^HTTP/1\.1 403 Directory Listing Denied\r\nContent-Type: text/plain\r\nContent-Length: 12\r\n\r\nError: 403\r\n$| p/HP Dream Screen media player http config/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nX-Powered-By: PHP/([\w._-]+)\r\n.*<title>Seagate NAS - ([\w._-]+)</title>\n<link rel=\"stylesheet\" type=\"text/css\" href=\"/admin/layout_design\.css\" />\n|s p/Seagate Black Armor 440 NAS http config/ i/PHP $1/ h/$2/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.0 200 OK\r\nX-Powered-By: PHP/([\w._-]+)\r\n.*<title>My Book World Edition - ([\w._-]+)</title>\n.*<!-- Framework CSS -->\n<link rel=\"stylesheet\" href=\"/blueprint/screen\.css\" type=\"text/css\" media=\"screen, projection\">|s p/Western Digital My Book http config/ i/PHP $1/ d/storage-misc/ h/$2/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Location: https://([\w._-]+)/site-web/home\.seam\r\n|s p/Seam web framework/ h/$1/
match http m|^HTTP/1\.0 200 OK\r\n.*<TITLE>Print server homepage</TITLE></HEAD>\n<FRAMESET COLS=\"200,\*\" BORDER=0 FRAMEBORDER=0>\n<FRAME SRC=\"/links_en\.html\">\n|s p/Citizen CLP-521 or Kyocera Mita KM-1530 printer http config/ d/printer/ cpe:/h:kyocera:mita_km-1530/a
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 19\r\nContent-Type: text/html\r\n\r\n 404 Page Not Found$| p/Kyocera Mita FS-1350DN printer http config/ d/printer/ cpe:/h:kyocera:mita_fs-1350dn/a
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"GeneralUser/Administrator\"\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H2>401 Unauthorized</H2>\n<HR>\nAuthorization required for the requested URL\.\n</BODY></HTML>\n|s p/thttpd/ i/Panasonic BB-HCM511 IP camera http config/ cpe:/a:acme:thttpd/
match http m|^HTTP/1\.1 307 Redirect\r\nLocation: https?://[^\r\n]*\r\nContent-Length: 0\r\n\r\n$| p/Apache httpd/ v/2.0.X/ cpe:/a:apache:http_server:2.0/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w._-]+)\r\n.*<title>OneAccess WCF</title>|s p/RapidLogic httpd/ v/$1/ i/OneAccess ONE100A router http config/ d/router/ o/OneOS/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:oneaccess:one100a/a cpe:/o:oneaccess:oneos/
match http m|^HTTP/1\.1 200\r\n.*<meta http-equiv=\"refresh\" content=\"10;url=\"><link rel=\"stylesheet\" type=\"text/css\" href=\"/viawarp\.css\" />|s p/Nova viaWARP httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Apache ([\w._-]+) in ([^\r\n]+)\r\n|s p/Apache Tomcat $1/ i/in $2/ cpe:/a:apache:tomcat/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-type: text/html\r\nAccept-Ranges: bytes\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"PLC Adaptor\"\r\n\r\n| p/Panasonic PLC Adaptor Ethernet-to-mains bridge http config/ d/bridge/
match http m|^<html><head>\n<title>501 Method Not Implemented</title>\n</head><body>\n<h1>Method Not Implemented</h1>\n</body></html>\n$| p/kissdx media player control httpd/
match http m|^HTTP/1\.1 200 OK\r\nServer: yawcam/([\w._-]+)\r\nContent-Length:\d+\r\n| p/Yawcam webcam viewer httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: (?:Cisco )?ACS ([\w._-]+)\r\n|s p/Cisco ACS httpd/ v/$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: WYM/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Rovio\"\r\n|s p/WYM httpd/ v/$1/ i/Wowwee Rovio webcam/ d/webcam/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Kerio Connect ([^\r\n]+)\r\n|s p/Kerio Connect webmail httpd/ v/$1/ cpe:/a:kerio:connect:$1/
match http m|^HTTP/1\.1 302 Found\r\nConnection: Close\r\nContent-Length: 0\r\nContent-type: text/html\r\nDate: .*\r\nlocation: https://([^/:]+)(?::\d+)?/webmail/login/\r\nX-UA-Compatible: IE=8\r\n\r\n| p/Kerio Connect webmail httpd/ h/$1/ cpe:/a:kerio:connect/
match http m|^HTTP/1\.0 500 Internal server error\nServer: M3 Business Engine ([^\r\n]+)\nConnection: close\nContent-Type: text/html; charset=UTF-8\nCache-Control: no-cache\nPragma: no-cache\nExpires: 0\nContent-Type: text/html\n\n<HTML><HEAD>\n<TITLE>500 Internal server error</TITLE>\n</HEAD><BODY>\n<H2>500 Internal server error</H2>\n<HR>\n<ADDRESS><A HREF=\"http://null/\">M3 Business Engine ServerView</A></ADDRESS>\n</BODY></HTML>\n$| p/M3 Business Engine ServerView httpd/ v/$1/
match http m|^HTTP/1\.0 200 ok\r\nContent-type: text/plain\r\n\r\nError accessing ''\r\n$| p/OpenSSL s_server -WWW httpd/ cpe:/a:openssl:openssl/
# TODO: hunt down line number/version number correlations
match http m|^HTTP/1\.0 200 ok\r\nContent-type: text/plain\r\n\r\nError opening ''\r\n\d+:error:[A-F\d]+:system library:fopen:No such file or directory:bss_file\.c:169:fopen\('','r'\)\n\d+:error:[A-F\d]+:BIO routines:BIO_new_file:no such file:bss_file\.c:172:\n| p/OpenSSL s_server -WWW httpd/ cpe:/a:openssl:openssl/
match http m|^HTTP/1\.0 200 ok\r\nContent-type: text/html\r\n\r\n<HTML><BODY BGCOLOR=\"#ffffff\">\n<pre>\n\n(.*) (?:\nSecure Renegotiation IS(?: NOT)? supported)?\nCiphers supported in s_server binary\n| p/OpenSSL s_server -www httpd/ i/command line: $1/ cpe:/a:openssl:openssl/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\n(?:[^\r\n]+\r\n)*?Server: go1984\r\n(?:[^\r\n]+\r\n)*?Location: http://([\w._-]+)(?::\d+)?/([\w._-]+)/Default/index\.htm\r\n\r\n|s p/go1984 httpd/ i/session ID $2/ d/webcam/ h/$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nAccept-Ranges: none\r\n.*<SCRIPT language=JavaScript>\r\n\tvar PIN_change_attempted = false;\r\n\tvar Login_failed = false;\r\n\tvar password_label = \"\";\r\n</SCRIPT>\r\n<!--\rNote: the opening and closing HTML tags are deliberately omitted from\rthis file\.|s p/Citrix Access Gateway http login/ cpe:/a:citrix:access_gateway/
match http m|^HTTP/1\.1 200 OK\r\nCONTENT-ENCODING: gzip\r\n(?:[^\r\n]+\r\n)*?SERVER: Linux/([\w._-]+) Motorola/([\w._-]+)\r\n|s p/Moto Phone Portal/ v/$2/ i/Linux $1/ d/phone/ o/Linux/ cpe:/o:linux:linux_kernel:$1/
match http m|^HTTP/1\.1 200 OK\r\nDATE: .*\r\nCONTENT-TYPE: httpd/unix-directory\r\nCONTENT-LENGTH: 0\r\nALLOW: GET, POST, HEAD, OPTIONS\r\nSERVER: Linux/([\w._-]+) Motorola/([\w._-]+)\r\n\r\n$| p/Moto Phone Portal/ v/$2/ i/Linux $1/ d/phone/ o/Linux/ cpe:/o:linux:linux_kernel:$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nCache-Control: no-cache\r\n\r\n.*<b>Welcome to PLANET ([\w-]+) Web Management</b>|s p/Planet $1 switch http config/ d/switch/ cpe:/h:planet:$1/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: GoAhead-Webs\r\n.*Basic realm=\"(P-[\w -]+) \(username: ([\w._-]+)\)\"\r\n|s p/GoAhead WebServer/ i/ZyXEL $1 WAP http config; username: $2/ d/WAP/ cpe:/a:goahead:goahead_webserver/ cpe:/h:zyxel:$1/a
match http m|^HTTP/1\.0 403 Forbidden\r\nServer: Mbedthis-Appweb/([\w._-]+)\r\n.*<H2>Access Error: 403 -- Forbidden</H2>|s p/Mbedthis-Appweb/ v/$1/ i/J-Web http config/ d/router/ o/JUNOS/ cpe:/a:mbedthis:appweb:$1/ cpe:/o:juniper:junos/a
match http m|^HTTP/1\.1 200 OK\r\nServer: WindRiver-WebServer/([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n.*<!-- \(c\) Copyrighted Materials, 2006\. -->.*<script language=\"JavaScript\" src=\"js_utility_JW410R19_____________\.js\"></script>|s p/Wind River Web Server/ v/$1/ i/Fujitsu-Siemens FibreCAT SX80 NAS device http config/ d/storage-misc/
match http m|^HTTP/1\.1 200 OK\r\nServer: WindRiver-WebServer/([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n.*<!-- \(c\) Copyrighted Materials, 2006\. -->.*<script language=\"JavaScript\" src=\"js_utility_JW420R45_____________\.js\"></script>.*<title>HP StorageWorks MSA Storage Management Utility</title>|s p/Wind River Web Server/ v/$1/ i/HP StorageWorks MSA http config/ d/storage-misc/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: MarratechPortal/([\w._-]+) \(Java ([\w._-]+); Windows ([^)]+)\) build/(\d+)\r\n|s p/Marratech Portal/ v/$1 build $4/ i/Java $2; Windows $3/ o/Windows/ cpe:/a:sun:jre:$2/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: BBVS\r\nContent-type: text/plain\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"SecuritySpy Web Server\"\r\n\r\n401 Unauthorized\r\n$|s p/SecuritySpy webcam viewer httpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 200 OK\r\nServer: BBVS/([\w._-]+)\r\nKeep-Alive: timeout=20, max=100\r\nConnection: Keep-Alive\r\nAccept-Ranges: bytes\r\nContent-Length: 6258\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<title>SecuritySpy Web Server</title>\n| p/SecuritySpy webcam viewer httpd/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nExpires:0\r\npragma:no-cache\r\n\r\n<meta http-equiv=\"refresh\" content=\"0;url=Footprints\.html\">\r\n\r\n\r\n\r\n$| p/TED 5000 power use monitor/ d/power-device/
# http://java423.vicp.net:8652/infoserver.central/data/syshbk/collections/TECHNICALINSTRUCTION/1-61-208775-1.html
match http m|^HTTP/1\.0 400 Malformed Header in \r\nContent-Type: text/html\r\n\r\n$| p/Sun ScApp bytecode transfer httpd/
match http m|^HTTP/1\.1 200 OK\r\n\r\n<html><head><title>File Share</title></head><body><a href=\"/folder/0\">Public</a><br/></body></html>$| p/File Share httpd/ i/Android mobile phone/ d/phone/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\n.*<title>VoIP Gateway</title>.*<frame name=\"contents\" target=\"main\" src=\"otgw\.cgi\?PAGE=USER\" scrolling=\"auto\" noresize>|s p/D-Link DVS-4088S, DVS-5088S, or DVG-7062S VoIP gateway http config/ d/VoIP adapter/
match http m|^HTTP/1\.0 200 OK\r\nServer: BEJY V([\w._-]+)  HTTP ([\w._-]+) \r\n| p/BEJY httpd/ v/$2/ i/BEJY $1/
match http m|^HTTP/1\.0 404 Not Found\r\nServer: Xfire\r\nConnection: close\r\n\r\n\r\n$| p/Xfire httpd/
match http m|^HTTP/1\.0 302 Found\r\nLocation: http://guide(?:test)?\.[\w._-]*opendns\.com/\?url=\r\nContent-type: text/html\r\nContent-Length: 0\r\nConnection: close\r\nDate: .*\r\nServer: OpenDNS Guide\r\n\r\n$| p/OpenDNS Guide/
match http m|^HTTP/1\.0 302 Found\r\nLocation: http://guide(?:test)?\.[\w._-]*opendns\.com/\?url=\r\nContent-Length: 0\r\nConnection: close\r\nDate: .*\r\nServer: OpenDNS Guide\r\n\r\n$| p/OpenDNS Guide/
match http m|^HTTP/1\.0 303 See Other\r\nLocation: http://guide(?:test)?\.[\w._-]*opendns\.com/\?url=\r\nContent-Length: 0\r\nConnection: close\r\nDate: .*\r\nServer: OpenDNS Guide\r\n\r\n$| p/OpenDNS Guide/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Frameset//EN\">\r\n<!-- Copyright \(c\) 2000-2002, Fuji Xerox Co\., Ltd\. All Rights Reserved\. -->\r\n<HTML>\r\n<HEAD>\r\n<META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=ISO-8859-1\">\r\n<TITLE>\r\n(DocuPrint [\w._-]+) - ([\w._-]+)\r\n</TITLE>| p/Fuji Xerox $1 printer http config/ d/printer/ h/$2/ cpe:/h:fuji:xerox_$1/a
match http m|^HTTP/1\.1 502 Bad Gateway\r\nContent-Type: text/html\r\nContent-Length: 487\r\n\r\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n<title>\nContent Server Message\n</title>\n</head>\n<body>\nNetwork message format error\. Unable to parse browser environment or content item\. Unable to parse properties\. Name-value pairs are missing an '='\.\n<!---\nStatusCode=-1\nStatusMessage=Network message format error\. Unable to parse browser environment or content item\. Unable to parse properties\. Name-value pairs are missing an '='\.\n---!>\n</body></html>$| p/Oracle Universal Content Management httpd/
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: 0\r\n\r\n$| p/IDentifier NameTracer Pro httpd/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 155\r\nConnection: close\r\n.*<title><FortiClient Download Portal</title>|s p/FortiClient firewall http config/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n<HTML> \n<HEAD>\n<TITLE> [\w._-]+  \n</TITLE>\n\n<SCRIPT TYPE = \"text/javascript\">\n netscapeVersion = navigator\.appVersion\.substring\(0,4\);\n ieVersion = navigator\.appVersion\.substring\(17,25\);\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/HP Designjet 800ps printer http config/ d/printer/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:designjet_800ps/a
match http m|^HTTP/1\.1 302 Found\r\nCache-Control: no-cache\r\nConnection: Close\r\nContent-Length: 0\r\nContent-Type: application/octet-stream\r\nDate: .*\r\nLocation: /main\.php\r\nPragma: no-cache\r\nServer: Kerio WinRoute Firewall Embedded Web Server\r\n| p/Kerio WinRoute firewall http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: MicroWeb/([\w._-]+)\r\n.*<html>\n<head><title>WebAlert Login Page</title></head>\n<script LANGUAGE=\"JavaScript\">\n<!--\nfunction check\(\)\n{\n\t  if\(\(document\.frmLogin\.txtUserName\.value\.length<3\)|s p/MicroWeb/ v/$1/ i/Walchem WebAlert remote monitoring/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: NSMXwui \(Juniper\)\r\n.*<title>Network and Security Manager - Download UI Client</title>|s p/NSMXwui/ i/Juniper Network and Security Manager http config/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r \nContent-type: text/html\r\n.*<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" />\n<title>Chumby FM Radio</title>|s p/Chumby One FM radio http interface/ d/media device/
match http m|^HTTP/1\.0 301 File moved Permanently\nLocation: /cgi-bin/menu/TCP/IP Settings/\r\nDate: Mon, 23 Sep 1996 16:00:00 GMT\r\nExpires: Thu, 01 Dec 1994 16:00:00 GMT\r\nPragma: no-cache\r\nSet-Cookie: Login=DELETED; path=/;\r\n\r\n| p/Intermac scanner http config/ d/specialized/
match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache, must-revalidate\r\n.*<TITLE>MusicMagic Server</TITLE>.*<td>Total songs</td><td align=right>([\d,]+)</td>|s p/MusicMagic Mixer http control/ i/$1 total songs/
match http m|^HTTP/1\.1 401 BAD\r\nWWW-Authenticate: Basic realm=\"Vuze - Vuze Web Remote\"\r\n\r\nAccess Denied\r\n$| p/Vuze BitTorrent remote http admin/ cpe:/a:azureus:vuze/
match http m|^HTTP/1\.0 405 Method Not Allowed\r\nContent-Type: text/html\r\nCache-Control: public\r\nPragma: cache\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT\r\nAccept-Ranges: bytes\r\nConnection: close\r\n|s p/ActionTec TR-069 remote access/
match http m|^HTTP/1\.0 405 Method Not Allowed\r\nContent-Type: text/html\r\nCache-Control: public\r\nPragma: cache\r\n.*<html>\n<head>\n  <title>405 Method Not Allowed</title>\n</head>\n<body bgcolor=\"ffffff\">\n  <h2>405 Method Not Allowed<h2>\n  <p>\n  \n</body>\n</html>\n$|s p/ActionTec TR-069 remote access/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Length: 0\r\n\r\n$| p/TR-069 remote access/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"\", qop=\"auth\", nonce=\"[0-9a-f]{32}:[0-9a-f]{8}:[0-9a-f]{7,8}\", opaque=\"0\"\r\nContent-Type: text/html\r\nCache-Control: public\r\nPragma: cache\r\nExpires: .*\r\nDate: .*\r\nLast-Modified: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\n\r\n<html>\n<head>\n  <title>401 Unauthorized</title>\n</head>\n<body bgcolor=\"#?ffffff\">\n  <h2>401 Unauthorized</?h2>\n  <p>(?:</p>)?(?:\n  )?\n</body>\n</html>\n$| p/TR-069 remote access/

match http m|^HTTP/1\.1 202 Accepted\r\nContent-Type: text/html;charset=UTF-8\r\n.*<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\r\n<title>GlassFish Administration Console - Installation in Progress\.\.\.</title>|s p/Sun GlassFish Administration Console/ i/installation in progress/ cpe:/a:sun:glassfish_server/
match http m|^<html>\r\n<META HTTP-EQUIV=\"Refresh\" CONTENT=\"10\">\r\n<head>\r\n<title>([\w\d.-]+) LanSafe: ([\w\d\s]+)</title>\r\n| p/LanSafe Status@aGlance/ i/Server: $1, Status: $2/
match http m|^HTTP/1\.[01] \d\d\d.*Server: IdeaWebServer/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: ([^\r\n]+)\r\n|s p/IdeaWebServer httpd/ v/$1/ i/$2/
match http m|^HTTP/1\.[01] \d\d\d.*Server: IdeaWebServer/([\w._-]+)\r\n|s p/IdeaWebServer httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: \w\w\w \d\d, \d\d:\d\d:\d\d\.\d\d\d\r\nServer: TreeNeWS/([\w._-]+)\r\nMime-Version: 1\.0\r\nContent-Length: 1419\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\n\r\n.*<title>Webview</title>|s p/TreeNeWS httpd/ v/$1/ i/Enterasys RBT-8200 switch http config/ d/switch/ cpe:/h:enterasys:rbt-8200/
match http m|^HTTP/1\.1 302 OK\r\nDate: \w\w\w \d\d, \d\d:\d\d:\d\d\.\d\d\d\r\nServer: TreeNeWS/([\w._-]+)\r\nMime-Version: 1\.0\r\nLocation: https://index\.html\r\nContent-Length: 67\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>Redirect</TITLE></HEAD>\n<BODY></BODY></HTML>\r\r\n\n$| p/TreeNeWS httpd/ v/$1/ i/Enterasys RBT-8200 switch http config/ d/switch/ cpe:/h:enterasys:rbt-8200/
match http m|^HTTP/1\.1 404 Not Found\r\nDate: \w\w\w \d\d, \d\d:\d\d:\d\d\.\d\d\d\r\nServer: TreeNeWS/([\w._-]+)\r\nMime-Version: 1\.0\r\nContent-Length: 173\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>Not Found</TITLE></HEAD>\n<BODY><H1>Not Found</H1>\n<br>&nbsp;&nbsp;The requested URL was not found on this server\.\n<br><H2>Error 404</H2></BODY></HTML>\r\r\n\n$| p/TreeNeWS httpd/ v/$1/ i/3Com WX2200 WAP http config/ d/WAP/ cpe:/h:3com:wx2200/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: CANON HTTP Server\r\nContent-Type: text/html\r\n| p/Canon printer web interface/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nDate: Sat, 01 Jan 2000 00:37:25 GMT\r\nLast-Modified: Sat, 01 Jan 2000 00:01:28 GMT\r\nContent-Type: text/html\r\nContent-Length: 635\r\n.*<title>VoIP Gateway</title>|s p/D-Link DVG-2032S VoIP gateway http config/ d/VoIP adapter/ cpe:/h:dlink:dvg-2032s/a
match http m|^HTTP/1\.0 301 Moved Permanently\r\n(?:[^\r\n]+\r\n)*?Server: httpd\r\nContent-type: text/html\r\nETag: \"232c8e4-74d-0\"\r\nContent-length: 0\r\nConnection: close\r\nLocation: https://:443/start\.html\r\n\r\n|s p/Dell Remote Access Controller 6 http interface/ d/remote management/ cpe:/h:dell:remote_access_card:6/
match http m|^HTTP/1\.0 302 Found\r\nCache-Control: no-cache\r\nConnection: Close\r\nContent-Length: 0\r\nContent-Type: application/octet-stream\r\n(?:[^\r\n]+\r\n)*?Location: /nonauth/login\.php\r\nPragma: no-cache\r\nServer: Kerio Clientless SSL-VPN\r\n\r\n|s p/Kerio Clientless SSL-VPN/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Tue, 31 Jan 2012 01:17:22 GMT\r\nETag: \"413_83_4f274122\"\r\n(?:[^\r\n]+\r\n)*?Content-Length: 131\r\n.*location=\"/remote/login\";\n</script></html>\n|s p/Fortinet FortiGate SSL VPN remote http login/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Tue, 03 Oct 2006 19:21:12 GMT\r\nETag: \"85f_52_4522b828\"\r\n(?:[^\r\n]+\r\n)*?Content-Length: 82\r\n.*location=\"/remote/index\";\n\n</script>\n</html>\n\0{605}$|s p/Fortinet FortiGate-5001 SSL VPN remote http login/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Wed, 11 Jan 2012 03:34:20 GMT\r\nETag: \"610_4f_4f0d033c\"\r\n(?:[^\r\n]+\r\n)*?Content-Length: 79\r\n.*location=\"/login\";\n\n</script>\n</html>\n|s p/Fortinet FortiGate firewall http proxy admin/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Fri, 21 Apr 2000 00:53:33 GMT\r\nETag: W/\"685_4f_4d082ec4\"\r\n(?:[^\r\n]+\r\n)*?Content-Length: 79\r\n.*location=\"/login\";\n\n</script>\n</html>\n|s p/Fortinet FortiGate firewall http proxy admin/ d/firewall/
match http m|^HTTP/1\.1 303 See Other\r\nLocation: https?://([\d.]+:\d+)/fgtauth\?[0-9a-fA-F]+\r\n.*<title>Firewall Authentication</title></head>|s p/FortiGate Application filtering/ i/Auth server $1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"View Home & Status Web Pages\"\r\n(?:[^\r\n]+\r\n)*?Server: Allegro-Software-RomPager/([\w._-]+)\r\n|s p/Allegro RomPager/ v/$1/ i/Xerox Phaser 8560DN printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:xerox:phaser_8560dn/a
match http m|^HTTP/1\.1 302 Found\r\nLocation: https://[\d.]+/home\.html\r\nContent-Length: 0\r\nServer: Allegro-Software-RomPager/([\w._-]+)\r\n\r\n$| p/Allegro RomPager/ v/$1/ i/Xerox Phaser 8560DN printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:xerox:phaser_8560dn/a
match http m|^HTTP/1\.1 200 OK\r\n.*<title>XenServer ([\w._-]+)</title>|s p/Citrix Xen Simple HTTP Server/ i/XenServer $1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?ETag: \"-127477461\"\r\n(?:[^\r\n]+\r\n)*?Server: none\r\n.*<title>Fireware XTM User Authentication</title>|s p/WatchGuard FireBox XTM firewall http config/ d/firewall/
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"uTorrent\"\r\n\r\n| p/uTorrent WebUI/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 300 ERROR\r\nConnection: keep-alive\r\nContent-Length: 15\r\nContent-Type: text/html\r\n\r\ninvalid request$| p/uTorrent WebUI/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a
# uTorrent 2.0.2
match http m|^HTTP/1\.1 400 ERROR\r\nConnection: keep-alive\r\nContent-Length: 15\r\nContent-Type: text/html\r\n\r\ninvalid request$| p/uTorrent WebUI/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 400 ERROR\r\nConnection: keep-alive\r\nContent-Length: 17\r\nContent-Type: text/html\r\n\r\n\r\ninvalid request$| p/uTorrent WebUI/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: WYM/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Content-Length: 1029\r\nLast-Modified: Tue, 19 May 2009 02:17:02 GMT\r\n\r\n\xef\xbb\xbf<html>\r\n<head>\r\n<title>NVS</title>|s p/WYM httpd/ v/$1/ i/A+V Link NVS-4000 surveillance system http config/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nLast-Modified: Mon, 07 Apr  2009  04:00:00 GMT\r\nContent-Type: TEXT/HTML\r\nDate: \w\w\w, \d\d \w\w\w  \d\d\d\d  \d\d:\d\d:\d\d GMT00:00 GMT\r\nServer: ICOM ([\w._-]+)    from SBS\r\nMIME-Version: 1\.0\r\nServer: ICOM [\w._-]+    from SBS\r\nConnection: close\r\nContent-Length:             861\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>UltraQuest Index HTML</TITLE>| p/ICOM httpd/ v/$1/ i/UltraQuest mainframe reporting/ o|OS/390| cpe:/o:ibm:os_390/a
match http m|^HTTP/1\.0 404 Not Found\r\nContent-type: text/html\r\nDate: Sat, 31 Dec 2005 23:02:28 GMT\r\nConnection: close\r\n\r\n<HEAD><TITLE>404 Not Found</TITLE></HEAD>\n<BODY><H1>404 Not Found</H1>\nThe requested URL was not found on this server\.\n</BODY>\n$| p/BusyBox httpd/ i/Sphairon Turbolink IAD ADSL modem http config/ o/Linux/ cpe:/a:busybox:busybox/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 302\r\nLocation: /login\.vibe\r\n\r\n$| p/VibeStreamer streaming media httpd/
match http m|^\r\n\r\n\r\n\r\n\r\n\r\n<\?xml version=\"1\.0\" encoding=\"ISO-8859-1\"\?>\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\"\r\n  \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r\n\r\n\r\n\r\n<html>\r\n<head>\r\n<title>RealSecure SiteProtector</title>.*<meta name=\"copyright\"\r\n\t\tcontent=\"This web site, its design, copy, scripts and artwork,\r\n\t\tare copyright 2006 by Internet Security Systems, Inc\.\r\n|s p/Apache httpd/ v/2.0.63/ i/ISS SiteProtector 2.0/ cpe:/a:apache:http_server:2.0.63/
match http m|^<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<html><head>\n<title>302 Found</title>\n</head><body>\n<h1>Found</h1>\n<p>The document has moved <a href=\"/red2301\.html\?RedirectUrl=/\">here</a>\.</p>\n<p>Additionally, a 302 Found\nerror was encountered while trying to use an ErrorDocument to handle the request\.</p>\n</body></html>\n$| p/HP System Management httpd/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\n.*<title>DVR WebViewer</title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=euc-kr\">\r\n.*<OBJECT\r\n\t  classid=\"clsid:EE479A40-C128-40DD-93DA-000556AF9607\"\r\n\t  codebase=\"CtrWeb\.cab#version=1,1,1,1\"\r\n\t  width=(\d+)\r\n\t  height=(\d+)\r\n\t  align=center\r\n\t  hspace=0\r\n\t  vspace=0\r\n>\r\n<param name=\"CmdPort\" value=\"(\d+)\">\r\n<param name=\"StreamPort\" value=\"(\d+)\">|s p/MicroDigital MDR-4600 DVR httpd/ i/Resolution $1x$2; CmdPort $3; StreamPort $4/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nServer: Senturion/([\w._-]+)\r\n.*<title>Sensatronics: Senturion ([\w._-]+)</title><script language=\"javascript\" src=\"/gen\.js\">|s p/Sensatronics Senturion $2 environmental sensor httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n.*<!-- saved from url=\(0022\)http://internet\.e-mail -->\r\n<html>\r\n<head>\r\n<title>WebCam</title>\r\n</head>\r\n<body link=\"#505050\" bgcolor=\"#505050\" vlink=\"#505050\" alink=\"#505050\" topmargin=\"3\">|s p/AverMedia WebCamX httpd/ d/webcam/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nConnection: close\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"User\"\r\nContent-length: 192\r\n\r\n<HTML><HEAD>\n<TITLE>Authentication Error: Access Denied, Authorization required\.</TITLE>\n</HEAD>\r\n<BODY><H2>Authentication Error: Access Denied, Authorization required\.</H2></BODY>\n</HTML>\r\n\r\n| p/Yello Strom Sparzaehler electricity meter httpd/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nETag: \"19c-a4-4ab218f6\"\r\nContent-length: 164\r\n| p/Yello Strom Sparzaehler electricity meter httpd/
match http m|^HTTP/1\.1 200 OK\r\n.*<meta http-equiv=\"Content-Type\" content=\"text/html; charset=Shift_JIS\">\r\n\r\n<html>\r\n<head>\r\n<title>Network</title>\r\n</head>\r\n<noscript>Make sure JavaScript is ON\.</noscript>.*<frame src=\"dmy\.htm\" name=\"m\">|s p/Sanyo PLC-XU300 projector http config/ d/media device/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nPragma: no-cache\r\nLocation: https://[\w._-]+/\r\n.*<TITLE>Redirect Notification</TITLE>.*<P>Please click <a href=\"https://[\w._-]+/\">here</a> to go to the correct location\.|s p/Tandberg Border Controller VoIP proxy/ d/proxy server/ o/Linux 2.6/ cpe:/o:linux:linux_kernel:2.6/
match http m|^HTTP/1\.1 200 Document follows\r\n(?:[^\r\n]+\r\n)*?Connection: Close\r\nServer: Micro-Web\r\n.*<!-- \*\* THIS FILE CONTAINS NO REALTIME DATA \*\* -->.*<title>   LocalSite - ARC Plus Web Interface</title>|s p/Micro-Web/ i/Burk ARC Plus remote management http interface/ d/remote management/
match http m|^HTTP/1\.1 302 \(Found\)\r\nConnection: close\r\nLocation: .*\r\nServer: Oversee Turing v([\w._-]+)\r\n|s p/Oversee Turing httpd/ v/$1/ i/domain parking/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Java PseudoHttpd/([\w._-]+)\r\n.*<title>CSP Status</title>|s p/Java PseudoHttpd/ v/$1/ i/Card Server Proxy (CSP) http config/
match http m|^HTTP/1\.1 200 OK\r\n.*<title>XBMC</title> \n<link type=\"text/css\" rel=\"stylesheet\" href=\"basic\.css\">\n</head>\n<body>\n<h1>XBMC Webinterface</h1>|s p/XBMC http interface/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\n.*<title>XBMC</title>\r\n\t\t<meta http-equiv=\"Content-Language\" content=\"EN\" />.*<!-- <link rel=\"search\" href=\"/provider\.xml\" type=\"application/opensearchdescription\+xml\" title=\"XBMC Library\" /> -->|s p/XBMC http interface/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.[01] 200 OK\r\n.*<title>XBMC</title>\s*<meta http-equiv=\"Content-Language\" content=\"EN\" />.*<!-- <link rel=\"search\" href=\"/?provider\.xml\" type=\"application/opensearchdescription\+xml\" title=\"XBMC Library\" /> -->|s p/XBMC http interface/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 134\r\nExpires: .*\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<html>\n<head>\n<title>XBMC Web Media Manager</title> \n<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=\./movies/index\.html\">\n</head>\n</html>\n$| p/XBMC Web Media Manager/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 0\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=XBMC\r\n|s p/XBMC Web Media Manager/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nExpires: .*\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nDate: .*\r\n\r\n<!DOCTYPE html>.*<title>XBMC \x7c Web interface</title>|s p/XBMC http interface/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation:http://([\w._-]+)/index\.htm\r\nContent-Type: text/plain\r\nContent-Length:2.\r\n\r\nhttp://[\w._-]+/index\.htm$| p/Lanier IS100e image scanner httpd config/ h/$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n.*<TITLE>Start</TITLE>\n</HEAD>\n<FRAMESET border=0 frameSpacing=0 rows=30,8,\* frameBorder=0>\n<FRAME name=bar src=\"CgiTagMenu\?page=Top&Language=0\" scrolling=no NORESIZE>\n<FRAME name=hrbar src=\"BarFoot\.html\" scrolling=no NORESIZE>|s p/thttpd/ i/Panasonic Network Camera http config/ cpe:/a:acme:thttpd/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT\r\n.*\xef\xbb\xbf<html>\r\n<head>\r\n.*<META NAME=\"Expired\" CONTENT=\"01-jan-1900 00:00:00\" />\r\n.*<title>NAS</title>.*<title></title>|s p/BusyBox httpd/ i/Hitachi SimpleNET NAS http config/ d/storage-misc/ o/Linux/ cpe:/a:busybox:busybox/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\n.*<TITLE>(PA168S) V([\w._-]+) +</TITLE>.*<script>function sf\(\){document\.f\.auth\.focus\(\);}</script>.*<FONT size=5>Willkommen zur Administration des Telefons</FONT>|s p/Atcom AT-320 VoIP phone http config/ v/$2/ i/PalmMicro $1 chipset/ cpe:/h:atcom:at-320/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\n.*<TITLE>Dashboard</TITLE>.*<META name='copyright' content='Copyright 2003-2010, Red Condor, Inc\.'>|s p/Red Condor antispam appliance http config/ d/proxy server/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"[\d.]+\",  qop=\"auth\", nonce=\"[0-9a-f]+\"\r\n.*<title>BMC HTTP Server</title>\r\n.*<img src=\"ilo2_rgb2\.jpg\" class=\"mainlogo\" alt=\"\">|s p/HP Integrated Lights-Out http config/ d/remote management/ cpe:/h:hp:integrated_lights-out/
match http m|^HTTP/1\.0 300 Multiple Choices\r\nServer: Rockpile Web Server\r\nDate: Sun, 00 Jan 1900 00:00:00 GMT\r\nConnection: close\r\nLocation: http://[\w._-]+/localmenus\.cgi\?func=604\r\nContent-type: text/html\r\n\r\n.*HTTP/1\.0 404 Not Found\r\nServer: Rockpile Web Server\r\nDate: Sun, 00 Jan 1900 00:00:00 GMT\r\n|s p/Rockpile httpd/ i/Cisco 7937 VoIP phone http config/ d/VoIP phone/ cpe:/h:cisco:7937/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"CentreWare Internet Services\"\r\n.*<!-- Copyright \(c\) 2000-2003, Fuji Xerox Co\., Ltd\. All Rights Reserved\. -->\r\n<HTML>\r\n<HEAD>\r\n<TITLE>FAILED</TITLE>\r\n<META http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1252\">|s p/FujiXerox ApeosPort-IV C4470 http config/ d/printer/
match http m|^HTTP/1\.1 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: iTP Secure WebServer/([\w._() -]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\nConnection: close\r\n\r\n<TITLE>Not Found</TITLE><H1>Not Found</H1>\n The requested object was not found on this server\.$|s p/iTP Secure WebServer/ v/$1/ i/HP Tandem NonStop/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: iTP Secure WebServer/([\w._() -]+)\r\n.*<TITLE>Index of /</TITLE>|s p/iTP Secure WebServer/ v/$1/ i/HP Tandem NonStop/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\n(?:[^\r\n]+\r\n)*?Server: iTP WebServer with NSJSP/([\w._() -]+) \(HTTP/1\.1 Connector\)\r\nLocation: http://([\w._-]+):\d+/index\.html\r\n|s p/iTP WebServer with NSJSP/ v/$1/ i/HP Tandem NonStop/ h/$2/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Indy/([\w._-]+)\r\n.*<title>GregHSRWLib - RemObjects SDK for \.NET v([\w._-]+)</title>|s p/Indy httpd/ v/$1/ i/.NET $2; Acer Registration Service; greghsrw.exe/ cpe:/a:indy:httpd:$1/
match http m|^HTTP/1\.1 200 OK\r\nETag: W/\"[\d-]+\"\r\n(?:[^\r\n]+\r\n)*?Server: null\r\n.*<title>HP - Data Center Fabric Manager</title>|s p/HP Data Center Fabric Manager http config/
match http m|^HTTP/1\.1 200 OK\r\nETag: W/\"[\d-]+\"\r\n(?:[^\r\n]+\r\n)*?Server: censhare hyena/([\w._-]+)\r\n|s p/censhare hyena httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?ETag: W/\"[\d-]+\"\r\n(?:[^\r\n]+\r\n)*?Server: Undefined\r\n.*<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;URL=/core/orionSplashScreen\.do\">|s p/McAfee ePolicy Orchestrator http interface/ cpe:/a:mcafee:epolicy_orchestrator/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?ETag: (?:W/)?\"[\d-]+\"\r\n(?:[^\r\n]+\r\n)*?Server: Undefined\r\n.*<meta http-equiv=\"refresh\" content=\"0;URL=/core/orionSplashScreen\.do\" />|s p/McAfee ePolicy Orchestrator http interface/ cpe:/a:mcafee:epolicy_orchestrator/
match http m|^HTTP/1\.1 401 \r\nDate: Sat, 21 Dec 1996 12:00:00 GMT\r\nWWW-Authenticate: Basic realm=\"Default password:1234\"\r\n\r\n401 Unauthorized - User authentication is required\.$| p/Edimax PS-1206P print server/ d/print server/
match http m|^HTTP/1\.1 301 Moved Permanently\r\n(?:[^\r\n]+\r\n)*?Server: Noelios-Restlet-Engine/([\w._-]+)\r\nLocation: http://([\w._-]+)/index\.html\r\nVary: Accept-Charset,Accept-Encoding,Accept-Language,Accept,User-Agent\r\nContent-Length: 0\r\nConnection: close\r\nContent-Type: text/plain\r\n\r\n$|s p/Noelios Restlet Framework/ v/$1/ i/Sonatype Nexus Maven Repository Manager/ h/$2/
match http m|^HTTP/1\.0 501 Not Implemented\r\nServer: SimpleHTTP/([\w._-]+) Python/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\nConnection: close\r\n\r\n<head>\n<title>Error response</title>\n</head>\n<body>\n<h1>Error response</h1>\n<p>Error code 501\.\n<p>Message: Not Implemented\.\n<p>Error code explanation: 501 = Server does not support this operation\.\n</body>\n$|s p/SimpleHTTPServer/ v/$1/ i/rPath Appliance Platform Agent; Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: CMSHTTPD/([\w._-]+) z_VM/([\w._-]+) ([^\r\n]+)\r\n|s p/CMSHTTPD/ v/$1/ i|z/VM $2; $3| o|z/VM| cpe:/o:ibm:z%2fvm:$2/
match http m|^HTTP/1\.0 200 OK\nServer: Cardax Embedded Interface\n.*<H1>CardaxFT Controller #  (\d+)  \(ETS\)</H1>.*<br>Version: v([\w._/-]+) BootMon-([\w._-]+)</body>\n$|s p/Cardax FT security system http interface/ v/$2/ i/Controller #$1; BootMon $3/ d/security-misc/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nAllow: GET,POST,HEAD\r\nMIME-Version: 1\.0\r\nServer: (MA\w+) Server ([\w._-]+)\r\nLocation: http://0\.0\.0\.0\r\n\r\n$| p/Huawei $1 WAP http config/ v/$2/ cpe:/h:huawei:$1/a
match http m|^HTTP/1\.0 200 OK\r\nServer: ZyXEL SSLVPN Server v([\w._-]+)\r\n.*<title>ZyWALL SSL(\d+)</title>|s p/ZyXEL ZyWALL SSL $2 SSL-VPN applicance http config/ v/$1/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server:  \r\n.*<title>ZyWALL ([^<]+)</title>|s p/ZyXEL ZyWALL $1 firewall http config/ d/firewall/ cpe:/h:zyxel:zywall_$1/a
match http m|^HTTP/1\.0 200 OK\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n<title>Login</title>\n<link rel=stylesheet href=\"login\.css\" type=\"text/css\" />\n<script src=\"form\.js\" type=\"text/javascript\"></script>| p/D-Link DGS-1200T-series switch http config/ d/switch/
match http m|^HTTP/1\.1 505 HTTP Version not supported\r\nContent-Length: 0\r\nDate: .*\r\nAccept-Ranges: bytes\r\n\r\n$| p/Virtual Mic http synchronization/ d/media device/ o/iOS/ cpe:/o:apple:iphone_os/a
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Server: Wireless Network Camera with Pan/Tilt\r\n|s p/Vivotek Network Camera http config/ d/webcam/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Server: Network Camera with Pan/Tilt\r\n|s p/Vivotek Network Camera http config/ d/webcam/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?Server: Network Camera\r\n|s p/Vivotek IP7131 Network Camera http config/ d/webcam/ cpe:/h:vivotek:ip7131/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Remote-Motion CCD Network Camera\"\r\nContent-Type: text/html\r\nServer: Vivotek Network Camera\r\n\r\n<HTML>\n<HEAD>\n<TITLE>Protected Object</TITLE></HEAD><BODY>\n<H1>Protected Object</H1>This object on the server is protected\.<P>\n</BODY></HTML>$| p/Vivotek Network Camera http config/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Web Server\r\n.*<TITLE>NetGear ([\w._-]+)</TITLE>|s p/Netgear $1 switch http config/ d/switch/ cpe:/h:netgear:$1/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\n.*<TITLE>Management</TITLE>.*<METArem http_equiv=\"Refresh\" content=\"0; URL=index\.ssi\">\n\n</HEAD>\n<FRAMESET border=0 frameSpacing=0 rows=48,\* frameBorder=no>|s p/Tandberg MXP video conferencing http config/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: HyNetOS/([\w._-]+)\r\n.*<title>(CS\d+) SNMP/Web Adapter</title>|s p/Effekta MH 6000 UPS http config/ i|$2 SNMP/Web adapter; HyNetOS $1| d/power-device/ o/HyNetOS/ cpe:/o:hyperstone:hynetos:$1/
match http m|^HTTP/1\.1 200 OK\r\nX-Cocoon-Version: ([\w._-]+)\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\n.*<title>F-Secure Policy Manager Web Reporting</title>|s p/F-Secure Policy Manager http interface/ i/Apache Cocoon $1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: ShellHTTPD/([\w._-]+)\r\n.*<title>Dachstein LEAF Firewall</title>|s p/ShellHTTPD/ v/$1/ i/Dachstein LEAF firewall/ d/firewall/ o/Linux 2.2/ cpe:/o:linux:linux_kernel:2.2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: Thu, 01 Jan 1970 00:00:00 GMT\r\nnServer: avtech/([\w._-]+)\.\.Expires: 0\r\nPragma:  no-cache\r\nCache-Control:  no-cache\r\nConnection: close\r\nContent-type: text/html;charset=ISO-8859-1\r\nWWW-Authenticate: Basic realm=server\r\nContent-Length: 163\r\n| p/avtech httpd/ v/$1/ i/Postef-8840 ADSL router/ d/broadband router/
match http m|^HTTP/1\.0 200 Script output follows\r\nServer: shinGETsu/([\w._-]+) \(Saku/([\w._-]+)\) Python/([\w._-]+)\r\n| p/Saku/ v/$2/ i/client for shinGETsu $1 BBS; Python $3/ cpe:/a:python:python:$3/
match http m|^HTTP/1\.1 503 HTTP is not licensed\.<p>To set up this filer, use <a href=/api>/api</a> \.\r\nServer: Data ONTAP/([\w._-]+)\r\n| p/NetApp http vFiler/ o/Data ONTAP $1/ cpe:/a:netapp:data_ontap:$1/
match http m|^HTTP/1\.1 503 HTTP is not licensed\.<p>To administer this filer, use <a href=/na_admin/>/na_admin/</a> \.\r\nServer: NetApp//([\w._-]+)\r\n| p/NetApp http vFiler/ v/$1/ o/Data ONTAP/ cpe:/a:netapp:data_ontap/ cpe:/o:netapp:data_ontap/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nWWW-Authenticate: Basic realm=\"\.\"\r\nContent-Type: text/html; charset=%s\r\nConnection: close\r\n\r\n<html>\n<head><title>401 Unauthorized</title></head>\n<body>\n<h3>401 Unauthorized</h3>\nAuthorization required\.\n</body>\n</html>\n| p/m0n0wall FreeBSD firewall web interface/ d/firewall/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nWWW-Authenticate: Basic realm=\"\.\"\r\nContent-Type: text/html; charset=%s\r\nConnection: close\r\n\r\n<html>\n<head><title>401 Unauthorized</title></head>\n<body>\n<h3>401 Unauthorized</h3>\nAuthorization required\. HuaCheng Technologies\n</body>\n</html>\n| p/HuaCheng firewall http config/ d/firewall/
match http m|^HTTP/1\.0 501 Not Implemented\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nContent-Type: text/html; charset=%s\r\nConnection: close\r\n\r\n<html>\n<head><title>501 Not Implemented</title></head>\n<body>\n<h3>501 Not Implemented</h3>\nThat method is not implemented\.\n</body>\n</html>\n$| p/Western Digital My Book http config/ d/storage-misc/
match http m|^HTTP/1\.1 200 OK\r\nServer: Axeda Agent Web Server/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Last-Modified: 1200004200\r\n.*<title>IM_v8_Data </title>\r\n</head>\r\n<body bgcolor=\"ffffff\">\r\n<center>\r\n<DIV style=\"position:absolute; top:6; left:6; width:(\d+); height:(\d+); z-layer:1;\" >\r\n<applet codebase=\"/aagweb/classes\" code=aglance\.jag\.AAGApplet|s p/Axeda remote management http interface/ v/$1/ i/Resolution $2x$3/ d/remote management/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Encoding: gzip\r\nCache-Control: max-age=600\r\n\r\n\x1f\x8b\x08\0\0\0\0\0| p/BenQ projector/ i/Crestron RoomView/ d/media device/ cpe:/h:crestron/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nLocation: https://([\w._-]+):\d+/symantec\.jsp\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: Hidden\r\n\r\n$| p/Symantec Endpoint Protection Manager http config/ d/firewall/ h/$1/ cpe:/a:symantec:endpoint_protection_manager/
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nServer:  \r\nLocation: https://[\d.]+:(\d+)/redirect\.cgi\?arip=\r\n.*<address>  Server at ([\w._-]+) Port \d+</address>|s p/ZyXEL ZyWALL USG 200 firewall http config/ i/redirect to port $1/ d/firewall/ h/$2/ cpe:/h:zyxel:zywall_usg_200/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n.*<script src=\"\./message/message\.js\"></script>\n\t<script src=\"\./buffalo\.js\"></script>\n\t\n\t<script src=\"\./btsdk\.js\"></script>\n\t<script src=\"\./btuicommon\.js\"></script>|s p/Buffalo NAS BitTorrent download manager http interface/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nContent-Encoding: gzip\r\nCache-Control: max-age=600, must-revalidate\r\n\r\n\x1f\x8b\x08\0\0\0\0\0\0\0| p/Modtronix SBC65EC Web Server/
match http m|^HTTP/1\.0 301\r\n(?:[^\r\n]+\r\n)*?Server: OKWS/([\w._-]+)\r\n|s p/OKWS httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n.*<TITLE>PowerDownTop</TITLE>\n<SCRIPT Language=\"JavaScript\">\n<!--\ntop\.location = \"CgiPowerDownReset\?Language=0\";\n// -->\n</SCRIPT>\n</HEAD>\n<BODY></BODY></HTML>$|s p/thttpd/ i/Panasonic IP camera http viewer/ d/webcam/ cpe:/a:acme:thttpd/
match http m|^HTTP/1\.0 200 OK\r\nServer: ZK Web Server\r\nPragma: no-cache\r\nCache-control: no-cache\r\n.*<script language=JavaScript type='text/javascript'>self\.location\.href='/csl/login'</script>|s p/ZK Web Server/ i/ZKSoftware ZEM500 fingerprint reader; MIPS/ d/security-misc/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Length: 69\r\nContent-Type: text/html; charset=UTF-8\r\nServer: TornadoServer/([\w._-]+)\r\n\r\n<html><title>404: Not Found</title><body>404: Not Found</body></html>$| p/Tornado httpd/ v/$1/ cpe:/a:tornadoweb:tornado:$1/a
match http m|^HTTP/1\.1 301 0\w\w\w, \d\d \w\w\w \d\d\d\d \d\d:\d\d:\d\d GMT\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nLocation: https://[\d.]+/web/content/index\.html\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Alcatel 7800 switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a cpe:/h:alcatel:7800/a
# Juniper SRX-240H UTM firewall
# Juniper EX2200-48T-4G switch
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Mbedthis-Appweb/([\w._-]+)\r\nCache-Control: no-cache, must-revalidate\r\nContent-type: text/html\r\nETag: \"[0-9a-f-]+\"\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: PHP/([\w._-]+)\r\nExpires: Mon, 26 Jul 1997 05:00:00 GMT\r\n.*<title>Log In - Juniper Web Device Manager</title>|s p/Mbedthis-Appweb/ v/$1/ i/PHP $2/ d/firewall/ o/JUNOS/ cpe:/a:mbedthis:appweb:$1/ cpe:/a:php:php:$2/ cpe:/o:juniper:junos/a
match http m|^HTTP/1\.0 403 Not Authorized\r\nContent-Type: text/html\r\nContent-Length: 379\r\n\r\n<\?xml version=\"1\.0\" encoding=\"US-ASCII\"\?>.*<p>Will not send listings for this directory\.</p>\r\n</body>\r\n</html>\r\n|s p/Ashd httpd/
match http m|^HTTP/1\.1 200\r\nContent-type: text/html\r\nConnection: close\r\nCONTENT-LENGTH: \d+\r\n.*<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1252\">\r\n<meta name=\"GENERATOR\" content=\"Microsoft FrontPage 4\.0\">.*<title>Phoenix PowerAgent GP</title>|s p/Phoenix PowerAgent GP power monitor http interface/ d/power-device/
match http m|^HTTP/1\.0 200 OK\r\nAccept-Ranges: none\r\nConnection: close\r\nContent-Encoding: identity\r\nContent-Length: 4240\r\nContent-Type: text/html; charset=ISO-8859-1\r\n(?:[^\r\n]+\r\n)*?Server: IST OIS\r\n.*<title>Allworx Hosted Web Site</title>|s p/Allworx 6x VoIP phone http config/ d/VoIP phone/ cpe:/h:allworx:6x/a
match http m|^HTTP/1\.0 403 Forbidden\r\nAccept-Ranges: none\r\nConnection: close\r\nContent-Encoding: identity\r\nContent-Length: 0\r\nContent-Type: text/plain\r\nDate: .*\r\nServer: IST OIS\r\n\r\n$| p/Allworx VoIP network server http admin/ d/VoIP adapter/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"ACEswitch@[\d.]+\"\r\n\r\n401 Unauthorized\r\n$| p/Alteon 2424-SSL load balancer http config/ d/load balancer/
match http m|^HTTP/1\.0 302 Found\r\nConnection: Close\r\nLocation: /search\?site=default_collection&client=default_frontend&output=xml_no_dtd&proxystylesheet=default_frontend&proxycustom=<HOME/>\r\nContent-Type: text/html\r\nContent-Length: 0\r\n\r\n$| p/Google Mini search appliance httpd/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Apache/x\.x\.x \(Unix\) mod_ssl/x\.x\.x OpenSSL/([\w._-]+)\r\n.*<title> FASTORA Filer Storage Manager </title>.*classid=\"clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11\">|s p/Apache httpd/ i/Fastora NAS T2 NAS device; OpenSSL $1/ d/storage-misc/ o/FreeBSD/ cpe:/a:apache:http_server/ cpe:/a:openssl:openssl:$1/ cpe:/o:freebsd:freebsd/a
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nCache-Control: private\r\nServer: IPOffice/([\w._()-]+)\r\nContent-Type: text/plain\r\nContent-Length: 13\r\n\r\nParsing error$| p/Avaya IP Office VoIP PBX httpd/ v/$1/ d/PBX/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nDate: .*\r\n(?:Expires: .*\r\n)?Cache-Control: private(?:,max-age=\d+)?\r\nLocation: /index\.html\r\nServer: IPOffice/([\w._()-]+)\r\nContent-Type: text/plain\r\nContent-Length: 22\r\n\r\nRedirect to index\.html$| p/Avaya IP Office VoIP PBX httpd/ v/$1/ d/PBX/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nDate: .*\r\n(?:Expires: .*\r\n)?Cache-Control: private(?:,max-age=\d+)?\r\nLocation: /index\.html\r\nServer: IPOffice/\r\nContent-Type: text/plain\r\nContent-Length: 22\r\n\r\nRedirect to index\.html$| p/Avaya IP Office VoIP PBX httpd/ d/PBX/
match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\nServer: SimpleHTTPtutorial v([\w._-]+)\r\n\r\n$| p/SimpleHTTPtutorial httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\n.*Server: uClinux-httpd ([\w._-]+)\nExpires: 0\n\n.*<title>DxClient NetViewer</title>.*<OBJECT\r\n\tclassid=\"clsid:EF34051A-402A-4ABE-AA20-04E1B4422BD9\"\r\n\tcodebase=\"DxClient_NetViewer\.cab#version=([\d,]+)\"\r\n|s p/uClinux-httpd/ v/$1/ i/DxClient NetViewer DVR viewer $SUBST(2,",",".")/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nServer: Mbedthis-Appweb/([\w._-]+)\r\nContent-length: 0\r\nConnection: close\r\nLocation: http://http/tohttps\.jsp\r\n\r\n$| p/Mbedthis-Appweb/ v/$1/ i/Ruckus WAP http config/ d/WAP/ cpe:/a:mbedthis:appweb:$1/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nServer: Mbedthis-Appweb/([\w._-]+)\r\nCache-Control: no-cache\r\nETag: \"1b8056-34-531868\"\r\nContent-length: 0\r\nConnection: close\r\nLocation: https://https/admin/login\.jsp\r\n\r\n$| p/Mbedthis-Appweb/ v/$1/ i/Ruckus WAP http config/ d/WAP/ cpe:/a:mbedthis:appweb:$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Mon, 13 Mar 2006 11:22:33 \+1300\r\n.*<title>Welcome</title>.*<script language=\"JavaScript\" type=\"text/JavaScript\">\r<!--\rfunction MM_preloadImages\(\) { //v3\.0\r|s p/FirstClass Internet Access Server httpd/ cpe:/a:opentext:firstclass/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w._-]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\nSet-Cookie: auth=\w+; path=/\r\n\r\n\xef\xbb\xbf.*<title>Logon</title>.*if \(window\.focus\) self\.focus\(\);|s p/RapidLogic httpd/ v/$1/ i/Unita VoIP phone http config/ d/VoIP phone/ cpe:/a:rapidlogic:httpd:$1/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html\r\nContent-Length: 2\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nConnection: Close\r\n\r\n5\0$| p/Matrix42 remote control httpd/ d/remote management/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nProxy-Connection: close\r\nContent-Type: text/html\r\nCache-Control: private\r\nExpires: 0\r\n\r\n<html><head><title></title></head><frameset cols=\"100%\"><frame src=\"http://[\d.]+:\d+/joikuspot-accept\">| p/JoikuSpot 3G tethering http interface/ d/phone/
match http m|^HTTP/1\.1 200 OK\r\nServer: Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nCache-Control: max-age=0\r\nExpires: -1\r\n\r\n<!-- \n  Copyright \(c\) 2004-2006 by Cisco Systems, Inc\.\n  All rights reserved\.\n -->.*<title>Cisco Systems, Inc\. Easy VPN Network Access</title>|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Cisco ASA firewall http config/ d/firewall/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.1 200 Ok\r\nDate: .*\r\nServer: ebHTTPD ([\w._-]+)\r\n| p/ebHTTPD/ v/$1/
match http m|^HTTP/1\.0 404 not found \(/\)\r\n(?:[^\r\n]+\r\n)*?Server: Tntnet/([\w._-]+)\r\n|s p/Tntnet httpd/ v/$1/ cpe:/a:tntnet:tntnet:$1/
match http m|^HTTP/1\.1 401 Authorization Required\r\n(?:[^\r\n]+\r\n)*?Server: SecureTransport/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"FileDriveWWW\"\r\n|s p/Axway SecureTransport httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: Axway-Copilot/([\w._-]+)\r\n| p/Axway CFT http admin/ v/$1/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Length: 69\r\nContent-Type: text/html; charset=UTF-8\r\nServer: CycloneServer/([\w._-]+)\r\n\r\n<html><title>404: Not Found</title><body>404: Not Found</body></html>$| p/CycloneServer httpd/ v/$1/
match http m|^HTTP/1\.1 400 Bad request\n.*<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<html><head>\n<title>400 Header 'Host' is missing\.</title>|s p/Kerio MailServer http config/
match http m|^HTTP/1\.1 200 OK\r\n.*<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\n<html>\n<script language=\"JavaScript\" type=\"text/javascript\">\n  if \(top\.location != self\.location\).*<title>Authentication Required</title>|s p/D-Link DFL-800 or DFL-860 firewall http config/ d/firewall/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: TSEWS\r\n.*<title>TechniSat WebTools</title>.*<meta name='copyright'           content='TechniSat Digital\(r\) 2006-2009\(c\)'>|s p/TechniSat Digicorder HD S2 satellite receiver http interface/ d/media device/
match http m|^HTTP/1\.1 505 HTTP Version not supported\r\n(?:[^\r\n]+\r\n)*?Server: Good\.iWare WebDAV Server for iPhone\r\n.*If you have any questions, please contact <a href=\"mailto:support@goodreader\.net\">support@goodreader\.net</a>|s p/Good.iWare WebDAV Server/ i/GoodReader PDF reader; iPhone/ d/phone/ o/iOS/ cpe:/h:apple:iphone/ cpe:/o:apple:iphone_os/
match http m|^HTTP/1\.1 505 HTTP Version not supported\r\n(?:[^\r\n]+\r\n)*?Server: GoodReader for iPad\r\n.*If you have any questions, please contact <a href=\"mailto:support@goodreader\.net\">support@goodreader\.net</a>|s p/Good.iWare WebDAV Server/ i/GoodReader PDF reader; iPad/ d/media device/ o/iOS/ cpe:/h:apple:ipad/ cpe:/o:apple:iphone_os/
match http m|^HTTP/1\.0 200 OK\r\nServer: Polycom-GAB\r\nContent-type: text/html\r\nPragma: no-cache\r\n\r\n$| p/Polycom CMA Global Address Book (GAB) httpd/
match http m|^HTTP/1\.0 200 \r\n(?:[^\r\n]+\r\n)*?Server: AURA\r\n.*<TITLE>ServerView RAID Manager</TITLE>|s p/Fujitsu Siemens ServerView RAID Manager http interface/
match http m|^HTTP/1\.0 200 \r\n(?:[^\r\n]+\r\n)*?Server: AURA\r\n.*<title>ServerView RAID Manager</title>|s p/Fujitsu Siemens ServerView RAID Manager http interface/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: 227\r\n\r\n<html> <head> <title>D-Link VoIP Router</title>| p/D-Link DVG-5112S VoIP adapter/ d/VoIP adapter/ cpe:/h:dlink:dvg-5112s/a
match http m|^HTTP/1\.0 501 Method Not Implemented\r\nContent-Length: 0\r\n\r\n$| p/Zotero httpd/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Schleifenbauer SPbus gateway\r\n.*<!-- seinclude basicpagehead\.txt -->\r\n|s p/Schleifenbauer SPbus gateway http config/ d/power-device/
match http m|^HTTP/1\.1 200 OK\r\nServer: ExtremeZ-IP/([\w._-]+)\r\n.*<title>ExtremeZ-IP HTTP Service</title>|s p/ExtremeZ-IP httpd/ v/$1/
match http m|^HTTP/1\.0 302 FOUND\r\nContent-Type: text/html; charset=utf-8\r\nLocation: http://([\w._-]+):\d+/login\?next=%2F\r\n(?:[^\r\n]+\r\n)*?Server: Werkzeug/([\w._-]+) Python/([\w._-]+)\r\n|s p/Werkzeug httpd/ v/$2/ i/Flask web framework; Python $3/ h/$1/ cpe:/a:python:python:$3/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=utf-8\r\n(?:[^\r\n]+\r\n)*?Server: Werkzeug/([\w._-]+) Python/([\w._+-]+)\r\n|s p/Werkzeug httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 301 MOVED PERMANENTLY\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: \d+\r\nLocation: http://0\.0\.0\.0:\d+/web/webclient/home\r\nServer: Werkzeug/([\w._-]+) Python/([\w._+-]+)\r\n| p/Werkzeug httpd/ v/$1/ i/OpenERP XML-RPC; Python $2/ o/Unix/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nVary: Cookie, User-Agent, Accept-Language\r.*\nServer: MoinMoin (\d[\w._-]+) release Python/(\d[\w._~+-]+)\r\n|s p/MoinMoin wiki standalone httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 200 OK\r\nServer: MoinMoin ([\w._-]+) release ThreadPoolServer Python/([\w._~+-]+)\r\n| p/MoinMoin wiki standalone httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 77\r\nServer: Indy/([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"Delta Server Management Interface\"\r\n| p/Indy httpd/ v/$1/ i/Avaya IP Office Delta Server/ d/PBX/ cpe:/a:indy:httpd:$1/
match http m|^HTTP/1\.1 200 OK\r\n.*<!--\r\n#\r\n# If you have a 'split' directory installation, with configuration\r\n# files in ~/\.i2p \(Linux\) or %APPDATA%\\I2P \(Windows\), be sure to\r\n# edit the file in the configuration directory, NOT the install directory\.\r\n#\r\n--><title>I2P Anonymous Webserver</title>|s p/I2P anonymous httpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Sun-Java-System-Web-Proxy-Server/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?WWW-authenticate: basic realm=\"Web Proxy Server Administration\"\r\n|s p/Sun Java System Web Proxy http admin/ v/$1/ cpe:/a:sun:java_system_web_proxy_server:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Admin\"\r\nContent-Length: 0\r\n\r\n$| p/Juniper Steel-Belted Radius http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html>\r\n\r\n<head>\r\n<title>Steel-Belted Radius</tile>\r\n| p/Juniper Steel-Belted Radius http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\nServer: PageR Enterprise/([\w._-]+)\r\nContent-Type: text/html\r\nCache-Control: no-cache, no-store, must-revalidate \r\n\r\n| p/Avtech PageR Enterprise http interface/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nConnection: close\r\n\r\n<html><head><link rel=stylesheet type=text/css href=indexStyle\.css><title>Healy LDS Temperature #1</title>.*Sensor 1</td>.*>([\w.]*)</td>.*&deg;([CF])</td>.*Sensor 2</td>.*>([\w.]*)</td>.*&deg;([CF])</td>.*Sensor 3</td>.*>([\w.]*)</td>.*&deg;([CF])</td>.*Sensor 4</td>.*>([\w.]*)</td>.*&deg;([CF])</td>| p/Xytronics X-DAQ-2R1-4T-I temperature sensor http interface/ i/temperatures: $1 $2, $3 $4, $5 $6, $7 $8/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: FitNesse-v([\w._-]+)\r\n|s p/FitNesse httpd/ v/$1/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\n(?:[^\r\n]+\r\n)*?Location: https?://([\w._-]+)/esa\r\n(?:[^\r\n]+\r\n)*?Server: Clearwell\r\n\r\n|s p/Clearwell httpd/ h/$1/
match http m|^HTTP/1\.1 302 Found\r\nLocation: http:///logon\.htm\r\nContent-Length: 0\r\nServer: Intel\(R\) Con\. Management Engine ([\w._-]+)\r\n\r\n$| p/Intel Con. Management Engine httpd/ v/$1/
match http m|^HTTP/1\.1 401 Authorization Required\r\n(?:[^\r\n]+\r\n)*?Server: mpd web server\r\n|s p/mpd web server/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: audio/[\w._-]+\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-cache, no-store\r\n\r\n| p/mpd/ i/Music Player Daemon streaming media server/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: BitMeterOS ([\w._-]+) Web Server\r\n|s p/BitMeter OS bandwidth monitor httpd/ v/$1/
match http m|^HTTP/1\.0 302 Found\r\nMIME-Version: 1\.0\r\nAccept-Ranges: bytes\r\nServer: NaviServer/([\w._-]+)\r\nDate: .*\r\nLocation: http://filemaker\.local:\d+/login\r\n| p/NaviServer httpd/ v/$1/ i/FileMaker Server/
match http m|^HTTP/1\.0 200 OK\r\nServer: Lightstreamer/([\w._ -]+) \(Lightstreamer Push Server - www\.lightstreamer\.com\) Moderato edition\r\nContent-Type: text/html\r\nExpires: Thu, 1 Jan 1970 00:00:00 GMT\r\n| p/Lightstreamer httpd/ v/$1/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-type: text/html\r\nConnection: close\r\nDate: .*\r\n\r\n<HTML><HEAD><TITLE>Error 404</TITLE></HEAD><BODY><H1>Error 404</H1><P>Not Found</P></BODY></HTML>$| p/Ingrian Security Encryption http config/ d/security-misc/
match http m|^HTTP/1\.0 302 Found\r\n(?:[^\r\n]+\r\n)*?Location: http://([\w._-]+):\d+/status/hostgroup\r\nContent-Length: 113\r\nContent-Type: text/html; charset=utf-8\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nStatus: 302\r\n\r\n<html><body><p>This item has moved <a href=\"http://[\w._-]+:\d+/status/hostgroup\">here</a>\.</p></body></html>|s p/OpsView remote management/ h/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: KM-httpd/([\w._-]+)\r\n| p/Kyocera FS-3900DN printer http config/ v/$1/ d/printer/ cpe:/h:kyocera:fs-3900dn/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nContent-Length: 0\r\nServer: DMRND/([\w._-]+)\r\n\r\n| p/DMRND httpd/ v/$1/ i/Samsung TV/ d/media device/
match http m|^HTTP/1\.1 501 Not Implemented\r\nConnection: close\r\nContent-Length: 0\r\nServer: DMRND/([\w._-]+)\r\n\r\n$| p/DMRND httpd/ v/$1/ i/Samsung HT-C5200 entertainment system/ d/media device/ cpe:/h:samsung:ht-c5200/
match http m|^HTTP/1\.0 404 Not Found\r\ncontent-length : 90\r\ncontent-type : text/html\r\n\r\n<html>\n<pre><html><h2>404 Not Found</h2>The server could not locate the resource you requested</html>\0</pre>\n</html>$| p/McAfee virus scanner http admin/ d/security-misc/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: iroffer-dinoex/([\w._-]+)\r\n|s p/iroffer-dinoex httpd/ v/$1/
match http m|^HTTP/1\.0 200 Ok\r\r\nContent-type: text/html\r\r\n\r\r\n<h1>BAD REQUEST: HACK DETECT</h1>\r\n\r\nCHAT\.PHP\.SPB\.RU - Chat software \(c\) Dmitry Borodin - http://php\.spb\.ru/chat/\r\n| p/chat.php.spb.ru chat server httpd/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html; charset=utf-8\r\nServer: Mono-HTTPAPI/([\w._-]+)\r\nDate: .*\r\nContent-Length: 35\r\nConnection: close\r\n\r\n<h1>Bad Request \(Invalid host\)</h1>$| p/Mono-HTTPAPI/ v/$1/ i/Beagle desktop search/ cpe:/a:mono:mono:$1/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: Asterisk/\r\n| p/Digium Asterisk GUI httpd/ d/PBX/ cpe:/a:digium:asterisk/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: Asterisk\r\nDate: .*\r\nCache-Control: no-cache, no-store\r\nContent-type: text/html\r\nContent-Length: 240\r\n\r\n<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2\.0//EN">\r\n<html><head>\r\n<title>404 Not Found</title>\r\n</head><body>\r\n<h1>Not Found</h1>\r\n<p>The requested URL was not found on this server\.</p>\r\n<hr />\r\n<address>Asterisk</address>\r\n</body></html>\r\n| p/Digium Asterisk AJAM/ d/PBX/ cpe:/a:digium:asterisk/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\n(?:[^\r\n]+\r\n)*?Server: zope\.server\.http \(zope\.server\.http\)\r\n(?:[^\r\n]+\r\n)*?Location: http://([\w._-]+):\d+/calendar\r\n|s p/Zope httpd/ i/SchoolTool calendar/ h/$1/ cpe:/a:zope:zope/
match http m|^HTTP/1\.1 302 Found\r\nLocation: https://[\d.]+:\d+/home\.html\r\nContent-Length: 0\r\nServer: Allegro-Software-RomPager/([\w._-]+)\r\n\r\n$| p/Allegro RomPager/ v/$1/ i/Xerox Phaser 8560DN printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:xerox:phaser_8560dn/a
match http m|^HTTP/1\.0 200 Ok\r\n(?:[^\r\n]+\r\n)*?content-length: \d+\r\ncontent-type: text/html\r\n\r\n<\?xml version=\"1\.0\" encoding=\"utf-8\"\?>.*<meta content=\"SOGo Web Interface\" name=\"description\" />.*<meta content=\"@[\w._-]+ ([\w._-]+)\" name=\"build\" />|s p/SOGo groupware httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?ETag: \"\d+\"\r\nContent-Type: text/html\r\nContent-Length: 79\r\nAccept-Ranges: bytes\r\nCache-Control: private\r\n\r\n<html><head><META http-equiv=\"refresh\" content=\"0;URL=(\w\w-\w\w)\.htm\"></head></html>|s p/Milestone XProtect video surveillance http interface/ i/$1/ d/webcam/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nServer: Zild/([\w._-]+)\r\nContent-Type: text/plain\r\nLocation: https?://([\w._-]+):\d+/index\.csp\r\nConnection: close\r\n\r\n$| p/Zild httpd/ v/$1/ i|M/Monit network monitor| h/$2/
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nServer: Zild/([\w._-]+)\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n| p/Zild httpd/ v/$1/ i|M/Monit network monitor|
match http m|^HTTP/1\.0 200 OK\r\nServer: private\r\nCache-Control: no-cache,no-store,max-age=0\r\npragma: no-cache\r\nContent-Type: application/octet-stream\r\nContent-Length: 101376\r\nAccept-Ranges: bytes\r\nDate: .*\r\nLast-Modified: .*\r\nExpires: .*\r\nConnection: close\r\n\r\nMZP\0\x02\0\0\0\x04\0\x0f\0\xff\xff\0\0\xb8| p/Neeris worm httpd/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 404 Not Found\r\nServer: AdaptiveServerAnywhere/([\w._-]+)\r\n| p/Sybase Adaptive Server Anywhere httpd/ v/$1/ cpe:/a:sybase:adaptive_server_anywhere:$1/
match http m|^HTTP/1\.1 401 Authorization Required\r\nConnection: close\r\nDate: .*\r\nServer: Simple-DNS-Plus/([\w._-]+)\r\nCa DNS Plus\"\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 36\r\n\r\n\*Error 401 Authorization Required\*\r\n$| p/Simple DNS Plus httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: AVGADMINSERVER-\w+ \d+ BUILD=(\d+) LOC=\d+ LIC=[\w-]+\r\n.*<h1>AVG Admin Server ([\w._-]+)</h1>|s p/AVG Administration Console httpd/ v/$2 build $1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: AVGADMINSERVER-\w+ \d+ BUILD=(\d+) LOC=\d+ LIC=[\w-]+\r\n|s p/AVG Administration Console httpd/ v/build $1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?WWW-Authenticate: Basic realm=\"AVG (2013) Admin Server\"\r\n(?:[^\r\n]+\r\n)*?Server: AVGADMINSERVER64-\w+ \d+ BUILD=(\d+) LOC=\d+ LIC=[\w-]+\r\n|s p/AVG Administration Console httpd/ v/$1 build $2/
match http m|^HTTP/1\.0 200 OK\r\nDate: [A-Z]{3}, \d\d [A-Z]{3} \d\d\d\d \d\d:\d\d:\d\d GMT\r\n.*<TITLE>HP Web Console on ([\w._-]+)</TITLE>|s p/HP Guardian Service Processor httpd/ o/HP-UX/ h/$1/ cpe:/o:hp:hp-ux/a
match http m|^HTTP/1\.0 200 OK\r\nDate: \w\w, \d\d \w\w\w \d\d\d\d \d\d:\d\d:\d\d GMT\r\nServer: Texis-Monitor/([\w._-]+)\r\n| p/Thunderstone Texis-monitor httpd/ v/$1/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\ndate: .*This is a WebSEAL error message template file\.|s p/IBM WebSEAL httpd/
# http://code.google.com/p/mongoose/
match http m|^HTTP/1\.1 200 OK\r\nDate: .* GMT Standard Time\r\nLast-Modified: .* GMT Standard Time\r\nEtag: \"[0-9a-f.]+\"\r\nContent-Type: text/html\r\nContent-Length: 7\r\nConnection: close\r\nAccept-Ranges: bytes\r\n\r\nwelcome$| p/Mongoose httpd/ cpe:/a:cesanta:mongoose/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><head><title>Index of /</title>| p/Mongoose httpd/ v/3.7/ i/directory listing/ cpe:/a:cesanta:mongoose:3.7/
match http m|^HTTP/1\.0 200 cyberoam authentication response\r\nServer: awarrenhttp/([\w._-]+)\r\n| p/awarrenhttp httpd/ v/$1/ i/Cyberoam CR200 SSL VPN/ d/proxy server/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .* UTC\r\nConnection: close\r\nLocation: /admin/public/index\.html\r\n\r\n$| p/Cisco ASA 5510 firewall http config/ d/firewall/ cpe:/h:cisco:asa_5510/a
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nServer: Mbedthis-Appweb/([\w._-]+)\r\nContent-length: 0\r\nConnection: close\r\nLocation: http://([\w._-]+):\d+/index\.html\r\n\r\n$| p/Mbedthis-Appweb/ v/$1/ i/Iomega StorCenter sohoclient/ o/Windows/ h/$2/ cpe:/a:mbedthis:appweb:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/2\.0 302 Found\r\nServer: SmarterTools/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?X-AspNet-Version: ([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Location: /Login\.aspx\r\n|s p/SmarterTools httpd/ v/$1/ i/ASP.NET $2/ o/Windows/ cpe:/a:microsoft:asp.net:$2/ cpe:/a:smartertools:smartertools_web:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: _sonar_session=[\w+%-]+|s p/Sonar code quality management httpd/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/html\r\nConnection: close\r\nServer: OpenEJB/\?\?\? \(unknown os\)\r\n\r\n$| p/OpenEJB httpd/
match http m|^HTTP/1\.0 302 Found\r\n(?:[^\r\n]+\r\n)*?Location: /index\.ds\r\n(?:[^\r\n]+\r\n)*?Server: DrWebAV-DeskServer/(REL-500-[\w._-]+) Linux/i686 Lua/([\w._-]+) OpenSSL/([\w._-]+)\r\n\r\n$|s p/Dr. Web AV-Desk httpd/ v/$1/ i/i686; Lua $2; OpenSSL $3/ o/Linux/ cpe:/a:openssl:openssl:$3/ cpe:/a:puc-rio:lua:$2/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\n(?:[^\r\n]+\r\n)*?Server: vdradmind/([\w._-]+)\r\n|s p/VDR-Admin httpd/ v/$1/
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nServer: unknown\r\nLocation: https?://([\w._-]+)/workplace/access/home\r\n| p/SonicWALL SSL-VPN http proxy auth/ h/$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: webserver/([\w._-]+)\r\n.*<TITLE>OSCAM ([\w._-]+ build #\d+)</TITLE>|s p/webserver/ v/$1/ i/OSCAM $2 card sharing system/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n(?:[^\r\n]+\r\n)*?Server: AvatronHTTP \(com\.avatron\.AirSharingHD,([\w._-]+)\)\r\n\r\n|s p/lighttpd/ i/Avatron Air Sharing HD $1/ d/media device/ o/iOS/ cpe:/a:lighttpd:lighttpd/ cpe:/h:apple:ipad/ cpe:/h:apple:iphone/ cpe:/o:apple:iphone_os/
match http m|^HTTP/1\.1 302 Found\r\nLocation: http:///home\.htm\r\nContent-Length: 0\r\nWebServer:\r\n\r\n$| p/APC SmartUPS http config/ d/power-device/
match http m|^HTTP/1\.0 404 Error\r\nContent-Length: 138\r\nContent-Type:text/html\r\nServer: Ipswitch ([\w._-]+)\r\nConnection: close\r\nCache-Control: private\r\nDate: .*\r\n\r\n<html><head><title>404 Page Not Found</title></head>\r\n<body>404 Page Not Found<br>The system cannot find the file specified\.</body></html>| p/Ipswitch WS_FTP http config/ v/$1/ cpe:/a:ipswitch:ws_ftp:$1/
match http m|^HTTP/1\.1 403 Forbidden\r\nServer: ZenAgent\r\nContent-Length: 0\r\n\r\n| p/Novell ZENworks Configuration Management/ cpe:/a:novell:zenworks_configuration_management/
match http m|^HTTP/1\.1 200 OK \n\n| p/udpxy multicast UDP-to-HTTP/
match http m|^HTTP/1\.1 400 Unrecognized request\r\nServer: udpxy ([\d.-]+) \(prod\) (\w+) \[([^]]+) ([\w_]+)\]\r\nContent-Type:application/octet-stream\r\n\r\n| p/udpxy multicast UDP-to-HTTP/ v/$1/ i/$2; arch: $4/ o/$3/ cpe:/a:pavel_cherenkov:udpxy:$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=utf8\r\nX-Pow-Template: welcome\r\n| p/Pow Rack server/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 200 OK\nServer: BOINC client\n| p/BOINC client httpd/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: zVWS ([\w._-]+) Velocity Software, Inc\. on  z/VM  (V\d+R[\d.]+)\r\n|s p/Velocity Software zVPS httpd/ v/$1/ o|z/VM $2| cpe:/o:ibm:z%2fvm:$2/
match http m|^HTTP/1\.0 200 Ok\r\nSet-Cookie: PostX_Level=0\r\nRefresh: 0;url=/login\.php\r\n\r\n| p/PostX IP Reporting alarm system httpd/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nContent-Type: text/html\r\nX-Your-Address-Is: [][\w.:]+\r\nContent-Encoding: identity\r\nContent-Length: \d+\r\nExpires: .*\r\n\r\n| p/Tor built-in httpd/ i/DirPortFrontPage configured/ cpe:/a:torproject:tor/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Type: \r\nContent-Length: 0\r\nConnection: close\r\n\r\n$| p/Samsung AllShare httpd/
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nConnection: close\r\n\r\n$| p/Samsung AllShare httpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: ITW Embedded Web Server \(v([\w._-]+)\)\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Administrator, Control, View Only\"\r\n\r\n<h1>Not Authorized</h1>\r\n| p/ITW Embedded Web Server/ v/$1/ i/ITW WeatherGoose II environmental monitor http config/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: ITW Embedded Web Server \(v([\w._-]+)\)\r\nConnection: close\r\n.*<h2>Mini/([\w._-]+) II&trade; v([\w._-]+)</h2>|s p/ITW Embedded Web Server/ v/$1/ i/ITW MiniGoose XP II environmental monitor http config/ o|Mini/$2 II $3|
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: Cyms-SecS v([\w._-]+)\r\n| p/Citrix Cyms-SecS/ v/$1/
match http m|^HTTP/1\.1 200 Success\r\n(?:[^\r\n]+\r\n)*?Server: LightSpeedServer/([\w._-]+)  client_version/([\w._-]+) rest_protocol/([\w._-]+)\r\n|s p/LightSpeedServer/ v/$1/ i/client_version $2; rest_protocol $3/
match http m|^HTTP/1\.1 200 OK\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=\w+;Path=/\r\nContent-Type: text/html\r\nLast-Modified: .*\r\nAccept-Ranges: bytes\r\nContent-Length: 115\r\n\r\n<html>\n<head><title></title>\n<meta http-equiv=\"refresh\" content=\"0;URL=index\.jsp\">\n</head>\n<body>\n</body>\n</html>\n\n| p/Jetty/ i/Openfire chat server http admin/ cpe:/a:igniterealtime:openfire/ cpe:/a:mortbay:jetty/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Linux, HTTP/1\.1, (DIR-[\w._+-]+) Ver ([\w._-]+)\r\n| p/D-Link $1 WAP http config/ v/$2/ o/Linux/ cpe:/h:dlink:$1:$2/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?X-Powered-By: Servlet ([\w._-]+); JBoss-([\w._-]+) \(build: SVNTag=JBoss_[\w._-]+ date=\d+\)/Tomcat-([\w._-]+)\r\n|s p/Apache Tomcat/ v/$3/ i/JBoss $2; Servlet $1/ cpe:/a:apache:tomcat:$3/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Prayer/([\w._-]+)\r\n|s p/Prayer webmail httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Nu-OS/([\w._-]+)\r\n.*<title>Pioneer Web Control System</title>|s p/Nu-OS/ v/$1/ i/Pioneer VSX-2020 AV receiver/ d/media device/
match http m|^HTTP/1\.0 403 Access Denied\r\nConnection: close\r\n\r\n<html>The request you issued is not an authorized Convergence Notary request\.\n$| p/Convergence Notary server httpd/
match http m|^HTTP/1\.1 200 OK\r\nDate: Wed, 31 Dec 1969 15:00:00 GMT\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\n.*<title>MONITOR NETWORK SETTINGS</title>.*<!--\nvar mac=\"(\w+)\";\nvar ip3=\d+;\nvar ip2=\d+;\nvar ip1=\d+;\nvar ip0=\d+;\nvar nm3=\d+;\nvar nm2=\d+;\nvar nm1=\d+;\nvar nm0=\d+;\nvar gw3=\d+;\nvar gw2=\d+;\nvar gw1=\d+;\nvar gw0=\d+;\nvar dh=\"0\";\nvar vDns1_0=(\d+);\nvar vDns1_1=(\d+);\nvar vDns1_2=(\d+);\nvar vDns1_3=(\d+);\nvar vDns2_0=\d+;\nvar vDns2_1=\d+;\nvar vDns2_2=\d+;\nvar vDns2_3=\d+;\nvar vVer=\"([\w._-]+)\";|s p/NEC Multeos M461 TV http config/ v/$6/ i/MAC: $1; nameserver $2.$3.$4.$5/
match http m|^HTTP/1\.1 303 See Other\r\nConnection: close\r\nLocation: http://[\d.]+/login_home\.html\r\n\r\n| p/Tandberg Codian 3510 video gateway http config/ d/media device/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nCache-Control: no-store\r\nConnection: close\r\nAccept-Ranges: none\r\nLocation: https?://([\w._-]+)/CitrixLogonPoint/WICL/\r\nContent-Length: 0\r\n\r\n| p/Citrix Access Gateway/ h/$1/ cpe:/a:citrix:access_gateway/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nCache-Control: no-cache\r\nConnection: close\r\nAccept-Ranges: none\r\nLocation: https?://([\w._-]+):\d+/\r\n\r\n$| p/Citrix Access Gateway/ h/$1/ cpe:/a:citrix:access_gateway/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nCache-Control: no-cache\r\nConnection: close\r\nAccept-Ranges: none\r\nLocation: https?://([\w._-]+):\d+/\r\nContent-Length: 0\r\n\r\n$| p/Citrix Access Gateway/ h/$1/ cpe:/a:citrix:access_gateway/
match http m|^HTTP/1\.0 200 OK\r\nServer: Httpd v([\w._ -]+)\r\nContent-Type: text/html\r\n.*<meta http-equiv=\"refresh\" content=\"0; url=/cgi-bin/videoconfiguration\.cgi\">\r\n|s p/ACTi surveillance camera http config/ v/$1/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nServer: Httpd v([\w._ -]+)\r\nContent-Type: text/html\r\n.*<meta http-equiv=\"refresh\" content=\"0; url=/cgi-bin/videoconfiguration\.cgi\">\r\n|s p/ACTi ACM-1231 surveillance camera http config/ v/$1/ d/webcam/ cpe:/h:acti:acm-1231/
match http m|^HTTP/1\.1 200 OK\r\nServer: Httpd v([\w._-]+) (\d\d\w\w\w\d\d\d\d)\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?\r\n\xef\xbb\xbf<html>.*<title>Web Configurator</title>|s p/ACTi E31 surveillance camera http config/ v/$1/ i/$2/ d/webcam/ cpe:/h:acti:e31/
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nConnection: close\r\nPragma: no-cache\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\r\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\">\r\n<head>\r\n    <title>([\w._-]+)</title>| p/ACTi $1 surveillance camera http config/ d/webcam/ cpe:/h:acti:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: (4D_v[\w._-]+)/([\w._-]+)\r\n| p/$1 httpd/ v/$2/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nConnection: close\r\n\r\n<html><head><link rel=stylesheet type=text/css href=indexStyle\.css><title>Webrelay Quad</title>| p/ControlByWeb WebRelay-Quad http admin/ d/remote management/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: 17\r\n\r\nNo soap\. Radio!\n\n$| p/Coyote Point Equalizer load balancer http config/ d/load balancer/
# http://hg.barrelfish.org/file/tip/usr/webserver/
match http m|^HTTP/1\.0 200 OK\r\nServer: Barrelfish\r\n| p/Barrelfish httpd/ o/Barrelfish/ cpe:/o:barrelfish:barrelfish/
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Type: text/html\r\nConnection: close\r\nPragma: no-cache\r\nWWW-Authenticate: Basic realm=\"netcam\"\r\nContent-Length: 17\r\n\r\n401 Unauthorized\n$| p/TRENDnet TV-IP100 or TV-IP110 webcam display httpd/ d/webcam/ cpe:/h:trendnet:tv-ip100/ cpe:/h:trendnet:tv-ip110/
# False positives reported for EMC VNX 5200 - SAN device:
match http m|^HTTP/1\.1 403 Forbidden\r\nContent-Length: 0\r\n\r\n$| p/TRENDnet TV-IP110W webcam display httpd/ d/webcam/ cpe:/h:trendnet:tv-ip110w/
# Trendnet TV-IP110w
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Type: text/html\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"netcam\"\r\nContent-Length: 17\r\n\r\n401 Unauthorized\n$| p/TRENDnet TV-IP110w or TV-IP422W webcam display httpd/ d/webcam/ cpe:/h:trendnet:tv-ip110w/ cpe:/h:trendnet:tv-ip422w/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Internet Camera\"\r\nContent-Type: text/html\r\nContent-Length: 16\r\nPragma: no-cache\r\n\r\n401 Unauthorized| p/TRENDnet TV-IP301 webcam display httpd/ d/webcam/ cpe:/h:trendnet:tv-ip301/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: GoAhead-Webs\r\nDate: .* \d\d\d\d\r\nWWW-Authenticate: Basic realm=\"Internet Camera\"\r\n.*<CENTER><FONT SIZE=\"5\" COLOR=\"#FF0000\" face=\"Arial\">Access Denied</FONT></CENTER></BODY></HTML> {500}|s p/GoAhead WebServer/ i/LogiLink WC0002B webcam http config/ cpe:/a:goahead:goahead_webserver/a cpe:/h:logilink:wc0002b/
match http m|^HTTP/1\.0 200 OK\r\nHTTP/1\.0 200 OK\r\nServer: ap\r\nConnection: close\r\nCache-Control: must-revalidate = no-cache\r\nContent-Type: text/html\r\nExpires: 0\r\nLast-Modified: 0\r\n\r\n<html>  \r\n<head><title>IEEE802\.11b Wireless LAN Access Point| p/Blitzz BWA601 WAP http config/ d/WAP/ cpe:/h:blitzz:bwa601/
match http m|^HTTP/1\.1 200 OK\r\nServer: WindWeb/([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"\"\r\n\r\n<html>\n<head>\n<TITLE>(AMS\w+)</TITLE>\n\n| p/WindWeb/ v/$1/ i/Hitachi $2 NAS device http config/ d/storage-misc/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nLocation: http://[\d.]+:\d+/apex\r\nContent-Type: text/html;charset=ISO-8859-1\r\nContent-Language: en-US\r\nDate: .*\r\nConnection: close\r\n\r\n<html>\r\n<head><title>Document moved</title></head>\r\n| p/Oracle Application Express (APEX) http admin/ cpe:/a:oracle:apex/
match http m|^HTTP/1\.1 200 OK\r\nPragma: no-cache\r\nConnection: close\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\n<html><head><meta http-equiv=\"refresh\" content=\"0;url=/_top\.html\">\n<title></title></head><body></body></html>\0| p/Canon imageRUNNER 2520 printer http config/ d/printer/ cpe:/h:canon:imagerunner_2520/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n<html>\n\t<head>\n\t\t<title>XEP Engine: Status</title>\n\t</head>\n\t<body>\n\t\t<h1>XEP Engine</h1>\n\t\t<dl>\n\t\t\t <dt>state:</dt>\n\t\t\t <dd>([^\n\t]+)\n\t\t</dl>| p/RenderX XEP httpd/ i/state: $1/
match http m|^HTTP/1\.1 403 Forbidden\r\nServer: tksock\r\nDate: .*\r\nConnection: Close\r\nContent-length: 82\r\nContent-type: text/html\r\n\r\n<HTML><TITLE>Error</TITLE><BODY><H2>\r\nHTTP/1\.1 403: Forbidden\r\n</H2></BODY></HTML>| p/Agfeo TK-Suite PBX httpd/ d/PBX/
# The .* looks like part of a Date header.
match http m|^HTTP/1\.0 303 See Other\r\nLocation: http://[\d.]+:\d+\r\n\0.* GMT\r\nSContent-Length: 0\r\n\r\n$| p/Toshiba e-STUDIO printer http config/ d/printer/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Firefly/([\w._-]+)\r\n|s p/Firefly/ v/$1/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: libzapid-httpd\r\nContent-Type: text/html\r\nContent-Length: 86\r\nDate: .*\r\n\r\n<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1></BODY></HTML>\n| p/libzapid-httpd/ i/NetApp DFM http config/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nAccept-Ranges: none\r\n.*<title>Citrix Access Gateway</title>|s p/Citrix Access Gateway firewall http config/ d/firewall/ o/Windows/ cpe:/a:citrix:access_gateway/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nConneccept-Ranges: none\r\n.*<title>Citrix Access Portal</title>|s p/Citrix Access Gateway firewall http config/ d/firewall/ o/Windows/ cpe:/a:citrix:access_gateway/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 302 Object Moved\r\nLocation: /vpn/index\.html\r\nConnection: close\r\n| p/Citrix Access Gateway firewall http config/ d/firewall/ o/Windows/ cpe:/a:citrix:access_gateway/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\nPragma: no-cache\r\nConnection: close\r\nCache-Control: no-cache\r\nExpires: Thu,01 Jan 1970 00:00:00 GMT\r\nContent-Type: text/html\r\n\r\n<html><head><meta http-equiv=\"refresh\" content=\"0;url=/_top\.html\">\n<title></title></head><body></body></html>\0$| p/Canon imageRUNNER 2500-series printer http config/ d/printer/ cpe:/h:canon:imagerunner_2500/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: Hiawatha v([\w._-]+)\r\nConnection: close\r\nWWW-Authenticate: Digest realm=\"Private page\", nonce=\"[0-9A-F]+\", algorithm=MD5, stale=false\r\nContent-Length: 404\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01//EN\" \"http://www\.w3\.org/TR/html4/strict\.dtd\">\n<html>\n<head>\n<title>401 - Unauthorized</title>\n<style type=\"text/css\">BODY { color:#ffffff ; background-color:#00000a }\nDIV { font-family:sans-serif ; font-size:30px ; letter-spacing:20px ; text-align:center ; position:relative ; top:250px }\n</style>\n</head>\n<body>\n<div>401 - Unauthorized</div>\n</body>\n</html>\n$| p/Hiawatha/ v/$1/ i/Echostar ViP 722k satellite receiver/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: VB\r\n.*<TITLE>Network Camera (VB-\w+)/(VB-\w+)</TITLE>|s p/Canon $1 or $2 webcam http config/ d/webcam/
# Note weird date format.
match http m|^HTTP/1\.1 400 Page not found\r\nServer: Schneider-WEB/V([\w._-]+)\r\nDate: [A-Z]+ [A-Z]+ \d+ \d+:\d+:\d+ \d+\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-length: 154\r\nContent-Type: text/html\r\n\r\n<html><head><title>Document Error: Page not found</title></head>\r\n\t\t<body><h2>Access Error: Page not found</h2>\r\n\t\t<p>Bad request type</p></body></html>\r\n\r\n$| p/Schneider-WEB/ v/$1/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: Schneider-WEB/V([\w._-]+)\r\nDate: [A-Z]+ [A-Z]+ \d+ \d+:\d+:\d+ \d+\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-length: 249\r\nContent-Type: text/html\r\nLocation: http://\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xeeP/index\.htm\r\n| p/Schneider-WEB/ v/$1/
# http://bitlash.net/wiki/bitlashwebserver
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/plain\r\n\r\nBitlash web server here! v([\w._-]+)\r\nUptime: (\w+)\r\nPowered by Bitlash\.\r\n| p/Bitlash web server/ v/$1/ i/Arduino; uptime: $2/ cpe:/a:bitlash:bitlash:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Protected\"\r\nConnection: close\r\n\r\n401 Unauthorized: Password required\r\n$| p/ViewSonic PJD6521 projector http config/ d/media device/ cpe:/h:viewsonic:pjd6521/
match http m|^HTTP/1\.0 403 Forbidden\r\nDate: .*\r\nServer: Helix Mobile Server/([\w._-]+) \(win-x86_64-vc10\)\r\n| p/Helix Mobile Server httpd/ v/$1/ i/x86_64/ o/Windows/ cpe:/o:microsoft:windows/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nExpires: Fri, 01 Jan 1980 00:00:00 GMT\r\n.*<title>Gerrit Code Review</title>|s p/Jetty/ i/Gerrit code review/ cpe:/a:mortbay:jetty/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Apache  NetFile/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Content-Length: 177\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4\.01//EN\">\n\n<html>\n\n<head>\n        <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=/cgi-bin/set_index\.cgi\">\n</head>\n\n<body>\n\n</body>\n\n</html>\n$|s p/Ricoh Aficio IS200e scanner http config/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\n\n<html>\n<head>\n<meta http-equiv=\"Content-Language\" content=\"en-us\">\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n<link href=\"images/style\.css\" rel=\"stylesheet\" type=\"text/css\">\n</head>\n<body class=\"globalNew\" onload=\"document\.frmRedirectToTop\.submit \(\)\">\n| p/Cisco RV 120W or RV 180 WAP http config/ d/WAP/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: IP-Phone-Web\r\nDate: [A-Z]+ [A-Z]+ \d+ \d+:\d+:\d+ \d+\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://dummy/index\.asp\r\n\r\n<html><head></head><body>\r\n\t\tThis document has moved to a new <a href=\"http://dummy/index\.asp\">location</a>\.\r\n\t\tPlease update your documents to reflect the new location\.\r\n\t\t</body></html>\r\n\r\n$| p/TalkSwitch TS-350i VoIP phone http config/ d/VoIP phone/ cpe:/h:talkswitch:ts-350i/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: IP-Phone-Web\r\nDate: [A-Z]+ [A-Z]+ \d+ \d+:\d+:\d+ \d+\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://dummy:\d+/index\.asp\r\n\r\n<html><head></head><body>\r\n\t\tThis document has moved to a new <a href=\"http://dummy:8000/index\.asp\">location</a>\.\r\n\t\tPlease update your documents to reflect the new location\.\r\n\t\t</body></html>\r\n\r\n$| p/Vertical Edge 5000i VoIP phone http config/ d/VoIP phone/ cpe:/h:vertical:edge_5000i/
# Other probes cause things like |^RECONNECT\x04RECONNECT\x04|.
match http m|^HTTP/1\.0 200 OK \r\nServer: Mobile Air Mouse Server \r\n.*The Mobile Air Mouse server running on \"([\w._-]+)\" was able to receive your request\.</p></BODY></HTML>\r\n|s p/Mobile Air Mouse httpd/ h/$1/
match http m|^HTTP/1\.0 200 OK \n Server: Mobile Air Mouse Server \n.*The Mobile Air Mouse server running on \"([\w._-]+)\" was able to receive your request\.</p></BODY></HTML>|s p/Mobile Air Mouse httpd/ h/$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: 0\r\n\r\n$| p|Mercury/32 Mail Transport httpd| o/Windows/ cpe:/o:microsoft:windows/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\"\r\n  \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\r\n<head>\r\n<title>Flyport online webserver</title>\r\n| p/openPICUS Flyport wi-fi module httpd/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nServer: SwyxConnect ([\w._-]+) \(Annex B\) ([\w._ /-]+)\r\nCache-Control: no-cache\r\nExpires: Thu, 31 Dec 1999 00:00:00 GMT\r\n| p/SwyxConnect $1 VoIP phone http config/ v/$2/ d/VoIP phone/
match http m%^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nExpires: Sat, 01 Jan 2000 00:00:00 GMT\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3\.2 Final//EN\">\r\n<HTML>\r\n<HEAD><TITLE>ZBR\w+ - (?:PAUSED|READY)</TITLE><meta http-equiv=\"Pragma\" content=\"no-cache\"><meta http-equiv=\"Expires\" content=\"0\"></HEAD>\r\n<BODY><CENTER>\r\n<IMG SRC=\"logo\.png\" ALT=\"\[Logo\]\">\r\n<H1>Zebra Technologies<BR>\r\nZTC ([\w -]+)</H1>% p/Zebra $1 label printer http config/ d/printer/ cpe:/h:zebra:$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Kayak\r\nDate: \d+/\d+/\d+ \d+:\d+:\d+ [AP]M\r\n|s p/Kayak/
match http m|^HTTP/1\.1 200 OK\r\nServer: DOT-TUNES\r\n(?:[^\r\n]+\r\n)*?DOT-TUNES: ([\w._-]+)\r\n|s p/Dot.Tunes iTunes sharing httpd/ v/$1/
match http m|^HTTP/1\.0 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: Hiawatha v([\w._-]+)\r\n.*<html><head><title>404 - Not Found</title><style type=\"text/css\">\n<!--\nBODY { color:#ffffff ; background-color:#00000a }\nDIV { font-family:sans-serif ; font-size:30px ; letter-spacing:20px ; text-align:center ; position:relative ; top:250px }\n--></style></head>\n<body><div>404 - Not Found</div></body></html>\n$|s p/Hiawatha/ v/$1/ i/Aerohive HiveAP WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nContent-Length: 415\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html>\n<head>\n<title>Login</title>\n<script>\nvar exp = new Date\(\);\nexp\.setTime\(exp\.getTime\(\)\+\(1000\*6\)\);\n| p/D-Link DGS-1100 switch http config/ d/switch/ cpe:/h:dlink:dgs-1100/
match http m|^HTTP/1\.0 404 Not Found\r\nConnection: closed\r\nContent-Type: text/html; charset=UTF-8\r\n.*<html><head><title>404 Not Found</title>|s p/PHP built-in httpd/ v/5.4.0 or later/ cpe:/a:php:php/
# Also "COMAR SLR-200N - AIS Receiver with LANTRONIX XPort server".
match http m|^HTTP/1\.1 404 ERROR\r\n\r\nERROR 404\r\n$| p/Stanley NT500 access control system httpd/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: .*\r\nDate: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\nSet-Cookie: session_id=\d+; path=/;\r\n\r\n<!--- Page\(9055\)=\[Login\] --->| p/AudioCodes MP-202 VoIP adapter http config/ d/VoIP adapter/ cpe:/h:audiocodes:mp-202/
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nContent-length: \d+\r\nContent-type: text/html\r\n\r\n<html>\n\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n<title> Password Required</title>\n<link rel=\"shortcut icon\" href=\"favicon\.ico\">\n<link rel=\"stylesheet\" type=\"text/css\" href=\"ic\.css\">\n<script src=\"product\.js\"></script>\n<script src=\"script\.js\"></script>\n<script src=\"md5\.js\"></script>\n| p/Speakerbus iD101 VoIP phone http config/ d/VoIP phone/ cpe:/h:speakerbus:id101/
match http m|^HTTP/1\.0 401 Unauthorized\nContent-Type: text/html; charset=iso-8859-1\nExpires: Thu, 01 Dec 1994 23:12:40 GMT\nServer: ServersCheck_Monitoring_Server/([\w._-]+)\n.*<p>Username / Password is still <strong>(\w+/\w+)</strong>\.  Please update\.</p>|s p/ServersCheck Monitoring Server httpd/ v/$1/ i/credentials: $2/
match http m|^HTTP/1\.0 401 Unauthorized\nContent-Type: text/html\nExpires: Thu, 01 Dec 1994 23:12:40 GMT\nServer: ServersCheck_Monitoring_Server/([\w._-]+)\n|s p/ServersCheck Monitoring Server httpd/ v/$1/
match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\n.*<title>VMware View</title>|s p/VMware ESX Server httpd/ cpe:/o:vmware:esx/
match http m|^HTTP/1\.1 200 Ok\r\nServer: PMSoftware-SWS/([\w._-]+)\r\n| p/PMSoftware Simple Web Server/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\ncontent-type: text/html\r\ncontent-length: \d+\r\nlast-modified: .*\r\netag: [0-9a-f]+\r\nConnection: close\r\n\r\n| p/Node.js/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: (DPH-\w+)\r\n| p/D-Link $1 VoIP phone http config/ d/VoIP phone/ cpe:/h:dlink:$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: Mango DSP HTTP Stack\r\n.*<title>Mango IP Node Configuration</title>|s p/Mango DSP AVS Raven-M video server http config/ d/media device/
# Last-Modified has time zone.
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nLast-Modified: .* [-+]\d+\r\nExpires: .*\r\n\r\n| p/OpenText FirstClass webmail httpd/ cpe:/a:opentext:firstclass/
match ssl/http m|^HTTP/1\.0 403 Secure Channel Required\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/plain; charset=utf-8\r\nDate: .*\r\nServer: ExpertAssist/([\w._-]+)\r\n| p/ExpertAssist/ v/$1/ i/ScriptLogic Remote Desktop/
match ssl/http m|^HTTP/1\.0 302 Moved Temporarily\r\nAccept-Ranges: none\r\nConnection: close\r\nContent-Length: 0\r\nContent-Type: application/octet-stream\r\nDate: .*\r\nLocation: https://[^/]*/\r\nServer: ExpertAssist/([\w._-]+)\r\n| p/ExpertAssist/ v/$1/ i/ScriptLogic Remote Desktop/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: ExpertAssist/([\w._-]+)\r\nSet-Cookie: RASID=\w+; path=/\r\n|s p/ExpertAssist/ v/$1/ i/ScriptLogic Remote Desktop/
match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: LOGSSLCHECK=nossl; path=/; expires=.*\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Language: en\r\nContent-Length: \d+\r\nContent-Location: /default\.html\r\n.*<title>ExpertAssist</title>|s p/ScriptLogic ExpertAssist remote management httpd/ d/remote management/
match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nExpires: -1\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">\r\n<html>\r\n<head>\r\n  <title>Thomson Gateway - Startseite</title>| p/Thomson SpeedTouch 536i router http config/ d/router/ cpe:/h:thomson:536i/
match http m|^HTTP/1\.1 200\r\nContent-type: text/html\r\nConnection: close\r\nCONTENT-LENGTH: 240\r\n\r\n<HTML>\r\n<HEAD>\r\n<title>Web-Manager ([\w._-]+)</title>\r\n</HEAD>\r\n<BODY bgcolor=\"#FFFFFF\">\r\n<center>\r\n<applet code=\"container\.class\" archive=web\.jar width=\"743\" height=\"1250\" style=\"border: thick ridge\" VIEWASTEXT>\r\n</applet>\r\n</body>\r\n</html>\r\n\r\n$| p/Napco Netlink NL-MOD http config/ v/$1/
match http m|^<HTML><HEAD></HEAD>\r\n<BODY bgcolor=0x000080 text=#FFFFFF link=#00FF00 vlink=#00FF00><font face=Arial,Helvetica size=2>\r\n<font face=Arial,Helvetica><B>\r\n<CENTER>ERF-Gateway Settings & States</B><BR><TABLE BORDER=0>\r\n<TR><TD><font face=Arial,Helvetica size=2>Software</TD><TD><font face=Arial,Helvetica size=2>ERF-Gateway V([\w._-]+)</TD></TR>\r\n<TR><TD><font face=Arial,Helvetica size=2>Compilation Date</TD><TD><font face=Arial,Helvetica size=2>(\d\d/\d\d/\d\d)</TD></TR>\r\n| p/LaCrosse GW-1000U weather station httpd/ v/$1 $2/
match http m|^HTTP/1\.0 200 OK\r\nServer: \$ProjectRevision: ([\w._-]+) \$\r\nContent-Type: text/html\r\n\r\n<html>\n\n  <head>\n      <meta http-equiv=\"cache-control\" content=\"no-cache, no-store\">\n| p/Teradici PCoIP remote management http config/ v/$1/ d/remote management/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: https://\(null\)/\r\nContent-Length: 2\r\n\r\n\r\n| p/Teradici PCoIP remote management http config/ d/remote management/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nContent-Length: 131\r\nContent-Type: text/html\r\n\r\n\n\n<HTML>\n<HEAD>\n<meta http-equiv=\"Refresh\" content=\"0;URL=/dynamic/action\?Page=general&Action=get\">\n</HEAD>\n<BODY>\n</BODY>\n</HTML>\n$| p/Digital Stream DPS-1000 set-top box http config/ d/media device/
match http m|^HTTP/1\.0 200 OK\nConnection: close\nContent-type: text/html\nContent-Length: \d+\n\n\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3\.2 Final//EN\">\n<HTML>\n<head>\n<LINK  REL=\"STYLESHEET\" TYPE=\"TEXT/CSS\"  HREF=\"/ismserver\.css\">\n<title>Netcool/ISM Login</title>\n| p/IBM Netcool Internet Service Monitors httpd/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Z-World Rabbit\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML>\r\n<HEAD>\r\n<title>SafetyNet Series 5</title>| p/Z-World Rabbit microcontroller httpd/ i/SafetyNet Series 5 environmental monitor/ d/specialized/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 48\r\nServer: Indy/([\w._-]+)\r\n\r\nThe requested URL / was not found on this server$| p/Indy httpd/ v/$1/ i/Avaya VoIP phone upgrade service/ cpe:/a:indy:httpd:$1/a
match http m|^HTTP/1\.1 200 OK\r\nCONTENT-ENCODING: gzip\r\nEXPIRES: .*\r\nCONTENT-LENGTH: \d+\r\nLAST-MODIFIED: .*\r\nDATE: .*\r\nCONTENT-TYPE: text/html; charset=UTF-8\r\nCACHE-CONTROL: max-age=0, no-cache, public\r\nSERVER: Linux/([\w._-]+) Motorola/([\w._-]+) DAV/2\r\n| p/Moto Phone Portal httpd/ i/Linux $1; Motorola Defy $2/ d/phone/ o/Android/ cpe:/o:google:android/ cpe:/o:linux:linux_kernel:$1/
match http m|^HTTP/1\.1 302 Found\r\nServer: httpd\r\nDate: .*\r\nLocation: login\.html\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\nConnection: close\r\n\r\n$| p/Green Packet DX230 WAP http config/ d/WAP/ cpe:/h:green_packet:dx230/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Radware-web-server\r\nWWW-Authenticate: Basic realm=\"Radware\"\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\n<html><head><title>Document Error: Unauthorized</title>| p/Radware OnDemand switch http config/ d/switch/
match http m|^HTTP/1\.0 401 Unauthorized\nServer: Gnat-Box/([\w._-]+)\n| p/Global Technology Associates Gnat Box firewall http config/ v/$1/ d/firewall/
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: Mon, 21 Feb 2011 17:38:00 GMT\r\nContent-Length: 0\r\n\r\n$| p/Apple TV httpd/ d/media device/ cpe:/a:apple:apple_tv/
match http m|^HTTP/1\.1 307 Temporary Redirect\r\n(?:[^\r\n]+\r\n)*?Content-Length: 0\r\nConnection: keep-alive\r\nServer: AmazonS3\r\n\r\n$|s p/Amazon S3 httpd/
match http m|^HTTP/1\.1 200 OK\nServer: BO/([\w._-]+)\nDate: .*\nContent-type: text/html\nPublic: GET, POST\nConnection: keep-alive\n\n| p/BO2K built-in httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\nHello, non-Bayeux request\. Yet another one$| p/Node.js/ i/Faye Bayeux protocol/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.[01] \d\d\d [^\r\n]*\r\nCONTENT-TYPE: text/html\r.*\nServer: IBM_CICS_Transaction_Server/([\w._-]+)\(zOS\)\r\n|s p/IBM CICS Transaction Server/ v/$1/ o|z/OS| cpe:/o:ibm:z%2fos/
match http m|^HTTP/1\.1 200 OK\r\nServer: corehttp-([\w._-]+)\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html><body><pre>| p/CoreHTTP/ v/$1/ i/directory listing/
# http://code.google.com/p/webfinger/
match http m|^HTTP/1\.1 400 Bad request\r\n\r\n$| p/WebFinger httpd/
match http m|^HTTP/1\.1 500 Internal Server Error\r\nContent-Type: text/plain; charset=UTF-8\r\n\r\nFailure: 500 Internal Server Error\r\nnull\r\n\r\n$| p/Eucalyptus httpd/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html; charset=utf-8\r\nContent-Length: 204\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 3\.2 Final//EN\"><html>\n<title>Directory listing for /</title>\n<body>\n<h2>Directory listing for /</h2>\n<hr>\n<ul>\n<li><a href=\"\.\./\">\.\./</a>\n</ul>\n<hr>\n</body>\n</html>\n$| p/Dionaea honeypot httpd/
# http://www.erlang.org/doc/man/inets.html
match http m|^HTTP/1\.0 200 OK\r\nServer: inets/([\w._-]+)\r\n| p/inets/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Encoding: gzip\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n\x1f\x8b\x08\0\0\0\0\0\x02\x03\xa5\x93Mo| p/HP ProCurve 1800-24G switch http config/ d/switch/ cpe:/h:hp:procurve_switch_1800/ cpe:/o:hp:procurve_switch_software/
match http m|^HTTP/1\.1 200 OK\r\nServer: afts/([\w._-]+)\r\n| p/afts/ v/$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: OBi(\w+)\r\n| p/Obihai OBi$1 VoIP adapter http config/ d/VoIP adapter/ cpe:/h:obihai:obi$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n1\.0\n(?:\d\d\d\d-\d\d-\d\d\n)+| p/OpenStack Nova httpd/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n{\"versions\": \[{\"status\": \"CURRENT\", \"id\": \"v([\w._-]+)\"}\]}| p/OpenStack Nova httpd/ v/$1/
# http://www.fastpath.it/products/palantir/index.php
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: multipart/x-mixed-replace; boundary=--mp-boundary\r\nExpires: .*\r\nPragma: no-cache\r\nCache-Control: no-store, no-cache\r\nX-Protocol-Version: (\d+)\r\nX-Greeting: Livefeed\r\n\r\n--mp-boundary\r\n| p/Palantir media streaming httpd/ i/protocol $1/
match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServer: MediaMallServer/([\w._-]+)\r\n| p/PlayOn MediaMallServer httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!---CAS:0003--><HTML><HEAD>\n<TITLE>I-O DATA Broadband Router ETX-R</TITLE>| p/I-O Data ETX-R router http config/ d/router/
match http m|^HTTP/1\.0 401 com\.wm\.app\.b2b\.server\.AccessException: com\.wm\.app\.b2b\.server\.AccessException: \[ISS\.0084\.9004\] Access Denied\r\nWWW-Authenticate: Basic realm=\"webMethods\"\r\n| p/Software AG webMethods httpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Secure Area\"\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>Error</TITLE><META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=utf-8\"></HEAD><BODY>401 Unauthorized</BODY></HTML>$| p/ScriptLogic Image Center remote agent httpd/ d/remote management/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nExpires: .*\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<HTML><HEAD><TITLE>Welcome to (963)</TITLE>| p/Trend $1 building control system httpd/ d/security-misc/ cpe:/h:trend:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWww-Authenticate: Basic REALM=\"elmeg\"\r\nContent-Type: text/plain\r\nContent-Length: 22\r\n\r\nUnauthorized request\r\n$| p/Elmeg IP 290 VoIP phone http config/ d/VoIP phone/ cpe:/h:elmeg:ip_290/
match http m|^HTTP/1\.1 401 Authorization Required\nDate: .* ([-+]\d+)\nServer: WebPidginZ \n([\w._-]+)\nWWW-Authenticate: Digest realm=\"WebPidginZLoginDigest\", nonce=\"[0-9a-f]+\", opaque=\"0000000000000000\", stale=false, algorithm=MD5, qop=\"auth\"\nConnection: close\nContent-type: text/html\n\n\n\n$| p/WebPidgin-Z instant messaging interface/ v/$2/ i/time zone: $1/

match http m|^HTTP/1\.0 \d\d\d [^\r\n]+\r\n[Cc]ontent-[Tt]ype: application/json; charset=UTF-8\r\n[Cc]ontent-[Ll]ength: \d+\r\n\r\n{.*?"name" : "([^"]+)",\n  "cluster_name" : "([^"]+)",(?:\n  "cluster_uuid" : "[^"]*",)?\n  "version" : {\n    "number" : "([\w._-]+)",.*"lucene_version" : "([^"]+)"\n  },\n  "tagline" : "You Know, for Search"\n}\n|s p/Elasticsearch REST API/ v/$3/ i/name: $1; cluster: $2; Lucene $4/ cpe:/a:apache:lucene:$4/ cpe:/a:elasticsearch:elasticsearch:$3/
match http m|^HTTP/1\.0 \d\d\d [^\r\n]+\r\n[Cc]ontent-[Tt]ype: application/json; charset=UTF-8\r\n[Cc]ontent-[Ll]ength: \d+\r\n\r\n{.*?"name" : "([^"]+)",\n  "cluster_name" : "([^"]+)",(?:\n  "cluster_uuid" : "[^"]*",)?\n  "version" : {\n    "number" : "([\w._-]+)",.*"lucene_version" : "([^"]+)"|s p/Elasticsearch REST API/ v/$3/ i/name: $1; cluster: $2; Lucene $4/ cpe:/a:apache:lucene:$4/ cpe:/a:elasticsearch:elasticsearch:$3/
match http m|^HTTP/1\.0 \d\d\d [\w ]+\r\n[Cc]ontent-[Tt]ype: application/json; charset=UTF-8\r\n[Cc]ontent-[Ll]ength: \d+\r\n\r\n{.*"name" : "([^"]+)",(?:\r?\n  "cluster_uuid" : "[^"]*",)?\r?\n  "version" : {\r?\n    "number" : "([^"]+)",.*"lucene_version" : "([^"]+)"}|s p/Elasticsearch REST API/ v/$2/ i/name: $1; Lucene $3/ cpe:/a:apache:lucene:$3/ cpe:/a:elasticsearch:elasticsearch:$2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm="([^"]+)"(?:[^\r\n]*\r\n)*?\r\n\{"error":\{"root_cause":\[\{"type":"security_exception","reason":"missing authentication token for REST request \[/|s p/Elasticsearch REST API/ i/Shield plugin; realm: $1/ cpe:/a:elasticsearch:elasticsearch/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Digest realm="([^"]+)",nonce="[\da-f]{32}"\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 19\r\n\r\nUnauthorized access| p/Elasticsearch REST API/ i/realm: $1/ cpe:/a:elasticsearch:elasticsearch/

match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"NETWORK\"\r\nContent-Type: text/html\r\nServer: Lancam Server\r\n\r\n| p/American Dynamics EDVR security recorder/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Muratec Server Ver\.([\w._-]+)\r\n.*<TITLE>Administration tool for IF-300</TITLE>\r\n|s p/Muratec IF-300 network module http config/ v/$1/ i/for F-320 printer/ d/printer/ cpe:/h:muratec:f-320/ cpe:/h:muratec:if-300/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: Muratec Server Ver\.([\w._-]+)\r\nWWW-Authenticate: Basic Realm=\"Pages for SERVICE PERSON\"\r\nContent-Type: text/html\r\nContent-Length: 51\r\n\r\n<html><body><h1>401 Unauthorized</h1></body></html>$|s p/Muratec F-320 printer http config/ v/$1/ d/printer/ cpe:/h:muratec:f-320/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: RedTitan-eNterpriseQueue/([\w._-]+)\r\n.*<TITLE>Enterprise Portal</TITLE>\r\n|s p/RedTitan-eNterpriseQueue/ v/$1/ i/RedTitan Print2PC parallel-to-USB bridge/ d/bridge/ cpe:/h:redtitan:print2pc/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: UPnP/1\.0\r\n.*<title>HDHomeRun</title>\r\n.*<div class=\"S\">Model: ([\w._-]+)<br/>Device ID: ([\w._-]+)<br/>Firmware: ([\w._-]+)</div>|s p/SiliconDust HDHomeRun $1 DVR http config/ v/$3/ i/device ID: $2/ d/media device/ cpe:/h:silicondust:hdhomerun/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?S[eE][rR][vV][eE][rR]: HDHomeRun/1\.0\r\n.*<div class=\"S\">Model: ([\w._-]+)\n?<br/>Device ID: ([\w._-]+)\n?<br/>Firmware: ([\w._-]+)\n?</div>|s p/SiliconDust HDHomeRun $1 DVR http config/ v/$3/ i/device ID: $2/ d/media device/ cpe:/h:silicondust:hdhomerun/
# http://www.ibm.com/developerworks/systems/library/es-nweb/index.html
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n<HTML>\r\n<TITLE>nweb\r\n</TITLE>| p/IBM nweb/ cpe:/a:ibm:nweb/
match http m|^HTTP/1\.0 504 Gateway Timeout\r\nPragma: no-cache\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><body>Connection to server <b></b> failed \(Connection actively refused by the server\.\)<P></body></html> {600}| p/Kerio WinRoute http proxy/ o/Windows/ cpe:/a:kerio:winroute/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .*\r\nX-Cascade: pass\r\nContent-Type: text/html\r\nContent-Length: 409\r\n\r\n<!DOCTYPE html>\n<html>\n<head>\n  <style type=\"text/css\">\n  body { text-align:center;font-family:helvetica,arial;font-size:22px;\n    color:#888;margin:20px}\n  #c {margin:0 auto;width:500px;text-align:left}\n  </style>\n</head>\n<body>\n  <h2>Sinatra doesn't know this ditty\.</h2>\n  <img src='/__sinatra__/404\.png'>\n  <div id=\"c\">\n    Try this:\n    <pre>get '/' do\n  \"Hello World\"\nend</pre>\n  </div>\n</body>\n</html>\n$| p/Sinatra web framework built-in httpd/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\n(?:[^\r\n]+\r\n)*?Server: webcam 7\r\n\r\n|s p/webcam 7 httpd/ o/Windows/ cpe:/o:microsoft:windows/
match http m|^HTTP/1\.1 301 Movprm\r\nLocation: https://[\d.]+/\r\nContent-Length: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n$| p/Konica Minolta bizhub 423 printer http config/ d/printer/ cpe:/h:konicaminolta:bizhub_423/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nServer: Catwalk\r\nDate: .*\r\nLocation: https://null:8443/\r\nContent-Length: 0\r\nConnection: close\r\n\r\n$| p/Catwalk/ i/Canon imageRUNNER C5000-series printer http config/ d/printer/ cpe:/h:canon:imagerunner_c5000/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nExpires: .*\r\nCache-control: private\r\nContent-type: text/html\r\n\r\n<html><body><table width=\"100%\" border=\"0\" cellspacing=\"10\" cellpadding=\"5\">  <tr>    <td colspan=\"2\"  bgcolor=\"#00304B\"><h1><FONT COLOR=\"white\">Enistic Smart Energy Controller</FONT></h1>| p/Enistic Smart Energy Controller httpd/ d/power-misc/
match http m|^HTTP/1\.1 401 Unauthorized\nWWW-Authenticate: Basic realm='unRAID SMU'\n$| p/Lime Technology unRAID Server httpd/ v/4.X/ d/storage-misc/ cpe:/o:lime_technology:unraid_server:4/
# http://code.google.com/p/unraid-unmenu/
match http m|^HTTP/1\.1 200 OK\r\nConnection: Close\r\nPragma: no-cache\r\nCache-Control: private, max-age=0\r\nDate: .*\r\nExpires: -1\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nRefresh: 60; URL=\r\n\r\n[0-9a-f]+\r\n<HTML><title>([\w._-]+) unRAID Server</title>| p/Lime Technology unRAID Server Unmenu http config/ d/storage-misc/ h/$1/ cpe:/o:lime_technology:unraid_server:4/
match http m|^\0\0\0\0\x81HTTP/1\.0 403 Forbidden\r\nServer: ServletExecAS/([\w._-]+)\r\nContent-type: text/html\r\n\r\nRequests from [\d.]+ are not allowed\.$| p/New Atlanta ServletExec/ v/$1/ cpe:/a:newatlanta:servletexec:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"\"\r\n\r\n$| p/Z-World Rabbit microcontroller httpd/ i/Redline AN-50 wireless bridge http config/ cpe:/h:redline:an-50/
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nConnection: Close\r\n\r\n<HTML>\n<HEAD>\n<TITLE>ZyXEL (ZyAIR [\w._-]+)</TITLE>| p/ZyXEL $1 WAP http config/ d/WAP/ cpe:/h:zyxel:$1/
match http m|^HTTP/1\.1 200\r\nContent-type: text/html\r\nConnection: close\r\nCONTENT-LENGTH: 81\r\n\r\n<head>\r\n<meta http-equiv=\"refresh\" content=\"0; URL=get\.cgi&index\.cgi\">\r\n</head>\r\n$| p/SolarLog 400e power monitor httpd/ d/power-misc/ cpe:/h:solarlog:400e/
match http m|^HTTP/1\.1 200 OK\r\naccept-ranges: none\r\ncache-control: no-cache\r\ncontent-type: text/html; charset=utf-8\r\ndate: .*\r\nexpires: 0\r\nserver: Ocsigen\r\n\r\n| p/Ocsigen/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nSet-Cookie: Netio\w+=\w+; path=/\r\n\r\n<html>\n<head>\n<title>(NETIO-\w+) WebControl</title>\n| p/Koukaam $1 power controller http config/ d/power-device/ cpe:/h:koukaam:$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Omniture DC/([\w._-]+)\r\nxserver: ([\w._-]+)\r\n| p/Omniture DC/ v/$1/ h/$2/
# ABS Megacam
# Ubiquity AirCam.v1.1.1 / Airvision v1.1.1
match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 47\r\n\r\n<html><body><p>File not found</p></body></html>$| p/GM Streaming Server httpd/ d/webcam/
match http m|^<html>\n   <head>\n      <meta HTTP-EQUIV='Pragma' CONTENT='no-cache'>\n      <script language=\"javascript\">\n</script>\n   </head>\n   <body>\n   \t<center> \n<table align=center style=\"margin:25px;width:480px\" cellspacing=0 cellpadding=0 border=0> \n \n    <tr> \n        <td align=center><span style=\"font-size:1\.2em\"> VoIP Router</span> \n| p/Inteno X5669B broadband router/ d/broadband router/ cpe:/h:inteno:x5669b/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nX-Powered-By: PHP/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Server: WMI Http Server\r\n.*<title>Xtreamer Media Server</title>\n|s p/WMI HTTP Server/ i/Xtreamer Pro media server; PHP $1/ d/media device/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.1 400 OK\r\n(?:[^\r\n]+\r\n)*?Server: Ability Server ([\w._-]+) by Code-Crafters\r\n|s p/Code Crafters Ability httpd/ v/$1/ cpe:/a:code-crafters:ability_server:$1/
match http m|^HTTP/1\.0 200 Ok\r\nServer: NET-DK/([\w._-]+)\r\n.*<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\">\n<!-- saved from url=\(0033\)http://[\d.]+/startup\.html -->\n<HTML>\n<HEAD>\n<META content=\"text/html; charset=windows-1252\" http-equiv=Content-Type>\n<META content=\"Microsoft FrontPage 4\.0\" name=GENERATOR>|s p/NET-DK/ v/$1/ i/Motorola SB5101 or SB6120 cable modem http config/ d/broadband router/ cpe:/h:motorola:sb5101/ cpe:/h:motorola:sb6120/
match http m|^HTTP/1\.0 401 Unauthorized\n.*Server: SAINT/([\w._-]+)\n.*<HTML>\n<HEAD>\n<TITLE>Bad client authentication code</TITLE>\n<LINK REV=\"made\" HREF=\"mailto:saint@saintcorporation\.com\">\n</HEAD>\n<BODY>\n<H1>Bad client authentication code</H1>\nThe command: <TT>GET / HTTP/1\.0\r\n</TT> was not properly authenticated\.\n</BODY>\n</HTML>\n$|s p/SAINTexploit http interface/ v/$1/
match http m|^HTTP/1\.0 200 OK\n.*Server: SAINT/([\w._-]+)\n.*<title>SAINT Login</title>|s p/SAINTexploit http interface/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nCache-Control: no-cache\r\n\r\n<BODY><CENTER><H2><BR><BR>LevelOne (GSW-\w+)| p/LevelOne $1 switch http config/ d/switch/ cpe:/h:levelone:$1/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html><body bgcolor='#FFFFFF' link='#FFFFFF' vlink='#FFFFFF' alink='#FFFFFF' text='#003031'>\n<table BORDER='1' WIDTH='100%' HEIGHT='100%' CELLSPACING='0' CELLPADDING='0' bordercolor='#003031'>\n<tr><td ALIGN=CENTER>| p/Cisco 7912G IP Phone/ d/VoIP phone/ cpe:/h:cisco:7912g/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"[\d.]+\",  qop=\"auth\", nonce=\"[0-9a-f]+\"\r\n.*<title>BMC HTTP Server</title>\r\n|s p/BMC HTTP Server/ i/HP Integrated Lights-Out remote management/ d/remote management/ cpe:/h:hp:integrated_lights-out/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\nLast-Modified: .*\r\nContent-length: \d+\r\n.*<TITLE>RGB VIA Platform Home Page</TITLE>\r\n|s p/BusyBox httpd/ i/RGB Modular Media Converter http config/ d/media device/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"Web UI Access\", nonce=\"[0-9a-f]{32}\", opaque=\"[0-9a-f]{32}\", stale=\"false\", algorithm=\"MD5\", qop=\"auth\"\r\n\r\n$| p/qBittorrent Web UI/ cpe:/a:qbittorrent:qbittorrent/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\">\r\n<HTML>\r\n<HEAD>\r\n<TITLE></TITLE>\r\n<META content=\"text/html; charset=utf-8\" http-equiv=Content-Type><STYLE type=text/css>BODY {BACKGROUND-COLOR: #3300cc; BACKGROUND-REPEAT: repeat}</STYLE>\r\n<META name=generator content=\"Trellian WebPage\"></HEAD><BODY><FONT color=#ffff00 size=7><P align=center>SDR-IP</P><P align=center>by</P><P align=center>RFSPACE</P></FONT>\r\n</BODY>\r\n</HTML>\r\n$| p/RF-Space SDR-IP software radio http config/ d/specialized/ cpe:/h:rf-space:sdr-ip/
match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nConnection: close\r\nContent-type: text/html\r\nServer: Flumotion/([\w._-]+)\r\n| p/Fluendo Flumotion httpd/ v/$1/
match http m|^HTTP/1\.0 200 ;OK\r\nServer: \?\?\?\?\?\?\?\?\?\?\?\?\?\?\r\nContent-Type: text/html\r\nConnection: Close\r\n\r\n<html>\n<head>\n<link rel=\"SHORTCUT ICON\" href=\"favicon\.ico\">\n<title>EATON</title>\n| p/Eaton Powerware Environmental Rack Monitor httpd/ d/power-misc/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Frameset//EN\" \r\n\"http://www\.w3\.org/TR/html4/frameset\.dtd\">\r\n<html>\r\n<head>\r\n<meta http-equiv=\"Pragma\" content=\"no-cache\">\r\n<meta http-equiv=\"Cache-Control\" content=\"no-cache\">\r\n<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\">\r\n<title>Plasma Monitor web control system</title>\r\n| p/Pioneer PRO-141 monitor http config/ d/media device/ cpe:/h:pioneer:pro-141/
match http m|^HTTP/1\.0 200 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Ubicom/([\w._-]+)\r\n.*<title>Microtek WES : Login</title>\r\n|s p/Ubicom/ v/$1/ i/Microtek ML-WES WAP http config/ d/WAP/ cpe:/h:microtek:ml-wes/
match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nContent-Type:text/html\r\nContent-Length:  *\d+\r\n\r\n\n<html>\n<head>\n<Script language=\"javascript\">\n.*<title>VoIP Login</title>\n|s p/Minitar MVA11A VoIP gateway http config/ d/VoIP adapter/ cpe:/h:minitar:mva11a/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"fr\" lang=\"fr\">\r\n  <head>\r\n    <meta http-equiv=\"content-type\" content=\"text/html; charset=iso-8859-15\" />\r\n    <meta http-equiv=\"content-style-type\" content=\"text/css\" />\r\n    <title>Mon syst\xe8me d'alarme Somfy\r\n    </title>\r\n|s p/Somfy alarm system http config/ d/security-misc/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: printer/index\.html\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 149\r\n\r\n<BODY><H1>Error 301 Moved Permanently<hr><p>Please use this link instead:</p><p><a href='printer/index\.html'>printer/index\.html</a></p></H1></BODY>\r\n$| p/Zebra ZTC 105SL label printer http config/ d/printer/ cpe:/h:zebra:ztc_105sl/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Hydra/([\w._-]+)\r\n.*<title>KOZUMI \[Air Force One 5\]</title>\n|s p/Hydra httpd/ v/$1/ i/Kozumi Air Force One 5 WAP http config/ d/WAP/ cpe:/a:nikos_mavroyanopoulos:hydra:$1/ cpe:/h:kozumi:air_force_one_5/
# "speedport.ip" might be an interpolation by the submitter.
match http m|^HTTP/1\.1 302 \r\nContent-Type: text/html\r\nConnection: Close\r\nLOCATION: https://speedport\.ip/\r\nContent-Length: 155\r\n\r\n<head><title>302 Document moved</title></head><body><h1>302 Document moved</h1>This document has moved <a href=\"https://speedport\.ip//\">here</a>\.<p></body>$| p/T-Com Speedport W 723V WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nCACHE-CONTROL: no-cache\r\n.*<META name=\"author\" content=\"J\.Huber, R\.Kunz\">\r\n\r\n<TITLE>Speedport (W \w+) Konfigurationsprogramm</TITLE>\r\n|s p/T-Com Speedport $1 WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: ISS (\w+) Series/([\w._-]+)\r\n|s p/Extron ISS $1 video switch http config/ v/$2/ cpe:/h:extron:iss_$1/
match http m|^HTTP/1\.1 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: Xavante ([\w._-]+)\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<HTML><HEAD>\n<TITLE>404 Not Found</TITLE>\n</HEAD><BODY>\n<H1>Not Found</H1>\nThe requested URL http://http:/README was not found on this server\.<P>\n</BODY></HTML>$|s p/Xavante/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: JSESSIONID=[0-9A-F]{32}; Path=/\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: 96\r\nDate: .*\r\nConnection: close\r\nServer: Oce Express WebTools\r\n\r\n\n\n\n\n<html>\n\t<head>\n\t\t\n\t\t<meta http-equiv=\"REFRESH\" content=\"0; URL=/home\.jsp\">\n\t</head>\n</html>\n$| p/Oce Colorwave 300 printer http config/ d/printer/ cpe:/h:oce:colorwave_300/
match http m|^HTTP/1\.1 400 Bad Request\nContent-Type: text/xml\n\n<\?xml version=\"1\.0\" encoding=\"UTF-8\" \?>\n<syabasCommandServerXml>\n\t<returnValue>1</returnValue>\n\t<response>\n\t</response>\n</syabasCommandServerXml>\n$| p/Syabas Popcorn Hour media player XML command server httpd/ d/media device/ cpe:/h:syabas:popcorn_hour/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Web Server\"\r\nContent-type: text/html\r\n\r\n<html>\r\n<body><h1>401 Unauthorized</h1></body></html>\r\n$| p/Aethra V3000 VoIP adapter http config/ d/VoIP adapter/ cpe:/h:aethra:v3000/a
# There is a parallel array naming the fields: var Ds= new Array\(\"PLC Type\",\"OS version\",\"Boot version\",\"Factory Boot\",\"BinLib Version\",\"Running Mode\",\"PLC Date\",\"PLC Time\"\);
match http m|^HTTP/1\.0  200 OK\r\n.*<TITLE>Unitronics PLC</TITLE>.*<Script>\r\nvar V =new Array\(\"(V\w+) \((\w+)\) \",\"([\w._-]+)\",\"([\w._-]+)\",\"([\w._-]+)\",\"[01]+\",\"Running\",\"(\d\d/\d\d/\d\d)\",\"(\d\d:\d\d:\d\d)\"\);|s p/Unitronics $1 ($2) PLC http config/ v/$3 $6 $7/ i/boot version: $4; factory boot: $5/ cpe:/h:unitronics:$1:$3/
match http m|^HTTP/1\.0 404 Not Found\r\n\r\nNot Found$| p/Omron PLC http config/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w._-]+):(\d+)/\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 56\r\n\r\n<HTML><BODY><H1>301 Moved Permanently</H1></BODY></HTML>$| p/VMware vCenter Converter httpd/ i|redirect to tcp/$2| h/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: \d+\r\n\r\n\n\n\n\n\n\n\n\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n.*<title>F-Secure Policy Manager Server</title>|s p/Jetty/ i/F-Secure Policy Manager Server/ cpe:/a:mortbay:jetty/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nContent-Language: en-US\r\nContent-Type: text/html;charset=ISO-8859-1\r\n.*<title>F-Secure Policy Manager Server</title>|s p/F-Secure Policy Manager Server/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\n.*/\* f\*cking IE doesn't support web standard \*/\n|s p/Encore ENTC-1000 thin client http config/ d/terminal/ cpe:/h:encore:entc-1000/
match http m|^HTTP/1\.1 403 Forbidden\r\nConnection: close\r\nContent-Type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n39\r\nRejected request from RFC1918 IP to public server address\r\n0\r\n\r\n$| p/OpenWrt uHTTPd/ d/WAP/ o/Linux/ cpe:/a:openwrt:uhttpd/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"FC330A\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n| p/Airvana cellular network access point http config/ d/WAP/
match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nContent-Length: 0\r\n\r\n$| p/Apple AirPlay httpd/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nServer: eCos Embedded Web Server\r\nConnection: keep-alive\r\nContent-Type: text/html\r\n\r\n\xef\xbb\xbf<html>\n<head>\n<title>Danfoss Solar Inverters</title>\n<meta http-equiv=\"refresh\" content=\"0;url=/cgi-bin/login_page\.tcl\">\n</head>\n<body>\n</body>\n</html>\n$| p/eCos Embedded Web Server/ i/IBC SOLAR inverter http config/ d/power-misc/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 149\r\nDate: [^\r\n]+\r\nServer: eCos Embedded Web Server\r\nConnection: keep-alive\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?\r\n\xef\xbb\xbf<html>\r\n<head>\r\n<meta http-equiv="refresh" content="0; url=first\.asp">\r\n<title>D-LINK SYSTEMS, INC\. \x7c WIRELESS ROUTER </title>\r\n</head>\r\n</html>\r\n|s p/eCos Embedded Web Server/ i/D-Link WAP/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nServer: Aperio ImageServer v([\w._: -]+)\r\nSpectrumPlus: 0\r\nContent-Length: \d+\r\nContent-Type: text/plain\r\n\r\n| p/Aperio ImageServer httpd/ v/$1/
match http m|^HTTP/1\.0 500 Internal Server Error\r\nMime-Version: 1\.0\r\nDate: [^\r\n]* (\w+)\r\n(?:[^\r\n]+\r\n)*?Via: 1\.0 ([\w._-]+):\d+ \(IronPort-WSA/([\w._-]+)\)|s p/Cisco IronPort Web Security Appliance http config/ v/$3/ i/time zone: $1/ d/firewall/ h/$2/
match http m|^HTTP/1\.0 504 Gateway Timeout\r\nMime-Version: 1\.0\r\nDate: .*? ([A-Z]+)\r\nContent-Type: text/html\r\nConnection: close\r\n| p/IronPort WSA firewall http admin/ i/timezone: $1/ d/firewall/
match http m|^HTTP/1\.0 403 Forbidden\r\nMime-Version: 1\.0\r\nDate: .* ([A-Z]+)\r\nContent-Type: text/html\r\nConnection: close\r\n| p/IronPort WSA firewall http admin/ i/timezone: $1/ d/firewall/
match http m|^HTTP/1\.1 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: Bomgar\r\n|s p/Bomgar Remote Access Portal/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: SQLAnywhere/([\d.]+)\r\n| p/Sybase SQLAnywhere httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Etag: ([\w._ -]+)\r\n.*\xef\xbb\xbf<!DOCTYPE html .*<title>AirDroid</title>|s p/AirDroid httpd/ v/$1/ d/phone/ o/Android/ cpe:/a:airdroid:airdroid:$1/ cpe:/o:google:android/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Etag: ([\w._ -]+)\r\n(?:[^\r\n]+\r\n)*?Server: AirDroid-g\r\n|s p/AirDroid httpd/ v/$1/ d/phone/ o/Android/ cpe:/a:airdroid:airdroid:$1/ cpe:/o:google:android/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: AirDroid ([\w._-]+)\r\n|s p/AirDroid httpd/ v/$1/ d/phone/ o/Android/ cpe:/a:airdroid:airdroid:$1/ cpe:/o:google:android/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.[01] 200 OK\r\nContent-Type: text/html\r\nX-Ajenti-Auth: start\r\nX-Ajenti-Challenge: | p/Ajenti admin httpd/ v/0.6.1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: DebTorrent/([\w._-]+)\r\n|s p/DebTorrent httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: application/xml; charset=UTF-8\r\nContent-Length: 154\r\nDate: .* GMT\r\nConnection: close\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<ListAllMyBucketsResult xmlns=\"http://doc\.s3\.amazonaws\.com/2006-03-01\"><Buckets></Buckets></ListAllMyBucketsResult>$| p/Amazon S3 httpd/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nx-amz-error-code: WebsiteRedirect\r\nx-amz-error-message: Request does not contain a bucket name\.\r\n| p/Amazon S3 httpd/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\n\r\n$| p/ADB P.DG A4001N WAP, Cisco Telepresence MCU 4505, Digifort Enterprise 6.5, or Telekom Speedport W723V httpd/
# Also  with USB-Printer
# Digifort port 80.
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"Servidor HTTP Digifort\"\r\n|s p/Digifort Enterprise 6.5 httpd/ o/Windows/ cpe:/a:digifort:digifort:6.5.0_final/ cpe:/o:microsoft:windows/a
# Cisco IP Phone 7941 also?
match http m|^HTTP/1\.1 403 Forbidden\.\r\nContent-Type: application/json.*\r\nDate: .* GMT\r\nContent-Length: 90\r\n\r\n{\"status\": {\n  \"code\": 403,\n  \"commandResult\": 1,\n  \"msg\": \"Forbidden\.\",\n  \"query\": \"/\"\n}}| p/DirecTV satellite receiver http interface/ d/media device/
match http m|^HTTP/1\.0 401 OK\r\nServer: EchoLink/([\w._-]+)\r\n| p/EchoLink radio-over-VoIP http config/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nX-Powered-By: Express\r\nServer: Etherpad-Lite  \(http://j\.mp/ep-lite\)\r\n| p/Etherpad lite/
match http m=^HTTP/1\.1 200 OK\r\nX-Powered-By: Express\r\nServer: Etherpad-Lite ([0-9a-f]+) \((?:http://j\.mp/ep-lite|http://etherpad\.org)\)\r\n= p/Etherpad lite/ v/$1/
match http m|^HTTP/1\.1 500 Server Error\r\nContent-Length: 0\r\nServer: HBHTTP POGOBASIC - ([\w._-]+) - Linux\r\n| p/Pogoplug HBHTTP/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nServer: HBHTTP POGOBASIC - ([\w._-]+) - Linux\r\n| p/Pogoplug HBHTTP/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/
# VMware vSphere (VMware workstation 8.0.2 build-591240)
match http m|^HTTP/1\.1 403 Forbidden\r\nDate: .* GMT\r\nConnection: close\r\nContent-Type: text; charset=plain\r\nContent-Length: 0\r\n\r\n$| p/VMware VirtualCenter Web service/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nExpires: 0\r\nDate: .* GMT\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\">\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n<link href=\"/manimg/[^/]+/main\.css| p/ISPManager billing system httpd/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nExpires: 0\r\nSet-Cookie: ispmgrses5=; path=/; HttpOnly(?:; expires=.*)?\r\nSet-Cookie: ispmgrlang5=[^:]*:(..); path=/; expires=.* ([A-Z0-9+-]+)\r\n| p/ISPManager billing system httpd/ v/5/ i/lang: $1; time zone: $2/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"realm\"\r\nContent-Length: 0\r\n\r\n$| p/PoolServerJ http config/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nServer: Synaccess \r\nConnection: close\r\nContent-Type: text/html\r\n\r\n\r\n<html>\r\n<head>\r\n  <title>Remote Power Management System By Synaccess</title>\r\n| p/Synaccess NP-16 or NP-1601D power management system httpd/ d/power-misc/
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .* GMT\r\nServer: Unknown\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<HTML><HEAD>\n<TITLE>404 Not Found</TITLE>\n</HEAD><BODY>\n<H1>Not Found</H1>\nThe requested URL / was not found on this server\.<P>\n</BODY></HTML>\n$| p/Allot NetEnforcer AC-5000 load balancer/ d/load balancer/ cpe:/h:allot:netenforcer_ac-5000/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: mlws ([\w._-]+)\r\n|s p/Mark Lee's Web Server/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<\?xml version=\"1\.0\" encoding=\"utf-8\"\?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\"\n \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" lang=\"en\"> \n<head> \n <title>BeagleBoard 101</title>| p/BeagleBoard httpd/
match http m|^HTTP/1\.1 404 Not Found\r\nDate: Sat, 30 Dec 0000 00:29:28 GMT\r\nServer: RT-Platform/([\w._-]+) UPnP/([\w._ -]+)\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-cache, must revalidate\r\nContent-Length: 0\r\n\r\n$| p/Advent AW10P printer http config/ i/RT-Platform $1; UPnP $2/ d/printer/ cpe:/h:advent:aw10p/
match http m|^HTTP/1\.1 200 OK\n.*Server: acarsd/([\w._-]+)\n|s p/acarsd httpd/ v/$1/ cpe:/a:acarsd:acarsd:$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html \r\n.*<title>Motorola (PTP \w+)  - Home \(IP=[\d.]+\)</title>\n|s p/Motorola $1 WAP http config/ d/WAP/ cpe:/h:motorola:$1/
match http m|^HTTP/1\.1 404 File not found\r\nContent-Type: text/html\r\nConnection: close\r\nServer: Rex\r\nContent-Length: 141\r\n\r\n<html><head><title>404 Not Found</title></head><body><h1>Not found</h1>The requested URL / was not found on this server\.<p><hr></body></html>$| p/Metasploit Rex httpd/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Ubicom/([\w._-]+)\r\n.*<title>InFocus NGProjector</title>\r\n|s p/Ubicom httpd/ v/$1/ i/InFocus IN2116 projector/ d/media device/ cpe:/a:ubicom:httpd:$1/ cpe:/h:infocus:in2116/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\" >\r\n<html >\r\n  <head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n<meta name=\"description\" content=\"Cisco (WAP\w+)\">\r\n| p/Cisco $1 WAP http admin/ d/WAP/ cpe:/h:cisco:$1/
match http m|^HTTP/1\.0 200 OK\r\nExpires: Mon, 1 Jan 2001 12:00:01 GMT\r\n(?:[^\r\n]+\r\n)*?Server: Ubicom/([\w._-]+)\r\n.*<title>\s*CradlePoint (MBR\w+) Gateway|s p/Ubicom httpd/ v/$1/ i/CradlePoint $2 broadband router/ d/broadband router/ cpe:/a:ubicom:httpd:$1/ cpe:/h:cradlepoint:$2/
match http m|^<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\r\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=gb2312\" />\r\n<title></title>\r\n<script>\r\n\tfunction index\(\){\r\n\t\tif\(navigator\.userAgent\.indexOf\(\"Safari\"\)>0\)| p/Swann DVR8-2600 security camera system httpd/ d/webcam/ cpe:/h:swann:dvr8-2600/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html;charset=UTF-8\r\npragma: no-cache\r\nCache-Control: no-store, no-cache, max-age=0\r\nexpires: Thu,01 Jan 1970 00:00:00 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: \d+\r\nConnection: close\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\r\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\" />\r\n| p/Canon i-SENSYS MF8040Cn printer http admin/ d/printer/ cpe:/h:canon:i-sensys_mf8040cn/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nExpires: Mon, 01 Jan 1990 01:00:00 GMT\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n</head>\n<body onload=\"top\.location='/cab/top\.shtml'\">\n</body>\n</html>\n$| p/Canon i-SENSYS LBP5050 printer http admin/ d/printer/ cpe:/h:canon:i-sensys_lbp5050/
# uname -a: Linux localhost 2.4.17_mvl21-malta-mips_fp_le #1 ІЧ 12тб 1 12:50:59 CST 2009 mips GNU/Linux
match http m|^HTTP/1\.0 200 OK\r\nServer: Mini web server ([\w._-]+) ZTE corp 2005\.\r\n| p/Mini web server/ v/$1/ i/ZTE ZXV10 W300 ADSL router http config/ d/broadband router/ o/Linux 2.4.17/ cpe:/h:zte:zxv10_w300/ cpe:/o:montavista:linux_kernel:2.4.17/
match http m|^HTTP/1\.1 400 Bad Request \r\nConnection: close\r\nContent-Length: 15\r\nContent-Type: text/plain\r\nDate: .* GMT\r\nDav: 1, 2\r\nMs-Author-Via: DAV\r\nServer: Nanoki/([\w._-]+)\r\nVary: accept-encoding\r\n\r\n400 Bad Request$| p/Nanoki/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nConnection: keep-alive\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><head><title>PlayBook WebInspector</title>| p/BlackBerry PlayBook Web Inspector httpd/ cpe:/h:rim:blackberry_playbook_tablet/ cpe:/o:rim:blackberry_playbook_os:2.0/
match http m|^HTTP/1\.1 200 OK\r\nServer: XES WindWeb/([\w._-]+)\r\nConnection: close\r\n| p/WindWeb/ v/$1/ i/Xerox FreeFlow Accxes Web Print Management Tool/ d/printer/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 200 OK\r\nLast-modified: .* GMT\r\nExpires: .* GMT\r\nCache-Control: no-cache, no-store, must-revalidate\r\nCache-Control: post-check=0, pre-check=0\r\nPragma: no-cache\r\nServer: ESERV-10/([\w._-]+)\n| p/ESERV-10/ v/$1/ i/ProfiLux 3 eX aquarium computer/
match http m|^HTTP/1\.0 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Server: KwartzCtl/([\w._-]+)\r\nWWW-authenticate: Basic realm=\"KWARTZ~Control\"\r\nConnection: close\r\nContent-type: text/html\r\n|s p/KwartzCtl/ v/$1/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: Webduino/([\w._-]+)\r\nContent-Type: text/html\r\n\r\n<h1>EPIC FAIL</h1>$| p/Webduino/ v/$1/ i/SainSmart Ethernet shield for Arduino httpd/
match http m|^HTTP/1\.1 404  not found here\. Contact Phluant Mobile \r\nContent-Length: 13\r\n\r\nerror xxxxxxx$| p/Phluant Mobile Duphus httpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: httpd\r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm=\"(\w+)\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H4>401 Unauthorized</H4>\nAuthorization required\.\n</BODY></HTML>\n$| p/Linksys $1 WAP http config/ d/WAP/ cpe:/h:linksys:$1/
match http m|^HTTP/1\.0 303 Use Instead\r\nLocation: /index\.html\r\nContent-Type: text/html\r\n\r\n$| p/MikroTik RouterBoard 250GS httpd/ d/router/ cpe:/h:mikrotik:routerboard_250gs/
match http m|^HTTP/1\.1 200 Ok\r\nDate: .* GMT\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Frameset//EN\" \"http://www\.w3\.org/TR/html4/frameset\.dtd\">\r\n<html>\r\n\t<head>\r\n\t\t<TITLE>Web Application Manager</TITLE>\r\n| p/D-Link DIR-300 WAP http admin/ d/WAP/ cpe:/h:dlink:dir-300/
match http m|^HTTP/1\.1 200 Ok\r\nServer: httpd\r\nDate: .* GMT\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n<head>\n<title>Login Page</title>\n<!--\[if lt IE 7\.\]>\n| p/Cisco SPA112 VoIP adapter http config/ d/VoIP adapter/ cpe:/h:cisco:spa112/a
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nServer: PanWeb Server/ - \r\n(?:[^\r\n]+\r\n)*?Expires: Mon, 26 Jul 1997 05:00:00 GMT\r\n|s p/Palo Alto PanWeb httpd/ d/firewall/ cpe:/a:paloaltonetworks:panweb/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .* GMT\r\nServer: PanWeb Server/ - \r\n(?:[^\r\n]+\r\n)*?Expires: Thu, 19 Nov 1981 08:52:00 GMT\r\n|s p/Palo Alto PanWeb httpd/ d/firewall/ cpe:/a:paloaltonetworks:panweb/
# Sony Bravia
# Sony KDL-46hx720 TV (european model).
# Sony Bravia kdl-46ex725
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 72\r\nDate: .* GMT\r\n\r\n<html><head><title>not found</title></head><body>not found</body></html>$| p/Sony Bravia TV/ d/media device/
match http m|^HTTP/1\.0 200 \(OK\) \r\nPragma: No-Cache\r\nCache-Control: no-cache\r\nDate: [A-Z]{3} [A-Z]{3} \d+ \d+:\d+:\d+ \d\d\d\d\r\nServer: HTTP Server\r\n.*<title>Nortel VPN Router</title>|s p/WindWeb/ v/1.0/ i/Nortel VPN router http admin/ d/router/ cpe:/a:windriver:windweb:1.0/
match http m|^HTTP/1\.0 403 Forbidden\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: 353\r\n\r\n<HTML><HEAD>\n<TITLE>ERROR: Access Denied</TITLE>\n</HEAD><BODY>\n<H1>ERROR</H1>\n<H2>Access Denied</H2>\n<HR>\n<UL>\n<LI>\n<STRONG>\nAccess Denied by security policy\n</STRONG>\n</UL>\n<P>\nThe security policy for your network prevents your request from\nbeing allowed at this time\.  Please contact your administrator if\nyou feel this is incorrect\.\n</BODY>\n</HTML>\n\n$| p/Secure Computing Sidewinder firewall http admin/ d/firewall/ cpe:/h:securecomputing:sidewinder/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nServer: SpryWare/([\w._-]+)\r\nDate: .* GMT\r\nX-Deprecated-Response: Invalid CheckSum Received\r\n| p/SpryWare MIS quote server/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nX-Powered-By: PHP/([\w._-]+)\r\nContent-type: text/html\r\n\r\n<html>\n<head>\n<meta http-equiv=\"REFRESH\" content=\"0;url=/nyan/index\.html\">\n</head>\n<body>\n</body>\n</html>\n\n\n$| p/Wifi Pineapple Jasager httpd/ i/PHP $1/ cpe:/a:php:php:$1/
# http://www.nazgul.ch/dev_nostromo.html
match http m|^HTTP/1\.1 200 OK\r\nDate: .* GMT\r\nServer: nostromo ([\w._-]+)\r\n| p/nostromo/ v/$1/
match http m|^HTTP/1\.1 302 Found\r\nConnection: close\r\nContent-type: text/html\r\nLocation: /index\.html\r\nContent-length: 144\r\n\r\n<HEAD><TITLE>302 Found</TITLE></HEAD>\r\n<BODY><H1>302 Found</H1>\r\n<P>Click <A HREF=\"/index\.html\">here</A> if you are not redirected\.</P></BODY>\r\n$| p/Macraigor mpDemon JTAG debugger/ d/specialized/
# Original date was Tue, 18 Aug 2048 22:13:10 PST.
match http m|^HTTP/1\.1 -1 Bad Request\r\nDate: \w+, \d+ \w+ 204\d \d+:\d+:\d+ PST\r\nServer: TargetWeb/([\w._-]+) \(TargetOS\)\r\nConnection: close\r\n| p/Blunk Microsystems TargetWeb/ v/$1/ i/Lenel LNL-2220 firewall/ d/firewall/ cpe:/a:blunk:targetweb:$1/ cpe:/h:lenel:lnl-2220/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nContent-Length:0\r\nLocation: /SSI/index\.htm\r\nServer: Mrvl-R1_0\r\nCache-Control: no-cache\r\n| p/HP LaserJet CP1205nw or P1606 http config/ d/printer/ cpe:/h:hp:laserjet_cp1205nw/ cpe:/h:hp:laserjet_p1606/
match http m%^HTTP/1\.1 200 OK\r\nContent-Length: +\d+\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nContent-Type: text/html; charset=utf-8\r\nServer: Mrvl-R2_0\r\nCache-Control: no-cache\r\nConnection: keep-alive\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\n\r\n<\?xml version="1\.0" encoding="UTF-8"\?>\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01//EN" "http://www\.w3\.org/TR/html4/strict\.dtd">\n<html>\n<head>\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8">\n<title>HP LaserJet Pro MFP ([^&]+)&nbsp;&nbsp;&nbsp;((?:192\.168|172\.(?:1[6-9]|2\d|3[01])|10\.\d{1,3})\.\d{1,3}\.\d{1,3})</title>% p/HP LaserJet Pro MFP config httpd/ i/model: $1; private IP: $2/ d/printer/ cpe:/h:hp:laserjet_$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: +\d+\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nContent-Type: text/html; charset=utf-8\r\nServer: Mrvl-R2_0\r\nCache-Control: no-cache\r\nConnection: keep-alive\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\n\r\n<\?xml version="1\.0" encoding="UTF-8"\?>\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01//EN" "http://www\.w3\.org/TR/html4/strict\.dtd">\n<html>\n<head>\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8">\n<title>HP LaserJet Pro MFP ([^&]+)&nbsp;| p/HP LaserJet Pro MFP config httpd/ i/model: $1/ d/printer/ cpe:/h:hp:laserjet_$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: TAC/Xenta(\w+) ([\w._-]+)\r\n| p/TAC Xenta $1 programmable logic controller httpd/ v/$2/ cpe:/h:tac:xenta_$1/
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nConnection: Close\r\n\r\n<html>\r\n<head>\r\n\r\n<script type=\"text/javascript\" src=\"LocalizeString30\.js\"></script>\r\n\r\n<script type=\"text/javascript\">\r\n| p/Monoprice MS NU62P11 or Sedna print server http config/ d/print server/ cpe:/h:monoprice:ms_nu62p11/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nCache-Control: no-cache\nPragma: no-cache\nContent-Type: text/html\n\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n.*<title>(KX-\w+)</title>|s p/thttpd/ i/Panasonic $1 printer http config/ d/printer/ cpe:/a:acme:thttpd/ cpe:/h:panasonic:$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n.*<title>(PowerGrid [\w._-]+) Web Configuration - Main Page</title>|s p/Comtrend $1 Ethernet adapter http config/ d/bridge/ cpe:/h:comtrend:$1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Expires: \"Mon, 06 Jan 1990 00:00:01 GMT\"\r\n.*<title>(PowerGrid [\w._-]+)  Web Configuration - Authentication</title>|s p/Comtrend $1 Ethernet adapter http config/ d/bridge/ cpe:/h:comtrend:$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Content-Type: text/html\r\nDate: .* GMT\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\"\n     \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\">\n<head>\n\t<title>AWX</title>|s p/XBMC AWX http interface/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: pilot_session_test_cookie=; path=/; secure\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\">\n  <head>\n    <title>Riverbed Technology :: Cascade Shark</title>|s p/Riverbed Cascade Shark security appliance http interface/ d/security-misc/ cpe:/h:riverbed:cascade_shark/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<meta http-equiv=\"content-type\" content=\"text/css;charset=UTF-8\">\n<meta http-equiv=\"Cache-Control\" content=\"no-cache\">\n<meta http-equiv=\"Expires\" content=\"0\">\n<title>prelogin</title>| p/Belkin Encore 3G router http config/ d/WAP/ cpe:/h:belkin:encore_3g/a
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: Alphanetworks,Inc\.\r\nDate: .* GMT\r\nCache-Control: no-cache,no-store\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\n\r\n$| p/Western Digital WD TV Live media player http config/ d/media device/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Zervit (\d[\w._-]+)\r\n| p/Zervit httpd/ v/$1/ cpe:/a:sebastian_fernandez:zervit:$1/
# http://radiothermostat.com/documents/RTCOAWiFIAPIV1_3.pdf
match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nServer: Marvell 8688WM\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n22\r\nHTTP/1\.0 clients are not supported\r\n0\r\n\r\n$| p/3M Filtrete 3M-50 thermostat http config/ d/specialized/
match http m|^HTTP/1\.1 200 OK\r\nCache-control: no-store\r\nContent-type: text/html\r\n.*<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01//EN\" \"http://www\.w3\.org/TR/html4/strict\.dtd\"><html><head><title>(X-[\w._-]+)</title>|s p/Control By Web $1 remote management http interface/ d/remote management/ cpe:/h:controlbyweb:$1/
# http://hackingteam.it/index.php/remote-control-system
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nContent-length: 131\r\n\r\n<!DOCTYPE HTML>\n<html>\n<head>\n    <meta http-equiv=\"refresh\" content=\"0;url=http://www\.google\.com\">\n</head>\n<body>\n\n</body>\n</html>$| p/Hacking Team Remote Control System command and control httpd/
match http m|^HTTP/1\.1 404 NotFound\r\nConnection: close\r\nContent-Type: application/json\r\nContent-length: 16\r\n\r\n\"File not found\"$| p/Hacking Team Remote Control System Adobe Air command and control httpd/
match http m|^HTTP/1\.1 200 OK\r\nPragma: no-cache\r\nExpires: -1\r\nCache-Control: no-cache\r\nContent-Length: 132\r\nDate: .* GMT\r\nConnection: close\r\nServer:  \r\n\r\n<html><head><meta http-equiv='Refresh' content='0;url=https?://([\w._-]+):\d+/director\.jsp'></head><body></body></html>$| p/RSA enVision httpd/ h/$1/ cpe:/a:rsa:envision/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n.*<TITLE>\r\nXerox WorkCentre ([\w._/-]+) -|s p/Xerox WorkCentre $1 printer http config/ d/printer/ cpe:/h:xerox:workcentre_$1/
match http m|^HTTP/1\.1 200 OK\r\nConnection: keep-alive\r\n.*<title>XCP ([\w._-]+)</title>|s p/Xen Cloud Platform httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: HttpSvr/([\w._-]+)\r\nDate: .* GMT\r\nContent-type: text/html\r\n.*<title>Welcome To Commtech Messenger</title>|s p/Commtech Messenger Service httpd/ v/$1/
match http m|^HTTP/1\.1 403 Forbidden\.\r\nContent-Type: application/json; charset=UTF-8\r\nDate: .* GMT\r\nConnection: close\r\nContent-Length: 90\r\n\r\n{\"status\": {\n  \"code\": 403,\n  \"commandResult\": 1,\n  \"msg\": \"Forbidden\.\",\n  \"query\": \"/\"\n}}$| p/DirecTV JSON RPC/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nDate: .* GMT\r\nServer: Linux/2\.x UPnP/([\w._-]+) Avtech/([\w._-]+)\r\nConnection: close\r\n| p/Avtech AVN801 network camera/ v/$2/ i/UPnP $1/ d/webcam/ o/Linux/ cpe:/h:avtech:avn801/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nExpires: Thu, 3 Oct 1968 12:00:00 GMT\r\nConnection: close\r\nPragma: no-cache\r\n.*<title>Super Hub \x7c GUI</title>|s p/Virgin Super Hub media player http config/ d/media device/
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: COLIB_ASYNC_HTTP_SERVER/([\w._-]+)\r\n| p/COLIB_ASYNC_HTTP_SERVER/ v/$1/ i/Cotendo content delivery network/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: https?://([\w._-]+):\d+/sabnzbd\r\nContent-Length: 0\r\nContent-Type: text/plain\r\n| p/SABnzbd newsreader http interface/ h/$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nSet-Cookie: rg_cookie_session_id=[0-9A-F]+; path=/; expires=Fri, 01 Jan 2038 00:00:00 GMT; HttpOnly\r\nCache-Control: no-cache,no-store\r\nPragma: no-cache\r\n.*<!--- Page\(page_login\)=\[Zaloguj si\xc4\x99 \] --->|s p/Vtech ARX168 WAP/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nDate: .* GMT\r\nLast-Modified: .* GMT\r\nETag: .*\r\nAccept-Ranges: bytes\r\n| p/Fortinet FortiGate 50B or FortiWifi 60C or 80C firewall http config/ d/firewall/ o/FortiOS/ cpe:/h:fortinet:fortigate:50b/ cpe:/h:fortinet:fortiwifi:60c/ cpe:/h:fortinet:fortiwifi:80c/
match http m|^HTTP/1\.0 302 Redirection\r\nServer: TCSJH-WebServer\r\nDate: .* GMT\r\nLocation: http://[\w._-]+:\d+/index\.htm\r\n\r\n$| p/TCS John Huxley Gaming Floor Live httpd/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n(?:[^\r\n]+\r\n)*?Date: [^\r\n]* 197\d \d+:\d+:\d+ GMT\r\nExpires: 0\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3c\.org/TR/1999/REC-html401-19991224/loose\.dtd\">\r\n<HTML><HEAD><TITLE>Firepro Wireless</TITLE>|s p/FirePro Router WAP http config/ v/5.4/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Length: \d+\r\nAccess-Control-Allow-Origin:\*\r\nCache-Control:no-cache\r\nContent-Type:application/json; charset=utf-8\r\nPragma:no-cache\r\n\r\n{\"error\": { \"type\": \"4110\", \"message\": \"No user logged in\" }, \"version\": 9, \"client_version\": \"([\w._-]+)\", \"running\": false}$| p/Spotify Web Helper/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nCACHE-CONTROL: no-cache\r\nDate: .* GMT\r\nContent-Type: text/html\r\n.*<META http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n<link rel=\"icon\" type=\"image/icon\" href=\"/favicon\.ico\"/>\n<title>Login</title>|s p/Huawei HG532c ADSL router http config/ d/broadband router/ cpe:/h:huawei:hg532c/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Mon, 28 Nov 2011 10:20:48 GMT\r\n(?:[^\r\n]+\r\n)*?Server: fs\r\n\r\n<!--\n  Licensed to the Apache Software Foundation \(ASF\) under one or more\n  contributor license agreements\.|s p/Apache Tomcat/ v/6.0.35/ cpe:/a:apache:tomcat:6.0.35/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Last-Modified: Wed, 09 Mar 2011 18:57:19 GMT\r\n(?:[^\r\n]+\r\n)*?Server: Apache\r\n\r\n<!--\n  Licensed to the Apache Software Foundation \(ASF\) under one or more\n  contributor license agreements\.|s p/Apache Tomcat/ v/6.0.29/ cpe:/a:apache:tomcat:6.0.29/
match http m|^HTTP/1\.0 307 Temporary Redirect\r\nAccess-Control-Allow-Origin: \*\r\nContent-Length: 0\r\nContent-Type: text/html\r\nLocation: en/index\.html\r\nConnection: close\r\nDate: .* 197\d \d+:\d+:\d+ GMT\r\nServer: gen5th/([\w._-]+)\r\n\r\n$| p/Sony SNC-CH120 webcam http config/ v/$1/ d/webcam/ cpe:/h:sony:snc-ch120/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n.*<link rel=\"stylesheet\" type=\"text/css\" href=\"/dude/style\.css\" />|s p/Miktotik Dude network monitor/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\+00:00\r\nServer: DC-MPSERVER/([\w._-]+)\r\nContent-Length: \d+\r\nContent-Type: text/plain; charset=UTF-8\r\n\r\n{\"error\":\"\",\"result\":106}$| p/DC-MPSERVER/ v/$1/ i/Lenovo K91 TV/ d/media device/ cpe:/h:lenovo:k91/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .* GMT\r\nServer: Linux/([\w._-]+) Sony-BDP/([\w._-]+)\r\n\r\n$| p/Sony BDP-BX58 TV http config/ v/$2/ d/media device/ o/Linux $1/ cpe:/h:sony:bdp-bx58/ cpe:/o:linux:linux_kernel:$1/a
match http m|^HTTP/1\.0 302 Redirection\r\nServer: Intellex-Http Server ([\w._-]+)\r\nDate: .* GMT\r\nLocation: http://([\w._-]+)/default\.html\r\n\r\n$| p/American Dynamics Intellex Digital Video Management System httpd/ v/$1/ h/$2/
match http m|^HTTP/1\.1 300 Multiple Choices\r\nContent-Type: application/json\r\nVary: X-Auth-Token\r\n.*{\"versions\": {\"values\": \[{\"status\": \"beta\", \"updated\": \"(\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ)\", \"media-types\": \[{\"base\": \"application/json\", \"type\": \"application/vnd\.openstack\.identity-v2\.0\+json\"},|s p/OpenStack Keystone identity service/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer:CBA8/([\w._-]+)\r\n.*<title>LANDesk\(R\) Management Agent</title>|s p/LANDesk Management Agent/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\nPragma: no-cache\r\nExpires: 0\r\n\r\n<!-----!GS-1124C!-->\n| p/Black Box LGB2008A switch http config/ d/switch/ cpe:/h:blackbox:lgb2008a/
match http m|^HTTP/1\.1 401 \r\nServer: MyWeb ([\w._-]+)\r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm=\"index\.htm\"\r\n\r\n$| p/Black Box 8-port Ethernet switch http config/ i/MyWeb $1/ d/switch/
match http m|^HTTP/1\.1 200 OK\r\nDate: .* GMT\r\nLast-Modified: Sun, 15 Nov 1970 02:20:56 GMT\r\nETag: \"\d+\"\r\nContent-Type: text/html\r\nContent-Length: 87\r\nAccept-Ranges: bytes\r\nCache-Control: private\r\n\r\n<html><head><META http-equiv=\"refresh\" content=\"0;URL=default-ru-RU\.htm\"></head></html>$| p/Milestone IP video management http interface/
match http m|^HTTP/1\.0 307 OK\r\ncontent-type: text/html\r\nconnection: close\r\nlocation: /rp/\?id=0\r\nserver: ArgogroupMonitorMaster/([\w._-]+)\r\n| p/Ascom Monitor Master/ v/$1/
match http m|^HTTP/1\.1 403 Forbidden\r\nDate: .* GMT\r\nContent-Length: 13\r\nConnection: close\r\nCache-Control: no-cache\r\n\r\n403 Forbidden$| p/Neubot/
# https://www.eso.org/projects/dfs/dfs-shared/web/ngas/; HTTPOptions reveals BaseHTTPServer 0.3.
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: NGAMS/v([\w._-]+)/(\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d)\r\n.*<!DOCTYPE NgamsStatus SYSTEM \"http://([\w._-]+):\d+/RETRIEVE\?internal=ngamsStatus\.dtd\">\n|s p/BaseHTTPServer/ v/0.3/ i/NGAS $1 http interface; date: $2/ h/$3/ cpe:/a:python:basehttpserver:0.3/a
match http m|^HTTP/1\.0 404 Not Found\r\nDate: .* GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 52\r\nConnection: close\r\n\r\n404 Not Found\n\nThe resource could not be found\.\n\n   $| p/Nicira bridge http admin/ d/bridge/
match http m|^HTTP/1\.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\n| p/Node.js/ i/Express middleware/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.1 200 OK\r\nX-Hue-Jframe-Path: /\r\nVary: Accept-Language, Cookie\r\nContent-Type: text/html; charset=utf-8\r\n.*<meta http-equiv=\"refresh\" content=\"0; url=/beeswax\">|s p/Hue Thrift plugin for Apache Hadoop/ cpe:/a:apache:hadoop/
match http m|^HTTP/1\.1 400 Bad Request \(missing Host: header\)\r\nConnection: close\r\nDate: .* \+0000\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n$| p/oVirt/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nConnection: close\r\nDate: .* GMT\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\nLocation: http://:/login\?back_url=http%3A%2F%2F%3A%2F\r\nX-Runtime: 7\r\n| p/Redmine http interface/ v/1.3.1/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nContent-Type: text/plain\r\nServer: monocle/([\w._-]+)\r\n\r\nOK,ondemand alive| p/monocle/ v/$1/ i/Sauce OnDemand Selenium server/
match http m|^HTTP/1\.1 401 ERROR\r\nWWW-Authenticate: Digest qop=\"auth\", realm=\"Modem@AirLink\.com\", nonce=\"[0-9a-f]+\"\r\nContent-Length: 0\r\n\r\n| p/Sierra Wireless ALEOS WAP http admin/ d/WAP/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: Sierra Wireless Inc, Embedded Server\r\n| p/Sierra Wireless ALEOS WAP httpd/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length:165\r\nContent-Type:text/html\r\n\r\n<HTML><TITLE>NetTalk, Inc\.</TITLE><FRAMESET COLS=\"100%\" ROWS=\"140,\*\" frameborder=0><FRAME NAME=\"t\" SRC=\"t\.htm\"><FRAME NAME=\"login\" SRC=\"login\.cgi\"></FRAMESET></HTML>$| p/netTALK Duo http config/ d/phone/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"(TEW-\w+)\(ANNEX A\)\"\r\n|s p/TRENDnet $1 WAP http config/ d/WAP/ cpe:/h:trendnet:$1/
match http m|^HTTP/1\.0 200 Ok\r\nContent-type: text/html; charset=\"UTF-8\"\r\nConnection: close\r\nAccept-Ranges: none\r\nServer: Sockso\r\nCache-Control: private\r\n| p/Sockso music server/
match http m|^HTTP/1\.1 403 Forbidden\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>Error 403</TITLE></HEAD><BODY><H1>Error 403</H1><P>Forbidden</P></BODY></HTML>$| p/Sonos Play:5 streaming media server/ cpe:/h:sonos:play%3a5/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"home\", \r\nContent-Type: text/html\r\nCache-Control: public\r\nPragma: cache\r\n.*<html>\n<head>\n  <title>401 Unauthorized</title>\n</head>\n<body bgcolor=\"ffffff\">\n  <h2>401 Unauthorized<h2>\n  <p>\n  \n</body>\n</html>\n|s p/Sagem F@st 2764 WAP http config/ d/WAP/
match http m|^HTTP/1\.1 401 Authorization Required\r\nServer: Lotus Mobile Connect\r\nWWW-Authenticate: Basic realm=\"Lotus Mobile Connect\"\r\nConnection: close\r\nSet-Cookie: WgSessionKey=; expires=Wed, 31 Dec 1969 23:00:00 GMT; Path=/; Domain=([\w._-]+); HttpOnly\r\nContent-Type: text/html; charset=utf-8\r\n\r\n| i/Lotus Mobile Connect/ h/$1/
match http m|^HTTP/1\.1 200 OK\r\nPragma: No-cache\r\nCache-Control: no-cache\r\nExpires: Thu, 01 Jan 19\d\d [^\r\n]* (\w+)\r\n(?:[^\r\n]+\r\n)*?Server: CS-MARS\r\n|s p/Cisco MARS firewall http config/ i/time zone: $1/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Synchronet BBS for Win32  Version ([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Allow: GET, HEAD, POST, OPTIONS\r\n.*<title>(.*) Home Page</title>|s p/Synchronet BBS httpd/ v/$1/ i/site name: $2/ cpe:/a:rob_swindell:synchronet:$1/
match http m|^HTTP/1\.1 302 Found\r\n(?:[^\r\n]+\r\n)*?Server: SouthRiver/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?X-AspNet-Version: ([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Location: /Content\.aspx\r\n|s p/SouthRiver Titan httpd/ v/$1/ i/ASP.NET $2/ cpe:/a:microsoft:asp.net:$2/ cpe:/a:southrivertech:titan_ftp_server:$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: TMeter\r\n.*<Copyright>Copyright \(c\) \d+-\d+ Alexey Kazakovsky</Copyright>.*<Version>([\w._ -]+)</Version>|s p/TMeter traffic meter httpd/ v/$1/ o/Windows/ cpe:/a:trafficreg:tmeter:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: TMeter\r\n.*<Version>([\w._-]+) Unicode</Version>\r\n\t<CaptureStatus>In capture</CaptureStatus>\r\n\t<XmlTrafficReport>([^<]*)</XmlTrafficReport>\r\n|s p/TMeter/ v/$1/ i/report dir: $2/ o/Windows/ cpe:/a:trafficreg:tmeter:$1/ cpe:/o:microsoft:windows/
match http m|^HTTP/1\.1 200 OK\r\nContent type: text/xml; charset=utf-8\r\n.*<Name>TMeter</Name>\r\n\t<Copyright>Copyright \(c\) \d\d\d\d Trafficreg Software</Copyright>\r\n\t<Version>([\d.]+) Unicode</Version>\r\n|s p/TMeter/ v/$1/ o/Windows/ cpe:/a:trafficreg:tmeter:$1/ cpe:/o:microsoft:windows/
match http m|^HTTP/1\.0 200 OK\nServer: Integrity\nContent-type: text/html\n\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<html>\n<head>\n<title>Welcome to INTEGRITY</title>| p/Hay Systems HSL 2.75G Femtocell http config/ d/WAP/ cpe:/o:hay_systems:hsl_2.75g_femtocell/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: application/octet-stream\r\nCache-Control: no-cache\r\n\r\n$| p/Samsung UE55D7000 TV http config/ d/media device/ cpe:/h:samsung:ue55d7000/
match http m|^HTTP/1\.0 200 OK \r\nContent-Type: text/html\r\nDate: .* GMT\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" lang=\"en\">\n<head>\n<title>Wuala  - Secure Online Storage</title>| p/Wuala cloud storage client http status/
match http m|^HTTP/1\.1 200 OK\r\nServer: X10 Control ([\w._-]+)\r\n| p/X10 ActivePhone remote control httpd/ v/$1/ d/phone/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: 79\r\n\r\n<html><head><title>Page Not Found</title></head><body>Not here :\(</body></html>$| p/Prosody XMPP BOSH/ cpe:/a:prosody:prosody/
match http m|^HTTP/1\.1 200 OK\r\n.*<title>Endpoint Security Required</title>\n.*div\.header { background: url\(/XX/YY/ZZ/CI/MGPGHGPGPFGHCDPFGGOGFGEH\) 0 0 repeat-x; height: 82px; }\n|s p/FortiGate Endpoint Control httpd/
match http-proxy m|^HTTP/1\.1 200 OK\r\n.*<title>Web Filter Block Override</title>\n.*div\.header { background: url\(https?://:\d{1,5}/XX/YY/ZZ/CI/MGPGHGPGPFGHCDPFGGOGFGEH\) 0 0 repeat-x; height: 82px; }\n|s p/FortiGate Web Filtering Service/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=utf-8\r\n(?:[^\r\n]+\r\n)*?Server: TornadoServer/([\w._-]+)\r\n.*<link rel=\"stylesheet\" href=\"/api/[\da-f]{32}/file\.cache/minified_front\.css\?\d+\"|s p/Tornado httpd/ v/$1/ i/CouchPotato downloader/ cpe:/a:tornadoweb:tornado:$1/a
match http m|^HTTP/1\.1 401 UNAUTHORIZED\r\nWWW-Authenticate: Basic realm=\"CouchPotato Login\"\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 54\r\nServer: TornadoServer/([\w._-]+)\r\n\r\nThis is not the page you are looking for\. \*waves hand\*$| p/Tornado httpd/ v/$1/ i/CouchPotato downloader/ cpe:/a:tornadoweb:tornado:$1/a
match http m|^HTTP/1\.1 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Access-Control-Allow-Origin: \*\r\n(?:[^\r\n]+\r\n)*?Server: xmpp-share-server/([\w._-]+)\r\n|s p/xmpp-share-server httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .* ([\w._-]+) \d+\r\nServer: EasyAntiCheat/v([\w._-]+)\r\n| p/EasyAntiCheat httpd/ v/$2/ i/time zone: $1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Embedthis-Appweb/([\w._-]+)\r\n| p/Embedthis-Appweb/ v/$1/ cpe:/a:embedthis:appweb:$1/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: Google Search Appliance\r\n\r\n$| p/Google Search Appliance httpd/ d/specialized/ cpe:/a:google:search_appliance_software/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\n(?:[^\r\n]+\r\n)*?Server: JavaHttpServer/([\w._-]+)\r\n(?:[^\r\n]+\r\n)*?Pragma: /obligation\r\n|s p/JavaHttpServer/ v/$1/ i/HP Web-Based Enterprise Services obligation server/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Apache\r\n(?:[^\r\n]+\r\n)*?X-Orion-Version: ([\w._-]+)\r\n|s p/Apache httpd/ i/Western Digital web management; Orion $1/ d/storage-misc/ cpe:/a:apache:http_server/
match http m|^HTTP/1\.1 302 Found\r\nContent-Length: 0\r\nLocation: /fhem\r\n\r\n$| p/FHEM home automation http admin/ d/remote management/ cpe:/a:rudolf_koenig:fhem/
match http m|^HTTP/1\.0 200 OK\r\n.*<title>IBM Tivoli Composite Application Manager for Response Time Tracking ([\w._-]+) SoapConnectorServer</title></head>.*SoapConnectorServer is Alive\. <pre>\nBuild ID   \[([\w._-]+)\]\nBuild Date \[([^]]+)\]\n|s p/IBM Tivoli Application Manager httpd/ v/$1/ i/build ID: $2; build date: $3/
match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: alphapd\r\n(?:[^\r\n]+\r\n)*?WWW-Authenticate: Basic realm=\"(DCS-[\w._-]+)\"\r\n|s p/D-Link $1 webcam http interface/ d/webcam/ cpe:/h:dlink:$1/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nConnection: Close\r\nServer: Day-Servlet-Engine/([\w._-]+) \r\nDate: .*\r\nLocation: http://[\d.]+:\d+/welcome\.html\r\n\r\n$| p/Day CRX httpd/ v/$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: SONY LocationFreeTV/([\w._-]+) HTTPD/([\w._-]+)\r\n| p/Sony $1 LocationFree TV http interface/ v/$2/ d/media device/ cpe:/h:sony:$1/
match http m|^HTTP/1\.0 200 Ok\r\nServer: DivaWebConfig\r\n.*<title>Dialogic&reg; Diva&reg; Configuration</title>|s p/Dialogic Diva media board http config/ d/specialized/ cpe:/h:dialogic:diva/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: MiniWeb\r\nConnection: Keep-Alive\r\nContent-length: 125\r\nContent-Type: text/html\r\n\r\n<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL has no content\.</p></body></html>$| p/MediaCoder media converter http interface/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nCache-Control: no-cache, must-revalidate\r\nContent-type: text/html\r\nExpires: Tue, 02 Jan 2000 01:00:00 GMT\r\n.*<title>(DIR-[\w._-]+)</title>.*<meta name=\"copyright\" content=\"Copyright \(C\) 2008 D-Link Russia\" />|s p/D-Link $1 WAP http admin/ i/Russian/ d/WAP/ cpe:/h:dlink:$1/
match http m|^HTTP/1\.0 \xff\xfbAllow: GET \r\nAccept-Ranges: bytes\r\nCache-Control: no-cache\r\nCache-Control: no-store\r\nConnection: Keep-Alive\r\nServer: GoPro Web Server v([\w._-]+)\r\nContent-Type: text/plain\r\nContent-Length: 2\r\n\r\n$| p/GoPro HERO3 camera http interface/ v/$1/ d/webcam/ cpe:/h:gopro:hero3/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: BQTWWW/([\w._-]+) \(RSX\) \(RSX-11M-PLUS V([\w._-]+)\)\r\n| p/BQTWWW/ v/$1/ o/RSX-11M-PLUS $2/ cpe:/o:dec:rsx_11m_plus:$2/
match http m|^HTTP/1\.1 401 Unauthorized\r\n(?:[^\r\n]+\r\n)*?Www-Authenticate: Basic realm=\"SickBeard\"\r\n(?:[^\r\n]+\r\n)*?Server: CherryPy/([\w._-]+)\r\n|s p/CherryPy httpd/ v/$1/ i/Sick Beard PVR/ cpe:/a:cherrypy:cherrypy:$1/
match http m|^HTTP/1\.1 302 Found\r\nContent-Length: 128\r\nConnection: close\r\nLocation: http://127\.0\.0\.1:\d+/api/index\r\nCache-Control: no-cache\r\nDate: .*\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<HTML>\n <HEAD>\n  <TITLE>Found</TITLE>\n </HEAD>\n <BODY>\n  You should go to <A HREF=\"/api/index\">/api/index</A>\.\n </BODY>\n</HTML>\n$| p/Neubot httpd/
# Should be able to know version based on added headers and/or copyright date.
match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: JSESSIONID=\w+; Path=/; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\nDate: .*\r\nConnection: close\r\nServer: SEPM\r\n.*<title>Symantec Endpoint Protection Manager</title>|s p/Symantec Endpoint Protection Manager http config/ d/firewall/ cpe:/a:symantec:endpoint_protection_manager/
match http m|^HTTP/1\.1 200 OK\r\nX-XSS-Protection: 1; mode=block\r\nX-Content-Type-Options: nosniff\r\nSet-Cookie: JSESSIONID=[A-F\d]{32}; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\nDate: .*\r\nConnection: close\r\nServer: SEPM\r\n\r\n\r\n<!--\r\nSYMANTEC:     Copyright \(c\) 2010-2015 Symantec Corporation\.| p/Symantec Endpoint Protection Manager http config/ d/firewall/ cpe:/a:symantec:endpoint_protection_manager/
match http m|^HTTP/1\.1 200 OK\r\nX-XSS-Protection: 1; mode=block\r\nX-Content-Type-Options: nosniff\r\nSet-Cookie: JSESSIONID=[A-F\d]{32}; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\nTransfer-Encoding: chunked\r\nDate: .*\r\nConnection: close\r\nServer: SEPM\r\n\r\n\r\n<!--\r\nSYMANTEC:     Copyright \(c\) 2010-2015 Symantec Corporation\.| p/Symantec Endpoint Protection Manager http config/ d/firewall/ cpe:/a:symantec:endpoint_protection_manager/

match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Length: 85\r\nContent-Type: text/plain\r\n\r\nThe client sent a plain HTTP request, but this server only speaks HTTPS on this port\.$| p/SABnzbd+ newsreader httpd/
match http m|^HTTP/1\.1 200 Ok\r\nDate: .*\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Frameset//EN\" \"http://www\.w3\.org/TR/html4/frameset\.dtd\">\r\n<html>\r\n\t<head>\r\n\t\t<TITLE>Web Client for DVR</TITLE>| p/Zmodo camera http interface/ d/webcam/
match http m|^HTTP/1\.0 200 OK\r\nServer: HTTP Server\(V([\w._-]+)\)\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nContent-Length: 47\r\nCache-Control: no-cache; no-store;max-age=0\r\nConnection: close\r\n\r\n<HTML><BODY>404 Host Not Found\.</BODY></HTML>\r\n$| p/Aten KN2116v KVM-over-IP switch http interface/ v/$1/ d/remote management/
match http m|^HTTP/1\.0 400 Bad Request\r\nDate: .*\r\nContent-Type: text/html; charset=iso-8859-1\r\nAge: 0\r\nServer: YTS/([\w._-]+)\r\n| p/Yahoo! Traffic Server/ v/$1/
match http m|^HTTP/1\.0 503 Service Temporarily Unavailable\r\nDate: .*\r\nContent-Type: text/html; charset=iso-8859-1\r\nAge: 0\r\nServer: YTS/([\w._-]+)\r\n| p/Yahoo! Traffic Server/ v/$1/
match http m|^HTTP/1\.1 404 File not Found\r\nServer: NAE01\r\nDate: .*\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: Close\r\n\r\n$| p/Johnson Metasys building management system http interface/ d/specialized/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 STRICT//EN\" \"DTD/xhtml1-strict\.dtd\">\r\n<html>\r\n<head>\r\n<title>EDS Ethernet to 1-wire Interface</title>| p/Embedded Data Systems Ethernet-to-1-wire interface http admin/ d/bridge/
match http m|^HTTP/1\.0 301 OK\r\nConnection: close\r\nLocation: /AgentManager/get/html/home\.html\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>redirecting to url</TITLE></HEAD><BODY><H1>redirecting to url</H1><A HREF=\"/AgentManager/get/html/home\.html\"></A><p></BODY></HTML>\r\n\r\n$| p/QAM Launcher Manager/
match http m|^HTTP/1\.1 200 OK\r\n.*<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3\.2 Final//EN\">\n\n<HTML>\n\n    <META HTTP-EQUIV=\"Refresh\" CONTENT=\"\.03; URL=perl/initial\.pl\"></META>\n    <HEAD><TITLE>OPNET AppSQL Xpert Management Console</TITLE></HEAD>\n\n<BODY BGCOLOR=\"#A8D5FE\">\n\n</HTML>\n$|s p/Riverbed OPNET AppResponse httpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: BitLeapHTTP\r\nX-Dav-Powered-By: BitLeapWebDAV\r\nMS-Author-Via: DAV\r\nDAV: 1, 2, version-control\r\nContent-Length: 0\r\nConnection: Keep-Alive\r\nContent-Type: text/xml; charset=\"utf-8\"\r\nDate: .*\r\nX-WebDAV-Status: HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=LeapServ\r\n\r\n$| p/Barracuda Backup 490 appliance http admin/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nPragma: no-cache\r\n\r\n<html><head><title>ffserver Status</title>\n<link rel=\"shortcut icon\" href=\"http://dlink\.ru/favicon\.ico\">\n| p/D-Link ffserver httpd/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: HTTP Server\r\n.*<!--\n    M Comeau Dec 19, 2011\n    This page is used to redirect to the URL below\.  It is necessary to do this\n    so the http server properly redirects to the CGI\.\n-->\n<head>\n<title>BSE Redirect</title>|s p/Chrysler wiTECH VCI Pod automotive diagnostic device/ d/specialized/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><head><title>Welcome to Keter</title></head><body><h1>Welcome to Keter</h1><p>You did not provide a virtual hostname for this request\.</p></body></html>$| p/Keter httpd/ i/Yesod web framework/
match http m|^HTTP/1\.1 200 OK\r\n\r\n\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\">\n  <head>\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n    <title>Servers Ultimate Pro</title>| p/Ice Cold Apps Servers Ultimate Pro httpd/
match http m|^HTTP/1\.1 200 OK\r\nETag: .*\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer: wifi-security-server\r\n\r\n<html>\r\n<head>\r\n<meta http-equiv=\"refresh\" content=\"1; URL=/wifiserver\">\r\n</head>\r\n<body>\r\n</body>\r\n</html>\r\n$| p/Apache Tomcat/ i/AirTight SpectraGuard firewall/ d/firewall/ cpe:/a:apache:tomcat/a
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nX-Powered-By: Express\r\nVary: Accept\r\nContent-Type: text/plain\r\nLocation: /plugin\r\nContent-Length: 41\r\nDate: .*\r\nConnection: close\r\n\r\nMoved Temporarily\. Redirecting to /plugin$| p/Ninja Blocks home automation httpd/
match http m|^HTTP/1\.1 501 Not Implemented\r\nDate: .* ([+-]\d+)\r\nAllow: GET, POST\r\nPragma: No-Cache\r\nServer: MobiCont ([\w._-]+)\r\nContent-Length: 0\r\n\r\n$| p/Mobicont httpd/ v/$2/ i/time zone: $1/
# http://www.st.rim.or.jp/~nakata/
match http m|^HTTP/1\.1 200 Document follows\r\nMIME-Version: 1\.0\r\nServer: AnWeb/([\w._-]+)\r\n| p/AN httpd/ v/$1/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: Mini web server 1\.0 ZTE corp 2005\.\r\nContent-Type: text/html; charset=iso-8859-1\r\nAccept-Ranges: bytes\r\nConnection: close\r\nCache-Control: no-cache,no-store\r\n\r\n                                              <HTML>\n                                              <HEAD><TITLE>400 Bad Request</TITLE></HEAD>\n                                              <BODY BGCOLOR=\"#FFFFFF\" TEXT=\"#000000\" LINK=\"#2020ff\" VLINK=\"#4040cc\">\n                                              <H2>400 Bad Request</H2>\nYour request has bad syntax or is inherently impossible to satisfy\.\n| p/thttpd/ i/Zebra ZTE F660 broadband router/ d/broadband router/ cpe:/a:acme:thttpd/ cpe:/h:zebra:zte_f660/a
match http m|^HTTP/1\.1 404 Not Found\r\nPragma: no-cache\r\nmax-age: Thu, 01 Jan 1970 00:00:00 GMT\r\n.*<title>Error 404 NOT_FOUND</title>|s p/Google Web Toolkit httpd/ cpe:/a:google:web_toolkit/
match http m|^HTTP/1\.0 200 OK\r\nServer: Miner WEB Server\r\n.*<td align='right'>Total MHS:</td><td align='left'>([\d.]+)</td>.*<td align='right'>Up Time:</td><td align='left'>([\w,]+)</td>.*Current Server: ([][\w._:-]+)|s p/Asicminer Block Eruptor Blade bitcoin miner httpd/ i|Mhash/s: $1; uptime: $2; server: $3|
match http m|^HTTP/1\.1 200 OK\r\ncontent-type: text/plain; charset=utf-8\r\nCache-Control: no-cache\r\nExpires: Fri, 01 Jan 1990 00:00:00 GMT\r\nContent-Length: \d+\r\nServer: Development/([\w._-]+)\r\nDate: .*\r\n| p/Google App Engine SDK/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\ncontent-length: \d+\r\ncontent-type: text/html; charset=utf-8\r\n.*<title>\n\t  SOGo\n\t</title>.*<meta content=\"SKYRIX Software AG/Inverse inc\.\" name=\"author\" />.*<meta content=\"@shiva (\d+)\" name=\"build\" />|s p/Inverse SOGo SOPE application server httpd/ v/build $1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<html><head><title>WiFi ADSL2/2\+ Combo IAD</title>| p/Netcomm NP805N WAP http config/ d/WAP/ cpe:/h:netcomm:np805n/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: Http Server\r\nDate: .* \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http:///login\.asp\r\n\r\n<html><head></head><body>\r\n\t\tThis document has moved to a new <a href=\"http:///login\.asp\">location</a>\.\r\n\t\tPlease update your documents to reflect the new location\.\r\n\t\t</body></html>\r\n\r\n$| p/Tenda N60 WAP http admin/ d/WAP/ cpe:/h:tenda:n60/
# Fallback match:
match http m|^HTTP/1\.1 400 Page not found\r\nServer: Http Server\r\nDate: .* \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\n| p/Tenda WAP http admin/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: EDICOM-HTTP\r\n.*<meta name=\"Author\" \r\ncontent=\"Santiago Bellosta\">.*<title>EDICOM AS2 \r\nSERVER</title>|s p/Edicom AS2 proxy server http config/ d/proxy server/
match http m|^HTTP/1\.1 417 Expectation Failed\r\nServer: AvigilonServer/([\w._-]+)\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 19\r\n\r\nExpectation failed\.$| p/Avigilon Control Center httpd/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\n\r\n<!DOCTYPE html>\r\n<html>\r\n<head>\r\n   <title>CyberStat Configuration</title>| p/CyberStat thermostat http interface/ d/specialized/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nServer: \r\nContent-length: 0\r\nConnection: close\r\nLocation: https://:443/login\.lp\r\nSet-Cookie: xAuth_SESSION_ID=.*; path=/; \r\nCache-control: no-cache=\"set-cookie\"\r\n\r\n$| p/Technicolor TG789vn broadband router/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: IPWEBS/([\w._-]+)\r\n.*\.noscript_text{\r\nwidth: 100%;\r\nheight: 100%;\r\nfont-size: 24px;\r\ntext-align: center;\r\npadding-top: 24px;\r\n}\r\n</style>|s p/IPWEBS/ v/$1/ i/Huawei broadband router http admin/ d/broadband router/
match http m|^HTTP/1\.1 401 Authorization Required\r\nDate: .*\r\nServer: KGet\r\nWWW-Authenticate: Basic realm=\"KGet Webinterface Authorization\"\r\n| p/KGet download manager http interface/
match http m|^HTTP/1\.1 302 Found\r\nX-Frame-Options: SAMEORIGIN\r\nLocation: https?://([\w._-]+):\d+/vkd/GetWelcomeScreen\.event\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">| p/Symantec PGP Verified Directory httpd/ h/$1/
match http m|^HTTP/1\.1 302 Found\r\nX-Frame-Options: SAMEORIGIN\r\nLocation: https?://([\w._-]+):\d+/b/l\.e\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">| p/Symantec PGP Web Messenger httpd/ h/$1/
match http m|^HTTP/1\.1 302 Found\r\nX-Frame-Options: SAMEORIGIN\r\nLocation: https?://([\w._-]+):\d+/omc/GetLoginScreen\.uevent\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">| p/Symantec PGP Universal Server http admin/ h/$1/ cpe:/a:symantec:pgp_universal_server/
match http m|^HTTP/1\.1 404 not found\r\nContent-Length: 13\r\n\r\n404 not found$| p/Slingbox 500 httpd/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: ZM_TEST=true;Secure\r\n.*\* Zimbra Collaboration Suite Web Client\r\n|s p/Zimbra Collabration Suite httpd/ cpe:/a:zimbra:zimbra_collaboration_suite/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"> \n<title>Access Point Configuration Utility</title>| p/Cisco AP541N WAP http admin/ d/WAP/ cpe:/h:cisco:ap541n/
match http m|^HTTP/1\.1 200 OK\r\nConnection: Close\r\nContent-Length: 0\r\n\r\n$| p/Talk Talk YouView set-top box http config/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nServer: http server ([\w._-]+)\r\n.*<title>NVR</title>|s p/Qnap VioStor video recorder http admin/ v/$1/ d/media device/
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: 6\r\n\r\nERROR\n$| p/Apple Xsan httpd admin/
match http m|^HTTP/1\.1 404 Not Found\r\nX-DEVICE-VALUE:Not Found\r\nServer: Encore/([\w._-]+)\r\nContent-Length: 134\r\n\r\n<html><head>\r\n<META NAME=\"DEVICE-VALUE\" CONTENT=\"Not Found\">\r\n</head><body>\r\n<DIV CLASS=\"DEVICE-VALUE\">Not Found</DIV>\r\n</body></html>$| p/Yamaha M7CL sound board http config/ v/$1/ d/media device/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation:/login/login\.hchl\r\nDate:.*\r\nServer:Numara FootPrints Asset Core Agent ([\w._-]+)\r\nConnection:Close\r\nContent-Length:0\r\n\r\n$| p/Numara FootPrints inventory management http admin/ v/$1/
match http m|^HTTP/1\.1 200 Success\r\nServer: Messaging\r\ntransfer-encoding: chunked\r\n\r\n0\r\n\r\n$| p/Sybase Unwired Server Synchronization httpd/
match http m|^HTTP/1\.1 302 Object Moved\r\nLocation: /vpn/index\.html\r\nSet-Cookie:NSC_AAAC=| p/Citrix NetScaler Access Gateway/ cpe:/h:citrix:netscaler_access_gateway/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: webvpn=;.*document\.location\.replace\(\"/\+CSCOE\+/logon\.html\"\)|s p/Cisco ASA SSL VPN/
match http m|^HTTP/1\.1 303 See Other\r\nServer: \r\nContent-type: text/plain\r\nLocation: /login\.xml\?session=false\r\n| p/IBM WebSphere DataPower management interface/
match http m|^HTTP/1\.1 407 MAG Authentication Failed!\r\n| p/AirWatch Mobile Access Gateway/
match http m|^HTTP/1\.1 200 OK\r\nServer: Linux, STUNNEL/1\.0, (D[\w-]+) Ver ([\w._-]+)\r\n| p/D-Link router admin httpd/ i/model $1; firmware $2/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
# version number is not really a version (this was 1.7.0.11)
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Easy-Web Server/1.0\r\nAuthor: Easy Ftp Server\r\nWWW-Authenticate: BASIC realm=\"Ftp User Login\"\r\n| p/EasyFTP Server httpd/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nServer: wanduck\r\nDate: .*\r\n| p/Asus wanduck WAN monitor httpd/
match http m|^HTTP/1\.1 200 OK\r\nServer:Cross Web Server\r\n| p/Cross DVR httpd/ d/media device/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Aterm\(HT\)/([\d.]+)\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Aterm\(admin\)\"\r\n| p/NEC Aterm admin httpd/ v/$1/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nServer: TAC/Xenta([\w-]+) ([\d.]+)\r\n| p/TAC Xenta httpd/ v/$2/ i/Xenta $1/
match http m|^HTTP/1\.1 200 OK\r.*\nserver: WebSEAL/([\d.]+) \(Build (\d+)\)\r\n|s p/IBM Tivoli WebSEAL httpd/ v/$1/ i/build $2/ d/storage-misc/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: App-webs/\r\n| p/Hikvision IP camera httpd/ d/webcam/
match http m|^HTTP/1\.1 200 [Oo][Kk]\r\nServer: Venky\r\n| p/Smartfren EVDO modem httpd/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Aviosys\r\nPragma: no-cache\r\nWWW-Authenticate: Basic realm=\"([^"]+)\"\r\n| p/Aviosys $1 httpd/
match http m|^HTTP/1\.0 200 OK\r.*\nServer: OwnServer([\d.]+)\r\n|s p/Anteco OwnServer/ v/$1/
# The "EWS-NIC4" server is used in all sorts of printers, but version 8.80 is exclusively Dell 1320c
# Could probably use Shodan to enumerate other versions
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: EWS-NIC4/8\.80\r\n|s p/Embedded Web Server httpd/ v/8.80/ i/Dell 1320c/ d/printer/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Frameset//EN\">\r\n<!-- Copyright \(c\) 2000-2\d\d\d, Fuji Xerox Co\., Ltd\. All Rights Reserved\. -->\r\n<HTML>.*<TITLE>\r\n([\w -]+?) +- [\d.]+\r\n</TITLE>|s p/Fuji-Xerox $1 httpd/ d/printer/ cpe:/h:fuji_xerox:$1/
# lighttpd started responding with HTTP/1.1 in version 2.0.0, apparently
match http m|^HTTP/1.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: lighttpd/([\w._-]+)\r\n|s p/lighttpd/ v/$1/ cpe:/a:lighttpd:lighttpd:$1/
# SNC full system info at /command/inquiry.cgi?inqjs=system
match http m|^HTTP/1\.0 307 Temporary Redirect\r\n(?:[^\r\n]+\r\n)*?Server: gen5th/([\d.]+)\r\n|s p/Sony Network Camera httpd/ v/$1/ d/webcam/
# WEB-Manager 3.2. Looks like later versions are framed.
match http m|^HTTP/1\.1 200\r\n.*<title>WEB-Manager ([\d.]+)</title>.*<applet code=\"container\.class\" archive=web\.jar width=\"743\" height=\"1250\" style=\"border: thick ridge\">|s p/Lantronix WEB-Manager admin httpd/ v/$1/
match http m|^HTTP/1\.0 302 Document Follows\r\nSet-Cookie: SESSID=[a-f0-9]{32}\r\nPragma: no-cache\r\nLocation: http:///([\w.-]+)/testcookie\.ssi\?SESSID=[a-f0-9]{32}\r\nConnection: close\r\n\r\n| p/IBM Remote Supervisor Adapter httpd/ h/$1/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: httpd\r\nDate: .*\r\nLocation: http://belkin\.range\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\n| p/Belkin WiFi range extender httpd/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nSet-Cookie: rg_cookie_session_id=.*\r\n\r\n<!-- Page\(9123\)=\[Please Reset Your Password\] -->|s p/BT Home Hub config httpd/ i/password reset page/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nSet-Cookie: rg_cookie_session_id=.*\r\n\r\n<!-- Page\(9096\)=\[Home\] -->|s p/BT Home Hub config httpd/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nServer: Sierra Wireless Inc, Embedded Server\r\n| p/Sierra Wireless embedded httpd/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-store\r\nContent-Length: 96\r\nContent-Type: text/html\r\n\r\n<html>\n<body bgcolor=\"#99ccff\">\n<center>\n<h1>Invalid Access</h1>\n</center>\n</p></body>\n</html>\n\n\n| p/Cisco ATA 186 httpd/ d/VoIP adapter/ cpe:/h:cisco:ata_186/a
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nServer: RT-Platform/([\d.]+) (UPnP/[\d.]+) EBS Mi\r\n| p/EBS RTPlatform UPnP httpd/ v/$1/ i/$2/
match http m|^HTTP/1\.1 302 Found\r\nServer: Cassini/(4\.[\d.]+)\r\nDate: .*\r\nX-AspNet-Version: ([\d.]+)\r\nLocation: /Login\.aspx\r\n| p/Cassini httpd/ v/$1/ i/SmarterStats 8.2; ASP.NET $2/ o/Windows/ cpe:/a:microsoft:asp.net:$2/ cpe:/a:microsoft:cassini:$1/ cpe:/a:smartertools:smarterstats:8.2/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"Netgear\"\r\n| p/Netgear admin httpd/ d/broadband router/
match http m|^HTTP/1\.0 200 OK\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r\n<!-- release 20120329v1  -->\r\n<!-- \$Id: header\.php 3167 2010-03-03 18:11:27Z slemoine \$ -->| p/Cisco DPC3939b or Arris TG862G wireless cable modem httpd/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nConnection: Close\r\nServer: (BC\d+) WEB SERVER V([\d.]+)\r\nAllow: GET\r\nContent type: text/html\r\nContent-length: \d+\r\ntitle: BC\d+\.htm\r\n\r\n| p/Beckhoff $1 Bus Terminal Controller/ v/$2/ d/specialized/
match http m|^HTTP/1\.0 404 \r\n(?:[^\r\n]+\r\n)*?server: CubeCoders-McMyAdmin/IAWS\r\n.*<p id=\"verinfo\">McMyAdmin Personal - Web Backend v([\d.]+)</p>|s p/CubeCoders McMyAdmin Personal Minecraft control panel/ v/$1/
match http m|^HTTP/1\.0 404 \r\n(?:[^\r\n]+\r\n)*?server: CubeCoders-McMyAdmin/IAWS\r\n.*<p id=\"verinfo\">McMyAdmin Professional - Web Backend v([\d.]+)</p>|s p/CubeCoders McMyAdmin Professional Minecraft control panel/ v/$1/
match http m|^HTTP/1\.0 \d\d\d \r\n(?:[^\r\n]+\r\n)*?server: CubeCoders-McMyAdmin/IAWS\r\n|s p/CubeCoders McMyAdmin Enterprise Minecraft control panel/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: cc-web/([\d.]+)\r\n| p/Centova Cast httpd/ v/$1/
match http m|^HTTP/1\.1 302 Found\r.*\nServer: WSO2 Carbon Server\r\n|s p/WS02 Carbon middleware/
match http m|^HTTP/1\.1 200 OK\r\nServer: Linux, HTTP/1\.1, MyNetN(\d\d\d) Ver ([\d.]+)\r\n| p/Western Digital MyNet N$1 admin httpd/ v/$2/ d/WAP/ o/Linux/ cpe:/h:western_digital:n$1/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r.*\nServer: Monkey\r\n|s p/Monkey httpd/ o/Linux/ cpe:/a:monkey-project:monkey_http_daemon/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nConnection: close\r\nLocation: http://([\w.-]+:\d+)/guest/(?:s/default/)?\?id=[a-f0-9:]+&ap=([a-f0-9:]+)&t=\d+&url=http://\(null\)/\r\n\r\n| p/Ubiquiti UniFi guest redirection/ i/portal: $1; MAC: $2/
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: M1 WebServer/([\d.]+)-VxWorks\r\n| p/Bachmann M1 PLC httpd/ v/$1/ o/VxWorks/ cpe:/o:windriver:vxworks/a
# Ferguson Ariva 252 HD satellite receiver
match http m|^HTTP/1\.0 \d\d\d [A-Z ]+\r\nServer: klhttpd/([\d.]+)\r\n| p/klhttpd/ v/$1/
match http m|^HTTP/1\.1 302 Found\r.*\nServer: ProCurve Web Server\r\n|s p/HP ProCurve httpd/ d/switch/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n\xef\xbb\xbf<!-- Release v ([\d.]+) \d{8} -->.*<title>Bosch Security Systems</title>|s p/Bosch Security DVR httpd/ v/$1/
match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nContent-Length: 0\r\ntv2-auth-digest: | p/Microsoft Mediaroom httpd/ i/IPTV tuner/ d/media device/
match http m|^HTTP/1\.0 404 Not found\r\nDate: [\w., :]+ ([+-]\d\d\d\d)\r\nServer: Monitorix HTTP Server\r\n| p/Monitorix httpd/ i/time zone $1/
match http m|^HTTP/1\.1 200 OK\r\nServer: Web Server\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n\r\n   <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\">\n<HTML>\n<HEAD>\n  <TITLE>Login</TITLE>\n  <link rel=\"stylesheet\" href=\"/50010f00/css/style1\.css\">| p/HP V1810 switch httpd/ d/switch/ cpe:/h:hp:v1810/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: PRINT_SERVER WEB 1\.0\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"(W\w+54G\w*)\"\r\n\r\n401 Unauthorized| p/Linksys $1 wireless print server httpd/ cpe:/h:linksys:$1/a
match http m|^HTTP/1\.0 200 OK\r\n<!DOCTYPE html>\nContent-type: text/html\r\n\r\n<HTML>\n<TITLE>ConfigServer Security & Firewall</TITLE>| p/ConfigServer Security & Firewall/ d/firewall/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: webserver/1\.0\r\nDate: .*\r\nWWW-Authenticate: Digest algorithm=\"MD5\", realm=\"Forbidden\", qop=\"auth\"| p/OSCam softcam httpd/ d/media device/
match http m|^HTTP/1\.1 302 OK\r\nServer: ConfigurationService\r\nDate: .*\r\nConnection: close\r\nSet-Cookie: VNeXHttpSessionID=| p/Avaya Scopia Pathfinder firewall traversal http config/
match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/plain; charset=UTF-8\r\nDate: .*\r\nServer: waitress\r\n\r\n404 Not Found\n\nThe resource could not be found\.\n\n\ndebug_notfound of url http://[^;]+; .* context: <pyramid\.traversal\.DefaultRootFactory instance at| p/Pylons Waitress WSGI server/ i/Pylons Pyramid web framework/
match http m|^HTTP/1\.0 404 Not Found\r.*\nServer: waitress\r\n\r\n|s p/Pylons Waitress WSGI server/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-type: text/html; charset=UTF-8\r\nAccept-Ranges: bytes\r\nConnection: close\r\nWWW-Authenticate: Digest realm=\"Authorization\",nonce=\"[a-f\d]+\",opaque=\"[a-f\d]+\",qop=\"auth\"\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H2>401 Unauthorized</H2>\n<HR>\nAuthorization required for the requested URL\.\n</BODY></HTML>\n| p/Panasonic KX-TGP500 http interface/ d/VoIP phone/
match http m|^HTTP/1\.1 200 OK\r\nServer: sw-cp-server\r\n.*<meta name=\"plesk-build\" content=\"([\d.]+)\">\n\t\t<title>Parallels Plesk Panel ([\d.]+)</title>|s p/Parallels Plesk sw-cp-server httpd/ v/$2/ i/build $1/
match http m|^HTTP/1\.1 200 OK\r.*\nServer: NetDNA-cache/([\d.]+)\r\n.*\r\nYou are hitting the NetDNA ([^<]+)<br>\n<img src=netdna\.gif\?city=4 >\n\n|s p/NetDNA CDN httpd/ v/$1/ i/$2/
match http m|^HTTP/1\.1 200 OK\r\n.*window\.location = \"rdr\.cgi\";\r\n|s p/TRENDnet IP camera httpd/ d/webcam/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: YTS/([\d.]+)\r\n|s p/Yahoo! Traffic Server/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: Linux, HTTP/1\.1, (DSL-[\w]+) Ver ([A-Z][A-Z])_([\d.]+)\r\n| p/D-Link $1 router httpd config/ v/$3/ i/region: $2/ d/broadband router/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=\"\"\r\n.*var objWin = window\.open\(strURL, \"WJHD600\",|s p/Panasonic WJ-HD600-series DVR http config/ d/media device/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Type: text/html\r\nDate: .*\r\nConnection: close\r\nServer: mwg-ui\r\n\r\n| p/McAfee Web Gateway httpd/ d/security-misc/ cpe:/a:mcafee:web_gateway/
match http m|^HTTP/1\.1 302 Found\r\nLocation: https://[\w.-]+:\d+/Konfigurator/request\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: mwg-ui\r\n\r\n| p/McAfee Web Gateway http config/ d/security-misc/ cpe:/a:mcafee:web_gateway/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Camera Web Server\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"Camera Web Server\"\r\n| p/Belkin NetCam http config/ d/webcam/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nExpires: 0\r\nDate: .*\r\n\r\n<script language='JavaScript'>location='https:///';</script>\n| p/ISPmanager SSL redirector/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nAccess-Control-Allow-Origin: \*\r\nCache-Control: no-cache\r\nContent-type: text/html; charset=utf-8\r\nDate: .*\r\n\r\n<html>\r\n<head><title>JointSpace</title>| p/jointSPACE TV application framework/ d/media device/
match http m|^HTTP/1\.1 200 OK\r.*\nlibAbsinthe: (r[\d.]+)\r\n|s p/Legify Absinthe/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Web Server\r\nContent-Type: text/html\r\n(?:[^\r\n]+\r\n)*?\r\n   \r\n<!DOCTYPE HTML PUBLIC.*<TITLE>NETGEAR ([^<]+)</TITLE>|s p/Netgear $1 http config/ d/switch/ cpe:/h:netgear:$1/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Basic realm=\"Domoticz\.com\"\r\n\r\n|s p/Domoticz home automation httpd/
match http m|^HTTP/1\.1 200 OK\r\nLast-Modified: .*\r\nContent-Length: \d+\r\nContent-Type: text/html;charset=UTF-8\r\nAccess-Control-Allow-Origin: \*\r\n\r\n<!DOCTYPE html>\n<html manifest="html5\.appcache">\n<head>\n\t\t<meta charset="utf-8">\n\t\t<title>Domoticz</title>| p/Domoticz home automation httpd/
match http m|^HTTP/1\.0 302 Redirect\r\nSet-Cookie: mainServerInstance=; path=/\r\nSet-Cookie: CrushAuth=| p/CrushFTP web interface/ cpe:/a:crushftp:crushftp/
match http m|^HTTP/1\.1 401 Unauthorized\r\nSet-Cookie: mainServerInstance=; path=/\r\nSet-Cookie: CrushAuth=| p/CrushFTP web interface/ cpe:/a:crushftp:crushftp/
match http m|^HTTP/1\.1 200 OK\r\nServer: pyTivo/([\d.]+)\r\n| p/pyTivo http interface/ v/$1/ d/media device/
match http m|^HTTP/1\.1 302 FOUND\r\nX-Hue-Jframe-Path: /\r\n| p/Cloudera Hue http Hadoop UI/
match http m=^HTTP/1\.1 200 OK\r.*\nLiferay-Portal: Liferay Portal (Community|Enterprise) Edition ([^(]+) \([A-Z][a-z]+ / Build (\d+) / [^)]+\)\r.*\nServer: Apache\r\n=s p/Liferay Portal $1 Edition/ v/$2/ i/build $3; Apache Tomcat/ cpe:/a:apache:tomcat/
match http m|^HTTP/1\.1 401 Unauthorized\nContent-Type: text/html;\nConnection: close\nWWW-Authenticate: Basic realm=\"Default: admin/admin\"\nContent-Length: <HTML>\r\n<HEAD>\r\n<TITLE>Sitecom Multi-Functional USB Server ([^<]+)</TITLE>| p/Sitecom $1 http config/
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nPragma: no-cache\r\nExpires: \"[^"]+\"\r\nContent-length: \d+\r\nContent-type: text/html\r\n\r\n<html>\n<head>\n<title>ILV701PL Web Configuration - Authentication</title>| p/LEXCOM ILV701PL IPTV receiver http config/ d/media device/
match http m|^HTTP/1\.0 500 Server Error\nContent-Type: text/html\n\n<html><body><b><font color=#CC0000>haserl CGI Error</font></b><br><pre>\n\[string \"([^"]+)\"\]:\d+:| p/Haserl CGI wrapper/ i/CGI path: "$1"/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"yhhtpd\r\n| p/Neutrino yhttpd 3.X/
match http m|^HTTP/1\.0 200 OK\r\nServer: xLightweb/([\d.]+)\r\nContent-Length: 0\r\nConnection: close\r\nAccess-Control-Allow-Origin: \*\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Headers: device-os, device-mo, app-build, device-id, device-no, device-ip, tracker, sub-id, sid\r\n\r\n| p/xLightweb httpd/ v/$1/
match http m|^HTTP/1\.0 200 Document follows\r\nServer: XCD WebAdmin\r\nContent-Type: text/html\r\n\r\n| p/Intermec EasyLAN print server http admin/ d/print server/
match http m|^HTTP/1\.1 200 OK\r\nServer: Dump1090\r\n| p/Dump1090 Mode S decoder http viewer/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nETag: \"[^"]\"\r\nAccept-Ranges: bytes\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n<html><script type=\"text/javascript\">\nif \(window!=top\) top\.location=window\.location;top\.location=\"/remote/login\";\n</script></html>\n| p/Fortinet FortiGate SSL VPN/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: qHTTPs\r\n| p/AEG Powersolutions UPS View http viewer/ d/power-device/
match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: sid=[^;]+; path=/; httponly\r\nSet-Cookie: sid\.sig=[^;]+; path=/; httponly\r\nDate: .*\r\nConnection: close\r\n\r\n<!DOCTYPE HTML>.*<h1>Webhook Deployer v([\w._-]+)|s p/Node.js/ i/Webhook Deployer v$1/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\nContent-Length: \d+\r\nServer: SIMP LIGHT\r\n\r\n<head><title>SIMP Light web server \[ver\. ([\w._-]+)\]</title>| p/SIMP Light SCADA httpd/ v/$1/
match http m|^HTTP/1\.[01] 401 Unauthorized\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n(?:Connection: close\r\n)?X-Plex-Protocol: 1\.0\r\n| p/Plex Media Server httpd/ cpe:/a:plex:plex_media_server/
match http m|^HTTP/1\.[01] 200 OK\r\nContent-Type: text/xml;charset=utf-8\r\nContent-Length: \d+\r\nConnection: close\r\nX-Plex-Protocol: 1\.0\r\nCache-Control: no-cache(?:\r\nDate: .*)?\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<MediaContainer size=\"\d+\" [^>]*friendlyName=\"([^"]*)\" [^>]*platform=\"Linux\" platformVersion=\"(((?:2\.)?\d\.\d+)[^"]+)\" [^>]*version=\"([^"]+)| p/Plex Media Server httpd/ v/$4/ i/friendlyName: $1; OS version $2/ o/Linux $3/ cpe:/a:plex:plex_media_server:$4/ cpe:/o:linux:linux_kernel:$3/
match http m|^HTTP/1\.[01] 200 OK\r\nContent-Type: text/xml;charset=utf-8\r\nContent-Length: \d+\r\nConnection: close\r\nX-Plex-Protocol: 1\.0\r\nCache-Control: no-cache(?:\r\nDate: .*)?\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<MediaContainer size=\"\d+\" [^>]*friendlyName=\"([^"]*)\" [^>]*platform=\"([^"]+)\" platformVersion=\"([^"]+)\" [^>]*version=\"([^"]+)| p/Plex Media Server httpd/ v/$4/ i/friendlyName: $1; OS version $3/ o/$2/ cpe:/a:plex:plex_media_server:$4/
# Sometimes the version is too far down the page :(
match http m|^HTTP/1\.[01] 200 OK\r\nContent-Type: text/xml;charset=utf-8\r\nContent-Length: \d+\r\nConnection: close\r\nX-Plex-Protocol: 1\.0\r\nCache-Control: no-cache(?:\r\nDate: .*)?\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<MediaContainer size=\"\d+\" [^>]*friendlyName=\"([^"]*)\" [^>]*platform=\"Linux\" platformVersion=\"(((?:2\.)?\d\.\d+)[^"]+)\"| p/Plex Media Server httpd/ i/friendlyName: $1; OS version $2/ o/Linux $3/ cpe:/a:plex:plex_media_server/ cpe:/o:linux:linux_kernel:$3/
match http m|^HTTP/1\.[01] 200 OK\r\nContent-Type: text/xml;charset=utf-8\r\nContent-Length: \d+\r\nConnection: close\r\nX-Plex-Protocol: 1\.0\r\nCache-Control: no-cache(?:\r\nDate: .*)?\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<MediaContainer size=\"\d+\" [^>]*friendlyName=\"([^"]*)\" [^>]*platform=\"([^"]+)\" platformVersion=\"([^"]+)\"| p/Plex Media Server httpd/ i/friendlyName: $1; OS version $3/ o/$2/ cpe:/a:plex:plex_media_server/
match http m|^HTTP/1\.[01] 200 OK\r\nContent-Type: text/xml;charset=utf-8\r\nContent-Length: \d+\r\nConnection: close\r\nX-Plex-Protocol: 1\.0\r\nCache-Control: no-cache(?:\r\nDate: .*)?\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n<MediaContainer size=\"\d+\" [^>]*friendlyName=\"([^"]*)\"| p/Plex Media Server httpd/ i/friendlyName: $1/ cpe:/a:plex:plex_media_server/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Type: text/html\r\nSet-Cookie: cookie_session_id_0=\d+; path=/;\r\nCache-Control: public\r\nPragma: cache\r\nExpires: .*\r\nDate: .*\r\nLast-Modified: Thu, 01 Jan 1970 00:00:00 GMT\r\nAccept-Ranges: bytes\r\nConnection: close\r\nLocation: https?://[\w._-]+:\d+/index\.cgi\?active%5fpage=9091&req%5fmode=0\r\n\r\n| p/OpenRT httpd/ o/OpenRT/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"(iRMC S\d)@iRMC([0-9A-F]{6})\", qop=\"auth\", nonce=\"[0-9a-f-]+\", opaque=\"[0-9a-f]+\", stale=\"FALSE\" \r\n(?:Connection: close\r\n)?Cache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\n\r\n296\r\n| p/Fujitsu $1 httpd/ i/Host ID (MAC) $2/ d/remote management/
match http m|^HTTP/1\.1 400 Bad Request\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nProxy-Connection: close\r\nConnection: close\r\nContent-Length: 727\r\n\r\n<HTML><HEAD>\r\n<TITLE>Request Error</TITLE>\r\n</HEAD>\r\n<BODY>\r\n<FONT face=\"Helvetica\">\r\n<big><strong></strong></big><BR>| p/ISPConfig http control panel/
match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: alphapd\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Digest realm=\"(TV-IP\d\d\d\w*)\",qop=\"auth\", nonce=\"[a-f0-9]+\"\r\n\r\n| p/TRENDnet $1 httpd/ d/webcam/ cpe:/h:trendnet:$1/a
#example $2 = "MediaCloset\0"
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<html><head><title>APC Back-UPS ([^(]+)\(([^)]+)\)</title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"></head>| p/APC Back-UPS $1 http admin/ i/$P(2)/
match http m|^HTTP/1\.1 401 UNAUTHORIZED\r\nWWW-Authenticate: Basic realm=\"Login Required\"\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 90\r\nDate: .*\r\nServer: ([\w._-]+)\r\n\r\nCould not verify your access level for that URL\.\nYou have to login with proper credentials| p/Maraschino XBMC http interface/ h/$1/
match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: session=[0-9a-f]{40}; Path=/; HttpOnly\r\nX-Auth-Status: none\r\nContent-Type: text/html\r\nDate: .*\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n.* href=\"/ajenti:static/|s p/Ajenti http control panel/ cpe:/a:ajenti:ajenti/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Hydra/([\w._-]+)\r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Length: \d+\r\nLast-Modified: .*\r\nETag: \"[^"]+\"\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<title>Intelligent Switch</title>>\n| p/Hydra httpd/ v/$1/ i/ZyXEL GS1600 or GS1900 switch/ d/switch/ cpe:/a:nikos_mavroyanopoulos:hydra:$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Length: \d+\r\nLast-Modified: .*\r\nETag: \"[^"]+\"\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<title>Intelligent Switch</title>>\n| p/Hydra httpd/ i/ZyXEL GS1600 or GS1900 switch/ d/switch/ cpe:/a:nikos_mavroyanopoulos:hydra/
match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: JSESSIONID=[0-9A-F]{32}; Path=/\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer:  \r\n\r\n<!-- default page when just a URL is entered \(e\.g\. - http://ipaddress\) -->| p/Cisco Unified Communications Manager httpd/ cpe:/a:cisco:unified_communications_manager/
# version 8.5.1 reported with SAMEORIGIN, but not in 8.6
# version 8.6 has Secure; HttpOnly
match http m|^HTTP/1\.1 200 OK\r\n(?:X-Frame-Options: SAMEORIGIN\r\n)?Set-Cookie: JSESSIONID=[0-9A-F]{32}; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer:  \r\n\r\n<!-- default page when just a URL is entered \(e\.g\. - http://ipaddress\) -->| p/Cisco Unified Communications Manager httpd/ cpe:/a:cisco:unified_communications_manager/
# TODO: Which version has HttpOnly and not Secure?
match http m|^HTTP/1\.1 200 OK\r\nX-Frame-Options: SAMEORIGIN\r\nSet-Cookie: JSESSIONID=[0-9A-F]{32}; Path=/; HttpOnly\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer:  \r\n\r\n<!-- default page when just a URL is entered \(e\.g\. - http://ipaddress\) -->| p/Cisco Unified Communications Manager httpd/ cpe:/a:cisco:unified_communications_manager/
match http m|^HTTP/1\.0 500 No such header: Host\r\nserver: Ag \[47\]\r\ncontent-type: text/html\r\n\r\n<html>\n<head>\n</head>\n<body>\n<h1>500: No such header: Host</h1>\n</body>\n</html>\r\n| p/ZyXEL Keenetic http admin/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<html><head><title>Basic Status</title></head><frameset rows=\"\*,0\" border=0 frameborder=no framespacing=0><frame src=\"basic\.htm\" name=\"main\"><frame src=\"hide\.htm\" name=\"Hide\" marginwidth=0 marginheight=0 border=0></frameset></html>\n| p/NetComm Wireless ADSL router http admin/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Easy Chat Server/([\w._-]+)\r\n| p/Easy Chat Server httpd/ v/$1/
match http m|^HTTP/1\.1 503 Service Unavailable\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Length: \d+\r\nX-Iinfo: ?[\d-]+ .NNN RT\(\d+ \d+\) q\([ 0-9-]+\) r\([ 0-9-]+\)| p/Incapsula CDN httpd/
match http m|^<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4\.01 Transitional//EN'><html><head><title>Evolis TCP/IP\r\n</title>| p/Evolis ID card printer httpd/ d/printer/
match http m|^HTTP/1\.0 200 OK\r\nServer: pilight\r\n| p/pilight home automation webGUI/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nX_Language: .*\r\nContent-Type: text/html\r\nServer: Embedthis-http\r\nLocation: https://([^/]+)/start\.html\n\r\n| p/Embedthis httpd/ i/Dell iDRAC 7/ d/remote management/ h/$1/ cpe:/h:dell:idrac7/
match http m|^HTTP/1\.[01] 30[12] Moved .*\r\nServer: Mbedthis-Appweb/([\d.]+)\r\nLocation: https://([^/]+)/start\.html\n\r\n| p/Embedthis Appweb httpd/ v/$1/ i/Dell iDRAC/ d/remote management/ h/$2/ cpe:/a:mbedthis:appweb:$1/
match http m|^HTTP/1\.[01] 30[12] Moved [^\r\n]+\r\n(?:[^\r\n]+\r\n)*?Location: https://([^/]+)/start\.html\n\r.*\nETag: [^\r\n]+ ([A-Z]+)\r\n|s p/Dell iDRAC http admin/ i/time zone: $1/ d/remote management/ h/$2/
match http m|^HTTP/1\.[01] 30[12] Moved [^\r\n]+\r\n(?:[^\r\n]+\r\n)*?Location: https://([^/]+)/start\.html\n\r\n|s p/Dell iDRAC http admin/ d/remote management/ h/$1/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nContent-Type: text/html\r\nContent-Length: 165\r\nLocation: http://oishare/DCIM\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\r\n<HTML><HEAD><TITLE>301 Moved Permanently</TITLE></HEAD>\r\n<BODY><H1>301 Moved Permanently</H1>\r\n\r\n</BODY></HTML>\r\n| p/Olympus camera httpd/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer:  \r\nCache-Control: no-cache, private\r\nPragma: no-cache\r\nExpires: .*\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\"\r\n\"http://www\.w3\.org/TR/html4/loose\.dtd\">\r\n<html>\r\n<head>\r\n<title>(NWA[\w-]+)</title>| p/ZyXEL $1 http config/ d/WAP/ cpe:/h:zyxel:$1/a
match http m|^HTTP/1\.0 404 Not Found\r\nServer: thttpd/([\w.]+)-Avtrex/([\w._-]+)\r\n| p/thttpd/ v/$1/ i/Avtrex $2/ d/media device/ cpe:/a:acme:thttpd:$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection:close\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\"\r\n\"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\r\n<html>\r\n<head>\r\n\t<title>Berryz WebShare</title>| p/Berryz WebShare/
match http m|^HTTP/1\.1 500 Internal error\r\nCache: no-cache\r\nContent-Type: text/plain\r\nContent-Length: 28\r\n\r\nCardo Updater Internal error| p/Cardo Updater/
match http m|^HTTP/1\.1 200 OK\r\nCONTENT-TYPE: text/html\r\nCONTENT-LENGTH: 260\r\n\r\n.*<H1>PRESENTATION PAGE</H1>|s p/Pioneer VSX-921, Denon DNP-720AE, or Marantz AV7005 AV receiver http config/ d/media device/
match http m|^HTTP/1\.1 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"Fhem: login required\"\r\nContent-Length: 0\r\n\r\n| p/FHEMWEB Fhem frontend/ cpe:/a:rudolf_koenig:fhem/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n<html><head><title>YouLess energy monitor</title>| p/YouLess energy monitor httpd/ d/power-device/
match http m|^HTTP/1\.1 500 Server Error\r\nContent-Length: 0\r\nServer: HBHTTP POGOMVOFFICE - ([\w._-]+) - Linux\r\nDate: .*\r\nConnection: close\r\n\r\n| p/Pogoplug Office NAS httpd/ v/$1/ d/storage-misc/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: AmazonS3\r\n\r\n404|s p/Amazon S3 httpd/
match http m|^HTTP/1\.0 404 Not Found\r\nX-Powered-By: Servlet/([\d.]+)\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<H1>SRVE0255E: A WebGroup/Virtual Host to handle / has not been defined\.</H1><BR><H3>SRVE0255E: A WebGroup/Virtual Host to handle localhost:\d+ has not been defined\.</H3><BR><I>IBM WebSphere Application Server</I>| p/IBM Tivoli Enterprise Portal/ i/Servlet $1/ cpe:/a:ibm:websphere_application_server/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nLocation: http://([\w.-]+)/index\.do\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: ThinkFree Server\r\n\r\n| p/ThinkFree Server Integrator/ h/$1/
match http m|^HTTP/1\.1 \d\d\d .*<center>nginx/([\d.]+)</center>\r?\n</body>\r?\n</html>[\r\n]+$|s p/nginx/ v/$1/ cpe:/a:igor_sysoev:nginx:$1/
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nCache-Control: no-cache\r\nX-Runtime: \d+\r\nSet-Cookie: spiceworks_session=[^;]+; path=/; HttpOnly\r\nLocation: https?://([\w.-]+):\d+/login\r\n| p/Spiceworks http admin/ h/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Clearswift\r\n| p/Clearswift Secure Web Gateway/ d/security-misc/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nETag: \"[^"]+\"\r\nLast-Modified: .*\r\nContent-Length: \d+\r\nConnection: close\r\nDate: .*\r\nServer: dcs-lig-httpd\r\n\r\n| p/lighttpd/ i/D-Link DCS IP camera/ d/webcam/ cpe:/a:lighttpd:lighttpd/a
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nExpires: .*\r\nConnection: close\r\nPragma: no-cache\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1\.0 Strict//EN' 'http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd'>\n<html xmlns='http://www\.w3\.org/1999/xhtml' xml:lang='en' lang='en'>\n<head>\n    <title>Xfinity</title>| p/Xfinity router http config/ d/broadband router/
# Panasonic TX-P55VTW60
match http m|^HTTP/1\.0 404 Not Found\r\nServer: Panasonic AVC Server/([\w._-]+)\r\nConnection: close\r\nCache-Control: no-cache,no-store\r\nContent-Length: 0\r\n\r\n| p/Panasonic AVC httpd/ v/$1/ d/media device/
match http m|^HTTP/1\.0 403 Forbidden\r\nContent-Length: 15\r\nContent-Type: text/html\r\nAccess-Control-Allow-Origin: \*\r\nAccess-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\n\r\nInvalid request| p/Amazon MP3 Downloader httpd/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: Hikvision-Webs\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://([\w.-]+):\d+/index\.[asphtm]+\r\n\r\n| p/Hikvision DVR httpd/ d/media device/ h/$1/
match http m|^HTTP/1\.1 400\r\nContent-Length: 22\r\nContent-Type: text/plain\r\n\r\nMalformed Request-Line| p/SABnzbd newsreader httpd/
match http m|^HTTP/1\.1 200 OK\r\nServer: HP_Compact_Server\r\nContent-Length: \d+\r\n-onnection: keep-alive\r\nContent-Type: text/html\r\n| p/HP LaserJet printer http admin/ d/printer/
# ntopng <= 1.1 (r7342) had an auth bypass because processing isn't terminated after redirect.
match http m|^HTTP/1\.1 302 Found\r\nSet-Cookie: session=; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT; max-age=0; HttpOnly\r\nLocation: /login\.html\r\n\r\nHTTP/1\.1 200 OK\r\nCache-Control: max-age=0, no-cache, no-store\r\nPragma: no-cache\r\nServer: ntopng ([\d.]+) \((r\d*)\)\r\n| p/ntopng http interface/ v/$1/ i/SVN $2; auth bypass/ cpe:/a:ntop:ntopng:$1/
match http m|^HTTP/1\.1 302 Found\r\nSet-Cookie: session=; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT; max-age=0; HttpOnly\r\nLocation: /login\.html\r\n\r\n$| p/ntopng http interface/ v/1.2/ cpe:/a:ntop:ntopng:1.2/
match http m|^HTTP/1\.1 302 Found\r\nSet-Cookie: session=; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT; max-age=0; HttpOnly\r\nLocation: /lua/login\.lua\?referer=/\r\n\r\n| p/ntopng http interface/ v/2.0 or later/ cpe:/a:ntop:ntopng/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\nServer: owhttpd\r\nLast-Modified: .*\r\nContent-Type: text/html\r\n\r\n| p/OWFS httpd/ cpe:/a:owfs:owhttpd/
match http m|^HTTP/1\.0 401 Unauthorized\r\nPragma: no-cache\r\nWWW-Authenticate: Digest realm=\"([^"]+)\", domain=\"/\", nonce=\"[\da-f]+\", algorithm=\"MD5\", qop=\"auth\"\r\nWWW-Authenticate: Basic realm=\"\1\"\r\nContent-Type: text/html\r\n.*<HTML>\r\n<HEAD>\r\n<TITLE>Error 401</TITLE>|s p/Tandberg videoconference httpd/ i/"$1"/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nSet-Cookie: rg_cookie_session_id=.*<!--- Page\(page_login\)=\[Login\] --->.*<TITLE>(MP\d\w+)</TITLE>|s p/Audiocodes $1 gateway http config/ d/VoIP adapter/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nConnection: close\r\n\r\n<!doctype html>\n<html>\n  <head>\n    <title>rabbit\.js and Socket\.IO publish/subscribe example</title>| p/Node.js/ i/rabbit.js messaging example page/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*?\r\nConnection: close\r\n\r\n.*<OBJECT\s+classid=\"clsid:EE479A40-C128-40DD-93DA-000556AF9607\"\r\n\t  codebase=\"CtrWeb\.cab#version=([\d,]+)\".*?<param name=\"CmdPort\" value=\"(\d+)\">\n<param name=\"StreamPort\" value=\"(\d+)\">|s p/DVRWeb viewer/ v/$SUBST(1,",",".")/ i/CmdPort $2; StreamPort $3/
match http m|^HTTP/1\.0 200 OK\r\nServer: KwikNet Web Server\r\n| p/Kadak KwikNet httpd/
match http m|^HTTP/1\.1 406 Not Acceptable\r\nContent-Type: text/html\r\nServer: MineloadHTTPD\r\n\r\nInvalid XML password\.| p/Mineload Bukkit plugin/
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nServer: cPanel\r\n| p/cPanel httpd/ i/unauthorized/
match http m|^HTTP/1\.1 200 OK\r\nPragma: no-cache\r\nCache-control: no-cache\r\nDate: .*\r\nServer: eXtensible UPnP agent\r\nAccept-Ranges: none\r\nConnection: close\r\nContent-Type: text/html\r\nEXT:\r\n\r\n.*Uptime: (\d+ days, [\d:]+).*Model: <a href=http://xupnpd\.org>xupnpd-([\w._-]+)</a>|s p/xupnpd http admin/ v/$2/ i/uptime: $1/
match http m|^HTTP/1\.1 200 OK\r\nServer: fexsrv\r\nLast-Modified: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n| p/F*EX (Frams' Fast File EXchange) server/ cpe:/a:ulli_horlacher:fex/
match http m|^HTTP/1\.0 403 Forbidden\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\nPragma: no-cache\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//en\">\r\n<html lang=\"en\">\r\n\r\n<head>\r\n    <meta LAG = \"<AG_PROXY_ID>\" >| p/Novell Access Gateway/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Type: text/html\r\n(?:X-Frame-Options: SAMEORIGIN\r\n)?Set-Cookie: wbm_cookie_session_id=[\dA-F]+; path=/; HttpOnly\r\n(?:Cache-Control: public,max-age=86400\r\nPragma: cache\r\nExpires: .*\r\n)?Date: .*\r\n(?:Last-Modified: .*\r\n)?Accept-Ranges: bytes\r\nConnection: close\r\nLocation: /main\.cgi\?page=index\.html\r\n\r\n| p/Vodafone Station http config/ d/WAP/
# Also responds to GenericLines (v6.60)
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nConnection: Close\r\nContent-Length: \d+ +\r\n\r\n.+>Dual DHCP DNS Server Version ([\w._-]+ Windows Build \d+)<|s p/Dual DHCP DNS Server http viewer/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 200 Ok\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\nRefresh: 5;url=/\r\n\r\n.*<td align=right class=title>PowerMTA&trade; ([\w._-]+)&nbsp;</td>|s p/Port25 Solutions PowerMTA http status/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: WebServer\(IPCamera_Logo\)\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nConnection: close\r\nLast-Modified: .*\r\nCache-Control: max-age=60\r\n\r\n\xef\xbb\xbf<!--\r\nProduct:ipcamera\r\nAuthor:xwpcom@gmail\.com\r\n-->| p/Maygion IPCamera http interface/ i/RTSP on same port/
# Verizon FIOS?
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Digest realm=\"IgdAuthentication\", domain=\"/\", nonce=\"\w{35}=\", qop=\"auth\", algorithm=MD5, opaque=\"5ccc09c403ebaf9f0171e9517f40e41\" \r\n\r\n| p/TL-069 remote access/
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nContent-Length: 0\r\nWWW-Authenticate: Digest realm=IgdAuthentication, domain=\"/\", qop=\"auth\", algorithm=MD5, nonce=\"\w{9}\"\r\n\r\n| p/TL-069 remote access/
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 23\r\nServer: MySQL Aggregator\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"CTA\"\r\nContent-Type: text/plain\r\n\r\nAuthorization required\n| p/MySQL Enterprise Agent Aggregator/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nCache-Control: no-cache \r\nServer: Bukkit Webby\r\nConnection: Close\r\n\r\n<script type='text/javascript'>var errorMsg = 'none';</script><!DOCTYPE html>| p/Bukkit Webby Minecraft http admin/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: /console/index\.html\r\nConnection: close\r\nDate: .* GMT\r\n\r\n$| p/JBoss Administrator/
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: max-age=0\r\nPragma: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nX-UA-Compatible: IE=Edge\r\nConnection: close\r\nSet-Cookie: web_session_id=\w+; path=/; HttpOnly; \r\n\r\n.*<title>PA Server Monitor</title>|s p/Power Admin Server Monitor http admin/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: SentinelKeysServer/([\w._-]+)\r\nMIME-Version: 1\.1\r\nContent-Type: text/html\r\n| p/SafeNet Sentinel Keys License Monitor httpd/ v/$1/ i/Java Console/ cpe:/a:safenet-inc:sentinel_keys_server:$1/
# The version numbers don't line up. Need more info or more fingerprints to figure out.
# Also, this matches 4 or 5 different services within CloudView. No further info.
match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: Close\r\nContent-Length: \d+\r\nContent-Type: .*\r\nDate: .*\r\nHost: 0\.0\.0\.0\r\nServer: NG/6\.0\.16943\r\n| p/Exalead CloudView/ v/5.1.12.31472/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\nEtag: .*\r\nServer: ngconvert/6\.0\.16943 edoc/1\.4\.36592 \(BUILD=6\.0\.16943;EDOC=1\.4\.36592;AUTOMIME=1\.03;CONFEX=0\.153;XPDFTEXTLIB=3\.02\.24\)\r\n\r\n| p/Exalead CloudView/ v/5.1.12.31472/

match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?\r\n<!-- pageok -->\n<!-- managed by puppet -->\n<html>\n<pre>pageok</pre>\n</html>\n$|s p/GoDaddy error/
match http m|^HTTP/1\.1 400 Bad Request \(5\)\r\nServer: httpd\r\nDate: .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n| p/Cisco small business router VPN/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: HTS/tvheadend\r\nCache-Control: no-cache\r\nWWW-Authenticate: Basic realm=| p/Tvheadend http config/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 400 Bad Request\r\nDate: .* ([+-]\d+)\r\nContent-Length: 0\r\nServer: com\.novell\.zenworks\.httpserver/([\w._-]+)\r\n\r\n| p/Novell ZENworks httpd/ v/$2/ i/time zone: $1/ cpe:/a:novell:zenworks:$2/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/plain\n\nTable: Links\nLocal IP\tRemote IP\tHyst\.\tLQ\tNLQ\tCost\n| p/olsrd txtinfo plugin/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nDate: .*? ([A-Z]+)\r\nExpires: .*\r\n\r\n<HTML>.*<H1>DVR (\w+) WatchDog \(([\w._-]+)\)</H1>|s p/March Networks $2 DVR http config/ i/time zone: $1/ h/$3/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Speclab WebServer/([\w._-]+) (Instinct-\d+ Release \d+)\r\n|s p/Speclab WebServer/ v/$1/ i/Goal $2/
match http m|^HTTP/1\.1 200 OK\r\nMIME-Version: 1\.0\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" {332}\n    \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\"> {332}\n<html | p/Tektronix oscilloscope http viewer/
match http m|^HTTP/1\.1 200 OK\r\ncontent-length: \d+\r\ncontent-type: text/html; charset=utf-8\r\n\r\n.*<meta content=\"SOGo Web Interface\" name=\"description\" />\n\t<meta content=\"SKYRIX Software AG/Inverse inc\.\" name=\"author\" />.*<meta content=\"([^"]+)\" name=\"build\" />|s p/SOGo groupware http interface/ i/build: $1/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close \r\nContent-Type: text/html\r\nCache-control: no-cache\r\n\r\n.*top\.location\.href=\"login_page\.html\";</script><title>Paradox IP Module</title>|s p/Paradox security system IP module httpd/ d/security-misc/
match http m|^HTTP/1\.1 200 OK\r\nServer: WIBU-SYSTEMS HTTP Server/ Version ([\w._-]+) vom \d+\.\w+\.\d+\r\n| p/Wibu CodeMeter httpd/ v/$1/ i/German/
match http m|^HTTP/1\.1 200 OK\r\nServer: WIBU-SYSTEMS HTTP Server/ Version ([\w._-]+) of \w+/\d+/\d+\r\n| p/Wibu CodeMeter httpd/ v/$1/ i/English/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length:\d+\r\nContent-Type:text/html\r\nConnection:close\r\n\r\n<html><body><h2>Mendeley Desktop</h2>| p/Mendeley Desktop httpd/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nLast-Modified: \d+/\d+/\d+ \d+:\d+:\d+ [AP]M\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>HomeWorks Illumination Web Keypad</title>| p/Lutron HomeWorks web keypad/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: \d+\r\nCache-Control: no-cache\r\n\r\nUnified Protocol version ([\d.]+)| p/Samsung CLP printer httpd/ i/Unified Protocol $1/ d/printer/
# BIND 9.5 or later
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/xml\r\n(?:[^\r\n]+\r\n)*?Server: libisc\r\n.*<statistics version=\"([\w._-]+)\">|s p/BIND stats httpd/ i/XML statistics version $1/ cpe:/a:isc:bind/
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html>.*<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\.0, maximum-scale=1\.0, minimum-scale=1\.0, user-scalable=no\"/>\r\n<html>\r\n<head>\r\n\t<meta name=\"author\" content=\"Dave Jensen\" />\r\n\t<meta name=\"keywords\" content=\"LANDesk, Remote Control\" />|s p/LANDesk html5 remote control/ cpe:/a:landesk:landesk_management_suite/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: 345\r\nConnection: close\r\nDate: .*\r\nServer: Swift1\.0\r\n\r\n| p/Samsung Swift httpd/ v/1.0/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nSERVER: HDHomeRun/([\w._-]+)\r\n.*<div class=\"S\">Model: ([\w._-]+)<br/>Device ID: [\w._-]+<br/>Firmware: ([\w._-]+)</div>|s p/Silicondust HDHomeRun set top box http config/ v/$1/ i/model: $2; firmware: $3/ d/media device/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: NSG\r\nWWW-Authenticate: Basic Realm=Security\r\n| p/Harmonic NSG QAM video delivery httpd/ d/media device/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: Httpd/1\.0\r\nDate: \w+ \w+ +\d+ \d+:\d+:\d+ \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http:///login\.asp\r\n\r\n| p/CJ HelloVision DVW-2300N router http redirector/ d/WAP/
match http m|^HTTP/1\.1 403 Forbidden\r\nServer: Avaya Push Agent Ver x\.x\r\nDate: [A-Z]+ [A-Z]+ \d\d \d\d:\d\d:\d\d \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\n| p/Avaya Push Agent/ d/VoIP phone/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: GS-Webs\r\nDate: .*\r\nLocation: http://\x07/index\.html\r\n\r\n|s p/Huacam Cyclops IP camera http config/ d/webcam/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: IP-Phone-Web\r\nDate: [A-Z]+ [A-Z]+ \d+ \d+:\d+:\d+ \d+\r\n| p|TalkSwitch/FortiVoice web manager| d/VoIP phone/
match http m|^HTTP/1\.1 502 Bad Request\r\nContent-Length: \d+\r\n\r\n<html>\r\n<body>\r\nError 502 - Bad Request<br>\r\nThe server could not resolve your request for uri: http://[\d.]+/\r\n</body>\r\n</html>| p/Blackberry phone httpd/ d/phone/
match http m|^HTTP/1\.1 403 Forbidden\r\nDate: [A-Z]+ [A-Z]+ \d\d \d\d:\d\d:\d\d \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\n<html><head><title>Document Error: Forbidden</title></head>\r\n\t\t<body><h2>Access Error: Forbidden</h2>\r\n\t\t<p>HTTP/1\.0 403 Forbidden\n</p></body></html>\r\n\r\n| p/Avaya 9670 VoIP Phone httpd/ d/VoIP phone/ cpe:/h:avaya:9670/a
match http m|^HTTP/1\.1 302 Found\r\nLocation: http://([\w._-]+)/\?cfru=aHR0c.*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n<HTML><HEAD>\r\n<TITLE>Redirect</TITLE>\r\n</HEAD>\r\n<BODY>\r\n<FONT face=\"Helvetica\">\r\n<big><strong></strong></big><BR>\r\n</FONT>\r\n<blockquote>\r\n<TABLE border=0 cellPadding=1 width=\"80%\">\r\n<TR><TD>\r\n<FONT face=\"Helvetica\">\r\n<big>Redirect \(authentication_redirect_to_virtual_host\)</big>| p/Pitney Bowes Business Manager BMDLAService/ h/$1/
match http m|^HTTP/1\.0 401 Unauthorized\r.*\nServer: phionEntegraHTTP\r\nAllow: GET, HEAD, DELETE\r\nWWW-Authenticate: Basic realm=phion Transparent Agent authentication\r\n|s p/phion Entegra SSL VPN client/
match http m|^HTTP/1\.0 404 Not Found\r\nServer: 2Wire TR-069\r\nContent-Length: 0\r\nAllow: GET\r\nWWW-Authenticate: d=\d+ +set_mask=0x[\da-f]+ +handle_evt=0x[\da-f]+.+\r\n| p/2Wire TR-069 access/
match http m|^HTTP/1\.1 302 Found\r\nX-UA-Compatible: IE=edge,chrome=1\r\nSet-Cookie: JSESSIONID=[\dA-F]+; Path=/; Secure; HttpOnly\r\nDate: .*\r\nLocation: /maintenance-login\.html\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: 0\r\nVary: Accept-Encoding\r\nConnection: close\r\nServer: NSC/([\w._-]+) \(JVM\)\r\n\r\n| p/Nexpose Security Console/ v/$1/ i/maintenance mode/ cpe:/a:rapid7:nexpose:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]+\r\n(?!\r\n))*?Server: NSC/([\w._-]+) \(JVM\)\r\n\r\n|s p/Nexpose Security Console/ v/$1/ cpe:/a:rapid7:nexpose:$1/
match http m|^HTTP/1\.1 302 Found\r\nX-Frame-Options: SAMEORIGIN\r\nX-UA-Compatible: IE=edge,chrome=1\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nLocation: https://[^/]+/login\.jsp\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: Security Console\r\n\r\n| p/Nexpose Security Console/ cpe:/a:rapid7:nexpose/
match http m|^HTTP/1\.1 404 Not Found\r\nX-Powered-By: Sinopia/([\w._-]+)\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 13\r\nVary: Accept-Encoding\r\nX-Status-Cat: http://flic\.kr/p/aV6juR\r\nDate: .*\r\nConnection: close\r\n\r\nCannot GET /\n| p/Sinopia npm proxy/ v/$1/ i/node.js/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.1 300 Multiple Choices\r\nVary: X-Auth-Token\r\nContent-Type: application/json\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n{\"versions\": {\"values\": \[{.*?\"type\": \"application/vnd\.openstack\.identity-v([\d.]+)\+| p/OpenStack Identity API/ v/$1/
match http m|^HTTP/1\.1 200 Ok\r\nServer: ZyXEL Modem\r\n.*<title>\.::Welcome to ZyXEL ([^:<]+?)::\.</title>|s p/ZyXEL $1 modem http config/ d/broadband router/ cpe:/h:zyxel:$1/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Oracle-Traffic-Director/([\w._-]+)\r\nDate: .*\r\nContent-length: \d+\r\nContent-type: text/html; charset=UTF-8\r\nX-powered-by: Servlet/([\w._-]+) JSP/([\w._-]+)\r\n| p/Oracle Traffic Director/ v/$1/ i/Servlet $2; JSP $3/ cpe:/a:oracle:jsp:$3/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Oracle-Traffic-Director/([\w._-]+)\r\n| p/Oracle Traffic Director/ v/$1/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Printopia/([\w._-]+)\r\nLocation: http://www\.ecamm\.com/mac/printopia/instructions\.html\r\nConnection: close\r\n\r\n| p/Printopia for Mac/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: httpd\r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm=\"(E\d+)\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n\n| p/Cisco Linksys $1 router config/ d/broadband router/ cpe:/h:cisco:linksys_$1/a
# Blackberry 10.2.1
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServer: \r\n\r\n<html><head><title>404 Not Found</title></head>\n<body><h1>404 Not Found</h1>\nindex\.html: <pre>This item has not been found</pre>\n| p/Blackberry Universal Device Service/ d/phone/ cpe:/a:blackberry:blackberry_universal_device_service/
match http m|^HTTP/1\.1 404 Service not found\r\nDate: .* GMT\r\nServer: ACE XML Gateway\r\nContent-Type: text/plain\r\nContent-Length: 42\r\nConnection: close\r\n\r\nNo handler was found matching the request\.| p/Cisco Application Control Engine XML Gateway/ d/load balancer/ cpe:/a:cisco:application_control_engine_software/
# Post-2.2 development version has longer content
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: 17\r\nWWW-Authenticate: Basic realm=varnish-agent\r\nDate: .*\r\n\r\nAuthorize, please$| p/Varnish Agent/ v/2.2 or older/ cpe:/a:varnish-cache:varnish_agent/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"NetAV\", nonce=\"[\da-f]{32}\", algorithm=MD5, domain=\"/netav/\", qop=\"auth\",\r\nPragma: no-cache\r\nCache-control: no-cache, no-store\r\n\r\n$| p/Sony NetAV/ d/media device/
# UUID header added in 0.5.6b
match http m|^HTTP/1\.1 400 Bad request\r\nContent-Type: text/html; charset=utf-8\r\nPragma: no-cache\r\nExpires: 0\r\nCache-Control: no-store\r\nConnection: close\r\nX-PageKite-UUID: [\da-f]{40}\r\n\r\n<html><body><h1>400 Bad request</h1><p>Invalid request, no Host: found\.</p></body></html>\n| p/PageKite localhost tunnel/ v/0.5.6b or later/
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nServer: Genetic Lifeform and Distributed Open Server ([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\nCache-Control: public, max-age=31536000\r\nContent-Length: 28\r\n\r\nAn error has occurred\. \(404\)| p/Hentai@Home P2P downloader/ v/$1/
match http m|^HTTP/1\.1 400 Bad Request \(missing Host: header\)\r\nConnection: close\r\nDate: .* ([-+]\d\d\d\d)\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n| p/Pandora FMS/ i/timezone: $1/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nContent-Type: text/plain\r\nContent-Length: 24\r\nLocation: /unsupported_browser\.htm\r\nDate: .*\r\nConnection: close\r\nServer: RStudio\r\n\r\n/unsupported_browser\.htm| p/RStudio Server/
match http m|^HTTP/1\.0 401 unknown \r\nServer: ForceLiveTransfer/([\w ]+)\r\nContent-Length: 0\r\nDate: .*\r\nWWW-Authenticate: Basic  realm=\"[^"]+\"\r\n\r\n$| p/ForceTech ForceLive Transfer/ v/$1/ d/media device/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-type: text/plain\r\nContent-length: 58\r\n\r\n400 Bad Request\n'json' or 'msgpack' parameter is required\n$| p/fluentd data collector/ v/0.10.48 or later/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: http://null/console/index\.html\r\nConnection: close\r\nDate: .*\r\n\r\n$| p/HornetQ JMS http admin/
match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nContent-Type: text/html; charset=UTF-8\r\nServer: gvs ([\d.]+)\r\n.* <title>Error 404 \(Not Found\)!!1</title>|s p/Google Video Server/ v/$1/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/plain\r\nConnection: close\r\nDate: .*\r\nServer: HPE?-iLO-Server/([\w._-]+)\r\nContent-Length: 0\r\n\r\n| p/HP Integrated Lights-Out web interface/ v/$1/ cpe:/h:hp:integrated_lights-out:$1/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/plain\r\nConnection: close\r\nDate: .*\r\nContent-Length: 0\r\n\r\n| p/HP Integrated Lights-Out web interface/ cpe:/h:hp:integrated_lights-out/
match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nServer: Brazil/([\d.]+)\r\nConnection: close\r\nContent-Length: 135\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<title>Error: 404</title>\n<body>\nGot the error: <b>Not Found</b><br>\nwhile trying to obtain <b>/</b><br>\n\n</body>\n</html>| p/Sun Labs Brazil httpd/ v/$1/ o/Android/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 403 Forbidden\r\nServer: Norman Security/([\w._-]+)\r\nContent-Type: text/html\r\nConnection: Close\r\nContent-Length: 83\r\n\r\n<html><title>Security Error</title><body><br><h2>403 - Forbidden</h2></body></html>| p/Norman Security Suite http config/ v/$1/ cpe:/a:norman:security_suite:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Tadiran MGCP Phone\"\r\nContent-Type: text/html\r\n\r\n<html>| p/Tadiran MGCP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Cosminexus HTTP Server\r\n| p/Hitachi Cosminexus httpd/ cpe:/a:hitachi:cosminexus_application_server/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Intel\(R\) Small Business Technology ([\w._-]+)\r\n|s p/Intel Small Business Technology Platform/ v/$1/ d/remote management/ cpe:/a:intel:small_business_technology_platform:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\n.*<meta name=\"DC\.Title\" content=\"WebSphere Application Server Version V([\w._-]+) Liberty Profile Welcome\" />|s p/IBM WebSphere Application Server/ v/$1/ i/Liberty Profile/ cpe:/a:ibm:websphere_application_server:$1:-:liberty_profile/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: DrWebServer/REL-1000-([\w._-]+) ([^/]+)/(\w+) Lua/([\w._-]+) OpenSSL/([\w._-]+) zlib/([\w._-]+) UNICODE/[\d.]+\r\n|s p/Dr.Web Enterprise Security Suite httpd/ v/$1/ i/arch: $3; Lua $4; OpenSSL $5; zlib $6/ o/$SUBST(2,"_"," ")/ cpe:/a:drweb:enterprise_security_suite:$1/ cpe:/a:gnu:zlib:$6/ cpe:/a:openssl:openssl:$5/ cpe:/a:puc-rio:lua:$4/
# aviosys 9060 webcam
match http m|^HTTP/1\.0 401 NG \r\nWWW-Authenticate: Basic realm=Camera Name : (.*)\r\n\r\nUnauthorized$| p/Aviosys webcam httpd/ i/camera name: $1/ d/webcam/
match http m|^HTTP/1\.1 400 Bad request\r\nContent-Length: 80\r\n\r\n<html><head><title>400 Bad request</title></head><body>Bad request</body></html>| p/Cockpit management console/ o/Linux/ cpe:/a:redhat:cockpit/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 404 Not Found\r\nServer: CPE-SERVER/([\w._-]+) Supports only GET\r\n\r\n| p/CPE Server TR-069 remote access/ v/$1/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nServer: IPCamera HTTP/ONVIF/P2P/RTSP/VOD Multi-Server\r\n| p|DB Power IP Camera HTTP/ONVIF/P2P/RTSP/VOD multi-server| d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nServer: WebServer\(ipcamera\)\r\n| p|DB Power IP Camera HTTP/ONVIF/P2P/RTSP/VOD multi-server| d/webcam/
# Amazon Fire TV
match http m|^HTTP/1\.1 \d\d\d [\w ]+ \r\nContent-Type: text/plain\r\nDate: .*\r\nConnection: keep-alive\r\nContent-Length: \d+\r\n\r\nError \d\d\d, [\w ]+\.$| p/Amazon Whisperplay DIAL REST service/ d/media device/ cpe:/a:amazon:whisperplay/
match http m|^HTTP/1\.1 403 HTTP_FORBIDDEN\r\nCache-Control: no-cache\r\nConnection: close\r\nDate: .* \d\d:\d\d:\d\d\r\n\r\n| p/Folding@Home FAHClient/ cpe:/a:stanford:fahclient/
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Digest qop=\"auth\", realm=\"rokudev\", nonce=\"1412736333\"\r\n\r\n| p/Mongoose httpd/ v/3.7/ i/Roku developer interface, firmware 5.2 or later/ cpe:/a:cesanta:mongoose:3.7/
match http m|^HTTP/1\.1 200 Ok\r\nServer: httpd\r\nDate: .* GMT\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n| p/milli_httpd/ cpe:/a:acme:milli_httpd/
# Some misconfiguration perhaps?
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/plain\r\nDate: .* GMT\r\nConnection: close\r\n\r\nNot implemented$| p/Node.js/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/html; charset=utf-8\r\nCache-Control: no-cache\r\nWWW-Authenticate: Digest realm=\"Tixati Web Interface\", qop=\"auth\", nonce=\"[0-9a-f]{32}\", opaque=\"[0-9a-f]{32}\"\r\n\r\n| p/Tixati bittorrent client Web interface/ cpe:/a:tixati:tixati/
match http m|^HTTP/1\.1 401 Not Authorized\r\nWWW-Authenticate: Basic realm=\"Vuze(?: - Vuze Web Remote)?\"\r\nContent-Length: 15\r\n\r\nAccess Denied\r\n| p/Vuze remote http admin/ cpe:/a:azureus:vuze/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .* GMT\r\nContent-Length: 1164\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n| p/Oracle WebLogic admin httpd/ cpe:/a:oracle:weblogic_server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: Keep-Alive\r\nServer: \r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">\r\n<!-- this page must have 520 bytes or more, ie is a wonderfull program -->| p/Siemens Gigaset C610 VoIP Phone http admin/ d/VoIP phone/ cpe:/h:siemens:gigaset_c610/a
match http m=^HTTP/1\.1 400 Bad Request\r\nS(?:ERVER|erver): HDHomeRun/([\w._-]+)\r\n= p/SiliconDust HDHomeRun set top box http admin/ v/$1/ d/media device/ cpe:/h:silicondust:hdhomerun/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: HDHomeRun/([\d.]+)\r\nConnection: close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n| p/SiliconDust HDHomeRun set top box streaming httpd/ v/$1/ d/media device/ cpe:/h:silicondust:hdhomerun/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nContent-type: text/html\r\nContent-Length: 97\r\nWWW-Authenticate: Digest qop=\"auth\", stale=false, algorithm=MD5, realm=\"(ECOR[\w_-]+)\", nonce=\"\d+\"\r\nConnection: keep-alive\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY><H1>401 Unauthorized</H1></BODY></HTML>\n| p/EverFocus $1 DVR http viewer/ d/media device/ cpe:/h:everfocus:$1/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Raumfeld Renderer\r\nConnection: close\r\nContent-Type: audio/x-flac\r\n| p/Raumfeld Connector audio streaming httpd/ d/media device/ cpe:/h:teufel:raumfeld_connector/
match http m|^HTTP/1\.1 200 OK\r\nServer: Linux, WEBACCESS/([\w._-]+), (DIR-\w+) Ver ([\w._-]+)\r\n| p/D-Link SharePort web access/ v/$1/ i/model $2, version $3/ d/storage-misc/ o/Linux/ cpe:/a:d-link:shareport_web_access:$1/ cpe:/h:d-link:$2/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nContent-Length: 0\r\n\r\n$| p/T-Home Telekom Media Receiver httpd/ d/media device/
match http m%^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html; charset=\"utf-8\"\r\nServer: Linux/((2\.[46]\.\d+|\d\.\d+)\S*) DoaHTTP\r\nContent-Length: 0\r\nDate: .* GMT\r\n\r\n$% p/com.sec.android.app.FileTransferServer/ i/Linux $1/ o/Android/ cpe:/o:google:android/ cpe:/o:linux:linux_kernel:$2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: WebIOPi/([\w._-]+)/Python(\d[\w._-]*)\r\n| p/WebIOPi IoT framework/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/ cpe:/a:trouch:webiopi:$1/
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<html><head><title></title>\n.*\n<script language=\"javascript\">\nvar lanIP=\"[\d.]+\";\nvar wanIP=\"([\d.]+)\";|s p/EnGenius ESR600 router http admin/ i/WAN IP: $1/ cpe:/h:engenius:esr600/a
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nContent-length: \d+\r\nContent-type: text/html\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE></TITLE>\r\n<script id=\"clientEventHandlersJS\" type=\"text/javascript\">| p/LG Ericsson iPECS telephone system web interface/ d/telecom-misc/
match http m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nContent-Length: 63\r\n\r\n<html><body><h2>Error: 501 / Not Implemented</h2></body></html>| p/WibuKey license server/ cpe:/a:wibu:wibukey/
match http m|^HTTP/1\.1 401 Unauthorized\r\nCache-Control: private\r\nExpires: .* (\w+)\r\nX-Frame-Options: SAMEORIGIN\r\nSet-Cookie: JSESSIONID_\d+=[0-9A-F]{32}; Path=/; Secure; HttpOnly\r\nWWW-Authenticate: Basic realm=\"IBM UrbanCode Deploy\"\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: \d+\r\nVary: Accept-Encoding\r\nDate: .*\r\nConnection: close\r\nServer: SERVER\r\n\r\n| p/IBM UrbanCode Deploy/ i/time zone: $1/ cpe:/a:ibm:urbancode_deploy/
match http m|^HTTP/1\.0 501 Not Implemented\r\n$| p/Liaison Exchange Commerce Suite/ cpe:/a:liaison:exchange_cs/
match http m|^HTTP/1\.1 200 OK\r\nServer: ThreadedServers\.Pacserve/([\w._-]+)\r\n| p/Pacserve package server for Arch Linux/ v/$1/ cpe:/a:xyne:pacserve:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Intel\(R\) Standard Manageability ([\w._-]+)\r\n\r\n|s p/Intel AMT WebUI/ v/$1/ i/Standard Manageability/ cpe:/a:intel:active_management_technology:$1/
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: Keep-Alive\r\nWWW-Authenticate: Basic realm=\"HuaweiHomeGateway\"\r\nContent-Length: 0\r\n\r\n| p/Huawei TR-069 remote access/ d/broadband router/
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: Keep-Alive\r\nWWW-Authenticate: Digest realm=\"HuaweiHomeGateway\",nonce=\"[\da-f]{32}\", qop=\"auth\", algorithm=\"MD5\"\r\nContent-Length: 0\r\n\r\n| p/Huawei TR-069 remote access/ d/broadband router/
match http m|^HTTP/1\.1 401\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nExpires: Thu, 01 Dec 1990 12:00:00 GMT\r\n\r\n<html><head><title>License Server ([\d.]+)</title></head><body><a href=\"/getstatus\">Get status of the server</a></body></html>| p/V-Ray License Server/ v/$1/ cpe:/a:chaosgroup:vray_license_server:$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Hikvision-Webs\r\nDate: [\w: ]{19} \d\d\d\d\r\n| p/Hikvision camera httpd/ d/webcam/
match http m|^HTTP/1\.1 403 Forbidden\r\nConnection: Keep-Alive\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=iso-8859-1\r\nDate: .*\r\nKeep-Alive: timeout=15; max=19\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>403 Forbidden</TITLE>\r\n</HEAD><BODY>\r\n<H1>Forbidden</H1>\r\nYou don't have permission to access /\r\non this server\.<P>\r\n<HR>\r\n<ADDRESS>HTTP Server at [\w.-]+ Port \d+</ADDRESS>\r\n</BODY></HTML>\r\n| p/SoftEther VPN httpd/ cpe:/a:university_of_tsukuba:softether_vpn/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type:text/html; charset=UTF-8\r\nContent-Length:97\r\n\r\n<html><head><title>403 Access Denied</title></head><body><h1>403 Access Denied</h1></body></html>| p/Spotify/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: index\.htm\r\nServer: Httpd \r\nConnection: Close\r\nDate: .*\r\n\r\n| p/HP MSM Controller or 1920-series switch httpd/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nETag: \"[0-9a-f_]+\"\r\nAccept-Ranges: bytes\r\nContent-Length: 131\r\nConnection: close\r\nContent-Type: text/html\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n<html><script type=\"text/javascript\">\nif \(window!=top\) top\.location=window\.location;top\.location=\"/remote/login\";\n</script></html>\n| p/Fortinet SSL VPN/ d/security-misc/
# Netasq/Stormshield
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nConnection: Close\r\nLocation: /auth/\r\nCache-Control: no-store,no-cache,must-revalidate\r\nPragma: no-cache\r\nExpires: -1\r\nLast-Modified: Mon, 12 Jan 2000 13:42:42 GMT\r\nContent-Type: text/html\r\n\r\n| p/Stormshield firewall admin httpd/ d/firewall/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a
# Despite the 1.4 server header, this can be anything from 1.4 to 2.0:
match http m|^HTTP/1\.1 200 OK\r\nETag: W/\"\d\d\d\d-\d+\"\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nDate: .*\r\nServer: Sun-Java-System/Web-Services-Pack-1\.4\r\nConnection: close\r\n\r\n<html>\n<head>\n<title>Java Web Services Developer Pack ([\d.]+)</title>| p/Java Web Services Developer Pack/ v/$1/ cpe:/a:sun:jwsdp:$1/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nHTTP/1\.0 400 Bad Request\r\n| p/Huawei S5700-series switch httpd/ d/switch/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: switch\r\nDate: [a-z,0-9: ]+ GMT\r\nContent-Length: \d\d?\r\nConnection: Close\r\n\r\n| p/Huawei S5700-series switch httpd/ d/switch/
match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: alphapd\r\nDate: .* \d\d\d\d\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"(TV-IP\w+)\"\r\n\r\n| p/alphapd httpd/ i/TrendNet $1 IP camera/ d/webcam/ cpe:/h:trendnet:$1/
match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: alphapd\r\nDate: .* \d\d\d\d\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"(DCS-\w+)\"\r\n\r\n| p/alphapd httpd/ i/D-Link $1 IP camera/ d/webcam/ cpe:/h:d-link:$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: Web Server\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n\n   <!DOCTYPE HTML PUBLIC| p/Dell N2000-series switch http admin/ d/switch/
match http m|^HTTP/1\.1 302 Object moved\r\nLocation: https://:443/index\.htm\r\nContent-length: 0\r\nConnection: close\r\n\r\n| p/ATEN CN8000 KVM http admin/ cpe:/h:aten:cn8000/
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nContent-length: \d\d\d\d\r\nConnection: close\r\nContent-type: text/html\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">| p/ATEN CN8000 KVM http admin/ cpe:/h:aten:cn8000/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n\n<!DOCTYPE html>\n<html>\n  <head>\n    <script language=\"JavaScript\">\n      var a = navigator\.userAgent\x7c\x7cnavigator\.vendor\x7c\x7cwindow\.opera;\n      if\(/android\x7cavantgo\x7cblackberry\x7cblazer\x7ccompal\x7celaine| p/Open Lighting Architecture daemon/ cpe:/a:open_lighting_project:ola/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\nLast-Modified: .*\r\nContent-length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\">\n<html>\n<head>\n    <title>Aastra IP Phone Webconfiguration</title>| p/Aastra IP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control: max-age=600\r\n\r\n<!DOCTYPE html>.*<link rel=\"stylesheet\" title=\"default\" href=\"style/mtu(\w+)\.css\"|s p/The Energy Detective MTU$1 http admin/ d/power-device/ cpe:/h:the_energy_detective:mtu$1/
match http m|^HTTP/1\.1 401 Authorization Required\r\nDate: .*\r\nServer: \r\nExpires: 0\r\nSet-Cookie: SESSION=; path=/;\r\nExpires: 0\r\nVary: Accept-Encoding\r\nContent-Length: \d\d\d\d\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\n<link rel=\"shortcut icon\" href=\"/images/favicon\.ico\" type=\"image/x-icon\"/>\n<title>Login</title>| p/ArubaOS WebUI http admin/ o/ArubaOS/ cpe:/o:arubanetworks:arubaos/
# Viewer for a rtmp stream, no other info.
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: akstreamer/([\d.]+)\r\nDate: .* GMT\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n| p/akstreamer httpd/ v/$1/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .* GMT\r\nServer: \r\nContent-length: 0\r\nConnection: close\r\nLocation: http://[\w.-]+:80/login\.lp\r\nSet-Cookie: xAuth_SESSION_ID=[\w/+]+=; path=/; \r\nCache-control: no-cache=\"set-cookie\"\r\n\r\n$| p/Technicolor DSL modem http admin/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nServer: WebServer\r\nDate: .*\r\n\r\n<html>\n\t<head>\n\t\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n\t\t<title>D-LINK SYSTEMS, INC\. \x7c Web File Access : Login</title>| p/D-Link SharePort Web File Access/ d/storage-misc/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=-1\r\nAccept-Ranges: bytes\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE html><html><head><title>D-LINK \x7c SharePort Web Access</title>| p/D-Link SharePort Web File Access/ d/storage-misc/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 35\r\nConnection: close\r\n\r\nError 404: Not Found\nFile not found$| p/Nvidia Streamer Service/ o/Windows/ cpe:/a:nvidia:nvidia_streamer_service/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 500 Internal Server Error\r\nContent-Type: text/plain\r\nContent-Length: \d+\r\n.* at [\w._]+ (?:\[as [\w._]+\] )?\(([^:)]*/nodejs/)node_modules/[^:)]+\.js:\d+:\d+\)\n|s p/node.js/ i/installation path: $1/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: CloudHub HTTP Server v([\w._-]+)\r\nDate: .* GMT 00:00\r\n| p/CloudHub iPaaS httpd/ v/$1/ cpe:/a:mulesoft:cloudhub:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\nLast-Modified: .*\r\nServer: atvise\r\n| p/Certec atvise SCADA control httpd/ cpe:/a:atvise:webmi2ads/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: /ui/\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<a href=\"/ui/\">Moved Permanently</a>\.\n\n| p/HashiCorp Consul service discovery httpd/ cpe:/a:hashicorp:consul/
match http m|^HTTP/1\.0 200 OK\nServer: Emacs/([\w._-]+)\nDate: .*\n\nedit-server is running\.\n| p/Emacs text editor/ v/$1/ i/Edit with Emacs extension/ cpe:/a:gnu:emacs:$1/
# Fallback from HTTPOptions, RTSPRequest, and SIPOptions
match http m|^HTTP/1\.[01] 406 Not Acceptable\r\nContent-Length: 51\r\nContent-Type: text/html; charset=utf-8\r\nDate: .* GMT\r\n\r\n<html><body>HTTP Method not supported</body></html>$| p/Greenbone Security Assistant/ cpe:/a:greenbone:security_assistant/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html;\r\nTransfer-Encoding: chunked\r\nCache-Control: no-store\r\nConnection: close\r\n\r\ndb\r\n<html><head><title>Success</title></head><body><form name=\"REDIRECTFORM\" method=\"get\" action=http://ezshare\.card/publicdir/welcome\.htm></form><script language='javascript'>REDIRECTFORM\.submit\(\);</script></body></html>\r\n\r\n0\r\n\r\n| p/ez Share Wi-Fi SD card/ d/storage-misc/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nConnection: Close\r\nDate: .* GMT\r\nContent-Type: text/html\r\nLocation: http://null/storage/emulated/0\r\nContent-Length: 103\r\n\r\nYou are being redirected to <a href=\"http://null/storage/emulated/0\">http://null/storage/emulated/0</a>\r\n| p/smarterDroid WiFi File Transfer/ d/phone/ o/Android/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: Close\r\nDate: .*\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">\r\n<html>\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\r\n<title> - ([^<]+?) - WiFi File Transfer</title>| p/smarterDroid WiFi File Transfer/ i/$1/ d/phone/ o/Android/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: Close\r\nDate: .*\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">\r\n<html>\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\r\n<title> - ([^<]+?) - WiFi File Transfer Pro</title>| p/smarterDroid WiFi File Transfer Pro/ i/$1/ d/phone/ o/Android/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 404 Not Found\r\n.*<h2>Sinatra doesn&rsquo;t know this ditty\.</h2>\n  <img src='http://[^/]+/__sinatra__/404\.png'>|s p/Sinatra web framework/ cpe:/a:bmizerany:sinatra/
match http m|^HTTP/1\.1 200 OK\r\nDate: [A-Z][a-z]{2}, 1 [A-Z]{3} 2015 18:6:13 GMT\r\nServer: Plex\r\nKeep-Alive: timeout=60\r\nContent-Length: 692\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\n\r\n<html>\n<head>\n<title>Plex</title>\n</head>\n<body>\n<h1>/</h1>\n<tt><pre>| p/Plex for Roku/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Unknown\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\n\r\n\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\"\n\"http://www\.w3\.org/TR/html4/loose\.dtd\">\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n<title>LifeSize&reg;</title>| p/LifeSize teleconferencing config httpd/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nCache-control: max-age=300\r\nServer: Ubicom/([\d.]+)\r\nContent-Length: \d+\r\n\r\n<!-- saved from url=\(0022\)http://internet\.e-mail -->\n<html>\n\t<head>\n\t\t<title>Veo Observer Web Client</title>| p/Ubicom embedded httpd/ v/$1/ i/Veo Observer webcam/ d/webcam/ cpe:/h:veo:observer/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: 59\r\nContent-Type: text/plain\r\n\r\nIf you see this page, Seafile HTTP syncing component works\.| p/Seafile HTTP syncing component/ cpe:/a:seafile:seafile/
match http m|^HTTP/1\.1 200 OK\r\nDate: Wed, 17 Jan 2007 22:21:12 GMT\r\nServer: Smeagol/([\w._-]+)\r\nAccept-Ranges: bytes\r\nConnection: Close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<title>Blue's IP Buffer Front Page</title>| p/Smeagol httpd/ v/$1/ i/Telcen Blue's IP Buffer/ d/telecom-misc/
# For fallback (same device as above):
match http m|^HTTP/1\.1 501 Not Implemented\r\nFoo: /usr/www/errors/501\.html\r\nConnection: Close\r\nContent-Type: text/plain\r\n\r\n501 Not Implemented\r\n\r\nThe requested method isn't implemented\.\r\n| p/Smeagol httpd/
match http m|^HTTP/1\.[01] \d\d\d [^\r\n]+\r\nServer: HTTP server\r\nDate: [^\r\n]+ \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n.*</html>\r\n\r\n<head>|s p/Dell 1355cnw MFC config httpd/ d/printer/ cpe:/h:dell:1355cnw/
match http m|^HTTP/1\.[01] \d\d\d .+\r\nDate: .+\r\nServer: Netgem/1\.0 \([Hh][Tt][Tt][Pp]server\)\r\n| p/Netgem netbox set-top box config httpd/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\nDate: [^\r\n]+ ([A-Z]+) \d\d\d\d\r\nServer: User Agent Web Server\r\n.*<title>STB WebServer</title>|s p/Cisco ODN set-top box httpd/ i/time zone: $1/ d/media device/
match http m|^HTTP/1\.1 302 Movtmp\r\nContent-Type: text/html\r\nLocation: https://[\d.]+:443/\r\nConnection: close\r\nUpgrade: TLS/([\d.]+)\r\n\r\n| p/Kyocera TASKalfa printer httpd/ i/redirect to HTTPS, TLS $1/ d/printer/
match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nServer: TSEWS\r\nContent-Length: \d+\r\nDate: .*\r\nExpires: .*\r\n| p/Technisat Embedded Web Server/ d/media device/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\nLast-Modified: .*\r\nContent-length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\">\n<html>\n<head>\n    <title>Aastra IP Phone Configurator</title>\n    <link rel=\"stylesheet\" href=\"/aamadeus\.css\" type=\"text/css\">| p/Aastra IP Phone config httpd/ d/VoIP phone/
match http m|^HTTP/1\.1 404 Not Found\r\ncontent-type: text/html\r\ncontent-length: \d+\r\nserver: PyCharm ([\w._-]+)\r\ndate: | p/PyCharm/ v/$1/ cpe:/a:jetbrains:pycharm:$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Encoding: \r\nContent-Length: \d+\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\" dir=\"ltr\">\n<head>\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8\" />\n    <title>[^<]*qBittorrent| p/qBittorrent Web UI/ cpe:/a:qbittorrent:qbittorrent/
match http m|^HTTP/1\.0 404 Not Found\r\nServer: Cowboy\r\nDate: [^\r\n]+\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\n.*<title>Heroku \x7c No such app</title>|s p/Cowboy httpd/ i/Heroku/ cpe:/a:ninenines:cowboy/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=iso-8859-1\r\nCache-control: no-cache\r\nContent-Length: \d+\r\n\r\n<html>\r\n<head>\r\n<meta HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset==iso-8859-1\">\r\n<title>ARCHTTP Configuration</title>| p/Areca RAID Controller HTTP configuration tool/
match http m|^HTTP/1\.1 200 OK\nServer: axhttpd/([\w._-]+)\nContent-Type: text/html\nContent-Length: \d+\nDate: .*\nLast-Modified: .*\n\n| p/axTLS axhttpd/ v/$1/ cpe:/a:cameron_rich:axtls:$1/
match http m|^HTTP/1\.1 200 OK\r\nAccess-Control-Allow-Methods: GET, POST, HEAD, OPTIONS\r\nAllow: GET, POST, HEAD, OPTIONS\r\nContent-Length: 0\r\nServer: PhpStorm ([\w._-]+)\r\nDate: | p/PhpStorm IDE httpd/ v/$1/ cpe:/a:jetbrains:phpstorm:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nSet-Cookie: DLILPC=\"\"; Version=1; Max-Age=0; Path=/\r\n\r\n.*<title>Power Controller </title>\n \n<script language=\"javascript\" src=\"/md5\.js\"></script>|s p/Digital Loggers Web Power Switch II http config/ d/power-device/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache[- ]Control: .*\r\nExpires: .*\r\nPragma: no-cache\r\nSet-Cookie: DLILPC=""; Version=1; Max-Age=0; Path=/\r\n\r\n<html>\n<head>\n<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">\n \n<title>Power Controller </title>| p/Digital Loggers Web Power Switch/ d/power-misc/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Fast Wireless (?:\w+ )?Router (FW\w+)\"\r\nContent-Type: text/html\r\n\r\n<!--Web Server Error Report:<HR>| p/Fast WAP admin httpd/ i/model: $1/ d/WAP/ cpe:/h:fast:$1/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<!DOCTYPE html>\n<html ng-app=\"ts3soundboard-bot\" ng-controller=\"base\">| p/TS3 Soundboard-Plugin/ cpe:/a:michael_friese:ts3sb/
# ePO 5.0.0.2620 missing X-FRAME-OPTIONS
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n(?:X-FRAME-OPTIONS: SAMEORIGIN\r\n)?Content-Disposition: \r\n\r\n<!DOCTYPE html>\r\n<html>\r\n<head>\r\n<script src=\"js/AgentLog\.js\">| p/McAfee ePolicy Orchestrator Agent Activity Log httpd/ cpe:/a:mcafee:epolicy_orchestrator_agent/
# Fallback
match http m|^HTTP/1\.1 405 Method Not Allowed\r\nConnection: close\r\nContent-Type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n12\r\nMethod Not Allowed\r\n0\r\n\r\n| p/OpenWrt uHTTPd/ d/WAP/ o/Linux/ cpe:/a:openwrt:uhttpd/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: \d+\r\nCache-Control: max-age=0, no-store, no-cache\r\nx-enc: Ext1, Basic\r\nServer: Samsung ([\w ]+) Series, sn=([\dA-Z]+)\r\n\r\n| p/Samsung SyncThru Web Service/ i/$1 series; SN: $2/ d/printer/ cpe:/a:samsung:syncthru_web_service/
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nExpires: .*\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-store, no-cache, must-revalidate\r\nContent-Length: \d+\r\n\r\n<html>\n\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n<script>product=\"HOTBOX\"| p/Hot Hotbox router admin httpd/ d/broadband router/ cpe:/h:hot:hotbox/
match http m|^HTTP/1\.1 500 Internal Server Error\r\nContent-Type: text/plain\r\nContent-Length: 56\r\nDate: .*\r\nConnection: close\r\n\r\nTypeError: Object #<ServerResponse> has no method 'send'| p/Tizen Multiscreen SDK httpd/ d/media device/
match http m|^HTTP/1\.1 401 Authentication Required\r\nWWW-Authenticate: Basic realm=\"([\d.]+)\"\r\nRefresh: 0;URL=\"/ui/logout\.htm\"\r\nServer: Blue-Coat-CacheFlow-Appliance\r\nCache-Control: no-store\r\nSet-Cookie: BCSI_MC=| p/Blue Coat CacheFlow appliance web ui/ i/IP $1/
match http m|^HTTP/1\.1 303 See Other\r\nDate: .*\r\nSet-Cookie: JSESSIONID=[^;]+;Path=/\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nLocation: http://[^:/]+:9000/sessions/new\r\nContent-Length: 0\r\n\r\n| p/Mode Analytics Connector httpd/
# node.js?
match http m|^HTTP/1\.1 200 OK\r\nX-Powered-By: NodeBB\r\nX-Frame-Options: SAMEORIGIN\r\n| p/NodeBB web forum/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\"><html><head><meta http-equiv=content-type content=\"text/html;charset=utf-8\"><title>TSD</title>\n| p/OpenTSDB TSD/ i/http response on TSD port/ cpe:/a:opentsdb:opentsdb/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nExpires: .*\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html>\n  <head>\n    <title>Kodi</title>\n| p/libmicrohttpd/ i/Kodi OSMC web control/ cpe:/a:gnu:libmicrohttpd/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nCache-Control: private, max-age=0, no-cache\r\nAccept-Ranges: bytes\r\nDate: .*\r\n\r\n<!DOCTYPE html>\r?\n<html>\r?\n  <head>\r?\n    <title>Kodi</title>| p/libmicrohttpd/ i/Kodi OSMC web control/ cpe:/a:gnu:libmicrohttpd/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nExpires: .*\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n  <head>\n    <meta charset=\"utf-8\">\n    <title>Chorus\.</title>| p|Chorus Web UI for XBMC/Kodi| cpe:/a:jeremy_graham:chorus/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nCache-Control: private, max-age=0, no-cache\r\nAccept-Ranges: bytes\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang="en">\n  <head>\n    <meta charset="utf-8">\n    <title>Chorus\.</title>| i|Chorus Web UI for XBMC/Kodi| cpe:/a:jeremy_graham:chorus/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nCache-Control: private, max-age=0, no-cache\r\nAccept-Ranges: bytes\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang="en">\n    <head>\n        <meta charset="utf-8">\n        <title>Chorus 2 - Kodi web interface</title>| v/2/ i|Chorus Web UI for XBMC/Kodi| cpe:/a:jeremy_graham:chorus:2/
match http m|^HTTP/1\.1 200 Ok\r\nDate: .* GMT\r\nContent-Type: text/html\r\nSet-Cookie: WASID=[\da-f]{16}; path=/\r\nSet-Cookie: WAAK=[\da-f]{32}; path=/; secure\r\nConnection: close\r\n\r\n| p/Stonesoft StoneGate SSL VPN/ cpe:/a:stonesoft:stonegate/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nServer: Goliath\r\n| p/Goliath httpd/ cpe:/a:postrank:goliath/
match http m|^HTTP/1\.1 200 OK\r\nConnection: Close\r\nDate: .*\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN" "http://www\.w3\.org/TR/html4/loose\.dtd">\r\n<html>\r\n<head>\r\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8">\r\n<title> - ([^<]*?) - WiFi File Transfer</title>| p/SmarterDroid WiFi File Transfer/ i/device: $1/ o/Android/ cpe:/a:smarterdroid:wifi_file_transfer/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 404 Not Found\r\nDate: (.*)\r\nContent-Length: 0\r\nExpires: \1\r\nCache-Control: no-cache\r\n(?:Access-Control-Allow-Origin: \*\r\n)?Connection: close\r\n\r\n$| p/aria2 downloader JSON-RPC/ cpe:/a:tatsuhiro_tsujikawa:aria2/
# TP-LINK TD-W9980 N600
match http m|^HTTP/1\.1 404 Not Found\r\nDate: [\w: ]+ \d\d\d\d\r\nServer: tr069 http server\r\nContent-Length: 15\r\nConnection: close\r\nContent-Type: text/plain; charset=ISO-8859-1\r\n\r\nFile not found\n| p/TP-LINK TR-069 remote access/ d/broadband router/
match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nServer: DTV HMC-Lite Server\r\nConnection: close\r\nContent-Type: text/plain\r\nDate: .*\r\nContent-Length: 38\r\n\r\nInvalid http version 1\.0, requires 1\.1| p/DirecTV HMC-Lite/ d/media device/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=login\r\nX-Backside-Transport: FAIL FAIL\r\nConnection: close\r\n\r\n\n\t\t\n\{"ClaimNotificationAddRs":\{\n    "RqUID":"",\n      "TransactionResponseDt":"",\n      "MsgStatusCd":0,\n      "MsgStatusDesc":"Failure",\n      "MsgErrorCd":"401",\n      "MsgErrorDesc":"Authentication Failure"\n\}\}\n\n\t| p/IBM WebSphere Appliance Management Center web user interface/ cpe:/a:ibm:websphere_appliance_management_center/
match http m|^HTTP/1\.1 200 (?:OK)?\r\nServer: Dump1090\r\nContent-Type: text/html;charset=utf-8\r\nConnection: close\r\nContent-Length: \d+\r\nCache-Control: no-cache, must-revalidate\r\nExpires: Sat, 26 Jul 1997 05:00:00 GMT\r\n\r\n| p/Dump1090 (MalcomRobb fork) http interface/ cpe:/a:malcomrobb:dump1090/
match http m|^HTTP/1\.1 200 OK\r\nServer: Dump1090\r\nContent-Type: text/html;charset=utf-8\r\nConnection: close\r\nContent-Length: \d+\r\n| p/Dump1090 http interface/ cpe:/a:antirez:dump1090/
match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\nCONTENT-LENGTH: \d+\r\nCONTENT-TYPE: text/html\r\n\r\n\xef\xbb\xbf<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\r\n<html> \r\n<head>\r\n<title>CPPLUS DVR \xe2\x80\x93Web View</title>\r\n| p/CP Plus DVR http interface/ d/media device/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nServer: WASABI/1\.1\r\nContent-Length: 73\r\n\r\n<html><title>401 Unauthorized</title><body>401 Unauthorized</body></html>| p/Equitrac Office EQCASService.exe/ cpe:/a:equitrac:office/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 31\r\nConnection: Close\r\n\r\nfastviewer Webconference Server| p/Fastviewer Web Conference Server/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nExpires: Sat, 01 Jan 2000 00:00:00 GMT\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3\.2 Final//EN">\r\n<HTML>\r\n<HEAD><TITLE>(ZBR\d+) - [^<]+</TITLE><meta http-equiv="Pragma" content="no-cache"><meta http-equiv="Expires" content="0"></HEAD>\r\n<BODY><CENTER>\r\n<IMG SRC="logo\.png" ALT="\[Logo\]">\r\n<H1>Zebra Technologies<BR>\r\n((?:FDX )?([^<(]+)(?: \([EZ]PL\)))?</H1>\r\n| p/Zebra $2 printer http config/ i/SN: $1/ d/printer/ cpe:/h:zebra:$3/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: Keep-Alive\r\nContent-Length: 0\r\nContent-Type: text/html\r\n\r\n$| p/Pebble Time developer connection/ cpe:/a:pebble:pebble_time/
#7.4.1
match http m|^HTTP/1\.1 403 Forbidden\r\nDate: .*\r\nServer: Gateway\r\nConnection: close\r\nX-CorrelationID: Id-[a-f0-9]{24} 0\r\nContent-Type: text/html\r\n\r\nAccess Denied| p/Axway API Gateway/ cpe:/a:axway:api_gateway/
match http m|^HTTP/1\.1 403 Forbidden\.\r\nContent-Type: application/json; charset=UTF-8\r\nDate: .*\r\nAccess-Control-Allow-Origin: \*\r\nConnection: close\r\nContent-Length: 90\r\n\r\n\{"status": \{\n  "code": 403,\n  "commandResult": 1,\n  "msg": "Forbidden\.",\n  "query": "/"\n\}\}| p/DirecTV Set-top Box HTTP Exported Functionality (SHEF)/ d/media device/
match http m|^HTTP/1\.0 200 OK\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN" "http://www\.w3\.org/TR/html4/loose\.dtd">\r\n<html><head>\r\n<meta http-equiv="content-type"content="no-cache, text/html">\r\n<title>&micro;BlueBOLT - Menu</title>.*?<font color=#eaaf0f style=font-size:30px>\r\nBlueBOLT-CV1\r\n.*?<th align=right>Serial number:</th>\r\n<th align=left><input name=r value="([\d-]+)" disabled></th>\r\n</tr>\r\n<tr>\r\n<th align=right>IP Card Software Version:</th>\r\n<th align=left><input name=r value="V([\d.]+)" disabled>|s p/BlueBOLT-CV1 network interface card/ v/$2/ i/SN: $1/ d/power-device/ cpe:/h:panamax:bluebolt-cv1/
match http m|^X-Content-Type-Options: no-sniff\r\nCache-Control: no-cache, no-store, must-revalidate\r\nHTTP/1\.1 \d\d\d .*\r\n(?:X-Content-Type-Options: no-sniff\r\nCache-Control: no-cache, no-store, must-revalidate\r\n)?Server: gSOAP/([\d.]+)\r\nContent-Length: 0\r\nConnection: close\r\n\r\n| p/gSOAP/ v/$1/ i/HP MFP printer/ d/printer/ cpe:/a:genivia:gsoap:$1/
match http m|^HTTP/1\.1 302 Found\r\nServer: NetQCheck\r\nLocation: /myspeed/.*\r\nContent-type: text/html\r\nContent-length: \d+\r\n\r\n| p/Visualware NetQCheck httpd/ cpe:/a:visualware:netqcheck/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: Close\r\nAccess-Control-Allow-Origin: \*\r\nServer: Gigablast/1\.0\r\nDate: .*\r\nLast-Modified: .*\r\n\r\n| p/Gigablast search engine httpd/ cpe:/a:gigablast:open-source-search-engine/
match http m|^HTTP/1\.0 200 OK\r\nServer: Web Switch\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<script language=JavaScript><!--\nvar g_Lan=\d+;\nvar stitle = "([^"]+)";| p/TP-LINK $1 switch httpd/ d/switch/ cpe:/h:tp-link:$1/a
match http m|^HTTP/1\.0 200 OK\r\nServer: Web Switch\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<script language=JavaScript><!--\nvar g_Lan=1;\nvar logonInfo = new Array\(\n0,0,0 \);\nvar g_year = \d+;\n--></script>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n<HTML>\r\n\t<HEAD>\r\n\t\t<meta http-equiv=\"pragma\" content=\"no-cache\">\r\n\t\t<meta http-equiv=\"expires\" content=\"wed, 26 Feb 1997 08:21:57 GMT\">| p/TP-Link TL-SG3210 switch admin httpd/ d/switch/ cpe:/h:tp-link:tl-sg3210/
match http m|^HTTP/1\.0 200 OK\r\nServer: Web Switch\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<script language=JavaScript><!--\nvar g_ver = '\d+';\nvar g_Lan='(..)';| p/TP-LINK switch httpd/ i/lang: $1/ d/switch/
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nCache-Control: no-cache\r\nX-Runtime: \d+\r\nSet-Cookie: spiceworks_session=[^;]+; path=/; HttpOnly\r\nLocation: http://([^/]+)/portal\r\n| p/Spiceworks Help Desk/ h/$1/ cpe:/a:spiceworks:spiceworks_help_desk/
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: BASIC realm="(DPR?-\d[^)]+)"\r\n\r\nPassword Error\.| p/D-Link $1 print server httpd/ d/print server/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nExpires: Thu, 3 Oct 1968 12:00:00 GMT\r\nPragma: no-cache\r\nCache-Control: no-cache, must-revalidate\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n| p/Cisco Docsis cable modem http admin/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nSet-Cookie: SiteName64=[^;]+; Expires=Sat, 31 Dec 2050 23:59:59 GMT\r\nSet-Cookie: SiteName=([^;]+);.*\r\nSet-Cookie: SiteAddress64=.*\r\nSet-Cookie: SiteAddress=([^;]+);.*\r\nSet-Cookie: Build64=.*\r\nSet-Cookie: Build=(\d+);.*\r\nSet-Cookie: Version64=.*\r\nSet-Cookie: Version=([^;]+);.*\r\nCONTENT-LENGTH: \d+\r\n| p/aPod Access Control system master controller/ v/$SUBST(4,"%2E",".")/ i/site: $SUBST(1,"%20"," "); address: $SUBST(2,"%20"," "); build: $3/ d/security-misc/ cpe:/a:online_security_technologies:apod:$SUBST(4,"%2E",".")/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html(?:; charset=utf-8)?\r\nContent-Length: \d+\r\nCache-Control: max-age=0, no-store, no-cache\r\n\r\n<html>[\r\n]*<head>[\r\n]*<meta http-equiv="Content-Type" content="text/html; charset=utf-8">[\r\n]*<link rel="shortcut icon" href="/sws/images/fav\.ico" type="image/x-icon" />| p/Samsung SyncThru Web Service/ d/printer/ cpe:/a:samsung:syncthru_web_service/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: BBVS/([\d.]+)\r\nWWW-Authenticate: Basic realm="SecuritySpy Web Server"\r\n| p/BBVS video streaming httpd/ v/$1/ i/SecuritySpy surveillance software/ o/Mac OS X/ cpe:/a:ben_software:bbvs:$1/ cpe:/a:ben_software:securityspy/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.1 200 OK\r\nCACHE-CONTROL: no-cache\r\nDate: .*\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />\n<title>replace</title>| p/Huawei HG532e ADSL modem http admin/ d/broadband router/ cpe:/h:huawei:hg532e/a
match http m|^HTTP/1\.1 200 OK\r\nServer: magic iradio\r\nCache-Control: max-age=0, no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n| p/AGK WiFi Internet radio http config/ d/media device/
match http m|^HTTP/1\.1 401 Authorization Required\r\nDate: .*\r\nServer: \r\nExpires: 0\r\nSet-Cookie: SESSION=; path=/; expires=Sat, 01-Jan-1970 00:00:00 GMT;\r\nExpires: 0\r\nVary: Accept-Encoding\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n| p/Aruba wireless switch http admin/ d/switch/ o/ArubaOS/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Slinger ([\d.]+)\r\nConnection: close \r\nLast-modified: .*\r\nContent-Type: text/html\r\nExpires: 0\r\n\r\n.*<BR>\n\nZebra Technologies<BR>\nZTC (\w+)|s p/Zebra $2 printer http admin/ i/Slinger $1 httpd/ d/printer/ cpe:/h:zebra:$2/a
# Fallback match, GET actually returns something different, but every other HTTP-like probe returns this:
match http m|^HTTP/1\.0 404 Not Found\r\nServer: esp8266-httpd/([\w._-]+)\r\nContent-Type: text/plain\r\n\r\nNot Found\.\r\n| p/esphttpd/ v/$1/ cpe:/a:spritesmods:esphttpd:$1/
match http m|^HTTP/1\.0 200 Ok\r\nServer: \r\nDate: .*\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: \d+\r\nLast-Modified: Sat, 01 Jan 2000 00:00:\d\d GMT\r\nConnection: close\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1\.0 Transitional//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\n<html xmlns="http://www\.w3\.org/1999/xhtml">\n<head>\n\t<meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type"/>\n    <title>RAP Console</title>| p/Aruba RAP Console/ d/WAP/
# full hw, sw, version, wifi info at /cgi-bin/check.html
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\nExpires: Fri, 01 Jan 1990 00:00:00 GMT\r\nPragma: no-cache\r\nCache-Control: no-cache, no-store, must-revalidate\r\nLast-Modified: Mon, 30 Aug 2010 22:16:44 GMT\r\nContent-length: 1350\r\n\r\n| p/TiVo set-top box network adapter http config/ d/media device/
match http m|^HTTP/1\.1 505 Client Error\r\nServer: AV_Receiver/([\d.]+) \(([^)]+)\)\r\nContent-Length: 0\r\nConnection: close\r\n\r\n$| p/Yamaha AV receiver web ui/ v/$1/ i/model: $2/ cpe:/h:yamaha:$2/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<!DOCTYPE html><html><head><title>BroadCam - Information Setup Page</title>| p/BroadCam video streaming httpd/ o/Windows/ cpe:/a:nchsoftware:broadcam/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n.*\n<FRAME name=hrbar src="BarFoot\.html"|s p/Panasonic Network Camera http ui/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nContent-length: \d+\r\nContent-type: text/html\r\nLast-modified: .*\r\nAccept-ranges: bytes\r\nConnection: close\r\n\r\n<html>\n<head>\n<meta http-equiv="refresh"\n content="0;URL=/talisen/cgi-bin/projects\.cgi">| p/Talisen Secure Access Gateway/ cpe:/a:talisen:secure_access_gateway/
# No info on what is listed
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE html>\n<html><head>\n<script type="text/javascript">\nfunction createPageList\(\) \{\n    var xhr = new XMLHttpRequest;\n    xhr\.open\("GET", "/pagelist\.json"\);| p/LG television page list httpd/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nExpires: -1\r\n\r\n.*\n<link rel="stylesheet" type="text/css" href="login\.css">\n<title>Netgear Prosafe Plus Switch</title>|s p/Netgear ProSAFE Plus switch http admin/ d/switch/
match http m|^HTTP/1\.0 200 OK\r\nAccept-Ranges: bytes\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\nLast-Modified: .*\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang="en">\n    <head>\n        <meta charset="utf-8">\n        <title>Shipyard</title>| p/Shipyard/ cpe:/a:evan_hazlett:shipyard/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nConnection: close\r\n\r\n<!DOCTYPE html>\n<!--\nThe entry point for client\. This file is loaded just once when the client is captured\.\nIt contains socket\.io and all the communication logic\.\n-->\n<html>| p/Karma JavaScript test runner/ cpe:/a:google:karma/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nConnection: close\r\n\r\nHello world\r\n$| p/LG smart TV http service/
match http m|^HTTP/1\.1 100 Invalid request type\r\n(?:Content-Encoding: \r\n)?\r\n$| p/qBittorrent tracker httpd/ cpe:/a:qbittorrent:qbittorrent/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nAccess-Control-Allow-Origin: \*\r\nX-Powered-By: restheart\.org\r\n| p/RESTHeart API server/ cpe:/a:softinstigate:restheart/
match http m|^HTTP/1\.0 501 method 'GET' not available\r\n(?:[^\r\n]+\r\n)*?Server: pve-api-daemon/([\d.]+)\r\n|s p/Proxmox Virtual Environment REST API/ v/$1/ cpe:/a:proxmox:proxmox_virtual_environment:$1/
match http m|^HTTP/1\.1 200 OK\r\nCache-control:no-cache\r\nContent-Type:text/html\r\nTransfer-Encoding:chunked\r\nConnection:Keep-Alive\r\n\r\n.*\r\nvar ProductName = '(\w+)'|s p/Huawei $1 modem http admin/ d/broadband router/ cpe:/h:huawei:$1/
match http m|^HTTP/1\.0 200 OK\r\n\r\n\r\n<html>\r\n<head>\r\n\t<meta http-equiv="Content-Language" content="en-us" />\r\n\t<meta http-equiv="X-UA-Compatible" content="IE=edge" />\r\n\t<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />\r\n\t<title>Check Point ([\w]+) Appliance - Login</title>| p/Check Point $1 SVN foundation login/ cpe:/h:checkpoint:$1/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: snom embedded\r\nCache-Control: no-cache\r\nCache-Control: no-store\r\nContent-Type: text/html\r\nContent-Length: 181\r\n\r\n<HTML><HEAD>\r\n<TITLE>snom VoIP phone: Error</TITLE>\r\n</HEAD><BODY>\r\n<H1>File not found</H1>\r\n<P>Please ask your system administrator to check the lcs log file\.</P>\r\n</BODY></HTML>\r\n| p/Snom VoIP phone http admin/ d/VoIP phone/
match http m|^HTTP/1\.0 404 Not Found\r\nTE: chunked\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html\r\n\r\n58\r\n<html><head><title>Not Found</title></head><body><h1>404 - Not Found</h1></body></html>\n\r\n0\r\n\r\n| p/Orange Livebox http admin/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?X-Syncthing-Id: ((?:\w+-){7}\w+)\r\nX-Syncthing-Version: v([\d.]+)\r\n|s p/Syncthing/ v/$2/ i/ID: $1/ cpe:/a:syncthing:syncthing:$2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Digest realm="cpe@zte\.com", qop="auth", nonce="[a-f0-9]{32}", opaque="T3BhcXVlIHN0cmluZyBmb3IgQUNTIEF1dGhlbnRpY2F0aW9u", Algorithm="MD5"\r\n| p/ZTE Auto-Configuration Servers (ACS) http login/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\ncache-control: no-cache\r\nContent-Length: 1573\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=9A69859878EF80D2D98913D0A75EA0CD; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\npragma: no-cache\r\n.*\r\n<html>\r\n<head>\r\n<title>VMware&nbsp;Horizon View</title>\r\n|s p/VMware Horizon View/ cpe:/a:vmware:horizon_view/
match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>VMware Horizon View</title>\r\n| p/VMware Horizon View/ cpe:/a:vmware:horizon_view/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .*\r\n\r\nMissing route token in request| p/VMware Horizon View/ cpe:/a:vmware:horizon_view/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<\?xml version="1\.0" encoding="UTF-8"\?>\r\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\r\n<html xmlns="http://www\.w3\.org/1999/xhtml">\r\n<head>\r\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />\r\n<meta http-equiv="Cache-Control" content="no-cache"/>\r\n<meta name="viewport" content="width=device-width; initial-scale=1\.0; minimum-scale=1\.0; maximum-scale=2\.0"/>\r\n<meta name="MobileOptimized" content="260"/>\r\n<title>zapya download</title>| p/Zapya file transfer app/ cpe:/a:dewmobile:zapya/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset="utf-8"\r\nContent-Encoding: gzip\r\nContent-Length: 1039\r\nlast-modified: .*\r\n\r\n\x1f\x8b\x08\x08....\0\x03index\.html\0|s p/HP Storage Management Utility/ d/storage-misc/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nServer: \r\nDate: .*\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: close\r\nETag: "\w+-\w+-\w+"\r\nPragma: no-cache\r\nLocation: /php/login\.php\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nX-FRAME-OPTIONS: SAMEORIGIN\r\nSet-Cookie: PHPSESSID=\w+; path=/; HttpOnly\r\n\r\n| p/Palo Alto firewall http admin/ d/security-misc/
match http m|^HTTP/1\.1 302 \r\nContent-Type: text/html\r\nConnection: Close\r\nLOCATION: http://speedport\.ip/html/login/index\.html\r\nContent-Length: 0\r\n\r\n| p/Telekom Speedport http config/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nEtag: "[a-f\d]+\.\d+"\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\nAccept-Ranges: bytes\r\n\r\n<!doctype html>\n<html lang="en">\n    <head>\n {8}<meta charset="utf-8">\n {8}<title>Z-Way UI selection</title>| p/Z-Way home automation controller/ d/specialized/ cpe:/a:z-wave.me:z-way/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Arcadyan httpd 1\.0\r\nContent-type: text/html\r\nConnection: close\r\n\r\n| p/Arcadyan broadband router httpd/ d/broadband router/
match http m|^HTTP/1\.[01] 302 Hotspot redirect\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\nExpires: 0\r\nLocation: .*\r\n\r\n| p/MikroTik HotSpot/ o/RouterOS/ cpe:/a:mikrotik:hotspot/ cpe:/o:mikrotik:routeros/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: HDHomeRun/([\d.]+)\r\nConnection: close\r\nContent-Type: text/html; charset="utf-8"\r\n.*<div class="T TE">HDHomeRun RECORD</div>|s p/SiliconDust HDHomeRun RECORD http config/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title></title></head><frameset rows="0,\*" border=0 frameborder=no framespacing=0><frame src="space\.htm" name="space" scrolling="no" border=0><frame src="wanst\.htm" name="main" marginwidth="30" marginheight="16" scrolling="auto">| p/D-Link WAP http config/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nServer: Printopia/([\w._-]+)\r\nConnection: close\r\n\r\n<html>\n<head>\n</head>| p/Printopia AirPrint service/ v/$1/ o/OS X/ cpe:/a:decisive_tactics:printopia:$1/ cpe:/o:apple:mac_os_x/a
#CIMC 1.5(4e)
match http m|^UnknownMethod 403 Forbidden\r\nDate: .*\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60, max=2000\r\nContent-Type: text/html\r\nContent-length: \d+\r\n\r\n<HTML><HEAD><TITLE>Document Error: Forbidden</TITLE></HEAD>\r\n<BODY><H2>Access Error: 403 -- Forbidden</H2>\r\n</BODY></HTML>\r\n\r\nHTTP/1\.0 400 Bad Request\r\nDate:| p/Cisco Integrated Management Controller/ cpe:/h:cisco:unified_computing_system_integrated_management_controller/
match http m|^HTTP/1\.1 302 Found\r\nLocation: https?://([^/]+)/admin\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer:  \r\n\r\n| p/Cisco Identity Services Engine/ h/$1/ cpe:/a:cisco:identity_services_engine_software/ cpe:/h:cisco:identity_services_engine:-/
match http m|^HTTP/1\.1 400 Bad request\r\nContent-Type: text/html; charset=utf8\r\nTransfer-Encoding: chunked\r\n\r\n\d+\r\n<!DOCTYPE html>\n<html>\n<head>\n    <title>\r\nb\r\nBad request\r\ncf6\r\n</title>\n    | p/Cockpit web service/ v/161 or earlier/ o/Linux/ cpe:/a:redhat:cockpit/ cpe:/o:linux:linux_kernel/a
# X-DNS-Prefetch-Control and Referrer-Policy added in 162
match http m|^HTTP/1\.1 400 Bad request\r\nContent-Type: text/html; charset=utf8\r\nTransfer-Encoding: chunked\r\nX-DNS-Prefetch-Control: off\r\nReferrer-Policy: no-referrer\r\n\r\n\d+\r\n<!DOCTYPE html>\n<html>\n<head>\n    <title>\r\nb\r\nBad request\r\ncf6\r\n</title>\n    | p/Cockpit web service/ v/162 - 188/ o/Linux/ cpe:/a:redhat:cockpit/ cpe:/o:linux:linux_kernel/a
# X-Content-Type-Options added in 189
match http m|^HTTP/1\.1 400 Bad request\r\nContent-Type: text/html; charset=utf8\r\nTransfer-Encoding: chunked\r\nX-DNS-Prefetch-Control: off\r\nReferrer-Policy: no-referrer\r\nX-Content-Type-Options: nosniff\r\n\r\n\d+\r\n<!DOCTYPE html>\n<html>\n<head>\n    <title>\r\nb\r\nBad request\r\ncf6\r\n</title>\n    | p/Cockpit web service/ v/189 or later/ o/Linux/ cpe:/a:redhat:cockpit/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 401 Not Authorized\r\nServer: WSTL CPE 1\.0\r\nMIME-version: 1\.0\r\nDate: [A-Z]{3} [A-Z]{3} \d\d \d\d:\d\d:\d\d \d\d\d\d GMT\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nWWW-Authenticate: Digest realm="Westell Secure",| p/Westell broadband router TR-069/ d/broadband router/
match http m|^HTTP/1\.1 401 Not Authorized\r\nServer: WSTL CPE 1\.0\r\nDate: .* GMT\r\nMIME-version: 1\.0\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\nWWW-Authenticate: Digest realm="Westell Secure",| p/Westell broadband router TR-069/ d/broadband router/
# Glassfish AS 4.0 (build 89)
match http m|^HTTP/1\.1 202 Accepted\r\nContent-Type: text/html;charset=UTF-8\r\nDate: .*\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\n<html xmlns="http://www\.w3\.org/1999/xhtml" xml:lang="en" lang="en">\n<head>\n<!--\n\n    DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER\.\n\n    Copyright \(c\) [12]\d\d\d Oracle and/or its affiliates\.| p/Oracle Glassfish Application Server/ cpe:/a:oracle:glassfish_application_server/
match http m|^HTTP/1\.0 302 Found\r\nLocation: .*?/user/login\r\nSet-Cookie: lang=(..)-(..); Path=/[^;]*; Max-Age=2147483647\r\nSet-Cookie: i_like_gogits=[a-f\d]{16}; Path=/[^;]*; HttpOnly\r\n| p/Gogs git httpd/ i/lang: $1-$2/ cpe:/a:gogs:gogs::::$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\nSet-Cookie: lang=(..)-(..); Path=/[^;]*; Max-Age=2147483647\r\nSet-Cookie: i_like_gogits=[a-f\d]{16}; Path=/[^;]*; HttpOnly\r\n| p/Gogs git httpd/ i/lang: $1-$2/ cpe:/a:gogs:gogs::::$1/
match http m|^HTTP/1\.0 302 Found\r\nLocation: .*?/login\r\nSet-Cookie: grafana_sess=[a-f\d]{16}; Path=/; HttpOnly\r\n| p/Grafana/ cpe:/a:xn--torkel_degaard-1pb:grafana/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<!---CAS:0003--><HTML><HEAD>\n<SCRIPT LANGUAGE=JAVASCRIPT><!--\nvar a=window\.open\("/menu\.htm", "Login", "width=505,height=250,screenX=200,screenY=300,resizable=1,scrollbars=0,dependent=1"\);\na\.focus\(\);\n//--></SCRIPT>\n</HEAD>\n\nPlease Login First\.\n\n</HTML>| p/D-Link DI-524 WAP http config/ d/WAP/ cpe:/h:dlink:di-524/a
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: HTTPD\r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm="USER LOGIN"\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR="#cc9999"><H4>401 Unauthorized</H4>\nAuthorization required\.\n</BODY></HTML>\n| p/LimitlessLED smart lightbulb bridge httpd/ d/specialized/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<HTML>\n<HEAD>\n<script type="text/javascript" src="/WebLanguage\.js"></script>\n<script>\nd=document;\nd\.write\("<title>"\+Login0104\+"</title>"\);\n</script>\n<link rel="icon" href="/dlink\.ico" type="image/x-icon" />| p/D-Link DES-1100 switch http config/ d/switch/ cpe:/h:dlink:des-1100/a
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: BASIC realm="Admin"\r\n\r\nPassword Error\.| p/D-Link DP-301P+ print server httpd/ d/print server/ cpe:/h:d-link:dp-301p/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: -1\r\n\r\n<SCRIPT language="javascript">\r\nvar logonInfo = new Array\(\r\n\t\d,/\*\xb4\xed\xce\xf3\xc0\xe0\xd0\xcd, 0:\xce\xde\xb4\xed\xce\xf3;1:\xd3\xc3\xbb\xa7\xc3\xfb\xbb\xf2\xd5\xdf\xc3\xdc\xc2\xeb\xb4\xed\xce\xf3;2:\xb8\xc3\xd3\xc3\xbb\xa7\xb2\xbb\xd4\xca\xd0\xed\xb5\xc7\xc2\xbc;3:\xb8\xc3\xd3\xc3\xbb\xa7\xb5\xc7\xc2\xbc\xca\xfd\xd2\xd1\xc2\xfa\.;4\xb5\xc7\xc2\xbc\xd3\xc3\xbb\xa7\xca\xfd\xd2\xd1\xc2\xfa\xa3\xac\xd7\xee\xb6\xe0\xd6\xbb\xc4\xdc\xd4\xca\xd0\xed16\xb8\xf6\xd3\xc3\xbb\xa7\xcd\xac\xca\xb1\xb5\xc7\xc2\xbc;5\xd3\xc3\xbb\xa7\xbb\xe1\xbb\xb0\xb3\xac\xca\xb1\*/\r\n\t0,0\);| p/TP-LINK Easy Smart switch admin httpd/ d/switch/
# http://blog.sec-consult.com/2015/05/kcodes-netusb-how-small-taiwanese.html
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nConnection: Close\r\n\r\n(?:<!-T0004->\r\n)?<HTML>\r\n<HEAD>\r\n<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="TEXT/HTML">\r\n<TITLE></TITLE>\r\n</HEAD>\r\n<BODY BGCOLOR=#FFFFFF>\r\n<SCRIPT LANGUAGE=JavaScript>\r\n\tdocument\.location\.href="system30\.htm";\r\n</script>\r\n</BODY>\r\n</HTML>| p/KCodes NetUSB http interface/ cpe:/o:kcodes:netusb/
match http m|^HTTP/1\.0 302 Found\r\nLocation: https:///\r\nContent-Type: text/html\r\nContent-Length: 136\r\n\r\n<html><head><title>Redirect</title></head><body><h1>Redirect</h1><p>You should go to <a href="https:///">https:///</a></p></body></html>| p/Aruba AirWave httpd/ cpe:/a:arubanetworks:airwave/
match http m|^HTTP/1\.1 401 Authorization Required\r\nWWW-Authenticate: Basic realm="FHEM: login required"\r\nContent-Length: 0\r\n\r\n| p/FHEM home automation httpd/ cpe:/a:rudolf_koenig:fhem/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nLast-Modified: .* GMT\r\nContent-Type: text/html\r\nCache-Control: private, max-age=0, no-cache\r\nAccept-Ranges: bytes\r\nDate: .* GMT\r\n\r\n<!DOCTYPE html>\n<html ng-app="app" ng-csp  ng-controller="AppCtrl">\n  <head>\n    <title>Arch</title>| p/Arch webinterface to Kodi/ cpe:/a:abricot:arch/
match http m|^HTTP/1\.0 [45]\d\d .*\r\nDate: .* GMT\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html>\n<html>\n<head><meta charset="utf-8"><style>body\{margin-top:14%;text-align:center;background-color:#F8F8F8;font-family:sans-serif;\}h1\{font-size:xx-large;\}p\{font-size:x-large;\}p\+p \{ font-size: large; font-family: courier \}</style>\n</head>\n<body><h1>[45]\d\d [^<]*</h1>| p/Prosody XMPP BOSH httpd/ cpe:/a:prosody:prosody/
match http m|^HTTP/1\.1 302 FOUND\r\nLocation:/public/login\.html\r\nContent-Length: 0\r\n\r\n| p/Triax TSS 400 SATIP server httpd/ d/media device/ cpe:/h:triax:tss_400/
# seen on webcam, wifi range extender, etc.
match http m|^HTTP/1\.1 200 OK\r\nServer: TP-LINK HTTPD/1\.0\r\nConnection: close\r\n| p/TP-LINK embedded httpd/
match http m|^HTTP/1\.1 200 OK\r\ncache-control: no-cache\r\ncontent-length: \d+\r\ncontent-type: text/html\r\ndate: (.* GMT)\r\nlast-modified: \1\r\n\r\n| p/EHS embedded httpd/ v/1.4.5 or earlier/ cpe:/a:fritz_elfert:ehs/
match http m%^HTTP/1\.0 200 OK\r\nCache-Control: must-revalidate\r\n(?:Set-Cookie: [a-f0-9]{8}/accept-language=; path=/\r\n)?ETAG: [a-f0-9]{8}\r\n(?:Cache-Control: must-revalidate\r\n)?Content-Type: text/html; charset=utf-8\r\nContent-Length: \d+\r\n\r\n\n\n\n\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Transitional//EN"\n        "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\n<html xmlns="http://www\.w3\.org/1999/xhtml" dir="ltr" lang="en">\n<head>\n<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>\n<meta name="viewport" content="width=1085"/>\n<meta http-equiv="X-UA-Compatible" content="IE=edge"/>\n<title>[^<]*</title>\n<script type="text/javascript">\n\tappUrl = '';\n\tappConfig = '(\w\w)';\n\tappUid = (?:'[a-f0-9]*'|getEtag\(\));\n\tconfig = \{\n\t\tBUILD_CUSTOMER: '[^']+',\n\t\tBUILD_PROJECT: '[^']+',\n\t\tBUILD_HARDWARE: 'sagem_([\w_]+)',% p/Orange Livebox config httpd/ i/language: $1; model: Sagem $2/ d/broadband router/ cpe:/h:sagem:$2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm="Ascotel domain"\r\n| p/Aastra Ascotel PBX httpd/ d/PBX/
match http m|^HTTP/1\.0 401 \[B2BSERV\.0084\.9004\] Access Denied\r\nSet-Cookie: ssnid=[^;]+; path=/; HttpOnly\r\nContent-Type: text/html; charset=utf-8\r\nWWW-Authenticate: Basic realm="sapbc"\r\n| p/SAP Business Connector/ cpe:/a:sap:business_connector/
match http m|^HTTP/1\.1 200 OK\r\nCACHE-CONTROL: no-cache\r\nDate: .* GMT\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<META http-equiv="Content-Type" content="text/html; charset=UTF-8">\r\n<META http-equiv="Pragma" content="no-cache">\n<META http-equiv="expires" CONTENT="-1">\n<link rel="icon" type="image/icon" href="/favicon\.ico"/>\n<title>Login</title>\n| p/Huawei HG532e ADSL router httpd/ d/broadband router/ cpe:/h:huawei:hg532e/a
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Type: application/x-gzip\r\nLocation: https://idrac(?::\d+)?/start\.html\r\nDate: .* GMT\r\nETag: \w{3} \w{3} \d\d \d\d:\d\d:\d\d \d\d\d\d ([-A-Z]+)\r\n| p/Dell iDRAC 8 admin httpd/ i/time zone: $1/ cpe:/o:dell:idrac8_firmware/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nServer: siyou server\r\nTransfer-Encoding: chunked\r\n\r\n[a-f\d]+\r\n| p/D-LINK siyou httpd/ d/broadband router/
match http m|^HTTP/1\.1 404 ERROR\r\nConnection: close\r\nContent-Length: 9\r\n\r\nNot Found$| p/Spotify spotilocal http API/
match http m|^HTTP/1\.1 404 ERROR\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Length: 15\r\nContent-Type: text/plain; charset=utf-8\r\n\r\nmissing method\n$| p/Spotify spotilocal http API/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nServer: httpserver\r\nData: (.* GMT)\r\nLast Modified: \1\r\n\r\n| p/Zmodo webcam http interface/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nServer: CNIX HTTP Server 1\.0\r\nContent-Type: text/html\r\nPragma:no-cache\r\nExpires:-1\r\nCache-Control:no-cache;no-store;must-revalidate\r\nTransfer-Encoding: chunked\r\n\r\n| p/Siemens LOGO! 8 PLC httpd/ d/specialized/ cpe:/h:siemens:logo8/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nExpires: -1\r\n\r\n<html>\n<head>\n<title>Redirect to Login</title>\n<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">\n<link rel="stylesheet" type="text/css" href="/style\.css">\n| p/Netgear ProSafe Gigabit Web Managed (Plus) switch httpd/ d/switch/
match http m|^HTTP/1\.0 200 The request has succeeded\r\nContent-Type: text/html\r\nExpires: Sun, 03 Jan 2100 12:00:00 GMT\r\n\r\n $| p/Bosch Logamatic Gateway web KM200 httpd/ d/specialized/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nExpires: .* GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<html><head><title>Velkommen til 963</title>| p/Trend 963 Supervisor building control system/ i/Danish/ d/specialized/ cpe:/a:trend_control_systems:963_supervisor::::da/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nExpires: .* GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<html><head><title>SUPERVISEUR 963</title>| p/Trend 963 Supervisor building control system/ i/French/ d/specialized/ cpe:/a:trend_control_systems:963_supervisor::::fr/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nExpires: .* GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<html><head><title>963 Valvomo</title>| p/Trend 963 Supervisor building control system/ i/Finnish/ d/specialized/ cpe:/a:trend_control_systems:963_supervisor::::fi/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nExpires: .* GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<html><head><title>Witamy w Programie 963</title>| p/Trend 963 Supervisor building control system/ i/Polish/ d/specialized/ cpe:/a:trend_control_systems:963_supervisor::::pl/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nExpires: .* GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<html><head><title>Benvenuti al 963</title>| p/Trend 963 Supervisor building control system/ i/Portuguese/ d/specialized/ cpe:/a:trend_control_systems:963_supervisor::::pt/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nExpires: .* GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<html><head><title>Bienvenido al 963</title>| p/Trend 963 Supervisor building control system/ i/Spanish/ d/specialized/ cpe:/a:trend_control_systems:963_supervisor::::es/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nExpires: .* GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<html><head><title>V\xc3\xa4lkommen till 963</title>| p/Trend 963 Supervisor building control system/ i/Swedish/ d/specialized/ cpe:/a:trend_control_systems:963_supervisor::::sv/
match http m|^HTTP/1\.0 200 OK\r\nDate: [\w ,]+ GMT\r\nExpires: [\w ,]+ GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<html><head><title>.*\r\n<meta content="Trend Control Systems 963" name="GENERATOR" />| p/Trend 963 Supervisor building control system/ d/specialized/ cpe:/a:trend_control_systems:963_supervisor/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .* GMT\r\nConnection: close\r\n\r\n<!DOCTYPE html><html>    <head>        <meta charset="utf-8" />        <title>Node\.js</title>    </head>    <body>       <h1>Welcome to Node\.js</h1>    </body></html>| p/Node.js/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.0 400 BadRequest\r\nContent-Length: 0\r\nServer: lwIP/(\d[\d.]+)\r\n\n$| p/ESP-12 ESP8266 dev board httpd/ i/lwIP $1/ cpe:/a:lwip_project:lwip:$1/
match http m|^HTTP/1\.1 404 Not Found\r\ncontent-type: text/html\r\ncontent-length: \d+\r\nserver: PhpStorm ([\d.]+)\r\n| p/PhpStorm IDE httpd/ v/$1/ cpe:/a:jetbrains:phpstorm:$1/
match http m|^HTTP/1\.0 200 OK\r\nServer: \r\nContent-Type: text/html; charset=iso-8859-1\r\nDate: .* GMT\r\nLast-Modified: .* GMT\r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n<\?xml version="1\.0" encoding="UTF-8"\?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Transitional//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\n\n<html xmlns="http://www\.w3\.org/1999/xhtml">\n<!-- __DVLAPP__ -->| p/Devolo dLAN 500 WiFi powerline adapter/ d/WAP/ cpe:/h:devolo:dlan_500/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .* GMT\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<\?xml version="1\.0" encoding="UTF-8"\?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Transitional//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\n\n<html xmlns="http://www\.w3\.org/1999/xhtml">\n<!-- __DVLAPP__ -->| p/Devolo dLAN WiFi powerline adapter/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\ncontent-type: text/html\r\nexpires: [\w, :]+ GMT\r\n\r\n<!DOCTYPE html>\n<html>\n    <head>\n        <meta charset="utf-8">\n        <title>RethinkDB Administration Console</title>\n.*\.css\?v=([\d.]+)"|s p/RethinkDB Administration Console httpd/ v/$1/ cpe:/a:rethinkdb:rethinkdb:$1/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nDate: .* GMT\r\nConnection: close\r\nServer: server\r\n\r\n$| p/Cisco Identity Services Engine admin httpd/ cpe:/a:cisco:identity_services_engine_software/ cpe:/h:cisco:identity_services_engine/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nAccept-Ranges: bytes\r\nCache-Control: no-cache\r\n\r\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\r\n<html>\r\n<head>\r\n  <meta http-equiv="content-type" content="text/html; charset=UTF-8" />\r\n  <style type="text/css">\r\n  body, th \{ font-family:tahoma, verdana, arial, helvetica, sans; font-weight:normal; font-size:9pt; \}\r\nbody \{ margin:0; background-color:#DDF; padding:10px; \}\r\np \{ margin:0 \}\r\na \{ text-decoration:none;  background-color:Transparent; color:#05F; \}\r\n| p/HttpFileServer httpd/ cpe:/a:massimo_melina:httpfileserver/
# This is the TP-LINK model, but may match the Asus one, too.
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .* GMT\r\n\r\n<html lang="en"> <head> <meta charset="utf-8"/> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <meta name="viewport" content="width=device-width, initial-scale=1"/> <title>OnHub</title>| p/Google OnHub WAP/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nDate: .* GMT\r\nLast-Modified: .* GMT\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nCache-Control: no-cache\r\n\r\n<!doctype html>\n<html lang="en" xmlns:ng="http://angularjs\.org" id="ng-app" ng-app="vzui">\n  <head>\n    <meta charset="utf-8">\n    <meta http-equiv="cache-control" content="no-cache"/>\n    <meta http-equiv="cache-control" content="max-age=0" />\n    <meta http-equiv="pragma" content="no-cache"/>\n    <meta http-equiv="expires" content="0"/>\n    <title>Verizon Router</title>\n    <link rel="stylesheet" href="css/app\.css\?v=v([\d.]+)"/>| p/Verizon router http UI/ v/$1/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\nContent-Type: text/html;charset=windows-1252\nContent-Length: \d+\n\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN" "http://www\.w3\.org/TR/html4/loose\.dtd">\r\n<html>\r\n<head>\r\n<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">\r\n<title>TRENDnet MFP Server</title>| p/TRENDnet MFP print server http config/ d/print server/
match http m|^HTTP/1\.1 200 OK\r\nContent-Language: en-US\r\nContent-Length: \d+\r\nSet-Cookie: JSESSIONID=[A-F\d]{32}; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\n(?:Strict-Transport-Security: max-age=31536000\r\n)?\r\n\r\r\n\r\r\n<!DOCTYPE html>\r\r\n<html lang="en">\r\r\n<head>\r\r\n   <meta charset="utf-8">\r\r\n   <meta http-equiv="X-UA-Compatible" content="IE=edge">\r\r\n   <title>VMware Horizon View</title>| p/VMware Horizon View/ cpe:/a:vmware:horizon_view/
match http m|^HTTP/1\.1 200 OK\r\nContent-Language: en-US\r\nContent-Length: \d+\r\nX-FRAME-OPTIONS: SAMEORIGIN\r\nSet-Cookie: JSESSIONID=[A-F\d]{32}; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\nStrict-Transport-Security: max-age=31536000\r\n\r\n\r\n\r\n<!DOCTYPE html>\r\n<html lang="en">\r\n<head>\r\n   <meta charset="utf-8">\r\n   <meta http-equiv="X-UA-Compatible" content="IE=edge">\r\n   <title>VMware Horizon</title>| p/VMware Horizon/ cpe:/a:vmware:horizon/
match http m|^HTTP/1\.1 200 200\r\nSet-Cookie: JSESSIONID=[A-F\d]{32};path=/;Secure;HttpOnly\r\nContent-Length: \d+\r\nContent-Language: en-US\r\nContent-Type: text/html;charset=UTF-8\r\n#status#: HTTP/1\.1 200 OK\r\nStrict-Transport-Security: max-age=31536000\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: deny\r\nX-XSS-Protection: 1; mode=block\r\n\r\n\r\n\r\n\r\n<!DOCTYPE html>\r\n<html lang="en">\r\n<head>\r\n   <meta charset="utf-8">\r\n   <meta http-equiv="X-UA-Compatible" content="IE=edge">\r\n   <title>VMware Horizon</title>| p/VMware Horizon/ cpe:/a:vmware:horizon/
match http m|^HTTP/1\.1 307 Temporary Redirect\r\nLocation: https://([^:]+):443/\r\nDate: .*\r\nContent-Length: 1994\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>VMware Horizon</title>| p/VMWare Horizon/ h/$1/ cpe:/a:vmware:horizon/
match http m|^HTTP/1\.1 307 Temporary Redirect\r\nLocation: https://[^/]+/\r\nDate: .*\r\nContent-Length: 1994\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>VMware Horizon</title>| p/VMWare Horizon/ cpe:/a:vmware:horizon/
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nConnection: Keep-Alive\r\nContent-type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN">\r\n<html>\r\n<head>\r\n<meta http-equiv="Content-Type" content="text/html; charset=big5">\r\n<meta http-equiv="refresh" content="0;URL=\./bscsetting\.htm">| p/Ambient Weather ObserverIP http config/ d/specialized/ cpe:/h:ambient_weather:observerip/
# Hikvision, truVision, Hills/DAS etc.
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nServer: DNVRS-Webs\r\nETag: "[a-f\d-]+"\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nConnection: close\r\nLast-Modified: .* GMT\r\n\r\n| p/Hikvision Network Video Recorder http admin/ d/webcam/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: DVRDVS-Webs\r\n| p/Hikvision DVR web UI/ d/media device/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .* GMT\r\nServer: DVRDVS-Webs\r\n| p/Hikvision DVR web UI/ d/media device/
match http m|^HTTP/1\.0 302 Redirect\r\nServer: Webs\r\nDate: [\w\d: ]{24}\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://[^/]*/index\.asp\r\n\r\n| p/Hikvision DVR web UI/ d/media device/
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-store\r\nContent-Type: text/html\r\nContent-length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01//EN" "http://www\.w3\.org/TR/html4/strict\.dtd"><html id=htmlID><head><title>[^<]+</title><style type="text/css">\*\{padding:0;margin:0\}html,body\{background:url\("dark_carbon\.png"\) repeat;| p/ControlByWeb X-310 controller web interface/ cpe:/h:controlbyweb:x-310/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nETag: "-?\d+"\r\nLast-Modified: .* GMT\r\nContent-Length: \d+\r\nConnection: close\r\nDate: .* GMT\r\nServer: none\r\n\r\n<!-- saved from url=\(0014\)about:internet -->\n<html lang="en">\n\n<!-- \nSmart developers always View Source\. \n\nThis application was built using Adobe Flex, an open source framework\nfor building rich Internet applications that get delivered via the\nFlash Player or to desktops via Adobe AIR\. \n\nLearn more about Flex at http://flex\.org \n// -->\n\n<head>\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />\n\n<!--  BEGIN Browser History required section -->\n<link rel="stylesheet" type="text/css" href="history/history\.css" />\n<!--  END Browser History required section -->\n\n<title>Fireware XTM WebUI</title>| p/WatchGuard Fireware XTM web UI/ i/CometCatchr Flash Comet client/ cpe:/a:progrium:cometcatchr/ cpe:/a:watchguard:fireware_xtm/
match http m|^HTTP/1\.1 401 Unauthorized\r\nAccess-Control-Allow-Origin: \*\r\nWWW-Authenticate: Basic realm="Protected"\r\nConnection: close\r\n\r\n401 Unauthorized: Password required\r\n$| p/ANEL-Elektronik NET-PwrCtrl HUT httpd/ d/power-misc/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm="(WPN\d[\dv]+)"\r\nContent-type: text/html\r\n\r\n<html>\r\n<head><title>401 Unauthorized</title></head>\r\n<body><h1>401 Unauthorized</h1>\r\n<p>Access to this resource is denied; your client has not supplied the correct authentication\.</p></body>\r\n</html>\r\n| p/Netgear WAP http admin/ i/model $1/ d/WAP/ cpe:/h:netgear:$1/
match http m|^HTTP/1\.0 200 OK\r\nAccept-Ranges: bytes\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\nLast-Modified: .* GMT\r\nDate: .* GMT\r\n\r\n<!doctype html>\n<html lang="en">\n<head>\n    <meta charset="utf-8">\n    <meta http-equiv="X-UA-Compatible" content="IE=edge">\n    <meta name="viewport" content="width=device-width, initial-scale=1">\n    <meta name="description" content="">\n    <meta name="author" content="">\n\n    <title>InfluxDB - Admin Interface</title>| p/InfluxDB http admin/ cpe:/a:influxdata:influxdb/
match http m|^HTTP/1\.0 200 OK \r\nexpires: Friday, 25-Jul-97 00:00:00 GMT\r\nContent-type: text/xml\r\n\r\n<\?xml version="1\.0" encoding="utf-8"\?>\n<\?xml-stylesheet type="text/xsl" href="admin\.xsl"\?>\n<info product="[iI]nnovaphone ([^"]+)" manufacturer-url="http://www\.innovaphone\.com" name="([^"]+)"| p/Innovaphone VoIP phone or gateway/ i/model: $1; name: $2/
match http m|^HTTP/1\.0 200 OK \r\nexpires: Friday, 25-Jul-97 00:00:00 GMT\r\nContent-type: text/xml\r\n\r\n<\?xml version="1\.0" encoding="utf-8"\?>\n<\?xml-stylesheet type="text/xsl" href="admin\.xsl"\?>\n<info product="[iI]nnovaphone ([^"]+)"| p/Innovaphone VoIP phone or gateway/ i/model: $1/
match http m|^HTTP/1\.0 200 OK \r\nexpires: Friday, 25-Jul-97 00:00:00 GMT\r\nContent-type: text/xml\r\n\r\n<\?xml version="1\.0" encoding="utf-8"\?>\n<\?xml-stylesheet type="text/xsl" href="admin\.xsl"\?>\n<info product="[aA]scom ([^"]+)"| p/Ascom VoIP phone or gateway/ i/model: $1/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nConnection: close\r\nLocation: http://[\w.:-]+/console/index\.html\r\nContent-Length: 0\r\nDate: Mon, 18 Apr 2016 11:08:30 GMT\r\n\r\n| p/JBoss WildFly web console/ cpe:/a:redhat:jboss_wildfly_application_server/
# version 1.2
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: application/json\r\nDate: Mon, 28 Mar 2016 15:58:03 GMT\r\nContent-Length: 365\r\n\r\n\{\n  "paths": \[\n    "/api",\n    "/api/v1",\n    "/apis",\n    "/apis/autoscaling",\n    "/apis/autoscaling/v1",\n    "/apis/batch",\n    "/apis/batch/v1",\n    "/apis/extensions",\n    "/apis/extensions/v1beta1",\n    "/healthz",\n    "/healthz/ping",\n    "/logs/",\n    "/metrics",\n    "/resetMetrics",\n    "/swagger-ui/",\n    "/swaggerapi/",\n    "/ui/",\n    "/version"\n  \]\n\}| p/Kubernetes jsonapi/ cpe:/a:cloud_native_computing_foundation:kubernetes/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nDate: .* GMT\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE html>\n<html lang="en" ng-app="mesos">\n  <head>\n    <meta charset="utf-8">\n    <title>Mesos</title>\n| p/Apache Mesos/ cpe:/a:apache:mesos/
match http m|^HTTP/1\.1 200 OK\r\nDate: .* GMT\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE html>\n<html lang="en" ng-app="mesos">\n  <head>\n    <meta charset="utf-8">\n    <title>Mesos</title>\n| p/Apache Mesos/ cpe:/a:apache:mesos/
match http m|^\0\x18HTTP/1\.0 404 Not Found\r\n\0\x18Cache-Control:no-cache\r\n\0\x18Content-Type:text/html\r\n\0\x12Connection:close\r\n\0\x14Content-Length:108\r\n\0\x04\r\n\r\n<html>\n<head>\n<title>Error: 404</title>\n<body>\nGot the error: <b>Not Found</b><br><br>\nError\n</body>\n</html>| p/Oce Print Exec Workgroup/ cpe:/a:oce:print_exec_workgroup/
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nServer: PHttp/([\d.]+) Win32NT\r\nX-AspNetMvc-Version: ([\d.]+)\r\nX-AspNet-Version: ([\d.]+)\r\nContent-Length: \d+\r\nCache-Control: private\r\nContent-Type: text/html; charset=utf-8\r\nSet-Cookie: WorkplaceToken=[a-f\d]{8}-[a-f\d]{4}-[a-f\d]{4}-[a-f\d]{4}-[a-f\d]{12}; path=/; expires=.* GMT\r\nConnection: close\r\n\r\n| p/Termika OlimpOKS PHttpd/ v/$1/ i/ASP.NET $3; MVC $2/ o/Windows/ cpe:/a:microsoft:asp.net:$3/ cpe:/a:termika:olimpoks/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nServer: PHttp/([\d.]+) Unix\r\nX-AspNetMvc-Version: ([\d.]+)\r\nX-AspNet-Version: ([\d.]+)\r\nContent-Length: \d+\r\nCache-Control: private\r\nContent-Type: text/html; charset=utf-8\r\nSet-Cookie: WorkplaceToken=[a-f\d]{8}-[a-f\d]{4}-[a-f\d]{4}-[a-f\d]{4}-[a-f\d]{12}; path=/; expires=.* GMT\r\nConnection: close\r\n\r\n| p/Termika OlimpOKS PHttpd/ v/$1/ i/ASP.NET $3; MVC $2/ o/Unix/ cpe:/a:microsoft:asp.net:$3/ cpe:/a:termika:olimpoks/
match http m|^HTTP/1\.0 403 Forbidden\r\nDate: .* GMT\r\n(?:X-Frame-Options: SAMEORIGIN\r\n)?Content-Type: text/html; charset=UTF-8\r\nServer: OpenVPN-AS\r\nSet-Cookie: openvpn_sess_[a-f\d]{32}=[a-f\d]{32};| p/OpenVPN Access Server/ cpe:/a:openvpn:openvpn_access_server/
match http m|^HTTP/1\.1 200 OK\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: \*\r\nX-Rocket-Chat-Version: ([\d.]+)\r\n.*__meteor_runtime_config__ = JSON\.parse\(decodeURIComponent\("%7B%22meteorRelease%22%3A%22METEOR%40([\d.]+)%22%2C%22PUBLIC_SETTINGS%22%3A%7B%7D%2C%22ROOT_URL%22%3A%22https?%3A%2F%2F([^%]+)%|s p/Rocket.Chat/ v/$1/ i/Meteor $2/ h/$3/ cpe:/a:meteor:meteor:$2/ cpe:/a:rocketchat:rocket.chat:$1/
match http m|^HTTP/1\.1 200 OK\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ndate: .*<title>Coral Rapid Application Development Framework - Corrad</title>.*__meteor_runtime_config__ = JSON\.parse\(decodeURIComponent\("%7B%22meteorRelease%22%3A%22METEOR%40([\d.]+)%22|s p/Corrad Development httpd/ i/Meteor $1/ cpe:/a:encoral:corrad/ cpe:/a:meteor:meteor:$1/
match http m|^HTTP/1\.1 302 Found\r\nConnection: Keep-Alive\r\nServer: \r\nContent-Type: text/html\r\nContent-Length: 680\r\n\r\n\xef\xbb\xbf<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN" "http://www\.w3\.org/TR/html4/loose\.dtd">\r\n<!-- this page must have 520 bytes or more, ie is a wonderfull program -->| p/Gigaset DECT phone/ d/phone/
# Maybe distinguish language?
match http m%^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nConnection: Close\r\nServer: ([\d.]+)\r\nContent-Type: text/html; charset=utf-8\r\nETag: W/"[a-f\d]{32}"\r\nTransfer-Encoding: chunked\r\nContent-Length: \d+\r\n\r\n\d+\r\n<!DOCTYPE html> <html lang="en" ng-app="server" ng-strict-di ng-controller="ServerController"> <head> <script type="text/javascript">window\.lang = "en";</script> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="chrome=1, IE=edge"> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="description" content="Repetier-Server (Free|Pro) for 3d printer">% p/Repetier Server $2 3d printer controller/ v/$1/ cpe:/a:hot-world:repetier_server:$1::$2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/plain; charset=utf-8\r\nWww-Authenticate: Basic realm="Authorization Required"\r\nX-Content-Type-Options: nosniff\r\nDate: .* GMT\r\nContent-Length: 15\r\n\r\nNot Authorized\n$| p/Syncthing WebUI/ cpe:/a:syncthing:syncthing/
match http m|^HTTP/1\.1 403 Forbidden\r\nConnection: close\r\nContent-Length: 202\r\n\r\n<\?xml version='1\.0' encoding='UTF-8' \?><teamdrive><httpstatus>403 Forbidden</httpstatus><status>0</status><exception><errorcode>-25012</errorcode><message>Invalid URL: </message></exception></teamdrive>| p/TeamDrive/ cpe:/a:teamdrive:teamdrive/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm="FAST Wireless N Router (FW\d+R)"\r\nContent-Type: text/html\r\n\r\n| p/Fastcom $1 WAP http admin/ d/WAP/ cpe:/h:fastcom:$1/
# port 49152. also Neato Botvac D3 Connected; want more specific matches.
#match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .* GMT\r\n\r\n$| p/Linksys E8350 WAP or TP-LINK router/ cpe:/h:linksys:e8350/a
match http m|^HTTP/1\.0 404 not found\r\nDate: .* GMT\r\nConnection: close\r\nX-UA-Compatible: IE=edge\r\nX-Frame-Options: SAMEORIGIN\r\nCache-control: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 19\r\n\r\n<h1>Not Found</h1>\n| p/Fossil SCM httpd/ cpe:/a:d_richard_hipp:fossil/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html> <head> <title>D-Link VoIP Router</title> <meta http-equiv="Content-Type" content="text/html" >| p/D-Link VoIP Router http admin/ d/VoIP adapter/
match http m|^HTTP/1\.1 200 OK\r\ncontent-type: text/html; charset=utf-8\r\nconnection: close\r\ncache-control: no-cache, must-revalidate\r\ncontent-length: \d+\r\n\r\n<!DOCTYPE html>\n<html>\n<head>\n<title>Tomcat - YourKit Java Profiler ([\d.]+) build (\d+)</title>| p/YourKit Java Profiler/ v/$1 build $2/ cpe:/a:yourkit:java_profiler:$1:$2/
match http m|^HTTP/1\.0 200 OK\r\nContent-length: \d+\r\nContent-type: text/html\r\nCache-Control:no-cache\r\nPragma:no-cache\r\n\r\n<html><head>\r\n<META name="description" content="(WN\w+)">\n| p/Netgear $1 WAP http admin/ d/WAP/ cpe:/h:netgear:$1/a
match http m|^HTTP/1\.1 307 Temporary Redirect\r\nLocation:/login/login\.html\r\nSet-Cookie:bmc\.webapp\.src=/;Path=/;Secure;\r\nDate:\S.*\r\nServer:BMC Client Management (\d[\w.]+)\r\nConnection:Close\r\nContent-Length:0\r\n\r\n| p/BMC Client Management/ v/$1/ cpe:/a:bmc:client_management:$1/
match http m|^HTTP/1\.0 500 Internal Server Error\r\nContent-Length: 0\r\nConnection: close\r\nDate: .*\r\nServer: Sky\r\n\r\n| p/BSkyB router http admin/ d/broadband router/
# The "1.1" is meaningless: this was for version 4.0
match http m|^HTTP/1\.1 [45]01 .*\r\nServer: BlueIris-HTTP/1\.1\r\nDate: .*\r\nP3P:| p/Blue Iris camera webserver/ d/webcam/
match http m|^HTTP/1\.0 302 Found\r\naccess-control-allow-credentials: .*\r\nserver: dglux_server/(\d+)\r\n\r\n|s p/DGLux5/ v/$1/ cpe:/a:dglogik:dglux5:$1/
match http m|^HTTP/1\.1 200 Ok\r\nDate: .*\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Frameset//EN" "http://www\.w3\.org/TR/html4/frameset\.dtd">\n<html>\n\t<head>\n\t\t<TITLE>Web Application Manager</TITLE>\n\t\t<meta http-equiv="Content-Type" content="text/html; charset=gb2312">\n| p/NightOwl DVR http viewer/ d/webcam/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: 14\r\n\nPath Not Found| p/8x8 Virtual Office Desktop/
match http m|^HTTP/1\.0 \d\d\d .*\r\n(?:Location: .*)?\r\nDate: .*\r\nServer: Ericom Access Server x64\r\n| p/Ericom Access Server/ i/arch: x64/ cpe:/a:ericom:access_server/
match http m|^HTTP/1\.0 \d\d\d .*\r\n(?:Location: .*)?\r\nDate: .*\r\nServer: Ericom Access Server\r\n| p/Ericom Access Server/ cpe:/a:ericom:access_server/
# 3.2.5.5 and 4.1.3
match http m|^HTTP/1\.1 404 Not Found\r\nServer: ES Name Response Server\r\nContent-Type: text/html\r\nContent-Length: 9\r\nConnection: close\r\n\r\nNot found| p/ES File Explorer Name Response httpd/ d/phone/ cpe:/a:estrongs:es_file_explorer/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 85\r\nContent-Type: text/html\r\n\r\n<html><head><title>Not Found</title></head><body><h1>404 Not Found</h1></body></html>| p/Proficy License Server/ cpe:/a:ge:intelligent_platforms_proficy_license_server/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: xxxxxxxx-xxxxx\r\nLast-Modified: .*\r\nETag: "[a-f0-9-]{16}"\r\nAccept-Ranges: bytes\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n<html><script type="text/javascript">\nif \(window!=top\) top\.location=window\.location;top\.location="/remote/login";\n</script></html>\n| p/Fortinet Fortiguard 900D SSL VPN/ d/firewall/ cpe:/h:fortinet:fortiguard_900d/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: xxxxxxxx-xxxxx\r\n| p/Fortinet security device httpd/ d/security-misc/
match http m|^HTTP/1\.1 302 Found\r\nLocation: https://:8010/\r\nConnection: close\r\n\r\n$| p/Fortinet FortiGuard block page/ d/security-misc/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Length: 13\r\nConnection: close\r\n\r\nBAD REQUEST :>| p/Flightradar24 fr24feed settings httpd/ cpe:/a:flightradar24:fr24feed/
match http m|^HTTP/1\.0 404\r\nServer: Standard ERP ([\d.]+) \d{4}-\d\d-\d\d\r\nDate: | p/HansaWorld Standard ERP/ v/$1/ cpe:/a:hansaworld:standard_erp:$1/
match http m|^HTTP/1\.1 200 OK\r\nX-UA-Compatible: IE=edge\r\nX-Graylog-Node-ID: [a-f\d-]{36}\r\n(?:Vary: Accept-Encoding\r\n)?Content-Type: text/html\r\nDate: .*\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n| p/Graylog2 web interface/ cpe:/a:graylog:graylog2/
match http m|^HTTP/1\.0 411 Length Required\r\nDate: .*\r\nServer: RedBack Application Server ([\d.]+)\r\n| p/IBM RedBack Application Server SOAP/ v/$1/ cpe:/a:ibm:redback_application_server:$1/
match http m|^HTTP/1\.0 403 Forbidden\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<h1>Forbidden</h1>Rejected request from RFC1918 IP to public server address| p/OpenWrt admin httpd/ i/rejected RFC1918 address/
match http m|^HTTP/1\.1 302 Object Moved\r\nLocation: https://.*\r\nContent-Type: text/html\r\nCache-Control: private\r\nConnection: close\r\n\r\n<head><body> This object may be found <a HREF="https://[^"]*">here</a> </body>| p/Citrix NetScaler https redirect/ d/load balancer/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\n\r\n<HTML>\n<HEAD><META http-equiv="Content-Type" content="text/html; charset=utf-8"><TITLE>Cisco .*>Cisco IP Phone CP-(\d+) \(|s p/Cisco Unified IP Phone httpd/ i/model: $1/ cpe:/h:cisco:unified_ip_phone_$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\n\r\n[A-Z\d]+\r\n<!DOCTYPE html>\n<html lang="en">\n<head>\n  <meta charset="utf-8">\n  <meta http-equiv="X-UA-Compatible" content="IE=edge">\n  <meta name="viewport" content="width=device-width, initial-scale=1\.0">\n  <meta name="description" content="ympd - fast and lightweight MPD webclient">\n  <meta name="author" content="andy@ndyk\.de">| p/ympd/ cpe:/a:ndyk.de:ympd/
match http m|^HTTP/1\.1 303 See Other\r\nLocation : /postage/\r\n\r\n$| p/Workflow Envelope httpd/ cpe:/a:workflow_products:envelope/
match http m|^HTTP/1\.1 200\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html>\n<html lang="en"><!-- See http://www\.w3schools\.com/tags/ref_language_codes\.asp -->\n<head>\n    <meta http-equiv="Content-Type" content="text/html" charset="UTF-8">\n    <title>XX-Net</title>| p/XX-Net web proxy tool/
match http m|^HTTP/1\.1 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=ISO-8859-1\r\nDate: .*\r\nExpires: 0\r\nPragma: no-cache\r\nServer: 4D/([\d.]+)\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN">\n<html>\n<head>\n<title>TOPIX8| p/4D RDBMS web server/ v/$1/ i/TOPIX8 CRM/ cpe:/a:4d_sas:4d:$1/ cpe:/a:topix:topix8/
match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: PHPSESSID=\w+; path=/; secure\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache\r\nContent-type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\nDate: .*\r\nServer: Server\r\n\r\n| p/Ubiquiti Edge router httpd/ d/router/
match http m|^HTTP/1\.1 200 OK\r\nServer: Plack::Handler::Starlet\r\nSet-Cookie: RT_SID_ticket\.([\w._-]+?)\.\d+=| p/Plack Starlet/ i/Request Tracker/ h/$1/ cpe:/a:best_practical:request_tracker/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/plain; charset=utf-8\r\nX-Content-Type-Options: nosniff\r\nDate: .*\r\nContent-Length: 19\r\n\r\n404 page not found\n| p|Golang net/http server| i/Go-IPFS json-rpc or InfluxDB API/ cpe:/a:golang:go/ cpe:/a:influxdata:influxdb/ cpe:/a:protocol_labs:go-ipfs/
match http m=^HTTP/1\.0 200 OK\r.*\nServer: WildFly/(\d+)\r.*\nLiferay-Portal: Liferay (Community|Enterprise) Edition Portal ([\d.]+) (?:[A-Z]E )?([A-Z]{1,2}\d+)=s p/Liferay Portal $2 Edition/ v/$3 $4/ i/JBoss WildFly Application Server $1/ cpe:/a:liferay:liferay_portal:$3:$4:$2/ cpe:/a:redhat:jboss_wildfly_application_server:$1/
# Samsung SL-C430W
match http m|^HTTP/1\.1 200 OK\r\nContent-Type:text/html\r\nExpires: Thu, 1 Jan 1998 00:00:00 GMT\r\nPragma: no-cache\r\nServer: LPC Http Server/V1\.0\r\n.*<TITLE>KONICA MINOLTA Page Scope Web Connection for (\d+)</TITLE>|s p/Konica Minolta $1 printer http admin/ d/printer/ cpe:/h:konicaminolta:$1/a
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control:no-cache\r\nPragma:no-cache\r\nExpires:[smtwf].*\r\n\r\n<!DOCTYPE html>\n<script>\nvar g_Lan=\d+,g_level=\d+,g_year=\d+,g_title='([^']+)';| p/TP-LINK $1 switch http admin/ d/switch/ cpe:/h:tp-link:$1/a
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control:no-cache\r\nPragma:no-cache\r\nExpires:[smtwf].*\r\n\r\n<script>\nvar logonInfo = new Array\(\n\d+,\n0,0\);\nvar g_Lan = \d+;\nvar g_year=\d\d\d\d;| p/TP-LINK switch http admin/ d/switch/
match http m|^HTTP/1\.1 200 OK\r\nCACHE-CONTROL: no-cache\r\nDate: .*\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">\r\n<title>replace</title>\n| p/Huawei WAP http admin/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nCACHE-CONTROL: no-cache\r\nDate: .*\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">\r\n<link rel="icon" type="image/icon" href="/favicon\.ico"/>\n<title>(H\w+)</title>\n| p/Huawei $1 WAP http admin/ d/WAP/ cpe:/h:huawei:$1/a
match http m|^HTTP/1\.1 302 Object Moved\r\nLocation: /vpn/index\.html\r\n(?:Set-Cookie: NSC_[^\r\n]+\r\n)*?Set-Cookie: NSC_AAAC=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure\r\n| p/Citrix NetScaler SSL VPN/ d/security-misc/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: PDR-M800/1\.0\r\nDate: .*\r\nContent-Type: text/plain\r\nCache-Control: no-cache, must-revalidate\r\nPragma: no-cache\r\nExpires: -1\r\nTransfer-Encoding: chunked\r\n(?:Set-Cookie: CMSID=[a-f\d]+\r\n)?WWW-Authenticate: Digest realm="Control", domain="PDVR M800"| p/Sanyo M800 DVR http admin/ d/webcam/ cpe:/h:sanyo:m800/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: ENP-PSNA-WEB/([\d.]+)\r\nWWW-Authenticate: Basic realm="Welcome to PSNA Web/SNMP Agent\. Please use IE5\.0 or higher\. "\r\n| p|Emerson Network Power PSNA Web/SNMP Agent| v/$1/ d/power-misc/ cpe:/h:emersonnetworkpower:psna_web/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Type: text/html\r\nConnection: close\r\nDate: .*\r\nContent-Length: 142\r\n\r\n<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server\.</p></body></html>\n| p/Cisco Meraki firewall httpd/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: 3306\r\nConnection: close\r\n\r\n\xef\xbb\xbf<!DOCTYPE html>\r\n<!--\[if lte IE 8\]><html class="ie ie8" lang="ko"><!\[endif\]-->\r\n<!--\[if gte IE 9\]><html class="ie ie9" lang="ko"><!\[endif\]-->\r\n<html lang="ja">| p/Humax HG100R router http admin/ d/broadband router/ cpe:/h:humax:hg100r/
match http m|^HTTP/1\.1 200 OK\nContent-Type: text/html;charset=windows-1252\nContent-Length: \d+\n\n<HTML>\r\n<HEAD>\r\n<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">\r\n<TITLE>DYMO LabelWriter Print Server</TITLE>| p/DYMO LabelWriter http admin/ d/print server/
match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\n\r\n<html><head><title>hue personal wireless lighting</title></head><body><b>Use a modern browser to view this resource\.</b></body></html>| p/Philips Hue wireless lighting bridge/ cpe:/h:philips:hue_bridge/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: Fri, 18 Jul 1980 22:23:36 GMT\r\nLast-Modified: Fri, 18 Jul 1980 22:23:36 GMT\r\nExpires: Fri, 18 Jul 1980 22:23:36 GMT\r\nServer: Z-World Rabbit\r\nConnection: close\r\nCache-Control: no-cache no-store\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm="FireEye Bypass Switch"\r\n\r\n| p/Z-World Rabbit microcontroller httpd/ i/FireEye AFO Bypass switch/ d/switch/
match http m|^HTTP/1\.0 200 OK \r\nCache-Control: no-cache\r\nContent-type: text/html\r\n\r\n<html>\r\n<head>\r\n<title id="titl">Login</title>| p/Atlona AT-UHD-CLSO-612 video scaler httpd/ d/media device/ cpe:/h:atlona:at-uhd-clso-612/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<!doctype html>\n<html dir="ltr" lang="en">\n\n<head>\n    <meta charset="utf-8">\n    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">\n    <meta http-equiv="X-UA-Compatible" content="IE=edge">\n    <meta name="viewport" content="width=device-width, initial-scale=1\.0, maximum-scale=1\.0, user-scalable=no" />\n    <title>NGFW Authentication</title>| p/Forcepoint Stonesoft NGFW http admin/ d/firewall/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\n\r\n<html>\r\n<head>\r\n<title>ACURITE Weather Station</title>| p|Microchip Libraries of Applications TCP/IP Stack httpd| i/ACURITE weather station/ cpe:/a:microchip_technology_inc:mla/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .*\r\nServer: Linux/([\d.]+) Sony-BDV/([\d.]+)\r\n\r\n| p/Sony BDV media center httpd/ v/$2/ d/media device/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/a
match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nDate: .*\r\nX-AV-Client-Info\.sony\.com: av=([\d.]+); cn="Sony Corporation"; mn="([^"]+)"; mv="([\d.]+)";\r\n| p/Sony $2 http media client/ i/av=$1; mv=$3/ d/media device/ cpe:/h:sony:$2/
match http m|^HTTP/1\.1 200 \r\nContent-Type: text/html;charset=UTF-8\r\nDate: .*\r\nConnection: close\r\n\r\n\n\n\n<!DOCTYPE html>\n<html lang="en">\n    <head>\n {8}<meta charset="UTF-8" />\n {8}<title>Apache Tomcat/(\d[\w._-]+)</title>| p/Apache Tomcat/ v/$1/ cpe:/a:apache:tomcat:$1/a
match http m|^HTTP/1\.1 200 \r\nAccept-Ranges: bytes\r\nETag: W/"[^"]+"\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n<\?xml version="1\.0" encoding="ISO-8859-1"\?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN"\n   "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\n<html xmlns="http://www\.w3\.org/1999/xhtml" xml:lang="en" lang="en">\n<head>\n    <title>Apache Tomcat</title>| p/Apache Tomcat/ cpe:/a:apache:tomcat/a
match http m|^HTTP/1\.0 200 OK\r\nConnection: Keep-Alive\r\nContent-Type: text/xml\r\nContent-Length: \d+\r\nX-Transcend-Version: 1\r\n\r\n<\?xml version="1\.0" encoding="UTF-8"\?>\n<config-auth client="vpn" type="auth-request">\n<version who="sg">0\.1\(1\)</version>\n<auth id="main">\n<message>Please enter your username</message>\n<form method="post" action="/auth">\n<input type="text" name="username" label="Username:" />\n</form></auth>\n</config-auth>| p/OpenConnect Server httpd/ cpe:/a:infradead:ocserv/
match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: webvpncontext=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure\r\nContent-Type: text/xml\r\nContent-Length: \d+\r\nX-Transcend-Version: 1\r\n\r\n| p/OpenConnect Server httpd/ cpe:/a:infradead:ocserv/
match http m|^HTTP/1\.0 505 HTTP Version not supported\r\nDate: .*\r\nAccept-Ranges: bytes\r\nContent-Length: 0\r\n\r\n| p/iOS Call Recorder httpd/ o/iOS/ cpe:/a:yaniv_danan:ioscallrecorder/ cpe:/o:apple:iphone_os/a
match http m|^HTTP/1\.1 303 See Other\r\nLocation: /logon\.htm\r\nContent-Length: 0\r\nServer: Intel\(R\) Management & Security Application ([\d.]+)\r\n\r\n| p/Intel Management & Security Application httpd/ v/$1/ cpe:/a:intel:management_engine_components:$1/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Type: application/json; charset=utf-8\r\nDate: .*\r\nServer: kong/([\d.]+)\r\n| p/Kong http reverse-proxy/ v/$1/ cpe:/a:mashape:kong:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/plain; charset=utf-8\r\nWww-Authenticate: Basic realm="kubernetes-master"\r\nX-Content-Type-Options: nosniff\r\nDate: .*\r\nContent-Length: 13\r\n\r\nUnauthorized\n| p/Kubernetes master node httpd/ cpe:/a:kubernetes:kubernetes/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: application/json\r\nDate: .*\r\nConnection: close\r\n\r\n\{"tinylr":"Welcome","version":"([\d.]+)"\}| p/tinylr httpd/ v/$1/ cpe:/a:mickael_daniel:tinylr:$1/
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nContent-Length: 0\r\n\r\n$| p/AppDynamics EUM server or Apache Mesos slave/
match http m|^HTTP/1\.1 200 OK\r\nAccess-Control-Allow-Origin: \*\r\nContent-Length: 81\r\n\r\nThis is a Minecraft server\. HTTP on this port by JSONAPI\. JSONAPI by Alec Gorge\.\n| p/Minecraft JSONAPI/ cpe:/a:alec_gorge:jsonapi/
# Trying again with SSL will probably yield server headers with versions.
match ssl m|^<html>\n<head>\n<script>\n\tvar redirect = "https://" \+ window\.location\.host;\n\tfunction redirectPage\(\) \{\n\t\twindow\.location\.href= redirect;\n\t\}\n</script>\n<noscript>\n\t<META http-equiv='Refresh' content='0; URL=https://[^']*'>\n</noscript>\n</head>\n\n<body onLoad="redirectPage\(\);">\nRedirecting to SSL secured connection\.\n<p>| p/Plesk Parallels Virtual Automation https redirect/
match http m|^HTTP/1\.1 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: Powered by Highwinds-Software\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nX-HW:|s p/Highwinds CDN httpd/
match http m|^HTTP/1\.[01] 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: \d+\r\nCache-Control: max-age=0, no-store, no-cache\r\nx-enc: Ext1, Basic\r\nServer: Dell (\w+) Mono MFP, sn=(\w+)\r\n\r\n| p/Dell $1 printer httpd/ i/serial: $2/ d/printer/ cpe:/h:dell:$1/a
match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: https?:///hub/\r\nContent-Length: 0\r\n\r\n| p/Qlik Sense httpd/ cpe:/a:qlik:qlik_sense/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Cricut Hyperion v([\d.]+)\r\n.*"Plugin" : \n\t\{\n\t\t"Debug" : false,\n\t\t"Version" : "([\d.]+)"\n\t\},|s p/Cricut Hyperion httpd/ v/$1/ i/Plugin version $2/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\nContent-Length: \d+\r\nDate: .*\r\n\r\n<HTML>\r\n<BODY>\r\n<center><font size=6>Reports Server 'RK\d+SRV' \(PID: \d+, Version: ([\d.]+)\)</font>| p/R-Keeper Reports Server/ v/$1/ cpe:/a:ucs:r-keeper:$1/
match http m|^HTTP/1\.0 200 Ok\r\nServer: jjhttpd v([\d.]+)\r\n| p/jjhttpd/ v/$1/ i/D-Link or TRENDNet WAP/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nServer: WindRiver-WebServer/([\d.]+)\r\nConnection: close\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm="[^"]+"\r\n\r\n.*Device Information</FONT></B>\r\n<p ALIGN=center><B><font color="#FFFFFF" size="4">Cisco IP Phone CP-(\d+) \(|s p/WindRiver WebServer/ v/$1/ i/Cisco IP Phone $2/ d/VoIP phone/ cpe:/h:cisco:unified_ip_phone_$2/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html \r\nSet-Cookie: P4W\d+=([^;\r\n]+); expires=Fri, 1-Dec-1999 23:59:59 GMT; path=/ \r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.0 Transitional//EN"\n"http://www\.w3\.org/TR/REC-html40/loose\.dtd">\n<Html>\n<Head>\n<Title>P4Web - Login</Title>| p/Perforce P4Web httpd/ i/name: $1/ cpe:/a:perforce:p4web/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nServer: TR069 client CLI Server\r\nConnection: close\r\n\r\n| p/Alcatel-Lucent I-240W-A WAP TR069/ d/WAP/ cpe:/h:alcatel-lucent:i-240w-a/a
match http m|^HTTP/1\.1 200 OK\r\nExpires: .*\r\nDate: .*\r\nContent-type: text/html\r\n\r\n<\?xml version="1\.0" encoding="iso-8859-1"\?>\n<!DOCTYPE html PUBLIC\n    "-//W3C//DTD XHTML 1\.0 Transitional//EN"\n    "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\n\n<html style="overflow:hidden" xmlns="http://www\.w3\.org/1999/xhtml">\n\n<head>\n<!--\n\*{74}\n\* \(C\) Copyright 2\d\d\d-2\d\d\d Hewlett-Packard Development Company, L\.P\.\n| p/HP Integrated Lights-Out https redirector/ d/remote management/ cpe:/h:hp:integrated_lights-out/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<html><head><title>FlexiServer</title>| p/NCH FlexiServer/ cpe:/a:nchsoftware:flexiserver/
match http m|^HTTP/1\.1 200 OK\r\nServer: streamEye/(\d[\w._-]*)\r\n| p/streamEye MJPEG streaming httpd/ v/$1/ cpe:/a:calin_crisan:streameye:$1/
match http m|^HTTP/1\.1 302 Found\r\nConnection: Keep-Alive\r\nServer: (\w+) IP PRO/([\d.]+)\r\n| p/Siemens Gigaset $1 DECT phone httpd/ v/$2/ d/VoIP phone/ cpe:/h:siemens:gigaset_$1/
match http m|^HTTP/1\.0 403 Forbidden\r\nDate: .*\r\nServer: RealPlayer Cloud Service/([\d.]+) \(win-x86-vc10\)\r\nPragma: no-cache\r\nContent-Type: application/json\r\n| p/RealPlayer Cloud httpd/ v/$1/ o/Windows/ cpe:/a:real:realplayer_cloud:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\+00:00\r\nServer: HttpServer/([\d.]+)\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html>\r\n<html lang="en">\r\n<head>\r\n    <meta charset="UTF-8">\r\n    <title>CM Transfer</title>| p/CM Transfer HttpServer/ v/$1/ cpe:/a:cheetah_mobile_cloud:cm_transfer:$1/
match http m|^HTTP/1\.[01] 401 Unauthorized\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nDate: .*\r\nServer: Moonware\.MiniHttpd/([\d.]+)\r\n| p/Moonware MiniHttpd/ v/$1/ cpe:/a:moonware:netcam_studio:$1/
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: .*\r\nServer: sky\r\n\r\n| p/Sky+HD photo display httpd/ d/media device/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: https:///\r\nContent-length: 0\r\n\r\n$| p/Compact IP-DECT Base Station/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nConnection: close\r\nPragma: no-cache\r\nExpires: Fri, 01 Jan 1971 00:00:00 GMT\r\nCache-Control: no-cache, must-revalidate\r\nP3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"\r\nLocation: https://portal\.moovmanage\.com/| p/FleetConnect MoovManage WiFi gateway/ d/WAP/
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .* GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 0\r\n\r\n| p/AgileBits 1Password 3/ cpe:/a:agilebits:1password/
match http m|^HTTP/1\.1 200 Ok\r\nDate: .* GMT\r\nAccept-Ranges: bytes\r\nConnection: close\r\nLast-Modified: .* GMT\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\n\r\n\xef\xbb\xbf<html>\n<head>\n<meta http-equiv="Content-type" CONTENT="text/html; charset=UTF-8">\n<script type="text/javascript" src="/js/variable_6\.js"></script>| p/AirLive POE-100HD webcam http admin/ d/webcam/ cpe:/h:airlive:poe-100hd/a
match http m|^HTTP/1\.1 303 See Other\r\nLocation: /logon\.htm\r\nContent-Length: 0\r\nServer: AMT\r\n\r\n| p/Intel Active Management Technology http admin/ d/remote management/ cpe:/h:intel:active_management_technology/
match http m|^HTTP/1\.0 403 Forbidden\r\nContent-Type: text/plain; charset=utf-8\r\nX-Content-Type-Options: nosniff\r\nDate: .* GMT\r\nContent-Length: 17\r\n\r\nHost check error\n| p/Syncthing Web UI/ cpe:/a:syncthing:syncthing/
match http m|^HTTP/1\.1 200 OK\r\nPragma: no-cache\r\nCache-Control: no-cache, must-revalidate\r\nExpires: Thu, 27 Dec 1986 07:30:00 GMT\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2\.0//EN"><html><head><title>APE Server</title></head><body><h1>APE Server</h1><p>No command given\.</p><hr><address>http://www\.ape-project\.org/ - Server (\d[\w._-]+) \(Build ([^\)]+)\)</address></body></html>| p/APE Comet Server/ v/$1/ i/build: $2/ cpe:/a:ape_project:ape_server:$1/
match http m|^HTTP/1\.1 200 OK\r\n(?:Content-Type: text/html\r\n)?Server: Virtual Web ([\d.]+)\r\n| p/ZyXEL Virtual Web httpd/ v/$1/ d/WAP/
match http m|^HTTP/1\.1 200 OK\r\nServer: Coturn-([\d.]+) '[^']+'\r\n| p/Coturn TURN server http admin/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: RealTimes Desktop Service/(\d[\w._-]+) \(win-(x[^-]+)-vc\d+\)\r\n| p/RealPlayer RealTimes Desktop Service/ v/$1/ i/arch: $2/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Length: 185\r\nContent-Type: text/html; charset=UTF-8\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang="en">\n<head>\n<meta charset="utf-8"/>\n<title>EasyAntiCheat</title></head>\n<body>\n<div style="text-align:center"><p>400 - Bad Request</p>\n</div>\n</body>\n</html>| p/EasyAntiCheat/ cpe:/a:easyanticheat:easyanticheat/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: EgdLws ([\d.]+)\r\n|s p/GE Ethernet Global Data Configuration Server/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN" "http://www\.w3\.org/TR/html4/loose\.dtd">\n<html><HEAD><TITLE>get_iplayer Web PVR Manager (\d[\w._-]+)</TITLE>| p/get_iplayer web UI/ v/$1/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/plain; charset=utf-8\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nDate: .*\r\nContent-Length: 19\r\n\r\n404 page not found\n| p/Gophish httpd/ cpe:/a:jordan_wright:gophish/
match http m|^HTTP/1\.0 302 Found\r\nLocation: /login\r\nSet-Cookie: _gorilla_csrf=[^;]+; HttpOnly; Secure\r\nVary: Accept-Encoding\r\nVary: Cookie\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<a href="/login">Found</a>| p/Gophish httpd/ cpe:/a:jordan_wright:gophish/
match http m|^HTTP/1\.1 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: .*\r\netag: W/"[-\da-f]+"\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: \d+\r\ndate: .*\r\nconnection: close\r\n\r\n<!DOCTYPE html>\n<html>\n  <head>\n    <title>hotel</title>| p/hotel web process manager/ i/Node.js Express framework/ cpe:/a:nodejs:node.js/ cpe:/a:typicode:hotel/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .* GMT\r\nServer: darkhttpd/(\d[\w._-]+)\r\n| p/darkhttpd/ v/$1/ cpe:/a:emil_mikulic:darkhttpd:$1/
match http m%^HTTP/1\.1 401 Unauthorized\r\nServer: Aragorn\r\nWWW-Authenticate: Basic realm="(Mitel|Aastra) (\w+(?: CT)?)"\r\n% p/$1 $2 VoIP phone http admin/ d/VoIP phone/ cpe:/h:$1:$2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Digest realm="Use 'live' as User Name in order to log in to the respective level",nonce="[a-f0-9]{32}",opaque="",stale=FALSE,algorithm=MD5,qop="auth"\r\n\r\n| p/Bosch DINION IP Bullet 5000 webcam http admin/ d/webcam/ cpe:/h:bosch:ip_bullet_5000/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: Webbit\r\nDate: .* ([A-Z]+)\r\nContent-Length: 0\r\n\r\n| p/Webbit httpd/ i/time zone: $1/ cpe:/a:joewalnes:webbit/
match http m|^HTTP/1\.0 200 Ok\r\nContent-Type: text/html\r\nServer: httpd\r\n.*<title>[^<]* \(build (\d+)\) - Info</title>|s p/DD-WRT milli_httpd/ i/build $1/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
# Estos MetaDirectory, but version is not for MetaDirectory
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: ESTOS WebServer/([\d.]+)\r\n| p/Estos GMBH webserver/ v/$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: IP Speaker Web interface\r\nContent-type: text/html\r\nContent-length: \d+\r\nConnection: close\r\n\r\n.*<title>IP Speaker ([a-f\d]{2})([a-f\d]{2})([a-f\d]{2})([a-f\d]{2})([a-f\d]{2})([a-f\d]{2}) at |s p/Advanced Network Devices IP Speaker web interface/ i/MAC: $1:$2:$3:$4:$5:$6/ d/media device/ cpe:/a:advanced_network_devices:ip_speaker/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: Tableau\r\n\r\n| p/Tableau API server/ cpe:/a:tableausoftware:tableau_server/
match http m|^HTTP/1\.1 404 No Encontrado\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: Tableau\r\n\r\n| p/Tableau API server/ i/Spanish/ cpe:/a:tableausoftware:tableau_server::::es/
match http m|^HTTP/1\.1 404 Introuvable\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: Tableau\r\n\r\n| p/Tableau API server/ i/French/ cpe:/a:tableausoftware:tableau_server::::fr/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nLast-Modified: .*\r\nDate: .*\r\nContent-Length: 83\r\n\r\n<pre>\n<a href="db/">db/</a>\n<a href="fingerprint\.json">fingerprint\.json</a>\n</pre>\n| p/EliasDB/ cpe:/a:matthias_ladkau:eliasdb/
# Not sure if this is Wink Hub or just node.js
match http m|^HTTP/1\.1 401 not authorized\r\ncontent-length: 28\r\ncontent-type: application/json\r\nDate: .*\r\nConnection: close\r\n\r\n\{"message":"not authorized"\}| p/Wink Hub 2 API httpd/ d/specialized/ cpe:/h:wink:hub_2/
match http m|^HTTP/1\.1 401 not authorized\r\ncontent-length: 33\r\ncontent-type: application/json\r\nDate: .*\r\nConnection: close\r\n\r\n\{"description":"not authorized"\}\n| p/Wink Hub 2 API httpd/ d/specialized/ cpe:/h:wink:hub_2/
match http m|^HTTP/1\.0 200 OK\r\n(?:X-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1\r\n)?Content-Type: text/html; charset=utf-8\r\nLast-Modified: .*\r\nExpires: 0\r\nPragma: no-cache\r\nConnection: close\r\n\r\n(?:\r\n)?<!DOCTYPE html>(?:\r\n)+<html>\r\n *<head>\r\n *<meta charset="UTF-8"(?: /)?>\r\n *<meta name="ROBOTS" content="NOINDEX, FOLLOW" />\r\n *(?:<meta name="viewport" content="initial-scale=1,user-scalable=no,maximum-scale=1,width=device-width" />\r\n *)?<title>WorldClient</title>\r\n\t *<link rel="shortcut icon" href="[^"]+\.ico\?v=([\d.]+)| p/Alt-N MDaemon webmail/ v/$1/ cpe:/a:altn:mdaemon:$1/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: antid\r\nDate: .* \d\d\d\d\r\nWWW-Authenticate: Digest realm="KEENETIC LITE", qop="auth", nonce="[0-9a-f]{32}", opaque="[0-9a-f]{32}", algorithm="MD5", stale="FALSE"\r\n| p/antid httpd/ i/ZyXEL Keenetic Lite WAP/ d/WAP/
match http m|^HTTP/1\.0 200 Ok\r\nServer: ZiBASE([\d.]+)\r\n| p/Zodianet ZiBASE home automation httpd/ v/$1/ d/specialized/
match http m|^HTTP/0\.0 501 Not Implemented\r\nServer: ZiBASE([\d.]+)\r\n| p/Zodianet ZiBASE home automation httpd/ v/$1/ d/specialized/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: server\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>404 Not Found</title>\r\n</head>\r\n<body>\r\n<h1>Not Found</h1>\r\n</body>\r\n</html>\r\n| p/Pentax K-1 camera httpd/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nCache-Control: no-store\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: \d+\r\n\r\n<script>RT='/(DGS-\d\w+(?:-\d+))_([\d.]+)/';</script>| p/D-Link $1 switch http admin/ v/$2/ d/switch/ cpe:/h:dlink:$1/a
match http m|^HTTP/1\.0 4\d\d .*\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\nDate: .*\r\n\r\n\n\n<!DOCTYPE html>\n<html lang="en">\n    <head>\n        <title>[^<]+</title>\n        <link rel="shortcut icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAlFJREFUeNqUU8tOFEEUPVVdNV3dPe8xYRBnjGhmBgKjKzCIiQvBoIaNbly5Z\+PSv3Aj7DSiP2B0rwkLGVdGgxITSCRIJGSMEQWZR3eVt5sEFBgTb| p/Play Framework/ cpe:/a:zenexity:play_framework/
# Collaborator version is not Burp Suite version
match http m|^HTTP/1\.1 200 OK\r\nServer: Burp Collaborator https://burpcollaborator\.net/\r\nX-Collaborator-Version: ([\d.]+)\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n| p/Burp Collaborator/ v/$1/ cpe:/a:portswigger:burp_suite/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nServer: IP Webcam Server ([\d.]+)\r\nCache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0\r\nPragma: no-cache\r\nExpires: -1\r\n| p/IP Webcam Android app/ v/$1/ d/phone/ cpe:/a:com.pas:webcam:$1/

# version strings show up sometimes, but not reliable and not reflecting actual firmware version.
match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\nDate: .* GMT\r\nLast-Modified: .* GMT\r\nEtag: "\d+:[a-f\d]+"\r\nCONTENT-LENGTH: \d+\r\nCACHE-CONTROL: max-age=0\r\nCONTENT-TYPE: text/html\r\n\r\n<!DOCTYPE html>\r\n<html>\r\n<head>\r\n    <title></title>| p/Amcrest IP camera http interface/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\n(?:Date: .*\r\nLast-Modified: .*\r\nEtag: "\d+:[\da-f]+"\r\n)?CONTENT-LENGTH: \d+\r\n(?:P3P: CP=CAO PSA OUR\r\n)?(?:CACHE-CONTROL: max-age=0\r\n)?CONTENT-TYPE: text/html\r\n\r\n\xef\xbb\xbf<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\r\n<html> *\r\n *<head>\r\n *<title>| p/Dahua webcam httpd/ d/webcam/
match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\n(?:Date: .*\r\nLast-Modified: .*\r\nEtag: "\d+:[\da-f]+"\r\n)?CONTENT-LENGTH: \d+\r\n(?:P3P: CP=CAO PSA OUR\r\n)?(?:CACHE-CONTROL: max-age=0\r\n)?CONTENT-TYPE: text/html\r\n\r\n\xef\xbb\xbf<!DOCTYPE html(?: PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd")?>\r\n<html> *\r\n *<head>\r\n *<title>| p/Dahua webcam httpd/ d/webcam/

match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\nCONTENT-LENGTH: \d+\r\nCONTENT-TYPE: text/html\r\n\r\n\xef\xbb\xbf<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r\n<html> \r\n<head>\r\n<title>WEB SERVICE</title>| p/ADT Home Security web management interface/ d/security-misc/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nConnection: Close\r\nLocation: /admin/\r\nCache-Control: no-store,no-cache,must-revalidate\r\nPragma: no-cache\r\nExpires: -1\r\nLast-Modified: Mon, 12 Jan 2000 13:42:42 GMT\r\nContent-Type: text/html\r\n\r\n| p/Netasq firewall http admin/ d/firewall/
match http m|^HTTP/1\.1 203 Non-Authoritative Information\r\nContent-Type: text/html\r\nServer: AudioCodes Web Server/ \r\n| p/AudioCodes Session Border Controller httpd/ d/security-misc/
# Version is not nVision version
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Axence nVision WebAccess HTTP Server/(\d[\w._-]+)\r\n|s p/Axence nVision WebAccess httpd/ v/$1/ o/Windows/ cpe:/a:axence:nvision/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 302 Found\r\nDate: .*\r\nLocation: /home\.fcgi\r\nContent-Type: text/plain\r\nContent-Length: 24\r\n\r\nRedirected to /home\.fcgi| p/Legrand Nuvo audio player/ d/media device/
# https://github.com/ael-code/daikin-control
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Length: 30\r\nContent-Type: text/plain\r\n\r\nret=PARAM NG,msg=404 Not Found| p/Daikin air conditioning unit REST API httpd/ d/specialized/
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest  realm="spa user", domain="/",nonce="[0-9a-f]{40}",opaque="[0-9a-f]{40}",algorithm="MD5",qop="auth"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n  <head>\n    <title>Cisco SPA Configuration</title>| p/Cisco SPA IP phone http config/ d/VoIP phone/
match http m|^HTTP/1\.[01] .*\r\nServer: Interlogix-Webs\r\n| p/Interlogix TruVision DVR web interface/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: ADB Broadband HTTP Server\r\n| p/ADB Broadband embedded httpd/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nEtag: "[\da-f]+\.\d+"\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\nAccept-Ranges: bytes\r\n\r\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Transitional//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\r\n<html xmlns="http://www\.w3\.org/1999/xhtml"><head>\r\n<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">\r\n<title>Gateway</title>\r\n<link rel="icon" type="image/png" href="assets/favico\.png">| p/Abode home security gateway/ d/security-misc/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nLocation: /ide\.html\r\nDate: .* GMT\r\nConnection: close\r\n\r\n| p/Cloud9 IDE/ cpe:/a:cloud9:cloud9_ide/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nCache-Control: private, no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0\r\nExpires: 0\r\nPragma: no-cache\r\n\r\n<!DOCTYPE html><html><head><title>ZentriOS Web App</title>| p/ZentriOS Web App/ o/ZentriOS/ cpe:/o:zentri:zentrios/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: HTTP://[^:]+:\d+/printer/index\.html\r\n| p/Zebra ZTC 105SL printer http admin/ d/printer/ cpe:/h:zebra:ztc_105sl/a
match http m|^HTTP/1\.1 404 Not Found\r\nServer: Keil-EWEB/(\d[\w._-]*)\r\nContent-type: text/html\r\nConnection: close\r\n\r\n<head><title>DNS8 Web Server Error</title>| p/Keil Embedded Web Server/ v/$1/ i/Cedar Audio DNS 8 noise supressor/ d/media device/ cpe:/a:keil:eweb:$1/ cpe:/a:keil:rl-arm/ cpe:/h:cedar_audio:dns_8/
match http m|^HTTP/1\.0 400 Bad Request\r\nSERVER: Parrot\r\nCONTENT-TYPE: text/html\r\nCONTENT-LENGTH: \d+\r\n\r\n<html><head><title>400 Bad Request</title></head><body></body></html>| p/Parrot S.A. embedded httpd/
match http m|^HTTP/1\.1 404 Not Found\r\nX-Powered-By: SoundTouch REST Music Server\r\nContent-Type: application/json; charset=utf-8\r\n| p/Bose SoundTouch Music Server REST API/
match http m|^HTTP/1\.0 \d\d\d .*\r\n(?:Date: .*\r\n)?Server: ZTE Web Server/1\.0\.0\r\n| p/ZTE broadband router admin httpd/ d/broadband router/
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: (\S+)\r\nDate: [a-z]{3}, \d\d [a-z]{3} \d\d\d\d \d\d:\d\d:\d\d GMT\r\nContent-Length: 0\r\nConnection: Close\r\n\r\n$| p/Huawei switch admin httpd/ d/switch/ h/$1/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html;charset=BIG5\r\nContent-Length: 677\r\n\r\n<html>  <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" > <title>VoIP Gateway</title> </head>\r\n <frameset rows="110,\*" framespacing="0" border="0" frameborder="0" id="FRAME_ROWS" >| p/Octtel SP4220 VoIP Gateway/ d/VoIP adapter/
match http m|^HTTP/1\.0 200 OK\r\n(?:Connection: close\r\n)?Server: fec/1\.0 \(Funkwerk BOSS\)\r\n| p/Funkwerk embedded httpd/ o/Funkwerk BOSS/ cpe:/o:funkwerk:boss/
match http m|^HTTP/1\.0 200 OK\r\n(?:Connection: close\r\n)?Server: boss/1\.0 \(BOSS\)\r\n| p/Funkwerk embedded httpd/ o/Funkwerk BOSS/ cpe:/o:funkwerk:boss/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: \d+\r\nSet-Cookie: HTTP_SESSION_ID=[a-f0-9]{32}; path=/;\r\nWWW-Authenticate: Basic realm="Modem \(Administrator, password=WepKey\)"\r\n\r\n<HTML><HEAD><TITLE>HTTP/1\.0 401 Authorization Required</TITLE></HEAD><BODY>\r\n<H1>HTTP/1\.0 401 Authorization Required</H1>\r\n</BODY></HTML>\r\n| p/Telmex modem admin httpd/ d/broadand router/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nContent-Encoding: gzip\r\nServer: Sentry360 \r\n\r\n| p/Sentry360 FS-IP5000 camera httpd/ d/webcam/ cpe:/h:sentry360:fs-ip5000/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nETag: "1899773965"\r\nLast-Modified: [^\r\n]*\r\nContent-Length: \d+\r\nConnection: close\r\nDate: [^\r\n]*\r\nServer: httpd\r\n\r\n.*<title>Speco IP Camera</title>|s p/Speco IP camera httpd/ d/webcam/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IQinVision Embedded 1\.0\r\nWWW-Authenticate: Basic realm="([^"]+)"\r\n| p/IQinVision embedded httpd/ i/realm: $1/ d/webcam/
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm="VR-8xx"\r\nCache-control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\nDate: .*\r\nServer: JVC VR-809/816 API Server/1\.0\.0\r\n| p/JVC VR-800-series DVR admin httpd/ d/storage-misc/
match http m|^HTTP/1\.1 200 OK\r\nDate: Sat, 22 Oct 2016 15:45:40 GMT\r\nServer: http server 1\.0\r\nContent-type: text/html; charset=UTF-8\r\nLast-modified: Thu, 01 Sep 2016 02:17:20 GMT\r\nAccept-Ranges: bytes\r\nContent-length: 580\r\nVary: Accept-Encoding\r\nConnection: close\r\n\r\n<html style="background:#007cef">\n<head>\n| p/OwnCloud NAS/ d/storage-misc/ cpe:/a:owncloud:owncloud/
match http m|^HTTP/1\.1 404 Not Found\r\nServer: Linux, HTTP/1\.1, MyNet(N\d+) Ver ([\d.]+)\r\nDate:| p/Western Digital MyNet $1 NAS httpd/ v/$2/ d/storage-misc/ cpe:/h:wdc:my_net_$1/ cpe:/o:wdc:my_net_firmware:$2/
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nWWW-Authenticate: Basic realm="\."\r\nContent-Type: text/html; charset=%s\r\nConnection: close\r\n\r\n\t\+<html>\n\+<head><title>401 Unauthorized</title></head>\n\+<body>\n\+<h3>401 Unauthorized</h3>\nAuthorization required\.\n </body>\n </html>\n| p/mini_httpd/ i/m0n0wall http admin/ cpe:/a:acme:mini_httpd/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nConnection: close\r\nDate: [^\r\n]+\r\n\r\n<!--\r\n<!DOCTYPE html PUBLIC.*<META NAME="ATEN International Co Ltd\." CONTENT="\(c\) ATEN International Co Ltd\. \d\d\d\d">|s p|ATEN/Supermicro IPMI web interface| d/remote management/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nContent-Length: \d\d?\r\nContent-Type: text/plain; charset=utf-8\r\n\r\nnixy (\d[\w._-]*)\n| p/Nixy/ v/$1/ cpe:/a:benjamin_martensson:nixy:$1/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nAccess-Control-Allow-Origin: \*\r\nAccess-Control-Allow-Methods: GET, POST, PUT\r\n\r\n\xef\xbb\xbf<!doctype html>\r\n<html>\r\n    <head>\r\n        <meta http-equiv="content-type" content="text/html; charset=utf-8">\r\n        <meta name="viewport" content="width=device-width, initial-scale=0\.7" />\r\n        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">\r\n        <title>Web-Modul</title>| p/Samson TROVIS 5590 web module/ cpe:/h:samson:trovis_5590/
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nContent-Type: text/html; charset=iso-8859-1\r\nDate: .*\r\nLast-Modified: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\n(?:Cache-Control: no-cache,no-store\r\n(?:Cache-Control: max-age=86400\r\nExpires: .*\r\n)?)?WWW-Authenticate: Basic realm="restricted (?:devolo )?configuration website"\r\n\r\n| p/Devolo access point http admin/ d/WAP/
match http m|^HTTP/1\.1 302 Moved Temporarily\r\nLocation: http://[^:]*:9527/\r\n\r\nHTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\n\r\n| p/Kathrein SAT>IP-Server http admin/ d/specialized/
match http m|^HTTP/1\.1 401 OK\nWWW-Authenticate: Basic realm="PowerDNS"\nConnection: close\nContent-type: text/html; charset=UTF-8\n\nPlease enter a valid password!\n| p/PowerDNS stats httpd/ cpe:/a:powerdns:powerdns/
match http m|^HTTP/1\.1 302 Found\r\nLocation: http://[^/]+/solr/\r\n\r\n| p/Apache Solr/ cpe:/a:apache:solr/
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nDate: .*\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<META http-equiv="Content-Type" content="text/html; charset=UTF-8" />\n<link rel="icon" type="image/icon" href="/favicon\.ico"/>\n<script language="JavaScript" src="\.\./js/util\.js"></script>\n<script language="JavaScript" src="\.\./js/webtoolkit\.sha256\.js"></script>\n<script language="JavaScript" src="/lang/msgerrcode\.res"></script>\n| p/Huawei ADSL modem http admin/ d/broadband router/
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Length: 22\r\nConnection: close\r\nLocation: /portal/index\.html\r\nContent-Type: text/plain\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n302 Moved Temporarily\n| p/Barracuda NextGen Firewall SSL VPN/ d/security-misc/
match http m|^HTTP/1\.1 200 OK \r\nCache: no-cache\r\nContent-Type: text/plain\r\nContent-Length: 4\r\n\r\nOK\r\n| p/NeoRouter SSL VPN/ d/security-misc/
match http m@^HTTP/1\.1 302 Found\r\nDate: .*\r\nServer: unknown\r\nLocation: https://[^/]+/__extraweb__EPCmicrointerrogatorpage\?success=%2F__extraweb__EPCmicrointerrogatordata%3Fsuccess%3D%252F__extraweb__realmform%253Fresource%253D((?:[^%]+|%(?!2526))+?)%2526alias%253D([\w._-]+)%2526r0%253D@ p/SonicWall SSL VPN/ i|resource: $SUBST(1,"%25252F","/")| h/$2/
match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nServer: WatchGuard\r\nContent-Length: \d+\r\nExpires: Sun, 28 Jan 2007 00:00:00 GMT\r\nVary: Accept-Encoding\r\nLocation: https://[^/]+/quarantine\r\nPragma: no-cache\r\nSet-Cookie: session_id=| p/WatchGuard Quarantine Server/ cpe:/a:watchguard:quarantine_server/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: ZNC (\d[\w._-]*)(?:\+\S+)? - http://znc\.in\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\n| p/ZNC IRC webadmin/ v/$1/ cpe:/a:znc:znc:$1/
match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]*\r\nLast-Modified: [^\r\n]*\r\nEtag: "[a-f0-9]+\.[a-f0-9]+"\r\nContent-Type: text/html\r\nCache-Control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0\r\nExpires: 0\r\nPragma: no-cache\r\nVary: \*\r\nContent-Length: \d+\r\nConnection: close\r\nAccept-Ranges: bytes\r\n\r\n.*<title>Triax - Setup Service Tool</title>|s p/Triax telecom equipment setup httpd/
match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: close\r\n\r\n\{"rtn":108545,"msg":""\}| p/Thunder Xware/
match http m|^HTTP/1\.1 200 OK\.\r\nDate: .*\r\nServer: Reload ([\d.]+) Web Interface\r\nCache-control: no-cache\r\nSet-Cookie: GSESSID=[^;]+; path=/\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n| p/GWAVA Reload Server httpd/ v/$1/ cpe:/a:gwava:reload_server:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n.*\n\t<meta name="description" content="Gargoyle Firmware Webgui for router management\.">|s p/Gargoyle WAP firmware httpd/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 200 OK\r\n(?:[^\r\n]+\r\n)*?Content-Length: \d+\r\nConnection: close\r\nDate: [^\r\n]*\r\nServer: yealink embed httpd\r\n\r\n|s p/Yealink VoIP phone httpd/ d/VoIP phone/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Network_Module/1\.0 \(([A-Z]+-\w+)\)\r\n| p/Yamaha AV device httpd/ i/model: $1/
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: OtherWebServer\r\n\r\n| p/ESET Remote Administrator Web Console/ cpe:/a:eset:eset_remote_administrator/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Encoding: gzip\r\nContent-Length: \d+\r\nConnection: close\r\nAccess-Control-Allow-Origin: \*\r\n\r\n\x1f\x8b\x08\x08....\0\x03index\.html\0|s p/nwts Nixie clock sync/ cpe:/h:azevedo:nwts/
match http m|^HTTP/1\.0 200 OK\nContent-type: text/html; charset=utf-8\n\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN">\r\n\r\n<HTML>\r\n<HEAD>\r\n<TITLE>Handle Proxy</TITLE>| p/Handle System Proxy Server/
match http m|^HTTP/1\.1 200 OK\nContent-Length: \d+\nContent-Type: text/html\n\n<html>\r\n<head>\r\n\t\r\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8">\r\n<meta name="GENERATOR" content="iniNet SpiderControl TM">\r\n<title> CoMo Net/View </title>\r\n| p|Kistler ControlMonitor CoMo Net/View http ui| d/specialized/
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Type: application/json\r\nDate: .*\r\nContent-Length: 66\r\n\r\n\{\n\t"key": "noAuthHeader",\n\t"message": "No Authentication header"\n\}| p/Plex Media Server/ i/WD MyCloud/ cpe:/a:plex:plex_media_server/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nLast-Modified: .*\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3\.2//EN">\r\n<HTML>\r\n\r\n<HEAD>\r\n\t<link rel="SHORTCUT ICON" href="/ras\.ico">\r\n\r\n<META HTTP-EQUIV="Content-Type" CONTENT="text/html;CHARSET=iso-8859-1">\r\n<SCRIPT language="JavaScript">\r\nvar MainWindow = null;\r\n\r\nfunction StartWindow\(\)\r\n\{\t\t\t\t\t\t\t\t \r\nvar width \t= window\.screen\.availWidth-10;\r\nvar height\t= window\.screen\.availHeight-80;\r\nif \(\(MainWindow ==null\) \x7c\x7c \(MainWindow\.closed==true\)\)\r\nMainWindow = window\.open\("/servlet/smt", "AASTRA"| p/Aastra BusinessPhone Management Suite/
match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: JSESSIONID=[\dA-F]*; Path=/; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: \d+\r\nDate: .* GMT\r\nConnection: close\r\nServer: OWS/1\.0\r\n\r\n| p/Canon varioPRINT or imagePRESS http ui/ d/printer/
match http m|^HTTP/1\.0 404 Not Found\r\nAccept-Ranges: none\r\nConnection: close\r\nContent-Encoding: identity\r\nContent-Length: 0\r\nContent-Type: text/plain\r\nDate: .*\r\nServer: IST OIS\r\nWWW-Authenticate: Digest realm="users@([^"]+)",| p/Allworx VoIP directory server/ h/$1/
match http m|^HTTP/1\.1 400 \r\nContent-Type: application/json\r\nContent-Length: 72\r\n\r\n\{"status": 102, "statusString": "ERROR-BAD-REQUEST", "spotifyError": 0\}\n| p/Spotify json/
# Maybe McAfee Agent instead?
match http m|^HTTP/1\.1 403 Forbidden\r\nContent-Type: text/plain\r\nContent-Length: 13\r\n\r\n403 Forbidden| p/McAfee AntiVirus/ cpe:/a:mcafee:antivirus_engine/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nExpires: .*\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nContent-Type: text/xml; charset=utf-8\r\nContent-Length: \d+\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n<\?xml version="1\.0"\?>\r\n<\?xml-stylesheet type="text/xsl" href="/file/xsl/[^/>]*\.xsl"\?>\r\n| p/ClearSCADA/ v/2017/ cpe:/a:schneider_electric:scada_expert_clearscada:2017/
match http m|^HTTP/1\.1 200 \r\nX-AREQUESTID: [\dx]+\r\n.*\n<meta name="application-name" content="JIRA" data-name="jira" data-version="([\d.]+)">|s p/Atlassian JIRA/ v/$1/ cpe:/a:atlassian:jira:$1/
match http m|^HTTP/1\.1 302 \r\nX-AREQUESTID: [\dx]+\r\n.*Location: [^\r\n]*/secure/SetupMode!default.jspa|s p/Atlassian JIRA/ i/setup wizard/ cpe:/a:atlassian:jira/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\n(?:X-Frame-Options: SAMEORIGIN\r\n)?Content-Type: text/html; charset=UTF-8\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nContent-Length: \d+\r\nSet-Cookie: JSESSIONID=[^;]*;Path=.*\r\nConnection: close\r\n\r\n\n\n\n\n\n\n\n\n\n\n\n\n\n<html>\n<head>\n\n<link href="/graycss/common_min\.css" rel="stylesheet" type="text/css">\n\n\t<title>Cyberoam SSL VPN Portal</title>| p/Cyberoam SSL VPN/
match http m|^HTTP/1\.0 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=31536000\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\nLast-Modified: .*\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang="en" ng-app="portainer">| p/Portainer Docker UI/ v/1.19.1 or earlier/ cpe:/a:portainer:portainer/
# Security-related headers added in 1.19.2
match http m|^HTTP/1\.0 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=31536000\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\nLast-Modified: .*\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nX-Xss-Protection: 1; mode=block\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang="en" ng-app="portainer">| p/Portainer Docker UI/ v/1.19.2/ cpe:/a:portainer:portainer:1.19.2/
# X-Frame-Options removed in 1.20.0
match http m|^HTTP/1\.0 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=31536000\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\nLast-Modified: .*\r\nX-Content-Type-Options: nosniff\r\nX-Xss-Protection: 1; mode=block\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang="en" ng-app="portainer">| p/Portainer Docker UI/ v/1.20.0 or later/ cpe:/a:portainer:portainer/
# ESXi 6.5.0
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nConnection: close\r\nContent-Type: text/html\r\nX-Frame-Options: DENY\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01//EN" "http://www\.w3\.org/TR/html4/strict\.dtd">\n\n<html lang="en">\n<head>\n    <meta http-equiv="content-type" content="text/html; charset=utf8">\n    <meta http-equiv="refresh" content="0;URL='/ui'"/>\n</head>\n</html>\n| p/VMware ESXi Web UI/ cpe:/o:vmware:esxi/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: http://([\w.-]+):\d+/\r\nSet-Cookie: grafana_sess=[^;]*; Path=/; HttpOnly\r\nDate: | p/Grafana http/ h/$1/ cpe:/a:grafana:grafana/
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nContent-Length: 12\r\nContent-Type: text/plain; charset=utf-8\r\n\r\nConsul Agent| p/HashiCorp Consul agent/ cpe:/a:hashicorp:consul/
match http m|^HTTP/1\.0 200 OK\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n<title>(D\w\w-\d+)  +Login</title>\n| p/D-Link $1 http admin/ cpe:/h:d-link:$1/
match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n<html lang="en"> <head> <meta charset="utf-8"/> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <meta name="viewport" content="width=device-width, initial-scale=1"/> <title>Google Wifi</title>| p/Google WiFi http admin/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nContent-Type:text/html\r\nContent-Length: +\d+\r\n\r\n.*[eE]>PLANET IP Phone W[eE][bB] Management</[tT]|s p/PLANET IP Phone http admin/ d/VoIP phone/
match http m|^HTTP/1\.1 200 OK\r\nX-Cache: MISS\r\nVary: Accept-Encoding\r\nContent-Type: text/html\r\nCache-Control: no-cache, must-revalidate\r\nExpires: .*\r\nDate: .*\r\nConnection: close\r\n\r\n<!doctype html>\r\n<html>\r\n<head>\r\n    <title>Polycom&reg; RealPresence&reg; CloudAXIS&trade;</title>| p/Polycom RealPresence CloudAXIS/ cpe:/a:polycom:realpresence_cloudaxis/
match http m|^HTTP/1\.0 200 Ok\r\nDate: Thu, 27 Jan 2000 00:00:00 GMT\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nCache-Control: no-store\r\nServer: snom/([\w._-]+)\r\n| p/Snom DECT phone http admin/ v/$1/ d/phone/
match http m|^HTTP/1\.1 302 Found\r\nLocation: http://[^/]+/ord\r\nContent-Length: 0\r\n\r\n| p/Tridium Niagara/ v/4/ cpe:/a:tridium:niagara:4/
match http m|^HTTP/1\.1 500 Internal Server Error\r\nServer: HIP([\d.]+)\r\nConnection: close\r\nContent-Length: 0\r\n\r\n| p/2N Helios IP http admin/ v/$1/ d/security-misc/
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nDate: .*\r\nAccept-Ranges: bytes\r\nContent-Type: text/html\r\nExpires: Mon, 01 Jul 1980 00:00:00 GMT\r\nCache-Control: no-cache, no-store, must-revalidate\r\nPragma: no-cache\r\nWWW-Authenticate: Basic realm="(D[A-Z0-9-]+)"\r\nContent-Length: 17\r\n\r\n401 Unauthorized\n| p/D-Link $1 camera http admin/ d/webcam/ cpe:/h:d-link:$1/
match http m|^HTTP/1\.0 403 Forbidden\r\nContent-Type: text/html\r\n\r\n<html><head><link href=c rel=stylesheet></head><body><div class=b><form><br>Wachtwoord:<input type=password name=w><input type=submit value=Login></form></div><!--Content-Type: Content-Type: Content-Type: Content-Type: Content-Type: Content-Type: --></body></html>| p/YouLess LS110 energy monitor http admin/ d/power-misc/
match http m|^HTTP/1\.1 200 OK\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Length: \d+\r\nCache-Control:no-cache\r\nContent-Type:text/html\r\nSet-Cookie: PUTCOOKIE=[^;]+; path=/; HttpOnly; \r\n\r\n<html>\n\n<head>\n    <META HTTP-EQUIV="Expires" CONTENT="0">\n    <META HTTP-EQUIV="Pragma" CONTENT="no-cache">\n    <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">\n    <title>Teradata Parallel Upgrade Tool 0?(\d[\d.]*)<| p/Teradata Parallel Upgrade Tool/ v/$1/ cpe:/a:teradata:tdput:$1/
# 15.11.00.05-b143
match http m|^HTTP/1\.1 302 Found\r\nCache-Control: public, no-store, max-age=0\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nLocation: http://[^/]*/login\.html\r\nDate: .*\r\nConnection: close\r\nServer: Teradata-Viewpoint\r\n\r\n| p/Teradata Viewpoint/ cpe:/a:teradata:viewpoint/
match http m|^HTTP/1\.1 400 Invalid request\r\n| p/ThinLinc VSM xmlrpc/ cpe:/a:cendio:thinlinc/
match http m|^HTTP/1\.1 404 NOT FOUND\r\nServer: InterDialog\r\nConnection: close\r\nDate: .* India Standard Time\r\nCache-Control: private\r\nContent-Length: 14\r\nContent-type: text\r\n\r\nPage Not Found| p/Teckinfo InterDialog UCCS/ cpe:/a:teckinfo:interdialog_uccs/
match http m|^HTTP/1\.0 200 OK\r\nServer: httpd/2\.0\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nDate: .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><script>top\.location\.href='/Main_Login\.asp';</script>\n</HEAD></HTML>\n| p/ASUS WRT http admin/ cpe:/o:asus:wrt_firmware/
match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: session=bridgeworks[a-f\d]+; path=/\r\nDate: .*\r\nServer: Mordac/([\d.]+)\r\n| p/Bridgeworks iSCSI-to-SAS bridge http ui/ v/$1/ d/storage-misc/
match http m|^HTTP/1\.0 302 Found\r\nLocation: /login\r\nSet-Cookie: wdcpsessionID=[a-f\d]{32};| p/WDLinux Control Panel/ cpe:/a:wdlinux:wdcp/
match http m|^HTTP/1\.1 \d\d\d \r\nDate:[^ ].*\r\nServer:AprisaSR Web Server\r\n| p/4RF Aprisa SR smart radio httpd/ d/specialized/ cpe:/h:4rf:aprisa_sr/
match http m|^HTTP/1\.0 200 OK\r\nServer: lwIP/([\d.]+) \(http://www\.sics\.se/~adam/lwip/\)\r\nContent-type: text/html\r\n\r\n<!-- Copyright \(c\) \d\d\d\d TDSi Ltd\.  All rights reserved\. -->\r\n<html>\r\n<head>\r\n<meta http-equiv="content-type" content="text/html;charset=ISO-8869-1">\r\n<title>TDSi Ethernet to Serial Module</title>| p/TDSi Ethernet to Serial bridge/ i/lwIP $1/ cpe:/a:lwip_project:lwip:$1/
match http m|^HTTP/1\.1 200 OK\r\nServer: CJServer/1\.1\r\nSet-Cookie: JSESSIONID=[A-F\d]+; Path=/; HttpOnly\r\nContent-Type: text/html;charset=ISO-8859-1\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n\r\n\r\n\r\n\r\n<html>\r\n<body>\r\n\r\n\r\n<form action="/_common/servlet/wap/login\?null" method="post">\r\n<p>([^<]+)</p>| p/WebCTRL building automation http ui/ i/site: $1/ cpe:/a:automatedlogic:webctrl/
match http m|^HTTP/1\.1 200 OK\r\nServer: CJServer/1\.1\r\nSet-Cookie: JSESSIONID=[A-F\d]+; Path=/; HttpOnly\r\n| p/WebCTRL building automation http ui/ cpe:/a:automatedlogic:webctrl/

match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nContent-Type: .*\r\nServer: ghs\r\n| p/Google httpd/
match http m|^HTTP/1\.1 302 Found\r\nX-DNS-Prefetch-Control: off\r\nX-Frame-Options: SAMEORIGIN\r\n(?:Strict-Transport-Security: max-age=\d+; includeSubDomains\r\n)?X-Download-Options: noopen\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nLocation: /signin\r\nVary: Accept\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: \d+\r\nset-cookie: connect\.sid=| p/Xen Orchestra/ i/Node.js Express middleware/ cpe:/a:nodejs:node.js/ cpe:/a:vates:xen_orchestra/
match http m|^HTTP/1\.0 200 OK\r\nServer: Tektronix/WVR 7100\r\nContent-length: \d+\r\nContent-type: text/html\r\n\r\n<html>\r\n\r\n<head>\r\n<title>Tektronix (W\w+) Remote Interface</title>| p/Tektronix $1 waveform monitor http ui/ cpe:/h:tektronix:$1/
match http m|^HTTP/1\.1 403 Forbidden\r\nContent-Length: 70\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD></HEAD><BODY>Error detected by Host Server</BODY></HTML>  \r\n\r\n| p/BMC MainView Explorer/ cpe:/a:bmc:mainview_explorer/
match http m|^HTTP/1\.1 400 Bad Request\r\nCONTENT-TYPE: text/html; charset=utf-8\r\nCONTENT-LENGTH: 92\r\nCONNECTION: CLOSE\r\n\r\n<html><head><title>Server Error</title></head><body><h1>400 Bad Request\r\n</h1></body></html>| p/Bastec BAS2 building automation system http ui/ cpe:/a:bastec:bas2/
match http m|^HTTP/1\.1 200 OK\r\nCONTENT-TYPE: text/html; charset=.*\r\nDATE: .*\r\nCACHE-CONTROL: NO-CACHE\r\nTRANSFER-ENCODING: CHUNKED\r\nSET-COOKIE: SESSION_ID=[A-F\d]{16}\r\nCONNECTION: CLOSE\r\n\r\n| p/Bastec BAS2 building automation system http ui/ cpe:/a:bastec:bas2/
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: \(null\)\r\nDate: .*\r\nContent-Type: text/html\r\nContent-Length:   \d\d\d\r\n| p/D-Link WAP http ui/ d/WAP/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: application/json\r\nDate: .*\r\nContent-Length: 114\r\n\r\n\{"type":"sync","status":"Success","status_code":200,"operation":"","error_code":0,"error":"","metadata":\["/1\.0"\]\}\n| p/LXD container manager REST API/ cpe:/a:canonical:lxd/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nDate: .*\r\n\r\n\n\n\n\n<!DOCTYPE html>\n<html>\n<head>\n    <title>Kafka Manager</title>\n .* versions: \{[^}]*"kafka-manager":"([\d.]+)"|s p/Kafka Manager/ v/$1/ cpe:/a:yahoo:kafka_manager:$1/
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\nContent-Length: \d+\r\nDate: .*\r\n\r\n<HTML>\r\n<BODY>\r\n<center><font size=6>Reports Server '([^']+)' \(PID: \d+, Version: ([\d.]+)\)</font></center><br>\r\n<center><font size=4>Uptime: (\d[^(]+) \(| p/UCS R-Keeper hospitality system/ v/$2/ i/uptime: $3/ h/$1/ cpe:/a:ucs:r-keeper:$2/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: application/json\r\nContent-Length: 76\r\nAccess-Control-Allow-Headers: Content-Type\r\nAllow: POST\r\nAccess-Control-Allow-Origin: \*\r\nDate: .*\r\nConnection: close\r\n\r\n\{"jsonrpc":"2\.0","error":\{"code":-32602,"message":"Unauthorized"\},"id":null\}| p/Popcorn Time JSONRPC/
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: AquaController ([\d.]+)\r\nWWW-Authenticate: Basic realm="\."\r\n| p/Neptune Systems AquaController aquarium monitor httpd/ v/$1/ d/specialized/
match http m|^HTTP/1\.1 403 Forbidden\r\nDate: .*\r\nServer:  \r\nContent-Length: 10\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\nForbidden\.| p/Proofpoint Email Protection/
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Basic realm="XBMC"\r\nConnection: close\r\nDate: .*\r\n\r\n| p|Kodi/XBMC http ui|
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n<title>(DGS-\w+)</title>\n| p/D-Link $1 http admin/ cpe:/h:d-link:$1/
match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: SESSIONID=-1 \r\nServer: Easy File Management Web Server (?:SSL )?v([\d.]+)\r\n| p/Easy File Management Web Server/ v/$1/ o/Windows/ cpe:/a:efs:easy_file_management_web_server:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nContent-Type:text/html\r\nContent-Length:\d+ +\r\n\r\n\n<html>\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN"> \n<head>\n<meta http-equiv="Content-Type" content="text/html; charset=UTF8" >\n<title>VoIP</title>\n<script language="JavaScript" type="text/javascript" src='language/info_(\w+)\.js'| p/Crystalmedia VoIP adapter/ i/language: $1/ d/VoIP adapter/
match http m|^HTTP/1\.0 200 OK\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Allow-Origin: http://.*\r\nDate: .*\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<!DOCTYPE html>\n<html ng-app="ts3soundboard-bot" ng-controller="base">\n<head>\n<title>SinusBot</title>| p/SinusBot TS3 bot http ui/
match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nDate: .*\r\nServer: 2wire Gateway BDC\r\n| p/AT&T 2wire Gateway router http admin/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html> \r\n<meta http-equiv="X-UA-Compatible"/>\r\n<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />\r\n<meta name="viewport" content="width=device-width, initial-scale=1\.0, maximum-scale=1\.0, minimum-scale=1\.0, user-scalable=no"/>\r\n<html>\r\n<head>\r\n\t<meta name="author" content="Dave Jensen" />\r\n\t<meta name="keywords" content="LANDESK, Remote Control" />| p/LANDesk html5 remote management httpd/
match http m|^HTTP/1\.1 405 Method Not Allowed\r\nAllow: OPTIONS\r\nContent-Type: application/json\r\nContent-Length: 63\r\nDate: .*\r\nConnection: close\r\n\r\n\{"code":"MethodNotAllowedError","message":"GET is not allowed"\}| p/Storj jsonrpc/
match http m|^HTTP/1\.0 200 OK\r\nServer: [aA](rgos\d+?) Server\r\nContent-type: text/html; charset=iso-8859-1\r\n\r\n<\?xml version="1\.0" encoding="iso-8859-1"\?>\n| p/Henry A$1 biometric access control/ d/security-misc/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: ATCOM-IP-Phone\r\nDate: \w{3} \w{3} [ \d]\d \d\d:\d\d:\d\d \d\d\d\d\r\n| p/ATCOM VoIP phone web ui/ d/VoIP phone/
match http m|^HTTP/1\.1 200 OK\r\nAccess-Control-Allow-Origin: \*\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\n\r\n\d+;\r\n<html lang="en">\r\n<head>\r\n  <meta charset="utf-8">\r\n  <title>Amazon Dash: Device Info</title>| p/Amazon Dash Button http ui/
match http m|^HTTP/1\.1 302 Found\r\nLocation: http://0\.0\.0\.0/login_security\.html\r\nContent-Length: 0\r\nServer: WebServer/1\.0 UPnP/1\.0\r\n\r\n| p/TP-LINK TD-8901N ADSL modem http admin/ d/broadband router/ cpe:/h:tp-link:td-8901n/a
match http m|^HTTP/1\.0 307 Temporary Redirect\r\nLocation: /containers/\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<a href="/containers/">Temporary Redirect</a>\.| p|Golang net/http server| i/Google cAdvisor/ cpe:/a:golang:go/ cpe:/a:google:cadvisor/
# 4.1.0
match http m|^HTTP/1\.1 301 Moved Permanently\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nLocation: http://([\w_.-]+)\.local/myconnect/\r\nX-UA-Compatible: IE=edge\r\n\r\n| p/AirStash WiFi flash drive http ui/ d/storage-misc/ h/$1/
match http m|^HTTP/1\.1 401 Authorization Required\r\nConnection: close\r\nWWW-Authenticate: Basic realm="[A-F\d]+"\r\nContent-Type: text/html\r\n\r\n<HTML><BODY><H1>Server Requires Authentication</H1></BODY></HTML>\r\n| p/EyezOn Envisalink network module httpd/ d/security-misc/ cpe:/a:eyezon:envisalink/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<\?xml version="1\.0" encoding="utf-8"\?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Transitional//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\n<html xmlns="http://www\.w3\.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xml:lang="en" lang="en">\n  <head>\n    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">\n    <!--\n    ShellInABox| p/ShellInABox/ cpe:/a:shellinabox_project:shellinabox/
match http m|^HTTP/1\.1 200 OK\r\nServer: Payara Server +([\d. ]+)(?: #badassfish)?\r\nX-Powered-By: Servlet/([\d.]+) JSP/([\d.]+) \(Payara Server.* Java/Oracle Corporation/([\d.]+)\)\r\n| p/Payara Server httpd/ v/$1/ i/Servlet $2; JSP $3; Java $4/ cpe:/a:oracle:jre:$4/ cpe:/a:payara:payara:$1/
# Sometimes it's not Oracle Java
match http m|^HTTP/1\.1 200 OK\r\nServer: Payara Server +([\d. ]+)(?: #badassfish)?\r\nX-Powered-By: Servlet/([\d.]+) JSP/([\d.]+) \(Payara Server.* Java/([^/]+)(?: Corporation)?/([\d.]+)\)\r\n| p/Payara Server httpd/ v/$1/ i/Servlet $2; JSP $3; $4 Java $5/ cpe:/a:payara:payara:$1/
match http m|^HTTP/1\.0 404 Not found\r\nServer: IVIDEON\r\nDate: .*\r\nContent-Type: text/html\r\nAccept-Range: bytes\r\nKeep-Alive: timeout=5, max=100\r\nContent-Length: 48\r\nAccess-Control-Allow-Origin: \*\r\nAccess-Control-Allow-Methods: GET, POST\r\nAccess-Control-Allow-Headers: \*\r\n\r\n<title>404 Not Found</title>\n<h1>Not Found</h1>\0| p/Ivideon Server httpd/ cpe:/a:ivideon:ivideon_server/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/plain;charset=UTF-8\r\n\r\nJenkins-Agent-Protocols: .*\r\nJenkins-Version: (\d[\w._-]*)\r\n| p/Jenkins httpd/ v/$1/ cpe:/a:jenkins:jenkins:$1/
match http m|^HTTP/1\.1 404 Not Found\r\ncontent-type: text/html\r\ncontent-length: \d+\r\nserver: CLion ([\d.]+)\r\n| p/CLion httpd/ v/$1/ cpe:/a:jetbrains:clion:$1/
match http m|^HTTP/1\.1 403 Forbidden \( The page requires a client certificate as part of the authentication process\. If you are using a smart card, you will need to insert your smart card to select an appropriate certificate\. Otherwise, contact your server administrator\.  \)\r\nConnection: close\r\n| p/Microsoft Forefront TMG/ i/client certificate required/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nServer: Mastodon\r\nX-Frame-Options: DENY\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nLocation: | p/Mastodon microblogging httpd/
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: \d+\r\n\r\n\r\n<!doctype html>\r\n<html>\r\n<head>\r\n    <meta charset='utf8'>\r\n    <meta http-equiv='x-ua-compatible' content='ie=edge'>\r\n    <title>Octopus Tentacle</title>| p/Octopus Tentacle/ cpe:/a:octopus:tentacle/
match http m|^HTTP/1\.1 200 OK\r\ncontent-type: text/html; charset=utf-8\r\nconnection: close\r\ncache-control: no-cache, must-revalidate\r\ncontent-length: \d+\r\n\r\n<!DOCTYPE html>\n<html>\n<head>\n<title>PhpStorm([\d.]+) - YourKit Java Profiler (\d[\w.-]*)</title>| p/PhpStorm IDE/ v/$1/ i/YourKit Java Profiler $2/ cpe:/a:jetbrains:phpstorm:$1/ cpe:/a:yourkit:java_profiler:$2/
match http m|^HTTP/1\.1 200 OK\r\nServer: sw-cp-server\r\nDate: .*<title>Plesk Onyx (\d[\w._-]+)</title>|s p/sw-cp-server httpd/ i/Plesk Onyx $1/ cpe:/a:parallels:plesk_onyx:$1/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nDate: .*\r\n\r\n<!--\n  ~ JBoss, Home of Professional Open Source\.\n  ~ Copyright \(c\) \d\d\d\d, Red Hat, Inc\., and individual contributors| p/JBoss Enterprise Application Platform/ cpe:/a:redhat:jboss_enterprise_application_platform/
match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n<\?xml version="1\.0" encoding="UTF-8"\?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Transitional//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\n\n<!-- Created on .* -->\n\n<html xmlns="http://www\.w3\.org/1999/xhtml">\n  <head>\n    <title>SSHelper Activity Log</title>\n| p/SSHelper httpd/ o/Android/ cpe:/a:paul_lutus:sshelper/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nConnection: close\r\n\r\nFile not found$| p/SSBC Patchwork httpd/ cpe:/a:ssbc:patchwork/
match http m|^HTTP/1\.0 302 Redirected\r\nServer: CerberusFTPServer/([\d.]+)\r\n| p/Cerberus FTP Server httpd/ v/$1/ cpe:/a:cerberusftp:ftp_server:$1/
match http m|^HTTP/1\.0 404 Not Found\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\n\r\n<HEAD><TITLE>404 Not Found</TITLE></HEAD>404 Not Found\r\n$| p/RapidLogic httpd/ v/$1/ i/Avaya Core switch/ d/switch/ cpe:/a:rapidlogic:httpd:$1/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: WatchGuard\r\n| p/WatchGuard Fireware httpd/ cpe:/o:watchguard:fireware/
match http m|^HTTP/1\.1 200 ok\r\nServer: CS\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=15, max=95\r\nContent-Length: \d+\r\n\r\n| p/UrBackup httpd/ v/2.0.2 or later/ cpe:/a:martin_raiber:urbackup/
match http m|^HTTP/1\.1 200 ok\r\nServer: CS\r\nContent-Type: text/html\r\nCache-Control: max-age=3600\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=15, max=95\r\nContent-Length: \d+\r\n\r\n| p/UrBackup httpd/ v/2.0.1 or earlier/ cpe:/a:martin_raiber:urbackup/
match http m|^HTTP/1\.0 404 Not Found\r\nCache-Control: no-store\r\nContent-Type: text/plain; charset=utf-8\r\nX-Content-Type-Options: nosniff\r\nDate: .*\r\nContent-Length: 19\r\n\r\n404 page not found\n| p/Hashicorp Vault/ cpe:/a:hashicorp:vault/
match http m|^HTTP/1\.1 200 OK\r\nServer: ClxWifiServer\r\nContent-Type: text/html\r\nContent-Length: 32\r\n\r\nDejaOffice Wi-Fi Synch Available| p/DejaOffice Wi-Fi Sync/ o/Android/ cpe:/a:companionlink:dejaoffice_for_android/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
# Make this a hard match when we get more info
softmatch http m|^HTTP/1\.0 404 Not Found\r\nSERVER: Linux/([\d.]+),  DSL Forum TR-064, LAN-Side DSL CPE Configuration\r\nCONTENT-LENGTH: 48\r\nCONTENT-TYPE: text/html\r\n\r\n<html><body><h1>404 Not Found</h1></body></html>| p/unknown TR-064/ d/broadband router/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/a
match http m|^HTTP/1\.1 200 OK\r\nAccept-Ranges: bytes\r\nETag: W/"[^"]+"\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer: Synametrics Web Server v(\d+)\r\n| p/Synametrics Web Server/ v/$1/ i/Syncrify/ cpe:/a:synametrics:syncrify/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nDate: [^\r\n]*\r\nServer: \r\nContent-Length: \d+\r\nContent-Type: text/html\r\nConnection: close\r\nLocation: https://[0-9:.]*:443/\r\n\r\n<!DOCTYPE html>\r\n<html><head><title>Moved Permanently</title></head>\r\n.*<address> at 127\.0\.0\.1:\d+ Port \d+</address></body>\r\n</html>\r\n$|s p/Unify OpenStage or OpenScape VoIP phone/ d/VoIP phone/
match http m|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]*\r\nContent-Type: text/html;charset=utf-8\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Language: en\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\n\n\n\n\n\n\n<html xmlns="http://www\.w3\.org/1999/xhtml" xml:lang="en" lang="en">\n\n<!-- determine browser language and generate proper gwt meta locale tag -->| p/NetIQ Sentinel appliance/
match http m|^HTTP/1\.1 200 OK\r\nDate: [A-W]{3}, [^\r\n]*\r\nConnection: \r\nServer: HTTP Server 1\.0\r\nContent-Length: \d+\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=gb2312\r\nSet-Cookie: SESSIONID=[^\r\n&]*&[^\r\n&]*&HUAWEI Eudemon([^\r\n&]+)&| p/Huawei Eudemon $1 firewall httpd/ d/firewall/ cpe:/h:huawei:eudemon_$1/a
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nConnection: close\r\n\r\n\{"header":\{"name":"UnsupportedOperationError","payloadVersion":"(\d+)","namespace":"Alexa\.ConnectedHome\.Control",| p/FHEM Connector for Amazon Alexa/ i/payloadVersion: $1/ cpe:/a:rudolf_koenig:fhem/
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nContent-Length: \d+\r\nServer: ArenaSrv/([\d.]+) Instance/([\d.]+)\r\n| p/ArenaNet ArenaSrv game server/ v/$1/ i/Instance $2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: calibre ([\d.]+)\r\n|s p/Calibre Content Server httpd/ v/$1/ cpe:/a:kovid_goyal:calibre:$1/
match http m|^HTTP/1\.1 403 OK\r\nContent-type: text/html\r\n\r\n<!doctype html>\r\n<html lang="en">\r\n<head>\r\n\t<title>Unauthorized Access</title>\r\n\t<meta charset="UTF-8">(?:\r\n\t<script src='https://www\.google\.com/recaptcha/api\.js'></script>)?\r\n</head>\r\n<body>\r\n\t<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJYAAAA8CAYAAACEhkNqAAAABHNCSVQICAgIfAhkiAAAAAlwSFlz\r\nAAALEgAACxIB0t1\+/AAAAB90RVh0U29mdHdhcmUATWFjcm9tZWRpYSBGaXJld29ya3MgOLVo0ngA| p/ConfigServer Security & Firewall httpd/ o/Linux/ cpe:/a:way_to_the_web:configserver_security_and_firewall/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 403 OK\r\nContent-type: text/html\r\n\r\n<head>\r\n<title>Unauthorized Access</title>\r\n</head>\r\n<body>\r\n<img src="csf[_-]small\.| p/ConfigServer Security & Firewall httpd/ o/Linux/ cpe:/a:way_to_the_web:configserver_security_and_firewall/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 401 Access Denied\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: cprelogin=| p/cPanel httpd/ o/Unix/
match http m|^HTTP/1\.0 401 Access Denied\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: webmailrelogin=| p/cPanel Webmail httpd/ o/Unix/
match http m|^HTTP/1\.0 401 Access Denied\r\n(?:[^\r\n]+\r\n)*?Set-Cookie: whostmgrrelogin=| p/cPanel Web Host Manager httpd/ o/Unix/
match http m|^HTTP/1\.1 403 Forbidden\r\nContent-Type: text/html; charset=gbk\r\nContent-Length: 106\r\nConnection: close\r\n\r\n<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>| p/TP-Link ADSL+ modem httpd/ d/broadband router/
match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\nDate: .*\r\nLast-Modified: .*\r\nEtag: "\d+:[\da-f]+"\r\nCONTENT-LENGTH: \d+\r\nCONTENT-TYPE: text/html\r\n\r\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd"> <html> <head> <title>Intelbras</title>| p/Intelbras webcam httpd/ d/webcam/
match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Digest qop="auth", realm="IP Webcam", nonce="\d+"\r\n\r\n| p/IP Webcam httpd/ o/Android/ cpe:/a:pavel_khlebovich:ip_webcam/

#(insert http)

# APACHE
# First match these plaintext responses when SSL was expected
# Matching ssl/http stops probing. This line has plenty of match info.
match ssl/http m|^<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand\.<br />\nReason: You're speaking plain HTTP to an SSL-enabled server port\.<br />\n.*<address>Apache/([\w._-]+) (.*) Server at ([\w._*-]+) Port \d+</address>|s p/Apache httpd/ v/$1/ i/$2; SSL-only mode/ h/$3/ cpe:/a:apache:http_server:$1/
# These lines don't have a strong enough match, so we only match ssl and let Nmap start over inside the tunnel.
match ssl m|^<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand\.<br />| p/Apache httpd/ i/SSL-only mode/ cpe:/a:apache:http_server/
# Too broad to be certain that it's SSL. Matched non-SSL at least once.
#match ssl m|^HTTP/1\.1 400 Bad Request\r\n(?:[^\r\n]+\r\n)*?Server: Apache[^\r\n]*\r\n.*<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand\.<br />|s p/Apache httpd/ i/SSL-only mode/ cpe:/a:apache:http_server/
# Then look for detailed version info in the body which might be better quality than what's in the Server header.
match http m|^.*<address>Apache/([\d.]+) \([^)]+\) ?(.*) Server at ([-\w_.]+) Port \d+</address>\n</body></html>\n|si p/Apache httpd/ v/$1/ i/$2/ h/$3/ cpe:/a:apache:http_server:$1/
match http m|^.*<address>Apache/([\d.]+) \([^)]+\) Server at ([-\w_.]+) Port \d+</address>\n</body></html>\n|si p/Apache httpd/ v/$1/ h/$2/ cpe:/a:apache:http_server:$1/
match http m|^.*<address>Apache/([\d.]+) Server at ([-\w_.]+) Port \d+</address>\n</body></html>\n|si p/Apache httpd/ v/$1/ h/$2/ cpe:/a:apache:http_server:$1/
# Finally, look at the Server header.
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache[/ ](\d[-.\w]+)\r.*\nX-Powered-By: PHP/([\w._-]+)\r\n|s p/Apache httpd/ v/$1/ i/PHP $2/ cpe:/a:apache:http_server:$1/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache\r.*\nX-Powered-By: PHP/([\w._-]+)\r\n|s p/Apache httpd/ i/PHP $1/ cpe:/a:apache:http_server/ cpe:/a:php:php:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache[/ ](\d[-.\w]+)\r.*\nX-Powered-By: ([^\r\n]+)\r\n|s p/Apache httpd/ v/$1/ i/$2/ cpe:/a:apache:http_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache\r.*\nX-Powered-By: ([^\r\n]+)\r\n|s p/Apache httpd/ i/$1/ cpe:/a:apache:http_server/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache[/ ](\d[-.\w]+) ([^\r\n]+)|s p/Apache httpd/ v/$1/ i/$2/ cpe:/a:apache:http_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache[/ ](\d[.\w-]+)\s*\r?\n|s p/Apache httpd/ v/$1/ cpe:/a:apache:http_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache\r\n|s p/Apache httpd/ cpe:/a:apache:http_server/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Apache +\(([^\r\n\)]+)\)\r\n|s p/Apache httpd/ i/$1/ cpe:/a:apache:http_server/

# Maybe too generic?
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0 \r\n\r\n$| p/Arcnet 3001A powerline network adaptor/ d/power-misc/ cpe:/h:arcnet:3001a/
match http m|^HTTP/1\.0 \d\d\d [^\r\n]+\r\nContent-Type: text/html\r\nDate: [^\r\n]+\r\nAccept-Ranges: bytes\r\nConnection: close\r\n\r\n<html>\n<head>\n  <title>\d\d\d [^<]+</title>\n</head>\n<body bgcolor=\"#ffffff\">\n  <h2>\d\d\d [^<]+</h2>\n  <p></p>\n</body>\n</html>\n| p/Vodafone Station captive portal httpd/
match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: https://[\d.]+/\r\nConnection: close\r\n\r\n$| p/thttpd/ i/StarField KVM over IP/ cpe:/a:acme:thttpd/
match http m|^HTTP/1\.0 202 Accepted\r\nDate: .*\r\nConnection: Close\r\n\r\n$| p/WSO2 Enterprise Service Bus/ cpe:/a:wso2:esb/
match http m|^HTTP/1\.0 404 Not found\r\n\r\n$| p/Tor directory server/ cpe:/a:torproject:tor/
match http m|^HTTP/1\.1 400 Bad Request\r\nContent-type: text/html\r\nContent-Length: 0\r\n\r\n| p/Brickstream/
match http m|^HTTP/1\.0 302 Found\r\nLocation: /html/en/index\.html\r\n\r\n$| p/peercast.org/
match http m|^HTTP/1\.0 404 Not found\r\n\r\n<HEAD><TITLE>File Not Found</TITLE></HEAD>\n<BODY><H1>File Not Found</H1></BODY>\n$| p/Bacula http config/
match http m|^HTTP/1\.[01] 302 Found\r\nConnection: Close\r\nContent-Length: 0\r\nContent-type: text/html\r\nDate: .*\r\nLocation: .*/login\.php\r\n\r\n| p/Kerio MailServer http config/ o/Windows/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: BASIC realm=\"Admin\"\r\n\r\nPassword Error\.\r\n\r\n$| p/D-Link DP-301P+ print server http config/ d/print server/ cpe:/h:d-link:dp-301p%2d/
match http m|^HTTP/1\.0 401 Unauthorized\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Web Server Authentication\"\r\n\r\n<HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY><H1>401 Unauthorized</H1>\n\n</BODY>\n$| p/Accton VM1188T VoIP phone http config/ d/VoIP phone/
# Seen for OpenPegasus, VMware ESX CIM server, Microsoft SCX CIM Server.
match http m|^HTTP/1\.1 501 Not Implemented\r\n\r\n$| p/Web-Based Enterprise Management CIM serverOpenPegasus WBEM httpd/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.1 302 Found\r\nLocation: http://[\d.]+:8080/\r\nContent-Length: 0\r\n\r\n$| p/Red Condor antispam appliance http config/ d/proxy server/
match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: https:///\r\n\r\n$| p/Check Point NGX Firewall-1/ cpe:/a:checkpoint:firewall-1/
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nConnection: close\r\n\r\n$| p/Node.js/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.0 302 Redirection\r\nLocation: index\.html\r\n\r\n$| p/JPS Radio Gateway http config/
match http m|^HTTP/1\.1 404 \r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Length: 0\r\n\r\n| p/SearchInform DLP/
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\nDate: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n<head>\n<title>Login Page</title>\n<!--\[if lt IE 7\.\]>\n<script defer type=\"text/javascript\" src=\"/pngfix\.js\"></script>| p/Cisco Services Ready Platform Configuration Utility/
match http m|^HTTP/1\.0 200 Made by Jonas Gauffin\r\n| p/C# WebServer/ cpe:/a:jgauffin:csharp_webserver/

# If these are too general, they can be moved without modification to FourOhFourRequest, HTTPOptions, RTSPRequest, or SIPOptions
match http m|^HTTP/1\.1 501 \r\nContent-Type:\r\nContent-Length:0\r\n\r\n$| p/Google Chromecast httpd/ d/media device/
# ChromeCast Firmware 17250
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length:0\r\nContent-Type:text/html\r\n\r\n$| p/Google Chromecast httpd/ d/media device/

# This one can cause false results!
# Found a better one and put it in FourOhFour
#match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\n\r\n$| p/apt-proxy httpd/

# Fairly general:
match http m|^HTTP/1\.[01] \d\d\d.*\r\nDate: .*\r\nServer: Apache ((?:[\w_]+/[\w._-]+ ?)+)\r\n| p/Apache httpd/ i/$1/ cpe:/a:apache:http_server/
# http://svn.dd-wrt.com:8000/dd-wrt/browser/src/router/httpd/httpd.c
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: micro_httpd\r\n| p/micro_httpd/ cpe:/a:acme:micro_httpd/
match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\n| p/RapidLogic httpd/ v/$1/ cpe:/a:rapidlogic:httpd:$1/
# also cisco SRPC utility
#match http m|^HTTP/1\.0 200 Ok\r\n.*Server: httpd\r\n|s p/DD-WRT milli_httpd/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: GoAhead\r\n| p/GoAhead WebServer/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: GoAhead-Webs\r\n| p/GoAhead WebServer/ cpe:/a:goahead:goahead_webserver/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: GoAhead/([0-2][\d.]+)\r\n| p/GoAhead WebServer/ v/$1/ cpe:/a:goahead:goahead_webserver:$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: GoAhead/([\d.]+)\r\n| p/GoAhead WebServer/ v/$1/ cpe:/a:embedthis:goahead_webserver:$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: GoAhead-http\r\n| p/GoAhead WebServer/ cpe:/a:embedthis:goahead_webserver/
match http m|^HTTP/1\.0 200 OK\r\nServer: SimpleHTTP/([\d.]+) Python/([\d.]+)\r\n| p/SimpleHTTPServer/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Mbedthis-App[Ww]eb/([\d.]+)\r\n|s p/Mbedthis-Appweb/ v/$1/ cpe:/a:mbedthis:appweb:$1/
match http m|^UnknownMethod 404 Not Found\r\n(?:[^\r\n]+\r\n)*?Server: Mbedthis-Appweb/([\w._-]+)\r\n|s p/Mbedthis-Appweb/ v/$1/ cpe:/a:mbedthis:appweb:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Tntnet/([\w._-]+)\r\n|s p/Tntnet/ v/$1/ cpe:/a:tntnet:tntnet:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: PasteWSGIServer/([-\w_+.]+) Python/([-\w_+.]+)\r\n| p/PasteWSGIServer/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.1 200 OK\r\nServer: Quickserve/([\w._-]+)\r\n| p/Quickserve httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Allegro-Software-RomPager/(\d[\w.]+)\r\n|s p/Allegro RomPager/ v/$1/ cpe:/a:allegro:rompager:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: BaseHTTP/([\d.]+) Python/([\w._+-]+)\r\n|s p/BaseHTTPServer/ v/$1/ i/Python $2/ cpe:/a:python:basehttpserver:$1/a cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: FlashCom/(1\.[\w._-]+)\r\n|s p/Macromedia Flash Communication Server httpd/ v/$1/ cpe:/a:macromedia:flash_communication_server:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: FlashCom/(2\.[\w._-]+)\r\n|s p/Macromedia Flash Media Server httpd/ v/$1/ cpe:/a:macromedia:flash_media_server:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: FlashCom/([34]\.[\w._-]+)\r\n|s p/Adobe Flash Media Server httpd/ v/$1/ cpe:/a:adobe:flash_media_server:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: FlashCom/([5-9]\.[\w._-]+)\r\n|s p/Adobe Media Server httpd/ v/$1/ cpe:/a:adobe:media_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: thin ([\w._-]+) codename ([^\r\n]+)\r\n|s p/Thin httpd/ v/$1/ i/codename $2/ cpe:/a:macournoyer:thin:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: thin\r\n|s p/Thin httpd/ cpe:/a:macournoyer:thin/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WYM/([\d\.]+)\r\n|s p/WYM httpd/ v/$1/
match http m|^HTTP/1\.0 200 Ok\r\nServer: NET-DK/([\d.]+)\r\n| p/NET-DK/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Agranat-EmWeb/R([\w._-]+)\r\n|s p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Conexant-EmWeb/R([\w._-]+)\r\n|s p/Conexant-EmWeb/ v/$SUBST(1,"_",".")/ cpe:/a:conexant:emweb:$SUBST(1,"_",".")/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Virata-EmWeb/R([\d_]+)\r\n|s p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a
match http m|^HTTP/1\.0 404 File Not Found\r\nContent-Type: text/html\r\n\r\n<b>The file you requested could not be found</b>\r\n$| p/Icecast streaming media server/ cpe:/a:xiph:icecast/
match http m|^HTTP/1\.0 404 Not Available\r\nContent-Type: text/html\r\n\r\n<b>The file you requested could not be found</b>\r\n$| p/Icecast streaming media server/ cpe:/a:xiph:icecast/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Mono-HTTPAPI/([\w._-]+)\r\n|s p/Mono-HTTPAPI/ v/$1/ cpe:/a:mono:mono:$1/
match http m|^HTTP/1\.1 \d\d\d .*<a href=\"http://jetty\.mortbay\.org/?\">Powered by Jetty://</a>|s p/Jetty/ cpe:/a:mortbay:jetty/
match http m|^HTTP/1\.1 \d\d\d .*<a href=\"http://eclipse\.org/jetty\">Powered by Jetty:// ?(\d[\w._-]*)</a>|s p/Jetty/ v/$1/ cpe:/a:eclipse:jetty:$1/
match http m|^HTTP/1\.1 \d\d\d .*<a href=\"http://eclipse\.org/jetty\">Powered by Jetty://|s p/Jetty/ cpe:/a:eclipse:jetty/
match http m|^HTTP/1\.1 \d\d\d .*<small>Powered by Jetty://</small>|s p/Jetty/ v/9.2.11 or older/ cpe:/a:eclipse:jetty/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CherryPy/([\w._-]+)\r\n|s p/CherryPy httpd/ v/$1/ cpe:/a:cherrypy:cherrypy:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: CherryPy/([\w._-]+) ([^\r\n]+)\r\n|s p/CherryPy httpd/ v/$1/ i/$2/ cpe:/a:cherrypy:cherrypy:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: NetBox Version ([\w._-]+ Build \d+)\r\n|s p/NetBox httpd/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: OmikronHTTPOrigin/([\w._-]+)\r\n| p/OmikronHTTPOrigin httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Zope/\((?:Zope )?([\d\w][^\,\)]+),?\s*([^\)]+)\)\S*\s+([^\r]+)\r\n|s p/Zope httpd/ v/$1/ i/$2; $3/ cpe:/a:zope:zope:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: zope\.server\.http \(zope\.server\.http\)\r\n|s p/Zope httpd/ cpe:/a:zope:zope/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: zope\.server\.http \(HTTP\)\r\n|s p/Zope httpd/ cpe:/a:zope:zope/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Zope \(www\.zope\.org\), Python \(www\.python\.org\)\r\n|s p/Zope httpd/ cpe:/a:python:python/ cpe:/a:zope:zope/
# src/connections.c
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: lighttpd/([\w._-]+).*<\?xml version=\"1\.0\" encoding=\"iso-8859-1\"\?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\"\n         \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n <head>\n  <title>\d\d\d - [\w ]+</title>|s p/lighttpd/ v/$1/ cpe:/a:lighttpd:lighttpd:$1/
match http m|^HTTP/1\.1 \d\d\d .*Server: Optenet Web Server\r\n| p/Optenet httpd/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: uClinux-httpd ([\w._-]+)\n|s p/uClinux-httpd/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: uc-httpd[ /]([\w._-]+)\r?\n|s p/uc-httpd/ v/$1/ cpe:/a:xiongmai_technologies:uc-httpd:$1/
match http m|^HTTP/1\.1 200 Document follows\r\nServer: Micro-Web\r\n| p/Micro-Web/
match http m|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)*?Server: Indy/([\w._-]+)\r\n|s p/Indy httpd/ v/$1/ cpe:/a:indy:httpd:$1/a
match http m|^HTTP/1\.1 404 File not found\r\n(?:[^\r\n]+\r\n)*?Server: Indy/([\w._-]+)\r\n|s p/Indy httpd/ v/$1/ cpe:/a:indy:httpd:$1/a
match http m|^HTTP/1\.1 200 OK\r\nServer: WindWeb/([\w._-]+)\r\n| p/WindWeb/ v/$1/ cpe:/a:windriver:windweb:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Perl Dancer ([\w._-]+)\r\n| p/Perl Dancer/ v/$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Perl Dancer2 ([\w._-]+)\r\n| p/Perl Dancer2/ v/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-FB-Debug: [\w+/]{43}=\r\n|s p/Facebook httpd/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: Hiawatha v([-\w_.]+)\r\n| p/Hiawatha httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: TornadoServer/([\w._-]+)\r\n|s p/Tornado httpd/ v/$1/ cpe:/a:tornadoweb:tornado:$1/a
match http m|^HTTP/1\.1 200 OK\r.*\nServer: Node v([\d.]+)\r\n|s p/Node.js httpd/ v/$1/ cpe:/a:nodejs:node.js:$1/
match http m|^HTTP/1\.1 200 OK\r.*\nServer: GHC\r\n|s p/Gemius Hit Counter/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Pegasus/Plan9\r\n|s p/Pegasus httpd/ o/Plan 9/ cpe:/o:belllabs:plan_9/a
match http m|^HTTP/1\.0 \d\d\d [A-Z ]*\r.*\nServer: Werkzeug/([\w._-]+) Python/([\w._-]+)\r\n|s p/Werkzeug httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Webduino/([\w._-]+)\r\n| p/Webduino httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Restlet-Framework/([\w._-]+)\r\n|s p/Restlet Java web framework/ v/$1/ cpe:/a:restlet:restlet:$1/
# version is always 1.0. QUIP is configurable
# Default quip:
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: MochiWeb/1\.0 \(Any of you quaids got a smint\?\)\r\n| p/MochiWeb httpd/ cpe:/a:mochiweb_project:mochiweb/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: MochiWeb/1\.0 \((.*?)\)\r\n| p/MochiWeb httpd/ i/quip: "$1"/ cpe:/a:mochiweb_project:mochiweb/
match http m|^HTTP/1\.1 \d\d\d .*\r\nserver: node-static/([\w._-]+)\r\n| p/node-static httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: corehttp-([\w._-]+)\r\n| p/CoreHTTP httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ECS \(([a-z]{3}/[A-F\d]{4})\)\r\n|s p/Edgecast CDN httpd/ i/$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Embedthis-http\r\n|s p/Embedthis HTTP lib httpd/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Embedthis-http/(\d[\w._-]*)\r\n|s p/Embedthis HTTP lib httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: GoAhead-Webs/([\w._-]+)\r\n| p/GoAhead WebServer/ v/$1/ cpe:/a:goahead:goahead_webserver:$1/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: cloudflare-nginx\r\n|s p/Cloudflare nginx/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: cloudflare\r\n|s p/Cloudflare http proxy/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: GateOne\r\n|s p/Gate One http terminal emulator/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Warp/([\w._-]+)\r\n|s p/Warp Haskell httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Vorlon SR ([\w._-]+)\r\n|s p/Hummingbird Vorlon Servlet Runner/ v/$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Indy/([\w._-]+)\r\n|s p/Indy httpd/ v/$1/ cpe:/a:indy:httpd:$1/a
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Rocket ([\w._-]+) Python/([\w._-]+)\r\n|s p/Rocket httpd/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/ cpe:/a:timothy_farrell:rocket:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Debian Apt-Cacher NG/([\w._-]+)\r\n|s p/Debian Apt-Cacher NG httpd/ v/$1/ cpe:/a:debian:apt-cacher:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Boa/([\w._-]+)\r\n|s p/Boa/ v/$1/ cpe:/a:boa:boa:$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: mini_httpd/([\w._ /-]+)\r\n| p/mini_httpd/ v/$1/ cpe:/a:acme:mini_httpd:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: Mono\.WebServer2/([\w._-]+) Unix\r\n| p/Mono.WebServer2/ v/$1/ o/Unix/ cpe:/a:mono:xsp:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Splunkd\r\n|s p/Splunkd httpd/ cpe:/a:splunk:splunk/
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: BarracudaServer\.com \(Posix\)\r\n| p/Barracuda Embedded Web Server/ cpe:/a:real_time_logic:barracuda_embedded_web_server/
match http m|^HTTP/1\.1 \d\d\d .*\r\nserver: kolibri-([\w._-]+)\r\n| p/Kolibri httpd/ v/$1/ cpe:/a:senkas:kolibri:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nX-Powered-By: Servlet/([\w._-]+)\r\nContent-Type: text/html;charset=[^\r\n;]+\r\n\$WSEP: \r\nContent-Language: ([^\r\n]+)\r\n| p/IBM WebSphere Application Server/ i/Servlet $1; language: $2/ cpe:/a:ibm:websphere_application_server/
match http m|^HTTP/1\.0 \d\d\d .*\r\nX-Powered-By: Servlet/([\w._-]+)\r\nContent-Type: text/html;charset=[^\r\n;]+\r\n\$WSEP: \r\n| p/IBM WebSphere Application Server/ i/Servlet $1/ cpe:/a:ibm:websphere_application_server/
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nExpires: 0\r\nSet-Cookie: coreses5=; path=/; HttpOnly\r\nSet-Cookie: corelang5=orion:(\w+); path=/; expires=.*\r\nDate: .*\r\n\r\n| p/ISPsystem COREmanager/ i/language: $1/ cpe:/a:ispsystem:coremanager::::$1/
match http m|^HTTP/1\.0 400 Bad Request\r\nPragma: no-cache\r\nCache-Control: no-cache,no-store\r\n\r\n$| p|Sony NSZ-GS7/GS8 multimedia receiver httpd| d/media device/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nContent-Length: \d+\r\n\r\n.*<!--\nCopyright 2004-20\d\d H2 Group\.\n.*Sorry, remote connections \('webAllowOthers'\) are disabled on this server\.|s p/H2 Database console/ i/remote connections disabled/ cpe:/a:h2group:h2database/
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">\n<!--\nCopyright 2004-20\d\d H2 Group\.| p/H2 database http console/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Karrigell ([\w._-]+)\r\nDate: |s p/Karrigell web framework httpd/ v/$1/ cpe:/a:karrigell:karrigell:$1/
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .* GMT\r\nServer: WSGIServer/([\w._-]+) C?Python/([\w._+-]+)\r\n| p/WSGIServer/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:wsgiref:$1/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: MX4J-HTTPD/1\.0\r\n\r\n|s p/MX4J HTTP Adaptor/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ExtremeWare/([\d.]+)\r\n|s p/Exreme Networks switch admin httpd/ i/ExtremeWare XOS $1/ o/XOS/ cpe:/o:extremenetworks:extremeware_xos:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ngx_openresty/([\w._-]+)\r\n|s p/OpenResty web app server/ v/$1/ cpe:/a:openresty:ngx_openresty:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: ngx_openresty\r\n|s p/OpenResty web app server/ v/1.9.7.2 or earlier/ cpe:/a:openresty:ngx_openresty/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: openresty/([\w._-]+)\r\n|s p/OpenResty web app server/ v/$1/ cpe:/a:openresty:ngx_openresty:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: openresty\r\n|s p/OpenResty web app server/ cpe:/a:openresty:ngx_openresty/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: IntelliJ IDEA (\d[\w._-]*)\r\n|s p/IntelliJ IDEA/ v/$1/ cpe:/a:jetbrains:intellij_idea:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?server: Cowboy\r\n|s p/Cowboy httpd/ cpe:/a:ninenines:cowboy/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Cowboy\r\nDate: .*\r\nContent-Length: \d+\r\n\r\n| p/Cowboy httpd/ cpe:/a:ninenines:cowboy/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Xavante (\d[\w._-]+)\r\n|s p/Xavante Lua httpd/ v/$1/ cpe:/a:kepler_project:xavante:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Oracle-iPlanet-Web-Server/([\w._-]+)\r\n| p/Oracle iPlanet Web Server/ v/$1/ cpe:/a:oracle:iplanet_web_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Linux/(([\d.]+?)(?:\.x)?) UPnP/([\d.]+) Avtech/([\d.]+)\r\n|s p/Avtech IP camera httpd/ v/$4/ i/Linux $1; UPnP $3/ o/Linux/ cpe:/o:linux:linux_kernel:$2/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: BBVS/([\d.]+)\r\n| p/BBVS video streaming httpd/ v/$1/ o/Mac OS X/ cpe:/a:ben_software:bbvs:$1/ cpe:/o:apple:mac_os_x/a
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: BBVS\r\n| p/BBVS video streaming httpd/ o/Mac OS X/ cpe:/a:ben_software:bbvs/ cpe:/o:apple:mac_os_x/a
# Server header is usually "OpenBSD httpd" but compile-time configurable. CSS however is literal string, but only for abort responses.
match http m|^HTTP/1\.0 [345]\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Date: [^\r\n]*\r\nServer: [^\r\n]*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n.*\r\n<!DOCTYPE html>\n<html>\n<head>\n<title>[^<]*</title>\n<style type="text/css"><!--\nbody \{ background-color: white; color: black; font-family: 'Comic Sans MS', 'Chalkboard SE', 'Comic Neue', sans-serif; \}|s p/OpenBSD httpd/ cpe:/a:openbsd:httpd/
# meta content-type added Tue Mar 8 09:33:15 2016 UTC in revision 1.106 of server_httpd.c
match http m|^HTTP/1\.0 [345]\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Date: [^\r\n]*\r\nServer: [^\r\n]*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n.*\r\n<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>\n<title>[^<]*</title>\n<style type="text/css"><!--\nbody \{ background-color: white; color: black; font-family: 'Comic Sans MS', 'Chalkboard SE', 'Comic Neue', sans-serif; \}|s p/OpenBSD httpd/ cpe:/a:openbsd:httpd/
match http m|^HTTP/1.1 [126-9]\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: OpenBSD httpd\r\n|s p/OpenBSD httpd/ cpe:/a:openbsd:httpd/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\n(?:Connection: close\r\n)?Server: CE_E\r\n| p/Cisco Expressway E/ cpe:/a:cisco:expressway_software/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Play! Framework;([\d.]+);(\w+)\r\n|s p/Play Framework/ v/$1/ i/$2/ cpe:/a:zenexity:play_framework:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: IBM Mobile Connect\r\n|s p/IBM Lotus Mobile Connect/ cpe:/a:ibm:lotus_mobile_connect/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Wave World Wide Web Server \(W4S\) v([\d.]+)\r\n| p/Brocade Wave httpd/ v/$1/ i/NOS REST API/ cpe:/a:brocade:wave_world_wide_web_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: MQX HTTPSRV/[\d.]+ - Freescale Embedded Web Server v([\d.]+)\r\n| p/Freescale MQX embedded httpd/ v/$1/ o/MQX RTOS/ cpe:/o:freescale:mqx/
match http m|^HTTP/1\.1 \d\d\d .*\nServer: MQX HTTP - Freescale Embedded Web Server\n| p/Freescale MQX embedded httpd/ o/MQX RTOS/ cpe:/o:freescale:mqx/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\nServer: Microsoft-WinCE/([\d.]+)0\r\n| p/Microsoft Windows Embedded CE Web Server/ o/Windows CE $1/ cpe:/o:microsoft:windows_ce/a
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Devline Linia Server\r\n|s p/Devline Line surveillance system httpd/ d/security-misc/ cpe:/a:devline:line/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: esp8266-link\r\n| p/esp-link ESP8266 firmware httpd/ cpe:/a:thorsten_von_eicken:esp-link/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Mojolicious \(Perl\)\r\n|s p/Mojolicious httpd/ cpe:/a:sebastian_riedel:mojolicious/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Caddy\r\n|s p/Caddy httpd/ cpe:/a:matt_holt:caddy/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: embOS/IP\r\n|s p|Segger embOS/IP httpd| cpe:/a:segger:embos%2fip/

match http m|^HTTP/1\.1 [45]\d\d (?:[^\r\n]*\r\n)*?\r\n(?:<!DOCTYPE html>)?<html><head><title>Apache Tomcat/(\d[\w._-]*) - Error report</title>|s p/Apache Tomcat/ v/$1/ cpe:/a:apache:tomcat:$1/a
match http m|^HTTP/1\.1 [45]\d\d (?:[^\r\n]*\r\n)*?\r\n(?:<!DOCTYPE html>)?<html><head><title>Apache Tomcat/(\d[\w._-]*) - Informe de Error</title>|s p/Apache Tomcat/ v/$1/ i/Spanish/ cpe:/a:apache:tomcat:$1:::es/
match http m|^HTTP/1\.1 [45]\d\d (?:[^\r\n]*\r\n)*?\r\n(?:<!DOCTYPE html>)?<html><head><title>Apache Tomcat/(\d[\w._-]*) - Rapport d'erreur</title>|s p/Apache Tomcat/ v/$1/ i/French/ cpe:/a:apache:tomcat:$1:::fr/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Type: application/x-appweb-(\w+)\r\n|s p/Embedthis-Appweb/ i/extension: $1/ cpe:/a:mbedthis:appweb/
match http m|^HTTP/1\.1 \d\d\d .*\r\nMIME-Version: 1\.0\r\nServer: KS_HTTP/([\d.]+)\r\n| p/Canon Pixma printer http config/ i/KS_HTTP $1/ d/printer/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Content Gateway Manager ([\w._-]+)\r\n| p/Websense Content Gateway Manager http config/ v/$1/ cpe:/a:websense:websense_content_content_gateway:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: bfe\r\n| p/Baidu Front End httpd/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: bfe/([\d.]+)\r\n| p/Baidu Front End httpd/ v/$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: bfe/([\d.]+)-([\w-]+)\r\n| p/Baidu Front End httpd/ v/$1/ i/$2/
# Also matches Swift?
match http m|^HTTP/1\.0 \d\d\d .*<\?xml version=\"1\.0\" encoding=\"iso-8859-1\"\?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Transitional//EN\"\n         \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html xmlns=\"http://www\.w3\.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n <head>\n  <title>\d\d\d - [\w ]+</title>|s p/lighttpd/ cpe:/a:lighttpd:lighttpd/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?P3P: CP="This is not a P3P policy! See https://www\.google\.com/support/accounts/answer/151657\?hl=.. for more info\."\r\nServer: gws\r\n|s p/Google Web Server/
match http m|^HTTP/1\.[01] (?:[^\r\n]*\r\n(?!\r\n))*?Server: proxygen\r\nDate: |s p/Facebook Proxygen httpd/ cpe:/a:facebook:proxygen/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: 360wzws\r\nDate: |s p/360 WangZhan httpd/
match http m|^HTTP/1\.[01] 40[04] (?:[^\r\n]*\r\n(?!\r\n))*?Server: ATLAS Platform\r\n|s p/VeriSign Advanced Transaction Look-up Signaling http redirector/
match http m|^HTTP/1\.[01] (?:[^\r\n]*\r\n(?!\r\n))*?Date: [^\r\n]+ GMT\r\nServer: ECD \(\w+/[0-9A-F]+\)\r\n|s p/Edgecast ECD httpd/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: instart/nginx\r\n| p/nginx/ i/Instart Logic/ cpe:/a:igor_sysoev:nginx/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Tengine/([\w._-]+)\r\n|s p/Tengine httpd/ v/$1/ cpe:/a:alibaba:tengine:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Tengine\r\n|s p/Tengine httpd/ cpe:/a:alibaba:tengine/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: 0W/(\d[\w._-]+)\r\n|s p/0W-httpd/ v/$1/ cpe:/a:maxim_zotov:0w-httpd:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: 4D_v(\d+)/(\1\.\d+)\r\n| p/4D RDBMS web server/ v/$2/ cpe:/a:4d_sas:4d:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: 4D/([\d.]+)\r\n|s p/4D RDBMS web server/ v/$1/ cpe:/a:4d_sas:4d:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: close\r\nServer: NetData Embedded HTTP Server\r\n| p/NetData embedded httpd/ cpe:/a:firehol:netdata/
match http m|^HTTP/1\.[01] \d\d\d [^\r\n]+\r\nServer: Digiweb\r\n(?:[^\r\n]+\r\n)*?Expires: 26 Jul 1997 05:00:00 GMT\r\n|s p/Digitronic Digiweb httpd/ cpe:/a:digitronic:digiweb/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Wakanda/\d+ build ([.\d]+) WAF ([\d.]+) build ([\d-]+) \((\w+)-(\w+)\)\r\n|s p/Wakanda httpd/ v/$1/ i/Wakanda Application Framework $2 build $3; arch: $5/ o/$4/ cpe:/a:wakanda:wakanda_application_framework:$2/ cpe:/a:wakanda:wakanda_server:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Wakanda/\d+ build ([.\d]+) \((\w+)-(\w+)\)\r\n|s p/Wakanda httpd/ v/$1/ i/arch: $3/ o/$2/ cpe:/a:wakanda:wakanda_server:$1/
match http m|^HTTP/1\.[01] (?:[^\r\n]*\r\n(?!\r\n))*?Server: gunicorn/([\w._-]+)\r\n|s p/Gunicorn/ v/$1/ cpe:/a:gunicorn:gunicorn:$1/
match http m|^HTTP/1\.1 \d\d\d .*\nDate: .*\r\nConnection: close\r\nServer: Clearswift\r\n\r\n|s p/Clearswift Secure Web Gateway/ d/security-misc/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Influxdb-Version: ([\d.]+)\r\n|s p/InfluxDB http admin/ v/$1/ cpe:/a:influxdata:influxdb:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: KFWebServer\r\n|s p/KF Web Server/ cpe:/a:keyfocus:kf_web_server/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: KFWebServer/([\d.]+) (Windows[^\r\n]*)\r\n|s p/KF Web Server/ v/$1/ o/$2/ cpe:/a:keyfocus:kf_web_server/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Huawei-BMC\r\n| p/Huawei BMC httpd/ d/remote management/
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Seattle Lab HTTP Server/([\d.]+)\r\n| p/Seattle Lab httpd/ v/$1/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: WindRiver-WebServer/([\d.]+)\r\n| p/Wind River Web Server/ v/$1/ cpe:/a:windriver:web_server:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Python/([\d.]+) aiohttp/([\d.]+)\r\n|s p/aiohttp/ v/$2/ i/Python $1/ cpe:/a:aiohttp:aiohttp:$2/ cpe:/a:python:python:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Cassini/([\d.]+)\r\nDate: .*\r\nX-AspNet-Version: ([\d.]+)\r\n| p/Microsoft Cassini httpd/ v/$1/ i/ASP.NET $2/ o/Windows/ cpe:/a:microsoft:asp.net:$2/ cpe:/a:microsoft:cassini:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Cassini/([\d.]+)\r\nDate: .*\r\n| p/Microsoft Cassini httpd/ v/$1/ o/Windows/ cpe:/a:microsoft:cassini:$1/ cpe:/o:microsoft:windows/a
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: HTTP::Server::PSGI\r\n| p/Plack HTTP::Server::PSGI httpd/ cpe:/a:tatsuhiko_miyagawa:plack/
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: ZK Web Server\r\n| p/ZKTeco embedded web server/ d/specialized/
match http m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: WildFly/(\d[\w._-]*)\r\n|s p/JBoss WildFly Application Server/ v/$1/ cpe:/a:redhat:jboss_wildfly_application_server:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: fasthttp\r\nDate:| p/Vertamedia fasthttp/ cpe:/a:vertamedia:fasthttp/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Icinga/[rv](\d[\w._-]*)\r\n|s p/Icinga/ v/$1/ cpe:/a:icinga:icinga:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Motion-httpd/([\d.]+)(?:[-+][Gg]it-?\w+)?\r\n|s p/Motion http API/ v/$1/ cpe:/a:motion:motion:$1/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Motion/([\d.]+)(?:[-+][Gg]it-?\w+)?\r\n|s p/Motion jpeg streaming/ v/$1/ cpe:/a:motion:motion:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Simple-DNS-Plus/([\d.]+)\r\n|s p/Simple DNS Plus HTTP API/ v/$1/ cpe:/a:jh_software:simple_dns_plus:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: Vidat V7/(\d[\w._-]*) \(([^)]+)\)\r\n|s p/Vidat V7 httpd/ v/$1/ o/$2/ cpe:/a:vidat_consulting:v7:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: PowerStudio v(\d[\w.]*)\r\n| p/Circutor PowerStudio/ v/$1/ cpe:/a:circutor:powerstudio:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: servX\r\n| p/Hilscher servX httpd/ cpe:/a:hilscher:servx/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?server: WebSEAL/(\d[\w.]*)\r\n|s p/IBM WebSEAL/ v/$1/ cpe:/a:ibm:webseal:$1/
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: JREntServer/1\.1\r\n| p/Jinfonet JReport Enterprise Server/ cpe:/a:jinfonet:jrentserver/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Date: [^\r\n]+\r\nConnection: close\r\nServer: Prime\r\n\r\n|s p/Cisco Prime Infrastructure httpd/ cpe:/a:cisco:prime_infrastructure/

# Put this at the end because it's not a server, but a backend.
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Servlet/([\w._-]+) JSP/([\w._-]+)\r\n|s p/Java Servlet/ v/$1/ i/JSP $2/ cpe:/a:oracle:jsp:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: sisRapid Framework\r\n|s p/Saman Portal/ cpe:/a:saman_information_structure:sis_rapid_framework/
match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nWWW-Authenticate: Basic realm="Sling \(Development\)"\r\n\r\n| p/Adobe Experience Manager/ cpe:/a:adobe:adobe_experience_manager/
match http m|^HTTP/1\.1 200 OK\r\nX-App-Name: kibana\r\n| p/Elasticsearch Kibana/ cpe:/a:elasticsearch:kibana/
match http m|^HTTP/1\.1 200 OK\r\nkbn-name: kibana\r\nkbn-version: (\d[\w._-]*)\r\n| p/Elasticsearch Kibana/ v/$1/ cpe:/a:elasticsearch:kibana:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Express\r\n|s p/Node.js Express framework/ cpe:/a:nodejs:node.js/
match http m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Mojolicious \(Perl\)\r\n|s p/Mojolicious web framework/ cpe:/a:sebastian_riedel:mojolicious/
# https://support.f5.com/kb/en-us/solutions/public/14000/800/sol14815.html
match http m|^HTTP/1\.1 200 OK\r.*\nSet-Cookie: b{15}=[A-Z]{128}; HttpOnly\r\n|s p/F5 BIG-IP load balancer AVR module/ v/11.3.0 or later/ cpe:/a:f5:big-ip_application_visibility_and_reporting/
match http m|^HTTP/1\.1 \d\d\d.*__meteor_runtime_config__ = JSON\.parse\(decodeURIComponent\("%7B%22meteorRelease%22%3A%22METEOR%40([\d.]+)%22%2C%22PUBLIC_SETTINGS%22%3A%7B%7D%2C%22ROOT_URL%22%3A%22https?%3A%2F%2F([^%]+)%|s p/Meteor/ v/$1/ h/$2/ cpe:/a:meteor:meteor:$1/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-AspNetMvc-Version: ([\d.]+)\r\nX-AspNet-Version: ([\d.]+)\r\n|s p/ASP.NET/ v/$2/ i/MVC $1/ cpe:/a:microsoft:asp.net:$2/
match http m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: Sinopia/(\d[\w._-]*)\r\n|s p/Sinopia npm repository/ v/$1/ cpe:/a:alex_kocharin:sinopia:$1/
softmatch http m|^HTTP/1\.[01] (?:[^\r\n]*\r\n(?!\r\n))*?X-Powered-By: PHP/(\d[\w._-]+)|s i/PHP $1/ cpe:/a:php:php:$1/

# No more HTTP softmatch because many services that I don't think are
# best classified 'http' use http-like semantics (for example UPnP,
# some https servers, etc).  Maybe I should make softmatch allow
# future services that start with the service name, and relable all of
# those.  Shrug.  For now it is gone.
# softmatch http m|^HTTP/1.[01] \d\d\d|

# OCSP malformedRequest response status (1).
match http-ocsp m|^HTTP/1\.0 200 OK\r\nContent-type: application/ocsp-response\r\nContent-Transfer-Encoding: Binary\r\nContent-Length: 5\r\n\r\n0\x03\n\x01\x01$| p/OCSP over HTTP/

match http-proxy m|^HTTP/1\.1 401 Unauthorized\r\nConnection: closed\r\nContent-Length: \d+\r\nWWW-Authenticate: Basic realm=\"WebWasher configuration\"\r\n| p/WebWasher filtering proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\n.*<html><head><title>WebWasher - Error 400: Bad Request</title>|s p/WebWasher filtering proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.1 400 Bad Request\r\n.*<title>Webwasher - Notification</title>\r\n|s p/WebWasher filtering proxy/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 400 Ung\xfcltige Anforderung\r\nConnection: Close\r\nContent-type: text/html\r\nPragma: no-cache\r\n\r\n<html><head><title>WebWasher - Fehler 400: Ung\xfcltige Anforderung</title>| p/WebWasher filtering proxy/ i/German/ o/Windows/ cpe:/o:microsoft:windows/a

# MiddleMan filtering proxy server v1.5.2
# Middleman 1.8.3
match http-proxy m|^HTTP/1\.1 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: 463\r\nConnection: close\r\nProxy-Connection: close\r\n\r\n<html><head><title>File not found</title></head><!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\">\n<body text=\"#000000\" bgcolor=\"#99AABB\"| p/Middleman filtering web proxy/
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nServer: WWWOFFLE/(\d[-.\w]+)\r\n| p/WWWOFFLE caching webproxy/ v/$1/
match http-proxy m|^HTTP/1\.[01] 400 Host Not Found.*\r\n\r\n<html><head><title>The Proxomitron Reveals\.\.\.</title>|s p/Proxomitron universal web filter/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nDate: .*\r\n\r\n<html><body>.*<font color=\"#FF0000\">Proxy</font><font color=\"#0000FF\">\+</font> (\d[-.\w]+) \(Build #(\d+)\), Date: |s p/Fortech Proxy+ http admin/ v/$1 Build $2/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 403 Forbidden\r\nDate: .*\r\n\r\n<html><body>.*</b> Registration key allows only ([\d]+) simultaneous users\..*>Proxy</font><font color=\"#0000FF\">\+</font> ([\d.]+) \(Build #(\d+)\),|s p/Fortech Proxy+ http admin/ v/$2 Build $3/ i/$1 concurrent users allowed/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nServer: Jana-Server/(\d[-.\w]+)\r\n| p/JanaServer http proxy/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 400 Bad Request\nContent-Type: text/html\n\n<HTML><HEAD><TITLE>DansGuardian - | p/DansGuardian HTTP proxy/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nServer: FreeProxy/(\d[-.\w]+)\r\n| p/FreeProxy/ v/$1/
# EZproxy for Linux 2.2d GA (2003-09-01) - http://www.usefulutilities.com
match http-proxy m|HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: EZproxy\r\n|s p/EZproxy web proxy/
# http://bfilter.sourceforge.net/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\n(?:[^\r\n]+\r\n)*?\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\">\r\n<html>\r\n<head>\r\n  <title>BFilter Error</title>|s p/Bfilter proxy/
match http-proxy m|^HTTP/1\.0 501 Not Implemented\r\n.*<STRONG>\nUnsupported Request Protocol\n</STRONG>\n</UL>\n<P>\nBFilter does not support all request methods for all access protocols\.\n|s p/Bfilter proxy/
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nServer: tinyproxy/(\d[-.\w]+)\r\n| p/tinyproxy/ v/$1/ cpe:/a:banu:tinyproxy:$1/
# Privoxy 3.0.0 Filtering Web Proxy - http://www.privoxy.org
match http-proxy m|^HTTP/1\.0 400 Invalid header received from browser\r\n\r\n$| p|Junkbuster/Privoxy webproxy|
match http-proxy m|^HTTP/1\.0 400 Invalid header received from browser\n\n| p/Junkbuster webproxy/
match http-proxy m|^HTTP/1\.[01] 400 Invalid header received from client\r\nProxy-Agent: Privoxy ([\w._-]+)\r\n| p/Privoxy http proxy/ v/$1/
match http-proxy m|^HTTP/1\.0 400 Bad request received from browser\r\nConnection: close\r\n\r\nBad request\. Privoxy was unable to extract the destination\.\r\n| p/Privoxy http proxy/
match http-proxy m|^HTTP/1\.1 400 Bad request received from client\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\nBad request\. Privoxy was unable to extract the destination\.\r\n| p/Privoxy http proxy/
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: NetCache \(NetApp/(\d[-.\w]+)\)\r\n|s p/NetApp NetCache http proxy/ v/$1/ cpe:/a:netapp:netcache:$1/
# Not sure if the [-\w_.]+ is a hostname, it was netcache02
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nServer: NetCache appliance \(NetApp/([-\w_.]+)\)\r\n| p/NetApp NetCache http proxy/ v/$1/ cpe:/a:netapp:netcache:$1/
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Via: 1\.1 [-\w_.]+ \(NetCache NetApp/(\d[-.\w]+)\)\r\n\r\n<h1>Bad Request \(Invalid Hostname\)</h1>|s p/NetApp NetCache http proxy/ v/$1/ cpe:/a:netapp:netcache:$1/
# Squid 2.5.STABLE3 on NetBSD 1.6ZA
match http-proxy m|^HTTP/1\.[01] \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: [sS]quid/([-.\w+]+)\r\n|s p/Squid http proxy/ v/$1/ cpe:/a:squid-cache:squid:$1/
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: [sS]quid\r\n|s p/Squid http proxy/ cpe:/a:squid-cache:squid/
# Blue Coat Port 80 Security Appliance  Model: Blue Coat SG400 Software Version: SGOS 2.1.6044 Software Release id: 19480 Service Pack 4
match http-proxy m|^HTTP/1\.1 504 Gateway Time-out\r\nConnection: close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Length: 2976\r\nContent-Type: text/html\r\n\r\n<DIV class=Section1> \n\t\t<P class=MsoNormal| p/Blue Coat Security Appliance http proxy/ o/SGOS/ cpe:/o:bluecoat:sgos/a
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nServer: MS-MFC-HttpSvr/([\w._-]+)\r\n| p/Microsoft Foundation Class httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 400 Cache Detected Error\r\nDate: .*\r\nContent-Type: text/html\r\nVia: 1\.0 ([-.\w]+) \(NetCache NetApp/([-.\w]+)\)\r\n\r\n| p/NetApp NetCache http proxy/ v/$2/ h/$1/ cpe:/a:netapp:netcache:$2/
match http-proxy m|^HTTP/1\.0 400 Cache Detected Error\r\nContent-type: text/html\r\n\r\n.*Generated by squid/([\w._-]+)@([\w._-]+)\n|s p/Squid http proxy/ v/$1/ h/$2/ cpe:/a:squid-cache:squid:$1/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nMime-Version: 1\.0\r\n.*<!-- \n /\*\n Stylesheet for Squid Error pages\n|s p/Squid http proxy/ cpe:/a:squid-cache:squid/
# Novell BorderManager HTTP-Proxy
match http-proxy m|^HTTP/1\.0 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Content-Length: \d+\r\n\r\n.*<title>BorderManager Information Alert</title>|s p/Novell BorderManager HTTP-Proxy/ cpe:/a:novell:bordermanager/
match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nContent-type: text/html\r\n\r\n<html><head><title>InterScan Error</title></head>\r\n<body><h2>InterScan Error</h2>\r\nInterScan HTTP Version ([-\w_.]+) \$Date:| p/InterScan InterScan VirusWall/ v/$1/
# iPlanet-Web-Proxy-Server 3.6
match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nServer: IBM-PROXY-WTE-US/([\d.]+)\r\n| p/IBM-PROXY-WTE-US web proxy/ v/$1/
match http-proxy m|^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?Server: IBM-PROXY-FW/([\d.]+)\r\n|s p/IBM-PROXY-FW http proxy/ v/$1/
match http-proxy m|^<HTML><BODY bgColor=#FFFFFF link=#0000CC text=#000000 vLink=#CCCC88><TITLE>An error has occurred\.\.\.</TITLE><CENTER><TABLE width=600 border=0 cellpadding=2 cellspacing=1><TR bgcolor=#FFFFFF vAlign=top><TD width=\"90%\" colspan=2 bgcolor=#707888>| p/AnalogX web proxy/ i/misconfigured/ cpe:/a:analogx:proxy/
match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nContent-type: text/html\r\nContent-length: \d+\r\nWWW-authenticate: Basic realm=\"\(Password Only\) NAV for MS Exchange\"\r\n\r\n| p/NAV for MS Exchange/
match http-proxy m|^HTTP/1\.0 200 \nServer: VisualPulse \(tm\) ([\w.]+)\n| p/VisualPulse http proxy/ v/$1/
match http-proxy m|^HTTP/1\.0 302 Moved\r\nDate: .*\r\nServer: DeleGate/([\d.]+)\r\n| p/DeleGate proxy/ v/$1/
match http-proxy m|^HTTP/1\.0 302 Moved\r\nDate: .*\r\nServer: DeleGate| p/DeleGate proxy/
match http-proxy m|^HTTP/1\.0 200 OK\r\nProxy-agent: Netscape-Proxy/([\d.]+)\r\n| p/Netscape-proxy/ v/$1/
match http-proxy m|^HTTP/1\.0 504 Gateway Timeout\r\nContent-Type: text/html\r\nPragma: no-cache\r\n\r\n<H4><font COLOR=\"#FF0000\">Error parsing http request : </font></H2><p><pre>GET / / HTTP/1\.0\r\n\r\n</pre>| p/WinProxy http proxy/ o/Windows/ cpe:/a:bluecoat:winproxy/ cpe:/o:microsoft:windows/a
match http-proxy m|^HTTP/1\.0 \d\d\