This file is indexed.

/etc/pads/pads-signature-list is in pads 1.2-11.1+b1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
############################################################################
#
# Passive Asset Detection System - Signature List
#
# This contains a database of device signatures to be used with
# the Passive Asset Detection System.
#
# Format:
# <service>,<version info>,<signature>
#
# Service:  This describes the service name used by the signature.
# Examples would include SSH, HTTP, SMTP, etc.
#
# Version Info:  This contains a NMAP-like template for the service
# discovered by the signature.  The field follows this format:
#	v/vendorproductname/version/info/
#
# Signature:  This is a PCRE compatable regular expression without the
# surrounding /'s.  The signature should have one or two sets of ()'s
# depending on the Version Info field.
#
# $Id: pads-signature-list,v 1.2 2005/11/02 23:56:12 jfs Exp $
#
############################################################################
ssh,v/OpenSSH/$2/Protocol $1/,SSH-([.\d]+)-OpenSSH[_-](\S+)
ssh,v/Cisco SSH/$2/Protocol $1/,SSH-([.\d]+)-Cisco[_-](\S+)
ssh,v/Sun SSH/$2/Protocol $1/,SSH-([.\d]+)-Sun_SSH[_-](\S+)
ssh,v/Cisco IDS SSH/$2/Protocol $1/,SSH-([.\d]+)-CiscoIDS\/LoginServer[_-](\S+)

# WWW Signatures
www,v/Apache/$1//,Server: Apache\/([\S]+)[\r\n]
www,v/Apache/$1/$2/,Server: Apache\/([\S]+)[\s]+\((.*)\)
www,v/Apache/$1/$2/,Server: Apache\/([\S]+)[\s]+([\S]+)
www,v/Apache///,Server: Apache[\r\n]
www,v/Stronghold/$1/$2/,Server: Stronghold\/([\S]+) ([\S]+)
www,v/Microsoft-IIS/$1//,Server: Microsoft-IIS\/([\S]+)[\r\n]
www,v/Netscape Enterprise/$1//,Server: Netscape-Enterprise\/([\S]+)
www,v/NetCache//$1/,Server: NetCache (\(.*\))
www,v/Switch and Data - EdgePrism/$1//,Server:  EdgePrism\/([\S]+)
www,v/thttp/$1/$2/,Server: thttpd\/([\S]+) ([\S]+)
www,v/Apache Tomcat/$1/$2/,Server: Apache Tomcat\/([\S]+) (\(.*\))
www,v/Apache Coyote/$1//,Server: Apache Coyote\/([\S]+)
www,v/DoubleClick Adserver///,Server: DCLK-HttpSvr
www,v/Resin JSP Engine/$1//,Server: Resin\/([\S]+)
www,v/Akamai Ghost///,Server: AkamaiGHost
www,v/Footprint Distributor/$1//,Server: Footprint Distributor V([\S]+)
www,v/AOLserver/$1//,Server: AOLserver\/([\S]+)
www,v/IBM WebSphere Application Server/$1//,Server: WebSphere Application Server\/([\S]+)
www,v/Netscape Brew/$1//,Server: Netscape-Brew\/([\S]+)
www,v/swcd/$1//,Server: swcd\/([\S]+)[\r\n]
www,v/TrueSpectra Image Server/$1//,Server: TrueSpectra Image Server Version ([\S]+)
www,v/Oracle Apache Server/$1/$2/,Server: Oracle HTTP Server Powered by Apache\/([\S]+) (\([\S]+\))
www,v/Enhydra Application Server/$1//,Server: Enhydra-MultiServer\/([\S]+)
www,v/Zeus Web Server/$1//,Server: Zeus\/([\S]+)
www,v/Inktomi Traffic Cache/$2/$1/,Via: HTTP/1.. ([\S]+) \(Traffic-Server\/([\S]+)
www,v/Cougar/$1//,Server: Cougar\/([\S]+)[\r\n]
www,v/GWS/$1//,Server: GWS\/([\S]+)[\r\n]
www,v/Apache AdvancedExtranetServer/$1/$2/,Server: Apache-AdvancedExtranetServer\/([\S]+) \(([\S|\s]+)\)
www,v/IBM HTTP Server/$1/$2/,Server: IBM_HTTP_Server\/([\S]+) ([\S]+)
www,v/Boa Web Server/$1//,Server: Boa\/([\S]+)
www,v/Netscape Enterprise/$1/AOL/,Server: Netscape-Enterprise\/([\S]+) AOL
www,v/$1///,Server: (.*)\r\n

# Fallback WWW Signature
www,v/Unknown HTTP//$1/,^(HTTP/\d.\d)

# SSL Signatures
ssl,v/Generic TLS 1.0 SSL///,^\x16\x03\x01..\x02\0\0.\x03\x01
ssl,v/OpenSSL///,^\x16\x03\0\0J\x02\0\0F\x03\0

# SMB Sigantures
smb,v/Windows SMB///,\xffSMBr

# Mail Signatures
imap,v/Microsoft Exchange Server IMAP/$1/$2/,\* OK Microsoft Exchange Server ([\S]+) IMAP4rev1 server version ([\S]+)
imap,v/Cyrus IMAP4 Server/$1//,\* OK [-.\w]+ Cyrus IMAP4 v([-.\w]+) server ready
imap,v/UW IMAP Server/$1//,\* OK \[CAPABILITY IMAP4REV1 .*IMAP4rev1 (200\d\.[-.\w]+) ati

# FTP Signatures
ftp,v/Microsoft FTP Server/$1//,Microsoft FTP Service \(Version ([\S]+)\).
ftp,v/NcFTPd Server//$1/,NcFTPd Server \((.*)\) ready.
ftp,v/vsFTPd///,FTP server \(vsftpd\)
ftp,v/vsFTPd/$1//,220 \(vsFTPd ([\S]+)\)
ftp,v/ProFTPD Server/$1//,220 ProFTPD ([\S]+) Server
ftp,v/ProFTPD Server//$1/,220 ProFTPD \[(.*)\]
ftp,v/ProFTPD Server///,220 ProFTPD Server
ftp,v/WU-FTPD Server/$1//,FTP server \(Version wu-([\S]+)
ftp,v/Compaq Tru64 FTP Server/$2/$1/,220 ([-.\w]+) FTP server \(Compaq Tru64 UNIX Version ([\S]+)\) ready.[\r\n]
ftp,v/War-FTPD FTP Server/$2/$1/,220- ([\S]+) WAR-FTPD ([\S]+) Ready[\r\n]
ftp,v/Flash FTP Server/$1//,220 Flash FTP Server ([\S]+) ready
ftp,v/SFTPD//$1/,220- ([\S]+) FTP Server (SFTPD)
ftp,v/FreeBSD ftpd/$2/$1/,220 ([-.\w]+) FTP server \(Version (6.0\w+)\) ready.\r\n
ftp,v/FTP Generic//$1/,220 Welcome to ([\S]+)
ftp,v/FTP Generic//$1/,220 ([-.\w]+) FTP server ready
ftp,v/FTP Generic///,220 FTP server ready
ftp,v/GNU FTP Generic///,220 GNU FTP server ready
ftp,v/FTP Generic//$1,220 ([\S]+) FTP Server Ready

# Remote Access Systems
vnc,v/VNC//Protocol $1/,RFB ([\S]+)\n
rdp,v/Remote Desktop Protocol//Windows 2000 Server/,\x03\0\0\x0b\x06\xd0\0\0\x12.\0
rdp,v/Remote Desktop Protocol//Netmeeting Remote Assistance/,\x03\0\0\x17\x08\x02\0\0Z~\0\x0b\x05\x05@\x06\0\x08\x91J\0\x02X
ica,v/Citrix ICA Protocol///,/7f/7fICA/00
pcanywhere,v/PCAnywhere///,^\0X\x08\0\}\x08\r\n\0\.\x08.*\.\.\.\r\n

# IRC
irc,v/Dancer IRCD/$1//,running version dancer-ircd-([\S]+)

# SMTP
smtp,v/Postfix SMTP//$1/,^220 ([-.\w]+) ESMTP Postfix
smtp,v/Lotus Notes SMTP//$1/,^220 ([-.\w]+) Lotus SMTP MTA Service Ready\r\n
smtp,v/Lotus Domino SMTP/$2/$1,220 ([\S]+) ESMTP Service \(Lotus Domino Release ([\S]+)\)
smtp,v/Microsoft Exchange SMTP/$2/$1/,220 ([-.\w]+) Microsoft ESMTP MAIL Service, Version: ([\S]+)
smtp,v/Microsoft Exchange SMTP/$2/$1/,220 ([\S]+) ESMTP Server \(Microsoft Exchange Internet Mail Service ([\S]+)\) ready
smtp,v/Sendmail SMTP/$2/$1/,220 ([-.\w]+) ESMTP Sendmail (.*);
smtp,v/Maillennium SMTP/MULTIBOX//$1/,220 ([-.\w]+) - Maillennium ESMTP/MULTIBOX
smtp,v/IMail NT-ESMTP/$2/$1/,220 ([-.\w]+) \(IMail ([^)]+)\) NT-ESMTP Server
smtp,v/SMTPD ?//$2/,220 \[SMTPD]: ([-.\w]+) hello
smtp,v/Kerio MailServer/$2/$1/,220 ([-.\w]+) Kerio MailServer ([\S]+) ESMTP
smtp,v/Kerio MailServer/$2/$1/,220 ([\S]+) esmtp Kerio MailServer ([\S]+) ESMTP ready
smtp,v/Sendmail EDS Secure SMTP//$1/,220 ([-.\w]+) ESMTP Sendmail EDS Secure;
smtp,v/Proxy SMTP Service/$1/$2/,220 ([-.\w]+) SMTP Proxy Service Ready \(Version: ([^)]+)\)
smtp,v/Proxy SMTP Service///,220 SMTP Proxy Server Ready
smtp,v/Yahoo! SMTP Service//$1/,220 YSmtp ([\S]+) ESMTP service ready
smtp,v/SurgeMail/$2/$1/,220 ([-.\w]+) SurgeSMTP \(Version ([\S]+)\) http:\/\/surgemail.com
smtp,v/PowerMTA SMTP/$2/$1/,220 ([\S]+) \(PowerMTA ([\S|\s]+)\) ESMTP service ready
smtp,v/Exim/$2/$1/,220 ([\S]+) SMTP Exim ([\S]+)
smtp,v/Exim/$2/$1/,220-([\S]+) SMTP Exim ([\S]+)
smtp,v/LSMTP for Windows NT/$2/$1/,220 ([\S]+) \(LSMTP for Windows NT ([\S]+)\) ESMTP server ready
smtp,v/Postini Perimeter Manager/$2/$1/,220 ([\S]+) ESMTP ([\S]+) ready.  CA Business and Professions Code
smtp,v/Sun iPlanet Messaging Server//$1/,220 ([\S]+) -- Server ESMTP \(Iplanet Messaging Server\)
smtp,v/Sigaba Secure Email Gateway//$1/,220 ([\S]+) ESMTP Sigaba Gateway;
smtp,v/Terrace MailWatcher/$2/$1/,220 ([\S]+) ESMTP Terrace MailWatcher ([\S]+)
smtp,v/CheckPoint Firewall-1 SMTP Proxy///,220 CheckPoint FireWall-1 secure ESMTP server
smtp,v/MailPass SMTP Server/$2/$1/,220 ([\S]+) MailPass SMTP server ([\S]+)
smtp,v/CommuniGate Pro/$2/$1/,220 ([\S]+) ESMTP CommuniGate Pro ([\S]+)
smtp,v/MailSite SMTP Server/$2/$1/,220 ([\S]+)[\s]+MailSite ESMTP Receiver Version ([\S]+) Ready
smtp,v/MailEnable SMTP Server/$2/$1/,220 ([\S]+) ESMTP MailEnable Service, Version:[\s]+([\S]+)-- ready
smtp,v/InterMail SMTP Server/$2/$2/,220 ([\S]+) ESMTP server \(InterMail ([\S]+)
smtp,v/Perl SMTP::Server Module///,220 MacGyver SMTP Ready.
smtp,v/McAfee WebShield SMTP Proxy/$2/$1/,220 ([\S]+) WebShield SMTP ([\S]+) [\S]+ Network Associates, Inc.
smtp,v/Trend Micro InterScan/$2/$1/,220 ([\S]+) Trend Micro InterScan Messaging Security Suite, Version:[\s]+([\S]+) ready
smtp,v/Worldmail/$2/$1/,220 ([\S]+) ESMTP Service \(Worldmail ([\S]+)\) ready
smtp,v/Novell GroupWise/$2/$1/,220 ([\S]+) GroupWise Internet Agent (\S+)
smtp,v/$2 - Server SMTP//$1/,220 ([\S]+) -- Server ESMTP \(([.*]+)\)
smtp,v/Generic SMTP - Possible Postfix//$1/,220 ([-.\w]+) ESMTP\r\n
smtp,v/Generic SMTP//$1/,220 ([\S]+) Simple Mail Transfer Service Ready
smtp,v/Generic SMTP/$2/$1/,220 ([\S]+) SMTP Server \(([\S]+)\)
smtp,v/Generic SMTP//$1/,220 ([\S]+) SMTP
smtp,v/Generic SMTP//$1/,220 ([-.\w]+) ESMTP Server[\r\n]
smtp,v/Generic SMTP//$1/,220 ([\S]+) ESMTP Service
smtp,v/Generic SMTP//$1/,220[\s]+([-.\w]+) SMTP Server is ready to process
smtp,v/Generic SMTP/$2/$1/,220 ([\S]+) ESMTP ([\S]+)

# P2P signatures
bit,v/Bittorrent///,^\x13BitTorrent\x20protocol

# Database signatures
razor,v/Razor///,sn\=[DNC]\x26srl\=

# DNS Signatures
dns,v/TCP DNS Server///,^[\x02-\xFF]...\x84\x80