/etc/pads/pads-signature-list is in pads 1.2-11.1+b1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 | ############################################################################
#
# Passive Asset Detection System - Signature List
#
# This contains a database of device signatures to be used with
# the Passive Asset Detection System.
#
# Format:
# <service>,<version info>,<signature>
#
# Service: This describes the service name used by the signature.
# Examples would include SSH, HTTP, SMTP, etc.
#
# Version Info: This contains a NMAP-like template for the service
# discovered by the signature. The field follows this format:
# v/vendorproductname/version/info/
#
# Signature: This is a PCRE compatable regular expression without the
# surrounding /'s. The signature should have one or two sets of ()'s
# depending on the Version Info field.
#
# $Id: pads-signature-list,v 1.2 2005/11/02 23:56:12 jfs Exp $
#
############################################################################
ssh,v/OpenSSH/$2/Protocol $1/,SSH-([.\d]+)-OpenSSH[_-](\S+)
ssh,v/Cisco SSH/$2/Protocol $1/,SSH-([.\d]+)-Cisco[_-](\S+)
ssh,v/Sun SSH/$2/Protocol $1/,SSH-([.\d]+)-Sun_SSH[_-](\S+)
ssh,v/Cisco IDS SSH/$2/Protocol $1/,SSH-([.\d]+)-CiscoIDS\/LoginServer[_-](\S+)
# WWW Signatures
www,v/Apache/$1//,Server: Apache\/([\S]+)[\r\n]
www,v/Apache/$1/$2/,Server: Apache\/([\S]+)[\s]+\((.*)\)
www,v/Apache/$1/$2/,Server: Apache\/([\S]+)[\s]+([\S]+)
www,v/Apache///,Server: Apache[\r\n]
www,v/Stronghold/$1/$2/,Server: Stronghold\/([\S]+) ([\S]+)
www,v/Microsoft-IIS/$1//,Server: Microsoft-IIS\/([\S]+)[\r\n]
www,v/Netscape Enterprise/$1//,Server: Netscape-Enterprise\/([\S]+)
www,v/NetCache//$1/,Server: NetCache (\(.*\))
www,v/Switch and Data - EdgePrism/$1//,Server: EdgePrism\/([\S]+)
www,v/thttp/$1/$2/,Server: thttpd\/([\S]+) ([\S]+)
www,v/Apache Tomcat/$1/$2/,Server: Apache Tomcat\/([\S]+) (\(.*\))
www,v/Apache Coyote/$1//,Server: Apache Coyote\/([\S]+)
www,v/DoubleClick Adserver///,Server: DCLK-HttpSvr
www,v/Resin JSP Engine/$1//,Server: Resin\/([\S]+)
www,v/Akamai Ghost///,Server: AkamaiGHost
www,v/Footprint Distributor/$1//,Server: Footprint Distributor V([\S]+)
www,v/AOLserver/$1//,Server: AOLserver\/([\S]+)
www,v/IBM WebSphere Application Server/$1//,Server: WebSphere Application Server\/([\S]+)
www,v/Netscape Brew/$1//,Server: Netscape-Brew\/([\S]+)
www,v/swcd/$1//,Server: swcd\/([\S]+)[\r\n]
www,v/TrueSpectra Image Server/$1//,Server: TrueSpectra Image Server Version ([\S]+)
www,v/Oracle Apache Server/$1/$2/,Server: Oracle HTTP Server Powered by Apache\/([\S]+) (\([\S]+\))
www,v/Enhydra Application Server/$1//,Server: Enhydra-MultiServer\/([\S]+)
www,v/Zeus Web Server/$1//,Server: Zeus\/([\S]+)
www,v/Inktomi Traffic Cache/$2/$1/,Via: HTTP/1.. ([\S]+) \(Traffic-Server\/([\S]+)
www,v/Cougar/$1//,Server: Cougar\/([\S]+)[\r\n]
www,v/GWS/$1//,Server: GWS\/([\S]+)[\r\n]
www,v/Apache AdvancedExtranetServer/$1/$2/,Server: Apache-AdvancedExtranetServer\/([\S]+) \(([\S|\s]+)\)
www,v/IBM HTTP Server/$1/$2/,Server: IBM_HTTP_Server\/([\S]+) ([\S]+)
www,v/Boa Web Server/$1//,Server: Boa\/([\S]+)
www,v/Netscape Enterprise/$1/AOL/,Server: Netscape-Enterprise\/([\S]+) AOL
www,v/$1///,Server: (.*)\r\n
# Fallback WWW Signature
www,v/Unknown HTTP//$1/,^(HTTP/\d.\d)
# SSL Signatures
ssl,v/Generic TLS 1.0 SSL///,^\x16\x03\x01..\x02\0\0.\x03\x01
ssl,v/OpenSSL///,^\x16\x03\0\0J\x02\0\0F\x03\0
# SMB Sigantures
smb,v/Windows SMB///,\xffSMBr
# Mail Signatures
imap,v/Microsoft Exchange Server IMAP/$1/$2/,\* OK Microsoft Exchange Server ([\S]+) IMAP4rev1 server version ([\S]+)
imap,v/Cyrus IMAP4 Server/$1//,\* OK [-.\w]+ Cyrus IMAP4 v([-.\w]+) server ready
imap,v/UW IMAP Server/$1//,\* OK \[CAPABILITY IMAP4REV1 .*IMAP4rev1 (200\d\.[-.\w]+) ati
# FTP Signatures
ftp,v/Microsoft FTP Server/$1//,Microsoft FTP Service \(Version ([\S]+)\).
ftp,v/NcFTPd Server//$1/,NcFTPd Server \((.*)\) ready.
ftp,v/vsFTPd///,FTP server \(vsftpd\)
ftp,v/vsFTPd/$1//,220 \(vsFTPd ([\S]+)\)
ftp,v/ProFTPD Server/$1//,220 ProFTPD ([\S]+) Server
ftp,v/ProFTPD Server//$1/,220 ProFTPD \[(.*)\]
ftp,v/ProFTPD Server///,220 ProFTPD Server
ftp,v/WU-FTPD Server/$1//,FTP server \(Version wu-([\S]+)
ftp,v/Compaq Tru64 FTP Server/$2/$1/,220 ([-.\w]+) FTP server \(Compaq Tru64 UNIX Version ([\S]+)\) ready.[\r\n]
ftp,v/War-FTPD FTP Server/$2/$1/,220- ([\S]+) WAR-FTPD ([\S]+) Ready[\r\n]
ftp,v/Flash FTP Server/$1//,220 Flash FTP Server ([\S]+) ready
ftp,v/SFTPD//$1/,220- ([\S]+) FTP Server (SFTPD)
ftp,v/FreeBSD ftpd/$2/$1/,220 ([-.\w]+) FTP server \(Version (6.0\w+)\) ready.\r\n
ftp,v/FTP Generic//$1/,220 Welcome to ([\S]+)
ftp,v/FTP Generic//$1/,220 ([-.\w]+) FTP server ready
ftp,v/FTP Generic///,220 FTP server ready
ftp,v/GNU FTP Generic///,220 GNU FTP server ready
ftp,v/FTP Generic//$1,220 ([\S]+) FTP Server Ready
# Remote Access Systems
vnc,v/VNC//Protocol $1/,RFB ([\S]+)\n
rdp,v/Remote Desktop Protocol//Windows 2000 Server/,\x03\0\0\x0b\x06\xd0\0\0\x12.\0
rdp,v/Remote Desktop Protocol//Netmeeting Remote Assistance/,\x03\0\0\x17\x08\x02\0\0Z~\0\x0b\x05\x05@\x06\0\x08\x91J\0\x02X
ica,v/Citrix ICA Protocol///,/7f/7fICA/00
pcanywhere,v/PCAnywhere///,^\0X\x08\0\}\x08\r\n\0\.\x08.*\.\.\.\r\n
# IRC
irc,v/Dancer IRCD/$1//,running version dancer-ircd-([\S]+)
# SMTP
smtp,v/Postfix SMTP//$1/,^220 ([-.\w]+) ESMTP Postfix
smtp,v/Lotus Notes SMTP//$1/,^220 ([-.\w]+) Lotus SMTP MTA Service Ready\r\n
smtp,v/Lotus Domino SMTP/$2/$1,220 ([\S]+) ESMTP Service \(Lotus Domino Release ([\S]+)\)
smtp,v/Microsoft Exchange SMTP/$2/$1/,220 ([-.\w]+) Microsoft ESMTP MAIL Service, Version: ([\S]+)
smtp,v/Microsoft Exchange SMTP/$2/$1/,220 ([\S]+) ESMTP Server \(Microsoft Exchange Internet Mail Service ([\S]+)\) ready
smtp,v/Sendmail SMTP/$2/$1/,220 ([-.\w]+) ESMTP Sendmail (.*);
smtp,v/Maillennium SMTP/MULTIBOX//$1/,220 ([-.\w]+) - Maillennium ESMTP/MULTIBOX
smtp,v/IMail NT-ESMTP/$2/$1/,220 ([-.\w]+) \(IMail ([^)]+)\) NT-ESMTP Server
smtp,v/SMTPD ?//$2/,220 \[SMTPD]: ([-.\w]+) hello
smtp,v/Kerio MailServer/$2/$1/,220 ([-.\w]+) Kerio MailServer ([\S]+) ESMTP
smtp,v/Kerio MailServer/$2/$1/,220 ([\S]+) esmtp Kerio MailServer ([\S]+) ESMTP ready
smtp,v/Sendmail EDS Secure SMTP//$1/,220 ([-.\w]+) ESMTP Sendmail EDS Secure;
smtp,v/Proxy SMTP Service/$1/$2/,220 ([-.\w]+) SMTP Proxy Service Ready \(Version: ([^)]+)\)
smtp,v/Proxy SMTP Service///,220 SMTP Proxy Server Ready
smtp,v/Yahoo! SMTP Service//$1/,220 YSmtp ([\S]+) ESMTP service ready
smtp,v/SurgeMail/$2/$1/,220 ([-.\w]+) SurgeSMTP \(Version ([\S]+)\) http:\/\/surgemail.com
smtp,v/PowerMTA SMTP/$2/$1/,220 ([\S]+) \(PowerMTA ([\S|\s]+)\) ESMTP service ready
smtp,v/Exim/$2/$1/,220 ([\S]+) SMTP Exim ([\S]+)
smtp,v/Exim/$2/$1/,220-([\S]+) SMTP Exim ([\S]+)
smtp,v/LSMTP for Windows NT/$2/$1/,220 ([\S]+) \(LSMTP for Windows NT ([\S]+)\) ESMTP server ready
smtp,v/Postini Perimeter Manager/$2/$1/,220 ([\S]+) ESMTP ([\S]+) ready. CA Business and Professions Code
smtp,v/Sun iPlanet Messaging Server//$1/,220 ([\S]+) -- Server ESMTP \(Iplanet Messaging Server\)
smtp,v/Sigaba Secure Email Gateway//$1/,220 ([\S]+) ESMTP Sigaba Gateway;
smtp,v/Terrace MailWatcher/$2/$1/,220 ([\S]+) ESMTP Terrace MailWatcher ([\S]+)
smtp,v/CheckPoint Firewall-1 SMTP Proxy///,220 CheckPoint FireWall-1 secure ESMTP server
smtp,v/MailPass SMTP Server/$2/$1/,220 ([\S]+) MailPass SMTP server ([\S]+)
smtp,v/CommuniGate Pro/$2/$1/,220 ([\S]+) ESMTP CommuniGate Pro ([\S]+)
smtp,v/MailSite SMTP Server/$2/$1/,220 ([\S]+)[\s]+MailSite ESMTP Receiver Version ([\S]+) Ready
smtp,v/MailEnable SMTP Server/$2/$1/,220 ([\S]+) ESMTP MailEnable Service, Version:[\s]+([\S]+)-- ready
smtp,v/InterMail SMTP Server/$2/$2/,220 ([\S]+) ESMTP server \(InterMail ([\S]+)
smtp,v/Perl SMTP::Server Module///,220 MacGyver SMTP Ready.
smtp,v/McAfee WebShield SMTP Proxy/$2/$1/,220 ([\S]+) WebShield SMTP ([\S]+) [\S]+ Network Associates, Inc.
smtp,v/Trend Micro InterScan/$2/$1/,220 ([\S]+) Trend Micro InterScan Messaging Security Suite, Version:[\s]+([\S]+) ready
smtp,v/Worldmail/$2/$1/,220 ([\S]+) ESMTP Service \(Worldmail ([\S]+)\) ready
smtp,v/Novell GroupWise/$2/$1/,220 ([\S]+) GroupWise Internet Agent (\S+)
smtp,v/$2 - Server SMTP//$1/,220 ([\S]+) -- Server ESMTP \(([.*]+)\)
smtp,v/Generic SMTP - Possible Postfix//$1/,220 ([-.\w]+) ESMTP\r\n
smtp,v/Generic SMTP//$1/,220 ([\S]+) Simple Mail Transfer Service Ready
smtp,v/Generic SMTP/$2/$1/,220 ([\S]+) SMTP Server \(([\S]+)\)
smtp,v/Generic SMTP//$1/,220 ([\S]+) SMTP
smtp,v/Generic SMTP//$1/,220 ([-.\w]+) ESMTP Server[\r\n]
smtp,v/Generic SMTP//$1/,220 ([\S]+) ESMTP Service
smtp,v/Generic SMTP//$1/,220[\s]+([-.\w]+) SMTP Server is ready to process
smtp,v/Generic SMTP/$2/$1/,220 ([\S]+) ESMTP ([\S]+)
# P2P signatures
bit,v/Bittorrent///,^\x13BitTorrent\x20protocol
# Database signatures
razor,v/Razor///,sn\=[DNC]\x26srl\=
# DNS Signatures
dns,v/TCP DNS Server///,^[\x02-\xFF]...\x84\x80
|