added more services to fingerprint

Author: hollowpointer

assets/fingerprinting/dns.toml

@@ -0,0 +1,11 @@
+[service]
+name = "dns"
+default_ports = [53]
+description = "Domain Name System"
+
+# For TCP DNS, we can send a simple query or just check for the port.
+# DNS over TCP is often used for large responses.
+[[match]]
+name = "dns_tcp_match"
+pattern = "^[\\x00-\\xff][\\x00-\\xff][\\x01\\x00]" # Basic DNS header response part
+product = "dns"

assets/fingerprinting/ftp.toml

@@ -0,0 +1,10 @@
+[service]
+name = "ftp"
+default_ports = [21]
+description = "File Transfer Protocol"
+
+[[match]]
+name = "ftp_banner"
+pattern = "(?i)^220[\\s-]([\\w\\d\\s.-]+)"
+version_group = 1
+product = "ftp"

assets/fingerprinting/mongodb.toml

@@ -0,0 +1,10 @@
+[service]
+name = "mongodb"
+default_ports = [27017]
+description = "MongoDB Database"
+
+# MongoDB often sends something if we send a malformed/legacy request.
+[[match]]
+name = "mongodb_prequel"
+pattern = "MongoDB"
+product = "mongodb"

assets/fingerprinting/mysql.toml

@@ -0,0 +1,11 @@
+[service]
+name = "mysql"
+default_ports = [3306]
+description = "MySQL Database"
+
+# MySQL sends a handshake on connect.
+[[match]]
+name = "mysql_handshake"
+pattern = "^.[\\x00\\x00\\x00]([\\d.]+)"
+version_group = 1
+product = "mysql"

assets/fingerprinting/postgresql.toml

@@ -0,0 +1,15 @@
+[service]
+name = "postgresql"
+default_ports = [5432]
+description = "PostgreSQL Database"
+
+# Postgres needs a StartupMessage but often rejects with an error containing its ID.
+[[probe]]
+name = "postgres_startup"
+payload = "\x00\x00\x00\x08\x04\xd2\x16\x2f"
+protocol = "tcp"
+
+[[match]]
+name = "postgres_error"
+pattern = "^E\\s*C"
+product = "postgresql"

assets/fingerprinting/rdp.toml

@@ -0,0 +1,15 @@
+[service]
+name = "rdp"
+default_ports = [3389]
+description = "Remote Desktop Protocol"
+
+# RDP waits for a connection request.
+[[probe]]
+name = "rdp_connect"
+payload = "\x03\x00\x00\x13\x0e\xe0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x03\x00\x00\x00"
+protocol = "tcp"
+
+[[match]]
+name = "rdp_negotiate_resp"
+pattern = "^\\x03\\x00\\x00\\x0b\\x06\\xd0"
+product = "rdp"

assets/fingerprinting/redis.toml

@@ -0,0 +1,14 @@
+[service]
+name = "redis"
+default_ports = [6379]
+description = "Redis Key-Value Store"
+
+[[probe]]
+name = "redis_ping"
+payload = "PING\r\n"
+protocol = "tcp"
+
+[[match]]
+name = "redis_pong"
+pattern = "^\\+PONG"
+product = "redis"

assets/fingerprinting/rpcbind.toml

@@ -0,0 +1,11 @@
+[service]
+name = "rpcbind"
+default_ports = [111]
+description = "SUN Remote Procedure Call (Portmapper)"
+
+# Rpcbind usually needs a specific RPC call to get a response.
+# For now, we'll rely on the default port lookup unless we add complex RPC parsing.
+[[match]]
+name = "rpc_tcp_fragment"
+pattern = "^[\\x80-\\xff][\\x00-\\xff]{3}"
+product = "rpcbind"

assets/fingerprinting/smb.toml

@@ -0,0 +1,15 @@
+[service]
+name = "smb"
+default_ports = [445]
+description = "Microsoft-DS / SMB"
+
+# SMB usually needs a hand-shake, but many servers send nothing until spoken to.
+[[probe]]
+name = "smb_negotiate"
+payload = "\x00\x00\x00\x2f\xff\x53\x4d\x42\x72\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x50\x43\x20\x4e\x45\x54\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31\x2e\x30\x00"
+protocol = "tcp"
+
+[[match]]
+name = "smb_header_match"
+pattern = "^\xffSMB"
+product = "smb"

assets/fingerprinting/telnet.toml

@@ -0,0 +1,14 @@
+[service]
+name = "telnet"
+default_ports = [23]
+description = "Telnet Protocol"
+
+[[match]]
+name = "telnet_iac"
+pattern = "^[\\xff][\\xfb\\xfc\\xfd\\xfe]"
+product = "telnet"
+
+[[match]]
+name = "telnet_login"
+pattern = "(?i)login:\\s*$"
+product = "telnet"