Repository: sansatart/scrapts Branch: master Commit: a1ce8b8bc1c1 Files: 11 Total size: 67.2 KB Directory structure: gitextract_dd26r41x/ ├── BE_host_params.csv ├── BE_image_params.csv ├── README.md ├── forJAMESWT/ │ ├── 7_6_20_Allegro.txt │ ├── 7_7_20_Alfabank.txt │ └── 7_9_20-iocs.txt ├── gn-ip.sh ├── shodan-favicon-hashes.csv ├── shodan_facets.json ├── shodan_filters.json └── shodan_proto.json ================================================ FILE CONTENTS ================================================ ================================================ FILE: BE_host_params.csv ================================================ Field,Search Parameter,Type,Available Tags / Parameters,More Info General,as_name,string,, General,asn,int,, General,country,string,, General,created_at,date,, General,ip,string,, General,ipv6,boolean,, General,geoip.city_name,string,, General,geoip.country_name,string,, General,has_screenshot,boolean,, General,port,int,, General,protocol,string,, General,rdns,string,,https://www.cloudflare.com/learning/dns/glossary/reverse-dns/ General,rdns_parent,string,,https://www.cloudflare.com/learning/dns/glossary/reverse-dns/ General,type,string,"service-simplessl ssh vnc rdp x11 mongodb memcached elasticsearch redis", General,tag,string,"BUSYBOX CAMERA DATABASE DEVICES GAMES ICS IOT SHELL WEBCAM WEBSERVER", Service-Simple,banner,string,, Service-Simple,cpe,string,,https://csrc.nist.gov/projects/security-content-automation-protocol/specifications/cpe/ Service-Simple,device,string,, Service-Simple,extrainfo,string,, Service-Simple,name,string,, Service-Simple,ostype,string,, Service-Simple,product,string,, Service-Simple,version,string,, RDP,security,string,,https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/592a0337-dc91-4de3-a901-e1829665291d Bluekeep,vulnerable,boolean,,CVE-2019-0708 VNC,auth_enabled,boolean,, VNC,height,int,, VNC,title,string,, VNC,version,string,, VNC,width,int,, X11,height,int,, X11,vendor,string,, X11,vendor_release,string,, X11,version,string,,https://www.x.org/releases/X11R7.5/doc/x11proto/proto.pdf X11,width,int,, SSH,compression,string,,https://www.openssh.com/specs.html SSH,encryption,string,,https://www.openssh.com/specs.html SSH,kex,string,, SSH,mac,string,, SSH,server_host_key,string,, SSH,banner,string,, SSH,cyphers,string,,https://www.openssh.com/specs.html SSH,fingerprint,string,, SSH,hassh,string,, SSH,hassh_algorithms,string,, SSL,cert.issuer.commonName,string,, SSL,cert.issuer.organizationName,string,, SSL,cert.issuer_names,string,, SSL,cert.not_after,date,, SSL,cert.not_before,date,, SSL,cert.serial,string,, SSL,cert.signature_algorithm,string,, SSL,cert.signature_value,string,, SSL,cert.sha1_fingerprint,string,, SSL,cert.sha256_fingerprint,string,, SSL,cert.spki_subject_fingerprint,string,, SSL,cert.subject.commonName,string,, SSL,cert.subject.organizationName,string,, SSL,cert.subject_names,string,, SSL,cert.subject_dns,string,, SSL,cert.extensions.key_usage.*,boolean,"crl_sign data_encipherment decipher_only digital_signature encipher_only key_agreement key_cert_sign key_encipherment Non_repudiation ",https://tools.ietf.org/html/rfc5280 SSL,cert.extensions.extended_key_usage.*,boolean,"any_extended_key_usage client_auth code_signing eap_over_lan eap_over_ppp email_protection ipsec_end_system ipsec_ike ipsec_tunnel ipsec_user microsoft_server_gated microsoft_smart_card_logon ocsp_signing pkinit_kpkdc server_auth time_stamping",https://tools.ietf.org/html/rfc5280 SSL,ciphers,string,, SSL,client_auth_requirement_string,string,, SSL,highest_ssl_version_supported,string,, SSL,ja3,string,,https://github.com/salesforce/ja3 SSL,ja3_digest,string,,https://github.com/salesforce/ja3 SSL,ssl_cipher_supported,string,, SSL,tls_wrapped_protocol_string,string,, SSL,truststores,string,, SSL,compression_name,string,, SSL,supports_compression,boolean,,https://docs.citrix.com/en-us/citrix-sd-wan-wanop/11/secure-traffic-acceleration/ssl-compression/how-ssl-compression-works.html SSL,supports_fallback_scsv,boolean,,https://tools.ietf.org/html/rfc7507 SSL,is_vulnerable_to_heartbleed,boolean,,https://www.us-cert.gov/ncas/alerts/TA14-098A SSL,is_vulnerable_to_ccs_injection,boolean,,https://www.openssl.org/news/secadv/20140605.txt SSL,accepts_client_renegotiation,boolean,, SSL,supports_secure_renegotiation,boolean,, SSL,robot_result_enum,string,, HTTP,body,string,, HTTP,href,string,, HTTP,httpVersion,string,, HTTP,redirects,string,, HTTP,responseHeaders,string,, HTTP,server,string,, HTTP,sha256,string,, HTTP,statusCode,string,,https://developer.mozilla.org/en-US/docs/Web/HTTP/Status HTTP,statusMessage,string,, HTTP,title,string,, MQTT,auth,boolean,, MQTT,num_topics,int,, MQTT,messages,string,, MQTT,protocol,string,,https://github.com/mqtt/mqtt.github.io/wiki MQTT,version,string,, MQTT,topics,string,, Kubernetes,auth_required,boolean,, Kubernetes,pods_names,string,,https://kubernetes.io/docs/concepts/overview/working-with-objects/names/ RSYNC,banner,string,, RSYNC,modules.module,string,,https://rsync.samba.org/how-rsync-works.html RSYNC,modules.status,string,, RSYNC,status,string,, RSYNC,version,string,, TOR,exit_node,date,,https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt TOR,first_seen,date,, TOR,hostname,string,, TOR,last_seen,string,, TOR,platform,string,, TOR,router_name,string,, MongoDB,mongodb.ismaster,boolean,, MongoDB,mongodb.listDatabases,string,, MongoDB,mongodb.names,string,, MongoDB,mongodb.readonly,boolean,, MongoDB,mongodb.serverInfo,string,, MongoDB,mongodb.totalSize,int,, MongoDB,mongodb.version,string,,https://docs.mongodb.com/manual/ ElasticSearch,elasticsearch.build,string,,https://www.elastic.co/guide/index.html ElasticSearch,elasticsearch.build_flavor,string,, ElasticSearch,elasticsearch.build_hash,string,, ElasticSearch,elasticsearch.build_type,string,, ElasticSearch,elasticsearch.cluster_name,string,, ElasticSearch,elasticsearch.cluster_nodes,int,, ElasticSearch,elasticsearch.hostname,string,, ElasticSearch,elasticsearch.name,string,, ElasticSearch,elasticsearch.node_name,string,, ElasticSearch,elasticsearch.version,string,, ElasticSearch,elasticsearch.docs,int,,number of documents ElasticSearch,elasticsearch.indices,string,,name of indices ElasticSearch,elasticsearch.indices_raw,string,, ElasticSearch,elasticsearch.jvm.version,string,, ElasticSearch,elasticsearch.jvm.vm_name,string,, ElasticSearch,elasticsearch.jvm.vm_vendor,string,, ElasticSearch,elasticsearch.jvm.vm_version,string,, ElasticSearch,elasticsearch.modules,string,, ElasticSearch,elasticsearch.os.arch,string,, ElasticSearch,elasticsearch.os.cpu.model,string,, ElasticSearch,elasticsearch.os.cpu.vendor,string,, ElasticSearch,elasticsearch.os.name,string,, ElasticSearch,elasticsearch.os.pretty_name,string,, ElasticSearch,elasticsearch.os.version,string,, ElasticSearch,elasticsearch.ostype,string,, ElasticSearch,elasticsearch.plugins,string,, ElasticSearch,elasticsearch.roles,string,, ElasticSearch,elasticsearch.settings,string,, ElasticSearch,elasticsearch.size_in_bytes,int,, ElasticSearch,elasticsearch.total_indexing_buffer,int,, Cassandra,cassandra.cluster,string,, Cassandra,cassandra.cluster_name,string,, Cassandra,cassandra.datacenter,string,, Cassandra,cassandra.dse,boolean,, Cassandra,cassandra.dse_version,string,, Cassandra,cassandra.cql_version,string,, Cassandra,cassandra.rack,string,, Cassandra,cassandra.version,string,,https://cassandra.apache.org/doc/latest/ Cassandra,cassandra.thrift_version,string,, Cassandra,cassandra.keyspaces,string,, Cassandra,cassandra.keyspace_names,string,, Cassandra,cassandra.table_names,string,, Redis,redis.aof_base_size,string,, Redis,redis.aof_current_size,string,, Redis,redis.aof_enabled,int,, Redis,redis.arch_bits,int,, Redis,redis.atomicvar_api,string,, Redis,redis.auth_not_required,string,, Redis,redis.cluster_enabled,string,, Redis,redis.connected_slaves,int,, Redis,redis.databases,string,, Redis,redis.dbs,int,, Redis,redis.keys,int,, Redis,redis.maxmemory,string,, Redis,redis.maxmemory_human,string,, Redis,redis.maxmemory_policy,string,, Redis,redis.multiplexing_api,string,, Redis,redis.nodecount,string,, Redis,redis.os,string,, Redis,redis.redis_build_id,string,, Redis,redis.redis_mode,string,, Redis,redis.redis_version,string,, Redis,redis.repl_backlog_size,string,, Redis,redis.repl_sync_enabled,string,, Redis,redis.role,string,, Redis,redis.ssl_enabled,string,, Redis,redis.ssl_protocols,string,, Redis,redis.stats,string,, Redis,redis.uptime_in_days,int,, Redis,redis.uptime_in_seconds,int,, Redis,redis.used_memory,int,, Redis,redis.used_memory_dataset,string,, Redis,redis.used_memory_human,string,, Redis,redis.used_memory_lua,int,, Redis,redis.used_memory_lua_human,string,, Redis,redis.used_memory_overhead,string,, Redis,redis.used_memory_peak,int,, Redis,redis.used_memory_peak_human,string,, Redis,redis.used_memory_rss,int,, Redis,redis.used_memory_rss_human,string,, Redis,redis.used_memory_scripts,string,, Redis,redis.used_memory_scripts_human,string,, Redis,redis.used_memory_startup,string,, Redis,redis.versions,int,,https://redis.io/documentation Memcached,memcached.app_impl_used,string,, Memcached,memcached.app_version,string,, Memcached,memcached.bytes,int,, Memcached,memcached.commandargs,string,, Memcached,memcached.current_bytes,int,, Memcached,memcached.db_count,int,, Memcached,memcached.db_size,int,, Memcached,memcached.engine_maxbytes,int,, Memcached,memcached.free_bytes,int,, Memcached,memcached.ibuffer_size,int,, Memcached,memcached.local,string,, Memcached,memcached.memcached_version,string,, Memcached,memcached.num_servers,int,, Memcached,memcached.num_suspect_servers,int,, Memcached,memcached.peer,string,, Memcached,memcached.pointer_size,int,, Memcached,memcached.rep_conn_on,string,, Memcached,memcached.rep_state,string,, Memcached,memcached.replication,string,, Memcached,memcached.server,string,, Memcached,memcached.tcp_nodelay,string,, Memcached,memcached.total_items,int,, Memcached,memcached.uptime,int,, Memcached,memcached.version,string,,https://github.com/memcached/memcached/wiki/Overview RethinkDB,rethinkdb.database_names,string,,https://rethinkdb.com/docs RethinkDB,rethinkdb.tables_names,string,, ================================================ FILE: BE_image_params.csv ================================================ "Search Parameter","Type","Available Tags / Parameters","More Info" "as_name","string",, "asn","int",, "created_at","date",,"ts:year-month-day ts:[year-month-day TO year-month-day]" "country","string",,"ISO2 Country Codes" "ip","string",,"IP address or CIDR (in quotes)" "ipv6","boolean",, "geoip.city_name","string",, "geoip.country_name","string",, "port","int",, "protocol","string",,"TCP or UDP" "has_faces","boolean",, "height","int",,"image height" "rdns","string",, "rdns_parent","string",, "tags","string","HAS_FACES MOBILE RDP VNC WINDOWS X11", "width","int",,"image width" "words","string",,"text found by OCR" ================================================ FILE: README.md ================================================ # scrapts ================================================ FILE: forJAMESWT/7_6_20_Allegro.txt ================================================ SHA-256:78e09c2114e3bade4c04aa851d346e23b3903e98c481bdc63afb688d776ee9ec Filename:"Allegro.apk" C2: setbreakand[.]top (8.210.106[.]133) pDNS pivot: setupdown[.]top www[.]setupdown[.]top www[.]setbreakand[.]top setbreakand[.]top *[.]setbreakand[.]top boookandroid[.]xyz androidset[.]xyz www[.]breakthebooks[.]top www[.]androidset[.]xyz breakthebooks[.]top *[.]breakthebooks[.]top *[.]androidset[.]xyz ================================================ FILE: forJAMESWT/7_7_20_Alfabank.txt ================================================ Reference Tweet: https://twitter.com/ReBensk/status/1280554510008627201 File Name Альфа-Банк.apk Size 1.76MB MD5 ffb92e6ef2fed5fbb2632b0629538f5e SHA1 5816f56a57bf22cd77815bf43dccdf30ede0b134 SHA256 c74e30ab2abb6854fa1588d4c4fb30ce74b0968f3a9de8a79978766b78bd6f8b App Name alfabank Package Name mwotawhgamuaarckmynghbggzco.wjhahifdonbid.urapqeatshdynb Main Activity pwgmdgqdkhcjumuowtz.ssrfcjhnnemhmie.nyjedctsw.feq Target SDK 29 Min SDK 15 Max SDK Android Version Name 1.0 Android Version Code 1 data/data/mwotawhgamuaarckmynghbggzco.wjhahifdonbid.urapqeatshdynb/shared_prefs/settings.xml: "urlAdminPanel">hxxp://Bestreadpromto[.]com "idbot">jyaf5b0kndm8xuxde "key">xJSiE8hxwlXRC pDNS pivot: 8.208.10[.]148 *[.]kpname3647589[.]gq kpname3647589[.]gq *[.]kpname3647589reed[.]cf kpname3647589reed[.]cf mouseinbox[.]top *[.]online-beobank[.]com *[.]www-beobank[.]com www[.]www-beobank[.]com www[.]online-beobank[.]com www[.]beobank-be[.]com online-beobank[.]com nuwerken[.]info www-beobank[.]com beobank-be[.]com *[.]365online-review-payment[.]com *[.]credit-agricole-securite[.]com creditagricole-securite[.]com *[.]aib-fraudalert[.]com www[.]credit-agricole-securite[.]com www[.]aib-fraudalert[.]com www[.]365online-review-payment[.]com credit-agricole-securite[.]com 365online-review-payment[.]com aib-fraudalert[.]com *[.]ebankieren-be[.]com ing[.]ebankieren-be[.]com www[.]ebankieren-be[.]com ebankieren-be[.]com *[.]aib-reviewcharge[.]com aib-reviewcharge[.]com lsd[.]money kpname3647589[.]ga bestreadpreto[.]com kpname3647589[.]cf *[.]carabusmas[.]com www[.]carabusmas[.]com *[.]newbalancedshoes[.]top *[.]jogmaster[.]top jogmaster[.]top www[.]jogmaster[.]top www[.]peoplemachine[.]top www[.]newbalancedshoes[.]top carabusmas[.]com hpnametreiding[.]xyz bestreadpromto[.]com peoplemachine[.]top newbalancedshoes[.]top hpnametreiding[.]club hpnametreiding1[.]xyz ================================================ FILE: forJAMESWT/7_9_20-iocs.txt ================================================ Hashes: hxxps[:]//pandemidestekbirimi[.]net/ (Source URL) "5ab60cb12f5e148d6c9cdb2bfe4c3baf09ce004beda906888db442aa90a4c0cd" https[:]//cdn.discordapp[.]com/attachments/716448556726353981/726082052922933248/EvdeKal-20GB.apk (Source URL) "f31d64f6ed911c90fefe3ff3e005db081e2fb208a80869a830dd774067b1c57e" http[:]//flashplayerdown[.]com/FlashPlayer.apk (Source URL) 82f08e317522c69b342c7f841837a6c3d0a2c268deecacdb33093852d352d4dd C2: hxxp://ktosdelaetskrintotpidor[.]com (91.195.240[.]13) (82f08e317522c69b342c7f841837a6c3d0a2c268deecacdb33093852d352d4dd) hxxp://sositehuypidarasi[.]com (91.195.240[.]126) (82f08e317522c69b342c7f841837a6c3d0a2c268deecacdb33093852d352d4dd) hxxp://slickdiscs[.]com (8.210.25[.]65) (f31d64f6ed911c90fefe3ff3e005db081e2fb208a80869a830dd774067b1c57e) hxxp://lahanapancardomateshiyar[.]site (Current: 84.38.181[.]95 | Previous: 8.208.81[.]144) (5ab60cb12f5e148d6c9cdb2bfe4c3baf09ce004beda906888db442aa90a4c0cd) pDNS pivots: 8.210.25[.]65 slickdiscs[.]com bestdomainever[.]top bringmethetruth[.]com cleanclear[.]top bangtwice[.]top pickahero[.]top www[.]pickahero[.]top www[.]cleanclear[.]top www[.]bangtwice[.]top *[.]pickahero[.]top *[.]bangtwice[.]top 84.38.181[.]95 odryreo[.]site kamuranipisapa12[.]site lahanapancardomateshiyar[.]site tax261[.]com tax260[.]com pay-security64[.]com pay-security60[.]com pay-security61[.]com pay-security63[.]com pay-security62[.]com www[.]pay-security60[.]com www[.]pay-security62[.]com www[.]pay-security63[.]com www[.]pay-security64[.]com www[.]pay-security61[.]com *[.]pay-security60[.]com *[.]pay-security64[.]com *[.]pay-security61[.]com *[.]pay-security63[.]com tax262[.]com my3-billid230[.]com *[.]my3-billid230[.]com my3-billid232[.]com www[.]my3-billid232[.]com www[.]tax260[.]com www[.]tax262[.]com www[.]tax261[.]com www[.]tax263[.]com www[.]my3-billid230[.]com www[.]my3-billid231[.]com tax263[.]com my3-billid231[.]com *[.]tax263[.]com *[.]tax260[.]com pay-security51[.]com pay-security53[.]com pay-security52[.]com www[.]pay-security52[.]com www[.]pay-security55[.]com www[.]pay-security53[.]com www[.]pay-security51[.]com www[.]pay-security54[.]com pay-security55[.]com pay-security50[.]com pay-security54[.]com *[.]tax261[.]com *[.]my3-billid232[.]com *[.]my3-billid231[.]com *[.]tax262[.]com *[.]pay-security55[.]com *[.]pay-security52[.]com *[.]pay-security51[.]com *[.]pay-security54[.]com *[.]pay-security50[.]com *[.]pay-security53[.]com pay-security42[.]com payment-id334[.]com h-m-r-c284[.]net h-m-r-c283[.]net h-m-r-c282[.]net h-m-r-c281[.]net h-m-r-c280[.]net 8.208.81[.]144 tinopery[.]top stambuland6[.]site *[.]buland5[.]site odricatt[.]live *[.]odryreo[.]site www[.]buland5[.]site buland5[.]site www[.]odryreo[.]site bulan337[.]site tambuland7[.]live *[.]stambuland7[.]live www[.]stambuland7[.]live stambuland7[.]live *[.]stambuland017[.]live stambuland017[.]live *[.]dominostanbul12[.]site dominostanbul12[.]site *[.]devokerizo12[.]site www[.]parkinasyone[.]site devokerizo12[.]site parkinasyone[.]site *[.]tartarorder23[.]site tartarorder23[.]site www[.]demorasia34[.]site demorasia34[.]site *[.]erkeginorospusu12[.]site erkeginorospusu12[.]site dekoraplicasion312[.]site *[.]karpuzkirazkavun[.]site karpuzkirazkavun[.]site *[.]pakizetarcin12[.]site www[.]pakizetarcin12[.]site pakizetarcin12[.]site *[.]domatescoin[.]live domatescoin[.]live *[.]pirimanabc11[.]site www[.]pirimanabc11[.]site pirimanabc11[.]site *[.]mzkletriasa01[.]site www[.]mzkletriasa01[.]site mzkletriasa01[.]site *[.]kelimtrack0912[.]site kelimtrack0912[.]site *[.]redburntrack[.]site redburntrack[.]site www[.]redburntrack[.]site www[.]lahanapancardomateshiyar[.]site *[.]lahanapancardomateshiyar[.]site lahanapancardomateshiyar[.]site odryreo[.]site ================================================ FILE: gn-ip.sh ================================================ #!/usr/bin/env bash RED=$(tput setaf 1) BLUE=$(tput setaf 4) WHITE=$(tput setaf 7) NORMAL=$(tput sgr0) ##Quick PCAP analysis: Greynoise, whob, file extraction (HTTP) ##Tested on Ubuntu 18.04.2 LTS ##Dependency Check #whob if ! [ -x "$(command -v whob)" ]; then printf "\n" echo "${RED}Error: whob doesn't appear to be installed.${NORMAL}" printf "\n" echo "${WHITE}Try: https://pwhois.org/lft/${NORMAL}" exit fi #greynoise if ! [ -x "$(command -v greynoise)" ]; then printf "\n" echo "${RED}Error: greynoise doesn't appear to be installed.${NORMAL}" printf "\n" echo "${WHITE}Try: sudo -H pip3 install greynoise --upgrade${NORMAL}" exit fi #tshark if ! [ -x "$(command -v tshark)" ]; then printf "\n" echo "${RED}Error: tshark doesn't appear to be installed.${NORMAL}" printf "\n" echo "${WHITE}Try: sudo apt install tshark${NORMAL}" exit fi timestamp=$(date +%Y-%m-%d:%H:%M) pcap_file=$(zenity --file-selection --title "PCAP File" --text "Select PCAP File" --file-filter='*.pcap*' 2> >(grep -v 'GtkDialog' >&2)) if [ ! -d "pcap-$timestamp-out" ]; then mkdir "pcap-$timestamp-out" fi cd "pcap-$timestamp-out" #Initial parse of pcap file using tshark if [ -n "$pcap_file" ]; then tshark -r $pcap_file -T fields -e ip.src | grep -vE '^(192\.168|10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.)' | sort -u > $timestamp-ip-out.txt whob -gnupf "$timestamp-ip-out.txt" > whob-$timestamp-ip-out.txt else zenity --error --text "No file found, exiting" 2> >(grep -v 'GtkDialog' >&2) exit fi #pass IPs to greynoise if [ -s "$timestamp-ip-out.txt" ]; then while read ip; do greynoise "$ip" > gn-"$ip"-out.txt done < "$timestamp-ip-out.txt" grep -Z -l "No results found" gn-*.txt | xargs -0 rm gnmatches=$(ls gn-*.txt | egrep -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}") printf "\n" echo "${WHITE}IPs found in Greynoise:${NORMAL}" printf "\n" echo "${BLUE}"$gnmatches"${NORMAL}" else zenity --error --text "Empty file found, exiting" 2> >(grep -v 'GtkDialog' >&2) exit fi #grab all objects from PCAP tshark -r $pcap_file --export-objects "http,objects" > /dev/null cd objects sha256sum * | sort -u > ../sha256-out-file.txt sha256sum * | awk '{ print $1 }' | sort -u > ../sha256-out-hash.txt ================================================ FILE: shodan-favicon-hashes.csv ================================================ "http.favicon.hash","Product/Application","Example http.title","Example header(s) / ssl string","More Info" 81586312,"Jenkins","Dashboard [Jenkins]","X-Jenkins: X-Hudson: X-Jenkins-Session: X-Hudson-Theme:", -235701012,"Cnservers LLC",,, 743365239,"Atlassian",,, 2128230701,"Chainpoint","Chainpoint Node Dashboard",, -1277814690,"LaCie","LaCie ",, 246145559,"Parse","Parse Dashboard",, 628535358,"Atlassian",,, 855273746,"JIRA","System Dashboard",, 1318124267,"Avigilon","Avigilon Control Center Gateway",, -305179312,"Atlassian – Confluence",,, 786533217,"OpenStack","Login - OpenStack Dashboard",, 432733105,"Pi Star","Digital Voice Dashboard",, 705143395,"Atlassian",,, -1255347784,"Angular IO (AnglularJS)",,, -1275226814,"XAMPP",,, -2009722838,"React",,, 981867722,"Atlassian – JIRA",,, -923088984,"OpenStack","OpenStack Dashboard",, 494866796,"Aplikasi","Dashboard-Aplikasi",, 2110041688,"ระบบจองห้องประชุม",,, -493051473,"hxxp://www[.k2ie.net","Reflector Dashboard",, 1249285083,"Ubiquiti Aircube","airCube",, -1379982221,"Atlassian – Bamboo",,, 420473080,"Exostar – Managed Access Gateway","MAG Dashboard Login",, -1642532491,"Atlassian – Confluence",,, 163842882,"Cisco Meraki","Meraki Dashboard Login",, -1378182799,"Archivematica","Archivematica Dashboard",, -702384832,"TCN","TCN User Dashboard",, -532394952,"CX","CX Dashboard",, -183163807,"Ace","Dashboard - Ace Admin",, 552727997,"Atlassian – JIRA",,, 1302486561,"NetData","netdata dashboard",, -609520537,"OpenGeo Suite","OpenGeo Suite Dashboard",, -1961046099,"Dgraph Ratel","Dgraph Ratel Dashboard",, -1581907337,"Atlassian – JIRA",,, 1913538826,"Material Dashboard","Material Dashboard React",, 1319699698,"Form.io",,, -1203021870,"Kubeflow","Kubeflow Central Dashboard",, -182423204,"netdata dashboard",,, 988422585,"CapRover",,, 2113497004,"WiJungle","WiJungle Admin Dashboard",, 1234311970,"Onera","Onera Dynamic Availability Dashboard ",, 430582574,"SmartPing","SmartPing Dashboard",, 1232596212,"OpenStack","OpenStack Dashboard",, 1585145626,"netdata dashboard",,, -219752612,"FRITZ!Box"," FRITZ!Box",, -697231354,"Ubiquiti – AirOS",,, 945408572,"Fortinet – Forticlient",,, 1768726119,"Outlook Web Application","Outlook Web App",, 2109473187,"Huawei – Claro",,"CN = mediarouter.home", 552592949,"ASUS AiCloud","AiCloud",, 631108382,"SonicWALL","SonicWall – Authentication","Server: SonicWALL", 708578229,"Google",,, -134375033,"Plesk",,, 2019488876,"Dahua Storm (IP Camera)","WEB SERVICE",, -1395400951,"Huawei – ADSL/Router",,, 1601194732,"Sophos Cyberoam (appliance)",,, -325082670,"LANCOM Systems",,, -1050786453,"Plesk",,, -1346447358,"TilginAB (HomeGateway)","myhome",, 1410610129,"Supermicro Intelligent Management (IPMI)",,, -440644339,"Zyxel ZyWALL",,, 363324987,"Dell SonicWALL","DELL SonicWALL – Authentication",, -1446794564,"Ubiquiti Login Portals","Ubiquiti Networks",, 1045696447,"Sophos User Portal/VPN Portal","User Portal",, -297069493,"Apache Tomcat",,, 396533629,"OpenVPN",,, 1462981117,"Cyberoam",,, 1772087922,"ASP.net favicon",,, 1594377337,"Technicolor",,, 165976831,"Vodafone (Technicolor)",,, -1677255344,"UBNT Router UI","EdgeOS",, -359621743,"Intelbras Wireless",,, -677167908,"Kerio Connect (Webmail)",,, 878647854,"BIG-IP",,, 442749392,"Microsoft OWA","Outlook Web App","X-OWA-Version: 14.3.", 1405460984,"pfSense","Login",, -271448102,"iKuai Networks",,, 31972968,"Dlink Webcam",,, 970132176,"3CX Phone System","3CX Phone System Management Console",, -1119613926,"Bluehost","Bluehost.com",, 123821839,"Sangfor","SANGFOR",, 459900502,"ZTE Corporation (Gateway/Appliance)",,, -2069844696,"Ruckus Wireless","Ruckus Wireless Admin",, -1607644090,"Bitnami","Bitnami Redmine Stack",, 2141724739,"Juniper Device Manager","Log In – Juniper Web Device Manager",, 1835479497,"Technicolor Gateway","Technicolor Gateway – Login",, 1278323681,"Gitlab","Sign in · GitLab",, -1929912510,"NETASQ - Secure / Stormshield","AUTHENTICATION",, -1255992602,"VMware Horizon","VMware Horizon",, 1895360511,"VMware Horizon","VMware Horizon",, -991123252,"VMware Horizon","VMware Horizon",, 1642701741,"Vmware Secure File Transfer","VMWARE Secure Data Transfer",, -266008933,"SAP Netweaver","SAP NetWeaver Application Server Java",, -1967743928,"SAP ID Service: Log On",,, 1347937389,"SAP Conversational AI",,, 602431586,"Palo Alto Login Portal",,, -318947884,"Palo Alto Networks",,, 1356662359,"Outlook Web Application","Outlook Web App",, 1453890729,"Webmin","Login to Webmin",, -1814887000,"Docker","Docker Enterprise",, 1937209448,"Docker","Docker Trusted Registry",, -1544605732,"Amazon","PHP Application - AWS Elastic Beanstalk",, 716989053,"Amazon","Amazon Web Services (AWS) - Cloud Computing Services",, -1010568750,"phpMyAdmin","phpMyAdmin ","Set-Cookie: phpMyAdmin", -1240222446,"Zhejiang Uniview Technologies Co.,Ltd. | UNV IP camera / NVR – DVR",,,"example plugin: 8d72b3c00dde9e18ccded063fd2ac545dd321e91 WebPlayer.exe" -986678507,"ISP Manager","Authorization","Set-Cookie: ispmgr","hxxp://ispsystem[.com" -1616143106,"AXIS (network cameras)","Index page",, -976235259,"Roundcube Webmail","Roundcube Webmail",, 768816037,"UniFi Video Controller (airVision)",,,"https://dl.ubnt.com/datasheets/airvision/airVision_ds.pdf" 1015545776,"pfSense","Login",, 1838417872,"Freebox OS","Freebox OS :: Identification",, 1188645141,"hxxps://www.hws[.com/?host",,, 547282364,"Keenetic","Keenetic Web",,"https://keenetic.com/en" -1571472432,"Sierra Wireless Ace Manager (Airlink)","::: ACEmanager :::",, 149371702,"Synology DiskStation",,, -1169314298,"INSTAR IP Cameras","INSTAR IP Cameras",, -1038557304,"Webmin","Login to Webmin",, 1307375944,"Octoprint (3D printer)","OctoPrint Login",, 1280907310,"Webmin","Login to Webmin",, 1954835352,"Vesta Hosting Control Panel","Vesta – LOGIN | Vesta Control Panel",, 509789953,"Farming Simulator Dedicated Server","Farming Simulator Dedicated Server | Login",, -1933493443,"Residential Gateway","Login - Residential Gateway",, 1993518473,"cPanel Login","cPanel Login",, -1477563858,"Arris","Login",, -895890586,"PLEX Server",,, -1354933624,"Dlink Webcam",,, 944969688,"Deluge","Deluge: Web UI",, 479413330,"Webmin","Login to Webmin",, -359621743,"Intelbras Wireless",,"Server: axhttpd", -435817905,"Cambium Networks","ePMP",, -981606721,"Plesk","Domain Default page","X-Powered-By-Plesk: PleskWin", 833190513,"Dahua Storm (IP Camera)",,, -1314864135,10,"10次郎-免费成人视频 – 10次郎在线观看",, -652508439,"Parallels Plesk Panel","Default Parallels Plesk Panel Page",, -569941107,"Fireware Watchguard","Fireware XTM User Authentication","Fireware web CA", 1326164945,"Shock&Innovation!! netis setup","Shock&Innovation!! netis setup",, -1738184811,"cacaoweb","cacaoweb",, 904434662,"Loxone (Automation)","Webinterface",, 905744673,"HP Printer / Server",,"Server: HP HTTP Server", 902521196,"Netflix",,, -2063036701,"Linksys Smart Wi-Fi","Linksys Smart Wi-Fi",, -1205024243,"lwIP (A Lightweight TCP/IP stack)",,,"(http://savannah.nongnu.org/projects/lwip)" 607846949,"Hitron Technologies","Log in to Common Router - Hitron Technologies",, 1281253102,"Dahua Storm (DVR)",,, 661332347,"MOBOTIX Camera",,"WWW-Authenticate: Basic realm=""MOBOTIX Camera User""", -520888198,"Blue Iris (Webcam)","Blue Iris Login","Server: BlueServer", 104189364,"Vigor Router","Vigor 3900","O=Draytek", 1227052603,"Alibaba Cloud (Block Page)","阿里云-备案-阻断页-PC",, 252728887,"DD WRT (DD-WRT milli_httpd)",,, -1922044295,"Mitel Networks (MiCollab End User Portal)","Redirecting…",, 1221759509,"Dlink Webcam",,"WWW-Authenticate: Digest realm=""DCS", 1037387972,"Dlink Router","D-LINK SYSTEMS, INC. | WIRELESS ROUTER | HOME",, -655683626,"PRTG Network Monitor","Welcome | PRTG Network Monitor","Server: PRTG","PRTG Network Monitor is an agentless network monitoring software from Paessler AG" 1611729805,"Elastic (Database)",,"Elastic Indices:", 1144925962,"Dlink Webcam",,"WWW-Authenticate: Digest realm=""DCS", -1666561833,"Wildfly","Welcome to WildFly 10","Server: WildFly/", 804949239,"Cisco Meraki Dashboard",,, -459291760,"Workday","Workday","Server: Workday User Interface Service","financial management and human capital management software vendor" 1734609466,"JustHost","Justhost.com",, -1507567067,"Baidu (IP error page)",,, 2006716043,"Intelbras SA",,"Server: axhttpd/1.5.3", -1298108480,"Yii PHP Framework (Default Favicon)",,,"https://www.yiiframework.com/doc/guide/2.0/en/intro-yii" 1782271534,"truVision NVR (interlogix)","Index page","Server: DNVRS-Webs", 603314,"Redmine",,"Phusion Passenger","web-based project management and issue tracking tool" -476231906,"phpMyAdmin","phpMyAdmin ","Set-Cookie: phpMyAdmin=", -646322113,"Cisco (eg:Conference Room Login Page)","Cisco Codec:",, -629047854,"Jetty 404","Error 404 - Not Found",, -1351901211,"Luma Surveillance","index","Server: DNVRS-Webs", -519765377,"Parallels Plesk Panel",,, -2144363468,"HP Printer / Server",,"Server: HP HTTP Server", -127886975,"Metasploit","Metasploit - Setup and Configuration","eg. O=Rapid7, CN=SelfSignedCA", 1139788073,"Metasploit","Metasploit - Setup and Configuration","eg. O=Rapid7, CN=SelfSignedCA", -1235192469,"Metasploit","Metasploit is initializing…","eg. O=Rapid7, CN=SelfSignedCA", 1876585825,"ALIBI NVR",,"Server: DNVRS-Webs","www.alibisecurity[ .com" -1810847295,"Sangfor",,"O=SANGFOR", -291579889,"Websockets test page (eg: port 5900)","WS server test page","server: libwebsockets", 1629518721,"macOS Server (Apple)","macOS Server",, -986816620,"OpenRG","Consola de administración de OpenRG",, -299287097,"Cisco Router","Router","O=Cisco Systems, Inc.", -1926484046,"Sangfor",,"CN=SANGFOR", -873627015,"HeroSpeed Digital Technology Co. (NVR/IPC/XVR)","NVR",,"example plugin: 283955c61f95df280793b6315da714677d0e616e Nvr_WebOcx.exe" 2071993228,"Nomadix Access Gateway",,"Server: WindWeb/1.0", 516963061,"Gitlab","Sign in · GitLab","Set-Cookie: _gitlab_session", -38580010,"Magento",,"X-Magento-Cache-Debug","Magento is an open-source e-commerce platform written in PHP. " 1490343308,"MK-AUTH",,"MKAUTH: FILES","http://mk-auth.com.br/" -632583950,"Shoutcast Server",,, 95271369,"FireEye","FireEye - Please Log in",, 1476335317,"FireEye","FireEye - Please Log in",, -842192932,"FireEye","FireEye Security Orchestrator",, 105083909,"FireEye",,, 240606739,"FireEye","FireEye Secure File Share Login",, 2121539357,"FireEye",,, -333791179,"Adobe Campaign Classic",,,"https://helpx.adobe.com/support/campaign/classic.html" -1437701105,"XAMPP",,, -676077969,"Niagara Web Server","Login",, -2138771289,"Technicolor","Login","O=Technicolor","hxxps://www.technicolor .com/" 711742418,"Hitron Technologies Inc.","CGN-RES","Server: GoAhead-Webs", 728788645,"IBM Notes",,, 1436966696,"Barracuda",,"Server: BarracudaHTTP", 86919334,"ServiceNow","ServiceNow","O=ServiceNow, Inc., | Server: ServiceNow", 1211608009,"Openfire Admin Console","Openfire Admin Console",, 2059618623,"HP iLO",,, 1975413433,"Sunny WebBox","Sunny WebBox","Server: Sunny WebBox", 943925975,"ZyXEL",,, 281559989,"Huawei",,"Server: mini_httpd", -2145085239,"Tenda Web Master","Tenda Web Master",, -1399433489,"Prometheus Time Series Collection and Processing Server",,,"https://prometheus.io/" 1786752597,"wdCP cloud host management system","wdCP云主机管理系统",, 90680708,"Domoticz (Home Automation)","Domoticz",," https://github.com/domoticz/domoticz" -1441956789,"Tableau",,, -675839242,"openWRT Luci",,,"https://github.com/openwrt/luci" 1020814938,"Ubiquiti – AirOS",,"Set-Cookie: AIROS_SESSIONID=", -766957661,"MDaemon Webmail","MDaemon Webmail",, 119741608,"Teltonika",,,"https://teltonika-iot-group.com/" 1973665246,"Entrolink",,"Server: AnyLink", 74935566,"WindRiver-WebServer",,"Server: WindRiver-WebServer", -1723752240,"Microhard Systems",,"O=Microhard Systems Inc.,", -1807411396,"Skype",,, -1612496354,"Teltonika",,, 1877797890,"Eltex (Router)",,, -375623619,"bintec elmeg","Configuration",, 1483097076,"SyncThru Web Service (Printers)",,, 1169183049,"BoaServer",,"Server: Boa", 1051648103,"Securepoint","Securepoint UTM v11 - Admin Interface",,"https://www.securepoint.de" -438482901,"Moodle",,,"https://moodle.org" -1492966240,"RADIX","RADIX – Alrit",, 1466912879,"CradlePoint Technology (Router)","Login :: MBR95","O=CradlePoint Technology", -167656799,"Drupal",,, -1593651747,"Blackboard","Blackboard Learn","O=Blackboard Inc,", -895963602,"Jupyter Notebook",,, -972810761,"HostMonster - Web hosting","HostMonster - Web hosting",, 1703788174,"D-Link (router/network)",,, 225632504,"Rocket Chat",,, -1702393021,"mofinetwork","MOFI4500 – LuCI",, 892542951,"Zabbix","Zabbix server: Zabbix",, 547474373,"TOTOLINK (network)",,, -374235895,"Ossia (Provision SR) | Webcam/IP Camera",,, 1544230796,"cPanel Login",,, 517158172,"D-Link (router/network)",,, 462223993,"Jeedom (home automation)",,,"https://github.com/jeedom" 937999361,"JBoss Application Server 7",,, 1991562061,"Niagara Web Server / Tridium","Login",, 812385209,"Solarwinds Serv-U FTP Server",,"Server: Serv-U","https://www.solarwinds.com/serv-u-managed-file-transfer-server" 1142227528,"Aruba (Virtual Controller)",,,"https://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Content/ArubaFrameStyles/Defaults/Default_Open_Ports.htm" -1153950306,"Dell",,, 72005642,"RemObjects SDK / Remoting SDK for .NET HTTP Server Microsoft",,,"remobjects.com" -484708885,"Zyxel ZyWALL",,, 706602230,"VisualSVN Server","VisualSVN Server","WWW-Authenticate: Basic realm=""VisualSVN Server""", -656811182,"Jboss","Welcome to Jboss",, -332324409,"STARFACE VoIP Software","STARFACE VoIP Software",,"https://www.starface.com/" -594256627,"Netis (network devices)",,"Server: Virtual Web 0.9","http://www.netis-systems.com" -649378830,"WHM","WHM",, 97604680,"Tandberg",,"Set-Cookie: tandberg_login", -1015932800,"Ghost (CMS)",,,"https://ghost.org/" -194439630,"Avtech IP Surveillance (Camera)","Remote Surveillance, Any time & Any where","Avtech/1.0", 129457226,"Liferay Portal",,"Liferay-Portal: Liferay", -771764544,"Parallels Plesk Panel",,, -617743584,"Odoo","Homepage | My Website",,"https://www.odoo.com/" 77044418,"Polycom","'+sysName+' - Polycom '+GetCurrentPageName ()+'",, 980692677,"Cake PHP",,, 476213314,"Exacq","Index",,"https://exacq.com/index.php" 794809961,"CheckPoint","Check Point SSL Network Extender","Server: Check Point SVN foundation", 1157789622,"Ubiquiti UNMS","Ubiquiti UNMS",, 1244636413,"cPanel Login",,, 1985721423,"WorldClient for Mdaemon","WorldClient",,"https://www.altn.com/Worldclient-Private-Email/" -1124868062,"Netport Software (DSL)",,"Server: NetPort Software 1.1", -335242539,"f5 Big IP","BIG-IP®","- Redirect", 2146763496,"Mailcow","mailcow UI",,"https://mailcow.email/" -1041180225,"QNAP NAS Virtualization Station","Virtualization Station",, -1319025408,"Netgear","401 Unauthorized",, 917966895,"Gogs",,,"https://gogs.io/" 512590457,"Trendnet IP camera","index",, 1678170702,"Asustor","Ready to Serve!","O=Asustor","https://www.asustor.com/en/" -1466785234,"Dahua","WEB SERVICE",,"example plugin: 00de82e5df8e744c54fe1df2ce395df752486bcd NetPlug.exe" -505448917,"Discuz!","Powered by Discuz!",, 255892555,"wdCP cloud host management system",,, 1627330242,"Joomla",,, -1935525788,"SmarterMail","SmarterMail",, -12700016,"Seafile","Log In - Private Seafile",,"https://www.seafile.com/en/home/" 1770799630,"bintec elmeg",,, -137295400,"NETGEAR ReadyNAS","NETGEAR ReadyNAS",, -195508437,"iPECS",,,"https://www.ipecs.com/" -2116540786,"bet365",,,"https://www.bet365.com/" -38705358,"Reolink","Reolink",,"https://reolink.com/software-and-manual/" -450254253,"idera","Server Backup Manager SE",, -1630354993,"Proofpoint","Proofpoint Protection Server","Set-Cookie: pps_magic", -1678298769,"Kerio Connect WebMail","Kerio Connect WebMail",, -35107086,"WorldClient for Mdaemon","WorldClient",, 2055322029,"Realtek",,, -692947551,"Ruijie Networks (Login)","锐捷网络-EWEB网管系统",, -1710631084,"Askey Cable Modem","Cable Modem","CN=Askey Cable Modem Root Certificate Authority", 89321398,"Askey Cable Modem","Residential Gateway Login",, 90066852,"JAWS Web Server (IP Camera)",,"Server: JAWS/1.0", 768231242,"JAWS Web Server (IP Camera)",,"Server: JAWS/1.0", -421986013,"Homegrown Website Hosting","Homegrown Website Hosting | Fast, Reliable Web Hosting",,"https://asmallorange.com" 156312019,"Technicolor / Thomson Speedtouch (Network / ADSL)","SpeedTouch – Home","WWW-Authenticate: Digest realm=""SpeedTouch""", -560297467,"DVR (Korean)",,, -1950415971,"Joomla",,"X-Content-Powered-By: K2 v2.9.0 (by JoomlaWorks)", 1842351293,"TP-LINK (Network Device)","300Mbps Wireless N ADSL2+ Modem Router TD-W8960N",, 1433417005,"Salesforce","Login | Salesforce",, -632070065,"Apache Haus","Apache Haus Distribution Installation Test ",,"https://www.apachehaus.com/" 1103599349,"Untangle","Untangle Administrator Login","O=Untangle","https://wiki.untangle.com/index.php/Main_Page" 224536051,"Shenzhen coship electronics co.,ltd","Login",,"seen only in Telmex Colombia S.A. org" 1038500535,"D-Link (router/network)","Login",, -355305208,"D-Link (camera)",,"WWW-Authenticate: Digest realm=""DCS", -267431135,"Kibana","Kibana","kbn-name: kibana", -759754862,"Kibana","Kibana","kbn-name: kibana", -1200737715,"Kibana","Kibana","kbn-name: kibana", 75230260,"Kibana","Kibana 4","X-App-Name: kibana", 1668183286,"Kibana","Kibana 3",, 283740897,"Intelbras SA","Intelbras","Server: Http Server", 1424295654,"Icecast Streaming Media Server","Icecast Streaming Media Server","Server: Icecast","https://icecast.org/" 1922032523,"NEC WebPro","WebPro","Server: Henry/1.1", -1654229048,"Vivotek (Camera)",,"Server: VVTK-HTTP-Server | O=Vivotek.Inc,", -1414475558,"Microsoft IIS",,"Server: Microsoft-IIS", -1697334194,"Univention Portal",,"(Univention)","https://www.univention.com" -1424036600,"Portainer (Docker Management)",,,"https://www.portainer.io/" -1096644865,"(Blank) ewomail","ewomail.com-邮箱管理后台",,"www.ewomail.com" -831826827,"NOS Router","Consola de gestão do Router Wi-Fi",,"https://www.nos.pt" -759108386,"Tongda",,,"www.tongda.com" -1022206565,"CrushFTP","CrushFTP WebInterface",,"https://www.crushftp.com/crush8wiki/Wiki.jsp?page=WebInterface" -1225484776,"Endian Firewall","401 Authorization Required",,"/manage/dashboard" -631002664,"Kerio Control Firewall",,"Server: Kerio Control Embedded Web Server","https://www.gfi.com/products-and-solutions/network-security-solutions/kerio-control" 2072198544,"Ferozo Panel","Panel de control de hosting",, -466504476,"Kerio Control Firewall",,"Server: Kerio Control Embedded Web Server","https://www.gfi.com/products-and-solutions/network-security-solutions/kerio-control" 1251810433,"Cafe24 (Korea)","카페24 쇼핑몰 :: 창업자의 꿈이 시작되는 곳","CN=*.cafe24.com","cafe24 is a global e-commerce platform, and has 8 sites around the world including the United States, China, Japan, the Philippines, and Taiwan" 1273982002,"Mautic (Open Source Marketing Automation)","Mautic",,"https://www.mautic.org/" -978656757,"NETIASPOT (Network)","Konsola zarządzania NETIASPOT",,"internet access device and television services offered by Netia | telecoms company which owns the second-largest fixed-line network in Poland" 916642917,"Multilaser","Multilaser | Login",,"Multilaser is an electronics company based in Brazil" 575613323,"Canvas LMS (Learning Management)",,"X-A11y-Ally: Dana Danger Grey", 1726027799,"IBM Server",,, -587741716,"ADB Broadband S.p.A. (Network)","Residential Gateway - ADB Italia","Server: ADB Broadband HTTP Server", -360566773,"ARRIS (Network)","ARRIS",, -884776764,"Huawei (Network)",,, 929825723,"WAMPSERVER","WAMPSERVER Homepage",,"Apache web server, OpenSSL for SSL support, MySQL database and PHP programming language" 240136437,"Seagate Technology (NAS)",,, 1911253822,"UPC Ceska Republica (Network)",,"Set-Cookie: name=Session","UPC Ceska Republica is an internet service provider which operates in Czech Republic." -393788031,"Flussonic (Video Streaming)","Flussonic Admin UI","Server: Flussonic","https://flussonic.com/en-us/" 366524387,"Joomla",,, 443944613,"WAMPSERVER","WAMPSERVER Homepage",,"Apache web server, OpenSSL for SSL support, MySQL database and PHP programming language" 1953726032,"Metabase","Metabase",,"https://www.metabase.com/docs/latest/ (open source Business Intelligence server)" -2031183903,"D-Link (Network)",,,"primarily observed in Russia" 545827989,"MobileIron","MobileIron System Manager: Sign In",, 967636089,"MobileIron","MobileIron System Manager: Sign In",, 362091310,"MobileIron","MobileIron System Manager: Sign In",, 2086228042,"MobileIron","Sign In to MobileIron Cloud",, -1588746893,"CommuniGate","CommuniGate Pro Setup","Server: CommuniGatePro","Email Server" 1427976651,"ZTE (Network)",,"Server: Mini web server 1.0 ZTE corp", 1648531157,"InfiNet Wireless | WANFleX (Network)",,"Server: WANFleX HTTP Daemon v2.0 | O=InfiNet Wireless","https://trademarks.justia.com/771/55/wanflex-77155234.html" 938616453,"Mersive Solstice",,"Server: Solstice 2.0","https://www.mersive.com/products/solstice/" 1632780968,"Université Toulouse 1 Capitole",,,"univ-tlse1.fr" 2068154487,"Digium (Switchvox)",,,"https://www.digium.com/products/business-phone-systems" -1788112745,"PowerMTA monitoring","PowerMTA monitoring",,"port25 solutions" -644617577,"SmartLAN/G","SmartLAN/G Web Interface",, -1822098181,"Checkpoint (Gaia)","Gaia","Server: CPWS","https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/73102.htm" -1131689409,"УТМ (Federal Service for Alcohol Market Regulation | Russia)","УТМ",, 2127152956,"MailWizz","MailWizz | Welcome",,"https://www.mailwizz.com/" 1064742722,"RabbitMQ","RabbitMQ Management",,"RabbitMQ is an open-source message-broker software" -693082538,"openmediavault (NAS)","openmediavault control panel",,"https://www.openmediavault.org/" 1941381095,"openWRT Luci","Openwrt – LuCI",, 903086190,"Honeywell","WEB SERVICE",, 829321644,"BOMGAR Support Portal","Remote Support Portal | Powered by BOMGAR",, -1442789563,"Nuxt JS",,, -2140379067,"RoundCube Webmail","RoundCube Webmail :: Welcome to RoundCube Webmail","Set-Cookie: roundcube_sessid", -1897829998,"D-Link (camera)",,"Server: alphapd", 1047213685,"Netgear (Network)",,, 1485257654,"SonarQube","SonarQube",,"SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality" -299324825,"Lupus Electronics XT","Welcome","O=LUPUS Electronics GmbH","https://www.lupus-electronics.de/en/lupus-xt-model-series/overview/" -1162730477,"Vanderbilt SPC","SPC4300","O=Vanderbilt International Ireland Ltd OU=Security Products CN=SPC","https://vanderbiltindustries.com/spc" -1268095485,"VZPP Plesk","VZPP Plesk - Log in to Plesk ",, 1118684072,"Baidu",,, -1616115760,"ownCloud","ownCloud",, -2054889066,"Sentora","Control Panel – Login",,"http://www.sentora.org/ | Open Source Web Panel" 1333537166,"Alfresco",,"O=Alfresco Software Ltd.","https://www.alfresco.com/" -373674173,"Digital Keystone (DK)","MDU MOCUR","Server: DOTS 2.0 UPnP/1.0 MDU MOCUR","http://www.digitalkeystone.com/" -106646451,"WISPR (Airlan)","401 Authorization Required","WWW-Authenticate: Basic realm=""WISPR"" | Server: WISPR", 1235070469,"Synology VPN Plus","VPN Plus",,"https://www.synology.com/en-us/srm/feature/vpn_plus" 2063428236,"Sentry","Login | Sentry",,"https://sentry.io/" 15831193,"WatchGuard","WatchGuard Access Portal","Set-Cookie: wg_portald_session_id | O=WatchGuard","https://www.watchguard.com/" -956471263,"Web Client Pro","Web Client Pro","WebClientPro.cab", -1452159623,"Tecvoz",,,"https://www.tecvoz.com.br/" 99432374,"MDaemon Remote Administration","MDaemon Remote Administration",,"MDaemon Technologies, Ltd. " 727253975,"Paradox IP Module","Paradox IP Module",,"https://www.paradox.com/Products/" -630493013,"DokuWiki",,"Set-Cookie: DokuWiki","https://www.dokuwiki.org/dokuwiki" 552597979,"Sails","New Sails App","X-Powered-By: Sails ", 774252049,"FastPanel Hosting","302 Found",,"https://fastpanel.direct/" -329747115,"C-Lodop","Welcome to C-Lodop",,"The Cloud Web Service System for Lodop HTML Print" 1262005940,"Jamf Pro Login","Jamf Pro Login",, 979634648,"StruxureWare (Schneider Electric)","StruxureWare",, 475379699,"Axcient Replibit Management Server","Replibit Management Server",,"https://support.efolder.net/hc/en-us/categories/115000502027-Axcient-Replibit" -878891718,"Twonky Server (Media Streaming)","Twonky Server","Twonky UPnP SDK","https://twonky.com/ | TwonkyMedia server is DLNA-compliant UPnP AV server software" -2125083197,"Windows Azure","Page not found","Server: Windows-Azure-Blob/1.0", -1151675028,"ISP Manager (Web Hosting Panel)","Authorization",,"https://www.ispsystem.com/" 1248917303,"JupyterHub","JupyterHub","X-jupyterhub-version","https://jupyterhub.readthedocs.io/en/stable/" -1908556829,"CenturyLink Modem GUI Login (eg: Technicolor)","Advanced Setup - Security - Admin User Name &"," Password","Set-Cookie: CLINK_SESSION_ID" 1059329877,"Tecvoz",,,"https://www.tecvoz.com.br/" -1148190371,"OPNsense","Login","Server: OPNsense","https://opnsense.org/" 1467395679,"Ligowave (network)",,"O=LigoWave LLC","https://www.ligowave.com/" -1528414776,"Rumpus","Web File Manager","Server: Rumpus","https://www.maxum.com/Rumpus/" -2117390767,"Spiceworks (panel)","Spiceworks","Set-Cookie: spiceworks_session=","“Network management made simple"" | https://www.spiceworks.com/about/" -1944119648,"TeamCity","Log in to TeamCity &mdash"," TeamCity","TeamCity-Node-Id:" -1748763891,"INSTAR Full-HD IP-Camera","INSTAR Full-HD IP-Camera","Server: Ipcam","https://www.instar.de/" 251106693,"GPON Home Gateway",,, -1779611449,"Alienvault",,, -1745552996,"Arbor Networks",,, -1275148624,"Accrisoft","Accrisoft",,"accrisoft.com" -178685903,"Yasni",,,"Yasni.de" -43161126,"Slack",,, 671221099,"innovaphone","innovaphone",,"https://www.innovaphone.com/" -10974981,"Shinobi (CCTV)","Shinobi",,"https://shinobi.video/" 1274078387,"TP-LINK (Network Device)",,, -336242473,"Siemens OZW772",,"Server: Siemens Switzerland Ltd.","https://www.downloads.siemens.com/download-center/Download.aspx?pos=download&fct=getasset&id1=A6V10743818" 882208493,"Lantronix (Spider)","Spider Authentication","O=Lantronix","https://www.lantronix.com/products/lantronix-spider/" -687783882,"ClaimTime (Ramsell Public Health & Safety)","ClaimTime",, -590892202,"Surfilter SSL VPN Portal","Surfilter SSL VPN Portal",, -50306417,"Kyocera (Printer)",,"Server: KM-MFP-http", 784872924,"Lucee!","Rapid web development with Lucee!",, 1135165421,"Ricoh",,, 926501571,"Handle Proxy","Handle Proxy",,"http://proxy.handle.net/" 579239725,"Metasploit","Metasploit - Setup and Configuration",, -689902428,"iomega NAS",,"""Set-Cookie: iomega=""", -600508822,"iomega NAS",,"""Set-Cookie: iomega=""", 656868270,"iomega NAS",,"""Set-Cookie: iomega=""", -2056503929,"iomega NAS",,"""Set-Cookie: iomega=""", -1656695885,"iomega NAS",,"""Set-Cookie: iomega=""", 331870709,"iomega NAS",,"""Set-Cookie: iomega=""", 1241049726,"iomega NAS",,"""Set-Cookie: iomega=""", 998138196,"iomega NAS",,"""Set-Cookie: iomega=""", 322531336,"iomega NAS",,"""Set-Cookie: iomega=""", -401934945,"iomega NAS",,"""Set-Cookie: iomega=""", -613216179,"iomega NAS",,"""Set-Cookie: iomega=""", -276759139,"Chef Automate","Chef Automate",,"https://www.chef.io/products/automate/" 1862132268,"Gargoyle Router Management Utility","Gargoyle Router Management Utility","X-Clacks-Overhead: GNU Terry Pratchett", -1738727418,"KeepItSafe Management Console","KeepItSafe Management Console",, -368490461,"Entronix Energy Management Platform","Login | Entronix Energy Management Platform",,"https://entronix.io/index.php/general/" 1836828108,"OpenProject","OpenProject",,"OpenProject is a web-based project management system for location-independent team collaboration. | https://www.openproject.org" -1775553655,"Unified Management Console (Polycom)","Unified Management Console","X-Powered-By: RealPresence Resource Platform", 381100274,"Moxapass ioLogik Remote Ethernet I/O Server ","Remote Ethernet I/O Server","Set-Cookie: MoxaPass | ioLogik Web Server/1.0","moxa.com" 2124459909,"HFS (HTTP File Server)","HFS /","Server: HFS 2.3m | Set-Cookie: HFS_SID","https://www.rejetto.com/hfs/" 731374291,"HFS (HTTP File Server)","HFS /","Server: HFS 2.3m | Set-Cookie: HFS_SID","https://www.rejetto.com/hfs/" -335153896,"Traccar GPS tracking","Traccar",,"https://www.traccar.org/" 896412703,"IW",,"Set-Cookie: IW_", 191654058,"Wordpress Under Construction Icon",,, -342262483,"Combivox","Combivox",, 5542029,"NetComWireless (Network)","Login",, 1552860581,"Elastic (Database)",,"Elastic Indices:", 1174841451,"Drupal",,, -1093172228,"truVision (NVR)",,"Server: DNVRS-Webs", -1688698891,"SpamExperts","SpamExperts",, -1546574541,"Sonatype Nexus Repository Manager","Nexus Repository Manager","Server: Nexus/3.17.0-01 (OSS)", -256828986,"iDirect Canada (Network Management)","SatManage::Login",, 1966198264,"OpenERP (now known as Odoo)","OpenERP",,"Odoo is an all-in-one business software including CRM, website/e-commerce, billing, accounting, manufacturing, warehouse - and project management, and inventory" 2099342476,"PKP (OpenJournalSystems) Public Knowledge Project",,,"https://pkp.sfu.ca/ojs/" 541087742,"LiquidFiles",,,"https://www.liquidfiles.com/" -882760066,"ZyXEL (Network)","ZyXEL KEENETIC",,"https://keenetic.com/en/products" 16202868,"Universal Devices (UD)",,"EXT: UCoS, UPnP/1.0, UDI/1.0 | O=""Universal Devices, Inc.""","https://www.universal-devices.com/" 987967490,"Huawei (Network)",,"O=Huawei", -647318973,"gm77[.]com",,, -1583478052,"Okazik[.]pl",,, 1969970750,"Gitea",,"Set-Cookie: i_like_gitea","https://gitea.io/en-us/" -1734573358,"TC-Group","TC-Group – LuCI",, -1589842876,"Deluge Web UI","Deluge: Web UI 1.3.15",,"https://deluge.readthedocs.io/en/latest/index.html" 1822002133,"登录 – AMH","登录 – AMH",, -2006308185,"OTRS (Open Ticket Request System)","Login – OTRS","X-Powered-By: OTRS","OTRS is a service management suite that comprises ticketing, workflow automation and notification" -1702769256,"Bosch Security Systems (Camera)",,"Server: VCS-VideoJet-Webserver | CN=local.myboschcam.net","e.g. flexidome" 321591353,"Node-RED","Node-RED",,"Node-RED is a flow-based development tool for visual programming developed originally by IBM" -923693877,"motionEye (camera)",,"Server: motionEye","https://github.com/ccrisan/motioneye/wiki" -1547576879,"Saia Burgess Controls – PCD","Saia PCD Web-Server",, 1479202414,"Arcadyan o2 box (Network)","o2.box","Server: Arcadyan httpd | O=Arcadyan", 1081719753,"D-Link (Network)","Residential Gateway – D-Link",, -166151761,"Abilis (Network/Automation)",,"CN=Abilis-CPX-SSL-Server","http://www.abilis.net/ | primarily observed in ASN: Ambrogio s.r.l. (AS197954)" -1231681737,"Ghost (CMS)",,,"https://ghost.org/" 321909464,"Airwatch",,"/AirWatch/default.aspx", -1153873472,"Airwatch",,"/AirWatch/default.aspx", 1095915848,"Airwatch",,"/AirWatch/default.aspx", 788771792,"Airwatch",,"/AirWatch/default.aspx", -1863663974,"Airwatch",,"/AirWatch/default.aspx", -1267819858,"KeyHelp (Keyweb AG)",,"X-Powered-By: KeyHelp","https://www.keyhelp.de/en/" 726817668,"KeyHelp (Keyweb AG)",,"X-Powered-By: KeyHelp","https://www.keyhelp.de/en/" -1474875778,"GLPI","GLPI – Autenticazione","Set-Cookie: glpi","https://glpi-project.org/ GLPI is a free IT Asset Management, issue tracking system and service desk system." 5471989,"Netcom Technology","网康科技·互联网控制网关",,"Netcom Technology" -1457536113,"CradlePoint",,"Server: CradlepointHTTPService","https://cradlepoint.com/" -736276076,"MyASP","MyASP(マイスピー) ",,"all in Japan" -1343070146,"Intelbras SA",,"Server: Xavante 2.2.0 embeded", 538585915,"Lenel",,"O=Lenel","https://www.lenel.com/solutions" -625364318,"OkoFEN Pellematic","Ö","koFEN Pellematic", 1117165781,"SimpleHelp (Remote Support)","Welcome to SimpleHelp",,"https://simple-help.com/" -1067420240,"GraphQL","GraphQL Playground",,"https://electronjs.org/apps/graphql-playground" 1821549811,"(Blank) iSpy",,"Server: iSpy","https://github.com/ispysoftware/iSpy" -1465479343,"DNN (CMS)",,,"https://www.dnnsoftware.com/" 1232159009,"Apple",,, 1382324298,"Apple",,, -1498185948,"Apple",,, 483383992,"ISPConfig","ISPConfig",, -1249852061,"Microsoft Outlook",,, 1157181149,"?","木瓜视频官方网站",, -2051649833,"?",,, 116323821,"?",,, 490244855,"?","Login Dashboard",, -1101754425,"?",,, -47597126,"?",,, -206623908,"?",,, 999357577,"? (Possibly DVR)",,, -386189083,"?",,, 1127621346,"?",,, 1632680057,"?","LiveConfig – Login",, 492290497,"? (Possible IP Camera)",,, -1457323588,"?","404 Not Found",, 1653394551,"?","WEB SERVICE",, 1182229825,"?",,, -234896770,"?",,, -1472641661,"?","Bad Request",, 1918884058,"?","Bad Request",, 130131457,"?",,, 110768013,"?",,"Server: Boa/0.94.14rc21", 1109114727,"?",,"HTTP/1.1 404 Not Found", -405780529,"?",,"Server: Virata-EmWeb/R6_0_1", -1166284431,"?","Bad Request",, -1309951014,"?",,, 499417227,"?",,, -2063807194,"?",,, 1165838194,"?",,, 1446401848,"?",,, 1732654699,"?","Bad Request","nginx/1.16.0-upupw", -1987375206,"?",,, -526552280,"?",,, -709611873,"?","Bad Request",, -1593512546,"?",,, -927923449,"?",,, -2067519629,"?",,, -659140727,"?","Bad Request",, 1914658187,"?",,, -1060318941,"?",,"Server: HTTPD", 483277933,"?",,, 1578525679,"?",,"Server: Resin", -1252041730,"?",,, 1223557693,"?",,, 2107438913,"?",,, 984279902,"?",,, -2144075010,"?","Espansione IP Vedo",, 1917028407,"?",,, 441475721,"?",,, 1782913455,"?",,, -785381255,"?",,, -1134712852,"?",,, -2098842484,"?",,,"seen only on globalfrag networks" -554365658,"?",,, 891145488,"?",,, 1023924156,"?",,, 1172440114,"?",,, -1699012080,"?",,, 400100893,"? (DVR)",,,"example plugin: be35bc4df60909fc42d2ee2eb9a7c5d726b32341 WebClient_VPPlugin.exe (Chipspoint Electronics Co., Ltd)" -1645439195,"?",,, 1486876794,"?",,, 1235613725,"?","豫游棋牌 ",, -926883833,"?","网站长标题",, 1217458389,"?","Bad Request",, -337520637,"?",,, -886176738,"?",,, 305967937,"?",,, 827830640,"?",,, -1319784906,"?",,"X-Powered-By: WAF/2.0","all appear in AS32097 (Wholesale Internet)" 1763964280,"?",,"Set-Cookie: _d_id", -1960812053,"?",,, 606008215,"?",,"?", 1234113799,"?","Bad Request",, 73066977,"(Blank)",,, 1370833863,"(Blank)",,, -1779876810,"(Blank)",,, -452641300,"(Blank)",,, -725636930,"(Blank)",,, 97040601,"(Blank)",,, 294536354,"(Blank)","安全入口校验失败",, 639408214,"(Blank) (paiza.cloud)",,"__proxy_error__/497.html (paiza.cloud)", -471602503,"(Blank)",,, -933661998,"(Blank)",,"Server: Kestrel", 509258457,"(Blank)",,, -838664871,"(Blank)",,, -1662783523,"(Blank)",,, 1274734426,"(Blank)",,, -488620570,"(Blank)",,, -1993690156,"(Blank)",,, -1361277238,"(Blank)",,, -1132923558,"(Blank)",,, 2122595294,"(Blank)",,, 1747323616,"(Blank)",,, -1856090503,"(Blank)",,, -2088429648,"(Blank)",,, 1870317857,"(Blank)",,"Server: IPWEBS/1.4.0", -1206367560,"(Blank)",,, -1783340557,"(Blank)",,, 149479534,"(Blank)",,, 1417317318,"(Blank)",,, 1694507817,"(Blank)",,, 1391058259,"(Blank)",,, -1270699277,"(Blank)",,, 529136617,"(Blank)",,, -212761746,"(Blank)",,, 1771297009,"(Blank)",,, ================================================ FILE: shodan_facets.json ================================================ "asn", "bitcoin.ip", "bitcoin.ip_count", "bitcoin.port", "bitcoin.user_agent", "bitcoin.version", "city", "country", "cpe", "device", "domain", "has_screenshot", "hash", "http.component", "http.component_category", "http.favicon.hash", "http.hash", "http.html_hash", "http.robots_hash", "http.securitytxt", "http.status", "http.title", "http.waf", "ip", "isp", "link", "mongodb.database.name", "ntp.ip", "ntp.ip_count", "ntp.more", "ntp.port", "org", "os", "port", "postal", "product", "redis.key", "region", "rsync.module", "screenshot.label", "snmp.contact", "snmp.location", "snmp.name", "ssh.cipher", "ssh.fingerprint", "ssh.hassh", "ssh.mac", "ssh.type", "ssl.alpn", "ssl.cert.alg", "ssl.cert.expired", "ssl.cert.extension", "ssl.cert.fingerprint", "ssl.cert.issuer.cn", "ssl.cert.pubkey.bits", "ssl.cert.pubkey.type", "ssl.cert.serial", "ssl.cert.subject.cn", "ssl.chain_count", "ssl.cipher.bits", "ssl.cipher.name", "ssl.cipher.version", "ssl.version", "state", "tag", "telnet.do", "telnet.dont", "telnet.option", "telnet.will", "telnet.wont", "timestamp_day", "timestamp_week", "uptime", "version", "vuln", "vuln.verified" ================================================ FILE: shodan_filters.json ================================================ "all", "asn", "bitcoin.ip", "bitcoin.ip_count", "bitcoin.port", "bitcoin.version", "city", "country", "cpe", "device", "geo", "has_ipv6", "has_screenshot", "has_ssl", "has_vuln", "hash", "hostname", "http.component", "http.component_category", "http.favicon.hash", "http.html", "http.html_hash", "http.robots_hash", "http.securitytxt", "http.status", "http.title", "http.waf", "ip", "isp", "link", "net", "ntp.ip", "ntp.ip_count", "ntp.more", "ntp.port", "org", "os", "port", "postal", "product", "region", "scan", "screenshot.label", "shodan.module", "snmp.contact", "snmp.location", "snmp.name", "ssh.hassh", "ssh.type", "ssl", "ssl.alpn", "ssl.cert.alg", "ssl.cert.expired", "ssl.cert.extension", "ssl.cert.fingerprint", "ssl.cert.issuer.cn", "ssl.cert.pubkey.bits", "ssl.cert.pubkey.type", "ssl.cert.serial", "ssl.cert.subject.cn", "ssl.chain_count", "ssl.cipher.bits", "ssl.cipher.name", "ssl.cipher.version", "ssl.version", "state", "tag", "telnet.do", "telnet.dont", "telnet.option", "telnet.will", "telnet.wont", "version", "vuln" ================================================ FILE: shodan_proto.json ================================================ "amqp": "Grab information from an AMQP service", "andromouse": "Checks whether the device is running the remote mouse AndroMouse service.", "apple-airport-admin": "Check whether the device is an Apple AirPort administrative interface.", "ard": "Query the Apple Remote Desktop service for information about the device", "automated-tank-gauge": "Get the tank inventory for a gasoline station.", "bacnet": "Gets various information from a BACnet device.", "beanstalk": "Get general information about the Beanstalk daemon", "bgp": "Checks whether the device is running BGP.", "bitcoin": "Grabs information about a Bitcoin daemon, including any devices connected to it.", "bittorrent-tracker": "Check whether there is a BitTorrent tracker running.", "blackshades": "Determine whether a server is running a Blackshades C&C", "cassandra": "Get cluster information for the Cassandra database software.", "checkpoint-hostname": "Get hostnames for the CheckPoint firewall and management station.", "cisco-smi": "Check whether the device supports the Cisco Smart Install feature.", "citrix-apps": "This module attempts to query Citrix Metaframe ICA server to obtain a published list of applications.", "clamav": "Determine whether a server is running ClamAV", "coap": "Check whether the server supports the CoAP protocol", "codesys": "Grab a banner for Codesys daemons", "consul": "Determine wether consul is running & collect relevant info", "couchdb": "HTTP banner grabbing module", "crestron": "Checks for other servers with the same serial number on the local network. AAAAAA is a dummy value.", "dahua-dvr": "Grab the serial number from a Dahua DVR device.", "darktrack-rat": "Checks whether the device is a C2 for DarkTrack RAT.", "dhcp": "Send a DHCP INFORM request to learn about the lease information from the DHCP server.", "dht": "Gets a list of peers from a DHT node.", "dicom": "Checks whether the DICOM service is running.", "dictionary": "Connects to a dictionary server using the DICT protocol.", "dnp3": "A dump of data from a DNP3 outstation", "dns-tcp": "Try to determine the version of a DNS server by grabbing version.bind", "dns-udp": "Try to determine the version of a DNS server by grabbing version.bind", "echo-udp": "Checks whether the device is running echo.", "epmd": "Get a list of Erlang services and the ports they are listening on", "etcd": "Etcd cluster information", "ethereum-rpc": "Grabs version information about the Ethereum node.", "ethernetip": "Grab information from a device supporting EtherNet/IP over TCP", "ethernetip-udp": "Grab information from a device supporting EtherNet/IP over UDP", "flux-led": "Grab the current state from a Flux LED light bulb.", "fox": "Grabs a banner for proprietary FOX protocol by Tridium", "ftp": "Grab the FTP banner", "gardasoft-vision": "Grabs the version for the Gardasoft controller.", "gearman": "Gather usage information from a Gearman queue", "general-electric-srtp": "Check whether the GE SRTP service is active on the device.", "ghost-rat": "Checks whether the device is a C2 for Gh0st RAT.", "git": "Check whether git is running.", "gtp-v1": "Checks whether the device is running a GPRS Tunnel.", "hart-ip-udp": "Checks whether the IP is a HART-IP gateway.", "hbase": "Grab the status page for HBase database software.", "hbase-old": "Grab the status page for old, deprecated HBase database software.", "hddtemp": "View hard disk information from hddtemp service.", "hifly": "Checks whether the HiFly lighting control is running.", "http": "HTTP banner grabbing module", "http-simple-new": "HTTP banner grabber only (no robots, sitemap etc.)", "http-supermicro": "HTTP banner grabbing module for Supermicro servers", "https": "HTTPS banner grabbing module", "https-simple-new": "HTTPS banner grabber only (no robots, sitemap etc.)", "ibm-db2-das": "Grab basic information about the IBM DB2 Database Server.", "ibm-db2-drda": "Checks for support of the IBM DB2 DRDA protocol.", "ibm-nje": "Check whether the z/OS Network Job Entry service is running.", "identd": "Check whether the service is running identd", "idevice": "Connects to an iDevice and grabs the property list.", "iec-104": "Banner grabber for the IEC-104 protocol.", "iec-61850": "MMS protocol", "ike": "Checks wheter a device is running a VPN using IKE.", "ike-nat-t": "Checks wheter a device is running a VPN using IKE and NAT traversal.", "ikettle": "Check whether the device is a coffee machine/ kettle.", "imap": "Get the welcome message of the IMAP server", "imap-ssl": "Get the welcome message of the secure IMAP server", "iota-rpc": "Grabs version information about the IOTA node.", "ipmi": "Checks whether a device is running IPMI remote management software.", "iscsi": "Determine whether a server is an iSCSI target", "java-rmi": "Check whether the device is running Java RMI.", "kafka": "Get information about a Kafka cluster.", "kamstrup": "Kamstrup Smart Meters", "kerberos": "Checks whether a device is running the Kerberos authentication daemon.", "kilerrat": "Determine whether a server is running a KilerRAT C&C", "knx": "Grabs the description from a KNX service.", "lantronix-udp": "Attempts to grab the setup object from a Lantronix device.", "ldap-tcp": "LDAP banner grabbing module", "ldap-udp": "CLDAP banner grabbing module", "ldaps": "LDAPS banner grabbing module", "libreoffice-impress": "Check whether the LibreOffice Impress Remote Server is enabled", "lifx": "Check whether there is a BitTorrnt tracker running.", "line-printer-daemon": "Get a list of jobs in the print queue to verify the device is a printer.", "matrikon-opc": "Checks whether the device is running Matrikon OPC.", "mdns": "Perform a DNS-based service discovery over multicast DNS", "melsec-q-tcp": "Get the CPU information from a Mitsubishi Electric Q Series PLC.", "melsec-q-udp": "Get the CPU information from a Mitsubishi Electric Q Series PLC.", "memcache": "Get general information about the Memcache daemon", "memcache-udp": "Get general information about the Memcache daemon responding on UDP", "mikrotik-routeros": "Check whether the device operates the Oracle Weblogic T3 protocol", "minecraft": "Gets the server status information from a Minecraft server", "modbus": "Grab the Modbus device information via functions 17 and 43.", "monero-rpc": "Collect information about the Monero daemon.", "mongodb": "Collects system information from the MongoDB daemon.", "moxa-nport": "Attempts to grab information from Moxna Nport devices.", "mqtt": "Grab a list of recent messages from an MQTT broker.", "ms-sql": "Check whether the MS-SQL database server is running", "ms-sql-monitor": "Pings an MS-SQL Monitor server", "mumble-server": "Grabs the version information for the Murmur service (Mumble server)", "munin": "Check whether a Munin node is active and list its plugins", "mysql": "Grabs the version of the running MySQL server", "nanocore-122-rat": "Checks whether the device is a C2 for NanoCore Version 1.2.2.0 Cracked", "nanocore-rat": "Checks whether the device is a C2 for NanoCore RAT.", "natpmp": "Checks whether NAT-PMP is exposed on the device.", "netbios": "Grab NetBIOS information including the MAC address.", "netmobility": "Checks whether the device is a NetMobility.", "newline-tcp": "Connect to a server with TCP and send a newline.", "newline-udp": "Connect to a server with UDP and send a newline.", "njrat": "Determine whether a server is running a njRAT C&C", "nntp": "Get the welcome message of a Network News server", "nodata-dtls": "Check whether the service supports DTLS and store whatever is returned", "nodata-tcp": "Connect to a server without sending any data and store whatever it returns.", "nodata-tcp-small": "Connect to a server without sending any data and store whatever it returns.", "nodata-tcp-ssl": "Connect to a server using SSL and without sending any data.", "ntp": "Get a list of IPs that NTP server recently saw and try to get version info.", "nuclear-rat": "Checks whether the device is a C2 for Nuclear RAT.", "omron-tcp": "Gets information about the Omron PLC.", "onvif": "Check whether the Onvif camera is operating.", "opc-ua": "Grab a list of nodes from an OPC UA service", "open-tcp": "Checks whether a port is open and nothing else.", "openvpn": "Checks whether the other server runs an OpenVPN that doesnt require TLS auth", "oracle-tns": "Check whether the Oracle TNS Listener is running.", "orcus-rat": "Checks whether the device is a C2 for Gh0st RAT.", "pcanywhere-status": "Asks the PC Anywhere status daemon for basic information.", "pcworx": "Gets information about PC Worx device.", "plc5": "Checks whether the device is running Poison Ivy.", "poison-ivy-rat": "Checks whether the device is running Poison Ivy.", "pop3": "Grab the POP3 welcome message", "pop3-ssl": "Grab the secure POP3 welcome message", "portmap-tcp": "Get a list of processes that are running and their ports.", "portmap-udp": "Get a list of processes that are running and their ports.", "postgresql": "Collects system information from the PostgreSQL daemon", "pptp": "Connect via PPTP", "printer-job-language": "Get the current output from the status display on a printer", "proconos": "Gets information about the PLC via the ProConOs protocol.", "qrat": "Determine whether a server is running a QRAT C&C", "quic": "Checks whether a service supports the QUIC HTTP protocol", "rdate": "Get the time from a remote rdate server", "rdp": "RDP banner grabbing module", "realport": "Get the banner for the Digi Realport device", "redis": "Redis banner grabbing module", "redlion-crimson3": "A fingerprint for the Red Lion HMI devices running CrimsonV3", "remcos-pro-rat": "Checks whether the device is a C2 for RemCos Pro 2.05", "riak": "Sends a ServerInfo request to Riak", "rip": "Checks whether the device is running the Routing Information Protocol.", "ripple-rtxp": "Grabs the list of peers from an RTXP Ripple daemon.", "rsync": "Get a list of shares from the rsync daemon.", "rtsp-tcp": "Determine which options the RTSP server allows.", "s7": "Communicate using the S7 protocol and grab the device identifications.", "sap-router": "Check whether the SAP Router is active", "scpi": "Check for the SCPI protocol used by lab equipment", "secure-fox": "Grabs a banner for proprietary FOX protocol by Tridium", "serialnumbered": "Checks for other servers with the same serial number on the local network. AAAAAA is a dummy value.", "sip": "Gets the options that the SIP device supports.", "smarter-coffee": "Checks the device status of smart coffee machines.", "smb": "Grab a list of shares exposed through the Server Message Block service", "smtp": "Get basic SMTP server response", "smtps": "Grab a banner and certificate for SMTPS servers", "snmp": "Gets the sysDescr.0 MIB of the SNMP service.", "ssh": "Get the SSH banner, its host key and fingerprint", "statsd-admin": "Gathers statistics from the StatsD service.", "steam-a2s": "Get a list of IPs that NTP server recently saw and try to get version info.", "steam-dedicated-server-rcon": "Checks whether an IP is running as a Steam dedicated game server with remote authentication enabled.", "tacacs": "Check whether the device supports TACACS+ AAA.", "tc-b": "Cursory check whether a device is running the TC-B protocol", "teamviewer": "Determine whether a server is running TeamViewer", "telnet": "Telnet banner grabbing module", "telnets": "Telnet wrapped in SSL banner grabbing module", "tibia": "Grab general information from Open Tibia servers", "tor-control": "Checks whether a device is running the Tor control service.", "tor-versions": "Checks whether the device is running the Tor OR protocol.", "toshiba-pos": "Grabs device information for the IBM/ Toshiba 4690.", "tuya": "Check whether a device supports the Tuya API", "ubiquiti-discover": "Grabs information about the Ubiquiti-powered device", "udpxy": "Udpxy banner grabbing module", "unitronics-pcom": "Collects device information for Unitronics PLCs via PCOM protocol.", "upnp": "Collects device information via UPnP.", "vault": "Determine wether vault is running & collect relevant info", "ventrilo": "Gets the detailed status information from a Ventrilo server.", "vertx-edge": "Checks whether the device is running the VertX/ Edge door controller.", "voldemort": "Pings the Voldemort database.", "wdbrpc": "Checks whehter the WDB agent (used for debugging) is enabled on a VxWorks device.", "weblogic-t3": "Check whether the device operates the Oracle Weblogic T3 protocol", "wemo-http": "Connect to a Wemo Link and grab the setup.xml file", "whois": "Check whether the port is running WHOIS", "x11": "Connect to X11 w/ no auth and grab the resulting banner.", "xmpp": "Sends a hello request to the XMPP daemon", "yahoo-smarttv": "Checks whether the device is running the Yahoo Smart TV device communication service.", "zookeeper": "Grab statistical information from a Zookeeper node"