From 7e98af5f255bdd2eaa19272a34b4fb27bf7086da Mon Sep 17 00:00:00 2001
From: Tom Sellers <Tom_Sellers@rapid7.com>
Date: Thu, 23 Jul 2020 06:43:12 -0500
Subject: [PATCH] Sonar / CPE updates (#279)

* Sonar / CPE updates

* Filezilla is Windows only

* Add CPEs to SSH

* More HTTP CPEs

* DNS updates

* SMTP..

* more smtp

* pop

* IMAP
---
 cpe-remap.yaml                  | 17 ++++++-
 identifiers/hw_family.txt       |  2 +-
 identifiers/hw_product.txt      |  2 +-
 identifiers/service_product.txt |  2 +-
 xml/dns_versionbind.xml         | 12 +++--
 xml/ftp_banners.xml             | 55 +++++++++++++++++++--
 xml/http_servers.xml            | 56 +++++++++++++++++++--
 xml/imap_banners.xml            |  4 ++
 xml/pop_banners.xml             |  2 +
 xml/smtp_banners.xml            | 86 ++++++++++++++++++++++++++++++++-
 xml/ssh_banners.xml             |  8 ++-
 11 files changed, 226 insertions(+), 20 deletions(-)

diff --git a/cpe-remap.yaml b/cpe-remap.yaml
index 2b129c56..3cf63fa7 100644
--- a/cpe-remap.yaml
+++ b/cpe-remap.yaml
@@ -16,6 +16,10 @@ mappings:
       weblogic: weblogic_server
   blue_coat:
     vendor: bluecoat
+  carnegie_mellon_university:
+    vendor: cmu
+    products:
+      cyrus_imap: cyrus_imap_server
   centos:
     vendor: centos
     products:
@@ -32,6 +36,9 @@ mappings:
     vendor: debian
     products:
       linux: debian_linux
+  embedthis:
+    products:
+       goahead_webserver: goahead
   f5:
     vendor: f5
     products:
@@ -41,12 +48,12 @@ mappings:
     vendor: hp
     products:
       ilo: integrated_lights_out
-      lotus_domino: lotus_domino_server
       tru64_unix: tru64
   ibm:
     vendor: ibm
     products:
       lotus_domino: lotus_domino_server
+      ibm_domino: lotus_domino
       os/400: os_400
   jamf:
     products:
@@ -57,6 +64,10 @@ mappings:
       junos_os: junos
   kibana:
     vendor: elasticsearch
+  cz.nic:
+    vendor: knot-dns
+  litespeed_technologies:
+    vendor: litespeedtech
   linux:
     vendor: linux
     products:
@@ -94,6 +105,10 @@ mappings:
     vendor: modwsgi
   mort_bay:
     vendor: mortbay
+  nlnet_labs:
+    vendor: nlnetlabs
+    products:
+      dnsd: name_server_daemon
   net-snmp:
     vendor: net-snmp
     products:
diff --git a/identifiers/hw_family.txt b/identifiers/hw_family.txt
index 93a9519f..47650622 100644
--- a/identifiers/hw_family.txt
+++ b/identifiers/hw_family.txt
@@ -93,4 +93,4 @@ iPad
 iPad Air
 iPad Pro
 iPad mini
-iPhone
\ No newline at end of file
+iPhone
diff --git a/identifiers/hw_product.txt b/identifiers/hw_product.txt
index 33beb2dc..65a928a8 100644
--- a/identifiers/hw_product.txt
+++ b/identifiers/hw_product.txt
@@ -325,4 +325,4 @@ iPhone X
 iPhone XR
 iPhone XS
 iPhone XS Max
-vManage
\ No newline at end of file
+vManage
diff --git a/identifiers/service_product.txt b/identifiers/service_product.txt
index e1658367..280ff704 100644
--- a/identifiers/service_product.txt
+++ b/identifiers/service_product.txt
@@ -421,6 +421,7 @@ Symantec Endpoint Protection Manager
 Symantec Mail Security for SMTP
 Symantec Messaging Gateway
 TBS FTP Server
+TCP/IP
 TCPIP POP server
 TUX Web Server
 TeamCity
@@ -554,4 +555,3 @@ vsFTPd
 vsFTPd Extended
 z/OS FTP Server
 zFTPServer
-TCP/IP
diff --git a/xml/dns_versionbind.xml b/xml/dns_versionbind.xml
index 5d90db4c..2a2a7a31 100644
--- a/xml/dns_versionbind.xml
+++ b/xml/dns_versionbind.xml
@@ -516,6 +516,7 @@
     <param pos="0" name="service.family" value="NSD"/>
     <param pos="0" name="service.product" value="dnsd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:name_server_daemon:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^unbound ([\d.]+)$">
@@ -525,6 +526,7 @@
     <param pos="0" name="service.family" value="Unbound"/>
     <param pos="0" name="service.product" value="unbound"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:unbound:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^(?i:unbound)$">
@@ -533,6 +535,7 @@
     <param pos="0" name="service.vendor" value="NLnet Labs"/>
     <param pos="0" name="service.family" value="Unbound"/>
     <param pos="0" name="service.product" value="unbound"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:unbound:-"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:BIND )?(9.[^-]+(?:-[SP]\d)?)(?:-[\d\.]+)?\+deb10u\d+-Raspbian$">
@@ -583,8 +586,9 @@
     <example service.version="2.5.0-dev">Knot DNS 2.5.0-dev</example>
     <param pos="0" name="service.vendor" value="cz.nic"/>
     <param pos="0" name="service.family" value="Knot"/>
-    <param pos="0" name="service.product" value="DNS"/>
+    <param pos="0" name="service.product" value="Knot DNS"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:knot-dns:knot_dns:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^UltraDNS Resolver$">
@@ -754,7 +758,8 @@
     <example>DNSServer</example>
     <param pos="0" name="service.vendor" value="Synology"/>
     <param pos="0" name="service.family" value="DSM"/>
-    <param pos="0" name="service.product" value="DNS"/>
+    <param pos="0" name="service.product" value="DNS Server"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:synology:dns_server:-"/>
     <param pos="0" name="os.device" value="NAS"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="DSM"/>
@@ -855,9 +860,10 @@
   <fingerprint pattern="^gdnsd$">
     <description>gdnsd</description>
     <example>gdnsd</example>
-    <param pos="0" name="service.vendor" value="Brandon Black"/>
+    <param pos="0" name="service.vendor" value="gdnsd"/>
     <param pos="0" name="service.family" value="gdnsd"/>
     <param pos="0" name="service.product" value="gdnsd"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:gdnsd:gdnsd:-"/>
   </fingerprint>
 
   <fingerprint pattern="^Hi: [\w\.: =]+\d{4}$">
diff --git a/xml/ftp_banners.xml b/xml/ftp_banners.xml
index 6e4d51c3..4da49e31 100644
--- a/xml/ftp_banners.xml
+++ b/xml/ftp_banners.xml
@@ -360,6 +360,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
     <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-&#13;
 more stuff</example>
+    <param pos="0" name="service.fvendor" value="PureFTPd"/>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
     <param pos="1" name="service.version"/>
@@ -374,16 +375,20 @@ more stuff</example>
     <example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------&#13;
 more text</example>
     <param pos="1" name="pureftpd.config"/>
+    <param pos="0" name="service.vendor" value="PureFTPd"/>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:Welcome to )?Pure-FTPd\.?$">
     <description>Basic Pure-FTPd banner, no version</description>
     <example>Welcome to Pure-FTPd</example>
     <example>Pure-FTPd.</example>
+    <param pos="0" name="service.vendor" value="PureFTPd"/>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
   </fingerprint>
 
   <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
@@ -391,26 +396,56 @@ more text</example>
     <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
     <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-&#13;
 more text</example>
+    <param pos="0" name="service.vendor" value="PureFTPd"/>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+)(?: for WinSock)? ready\.*$">
-    <description>Serv-U (only runs on Windows)</description>
+  <!-- CPEs for Serv-U 15.x and above changed to SolarWinds -->
+
+  <fingerprint pattern="^Serv-U FTP Server v(15\.\S+) ready\.\.\.$">
+    <description>SolarWinds Serv-U with version </description>
+    <example service.version="15.1.3.25">Serv-U FTP Server v15.1.3.25 ready...</example>
+    <param pos="0" name="service.vendor" value="SolarWinds"/>
+    <param pos="0" name="service.product" value="Serv-U FTP Server"/>
+    <param pos="0" name="service.family" value="Serv-U"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) for WinSock ready\.*$">
+    <description>Serv-U Serv-U with version on Windows</description>
     <example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
     <example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
-    <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
-    <param pos="0" name="service.vendor" value="Rhino Software"/>
+    <param pos="0" name="service.vendor" value="Serv-U"/>
     <param pos="0" name="service.product" value="Serv-U"/>
     <param pos="0" name="service.family" value="Serv-U"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) ready\.*$">
+    <description>Serv-U Serv-U with version </description>
+    <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
+    <example service.version="14.0">Serv-U FTP Server v14.0 ready...</example>
+    <param pos="0" name="service.vendor" value="Serv-U"/>
+    <param pos="0" name="service.product" value="Serv-U"/>
+    <param pos="0" name="service.family" value="Serv-U"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Welcom to Serv-U FTP Server$">
+    <description>Common FTP banner modification to look like Serv-U -- assert nothing.</description>
+    <example>Welcom to Serv-U FTP Server</example>
+  </fingerprint>
+
   <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
     <description>zftpserver (only runs on Windows)</description>
     <example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
@@ -427,23 +462,28 @@ more text</example>
     <description>vsFTPd (Very Secure FTP Daemon)</description>
     <example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
     <example service.version="2.0.5">(vsFTPd 2.0.5)</example>
+    <param pos="0" name="service.vendor" value="vsFTPd Project"/>
     <param pos="0" name="service.family" value="vsFTPd"/>
     <param pos="0" name="service.product" value="vsFTPd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
     <param pos="2" name="host.name"/>
   </fingerprint>
 
   <fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
     <description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
     <example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
+    <param pos="0" name="service.vendor" value="vsFTPd Project"/>
     <param pos="0" name="service.family" value="vsFTPd"/>
     <param pos="0" name="service.product" value="vsFTPd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
     <description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
     <example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
+    <param pos="0" name="service.vendor" value="vsFTPd Project"/>
     <param pos="0" name="service.family" value="vsFTPd"/>
     <param pos="0" name="service.product" value="vsFTPd Extended"/>
     <param pos="1" name="service.version"/>
@@ -453,8 +493,10 @@ more text</example>
     <description>vsFTPd (Very Secure FTP Daemon) error message</description>
     <example>OOPS: vsftpd: root is not mounted.</example>
     <example>OOPS: cannot read user list file:/etc/vsftpd.user_list</example>
+    <param pos="0" name="service.vendor" value="vsFTPd Project"/>
     <param pos="0" name="service.family" value="vsFTPd"/>
     <param pos="0" name="service.product" value="vsFTPd"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:-"/>
   </fingerprint>
 
   <fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
@@ -463,9 +505,14 @@ more text</example>
     <example service.version="0.9.13a beta">FileZilla Server version 0.9.13a beta</example>
     <example service.version="0.9.54 beta">FileZilla Server 0.9.54 beta</example>
     <example service.version="0.9.33 beta">FileZilla Server v0.9.33 beta</example>
+    <param pos="0" name="service.vendor" value="Filezilla-Project"/>
     <param pos="0" name="service.family" value="FileZilla FTP Server"/>
     <param pos="0" name="service.product" value="FileZilla FTP Server"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
 
   <fingerprint pattern="^\s*APC FTP server ready\.$">
diff --git a/xml/http_servers.xml b/xml/http_servers.xml
index 6d9ef258..bb59311b 100644
--- a/xml/http_servers.xml
+++ b/xml/http_servers.xml
@@ -793,6 +793,7 @@
     <param pos="0" name="service.vendor" value="LiteSpeed Technologies"/>
     <param pos="0" name="service.product" value="LiteSpeed Web Server"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:litespeedtech:litespeed_web_server:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^IdeaWebServer\/v?([\d.]+)$">
@@ -828,8 +829,9 @@
     <example service.version="15.1.6.31">Serv-U/15.1.6.31</example>
     <param pos="0" name="service.vendor" value="SolarWinds"/>
     <param pos="0" name="service.family" value="Serv-U"/>
-    <param pos="0" name="service.product" value="FTP Server"/>
+    <param pos="0" name="service.product" value="Serv-U FTP Server"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^Wing FTP Server/([\d.]+)\([^)]*\)$">
@@ -1151,18 +1153,29 @@
   <fingerprint pattern="^Sun GlassFish Enterprise Server v(\S+)$">
     <description>Glassfish with version information</description>
     <example service.version="2.1">Sun GlassFish Enterprise Server v2.1</example>
-    <param pos="0" name="service.vendor" value="Sun"/>
+    <param pos="0" name="service.vendor" value="Oracle"/>
     <param pos="0" name="service.product" value="GlassFish Server"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:oracle:glassfish_server:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^GlassFish Server Open Source Edition\s+(\S+)$">
     <description>Glassfish Open Source Edition with version information</description>
     <example service.version="4.1.2">GlassFish Server Open Source Edition  4.1.2</example>
     <example service.version="3.1.2.2">GlassFish Server Open Source Edition 3.1.2.2</example>
-    <param pos="0" name="service.vendor" value="Sun"/>
+    <param pos="0" name="service.vendor" value="Oracle"/>
+    <param pos="0" name="service.product" value="GlassFish Server"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:oracle:glassfish_server:{service.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Oracle GlassFish Server ([\d.]+)$">
+    <description>Oracle GlassFish Server</description>
+    <example service.version="3.1.2.14">Oracle GlassFish Server 3.1.2.14</example>
+    <param pos="0" name="service.vendor" value="Oracle"/>
     <param pos="0" name="service.product" value="GlassFish Server"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:oracle:glassfish_server:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^GlassFish$">
@@ -1343,9 +1356,11 @@
   <fingerprint pattern="^thttpd/(\d\.[\w.]+)-MX\s*.*$">
     <description>thttpd with SSL support</description>
     <example>thttpd/2.19-MX Jan 24 2006</example>
+    <param pos="0" name="service.vendor" value="ACME"/>
     <param pos="0" name="service.product" value="thttpd"/>
     <param pos="0" name="service.family" value="thttpd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:acme:thttpd:{service.version}"/>
     <param pos="0" name="thttpd.mx-patch" value="enabled"/>
   </fingerprint>
 
@@ -1367,9 +1382,11 @@
     <example>Lighttpd</example>
     <example service.version="1.4.16">lighttpd/1.4.16</example>
     <example>lighttpd/1.3.7 (Mar 23 2007/16:00:15)</example>
+    <param pos="0" name="service.vendor" value="lighttpd"/>
     <param pos="0" name="service.product" value="lighttpd"/>
     <param pos="0" name="service.family" value="lighttpd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:lighttpd:lighttpd:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^nginx$">
@@ -1596,6 +1613,18 @@
     <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^SAP J2EE Engine$">
+    <description>SAP NetWeaver Application Server Java - without version</description>
+    <example>SAP J2EE Engine</example>
+    <param pos="0" name="service.vendor" value="SAP"/>
+    <param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
+    <param pos="0" name="service.family" value="NetWeaver"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:-"/>
+    <param pos="0" name="service.component.vendor" value="SAP"/>
+    <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^SAP NetWeaver Application Server$">
     <description>SAP NetWeaver Application Server without version</description>
     <example>SAP NetWeaver Application Server</example>
@@ -2325,9 +2354,10 @@
   <fingerprint pattern="^GoAhead-(?:Webs|http)$">
     <description>GoAhead-Webs - no version</description>
     <example>GoAhead-Webs</example>
-    <param pos="0" name="service.vendor" value="Oracle"/>
+    <param pos="0" name="service.vendor" value="EmbedThis"/>
     <param pos="0" name="service.product" value="GoAhead Webserver"/>
     <param pos="0" name="service.family" value="GoAhead Webserver"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:embedthis:goahead:-"/>
   </fingerprint>
 
   <fingerprint pattern="(?i)^GoAhead(?:-Webs|-http)?\/([\d.]+)(?: PeerSec-MatrixSSL\/[\d.]+-OPEN)?$">
@@ -2430,10 +2460,11 @@
     <description>A small HTTP server</description>
     <example>mini_httpd/1.14 23jun2000</example>
     <example>mini_httpd/1 23jun2000</example>
-    <param pos="0" name="service.vendor" value="ACME Laboratories"/>
+    <param pos="0" name="service.vendor" value="ACME"/>
     <param pos="0" name="service.product" value="mini_httpd"/>
     <param pos="0" name="service.family" value="mini_httpd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^thin ((?:\d+\.)*\d+) codename .+$">
@@ -2594,8 +2625,10 @@
     <example service.version="0.93.15">Boa/0.93.15 (with Intersil Extensions)</example>
     <example service.version="0.92p">Boa/0.92p OS-9 Version</example>
     <example service.version="0.93.15">Boa/0.93.15</example>
+    <param pos="0" name="service.vendor" value="Boa"/>
     <param pos="0" name="service.product" value="Boa"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:boa:boa:{service.version}"/>
   </fingerprint>
 
   <!-- HiSilicon is OEMd by a number of DVR manufacturers -->
@@ -2755,8 +2788,10 @@
   <fingerprint pattern="^gSOAP/([\d\.]+)$">
     <description>gSOAP</description>
     <example service.version="2.7">gSOAP/2.7</example>
+    <param pos="0" name="service.vendor" value="Genivia"/>
     <param pos="0" name="service.product" value="gSOAP"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:genivia:gsoap:{service.version}"/>
   </fingerprint>
 
   <!-- Apple QuickTime streaming server -->
@@ -3870,4 +3905,15 @@
     <param pos="0" name="hw.device" value="Broadband router"/>
   </fingerprint>
 
+  <fingerprint pattern="^IX Series IX21\d\d \(magellan-sec\) Software, Version ([^, ]+), (?:MAINTENANCE )?RELEASE SOFTWARE$">
+    <description>NEC Univerge Router - enterprise class with VPN, UTM, etc</description>
+    <example>IX Series IX2106 (magellan-sec) Software, Version 10.2.20, RELEASE SOFTWARE</example>
+    <example>IX Series IX2105 (magellan-sec) Software, Version 9.6.12A, MAINTENANCE RELEASE SOFTWARE</example>
+    <param pos="0" name="hw.vendor" value="NEC"/>
+    <param pos="0" name="hw.product" value="Univerge"/>
+    <param pos="1" name="hw.version"/>
+    <param pos="0" name="hw.device" value="Router"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:nec:univerge:{hw.version}"/>
+  </fingerprint>
+
 </fingerprints>
\ No newline at end of file
diff --git a/xml/imap_banners.xml b/xml/imap_banners.xml
index 0f465b90..41e53070 100644
--- a/xml/imap_banners.xml
+++ b/xml/imap_banners.xml
@@ -113,8 +113,10 @@
     <description>Dovecot Secure IMAP Server</description>
     <example>Dovecot ready.</example>
     <example>Dovecot DA ready.</example>
+    <param pos="0" name="service.vendor" value="Dovecot"/>
     <param pos="0" name="service.family" value="Dovecot"/>
     <param pos="0" name="service.product" value="Dovecot"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
   </fingerprint>
 
   <fingerprint pattern="^Courier-IMAP ready. Copyright \d+-\d+">
@@ -163,6 +165,7 @@
     <param pos="0" name="service.family" value="Cyrus MTA"/>
     <param pos="0" name="service.product" value="Cyrus IMAP"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:cmu:cyrus_imap_server:{service.version}"/>
     <param pos="0" name="os.vendor" value="Apple"/>
     <param pos="0" name="os.family" value="Mac OS X"/>
     <param pos="0" name="os.product" value="Mac OS X"/>
@@ -179,6 +182,7 @@
     <param pos="0" name="service.family" value="Cyrus MTA"/>
     <param pos="0" name="service.product" value="Cyrus IMAP"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:cmu:cyrus_imap_server:{service.version}"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
 
diff --git a/xml/pop_banners.xml b/xml/pop_banners.xml
index 14e89db3..d372004c 100644
--- a/xml/pop_banners.xml
+++ b/xml/pop_banners.xml
@@ -180,8 +180,10 @@
 
   <fingerprint pattern="^[dD]ovecot (?:DA )?ready\.(?: &lt;.+@(.+)&gt;)?$">
     <description>Dovecot Secure POP Server</description>
+    <param pos="0" name="service.vendor" value="Dovecot"/>
     <param pos="0" name="service.family" value="Dovecot"/>
     <param pos="0" name="service.product" value="Dovecot"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
 
diff --git a/xml/smtp_banners.xml b/xml/smtp_banners.xml
index f0e2c1da..c06f84be 100644
--- a/xml/smtp_banners.xml
+++ b/xml/smtp_banners.xml
@@ -861,6 +861,7 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
     <param pos="3" name="system.time"/>
   </fingerprint>
 
@@ -940,11 +941,13 @@
 
   <fingerprint pattern="^([^ ]+) Postfix \(Postfix-([^ ]+)-([^ ]+)\) \(([^ ]+)\) *$">
     <description>Postfix - version + build, followed by os</description>
+    <param pos="0" name="service.vendor" value="Postfix"/>
     <param pos="0" name="service.family" value="Postfix"/>
     <param pos="0" name="service.product" value="Postfix"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
     <param pos="3" name="service.version.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
     <param pos="4" name="postfix.os.info"/>
   </fingerprint>
 
@@ -952,27 +955,33 @@
     <description>Postfix - Std semantic versioning, w/ optional parens</description>
     <example service.version="3.1.4">foo.bar ESMTP Postfix (3.1.4)</example>
     <example service.version="2.7.1">foo.bar ESMTP Postfix 2.7.1</example>
+    <param pos="0" name="service.vendor" value="Postfix"/>
     <param pos="0" name="service.family" value="Postfix"/>
     <param pos="0" name="service.product" value="Postfix"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^([^ ]+) ESMTP Postfix \((?:Postfix-)?([\d.]+)-([^ ]+)\)$">
     <description>Postfix - version + build</description>
     <example service.version="2.8" service.version.version="20100306">foo.bar ESMTP Postfix (2.8-20100306)</example>
+    <param pos="0" name="service.vendor" value="Postfix"/>
     <param pos="0" name="service.family" value="Postfix"/>
     <param pos="0" name="service.product" value="Postfix"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
     <param pos="3" name="service.version.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^([^ ]+) +E?SMTP Postfix \(Ubuntu\)$">
     <description>Postfix - Ubuntu</description>
     <example>foo.bar ESMTP Postfix (Ubuntu)</example>
+    <param pos="0" name="service.vendor" value="Postfix"/>
     <param pos="0" name="service.family" value="Postfix"/>
     <param pos="0" name="service.product" value="Postfix"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
     <param pos="1" name="host.name"/>
     <param pos="0" name="os.vendor" value="Ubuntu"/>
     <param pos="0" name="os.family" value="Linux"/>
@@ -984,8 +993,10 @@
     <description>Postfix - Ubuntu, Mail-in-a-Box package</description>
     <example>foo.bar ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
     <example>foo.bar Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
+    <param pos="0" name="service.vendor" value="Postfix"/>
     <param pos="0" name="service.family" value="Postfix"/>
     <param pos="0" name="service.product" value="Postfix"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
     <param pos="1" name="host.name"/>
     <param pos="0" name="os.vendor" value="Ubuntu"/>
     <param pos="0" name="os.family" value="Linux"/>
@@ -996,8 +1007,10 @@
   <fingerprint pattern="^([^ ]+) +E?SMTP Postfix \(Debian/GNU\)$">
     <description>Postfix - Debian</description>
     <example>foo.bar ESMTP Postfix (Debian/GNU)</example>
+    <param pos="0" name="service.vendor" value="Postfix"/>
     <param pos="0" name="service.family" value="Postfix"/>
     <param pos="0" name="service.product" value="Postfix"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
     <param pos="1" name="host.name"/>
     <param pos="0" name="os.vendor" value="Debian"/>
     <param pos="0" name="os.family" value="Linux"/>
@@ -1008,8 +1021,10 @@
   <fingerprint pattern="^([^ ]+) ESMTP.* Postfix *\(.+\) *$">
     <description>Postfix - generic banner with amusing comments in parentheses</description>
     <example>foo.bar ESMTP Postfix (lol)</example>
+    <param pos="0" name="service.vendor" value="Postfix"/>
     <param pos="0" name="service.family" value="Postfix"/>
     <param pos="0" name="service.product" value="Postfix"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
 
@@ -1017,23 +1032,29 @@
     <description>Postfix - generic banner</description>
     <example>foo.bar ESMTP Postfix</example>
     <example>foo.bar SMTP Postfix</example>
+    <param pos="0" name="service.vendor" value="Postfix"/>
     <param pos="0" name="service.family" value="Postfix"/>
     <param pos="0" name="service.product" value="Postfix"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
 
   <fingerprint pattern="^ *ESMTP Postfix$">
     <description>Postfix - banner without hostname or version</description>
     <example>ESMTP Postfix</example>
+    <param pos="0" name="service.vendor" value="Postfix"/>
     <param pos="0" name="service.family" value="Postfix"/>
     <param pos="0" name="service.product" value="Postfix"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
   </fingerprint>
 
   <fingerprint pattern="^(?i)([^ ]+) POSTFIX$">
     <description>Postfix - generic w/o ESMTP</description>
     <example host.name="foo.bar">foo.bar Postfix</example>
+    <param pos="0" name="service.vendor" value="Postfix"/>
     <param pos="0" name="service.family" value="Postfix"/>
     <param pos="0" name="service.product" value="Postfix"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
 
@@ -1070,13 +1091,16 @@
   <fingerprint pattern="^Sendmail ESMTP ready$">
     <description>Sendmail - short banner w/o hostname, version, platform, or date.</description>
     <example>Sendmail ESMTP ready</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:-"/>
   </fingerprint>
 
   <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+) \(PHNE_([^ ]+)\) */ *(.+); *(.+) \(.+\)$">
     <description>Sendmail - HP-UX with a PHNE (HP Networking patch) installed</description>
     <example host.name="foo.bar" service.version="8.8.6" sendmail.config.version="8.7.1">foo.bar ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="HP"/>
@@ -1086,6 +1110,7 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="sendmail.hpux.phne.version"/>
     <param pos="4" name="sendmail.config.version"/>
     <param pos="5" name="system.time"/>
@@ -1094,6 +1119,7 @@
   <fingerprint pattern="^(\S+) ESMTP Sendmail \S+ version ([\d\.]+) - Revision \S+ HP-UX([\d\.]+).*(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w\w\w)$">
     <description>Sendmail - HP-UX</description>
     <example host.name="foo.bar" os.version="11.31" service.version="8.13.3">foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.004:: HP-UX11.31 - 03rd February,2010/8.11.1; Wed, 20 May 2015 23:35:38 GMT</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="HP"/>
@@ -1104,12 +1130,14 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="4" name="system.time"/>
   </fingerprint>
 
   <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+)/UW([^ ]+) ready at *(.+) \(.+\) *$">
     <description>Sendmail - Unixware</description>
     <example service.version="8.8.7">foo.bar ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="SCO"/>
@@ -1118,6 +1146,7 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="os.version"/>
     <param pos="4" name="system.time"/>
   </fingerprint>
@@ -1125,6 +1154,7 @@
   <fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/UCB ([^;]+); (.+) \(.+\)$">
     <description>Sendmail - AIX (UCB variant)</description>
     <example os.version="4.2" service.version="8.7">foo.bar ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="IBM"/>
@@ -1135,12 +1165,14 @@
     <param pos="2" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
     <param pos="3" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="4" name="system.time"/>
   </fingerprint>
 
   <fingerprint pattern="^([^ ]+) Sendmail AIX([^/]+)/UCB ([^/]+)/([^ ]+) ready at (.+)$">
     <description>Sendmail - AIX (UCB/ready at variant)</description>
     <example>foo.bar Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="IBM"/>
@@ -1151,6 +1183,7 @@
     <param pos="2" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
     <param pos="3" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="4" name="sendmail.config.version"/>
     <param pos="5" name="system.time"/>
   </fingerprint>
@@ -1159,6 +1192,7 @@
     <description>Sendmail - AIX</description>
     <example host.name="foo.bar" os.version="4.2" service.version="8.7" sendmail.config.version="8.8">foo.bar ESMTP Sendmail AIX4.2/8.7/8.8; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
     <example host.name="foo.bar" os.version="5.1" service.version="8.11.6p2" sendmail.config.version="8.11.0">foo.bar ESMTP Sendmail AIX5.1/8.11.6p2/8.11.0; Fri, 28 Aug 1970 19:42:05 -0800</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="IBM"/>
@@ -1169,6 +1203,7 @@
     <param pos="2" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
     <param pos="3" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="4" name="sendmail.config.version"/>
     <param pos="5" name="system.time"/>
   </fingerprint>
@@ -1176,6 +1211,7 @@
   <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/SuSE Linux ([^;]+); (.+)$">
     <description>Sendmail - SuSE Linux</description>
     <example>foo.bar ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="SuSE"/>
@@ -1185,6 +1221,7 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="sendmail.config.version"/>
     <param pos="4" name="sendmail.vendor.version"/>
     <param pos="5" name="system.time"/>
@@ -1193,6 +1230,7 @@
   <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+); (.+)$">
     <description>Sendmail - Solaris with date (no time offeset variant)</description>
     <example>foo.bar ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="Sun"/>
@@ -1202,6 +1240,7 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss zzz"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="sendmail.config.version"/>
     <param pos="4" name="system.time"/>
   </fingerprint>
@@ -1209,6 +1248,7 @@
   <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+) ready at (.+) \(.+\)$">
     <description>Sendmail - Solaris with date (ready variant)</description>
     <example>foo.bar ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="Sun"/>
@@ -1218,6 +1258,7 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="sendmail.config.version"/>
     <param pos="4" name="system.time"/>
   </fingerprint>
@@ -1226,6 +1267,7 @@
     <description>Sendmail - Debian</description>
     <example service.version="8.12.0.Beta7" sendmail.config.version="8.12.0.Beta7" sendmail.vendor.version="8.12.0.Beta7-1">foo.bar ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
     <example service.version="8.11.0" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-21">foo.bar ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="Debian"/>
@@ -1235,6 +1277,7 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="sendmail.config.version"/>
     <param pos="4" name="sendmail.vendor.version"/>
     <param pos="5" name="system.time"/>
@@ -1244,6 +1287,7 @@
     <description>Sendmail - Debian 7.x (wheezy)</description>
     <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+wheezy1; Thu, 30 Nov 2017 10:33:05 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
     <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+deb7u1; Thu, 30 Nov 2017 11:00:33 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="Debian"/>
@@ -1254,6 +1298,7 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="sendmail.config.version"/>
     <param pos="4" name="system.time"/>
   </fingerprint>
@@ -1261,6 +1306,7 @@
   <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb8u\d; (.+); .*$">
     <description>Sendmail - Debian 8.x (jessie)</description>
     <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-8+deb8u2; Thu, 30 Nov 2017 10:25:48 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="Debian"/>
@@ -1271,6 +1317,7 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="sendmail.config.version"/>
     <param pos="4" name="system.time"/>
   </fingerprint>
@@ -1278,6 +1325,7 @@
   <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+lenny\d; (.+); .*$">
     <description>Sendmail - Debian 5.x (lenny)</description>
     <example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-5+lenny1; Thu, 30 Nov 2017 12:29:40 +0300; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="Debian"/>
@@ -1288,6 +1336,7 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="sendmail.config.version"/>
     <param pos="4" name="system.time"/>
   </fingerprint>
@@ -1295,6 +1344,7 @@
   <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+etch\d; (.+); .*$">
     <description>Sendmail - Debian 4.x (etch)</description>
     <example service.version="8.13.8" sendmail.config.version="8.13.8">foo.bar ESMTP Sendmail 8.13.8/8.13.8/Debian-3+etch1; Thu, 30 Nov 2017 10:28:23 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="Debian"/>
@@ -1305,6 +1355,7 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="sendmail.config.version"/>
     <param pos="4" name="system.time"/>
   </fingerprint>
@@ -1312,6 +1363,7 @@
   <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\dsarge\d; (.+); .*$">
     <description>Sendmail - Debian 3.1 (sarge)</description>
     <example service.version="8.13.4">foo.bar ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge1; Thu, 30 Nov 2017 10:55:47 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="Debian"/>
@@ -1322,6 +1374,7 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="sendmail.config.version"/>
     <param pos="4" name="system.time"/>
   </fingerprint>
@@ -1331,6 +1384,7 @@
     <example service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-3; Thu, 30 Nov 2017 10:55:50 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
     <example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-9.4; Thu, 30 Nov 2017 10:11:54 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
     <example service.version="8.14.2">foo.bar ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Thu, 30 Nov 2017 04:09:50 -0600; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="Debian"/>
@@ -1340,6 +1394,7 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="sendmail.config.version"/>
     <param pos="4" name="system.time"/>
   </fingerprint>
@@ -1348,6 +1403,7 @@
     <description>Sendmail - Ubuntu</description>
     <example service.version="8.13.5.20060308">foo.bar ESMTP Sendmail 8.13.5.20060308/8.13.5/Debian-3ubuntu1.1; Fri, 24 Jul 2009 01:41:21 -0700; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
     <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Thu, 30 Nov 2017 11:00:30 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="Ubuntu"/>
@@ -1357,12 +1413,14 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="system.time"/>
   </fingerprint>
 
   <fingerprint pattern="^([^ ]+) (?:E?SMTP )?Sendmail SMI-([^/]+)/(SMI-SVR4) ready at (.+)$">
     <description>Sendmail - Solaris (SMI variant)</description>
     <example>foo.bar Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.vendor" value="Sun"/>
@@ -1372,6 +1430,7 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="sendmail.config.version"/>
     <param pos="4" name="system.time"/>
   </fingerprint>
@@ -1379,6 +1438,7 @@
   <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)/(linuxconf); (.+)$">
     <description>Sendmail - unknown platform (linuxconf variant)</description>
     <example>foo.bar ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="os.family" value="Linux"/>
@@ -1386,6 +1446,7 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="sendmail.config.version"/>
     <param pos="4" name="system.time"/>
   </fingerprint>
@@ -1417,10 +1478,12 @@
     <example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9">foo.bar ESMTP blah Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
     <example host.name="foo.bar" service.version="8.10.2" sendmail.config.version="8.10.3">foo.bar ESMTP Sendmail 8.10.2/8.10.3; Mon, 10 Sep 2001 08:37:14 -0400</example>
     <example host.name="foo.bar" service.version="8.13.8" sendmail.config.version="8.13.9">foo.bar ESMTP foo-MTA Sendmail 8.13.8/8.13.9; Mon, 18 Apr 2011 08:52:38 -0700</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="sendmail.config.version"/>
     <param pos="4" name="system.time"/>
   </fingerprint>
@@ -1428,10 +1491,12 @@
   <fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w+)\.?$">
     <description>Sendmail - with timezone and timestamp, w/o timezone offset or OS</description>
     <example host.name="foo.bar" service.version="8.14.4" sendmail.config.version="8.14.4" system.time="Thu, 5 Apr 2018 19:30:58 GMT">foo.bar ESMTP Sendmail 8.14.4/8.14.4; Thu, 5 Apr 2018 19:30:58 GMT</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="sendmail.config.version"/>
     <param pos="4" name="system.time"/>
   </fingerprint>
@@ -1439,33 +1504,39 @@
   <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ ]+) ready at *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\))$">
     <description>Sendmail - with version and date (optional timezone), w/o config version</description>
     <example host.name="foo.bar" service.version="8.8.8" system.time="Tue, 6 Feb 2001 14:37:14 +0100">foo.bar ESMTP Sendmail 8.8.8 ready at Tue, 6 Feb 2001 14:37:14 +0100 (CET)</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="system.time"/>
   </fingerprint>
 
   <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) - \([^\)]+\)/[^ ]+;? *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
     <description>Sendmail - revision variant 1</description>
     <example>foo.foo.bar ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="system.time"/>
   </fingerprint>
 
   <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +(?:[^ ]+) +version +([^ ]+) +- +(?:[^;]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
     <description>Sendmail - revision variant 2</description>
     <example>foo.foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 2.007 - 8 December 2008/8.8.6; Wed, 21 Jul 2010 11:17:01 -0400 (EDT)</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="system.time"/>
   </fingerprint>
 
@@ -1480,8 +1551,10 @@
     <example host.name="foo.bar">foo.bar ESMTP Sendmail ready. </example>
     <example host.name="foo.bar">foo.bar ESMTP Sendmail</example>
     <example host.name="foo.bar">foo.bar Sendmail ready. </example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:-"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="system.time"/>
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
@@ -1490,10 +1563,12 @@
   <fingerprint pattern="^ESMTP Sendmail +([^/ ]+) */ *([^/ ]+); (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)$">
     <description>Sendmail - with version and date, w/o hostname or platform (semicolon variant)</description>
     <example service.version="8.13.1" sendmail.config.version="8.13.1" system.time="Thu, 30 Nov 2017 01:58:22 -0700">ESMTP Sendmail  8.13.1/8.13.1; Thu, 30 Nov 2017 01:58:22 -0700</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="2" name="sendmail.config.version"/>
     <param pos="3" name="system.time"/>
   </fingerprint>
@@ -1501,11 +1576,13 @@
   <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) \([^\)]+\) *(.+) \(.+\)$">
     <description>Sendmail - unknown (date in version string variant)</description>
     <example>mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="system.time"/>
   </fingerprint>
 
@@ -1513,19 +1590,23 @@
 
   <fingerprint pattern="^([^ ]+) Sendmail ([^;]+); ([^;\.]+)$">
     <description>Sendmail - unknown platform, variant 1</description>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss zzz"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="3" name="system.time"/>
   </fingerprint>
 
   <fingerprint pattern="^Sendmail ([^/]+)/([^/]+) ready on ([^ ]+)$">
     <description>Sendmail - basic with version and date</description>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
     <param pos="2" name="sendmail.config.version"/>
     <param pos="3" name="host.name"/>
   </fingerprint>
@@ -1751,11 +1832,12 @@
     <example host.name="foo.bar" service.version="5.3.1">foo.bar ESMTP CommuniGate Pro 5.3.1</example>
     <example host.name="foo.bar" service.version="6.2c3">foo.bar ESMTP CommuniGate Pro 6.2c3</example>
     <example host.name="foo.bar" service.version="4.3.12">foo.bar ESMTP CommuniGate Pro 4.3.12. It is you again :-(</example>
-    <param pos="0" name="service.vendor" value="Communigater"/>
+    <param pos="0" name="service.vendor" value="Communigate"/>
     <param pos="0" name="service.family" value="Pro"/>
-    <param pos="0" name="service.product" value="ESMTP"/>
+    <param pos="0" name="service.product" value="Communigate Pro"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:communigate:communigate_pro:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^(\S+) NO UCE NO UBE NO RELAY PROBES ESMTP">
diff --git a/xml/ssh_banners.xml b/xml/ssh_banners.xml
index 8a8d25db..cfa41cdc 100644
--- a/xml/ssh_banners.xml
+++ b/xml/ssh_banners.xml
@@ -1962,8 +1962,10 @@
   <fingerprint pattern="^dropbear$">
     <description>Dropbear w/o version - http://matt.ucc.asn.au/dropbear/dropbear.html</description>
     <example>dropbear</example>
+    <param pos="0" name="service.vendor" value="Dropbear SSH Project"/>
     <param pos="0" name="service.family" value="Dropbear"/>
-    <param pos="0" name="service.product" value="Dropbear"/>
+    <param pos="0" name="service.product" value="Dropbear SSH"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dropbear_ssh_project:dropbear_ssh:-"/>
   </fingerprint>
 
   <fingerprint pattern="^dropbear_(.*)$">
@@ -1971,8 +1973,10 @@
     <example service.version="2015.67">dropbear_2015.67</example>
     <example service.version="0.49">dropbear_0.49</example>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.vendor" value="Dropbear SSH Project"/>
     <param pos="0" name="service.family" value="Dropbear"/>
-    <param pos="0" name="service.product" value="Dropbear"/>
+    <param pos="0" name="service.product" value="Dropbear SSH"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dropbear_ssh_project:dropbear_ssh:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^lancom$">