diff --git a/finger/ehole/1caitong.yml b/finger/ehole/1caitong.yml
index 963728e..3fbd8a5 100644
--- a/finger/ehole/1caitong.yml
+++ b/finger/ehole/1caitong.yml
@@ -14,4 +14,3 @@ rules:
             follow_redirects: true
         expression: response.body_string.contains("/custom/groupnewslist.aspx?groupid=")
 expression: r0()
-on: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9() || r10()
diff --git "a/finger/ehole/360\345\244\251\346\223\216.yml" "b/finger/ehole/360\345\244\251\346\223\216.yml"
new file mode 100644
index 0000000..5b77201
--- /dev/null
+++ "b/finger/ehole/360\345\244\251\346\223\216.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-360天擎
+manual: false
+detail:
+    fingerprint:
+        name: 360天擎
+    fofa: title="360天擎" || header="360天擎"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("360天擎")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("360天擎"))
+expression: r0() || r1()
diff --git a/finger/ehole/74CMS.yml b/finger/ehole/74CMS.yml
new file mode 100644
index 0000000..f69c8b2
--- /dev/null
+++ b/finger/ehole/74CMS.yml
@@ -0,0 +1,79 @@
+name: fingerprint-yaml-74CMS
+manual: false
+detail:
+    fingerprint:
+        name: 74CMS
+    fofa: body="content=\"74cms.com" && body="content=\"骑士cms" && body="powered by <a href=\"http://www.74cms.com/\"" && body="/templates/default/css/common.css" && body="selectjobscategory" || body="content=\"74cms.com" || body="content=\"骑士CMS" || body="Powered by <a href=\"http://www.74cms.com/\"" || body="selectjobscategory" && body="/templates/default/css/common.css" || body="powered by <a href=\"http://www.74cms.com/\"" || body="content=\"骑士cms" || body="/templates/default/css/common.css" || body="selectjobscategory" || body="content=\"74cms.com\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="74cms.com') && response.body_string.contains('content="骑士cms') && response.body_string.contains('powered by <a href="http://www.74cms.com/"') && response.body_string.contains("/templates/default/css/common.css") && response.body_string.contains("selectjobscategory")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="74cms.com')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="骑士CMS')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('Powered by <a href="http://www.74cms.com/"')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("selectjobscategory") && response.body_string.contains("/templates/default/css/common.css")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('powered by <a href="http://www.74cms.com/"')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="骑士cms')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/templates/default/css/common.css")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("selectjobscategory")
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="74cms.com"')
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9()
diff --git a/finger/ehole/ACTi.yml b/finger/ehole/ACTi.yml
new file mode 100644
index 0000000..3fa2e3e
--- /dev/null
+++ b/finger/ehole/ACTi.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ACTi
+manual: false
+detail:
+    fingerprint:
+        name: ACTi
+    fofa: body="ACTi Corporation All Rights Reserved"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ACTi Corporation All Rights Reserved")
+expression: r0()
diff --git a/finger/ehole/ALCASAR.yml b/finger/ehole/ALCASAR.yml
new file mode 100644
index 0000000..438d58b
--- /dev/null
+++ b/finger/ehole/ALCASAR.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-ALCASAR
+manual: false
+detail:
+    fingerprint:
+        name: ALCASAR
+    fofa: body="valoriserdiv5" || body="valoriserDiv5"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("valoriserdiv5")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("valoriserDiv5")
+expression: r0() || r1()
diff --git a/finger/ehole/ALERTMANAGER.yml b/finger/ehole/ALERTMANAGER.yml
new file mode 100644
index 0000000..86a7167
--- /dev/null
+++ b/finger/ehole/ALERTMANAGER.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ALERTMANAGER
+manual: false
+detail:
+    fingerprint:
+        name: ALERTMANAGER
+    fofa: body="defaultcreator"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("defaultcreator")
+expression: r0()
diff --git a/finger/ehole/APISIX.yml b/finger/ehole/APISIX.yml
new file mode 100644
index 0000000..39fc25e
--- /dev/null
+++ b/finger/ehole/APISIX.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-APISIX
+manual: false
+detail:
+    fingerprint:
+        name: APISIX
+    fofa: 'body="Apache APISIX Dashboard" || header="Server: APISIX"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Apache APISIX Dashboard")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("Server: APISIX"))'
+expression: r0() || r1()
diff --git a/finger/ehole/APPEX LotWAN.yml b/finger/ehole/APPEX LotWAN.yml
new file mode 100644
index 0000000..076c068
--- /dev/null
+++ b/finger/ehole/APPEX LotWAN.yml	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-APPEX LotWAN
+manual: false
+detail:
+    fingerprint:
+        name: APPEX LotWAN
+    fofa: header="APPEX LotWAN" || title="APPEX LotWAN"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("APPEX LotWAN"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("APPEX LotWAN")
+expression: r0() || r1()
diff --git a/finger/ehole/ASP.yml b/finger/ehole/ASP.yml
new file mode 100644
index 0000000..6d512e9
--- /dev/null
+++ b/finger/ehole/ASP.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-ASP
+manual: false
+detail:
+    fingerprint:
+        name: ASP
+    fofa: 'header="x-powered-by: asp" || body=".asp?"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("x-powered-by: asp"))'
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains(".asp?")
+expression: r0() || r1()
diff --git a/finger/ehole/ATEN.yml b/finger/ehole/ATEN.yml
new file mode 100644
index 0000000..f1e05bd
--- /dev/null
+++ b/finger/ehole/ATEN.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ATEN
+manual: false
+detail:
+    fingerprint:
+        name: ATEN
+    fofa: title="ATEN"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("ATEN")
+expression: r0()
diff --git a/finger/ehole/AVCON6.yml b/finger/ehole/AVCON6.yml
new file mode 100644
index 0000000..e90cc71
--- /dev/null
+++ b/finger/ehole/AVCON6.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-AVCON6
+manual: false
+detail:
+    fingerprint:
+        name: AVCON6
+    fofa: body="filename=avcon6setup.exe" && body="language_dispose.action" || body="filename=AVCON6Setup.exe" || body="language_dispose.action" || body="avcon" || body="filename=avcon6setup.exe" || title="avcon6系统管理平台"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("filename=avcon6setup.exe") && response.body_string.contains("language_dispose.action")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("filename=AVCON6Setup.exe")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("language_dispose.action")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("avcon")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("filename=avcon6setup.exe")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("avcon6系统管理平台")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/ActiveMQ.yml b/finger/ehole/ActiveMQ.yml
new file mode 100644
index 0000000..dce334b
--- /dev/null
+++ b/finger/ehole/ActiveMQ.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ActiveMQ
+manual: false
+detail:
+    fingerprint:
+        name: ActiveMQ
+    fofa: body="ACTi Corporation All Rights Reserved"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ACTi Corporation All Rights Reserved")
+expression: r0()
diff --git "a/finger/ehole/Analytics Cloud \345\210\206\346\236\220\344\272\221.yml" "b/finger/ehole/Analytics Cloud \345\210\206\346\236\220\344\272\221.yml"
new file mode 100644
index 0000000..bc09789
--- /dev/null
+++ "b/finger/ehole/Analytics Cloud \345\210\206\346\236\220\344\272\221.yml"	
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Analytics Cloud 分析云
+manual: false
+detail:
+    fingerprint:
+        name: Analytics Cloud 分析云
+    fofa: icon_hash="410106848"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 410106848
+expression: r0()
diff --git a/finger/ehole/AnyMacro.yml b/finger/ehole/AnyMacro.yml
new file mode 100644
index 0000000..844e3a2
--- /dev/null
+++ b/finger/ehole/AnyMacro.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-AnyMacro
+manual: false
+detail:
+    fingerprint:
+        name: AnyMacro
+    fofa: body="document.aa.f_email" || header="login_key" || body="document.aa.F_email" || body="AnyWebApp" || header="LOGIN_KEY" || body="anywebapp"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("document.aa.f_email")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("login_key"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("document.aa.F_email")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("AnyWebApp")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("LOGIN_KEY"))
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("anywebapp")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/Apache APISIX.yml b/finger/ehole/Apache APISIX.yml
new file mode 100644
index 0000000..2e5c0f6
--- /dev/null
+++ b/finger/ehole/Apache APISIX.yml	
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Apache APISIX
+manual: false
+detail:
+    fingerprint:
+        name: Apache APISIX
+    fofa: body="{\"error_msg\":\"404 Route Not Found\"}"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('{"error_msg":"404 Route Not Found"}')
+expression: r0()
diff --git a/finger/ehole/Apache ActiveMQ.yml b/finger/ehole/Apache ActiveMQ.yml
new file mode 100644
index 0000000..99c3876
--- /dev/null
+++ b/finger/ehole/Apache ActiveMQ.yml	
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-Apache ActiveMQ
+manual: false
+detail:
+    fingerprint:
+        name: Apache ActiveMQ
+    fofa: icon_hash="1766699363" || body="<h2>Welcome to the Apache ActiveMQ!</h2>" && body="(realm=\"activemqrealm" || header="Apache ActiveMQ" || body="<title>Apache ActiveMQ</title>" || header="realm=\"activemqrealm" || title="Apache ActiveMQ" || title="apache activemq"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1766699363
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<h2>Welcome to the Apache ActiveMQ!</h2>") && response.body_string.contains('(realm="activemqrealm')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Apache ActiveMQ"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Apache ActiveMQ</title>")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes('realm="activemqrealm'))
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Apache ActiveMQ")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("apache activemq")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/Apache Tika.yml b/finger/ehole/Apache Tika.yml
new file mode 100644
index 0000000..801bb67
--- /dev/null
+++ b/finger/ehole/Apache Tika.yml	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Apache Tika
+manual: false
+detail:
+    fingerprint:
+        name: Apache Tika
+    fofa: header="Apache Tika" || title="Apache Tika"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Apache Tika"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Apache Tika")
+expression: r0() || r1()
diff --git a/finger/ehole/Apache-Flink.yml b/finger/ehole/Apache-Flink.yml
new file mode 100644
index 0000000..867ab87
--- /dev/null
+++ b/finger/ehole/Apache-Flink.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-Apache-Flink
+manual: false
+detail:
+    fingerprint:
+        name: Apache-Flink
+    fofa: body="<title>Apache Flink Web Dashboard</title>" && body="<flink-root></flink-root>" && body="<img alt=\"apache flink dashboard\" src=\"images/flink-logo.png" || header="Apache Flink" || body="<img alt=\"apache flink dashboard\" src=\"images/flink-logo.png" || body="<title>Apache Flink Web Dashboard</title>" || body="<flink-root></flink-root>" || title="Apache Flink" || title="apache flink web dashboard"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Apache Flink Web Dashboard</title>") && response.body_string.contains("<flink-root></flink-root>") && response.body_string.contains('<img alt="apache flink dashboard" src="images/flink-logo.png')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Apache Flink"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<img alt="apache flink dashboard" src="images/flink-logo.png')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Apache Flink Web Dashboard</title>")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<flink-root></flink-root>")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Apache Flink")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("apache flink web dashboard")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/Apache-OFBiz.yml b/finger/ehole/Apache-OFBiz.yml
new file mode 100644
index 0000000..da79c3e
--- /dev/null
+++ b/finger/ehole/Apache-OFBiz.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-Apache-OFBiz
+manual: false
+detail:
+    fingerprint:
+        name: Apache-OFBiz
+    fofa: 'body="Apache OFBiz" && body="apache.ofbiz" || header="Set-Cookie: OFBiz.Visitor=" || body="Apache OFBiz" || body="apache.ofbiz" || body="<span>Powered by OFBiz</span>"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Apache OFBiz") && response.body_string.contains("apache.ofbiz")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("Set-Cookie: OFBiz.Visitor="))'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Apache OFBiz")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("apache.ofbiz")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<span>Powered by OFBiz</span>")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/Apache.yml b/finger/ehole/Apache.yml
new file mode 100644
index 0000000..e019c91
--- /dev/null
+++ b/finger/ehole/Apache.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-Apache
+manual: false
+detail:
+    fingerprint:
+        name: Apache
+    fofa: 'header="Server: Apache" || body="<title>Test Page for Apache Installation</title>" || body="<TITLE>Test Page for the SSL/TLS-aware Apache Installation on Web Site</TITLE>" || body="<html><body><h1>It works!</h1></body></html>" || body="<html>Apache is functioning normally</html>" || body="<body><center>This IP is being shared among many domains.<br>To view the domain you are looking for, simply enter the domain name in the location bar of your web browser.<br>"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("Server: Apache"))'
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Test Page for Apache Installation</title>")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<TITLE>Test Page for the SSL/TLS-aware Apache Installation on Web Site</TITLE>")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<html><body><h1>It works!</h1></body></html>")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<html>Apache is functioning normally</html>")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<body><center>This IP is being shared among many domains.<br>To view the domain you are looking for, simply enter the domain name in the location bar of your web browser.<br>")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/Apollo.yml b/finger/ehole/Apollo.yml
new file mode 100644
index 0000000..2a4c4d4
--- /dev/null
+++ b/finger/ehole/Apollo.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Apollo
+manual: false
+detail:
+    fingerprint:
+        name: Apollo
+    fofa: header="Apollo" || title="Apollo"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Apollo"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Apollo")
+expression: r0() || r1()
diff --git a/finger/ehole/AppServ.yml b/finger/ehole/AppServ.yml
new file mode 100644
index 0000000..a54570e
--- /dev/null
+++ b/finger/ehole/AppServ.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-AppServ
+manual: false
+detail:
+    fingerprint:
+        name: AppServ
+    fofa: body="appserv/softicon.gif" && body="index.php?appservlang=th" || body="appserv/softicon.gif" || body="index.php?appservlang=th" || body="<font color=\"#000080\" class=\"headd\">&nbsp;&nbsp;&nbsp;<img src=\"appserv/softicon.gif\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("appserv/softicon.gif") && response.body_string.contains("index.php?appservlang=th")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("appserv/softicon.gif")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("index.php?appservlang=th")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<font color="#000080" class="headd">&nbsp;&nbsp;&nbsp;<img src="appserv/softicon.gif"')
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/Apusic.yml b/finger/ehole/Apusic.yml
new file mode 100644
index 0000000..a42ce01
--- /dev/null
+++ b/finger/ehole/Apusic.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-Apusic
+manual: false
+detail:
+    fingerprint:
+        name: Apusic
+    fofa: 'body="<td>管理apusic应用服务器</td>" || header="server: apusic application server" || title="欢迎使用apusic应用服务器"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<td>管理apusic应用服务器</td>")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: apusic application server"))'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("欢迎使用apusic应用服务器")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/Arris.yml b/finger/ehole/Arris.yml
new file mode 100644
index 0000000..0deb704
--- /dev/null
+++ b/finger/ehole/Arris.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Arris
+manual: false
+detail:
+    fingerprint:
+        name: Arris
+    fofa: icon_hash="-1477563858"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1477563858
+expression: r0()
diff --git a/finger/ehole/Artifactory.yml b/finger/ehole/Artifactory.yml
new file mode 100644
index 0000000..8c2480d
--- /dev/null
+++ b/finger/ehole/Artifactory.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-Artifactory
+manual: false
+detail:
+    fingerprint:
+        name: Artifactory
+    fofa: body="<html ng-app=\"artifactory.ui\">" || body="<body jf-body-class ng-class=\"{\"load-complete\":jfBodyClass.isLoadCompleted()}\">" || title="Artifactory"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<html ng-app="artifactory.ui">')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<body jf-body-class ng-class="{"load-complete":jfBodyClass.isLoadCompleted()}">')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Artifactory")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/Asustor.yml b/finger/ehole/Asustor.yml
new file mode 100644
index 0000000..8ddf57a
--- /dev/null
+++ b/finger/ehole/Asustor.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Asustor
+manual: false
+detail:
+    fingerprint:
+        name: Asustor
+    fofa: icon_hash="1678170702"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1678170702
+expression: r0()
diff --git a/finger/ehole/Atlassian Confluence.yml b/finger/ehole/Atlassian Confluence.yml
new file mode 100644
index 0000000..932a56d
--- /dev/null
+++ b/finger/ehole/Atlassian Confluence.yml	
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Atlassian Confluence
+manual: false
+detail:
+    fingerprint:
+        name: Atlassian Confluence
+    fofa: header="x-confluence"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("x-confluence"))
+expression: r0()
diff --git a/finger/ehole/Atlassian Jira.yml b/finger/ehole/Atlassian Jira.yml
new file mode 100644
index 0000000..169b874
--- /dev/null
+++ b/finger/ehole/Atlassian Jira.yml	
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-Atlassian Jira
+manual: false
+detail:
+    fingerprint:
+        name: Atlassian Jira
+    fofa: 'header="Atlassian Jira" || body="<noscript><h1>Warning: either you have javascript disabled or your browser does not support javascript. To work properly, this page requires javascript to be enabled.</h1></noscript>" || body="<a class=\"seo-link\" href=\"http://www.atlassian.com/software/jira/bug-tracking.jsp\">Bug tracking</a> and <a class=\"seo-link\" href=\"http://www.atlassian.com/software/jira/tour/project-tracking.jsp\">project tracking</a> for <a class=\"seo-link\" href=\"http://www.atlassian.com/software/jira/tour/software-development.jsp\">software development</a> powered by <a href=\"http://www.atlassian.com/software/jira\" class=\"smalltext\">Atlassian JIRA</a>" || body="<meta name=\"decorator\" content=\"atl.general\">" || title="Atlassian Jira"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Atlassian Jira"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains("<noscript><h1>Warning: either you have javascript disabled or your browser does not support javascript. To work properly, this page requires javascript to be enabled.</h1></noscript>")'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a class="seo-link" href="http://www.atlassian.com/software/jira/bug-tracking.jsp">Bug tracking</a> and <a class="seo-link" href="http://www.atlassian.com/software/jira/tour/project-tracking.jsp">project tracking</a> for <a class="seo-link" href="http://www.atlassian.com/software/jira/tour/software-development.jsp">software development</a> powered by <a href="http://www.atlassian.com/software/jira" class="smalltext">Atlassian JIRA</a>')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<meta name="decorator" content="atl.general">')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Atlassian Jira")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git "a/finger/ehole/Atlassian \342\200\223 Confluence.yml" "b/finger/ehole/Atlassian \342\200\223 Confluence.yml"
new file mode 100644
index 0000000..9713dc9
--- /dev/null
+++ "b/finger/ehole/Atlassian \342\200\223 Confluence.yml"	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Atlassian – Confluence
+manual: false
+detail:
+    fingerprint:
+        name: Atlassian – Confluence
+    fofa: icon_hash="-305179312" || icon_hash="-1642532491"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -305179312
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1642532491
+expression: r0() || r1()
diff --git "a/finger/ehole/Atlassian \342\200\223 JIRA.yml" "b/finger/ehole/Atlassian \342\200\223 JIRA.yml"
new file mode 100644
index 0000000..4f3a313
--- /dev/null
+++ "b/finger/ehole/Atlassian \342\200\223 JIRA.yml"	
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-Atlassian – JIRA
+manual: false
+detail:
+    fingerprint:
+        name: Atlassian – JIRA
+    fofa: icon_hash="981867722" || icon_hash="552727997" || icon_hash="-1581907337"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 981867722
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 552727997
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1581907337
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/Atlassian.yml b/finger/ehole/Atlassian.yml
new file mode 100644
index 0000000..32c50e2
--- /dev/null
+++ b/finger/ehole/Atlassian.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-Atlassian
+manual: false
+detail:
+    fingerprint:
+        name: Atlassian
+    fofa: icon_hash="743365239" || icon_hash="628535358" || icon_hash="705143395"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 743365239
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 628535358
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 705143395
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/BIG-IP.yml b/finger/ehole/BIG-IP.yml
new file mode 100644
index 0000000..6c2faf1
--- /dev/null
+++ b/finger/ehole/BIG-IP.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-BIG-IP
+manual: false
+detail:
+    fingerprint:
+        name: BIG-IP
+    fofa: icon_hash="878647854"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 878647854
+expression: r0()
diff --git a/finger/ehole/BIGACE.yml b/finger/ehole/BIGACE.yml
new file mode 100644
index 0000000..014443d
--- /dev/null
+++ b/finger/ehole/BIGACE.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-BIGACE
+manual: false
+detail:
+    fingerprint:
+        name: BIGACE
+    fofa: body="content=\"BIGACE" || body="Site is running BIGACE" || body="Powered by <a href=\"http://www.bigace.de/\" target=\"_blank\">BIGACE</a>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="BIGACE')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Site is running BIGACE")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('Powered by <a href="http://www.bigace.de/" target="_blank">BIGACE</a>')
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/BIGACE_CMS.yml b/finger/ehole/BIGACE_CMS.yml
new file mode 100644
index 0000000..e849c11
--- /dev/null
+++ b/finger/ehole/BIGACE_CMS.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-BIGACE_CMS
+manual: false
+detail:
+    fingerprint:
+        name: BIGACE_CMS
+    fofa: header="BIGACE_CMS" || title="BIGACE_CMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("BIGACE_CMS"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("BIGACE_CMS")
+expression: r0() || r1()
diff --git a/finger/ehole/Baidu.yml b/finger/ehole/Baidu.yml
new file mode 100644
index 0000000..9a1acfb
--- /dev/null
+++ b/finger/ehole/Baidu.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Baidu
+manual: false
+detail:
+    fingerprint:
+        name: Baidu
+    fofa: icon_hash="1118684072"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1118684072
+expression: r0()
diff --git a/finger/ehole/BeeS-CMS.yml b/finger/ehole/BeeS-CMS.yml
new file mode 100644
index 0000000..67f4d41
--- /dev/null
+++ b/finger/ehole/BeeS-CMS.yml
@@ -0,0 +1,100 @@
+name: fingerprint-yaml-BeeS-CMS
+manual: false
+detail:
+    fingerprint:
+        name: BeeS-CMS
+    fofa: body="powerd by" && body="beescms" && body="template/default/images/slides.min.jquery.js" && body="/default/images/xslider.js" && body="/default/images/search_btn.gif" && body="powerd by beescms" && body="mx_form/mx_form.php" || header="BEESCMS" || body="mx_form/mx_form.php" || body="powerd by beescms" || body="/default/images/search_btn.gif" && body="/default/images/xslider.js" || body="template/default/images/slides.min.jquery.js" || body="beescms" && body="powerd by" || body="powerd by" || body="beescms" || body="/default/images/xslider.js" || body="/default/images/search_btn.gif" || body="beescms" && body="template/default/images/slides.min.jquery.js" || title="BEESCMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powerd by") && response.body_string.contains("beescms") && response.body_string.contains("template/default/images/slides.min.jquery.js") && response.body_string.contains("/default/images/xslider.js") && response.body_string.contains("/default/images/search_btn.gif") && response.body_string.contains("powerd by beescms") && response.body_string.contains("mx_form/mx_form.php")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("BEESCMS"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("mx_form/mx_form.php")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powerd by beescms")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/default/images/search_btn.gif") && response.body_string.contains("/default/images/xslider.js")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("template/default/images/slides.min.jquery.js")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("beescms") && response.body_string.contains("powerd by")
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powerd by")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("beescms")
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/default/images/xslider.js")
+    r10:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/default/images/search_btn.gif")
+    r11:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("beescms") && response.body_string.contains("template/default/images/slides.min.jquery.js")
+    r12:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("BEESCMS")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9() || r10() || r11() || r12()
diff --git a/finger/ehole/Bitbucket.yml b/finger/ehole/Bitbucket.yml
new file mode 100644
index 0000000..534a63b
--- /dev/null
+++ b/finger/ehole/Bitbucket.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-Bitbucket
+manual: false
+detail:
+    fingerprint:
+        name: Bitbucket
+    fofa: body="/j_atl_security_check" && body="bitbucket.page.login" || body="bitbucket.page.login" && body="/j_atl_security_check" || body="/j_atl_security_check" || body="bitbucket.page.login" || title="bitbucket"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/j_atl_security_check") && response.body_string.contains("bitbucket.page.login")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("bitbucket.page.login") && response.body_string.contains("/j_atl_security_check")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/j_atl_security_check")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("bitbucket.page.login")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("bitbucket")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/BloofoxCMS.yml b/finger/ehole/BloofoxCMS.yml
new file mode 100644
index 0000000..8c0c328
--- /dev/null
+++ b/finger/ehole/BloofoxCMS.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-BloofoxCMS
+manual: false
+detail:
+    fingerprint:
+        name: BloofoxCMS
+    fofa: body="content=\"bloofoxCMS" || body="Powered by <a href=\"http://www.bloofox.com"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="bloofoxCMS')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('Powered by <a href="http://www.bloofox.com')
+expression: r0() || r1()
diff --git a/finger/ehole/Bonfire.yml b/finger/ehole/Bonfire.yml
new file mode 100644
index 0000000..90f1f29
--- /dev/null
+++ b/finger/ehole/Bonfire.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Bonfire
+manual: false
+detail:
+    fingerprint:
+        name: Bonfire
+    fofa: header="Bonfire" || title="Bonfire"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Bonfire"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Bonfire")
+expression: r0() || r1()
diff --git a/finger/ehole/BootCMS.yml b/finger/ehole/BootCMS.yml
new file mode 100644
index 0000000..c79a52e
--- /dev/null
+++ b/finger/ehole/BootCMS.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-BootCMS
+manual: false
+detail:
+    fingerprint:
+        name: BootCMS
+    fofa: body="BootCMS" || title="BootCMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("BootCMS")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("BootCMS")
+expression: r0() || r1()
diff --git a/finger/ehole/Byzoro-Smart.yml b/finger/ehole/Byzoro-Smart.yml
new file mode 100644
index 0000000..df08174
--- /dev/null
+++ b/finger/ehole/Byzoro-Smart.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Byzoro-Smart
+manual: false
+detail:
+    fingerprint:
+        name: Byzoro-Smart
+    fofa: body="smart s150&nbsp;系统登录" || title="smart--管理平台"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("smart s150&nbsp;系统登录")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("smart--管理平台")
+expression: r0() || r1()
diff --git a/finger/ehole/CAYIN-SMP.yml b/finger/ehole/CAYIN-SMP.yml
new file mode 100644
index 0000000..c459cc4
--- /dev/null
+++ b/finger/ehole/CAYIN-SMP.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-CAYIN-SMP
+manual: false
+detail:
+    fingerprint:
+        name: CAYIN-SMP
+    fofa: body="/cgi-bin/wizard_index.cgi"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/cgi-bin/wizard_index.cgi")
+expression: r0()
diff --git a/finger/ehole/CISCO-Data-Center-Network-Manager.yml b/finger/ehole/CISCO-Data-Center-Network-Manager.yml
new file mode 100644
index 0000000..96224c4
--- /dev/null
+++ b/finger/ehole/CISCO-Data-Center-Network-Manager.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-CISCO-Data-Center-Network-Manager
+manual: false
+detail:
+    fingerprint:
+        name: CISCO-Data-Center-Network-Manager
+    fofa: title="data center network manager"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("data center network manager")
+expression: r0()
diff --git a/finger/ehole/CISCO-Integrated-Management-Controller.yml b/finger/ehole/CISCO-Integrated-Management-Controller.yml
new file mode 100644
index 0000000..6020c68
--- /dev/null
+++ b/finger/ehole/CISCO-Integrated-Management-Controller.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-CISCO-Integrated-Management-Controller
+manual: false
+detail:
+    fingerprint:
+        name: CISCO-Integrated-Management-Controller
+    fofa: title="cisco integrated management controller"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("cisco integrated management controller")
+expression: r0()
diff --git a/finger/ehole/CISCO-WebEx.yml b/finger/ehole/CISCO-WebEx.yml
new file mode 100644
index 0000000..421daf0
--- /dev/null
+++ b/finger/ehole/CISCO-WebEx.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-CISCO-WebEx
+manual: false
+detail:
+    fingerprint:
+        name: CISCO-WebEx
+    fofa: body="alt=\"cisco webex meetings server\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('alt="cisco webex meetings server"')
+expression: r0()
diff --git a/finger/ehole/CMSTop.yml b/finger/ehole/CMSTop.yml
new file mode 100644
index 0000000..6e18ba3
--- /dev/null
+++ b/finger/ehole/CMSTop.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-CMSTop
+manual: false
+detail:
+    fingerprint:
+        name: CMSTop
+    fofa: body="css/cmstop-common.css" && body="js/cmstop-common.js" || body="/css/cmstop-common.css" && body="/js/cmstop-common.js" && body="cmstop-list-text.css" && body="<a class=\"poweredby\" href=\"http://www.cmstop.com\"" || body="/css/cmstop-common.css" || body="/js/cmstop-common.js" || body="cmstop-list-text.css" || body="<a class=\"poweredby\" href=\"http://www.cmstop.com\"" || body="<a class=\"poweredby\" href=\"http://www.cmstop.com\"" && body="cmstop-list-text.css"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("css/cmstop-common.css") && response.body_string.contains("js/cmstop-common.js")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/css/cmstop-common.css") && response.body_string.contains("/js/cmstop-common.js") && response.body_string.contains("cmstop-list-text.css") && response.body_string.contains('<a class="poweredby" href="http://www.cmstop.com"')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/css/cmstop-common.css")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/js/cmstop-common.js")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("cmstop-list-text.css")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a class="poweredby" href="http://www.cmstop.com"')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a class="poweredby" href="http://www.cmstop.com"') && response.body_string.contains("cmstop-list-text.css")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/CMSsite.yml b/finger/ehole/CMSsite.yml
new file mode 100644
index 0000000..104547e
--- /dev/null
+++ b/finger/ehole/CMSsite.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-CMSsite
+manual: false
+detail:
+    fingerprint:
+        name: CMSsite
+    fofa: header="CMSsite" || title="CMSsite"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("CMSsite"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("CMSsite")
+expression: r0() || r1()
diff --git a/finger/ehole/Cacti.yml b/finger/ehole/Cacti.yml
new file mode 100644
index 0000000..d1ace3a
--- /dev/null
+++ b/finger/ehole/Cacti.yml
@@ -0,0 +1,65 @@
+name: fingerprint-yaml-Cacti
+manual: false
+detail:
+    fingerprint:
+        name: Cacti
+    fofa: 'body="/plugins/jqueryskin/include/login.css" || header="set-cookie: cacti=" && header="cacti access" || header="Set-Cookie:Cacti=" || body="<title>Login to Cacti</title>" || body="<body bgcolor=\"#FFFFFF\" onload=\"document.login.login_username.focus()\">" || header="cacti access" || header="set-cookie: cacti=" || title="login to cacti"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/plugins/jqueryskin/include/login.css")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("set-cookie: cacti=")) && response.raw_header.bcontains(bytes("cacti access"))'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Set-Cookie:Cacti="))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Login to Cacti</title>")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<body bgcolor="#FFFFFF" onload="document.login.login_username.focus()">')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("cacti access"))
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("set-cookie: cacti="))'
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("login to cacti")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7()
diff --git a/finger/ehole/Camera.yml b/finger/ehole/Camera.yml
new file mode 100644
index 0000000..bf3d31a
--- /dev/null
+++ b/finger/ehole/Camera.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-Camera
+manual: false
+detail:
+    fingerprint:
+        name: Camera
+    fofa: body="href=\"/doc/css/rzslider.css\"" || body="/videostream.cgi?loginuse=" || body="北京中盾安全技术开发公司" || header="basic realm=camera name " || header="basic realm=camera name"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="/doc/css/rzslider.css"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/videostream.cgi?loginuse=")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("北京中盾安全技术开发公司")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("basic realm=camera name "))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("basic realm=camera name"))
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/CentOS.yml b/finger/ehole/CentOS.yml
new file mode 100644
index 0000000..03c5cc2
--- /dev/null
+++ b/finger/ehole/CentOS.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-CentOS
+manual: false
+detail:
+    fingerprint:
+        name: CentOS
+    fofa: header="centos" || title="apache http server test page powered by centos"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("centos"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("apache http server test page powered by centos")
+expression: r0() || r1()
diff --git a/finger/ehole/Centerm.yml b/finger/ehole/Centerm.yml
new file mode 100644
index 0000000..0bf1a6c
--- /dev/null
+++ b/finger/ehole/Centerm.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-Centerm
+manual: false
+detail:
+    fingerprint:
+        name: Centerm
+    fofa: body="new ct.extapp.aboutsystemwindow(" || body="new ct.extapp.aboutsystemwindow" || body="new ct.extapp.aboutsystemwindow()"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("new ct.extapp.aboutsystemwindow(")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("new ct.extapp.aboutsystemwindow")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("new ct.extapp.aboutsystemwindow()")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/Chamilo.yml b/finger/ehole/Chamilo.yml
new file mode 100644
index 0000000..7ee6a32
--- /dev/null
+++ b/finger/ehole/Chamilo.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-Chamilo
+manual: false
+detail:
+    fingerprint:
+        name: Chamilo
+    fofa: 'body="<link href=\"http://www.chamilo.org/documentation.php" || body="content=\"Chamilo" || header="X-Powered-By:Chamilo" || body="<link href=\"http://www.chamilo.org/documentation.php\" rel=\"Help\" />" || body="<!-- end of #main\" started at the end of banner.inc.php -->"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<link href="http://www.chamilo.org/documentation.php')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="Chamilo')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("X-Powered-By:Chamilo"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<link href="http://www.chamilo.org/documentation.php" rel="Help" />')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains(''<!-- end of #main" started at the end of banner.inc.php -->'')'
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/Chinacreator.yml b/finger/ehole/Chinacreator.yml
new file mode 100644
index 0000000..ffc2720
--- /dev/null
+++ b/finger/ehole/Chinacreator.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Chinacreator
+manual: false
+detail:
+    fingerprint:
+        name: Chinacreator
+    fofa: title="Chinacreator"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Chinacreator")
+expression: r0()
diff --git a/finger/ehole/Cisco-Adaptive-Security-Appliance.yml b/finger/ehole/Cisco-Adaptive-Security-Appliance.yml
new file mode 100644
index 0000000..20794de
--- /dev/null
+++ b/finger/ehole/Cisco-Adaptive-Security-Appliance.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Cisco-Adaptive-Security-Appliance
+manual: false
+detail:
+    fingerprint:
+        name: Cisco-Adaptive-Security-Appliance
+    fofa: header="Adaptive Security Appliance HTTP" || body="<title>Cisco Systems, Inc. Network Access</title>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Adaptive Security Appliance HTTP"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Cisco Systems, Inc. Network Access</title>")
+expression: r0() || r1()
diff --git a/finger/ehole/Cisco-Prime-Infrastructure.yml b/finger/ehole/Cisco-Prime-Infrastructure.yml
new file mode 100644
index 0000000..f2f03c0
--- /dev/null
+++ b/finger/ehole/Cisco-Prime-Infrastructure.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-Cisco-Prime-Infrastructure
+manual: false
+detail:
+    fingerprint:
+        name: Cisco-Prime-Infrastructure
+    fofa: 'body="<div class=\"xwtproductname\" >cisco prime infrastructure" && body="/webacs/internal/xwt/themes/prime/prime-xwt.css" && body="webacs/welcomeaction.do" || header="server: prime" || body="webacs/welcomeaction.do" || body="/webacs/lib/xwt/themes/prime/prime-xwt.css" || body="<div class=\"xwtproductname\" >cisco prime infrastructure" || body="/webacs/internal/xwt/themes/prime/prime-xwt.css" || title="cisco  prime infrastructure"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<div class="xwtproductname" >cisco prime infrastructure') && response.body_string.contains("/webacs/internal/xwt/themes/prime/prime-xwt.css") && response.body_string.contains("webacs/welcomeaction.do")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: prime"))'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("webacs/welcomeaction.do")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/webacs/lib/xwt/themes/prime/prime-xwt.css")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<div class="xwtproductname" >cisco prime infrastructure')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/webacs/internal/xwt/themes/prime/prime-xwt.css")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("cisco  prime infrastructure")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/Cisco-VPN.yml b/finger/ehole/Cisco-VPN.yml
new file mode 100644
index 0000000..5b81498
--- /dev/null
+++ b/finger/ehole/Cisco-VPN.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-Cisco-VPN
+manual: false
+detail:
+    fingerprint:
+        name: Cisco-VPN
+    fofa: header="webvpn" && header="basic realm=\"vpn8\"" || header="webvpn" || body="value=\" + svpnbtnlogin + \"" || header="basic realm=\"vpn8\"" || header="centrala_vpnrv082" || header="rv082" || title="cisco systems, inc. vpn 3000 concentrator"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("webvpn")) && response.raw_header.bcontains(bytes('basic realm="vpn8"'))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("webvpn"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('value=" + svpnbtnlogin + "')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes('basic realm="vpn8"'))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("centrala_vpnrv082"))
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("rv082"))
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("cisco systems, inc. vpn 3000 concentrator")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/Citrix ADC.yml b/finger/ehole/Citrix ADC.yml
new file mode 100644
index 0000000..1bc1722
--- /dev/null
+++ b/finger/ehole/Citrix ADC.yml	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Citrix ADC
+manual: false
+detail:
+    fingerprint:
+        name: Citrix ADC
+    fofa: header="Citrix ADC" || title="Citrix ADC"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Citrix ADC"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Citrix ADC")
+expression: r0() || r1()
diff --git a/finger/ehole/Citrix Gateway.yml b/finger/ehole/Citrix Gateway.yml
new file mode 100644
index 0000000..fedb48a
--- /dev/null
+++ b/finger/ehole/Citrix Gateway.yml	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Citrix Gateway
+manual: false
+detail:
+    fingerprint:
+        name: Citrix Gateway
+    fofa: header="Citrix Gateway" || title="Citrix Gateway"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Citrix Gateway"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Citrix Gateway")
+expression: r0() || r1()
diff --git a/finger/ehole/Citrix-Netscaler.yml b/finger/ehole/Citrix-Netscaler.yml
new file mode 100644
index 0000000..8158818
--- /dev/null
+++ b/finger/ehole/Citrix-Netscaler.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-Citrix-Netscaler
+manual: false
+detail:
+    fingerprint:
+        name: Citrix-Netscaler
+    fofa: 'body="netscape/firefox/opera" || header="set-cookie: citrix_ns_id" || header="NS-CACHE" || header="ns_af" || header="Citrix NetScaler" || header="ns-cache" || title="Citrix NetScaler"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("netscape/firefox/opera")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("set-cookie: citrix_ns_id"))'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("NS-CACHE"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("ns_af"))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Citrix NetScaler"))
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("ns-cache"))
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Citrix NetScaler")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/ClusterEngine.yml b/finger/ehole/ClusterEngine.yml
new file mode 100644
index 0000000..30d9ec8
--- /dev/null
+++ b/finger/ehole/ClusterEngine.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-ClusterEngine
+manual: false
+detail:
+    fingerprint:
+        name: ClusterEngine
+    fofa: header="ClusterEngine" || title="ClusterEngine"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("ClusterEngine"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("ClusterEngine")
+expression: r0() || r1()
diff --git a/finger/ehole/Colasoft-RAS.yml b/finger/ehole/Colasoft-RAS.yml
new file mode 100644
index 0000000..26b598f
--- /dev/null
+++ b/finger/ehole/Colasoft-RAS.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-Colasoft-RAS
+manual: false
+detail:
+    fingerprint:
+        name: Colasoft-RAS
+    fofa: body="科来软件 版权所有" && body="i18ninit.min.js" && body="nfr=\"true\"" || body="i18ninit.min.js" && body="科来软件 版权所有" || body="科来软件 版权所有" || body="i18ninit.min.js" || body="nfr=\"true\"" || title="科来网络回溯"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("科来软件 版权所有") && response.body_string.contains("i18ninit.min.js") && response.body_string.contains('nfr="true"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("i18ninit.min.js") && response.body_string.contains("科来软件 版权所有")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("科来软件 版权所有")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("i18ninit.min.js")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('nfr="true"')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("科来网络回溯")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/ColdFusion.yml b/finger/ehole/ColdFusion.yml
new file mode 100644
index 0000000..f3524c7
--- /dev/null
+++ b/finger/ehole/ColdFusion.yml
@@ -0,0 +1,65 @@
+name: fingerprint-yaml-ColdFusion
+manual: false
+detail:
+    fingerprint:
+        name: ColdFusion
+    fofa: body="/cfajax/" || header="CFTOKEN" || body="<title>ColdFusion Administrator Login</title>" || body="{   document.write(\"<link rel=\"STYLESHEET\" type=\"text/css\" href=\"./cfadmin_ns.css\">\");}" || body="<form name=\"loginform\" action=\"./enter.cfm\" method=\"POST\" onSubmit=\"cfadminPassword.value = hex_hmac_sha1(salt.value, hex_sha1(cfadminPassword.value));\" >" || body="<input name=\"cfadminPassword\" type=\"Password\" size=\"15\" style=\"width:15em;\" class=\"label\" maxlength=\"100\" id=\"admin_login\">" || body="Macromedia, the Macromedia logo, Macromedia ColdFusion and ColdFusion are<br />" || body="<tr><td><img src=\"./images/mx_copyrframe.gif\" width=\"2\" height=\"57\" border=\"0\" alt=\"ColdFusion MX\" hspace=\"10\"></td>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/cfajax/")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("CFTOKEN"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>ColdFusion Administrator Login</title>")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('{   document.write("<link rel="STYLESHEET" type="text/css" href="./cfadmin_ns.css">");}')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<form name="loginform" action="./enter.cfm" method="POST" onSubmit="cfadminPassword.value = hex_hmac_sha1(salt.value, hex_sha1(cfadminPassword.value));" >')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<input name="cfadminPassword" type="Password" size="15" style="width:15em;" class="label" maxlength="100" id="admin_login">')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Macromedia, the Macromedia logo, Macromedia ColdFusion and ColdFusion are<br />")
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<tr><td><img src="./images/mx_copyrframe.gif" width="2" height="57" border="0" alt="ColdFusion MX" hspace="10"></td>')
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7()
diff --git a/finger/ehole/Consul-HashiCorp.yml b/finger/ehole/Consul-HashiCorp.yml
new file mode 100644
index 0000000..ab05bbf
--- /dev/null
+++ b/finger/ehole/Consul-HashiCorp.yml
@@ -0,0 +1,79 @@
+name: fingerprint-yaml-Consul-HashiCorp
+manual: false
+detail:
+    fingerprint:
+        name: Consul-HashiCorp
+    fofa: body="/ui/assets/consul-ui" && body="consul-ui/configs/environment" && body="consulhost" && body="consul instance" && body="www.consul.io" || body="www.consul.io" && body="consul instance" && body="consulhost" || body="consul-ui/config/environment" && body="/ui/assets/consul-ui" || body="/ui/assets/consul-ui" || body="consul-ui/configs/environment" || body="consulhost" || body="consul instance" || body="www.consul.io" || body="consul-ui/config/environment" || title="consul by hashicorp"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/ui/assets/consul-ui") && response.body_string.contains("consul-ui/configs/environment") && response.body_string.contains("consulhost") && response.body_string.contains("consul instance") && response.body_string.contains("www.consul.io")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("www.consul.io") && response.body_string.contains("consul instance") && response.body_string.contains("consulhost")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("consul-ui/config/environment") && response.body_string.contains("/ui/assets/consul-ui")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/ui/assets/consul-ui")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("consul-ui/configs/environment")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("consulhost")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("consul instance")
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("www.consul.io")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("consul-ui/config/environment")
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("consul by hashicorp")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9()
diff --git a/finger/ehole/Craft CMS.yml b/finger/ehole/Craft CMS.yml
new file mode 100644
index 0000000..0ec9e48
--- /dev/null
+++ b/finger/ehole/Craft CMS.yml	
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Craft CMS
+manual: false
+detail:
+    fingerprint:
+        name: Craft CMS
+    fofa: header="Craft CMS" || body="<a id=\"poweredby\" href=\"http://craftcms.com/\" title=\"Powered by Craft CMS\">" || title="Craft CMS" || title="Craftcms"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Craft CMS"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a id="poweredby" href="http://craftcms.com/" title="Powered by Craft CMS">')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Craft CMS")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Craftcms")
+expression: r0() || r1() || r2() || r3()
diff --git "a/finger/ehole/Cwindow\346\224\277\345\212\241\345\256\211\345\205\250\351\202\256\347\256\261\347\263\273\347\273\237.yml" "b/finger/ehole/Cwindow\346\224\277\345\212\241\345\256\211\345\205\250\351\202\256\347\256\261\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..977fcf2
--- /dev/null
+++ "b/finger/ehole/Cwindow\346\224\277\345\212\241\345\256\211\345\205\250\351\202\256\347\256\261\347\263\273\347\273\237.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Cwindow政务安全邮箱系统
+manual: false
+detail:
+    fingerprint:
+        name: Cwindow政务安全邮箱系统
+    fofa: header="Cwindow政务安全邮箱系统" || title="Cwindow政务安全邮箱系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Cwindow政务安全邮箱系统"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Cwindow政务安全邮箱系统")
+expression: r0() || r1()
diff --git a/finger/ehole/Cyberwisdom.yml b/finger/ehole/Cyberwisdom.yml
new file mode 100644
index 0000000..cd4b7dc
--- /dev/null
+++ b/finger/ehole/Cyberwisdom.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Cyberwisdom
+manual: false
+detail:
+    fingerprint:
+        name: Cyberwisdom
+    fofa: header="Cyberwisdom" || title="Cyberwisdom"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Cyberwisdom"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Cyberwisdom")
+expression: r0() || r1()
diff --git a/finger/ehole/D-Link-DAR-8000.yml b/finger/ehole/D-Link-DAR-8000.yml
new file mode 100644
index 0000000..f683f02
--- /dev/null
+++ b/finger/ehole/D-Link-DAR-8000.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-D-Link-DAR-8000
+manual: false
+detail:
+    fingerprint:
+        name: D-Link-DAR-8000
+    fofa: body="dar-8000"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("dar-8000")
+expression: r0()
diff --git a/finger/ehole/DSCMS.yml b/finger/ehole/DSCMS.yml
new file mode 100644
index 0000000..455b46d
--- /dev/null
+++ b/finger/ehole/DSCMS.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-DSCMS
+manual: false
+detail:
+    fingerprint:
+        name: DSCMS
+    fofa: header="DSCMS" || title="DSCMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("DSCMS"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("DSCMS")
+expression: r0() || r1()
diff --git a/finger/ehole/DSShop.yml b/finger/ehole/DSShop.yml
new file mode 100644
index 0000000..638a1b9
--- /dev/null
+++ b/finger/ehole/DSShop.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-DSShop
+manual: false
+detail:
+    fingerprint:
+        name: DSShop
+    fofa: header="DSShop" || title="DSShop"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("DSShop"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("DSShop")
+expression: r0() || r1()
diff --git a/finger/ehole/DVWA.yml b/finger/ehole/DVWA.yml
new file mode 100644
index 0000000..5a66c36
--- /dev/null
+++ b/finger/ehole/DVWA.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-DVWA
+manual: false
+detail:
+    fingerprint:
+        name: DVWA
+    fofa: body="dvwa/css/login.css" && body="dvwa/images/login_logo.png" || body="dvwa/css/login.css" || body="dvwa/images/login_logo.png" || body="<title>Damn Vulnerable Web App (DVWA) - Login</title>" || body="<p><label for=\"pass\">Password</label><input type=\"password\" AUTOCOMPLETE=\"off\" size=\"20\" name=\"password\"></p><br />" || title="damn vulnerable web app (dvwa) - login"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("dvwa/css/login.css") && response.body_string.contains("dvwa/images/login_logo.png")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("dvwa/css/login.css")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("dvwa/images/login_logo.png")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Damn Vulnerable Web App (DVWA) - Login</title>")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<p><label for="pass">Password</label><input type="password" AUTOCOMPLETE="off" size="20" name="password"></p><br />')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("damn vulnerable web app (dvwa) - login")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/Dahua.yml b/finger/ehole/Dahua.yml
new file mode 100644
index 0000000..315bf0d
--- /dev/null
+++ b/finger/ehole/Dahua.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Dahua
+manual: false
+detail:
+    fingerprint:
+        name: Dahua
+    fofa: icon_hash="-1466785234"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1466785234
+expression: r0()
diff --git a/finger/ehole/Debian.yml b/finger/ehole/Debian.yml
new file mode 100644
index 0000000..3d7f8ce
--- /dev/null
+++ b/finger/ehole/Debian.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Debian
+manual: false
+detail:
+    fingerprint:
+        name: Debian
+    fofa: body="<h1>welcome to nginx on debian!</h1>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<h1>welcome to nginx on debian!</h1>")
+expression: r0()
diff --git "a/finger/ehole/DedeCMS(\347\273\207\346\242\246).yml" "b/finger/ehole/DedeCMS(\347\273\207\346\242\246).yml"
new file mode 100644
index 0000000..25d72dc
--- /dev/null
+++ "b/finger/ehole/DedeCMS(\347\273\207\346\242\246).yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-DedeCMS(织梦)
+manual: false
+detail:
+    fingerprint:
+        name: DedeCMS(织梦)
+    fofa: body="dedecms" || title="DedeCMS(织梦)"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("dedecms")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("DedeCMS(织梦)")
+expression: r0() || r1()
diff --git a/finger/ehole/DedeCMS.yml b/finger/ehole/DedeCMS.yml
new file mode 100644
index 0000000..cd1eb67
--- /dev/null
+++ b/finger/ehole/DedeCMS.yml
@@ -0,0 +1,79 @@
+name: fingerprint-yaml-DedeCMS
+manual: false
+detail:
+    fingerprint:
+        name: DedeCMS
+    fofa: body="power by dedecms" && body="http://www.dedecms.com/" && body="dedecms" && body="/templets/default/style/dedecms.css" && body="<div><h3>dedecms error warning!</h3>" || body="Power by DedeCms" || body="http://www.dedecms.com/" || body="DedeCMS" || body="/templets/default/style/dedecms.css" || body="<div><h3>dedecms error warning!</h3>" || body="dedecms" && body="http://www.dedecms.com/" && body="powered by" || body="power by dedecms" || body="<a href=http://www.dedecms.com target=\"_blank\">Power by DedeCms</a>" || body="/templets/default/style/dedecms.css" && body="dedecms"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("power by dedecms") && response.body_string.contains("http://www.dedecms.com/") && response.body_string.contains("dedecms") && response.body_string.contains("/templets/default/style/dedecms.css") && response.body_string.contains("<div><h3>dedecms error warning!</h3>")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Power by DedeCms")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("http://www.dedecms.com/")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("DedeCMS")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/templets/default/style/dedecms.css")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<div><h3>dedecms error warning!</h3>")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("dedecms") && response.body_string.contains("http://www.dedecms.com/") && response.body_string.contains("powered by")
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("power by dedecms")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href=http://www.dedecms.com target="_blank">Power by DedeCms</a>')
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/templets/default/style/dedecms.css") && response.body_string.contains("dedecms")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9()
diff --git a/finger/ehole/Dell-iDRAC.yml b/finger/ehole/Dell-iDRAC.yml
new file mode 100644
index 0000000..34570b1
--- /dev/null
+++ b/finger/ehole/Dell-iDRAC.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Dell-iDRAC
+manual: false
+detail:
+    fingerprint:
+        name: Dell-iDRAC
+    fofa: header="Dell-iDRAC" || title="Dell-iDRAC"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Dell-iDRAC"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Dell-iDRAC")
+expression: r0() || r1()
diff --git a/finger/ehole/Dell.yml b/finger/ehole/Dell.yml
new file mode 100644
index 0000000..5a48044
--- /dev/null
+++ b/finger/ehole/Dell.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Dell
+manual: false
+detail:
+    fingerprint:
+        name: Dell
+    fofa: icon_hash="-1153950306"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1153950306
+expression: r0()
diff --git a/finger/ehole/DianCMS.yml b/finger/ehole/DianCMS.yml
new file mode 100644
index 0000000..e3825cc
--- /dev/null
+++ b/finger/ehole/DianCMS.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-DianCMS
+manual: false
+detail:
+    fingerprint:
+        name: DianCMS
+    fofa: body="diancms_sitename" && body="diancms_用户登陆引用" || header="DianCMS" || body="diancms_用户登陆引用" || body="diancms_sitename" || title="DianCMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("diancms_sitename") && response.body_string.contains("diancms_用户登陆引用")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("DianCMS"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("diancms_用户登陆引用")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("diancms_sitename")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("DianCMS")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/Discuz! X.yml b/finger/ehole/Discuz! X.yml
new file mode 100644
index 0000000..5ac6c3a
--- /dev/null
+++ b/finger/ehole/Discuz! X.yml	
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-Discuz! X
+manual: false
+detail:
+    fingerprint:
+        name: Discuz! X
+    fofa: body="<meta name=\"generator\" content=\"Discuz!" || body="<script src=\".*?logging\\.js" || body="<script src=\".*?logging\\\\.js"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<meta name="generator" content="Discuz!')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<script src=".*?logging\\.js')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<script src=".*?logging\\\\.js')
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/Discuz!.yml b/finger/ehole/Discuz!.yml
new file mode 100644
index 0000000..324a6bd
--- /dev/null
+++ b/finger/ehole/Discuz!.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Discuz!
+manual: false
+detail:
+    fingerprint:
+        name: Discuz!
+    fofa: icon_hash="-505448917" || body="Discuz!" && body="Comsenz" && body="cache/"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -505448917
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Discuz!") && response.body_string.contains("Comsenz") && response.body_string.contains("cache/")
+expression: r0() || r1()
diff --git a/finger/ehole/Discuz.yml b/finger/ehole/Discuz.yml
new file mode 100644
index 0000000..41c4e1f
--- /dev/null
+++ b/finger/ehole/Discuz.yml
@@ -0,0 +1,100 @@
+name: fingerprint-yaml-Discuz
+manual: false
+detail:
+    fingerprint:
+        name: Discuz
+    fofa: body="content=\"discuz" && body="discuz_uid" && body="portal.php?mod=" && body="href=\"/forum.php?" && body="id=\"discuz_tips" && body="powered by <strong><a href=\"http://www.discuz.net" || body="content=\"Discuz" || body="discuz_uid" || body="Powered by <strong><a href=\"http://www.discuz.net" || body="powered by <strong><a href=\"http://www.discuz.net" || body="id=\"discuz_tips" && body="href=\"/forum.php?\")" && body="portal.php?mod=" && body="discuz_uid" || body="content=\"discuz" || body="portal.php?mod=" || body="href=\"/forum.php?" || body="id=\"discuz_tips" || body="content=\"Discuz!" && body="discuz_uid" || body="discuz_uid" && body="portal.php?mod=" || title="powered by discuz"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="discuz') && response.body_string.contains("discuz_uid") && response.body_string.contains("portal.php?mod=") && response.body_string.contains('href="/forum.php?') && response.body_string.contains('id="discuz_tips') && response.body_string.contains('powered by <strong><a href="http://www.discuz.net')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="Discuz')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("discuz_uid")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('Powered by <strong><a href="http://www.discuz.net')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('powered by <strong><a href="http://www.discuz.net')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('id="discuz_tips') && response.body_string.contains('href="/forum.php?")') && response.body_string.contains("portal.php?mod=") && response.body_string.contains("discuz_uid")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="discuz')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("portal.php?mod=")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="/forum.php?')
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('id="discuz_tips')
+    r10:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="Discuz!') && response.body_string.contains("discuz_uid")
+    r11:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("discuz_uid") && response.body_string.contains("portal.php?mod=")
+    r12:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("powered by discuz")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9() || r10() || r11() || r12()
diff --git a/finger/ehole/Django.yml b/finger/ehole/Django.yml
new file mode 100644
index 0000000..00b265c
--- /dev/null
+++ b/finger/ehole/Django.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Django
+manual: false
+detail:
+    fingerprint:
+        name: Django
+    fofa: body="__admin_media_prefix__" && body="csrfmiddlewaretoken" || body="csrfmiddlewaretoken" || body="__admin_media_prefix__" || body="<input type=\"hidden\" name=\"this_is_the_login_form\" value=\"1\" />"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("__admin_media_prefix__") && response.body_string.contains("csrfmiddlewaretoken")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("csrfmiddlewaretoken")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("__admin_media_prefix__")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<input type="hidden" name="this_is_the_login_form" value="1" />')
+expression: r0() || r1() || r2() || r3()
diff --git "a/finger/ehole/DocCms(\347\250\273\345\243\263CMS).yml" "b/finger/ehole/DocCms(\347\250\273\345\243\263CMS).yml"
new file mode 100644
index 0000000..c1f97e3
--- /dev/null
+++ "b/finger/ehole/DocCms(\347\250\273\345\243\263CMS).yml"
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-DocCms(稻壳CMS)
+manual: false
+detail:
+    fingerprint:
+        name: DocCms(稻壳CMS)
+    fofa: body="DocCms" || body="Power by DocCms" || header="DocCms" || title="DocCms"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("DocCms")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Power by DocCms")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("DocCms"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("DocCms")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/DocMail-Cwindow.yml b/finger/ehole/DocMail-Cwindow.yml
new file mode 100644
index 0000000..5af394f
--- /dev/null
+++ b/finger/ehole/DocMail-Cwindow.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-DocMail-Cwindow
+manual: false
+detail:
+    fingerprint:
+        name: DocMail-Cwindow
+    fofa: body="href=\"http://www.docmail.cn/android/app/docmail.apk" && body="content=\"北京国信冠群技术有限公司,国信冠群,邮件" && body="<a href=\"http://www.docmail.cn\" target=\"_blank\">" || body="<a href=\"http://www.docmail.cn\" target=\"_blank\">" || body="content=\"北京国信冠群技术有限公司,国信冠群,邮件" || body="href=\"http://www.docmail.cn/android/app/docmail.apk" || title="cwindow云视窗安全电子邮件"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="http://www.docmail.cn/android/app/docmail.apk') && response.body_string.contains('content="北京国信冠群技术有限公司,国信冠群,邮件') && response.body_string.contains('<a href="http://www.docmail.cn" target="_blank">')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="http://www.docmail.cn" target="_blank">')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="北京国信冠群技术有限公司,国信冠群,邮件')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="http://www.docmail.cn/android/app/docmail.apk')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("cwindow云视窗安全电子邮件")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/Docker.yml b/finger/ehole/Docker.yml
new file mode 100644
index 0000000..f0df704
--- /dev/null
+++ b/finger/ehole/Docker.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-Docker
+manual: false
+detail:
+    fingerprint:
+        name: Docker
+    fofa: 'icon_hash="-1814887000" || icon_hash="1937209448" || header="x-docker-registry-version" && header="x-docker-container: nginx" || header="x-docker-container: nginx" || header="x-docker: production" || header="x-docker-registry-version"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1814887000
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1937209448
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("x-docker-registry-version")) && response.raw_header.bcontains(bytes("x-docker-container: nginx"))'
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("x-docker-container: nginx"))'
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("x-docker: production"))'
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("x-docker-registry-version"))
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/Dokeos.yml b/finger/ehole/Dokeos.yml
new file mode 100644
index 0000000..f915eb8
--- /dev/null
+++ b/finger/ehole/Dokeos.yml
@@ -0,0 +1,79 @@
+name: fingerprint-yaml-Dokeos
+manual: false
+detail:
+    fingerprint:
+        name: Dokeos
+    fofa: 'body="href=\"http://www.dokeos.com\" rel=\"Copyright" || body="content=\"Dokeos" || body="name=\"Generator\" content=\"Dokeos" || body="<ul id=\"dokeostabs\">" || body="<!-- start of #main wrapper for #content and #menu divs -->" || body="<link href=\"http://www.dokeos.com/documentation.php\" rel=\"Help\" />" || body="<link href=\"http://www.dokeos.com/team.php\" rel=\"Author\" />" || body="<link href=\"http://www.dokeos.com\" rel=\"Copyright\" />" || body="<meta name=\"Generator\" content=\"Dokeos\">" || body="<title>Dokeos has not been installed</title>"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="http://www.dokeos.com" rel="Copyright')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="Dokeos')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('name="Generator" content="Dokeos')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<ul id="dokeostabs">')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains("<!-- start of #main wrapper for #content and #menu divs -->")'
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<link href="http://www.dokeos.com/documentation.php" rel="Help" />')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<link href="http://www.dokeos.com/team.php" rel="Author" />')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<link href="http://www.dokeos.com" rel="Copyright" />')
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<meta name="Generator" content="Dokeos">')
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Dokeos has not been installed</title>")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9()
diff --git a/finger/ehole/DokuWiki.yml b/finger/ehole/DokuWiki.yml
new file mode 100644
index 0000000..a32b03b
--- /dev/null
+++ b/finger/ehole/DokuWiki.yml
@@ -0,0 +1,65 @@
+name: fingerprint-yaml-DokuWiki
+manual: false
+detail:
+    fingerprint:
+        name: DokuWiki
+    fofa: icon_hash="-630493013" || body="powered by dokuwiki" && body="content=\"dokuwiki" && body="<div id=\"dokuwiki" || body="powered by DokuWiki" || body="content=\"DokuWiki" || body="<div id=\"dokuwiki" || body="content=\"dokuwiki" || body="powered by dokuwiki" || body="<meta name=\"generator\" content=\"DokuWiki\" />"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -630493013
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by dokuwiki") && response.body_string.contains('content="dokuwiki') && response.body_string.contains('<div id="dokuwiki')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by DokuWiki")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="DokuWiki')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<div id="dokuwiki')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="dokuwiki')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by dokuwiki")
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<meta name="generator" content="DokuWiki" />')
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7()
diff --git a/finger/ehole/Dolibarr.yml b/finger/ehole/Dolibarr.yml
new file mode 100644
index 0000000..f3f8f8e
--- /dev/null
+++ b/finger/ehole/Dolibarr.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Dolibarr
+manual: false
+detail:
+    fingerprint:
+        name: Dolibarr
+    fofa: body="Dolibarr Development Team"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Dolibarr Development Team")
+expression: r0()
diff --git a/finger/ehole/DuomiCms.yml b/finger/ehole/DuomiCms.yml
new file mode 100644
index 0000000..b819aad
--- /dev/null
+++ b/finger/ehole/DuomiCms.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-DuomiCms
+manual: false
+detail:
+    fingerprint:
+        name: DuomiCms
+    fofa: body="DuomiCms" || body="duomicms" || body="duomicms_member" && body="多米" || title="power by duomicms"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("DuomiCms")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("duomicms")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("duomicms_member") && response.body_string.contains("多米")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("power by duomicms")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/E-Link.yml b/finger/ehole/E-Link.yml
new file mode 100644
index 0000000..2bc82c8
--- /dev/null
+++ b/finger/ehole/E-Link.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-E-Link
+manual: false
+detail:
+    fingerprint:
+        name: E-Link
+    fofa: body="温馨提示：此处为志高美萍分支机构联系方式，志高美萍总部联系方式请点击<a href='javascript:var" || body="document.writeln(\"（温馨提示：此处为志高美萍分支机构联系方式，志高美萍总部联系方式请点击<a href=\"javascript:var" || body="温馨提示：此处为志高美萍分支机构联系方式，志高美萍总部联系方式请点击<a href=\"javascript:var"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("温馨提示：此处为志高美萍分支机构联系方式，志高美萍总部联系方式请点击<a href='javascript:var")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('document.writeln("（温馨提示：此处为志高美萍分支机构联系方式，志高美萍总部联系方式请点击<a href="javascript:var')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('温馨提示：此处为志高美萍分支机构联系方式，志高美萍总部联系方式请点击<a href="javascript:var')
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/E-cology-OA.yml b/finger/ehole/E-cology-OA.yml
new file mode 100644
index 0000000..9582e70
--- /dev/null
+++ b/finger/ehole/E-cology-OA.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-E-cology-OA
+manual: false
+detail:
+    fingerprint:
+        name: E-cology-OA
+    fofa: 'body="<script type=\"text/javascript\" src=\"/js/ecology" || body="Set-Cookie: ecology"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<script type="text/javascript" src="/js/ecology')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains("Set-Cookie: ecology")'
+expression: r0() || r1()
diff --git a/finger/ehole/ECShop.yml b/finger/ehole/ECShop.yml
new file mode 100644
index 0000000..128e57e
--- /dev/null
+++ b/finger/ehole/ECShop.yml
@@ -0,0 +1,65 @@
+name: fingerprint-yaml-ECShop
+manual: false
+detail:
+    fingerprint:
+        name: ECShop
+    fofa: body="content=\"ECSHOP" || body="content=\"ecshop" && body="id=\"ecs_cartinfo\"" || header="ecs_id" || body="/api/cron.php" || header="ECS_ID" || body="id=\"ecs_cartinfo\"" || body="content=\"ecshop" || title="powered by ecshop"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="ECSHOP')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="ecshop') && response.body_string.contains('id="ecs_cartinfo"')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("ecs_id"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/api/cron.php")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("ECS_ID"))
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('id="ecs_cartinfo"')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="ecshop')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("powered by ecshop")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7()
diff --git a/finger/ehole/EPiServer.yml b/finger/ehole/EPiServer.yml
new file mode 100644
index 0000000..0814e92
--- /dev/null
+++ b/finger/ehole/EPiServer.yml
@@ -0,0 +1,72 @@
+name: fingerprint-yaml-EPiServer
+manual: false
+detail:
+    fingerprint:
+        name: EPiServer
+    fofa: 'body="content=\"episerver" && body="/javascript/episerverscriptmanager.js" || body="content=\"EPiServer" || body="/javascript/episerverscriptmanager.js" || body="content=\"episerver" || body="<meta name=\"GENERATOR\" content=\"EPiServer\" />" || body="<!-- EPiServer -->" || body="src=\"/Util/javascript/episerverscriptmanager.js\"" || body="<h1>Log in to EPiServer CMS 6" || header="server: episerver"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="episerver') && response.body_string.contains("/javascript/episerverscriptmanager.js")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="EPiServer')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/javascript/episerverscriptmanager.js")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="episerver')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<meta name="GENERATOR" content="EPiServer" />')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<!-- EPiServer -->")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('src="/Util/javascript/episerverscriptmanager.js"')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<h1>Log in to EPiServer CMS 6")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: episerver"))'
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8()
diff --git "a/finger/ehole/EasySite\345\206\205\345\256\271\347\256\241\347\220\206.yml" "b/finger/ehole/EasySite\345\206\205\345\256\271\347\256\241\347\220\206.yml"
new file mode 100644
index 0000000..9ad56f6
--- /dev/null
+++ "b/finger/ehole/EasySite\345\206\205\345\256\271\347\256\241\347\220\206.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-EasySite内容管理
+manual: false
+detail:
+    fingerprint:
+        name: EasySite内容管理
+    fofa: title="EasySite内容管理"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("EasySite内容管理")
+expression: r0()
diff --git a/finger/ehole/Easysite.yml b/finger/ehole/Easysite.yml
new file mode 100644
index 0000000..2a28230
--- /dev/null
+++ b/finger/ehole/Easysite.yml
@@ -0,0 +1,72 @@
+name: fingerprint-yaml-Easysite
+manual: false
+detail:
+    fingerprint:
+        name: Easysite
+    fofa: body="generator\" content=\"easysite" && body="copyright 2009 by huilan" && body="_desktopmodules_picturenews" || header="easysite-compression" || body="GENERATOR\" content=\"EasySite" || body="Copyright 2009 by Huilan" || body="_DesktopModules_PictureNews" || header="EasySite-Compression" || body="_desktopmodules_picturenews" || body="copyright 2009 by huilan" || body="generator\" content=\"easysite"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('generator" content="easysite') && response.body_string.contains("copyright 2009 by huilan") && response.body_string.contains("_desktopmodules_picturenews")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("easysite-compression"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('GENERATOR" content="EasySite')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Copyright 2009 by Huilan")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("_DesktopModules_PictureNews")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("EasySite-Compression"))
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("_desktopmodules_picturenews")
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("copyright 2009 by huilan")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('generator" content="easysite')
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8()
diff --git a/finger/ehole/Ektron-CMS.yml b/finger/ehole/Ektron-CMS.yml
new file mode 100644
index 0000000..f55c00a
--- /dev/null
+++ b/finger/ehole/Ektron-CMS.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-Ektron-CMS
+manual: false
+detail:
+    fingerprint:
+        name: Ektron-CMS
+    fofa: header="ektguid=" || body="/java/ektron.js" || header="EktGUID=" || body="<script id=\"EktronJS\" type=\"text/javascript\" src=\"/WorkArea/java/ektron.js\">" || body="<script id=\"EktronRegisteredJs\" type=\"text/javascript\" src=\"/workarea/java/ektronJs.ashx?id=" || body="<script id=\"EktronModalJS\" type=\"text/javascript\" src=\"/WorkArea/java/plugins/modal/ektron.modal.js\">"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("ektguid="))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/java/ektron.js")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("EktGUID="))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<script id="EktronJS" type="text/javascript" src="/WorkArea/java/ektron.js">')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<script id="EktronRegisteredJs" type="text/javascript" src="/workarea/java/ektronJs.ashx?id=')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<script id="EktronModalJS" type="text/javascript" src="/WorkArea/java/plugins/modal/ektron.modal.js">')
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/EleanorCMS.yml b/finger/ehole/EleanorCMS.yml
new file mode 100644
index 0000000..9dd83fa
--- /dev/null
+++ b/finger/ehole/EleanorCMS.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-EleanorCMS
+manual: false
+detail:
+    fingerprint:
+        name: EleanorCMS
+    fofa: header="Eleanor CMS" || title="Eleanor CMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Eleanor CMS"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Eleanor CMS")
+expression: r0() || r1()
diff --git a/finger/ehole/Elementor.yml b/finger/ehole/Elementor.yml
new file mode 100644
index 0000000..eb96222
--- /dev/null
+++ b/finger/ehole/Elementor.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Elementor
+manual: false
+detail:
+    fingerprint:
+        name: Elementor
+    fofa: header="Elementor" || title="Elementor"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Elementor"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Elementor")
+expression: r0() || r1()
diff --git a/finger/ehole/EnGenius.yml b/finger/ehole/EnGenius.yml
new file mode 100644
index 0000000..aceadc7
--- /dev/null
+++ b/finger/ehole/EnGenius.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-EnGenius
+manual: false
+detail:
+    fingerprint:
+        name: EnGenius
+    fofa: header="EnGenius" || title="EnGenius"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("EnGenius"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("EnGenius")
+expression: r0() || r1()
diff --git a/finger/ehole/EnableQ.yml b/finger/ehole/EnableQ.yml
new file mode 100644
index 0000000..35826b5
--- /dev/null
+++ b/finger/ehole/EnableQ.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-EnableQ
+manual: false
+detail:
+    fingerprint:
+        name: EnableQ
+    fofa: body="/enableq.css"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/enableq.css")
+expression: r0()
diff --git a/finger/ehole/Exponent-CMS.yml b/finger/ehole/Exponent-CMS.yml
new file mode 100644
index 0000000..28aee28
--- /dev/null
+++ b/finger/ehole/Exponent-CMS.yml
@@ -0,0 +1,72 @@
+name: fingerprint-yaml-Exponent-CMS
+manual: false
+detail:
+    fingerprint:
+        name: Exponent-CMS
+    fofa: body="content=\"exponent content management system" && body="powered by exponent cms" || body="content=\"Exponent Content Management System" || body="Powered by Exponent CMS" || body="powered by exponent cms" || body="content=\"exponent content management system" || body="<meta name=\"Generator\" content=\"Exponent Content Management System" || body="Powered by <a href=\"http://www.exponentcms.org\">Exponent CMS</a>" || body="<a href=\"http://www.exponentcms.org\">Powered by Exponent CMS</a>" || title="Exponent_CMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="exponent content management system') && response.body_string.contains("powered by exponent cms")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="Exponent Content Management System')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Powered by Exponent CMS")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by exponent cms")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="exponent content management system')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<meta name="Generator" content="Exponent Content Management System')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('Powered by <a href="http://www.exponentcms.org">Exponent CMS</a>')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="http://www.exponentcms.org">Powered by Exponent CMS</a>')
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Exponent_CMS")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8()
diff --git a/finger/ehole/EyesOfNetwork.yml b/finger/ehole/EyesOfNetwork.yml
new file mode 100644
index 0000000..b7b82e4
--- /dev/null
+++ b/finger/ehole/EyesOfNetwork.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-EyesOfNetwork
+manual: false
+detail:
+    fingerprint:
+        name: EyesOfNetwork
+    fofa: header="EyesOfNetwork" || title="EyesOfNetwork"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("EyesOfNetwork"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("EyesOfNetwork")
+expression: r0() || r1()
diff --git a/finger/ehole/Eyou-Mail-system.yml b/finger/ehole/Eyou-Mail-system.yml
new file mode 100644
index 0000000..5d58ef2
--- /dev/null
+++ b/finger/ehole/Eyou-Mail-system.yml
@@ -0,0 +1,65 @@
+name: fingerprint-yaml-Eyou-Mail-system
+manual: false
+detail:
+    fingerprint:
+        name: Eyou-Mail-system
+    fofa: body="cr\">eyoumail" && body="content=\"亿邮电子邮件系统" && body="/tpl/login/user/images/dbg.png" && body="var loginssl = document.form_login.login_ssl.value;" || header="eyouws" || body="var loginssl = document.form_login.login_ssl.value;" || body="/tpl/login/user/images/dbg.png" || body="content=\"亿邮电子邮件系统" || body="cr\">eyoumail" || header="emphpsid" || title="eyou 邮件系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('cr">eyoumail') && response.body_string.contains('content="亿邮电子邮件系统') && response.body_string.contains("/tpl/login/user/images/dbg.png") && response.body_string.contains("var loginssl = document.form_login.login_ssl.value;")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("eyouws"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("var loginssl = document.form_login.login_ssl.value;")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/tpl/login/user/images/dbg.png")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="亿邮电子邮件系统')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('cr">eyoumail')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("emphpsid"))
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("eyou 邮件系统")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7()
diff --git a/finger/ehole/FUDforum.yml b/finger/ehole/FUDforum.yml
new file mode 100644
index 0000000..8f545ee
--- /dev/null
+++ b/finger/ehole/FUDforum.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-FUDforum
+manual: false
+detail:
+    fingerprint:
+        name: FUDforum
+    fofa: 'body="powered by: fudforum" && body="/adm/admloginuser.php" || header="fud_session_" || body="Powered by: FUDforum" || body="/adm/admloginuser.php" || body="powered by: fudforum"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains("powered by: fudforum") && response.body_string.contains("/adm/admloginuser.php")'
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("fud_session_"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains("Powered by: FUDforum")'
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/adm/admloginuser.php")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains("powered by: fudforum")'
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/FUJI-XEROX-Printer.yml b/finger/ehole/FUJI-XEROX-Printer.yml
new file mode 100644
index 0000000..6be9f78
--- /dev/null
+++ b/finger/ehole/FUJI-XEROX-Printer.yml
@@ -0,0 +1,100 @@
+name: fingerprint-yaml-FUJI-XEROX-Printer
+manual: false
+detail:
+    fingerprint:
+        name: FUJI-XEROX-Printer
+    fofa: body="<frame src=\"headstat.htm\" name=\"top" && body="<frame src=\"footer.asp\" name=\"footer\" title=\"footer\" scrolling=\"no\" noresize marginheight=\"2\">" && body="var jtpath = '/jt/cgi-bin/';" && body="fuji xerox" && body="frames[2].window.location.href=jtpath + loc;" && body="properties/aboutprinter.html" && body="phaser 6250dp</title>" && body="phaser 6250n</title>" && body="phaser 4500dt</font></td>" || body="phaser 4500dt</font></td>" || body="phaser 6250n</title>" || body="phaser 6250dp</title>" || body="properties/aboutprinter.html" || body="fuji xerox" && body="var jtpath = \"/jt/cgi-bin/\";" || body="<frame src=\"headstat.htm\" name=\"top" || body="<frame src=\"footer.asp\" name=\"footer\" title=\"footer\" scrolling=\"no\" noresize marginheight=\"2\">" || body="var jtpath = \"/jt/cgi-bin/\";" || body="fuji xerox" || body="frames[2].window.location.href=jtpath + loc;" || title="docucentre" || title="docuprint "
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<frame src="headstat.htm" name="top') && response.body_string.contains('<frame src="footer.asp" name="footer" title="footer" scrolling="no" noresize marginheight="2">') && response.body_string.contains("var jtpath = '/jt/cgi-bin/';") && response.body_string.contains("fuji xerox") && response.body_string.contains("frames[2].window.location.href=jtpath + loc;") && response.body_string.contains("properties/aboutprinter.html") && response.body_string.contains("phaser 6250dp</title>") && response.body_string.contains("phaser 6250n</title>") && response.body_string.contains("phaser 4500dt</font></td>")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("phaser 4500dt</font></td>")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("phaser 6250n</title>")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("phaser 6250dp</title>")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("properties/aboutprinter.html")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("fuji xerox") && response.body_string.contains('var jtpath = "/jt/cgi-bin/";')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<frame src="headstat.htm" name="top')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<frame src="footer.asp" name="footer" title="footer" scrolling="no" noresize marginheight="2">')
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('var jtpath = "/jt/cgi-bin/";')
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("fuji xerox")
+    r10:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("frames[2].window.location.href=jtpath + loc;")
+    r11:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("docucentre")
+    r12:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("docuprint ")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9() || r10() || r11() || r12()
diff --git a/finger/ehole/FastAdmin.yml b/finger/ehole/FastAdmin.yml
new file mode 100644
index 0000000..36f2fff
--- /dev/null
+++ b/finger/ehole/FastAdmin.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-FastAdmin
+manual: false
+detail:
+    fingerprint:
+        name: FastAdmin
+    fofa: header="FastAdmin" || title="FastAdmin"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("FastAdmin"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("FastAdmin")
+expression: r0() || r1()
diff --git a/finger/ehole/Fastjson.yml b/finger/ehole/Fastjson.yml
new file mode 100644
index 0000000..4ab013e
--- /dev/null
+++ b/finger/ehole/Fastjson.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Fastjson
+manual: false
+detail:
+    fingerprint:
+        name: Fastjson
+    fofa: 'body="js/base/fastjson" && body="var json = json.parse" && body="nested exception is com.alibaba.fastjson.JSONException: unclosed string" || body="var json = json.parse" || body="js/base/fastjson" || body="nested exception is com.alibaba.fastjson.JSONException: unclosed string"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains("js/base/fastjson") && response.body_string.contains("var json = json.parse") && response.body_string.contains("nested exception is com.alibaba.fastjson.JSONException: unclosed string")'
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("var json = json.parse")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("js/base/fastjson")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains("nested exception is com.alibaba.fastjson.JSONException: unclosed string")'
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/Fedora.yml b/finger/ehole/Fedora.yml
new file mode 100644
index 0000000..0ddc173
--- /dev/null
+++ b/finger/ehole/Fedora.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Fedora
+manual: false
+detail:
+    fingerprint:
+        name: Fedora
+    fofa: header="Fedora"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Fedora"))
+expression: r0()
diff --git a/finger/ehole/FineReport.yml b/finger/ehole/FineReport.yml
new file mode 100644
index 0000000..4ef6ba1
--- /dev/null
+++ b/finger/ehole/FineReport.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-FineReport
+manual: false
+detail:
+    fingerprint:
+        name: FineReport
+    fofa: header="FineReport" || body="=fs" && body="ReportServer" || title="FineReport"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("FineReport"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("=fs") && response.body_string.contains("ReportServer")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("FineReport")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/Finecms.yml b/finger/ehole/Finecms.yml
new file mode 100644
index 0000000..88b0d6f
--- /dev/null
+++ b/finger/ehole/Finecms.yml
@@ -0,0 +1,72 @@
+name: fingerprint-yaml-Finecms
+manual: false
+detail:
+    fingerprint:
+        name: Finecms
+    fofa: body="content=\"FineCMS" || body="powered by finecms" && body="dayrui@gmail.com" && body="copyright\" content=\"finecms" && body="/statics/js/dayrui.js" || body="Powered by FineCMS" || body="dayrui@gmail.com" || body="Copyright\" content=\"FineCMS" || body="/statics/js/dayrui.js" || body="copyright\" content=\"finecms" || body="powered by finecms" || title="finecms公益软件"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="FineCMS')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by finecms") && response.body_string.contains("dayrui@gmail.com") && response.body_string.contains('copyright" content="finecms') && response.body_string.contains("/statics/js/dayrui.js")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Powered by FineCMS")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("dayrui@gmail.com")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('Copyright" content="FineCMS')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/statics/js/dayrui.js")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('copyright" content="finecms')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by finecms")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("finecms公益软件")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8()
diff --git a/finger/ehole/Firewall.yml b/finger/ehole/Firewall.yml
new file mode 100644
index 0000000..0568b71
--- /dev/null
+++ b/finger/ehole/Firewall.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Firewall
+manual: false
+detail:
+    fingerprint:
+        name: Firewall
+    fofa: title="睿峰网云防火墙"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("睿峰网云防火墙")
+expression: r0()
diff --git a/finger/ehole/FortiADC.yml b/finger/ehole/FortiADC.yml
new file mode 100644
index 0000000..bbbae77
--- /dev/null
+++ b/finger/ehole/FortiADC.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-FortiADC
+manual: false
+detail:
+    fingerprint:
+        name: FortiADC
+    fofa: title="fortiadc"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("fortiadc")
+expression: r0()
diff --git a/finger/ehole/FortiNAC.yml b/finger/ehole/FortiNAC.yml
new file mode 100644
index 0000000..6243209
--- /dev/null
+++ b/finger/ehole/FortiNAC.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-FortiNAC
+manual: false
+detail:
+    fingerprint:
+        name: FortiNAC
+    fofa: header="FortiNAC" || title="FortiNAC"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("FortiNAC"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("FortiNAC")
+expression: r0() || r1()
diff --git a/finger/ehole/FortiWeb.yml b/finger/ehole/FortiWeb.yml
new file mode 100644
index 0000000..af1860d
--- /dev/null
+++ b/finger/ehole/FortiWeb.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-FortiWeb
+manual: false
+detail:
+    fingerprint:
+        name: FortiWeb
+    fofa: header="FortiWeb"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("FortiWeb"))
+expression: r0()
diff --git a/finger/ehole/Fortinet-FortiWeb.yml b/finger/ehole/Fortinet-FortiWeb.yml
new file mode 100644
index 0000000..7657680
--- /dev/null
+++ b/finger/ehole/Fortinet-FortiWeb.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Fortinet-FortiWeb
+manual: false
+detail:
+    fingerprint:
+        name: Fortinet-FortiWeb
+    fofa: header="fortiweb"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("fortiweb"))
+expression: r0()
diff --git a/finger/ehole/Gallery.yml b/finger/ehole/Gallery.yml
new file mode 100644
index 0000000..8c121c3
--- /dev/null
+++ b/finger/ehole/Gallery.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-Gallery
+manual: false
+detail:
+    fingerprint:
+        name: Gallery
+    fofa: body="/gallery/images/gallery.png" || body="<a href=\"#\" id=\"g-password-reset\" class=\"g-right g-text-small\">Forgot your password?</a>" || body="<title>Gallery 3 Installer</title>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/gallery/images/gallery.png")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="#" id="g-password-reset" class="g-right g-text-small">Forgot your password?</a>')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Gallery 3 Installer</title>")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/Gemtek-Router.yml b/finger/ehole/Gemtek-Router.yml
new file mode 100644
index 0000000..ba0048c
--- /dev/null
+++ b/finger/ehole/Gemtek-Router.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Gemtek-Router
+manual: false
+detail:
+    fingerprint:
+        name: Gemtek-Router
+    fofa: body="alt=\"歡迎使用中保無限路由器\"" || title="後台登入-中保無限路由器"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('alt="歡迎使用中保無限路由器"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("後台登入-中保無限路由器")
+expression: r0() || r1()
diff --git a/finger/ehole/GeoVision-Camera.yml b/finger/ehole/GeoVision-Camera.yml
new file mode 100644
index 0000000..7bd5741
--- /dev/null
+++ b/finger/ehole/GeoVision-Camera.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-GeoVision-Camera
+manual: false
+detail:
+    fingerprint:
+        name: GeoVision-Camera
+    fofa: body="geovision inc. - video server" && body="geovision inc. - ip camera" || body="geovision inc. - ip camera" || body="geovision inc. - video server"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("geovision inc. - video server") && response.body_string.contains("geovision inc. - ip camera")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("geovision inc. - ip camera")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("geovision inc. - video server")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/GitBucket.yml b/finger/ehole/GitBucket.yml
new file mode 100644
index 0000000..b34f651
--- /dev/null
+++ b/finger/ehole/GitBucket.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-GitBucket
+manual: false
+detail:
+    fingerprint:
+        name: GitBucket
+    fofa: body="/assets/common/images/gitbucket.png" || header="gitbucket" || header="GitBucket" || title="GitBucket"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/assets/common/images/gitbucket.png")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("gitbucket"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("GitBucket"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("GitBucket")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/Gitblit.yml b/finger/ehole/Gitblit.yml
new file mode 100644
index 0000000..e582acc
--- /dev/null
+++ b/finger/ehole/Gitblit.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-Gitblit
+manual: false
+detail:
+    fingerprint:
+        name: Gitblit
+    fofa: body="gitblt-favicon.png" && body="gitblit" || body="<a title=\"gitblit homepage\" href=\"http://gitblit.com/\">" || title="gitblit"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("gitblt-favicon.png") && response.body_string.contains("gitblit")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a title="gitblit homepage" href="http://gitblit.com/">')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("gitblit")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/Gitlab.yml b/finger/ehole/Gitlab.yml
new file mode 100644
index 0000000..009c632
--- /dev/null
+++ b/finger/ehole/Gitlab.yml
@@ -0,0 +1,121 @@
+name: fingerprint-yaml-Gitlab
+manual: false
+detail:
+    fingerprint:
+        name: Gitlab
+    fofa: 'body="assets/gitlab_logo" || icon_hash="1278323681" || icon_hash="516963061" || body="gon.default_issues_tracker" && body="content=\"gitlab community edition\"" && body="content=\"gitlab " && body="<a href=\"https://about.gitlab.com/\">about gitlab" && body="class=\"col-sm-7 brand-holder pull-left\"" && body="<a href=\"https://about.gitlab.com/\">About GitLab</a>" || header="Set-Cookie: _gitlab_session=" || body="gon.default_issues_tracker" || body="GitLab Community Edition" || header="_gitlab_session" || body="class=\"col-sm-7 brand-holder pull-left\"" || body="<a href=\"https://about.gitlab.com/\">about gitlab" || body="content=\"gitlab " || body="content=\"gitlab community edition\"" || body="content=\"gitlab" || body="<a href=\"https://about.gitlab.com/\">About GitLab</a>" || body="content=\"gitla" || title="sign in · gitlab"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("assets/gitlab_logo")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1278323681
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 516963061
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("gon.default_issues_tracker") && response.body_string.contains('content="gitlab community edition"') && response.body_string.contains('content="gitlab ') && response.body_string.contains('<a href="https://about.gitlab.com/">about gitlab') && response.body_string.contains('class="col-sm-7 brand-holder pull-left"') && response.body_string.contains('<a href="https://about.gitlab.com/">About GitLab</a>')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("Set-Cookie: _gitlab_session="))'
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("gon.default_issues_tracker")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("GitLab Community Edition")
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("_gitlab_session"))
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('class="col-sm-7 brand-holder pull-left"')
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="https://about.gitlab.com/">about gitlab')
+    r10:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="gitlab ')
+    r11:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="gitlab community edition"')
+    r12:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="gitlab')
+    r13:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="https://about.gitlab.com/">About GitLab</a>')
+    r14:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="gitla')
+    r15:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("sign in · gitlab")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9() || r10() || r11() || r12() || r13() || r14() || r15()
diff --git a/finger/ehole/GlassFish.yml b/finger/ehole/GlassFish.yml
new file mode 100644
index 0000000..4b0d5e8
--- /dev/null
+++ b/finger/ehole/GlassFish.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-GlassFish
+manual: false
+detail:
+    fingerprint:
+        name: GlassFish
+    fofa: body="/theme/com/sun/webui/jsf/suntheme/images/login/gradlogtop.jpg" || header="Server:GlassFish Server"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/theme/com/sun/webui/jsf/suntheme/images/login/gradlogtop.jpg")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Server:GlassFish Server"))
+expression: r0() || r1()
diff --git a/finger/ehole/GlobalProtect.yml b/finger/ehole/GlobalProtect.yml
new file mode 100644
index 0000000..6f39e6f
--- /dev/null
+++ b/finger/ehole/GlobalProtect.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-GlobalProtect
+manual: false
+detail:
+    fingerprint:
+        name: GlobalProtect
+    fofa: header="GlobalProtect" || title="GlobalProtect"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("GlobalProtect"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("GlobalProtect")
+expression: r0() || r1()
diff --git a/finger/ehole/Glossword.yml b/finger/ehole/Glossword.yml
new file mode 100644
index 0000000..3a341b7
--- /dev/null
+++ b/finger/ehole/Glossword.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Glossword
+manual: false
+detail:
+    fingerprint:
+        name: Glossword
+    fofa: body="content=\"glossword" || body="content=\"Glossword"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="glossword')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="Glossword')
+expression: r0() || r1()
diff --git a/finger/ehole/GoAhead.yml b/finger/ehole/GoAhead.yml
new file mode 100644
index 0000000..bcaa234
--- /dev/null
+++ b/finger/ehole/GoAhead.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-GoAhead
+manual: false
+detail:
+    fingerprint:
+        name: GoAhead
+    fofa: header="goahead" || header="goahead-webs"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("goahead"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("goahead-webs"))
+expression: r0() || r1()
diff --git a/finger/ehole/Gogs.yml b/finger/ehole/Gogs.yml
new file mode 100644
index 0000000..91d3117
--- /dev/null
+++ b/finger/ehole/Gogs.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-Gogs
+manual: false
+detail:
+    fingerprint:
+        name: Gogs
+    fofa: icon_hash="917966895" || body="<a class=\"item\" target=\"_blank\" href=\"https://gogs.io/docs\" rel=\"noreferrer\">帮助</a>" || body="content=\"gogs"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 917966895
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a class="item" target="_blank" href="https://gogs.io/docs" rel="noreferrer">帮助</a>')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="gogs')
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/Grafana.yml b/finger/ehole/Grafana.yml
new file mode 100644
index 0000000..d869f5f
--- /dev/null
+++ b/finger/ehole/Grafana.yml
@@ -0,0 +1,86 @@
+name: fingerprint-yaml-Grafana
+manual: false
+detail:
+    fingerprint:
+        name: Grafana
+    fofa: 'body="Grafana" && body="login" && body="grafana-app" || body="<title>Grafana</title>" || body="background-image: url(\"public/img/grafana_icon.svg\"" && body="Sometimes restarting grafana-server can help" || body="window.grafanabootdata = " || header="Grafana" || body="background-image: url\"public/img/grafana_icon.svg\"" || body="Sometimes restarting grafana-server can help" || body="window.grafanabootdata =" || body="Grafana" && body="login" || body="window.grafanabootdata " || title="Grafana"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Grafana") && response.body_string.contains("login") && response.body_string.contains("grafana-app")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Grafana</title>")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains(''background-image: url("public/img/grafana_icon.svg"'') && response.body_string.contains("Sometimes restarting grafana-server can help")'
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("window.grafanabootdata = ")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Grafana"))
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains(''background-image: url"public/img/grafana_icon.svg"'')'
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Sometimes restarting grafana-server can help")
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("window.grafanabootdata =")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Grafana") && response.body_string.contains("login")
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("window.grafanabootdata ")
+    r10:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Grafana")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9() || r10()
diff --git a/finger/ehole/GraphQL.yml b/finger/ehole/GraphQL.yml
new file mode 100644
index 0000000..cfc32a3
--- /dev/null
+++ b/finger/ehole/GraphQL.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-GraphQL
+manual: false
+detail:
+    fingerprint:
+        name: GraphQL
+    fofa: icon_hash="-1067420240"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1067420240
+expression: r0()
diff --git "a/finger/ehole/H3C SecPath \350\277\220\347\273\264\345\256\241\350\256\241\347\263\273\347\273\237.yml" "b/finger/ehole/H3C SecPath \350\277\220\347\273\264\345\256\241\350\256\241\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..d7c3e22
--- /dev/null
+++ "b/finger/ehole/H3C SecPath \350\277\220\347\273\264\345\256\241\350\256\241\347\263\273\347\273\237.yml"	
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-H3C SecPath 运维审计系统
+manual: false
+detail:
+    fingerprint:
+        name: H3C SecPath 运维审计系统
+    fofa: icon_hash="1776863739" || header="H3C SecPath 运维审计系统" || title="H3C SecPath 运维审计系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1776863739
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("H3C SecPath 运维审计系统"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("H3C SecPath 运维审计系统")
+expression: r0() || r1() || r2()
diff --git "a/finger/ehole/H3C Web\347\275\221\347\256\241.yml" "b/finger/ehole/H3C Web\347\275\221\347\256\241.yml"
new file mode 100644
index 0000000..fd2b691
--- /dev/null
+++ "b/finger/ehole/H3C Web\347\275\221\347\256\241.yml"	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-H3C Web网管
+manual: false
+detail:
+    fingerprint:
+        name: H3C Web网管
+    fofa: body="webui" && body="Web网管用户登录" && body="china_logo.jpg" || body="Web网管用户登录" && body="china_logo.jpg" && body="webui"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("webui") && response.body_string.contains("Web网管用户登录") && response.body_string.contains("china_logo.jpg")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Web网管用户登录") && response.body_string.contains("china_logo.jpg") && response.body_string.contains("webui")
+expression: r0() || r1()
diff --git a/finger/ehole/H3C-CAS.yml b/finger/ehole/H3C-CAS.yml
new file mode 100644
index 0000000..2558c5e
--- /dev/null
+++ b/finger/ehole/H3C-CAS.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-H3C-CAS
+manual: false
+detail:
+    fingerprint:
+        name: H3C-CAS
+    fofa: body="href=\"cas.css" && body="<iframe src=\"javascript:''\" id=\"__gwt_historyframe\" tabindex='-1' style=\"position:absolute;width:0;height:0;border:0\"></iframe>" || body="href=\"cas.css" || body="<iframe src=\"javascript:\"\"\" id=\"__gwt_historyframe\" tabindex=\"-1\" style=\"position:absolute;width:0;height:0;border:0\"></iframe>" || title="h3c cas"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="cas.css') && response.body_string.contains("<iframe src=\"javascript:''\" id=\"__gwt_historyframe\" tabindex='-1' style=\"position:absolute;width:0;height:0;border:0\"></iframe>")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="cas.css')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<iframe src="javascript:""" id="__gwt_historyframe" tabindex="-1" style="position:absolute;width:0;height:0;border:0"></iframe>')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("h3c cas")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/HFS (HTTP File Server).yml b/finger/ehole/HFS (HTTP File Server).yml
new file mode 100644
index 0000000..6987c31
--- /dev/null
+++ b/finger/ehole/HFS (HTTP File Server).yml	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-HFS (HTTP File Server)
+manual: false
+detail:
+    fingerprint:
+        name: HFS (HTTP File Server)
+    fofa: icon_hash="2124459909" || icon_hash="731374291"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 2124459909
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 731374291
+expression: r0() || r1()
diff --git a/finger/ehole/HFS.yml b/finger/ehole/HFS.yml
new file mode 100644
index 0000000..858562a
--- /dev/null
+++ b/finger/ehole/HFS.yml
@@ -0,0 +1,72 @@
+name: fingerprint-yaml-HFS
+manual: false
+detail:
+    fingerprint:
+        name: HFS
+    fofa: 'body="hfs/\">httpfileserver" && body="<a href=\"http://www.rejetto.com/hfs/\">httpfileserver 2.3g</a>" || header="hfs_sid_=" || header="HFS_SID_=" || header="Server:FHFS" || header="Server:HFS" || body="<a href=\"http://www.rejetto.com/hfs/\">httpfileserver 2.3g</a>" || body="hfs/\">httpfileserver" || header="server: hfs" || title="hfs"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('hfs/">httpfileserver') && response.body_string.contains('<a href="http://www.rejetto.com/hfs/">httpfileserver 2.3g</a>')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("hfs_sid_="))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("HFS_SID_="))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Server:FHFS"))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Server:HFS"))
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="http://www.rejetto.com/hfs/">httpfileserver 2.3g</a>')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('hfs/">httpfileserver')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: hfs"))'
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("hfs")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8()
diff --git a/finger/ehole/HJSoft-HCM.yml b/finger/ehole/HJSoft-HCM.yml
new file mode 100644
index 0000000..4307049
--- /dev/null
+++ b/finger/ehole/HJSoft-HCM.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-HJSoft-HCM
+manual: false
+detail:
+    fingerprint:
+        name: HJSoft-HCM
+    fofa: body="src=\"/images/hcm/copyright.gif\"" && body="src=\"/images/hcm/themes/default/login/login_banner2.png?v=12334\"" && body="src=\"/general/sys/hjaxmanage.js\"" || body="src=\"/general/sys/hjaxmanage.js\"" || body="src=\"/images/hcm/themes/default/login/login_banner2.png?v=12334\"" || body="src=\"/images/hcm/copyright.gif\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('src="/images/hcm/copyright.gif"') && response.body_string.contains('src="/images/hcm/themes/default/login/login_banner2.png?v=12334"') && response.body_string.contains('src="/general/sys/hjaxmanage.js"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('src="/general/sys/hjaxmanage.js"')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('src="/images/hcm/themes/default/login/login_banner2.png?v=12334"')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('src="/images/hcm/copyright.gif"')
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/HUAWEI-FusionCompute.yml b/finger/ehole/HUAWEI-FusionCompute.yml
new file mode 100644
index 0000000..b7865ad
--- /dev/null
+++ b/finger/ehole/HUAWEI-FusionCompute.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-HUAWEI-FusionCompute
+manual: false
+detail:
+    fingerprint:
+        name: HUAWEI-FusionCompute
+    fofa: body="resources/themes/images/logo/favicon.ico" || header="/omsportal/" || body="/omsportal/"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("resources/themes/images/logo/favicon.ico")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("/omsportal/"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/omsportal/")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/Hadoop-Administration.yml b/finger/ehole/Hadoop-Administration.yml
new file mode 100644
index 0000000..361bb78
--- /dev/null
+++ b/finger/ehole/Hadoop-Administration.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Hadoop-Administration
+manual: false
+detail:
+    fingerprint:
+        name: Hadoop-Administration
+    fofa: body="/static/hadoop.css" && body="class=\"navbar-brand\">hadoop</div>" || body="class=\"navbar-brand\">hadoop</div>" || body="/static/hadoop.css" || title="hadoop administration"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/static/hadoop.css") && response.body_string.contains('class="navbar-brand">hadoop</div>')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('class="navbar-brand">hadoop</div>')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/static/hadoop.css")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("hadoop administration")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/Harbor.yml b/finger/ehole/Harbor.yml
new file mode 100644
index 0000000..1900fd6
--- /dev/null
+++ b/finger/ehole/Harbor.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Harbor
+manual: false
+detail:
+    fingerprint:
+        name: Harbor
+    fofa: header="Harbor" || body="harbor.app" || title="Harbor" || title="harbor"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Harbor"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("harbor.app")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Harbor")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("harbor")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/Hingesoft-HZCMS.yml b/finger/ehole/Hingesoft-HZCMS.yml
new file mode 100644
index 0000000..3a67661
--- /dev/null
+++ b/finger/ehole/Hingesoft-HZCMS.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Hingesoft-HZCMS
+manual: false
+detail:
+    fingerprint:
+        name: Hingesoft-HZCMS
+    fofa: body="produced by" && body="网站群内容管理系统" || body="网站群内容管理系统" && body="produced by" || body="produced by" || body="网站群内容管理系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("produced by") && response.body_string.contains("网站群内容管理系统")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("网站群内容管理系统") && response.body_string.contains("produced by")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("produced by")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("网站群内容管理系统")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/Honeywell.yml b/finger/ehole/Honeywell.yml
new file mode 100644
index 0000000..459d4db
--- /dev/null
+++ b/finger/ehole/Honeywell.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Honeywell
+manual: false
+detail:
+    fingerprint:
+        name: Honeywell
+    fofa: icon_hash="903086190"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 903086190
+expression: r0()
diff --git a/finger/ehole/HuaWei-Cloud-Bastion-Host.yml b/finger/ehole/HuaWei-Cloud-Bastion-Host.yml
new file mode 100644
index 0000000..cbda8d8
--- /dev/null
+++ b/finger/ehole/HuaWei-Cloud-Bastion-Host.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-HuaWei-Cloud-Bastion-Host
+manual: false
+detail:
+    fingerprint:
+        name: HuaWei-Cloud-Bastion-Host
+    fofa: 'body="id=mtokenplugin width=0 height=0 style=\"position: absolute;left: 0px; top: 0px\"" && body="type=application/x-xtx-axhost"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains(''id=mtokenplugin width=0 height=0 style="position: absolute;left: 0px; top: 0px"'') && response.body_string.contains("type=application/x-xtx-axhost")'
+expression: r0()
diff --git a/finger/ehole/HuaWei-Router.yml b/finger/ehole/HuaWei-Router.yml
new file mode 100644
index 0000000..66a5a06
--- /dev/null
+++ b/finger/ehole/HuaWei-Router.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-HuaWei-Router
+manual: false
+detail:
+    fingerprint:
+        name: HuaWei-Router
+    fofa: body="huawei technologies" || header="httpwarnflg" || title="wimax cpe configuration"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("huawei technologies")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("httpwarnflg"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("wimax cpe configuration")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/HuaWei-SSL-VPN.yml b/finger/ehole/HuaWei-SSL-VPN.yml
new file mode 100644
index 0000000..9f35147
--- /dev/null
+++ b/finger/ehole/HuaWei-SSL-VPN.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-HuaWei-SSL-VPN
+manual: false
+detail:
+    fingerprint:
+        name: HuaWei-SSL-VPN
+    fofa: body="href=\"./logo/&logo&.ico\"" && body="var apppath = \"/app/hw/\"" || body="var apppath = \"/app/hw/\"" || body="href=\"./logo/&logo&.ico\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="./logo/&logo&.ico"') && response.body_string.contains('var apppath = "/app/hw/"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('var apppath = "/app/hw/"')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="./logo/&logo&.ico"')
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/HuaWei-VPN.yml b/finger/ehole/HuaWei-VPN.yml
new file mode 100644
index 0000000..ab8faf2
--- /dev/null
+++ b/finger/ehole/HuaWei-VPN.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-HuaWei-VPN
+manual: false
+detail:
+    fingerprint:
+        name: HuaWei-VPN
+    fofa: body="oncompleted(hresult,perrorobject, pasynccontext" || header="auth-http server" || body="oncompletedhresult,perrorobject, pasynccontext" || body="oncompleted(hresult,perrorobject, pasynccontext)"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("oncompleted(hresult,perrorobject, pasynccontext")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("auth-http server"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("oncompletedhresult,perrorobject, pasynccontext")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("oncompleted(hresult,perrorobject, pasynccontext)")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/Huawei-Firewall.yml b/finger/ehole/Huawei-Firewall.yml
new file mode 100644
index 0000000..0f29ab6
--- /dev/null
+++ b/finger/ehole/Huawei-Firewall.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-Huawei-Firewall
+manual: false
+detail:
+    fingerprint:
+        name: Huawei-Firewall
+    fofa: 'body="modify by wangxiangguang" || header="server: eudemon server" || header="Eudemon Server" || body="<!--Modify by wangxiangguang 2006-9-29 for BYDD15857 Begin -->" || body="<!--Modify by wangxiangguang 2006-9-29 for BYDD15857 End -->" || body="<input type=\"text\" onpaste=\"checkPaste(this,\"012\")\" name=\"username\" id=\"username\" maxlength="'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("modify by wangxiangguang")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: eudemon server"))'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Eudemon Server"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<!--Modify by wangxiangguang 2006-9-29 for BYDD15857 Begin -->")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<!--Modify by wangxiangguang 2006-9-29 for BYDD15857 End -->")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<input type="text" onpaste="checkPaste(this,"012")" name="username" id="username" maxlength=')
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/Huawei.yml b/finger/ehole/Huawei.yml
new file mode 100644
index 0000000..fc68150
--- /dev/null
+++ b/finger/ehole/Huawei.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Huawei
+manual: false
+detail:
+    fingerprint:
+        name: Huawei
+    fofa: icon_hash="281559989"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 281559989
+expression: r0()
diff --git a/finger/ehole/IBM-Tivoli.yml b/finger/ehole/IBM-Tivoli.yml
new file mode 100644
index 0000000..d3b933d
--- /dev/null
+++ b/finger/ehole/IBM-Tivoli.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-IBM-Tivoli
+manual: false
+detail:
+    fingerprint:
+        name: IBM-Tivoli
+    fofa: body="tivoli netview uses an open source web server" && body="banner/tivoli/tv_icbanner.html" || body="banner/tivoli/tv_icbanner.html" || body="tivoli netview uses an open source web server"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("tivoli netview uses an open source web server") && response.body_string.contains("banner/tivoli/tv_icbanner.html")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("banner/tivoli/tv_icbanner.html")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("tivoli netview uses an open source web server")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/IBM-WebSphere.yml b/finger/ehole/IBM-WebSphere.yml
new file mode 100644
index 0000000..b8e00e3
--- /dev/null
+++ b/finger/ehole/IBM-WebSphere.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-IBM-WebSphere
+manual: false
+detail:
+    fingerprint:
+        name: IBM-WebSphere
+    fofa: 'body="<br><i>ibm websphere application server</i>" && body="websphere" && body="com.ibm.websphere.ihs.doc" && body="content=\"websphere application server" || body="content=\"websphere application server" || body="<br><i>ibm websphere application server</i>" || body="websphere" || body="com.ibm.websphere.ihs.doc" || body="<HTML><HEAD><TITLE>Snoop Servlet</TITLE></HEAD><BODY BGCOLOR=\"#FFFFEE\">" || header="server: websphere"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<br><i>ibm websphere application server</i>") && response.body_string.contains("websphere") && response.body_string.contains("com.ibm.websphere.ihs.doc") && response.body_string.contains('content="websphere application server')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="websphere application server')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<br><i>ibm websphere application server</i>")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("websphere")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("com.ibm.websphere.ihs.doc")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<HTML><HEAD><TITLE>Snoop Servlet</TITLE></HEAD><BODY BGCOLOR="#FFFFEE">')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: websphere"))'
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/IDEACMS.yml b/finger/ehole/IDEACMS.yml
new file mode 100644
index 0000000..de81026
--- /dev/null
+++ b/finger/ehole/IDEACMS.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-IDEACMS
+manual: false
+detail:
+    fingerprint:
+        name: IDEACMS
+    fofa: body="powered by ideacms" && body="ejnav{ideacms:cursort" || body="Powered By IdeaCMS" || body="m_ctr32" || header="Idea CMS" || body="ejnav{ideacms:cursort" || body="powered by ideacms" || title="Idea CMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by ideacms") && response.body_string.contains("ejnav{ideacms:cursort")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Powered By IdeaCMS")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("m_ctr32")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Idea CMS"))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ejnav{ideacms:cursort")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by ideacms")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Idea CMS")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/IIS.yml b/finger/ehole/IIS.yml
new file mode 100644
index 0000000..090e846
--- /dev/null
+++ b/finger/ehole/IIS.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-IIS
+manual: false
+detail:
+    fingerprint:
+        name: IIS
+    fofa: 'body="<img src=\"welcome.png\" alt=\"IIS" || header="x-powered-by: waf/2.0" || header="microsoft-iis"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<img src="welcome.png" alt="IIS')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("x-powered-by: waf/2.0"))'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("microsoft-iis"))
+expression: r0() || r1() || r2()
diff --git "a/finger/ehole/IMO\344\272\221\345\212\236\345\205\254\345\256\244\347\263\273\347\273\237.yml" "b/finger/ehole/IMO\344\272\221\345\212\236\345\205\254\345\256\244\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..4678101
--- /dev/null
+++ "b/finger/ehole/IMO\344\272\221\345\212\236\345\205\254\345\256\244\347\263\273\347\273\237.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-IMO云办公室系统
+manual: false
+detail:
+    fingerprint:
+        name: IMO云办公室系统
+    fofa: title="IMO云办公室系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("IMO云办公室系统")
+expression: r0()
diff --git a/finger/ehole/IP-guard.yml b/finger/ehole/IP-guard.yml
new file mode 100644
index 0000000..591bdea
--- /dev/null
+++ b/finger/ehole/IP-guard.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-IP-guard
+manual: false
+detail:
+    fingerprint:
+        name: IP-guard
+    fofa: body="IP-guard" && body="sign/login"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("IP-guard") && response.body_string.contains("sign/login")
+expression: r0()
diff --git a/finger/ehole/IPFire.yml b/finger/ehole/IPFire.yml
new file mode 100644
index 0000000..6173d4e
--- /dev/null
+++ b/finger/ehole/IPFire.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-IPFire
+manual: false
+detail:
+    fingerprint:
+        name: IPFire
+    fofa: header="IPFire - Restricted"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("IPFire - Restricted"))
+expression: r0()
diff --git a/finger/ehole/Ioa.yml b/finger/ehole/Ioa.yml
new file mode 100644
index 0000000..9ce0655
--- /dev/null
+++ b/finger/ehole/Ioa.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-Ioa
+manual: false
+detail:
+    fingerprint:
+        name: Ioa
+    fofa: body="<a href=\"https://www.ioa.cn/official/download.html\" target=\"_blank\">爱办公app</a>" && body="id=\"foot_version\">厦门容能科技有限公司" || body="id=\"foot_version\">厦门容能科技有限公司" || body="<a href=\"https://www.ioa.cn/official/download.html\" target=\"_blank\">爱办公app</a>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="https://www.ioa.cn/official/download.html" target="_blank">爱办公app</a>') && response.body_string.contains('id="foot_version">厦门容能科技有限公司')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('id="foot_version">厦门容能科技有限公司')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="https://www.ioa.cn/official/download.html" target="_blank">爱办公app</a>')
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/JAVA.yml b/finger/ehole/JAVA.yml
new file mode 100644
index 0000000..d892fd1
--- /dev/null
+++ b/finger/ehole/JAVA.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-JAVA
+manual: false
+detail:
+    fingerprint:
+        name: JAVA
+    fofa: 'body="<h2>struts problem report</h2>" && body="there is no action mapped for namespace" && body="no result defined for action and result input" && body="index.jsp" || header="set-cookie: jsessionid" || body="index.jsp" || body="no result defined for action,result input" || body="there is no action mapped for namespace" || body="<h2>struts problem report</h2>" || header="x-powered-by: servlet"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<h2>struts problem report</h2>") && response.body_string.contains("there is no action mapped for namespace") && response.body_string.contains("no result defined for action and result input") && response.body_string.contains("index.jsp")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("set-cookie: jsessionid"))'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("index.jsp")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("no result defined for action,result input")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("there is no action mapped for namespace")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<h2>struts problem report</h2>")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("x-powered-by: servlet"))'
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/JEECMS.yml b/finger/ehole/JEECMS.yml
new file mode 100644
index 0000000..f211282
--- /dev/null
+++ b/finger/ehole/JEECMS.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-JEECMS
+manual: false
+detail:
+    fingerprint:
+        name: JEECMS
+    fofa: body="/r/cms/www" && body="shortcut icon" || body="http://www.jeecms.com" || body="JEECMS" || body="/r/cms/www" || body="jeecms" && body="http://www.jeecms.com" && body="powered by" || body="\"/cnf/r/cms/common.js\"" || title="powered by jeecms"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/r/cms/www") && response.body_string.contains("shortcut icon")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("http://www.jeecms.com")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("JEECMS")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/r/cms/www")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("jeecms") && response.body_string.contains("http://www.jeecms.com") && response.body_string.contains("powered by")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('"/cnf/r/cms/common.js"')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("powered by jeecms")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/JFrog.yml b/finger/ehole/JFrog.yml
new file mode 100644
index 0000000..bca6b25
--- /dev/null
+++ b/finger/ehole/JFrog.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-JFrog
+manual: false
+detail:
+    fingerprint:
+        name: JFrog
+    fofa: 'body="src=/ui/img/jfrog" && body="<meta http-equiv=\"refresh\" content=\"0;URL=/artifactory\">" && body="Artifactory is a binaries repository manager" || header="Location: /artifactory/" || body="src=/ui/img/jfrog" || body="<meta http-equiv=\"refresh\" content=\"0;URL=/artifactory\">" || body="Artifactory is a binaries repository manager"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("src=/ui/img/jfrog") && response.body_string.contains('<meta http-equiv="refresh" content="0;URL=/artifactory">') && response.body_string.contains("Artifactory is a binaries repository manager")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("Location: /artifactory/"))'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("src=/ui/img/jfrog")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<meta http-equiv="refresh" content="0;URL=/artifactory">')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Artifactory is a binaries repository manager")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/JOIN_CHEER-Report.yml b/finger/ehole/JOIN_CHEER-Report.yml
new file mode 100644
index 0000000..a0180f1
--- /dev/null
+++ b/finger/ehole/JOIN_CHEER-Report.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-JOIN_CHEER-Report
+manual: false
+detail:
+    fingerprint:
+        name: JOIN_CHEER-Report
+    fofa: body="../netrep" && body="jqci"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("../netrep") && response.body_string.contains("jqci")
+expression: r0()
diff --git a/finger/ehole/Java RMI.yml b/finger/ehole/Java RMI.yml
new file mode 100644
index 0000000..cf09bcc
--- /dev/null
+++ b/finger/ehole/Java RMI.yml	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Java RMI
+manual: false
+detail:
+    fingerprint:
+        name: Java RMI
+    fofa: header="Java RMI" || title="Java RMI"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Java RMI"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Java RMI")
+expression: r0() || r1()
diff --git a/finger/ehole/Jboss.yml b/finger/ehole/Jboss.yml
new file mode 100644
index 0000000..790ea28
--- /dev/null
+++ b/finger/ehole/Jboss.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-Jboss
+manual: false
+detail:
+    fingerprint:
+        name: Jboss
+    fofa: body="jboss.css" || icon_hash="-656811182" || header="jboss-eap" || header="Server:JBoss" || body="<a href=\"http://jboss.org\">"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("jboss.css")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -656811182
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("jboss-eap"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Server:JBoss"))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="http://jboss.org">')
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/JeeSite.yml b/finger/ehole/JeeSite.yml
new file mode 100644
index 0000000..10d759b
--- /dev/null
+++ b/finger/ehole/JeeSite.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-JeeSite
+manual: false
+detail:
+    fingerprint:
+        name: JeeSite
+    fofa: 'body="jeesite.css" && body="jeesite.js" && body="jeesite.com" || header="set-cookie: jeesite.session.id=" || body="jeesite.com" && body="jeesite.js" && body="jeesite.css" || body="jeesite.css" || body="jeesite.js" || body="jeesite.com" || title="JeeSite"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("jeesite.css") && response.body_string.contains("jeesite.js") && response.body_string.contains("jeesite.com")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("set-cookie: jeesite.session.id="))'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("jeesite.com") && response.body_string.contains("jeesite.js") && response.body_string.contains("jeesite.css")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("jeesite.css")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("jeesite.js")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("jeesite.com")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("JeeSite")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/JeecgBoot.yml b/finger/ehole/JeecgBoot.yml
new file mode 100644
index 0000000..f832f2d
--- /dev/null
+++ b/finger/ehole/JeecgBoot.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-JeecgBoot
+manual: false
+detail:
+    fingerprint:
+        name: JeecgBoot
+    fofa: body="jeecg-boot" || body="JeecgBoot" && body="polyfill_"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("jeecg-boot")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("JeecgBoot") && response.body_string.contains("polyfill_")
+expression: r0() || r1()
diff --git a/finger/ehole/Jenkins.yml b/finger/ehole/Jenkins.yml
new file mode 100644
index 0000000..113255f
--- /dev/null
+++ b/finger/ehole/Jenkins.yml
@@ -0,0 +1,65 @@
+name: fingerprint-yaml-Jenkins
+manual: false
+detail:
+    fingerprint:
+        name: Jenkins
+    fofa: 'icon_hash="81586312" || body="jenkins-agent-protocols" && body="Error 403 No valid crumb was included in the request" || header="X-Jenkins" || body="hudson.model.Hudson.Administer" || body="jenkins-agent-protocols" || header="x-required-permission: hudson.model.hudson.read" || header="x-hudson" || header="x-jenkins"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 81586312
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("jenkins-agent-protocols") && response.body_string.contains("Error 403 No valid crumb was included in the request")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("X-Jenkins"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("hudson.model.Hudson.Administer")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("jenkins-agent-protocols")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("x-required-permission: hudson.model.hudson.read"))'
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("x-hudson"))
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("x-jenkins"))
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7()
diff --git a/finger/ehole/Jetty.yml b/finger/ehole/Jetty.yml
new file mode 100644
index 0000000..b056d2e
--- /dev/null
+++ b/finger/ehole/Jetty.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-Jetty
+manual: false
+detail:
+    fingerprint:
+        name: Jetty
+    fofa: 'header="Server: Jetty" || header="Server:Jetty" || body="<A HREF=\"http://jetty.mortbay.org\"><IMG SRC=\"jetty_banner.gif\"></A>" || body="<p><i><small><a href=\"http://jetty.mortbay.org\">Powered by Jetty://</a></small></i></p>" || header="server: jetty"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("Server: Jetty"))'
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Server:Jetty"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<A HREF="http://jetty.mortbay.org"><IMG SRC="jetty_banner.gif"></A>')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<p><i><small><a href="http://jetty.mortbay.org">Powered by Jetty://</a></small></i></p>')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: jetty"))'
+expression: r0() || r1() || r2() || r3() || r4()
diff --git "a/finger/ehole/JieLink+\346\231\272\350\203\275\347\273\210\347\253\257\346\223\215\344\275\234\345\271\263\345\217\260.yml" "b/finger/ehole/JieLink+\346\231\272\350\203\275\347\273\210\347\253\257\346\223\215\344\275\234\345\271\263\345\217\260.yml"
new file mode 100644
index 0000000..362c00e
--- /dev/null
+++ "b/finger/ehole/JieLink+\346\231\272\350\203\275\347\273\210\347\253\257\346\223\215\344\275\234\345\271\263\345\217\260.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-JieLink+智能终端操作平台
+manual: false
+detail:
+    fingerprint:
+        name: JieLink+智能终端操作平台
+    fofa: body="JieLink<sup>+</sup>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("JieLink<sup>+</sup>")
+expression: r0()
diff --git a/finger/ehole/Jiusi-OA.yml b/finger/ehole/Jiusi-OA.yml
new file mode 100644
index 0000000..22b8ac5
--- /dev/null
+++ b/finger/ehole/Jiusi-OA.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-Jiusi-OA
+manual: false
+detail:
+    fingerprint:
+        name: Jiusi-OA
+    fofa: body="九思软件" && body="办公系统" || body="办公系统" && body="oa" && body="九思软件" || body="九思软件" || body="办公系统" || body="oa" && body="九思软件" && body="办公系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("九思软件") && response.body_string.contains("办公系统")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("办公系统") && response.body_string.contains("oa") && response.body_string.contains("九思软件")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("九思软件")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("办公系统")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("oa") && response.body_string.contains("九思软件") && response.body_string.contains("办公系统")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/Joomla.yml b/finger/ehole/Joomla.yml
new file mode 100644
index 0000000..f0f24ae
--- /dev/null
+++ b/finger/ehole/Joomla.yml
@@ -0,0 +1,86 @@
+name: fingerprint-yaml-Joomla
+manual: false
+detail:
+    fingerprint:
+        name: Joomla
+    fofa: icon_hash="1627330242" || icon_hash="-1950415971" || icon_hash="366524387" || body="content=\"joomla" && body="/media/system/js/core.js" && body="/media/system/js/mootools-core.js" || body="content=\"Joomla" || body="/media/system/js/mootools-core.js" && body="/media/system/js/core.js" || body="content=\"joomla" || body="Powered by <a href=\"http://www.joomla.org\">Joomla!</a>." || body="<meta name=\"keywords\" content=\"joomla, Joomla\" />" || body="/media/system/js/core.js" || body="/media/system/js/mootools-core.js"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1627330242
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1950415971
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 366524387
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="joomla') && response.body_string.contains("/media/system/js/core.js") && response.body_string.contains("/media/system/js/mootools-core.js")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="Joomla')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/media/system/js/mootools-core.js") && response.body_string.contains("/media/system/js/core.js")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="joomla')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('Powered by <a href="http://www.joomla.org">Joomla!</a>.')
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<meta name="keywords" content="joomla, Joomla" />')
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/media/system/js/core.js")
+    r10:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/media/system/js/mootools-core.js")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9() || r10()
diff --git a/finger/ehole/Journalx.yml b/finger/ehole/Journalx.yml
new file mode 100644
index 0000000..3cf0f7e
--- /dev/null
+++ b/finger/ehole/Journalx.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Journalx
+manual: false
+detail:
+    fingerprint:
+        name: Journalx
+    fofa: header="Journalx" || title="Journalx"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Journalx"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Journalx")
+expression: r0() || r1()
diff --git a/finger/ehole/Jumpserver.yml b/finger/ehole/Jumpserver.yml
new file mode 100644
index 0000000..2de5780
--- /dev/null
+++ b/finger/ehole/Jumpserver.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Jumpserver
+manual: false
+detail:
+    fingerprint:
+        name: Jumpserver
+    fofa: body="<script src=\"/static/js/jumpserver.js\"></script>" || body="Jumpserver开源堡垒机"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<script src="/static/js/jumpserver.js"></script>')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Jumpserver开源堡垒机")
+expression: r0() || r1()
diff --git a/finger/ehole/Jupyter.yml b/finger/ehole/Jupyter.yml
new file mode 100644
index 0000000..486566f
--- /dev/null
+++ b/finger/ehole/Jupyter.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Jupyter
+manual: false
+detail:
+    fingerprint:
+        name: Jupyter
+    fofa: body="<title>Jupyter Notebook</title" && body="" && body="(97c6417ed01bdc0ae3ef32ae4894fd03" || body="<title>Jupyter Notebook</title"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Jupyter Notebook</title") && response.body_string.contains("") && response.body_string.contains("(97c6417ed01bdc0ae3ef32ae4894fd03")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Jupyter Notebook</title")
+expression: r0() || r1()
diff --git a/finger/ehole/Kafka-Manager.yml b/finger/ehole/Kafka-Manager.yml
new file mode 100644
index 0000000..fd988d3
--- /dev/null
+++ b/finger/ehole/Kafka-Manager.yml
@@ -0,0 +1,65 @@
+name: fingerprint-yaml-Kafka-Manager
+manual: false
+detail:
+    fingerprint:
+        name: Kafka-Manager
+    fofa: body="/vassets/datatables/stylesheets" && body="vassets/images/2af62f58ee2baf495c9b3a9a1c30ce03-favicon.png" || header="kafka admin" && header="kafka-manager" || header="Kafka-Manager" || body="vassets/images/2af62f58ee2baf495c9b3a9a1c30ce03-favicon.png" || body="/vassets/datatables/stylesheets" || header="kafka admin" || title="Kafka-Manager" || title="kafka manager"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/vassets/datatables/stylesheets") && response.body_string.contains("vassets/images/2af62f58ee2baf495c9b3a9a1c30ce03-favicon.png")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("kafka admin")) && response.raw_header.bcontains(bytes("kafka-manager"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Kafka-Manager"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("vassets/images/2af62f58ee2baf495c9b3a9a1c30ce03-favicon.png")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/vassets/datatables/stylesheets")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("kafka admin"))
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Kafka-Manager")
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("kafka manager")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7()
diff --git a/finger/ehole/Kibana.yml b/finger/ehole/Kibana.yml
new file mode 100644
index 0000000..231faa4
--- /dev/null
+++ b/finger/ehole/Kibana.yml
@@ -0,0 +1,107 @@
+name: fingerprint-yaml-Kibana
+manual: false
+detail:
+    fingerprint:
+        name: Kibana
+    fofa: 'title="Kibana" || icon_hash="-267431135" || icon_hash="-759754862" || icon_hash="-1200737715" || icon_hash="75230260" || icon_hash="1668183286" || body="kbnversion" || header="kbn-name: kibana" && header="kbn-version" || body="kbnVersion" || body="<body kibana ng-class" || header="kbn-version" && header="kbn-name: kibana" || header="kbn-name: kibana" || header="kbn-version" || title="kibana"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Kibana")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -267431135
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -759754862
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1200737715
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 75230260
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1668183286
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("kbnversion")
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("kbn-name: kibana")) && response.raw_header.bcontains(bytes("kbn-version"))'
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("kbnVersion")
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<body kibana ng-class")
+    r10:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("kbn-version")) && response.raw_header.bcontains(bytes("kbn-name: kibana"))'
+    r11:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("kbn-name: kibana"))'
+    r12:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("kbn-version"))
+    r13:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("kibana")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9() || r10() || r11() || r12() || r13()
diff --git a/finger/ehole/KindEditor.yml b/finger/ehole/KindEditor.yml
new file mode 100644
index 0000000..34245da
--- /dev/null
+++ b/finger/ehole/KindEditor.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-KindEditor
+manual: false
+detail:
+    fingerprint:
+        name: KindEditor
+    fofa: body="kindeditor.js" || body="KindEditor.ready" || body="K.create" || body="kindeditor-min.js" || body="k.create" || body="kindeditor.ready" || body="k.create" && body="kindeditor-min.js"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("kindeditor.js")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("KindEditor.ready")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("K.create")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("kindeditor-min.js")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("k.create")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("kindeditor.ready")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("k.create") && response.body_string.contains("kindeditor-min.js")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/Kingdee.yml b/finger/ehole/Kingdee.yml
new file mode 100644
index 0000000..ab209b0
--- /dev/null
+++ b/finger/ehole/Kingdee.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-Kingdee
+manual: false
+detail:
+    fingerprint:
+        name: Kingdee
+    fofa: body="href=\"/kingdee/index.jsp\"" && body="img src=\"images/logo-kingdee.gif\"" || body="href=\"/kingdee/index.jsp\"" || body="img src=\"images/logo-kingdee.gif\"" || body="Kingdee.EntryRole" && body="loginKDLogo" || body="var formidafterlogin = \"bos_mainconsolesutra\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="/kingdee/index.jsp"') && response.body_string.contains('img src="images/logo-kingdee.gif"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="/kingdee/index.jsp"')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('img src="images/logo-kingdee.gif"')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Kingdee.EntryRole") && response.body_string.contains("loginKDLogo")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('var formidafterlogin = "bos_mainconsolesutra"')
+expression: r0() || r1() || r2() || r3() || r4()
diff --git "a/finger/ehole/Kong API\347\275\221\345\205\263.yml" "b/finger/ehole/Kong API\347\275\221\345\205\263.yml"
new file mode 100644
index 0000000..30a0ed3
--- /dev/null
+++ "b/finger/ehole/Kong API\347\275\221\345\205\263.yml"	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Kong API网关
+manual: false
+detail:
+    fingerprint:
+        name: Kong API网关
+    fofa: header="Kong API网关" || title="Kong API网关"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Kong API网关"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Kong API网关")
+expression: r0() || r1()
diff --git a/finger/ehole/KubeSphere.yml b/finger/ehole/KubeSphere.yml
new file mode 100644
index 0000000..7b22274
--- /dev/null
+++ b/finger/ehole/KubeSphere.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-KubeSphere
+manual: false
+detail:
+    fingerprint:
+        name: KubeSphere
+    fofa: body="title>KubeSphere</title>" && body="\"title\":\"KubeSphere\",\"description\"" && body="" && body="(88717398db158e3330ce94fc1784e4a7" || body="title>KubeSphere</title>" || body="\"title\":\"KubeSphere\",\"description\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("title>KubeSphere</title>") && response.body_string.contains('"title":"KubeSphere","description"') && response.body_string.contains("") && response.body_string.contains("(88717398db158e3330ce94fc1784e4a7")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("title>KubeSphere</title>")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('"title":"KubeSphere","description"')
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/Kubernetes.yml b/finger/ehole/Kubernetes.yml
new file mode 100644
index 0000000..c34ecdb
--- /dev/null
+++ b/finger/ehole/Kubernetes.yml
@@ -0,0 +1,72 @@
+name: fingerprint-yaml-Kubernetes
+manual: false
+detail:
+    fingerprint:
+        name: Kubernetes
+    fofa: title="Kubernetes Dashboard" || body="href=\"assets/images/kubernetes-logo.png" && body="<article class=\"post kubernetes" && body="<b>kubernetes</b> listening" && body="value=\"kubernetes" || header="realm=\"kubernetes" || body="value=\"kubernetes" || body="<b>kubernetes</b> listening" || body="<article class=\"post kubernetes" || body="href=\"assets/images/kubernetes-logo.png" || title="kubernetes ci" || title="kubernetes dashboard"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Kubernetes Dashboard")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="assets/images/kubernetes-logo.png') && response.body_string.contains('<article class="post kubernetes') && response.body_string.contains("<b>kubernetes</b> listening") && response.body_string.contains('value="kubernetes')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes('realm="kubernetes'))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('value="kubernetes')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<b>kubernetes</b> listening")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<article class="post kubernetes')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="assets/images/kubernetes-logo.png')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("kubernetes ci")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("kubernetes dashboard")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8()
diff --git a/finger/ehole/Laravel.yml b/finger/ehole/Laravel.yml
new file mode 100644
index 0000000..6775fe1
--- /dev/null
+++ b/finger/ehole/Laravel.yml
@@ -0,0 +1,72 @@
+name: fingerprint-yaml-Laravel
+manual: false
+detail:
+    fingerprint:
+        name: Laravel
+    fofa: 'body="<title>Laravel</title>" && body="PhpDebugBar.Widgets.LaravelSQLQueriesWidget" && body="<a href=\"https://laravel.com/docs\">Documentation</a>" && body="<a href=\"https://laravel.com/docs\">Docs</a>" && body="<a href=\"https://github.com/laravel/laravel\">GitHub</a>" || header="set-Cookie: laravel_session=" || header="laravel_session" || body="<title>Laravel</title>" || body="PhpDebugBar.Widgets.LaravelSQLQueriesWidget" || body="<a href=\"https://laravel.com/docs\">Documentation</a>" || body="<a href=\"https://laravel.com/docs\">Docs</a>" || body="<a href=\"https://github.com/laravel/laravel\">GitHub</a>" || header="Set-Cookie: laravel_session="'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Laravel</title>") && response.body_string.contains("PhpDebugBar.Widgets.LaravelSQLQueriesWidget") && response.body_string.contains('<a href="https://laravel.com/docs">Documentation</a>') && response.body_string.contains('<a href="https://laravel.com/docs">Docs</a>') && response.body_string.contains('<a href="https://github.com/laravel/laravel">GitHub</a>')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("set-Cookie: laravel_session="))'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("laravel_session"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Laravel</title>")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("PhpDebugBar.Widgets.LaravelSQLQueriesWidget")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="https://laravel.com/docs">Documentation</a>')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="https://laravel.com/docs">Docs</a>')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="https://github.com/laravel/laravel">GitHub</a>')
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("Set-Cookie: laravel_session="))'
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8()
diff --git a/finger/ehole/Leadsec-SSL-VPN.yml b/finger/ehole/Leadsec-SSL-VPN.yml
new file mode 100644
index 0000000..2ac7f53
--- /dev/null
+++ b/finger/ehole/Leadsec-SSL-VPN.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-Leadsec-SSL-VPN
+manual: false
+detail:
+    fingerprint:
+        name: Leadsec-SSL-VPN
+    fofa: 'body="欢迎使用leadsec网御ssl vpn" && body="/ssl/down/usbkey.exe" && body="content=\"ssl,vpn,sslvpn" && body="/ssl/down/images_pc/" || body="passworduserlogin" || body="/ssl/down/images_pc/" || body="content=\"ssl,vpn,sslvpn" || body="/ssl/down/usbkey.exe" || body="欢迎使用leadsec网御ssl vpn" || header="server: xdaemon v1.0"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("欢迎使用leadsec网御ssl vpn") && response.body_string.contains("/ssl/down/usbkey.exe") && response.body_string.contains('content="ssl,vpn,sslvpn') && response.body_string.contains("/ssl/down/images_pc/")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("passworduserlogin")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/ssl/down/images_pc/")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="ssl,vpn,sslvpn')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/ssl/down/usbkey.exe")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("欢迎使用leadsec网御ssl vpn")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: xdaemon v1.0"))'
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git "a/finger/ehole/Libsys\345\233\276\344\271\246\351\246\206\347\256\241\347\220\206\347\263\273\347\273\237.yml" "b/finger/ehole/Libsys\345\233\276\344\271\246\351\246\206\347\256\241\347\220\206\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..fc45830
--- /dev/null
+++ "b/finger/ehole/Libsys\345\233\276\344\271\246\351\246\206\347\256\241\347\220\206\347\263\273\347\273\237.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Libsys图书馆管理系统
+manual: false
+detail:
+    fingerprint:
+        name: Libsys图书馆管理系统
+    fofa: title="Libsys图书馆管理系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Libsys图书馆管理系统")
+expression: r0()
diff --git a/finger/ehole/LiveBOS.yml b/finger/ehole/LiveBOS.yml
new file mode 100644
index 0000000..1ecaa16
--- /dev/null
+++ b/finger/ehole/LiveBOS.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-LiveBOS
+manual: false
+detail:
+    fingerprint:
+        name: LiveBOS
+    fofa: title="LiveBOS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("LiveBOS")
+expression: r0()
diff --git a/finger/ehole/Lokomedia.yml b/finger/ehole/Lokomedia.yml
new file mode 100644
index 0000000..4189509
--- /dev/null
+++ b/finger/ehole/Lokomedia.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Lokomedia
+manual: false
+detail:
+    fingerprint:
+        name: Lokomedia
+    fofa: header="Lokomedia" || title="Lokomedia"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Lokomedia"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Lokomedia")
+expression: r0() || r1()
diff --git "a/finger/ehole/LotApp \345\272\224\347\224\250\344\272\244\344\273\230\347\263\273\347\273\237.yml" "b/finger/ehole/LotApp \345\272\224\347\224\250\344\272\244\344\273\230\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..8a44aa5
--- /dev/null
+++ "b/finger/ehole/LotApp \345\272\224\347\224\250\344\272\244\344\273\230\347\263\273\347\273\237.yml"	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-LotApp 应用交付系统
+manual: false
+detail:
+    fingerprint:
+        name: LotApp 应用交付系统
+    fofa: header="LotApp 应用交付系统" || title="LotApp 应用交付系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("LotApp 应用交付系统"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("LotApp 应用交付系统")
+expression: r0() || r1()
diff --git a/finger/ehole/Maccms.yml b/finger/ehole/Maccms.yml
new file mode 100644
index 0000000..fb2f300
--- /dev/null
+++ b/finger/ehole/Maccms.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Maccms
+manual: false
+detail:
+    fingerprint:
+        name: Maccms
+    fofa: body="src=\"/template/paody/images/"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('src="/template/paody/images/')
+expression: r0()
diff --git a/finger/ehole/MediaWiki.yml b/finger/ehole/MediaWiki.yml
new file mode 100644
index 0000000..0c7ed33
--- /dev/null
+++ b/finger/ehole/MediaWiki.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-MediaWiki
+manual: false
+detail:
+    fingerprint:
+        name: MediaWiki
+    fofa: body="generator\" content=\"MediaWiki" || body="/wiki/images/6/64/Favicon.ico" || body="Powered by MediaWiki" || body="alt=\"Powered by MediaWiki\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('generator" content="MediaWiki')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/wiki/images/6/64/Favicon.ico")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Powered by MediaWiki")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('alt="Powered by MediaWiki"')
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/MetInfo.yml b/finger/ehole/MetInfo.yml
new file mode 100644
index 0000000..0c96850
--- /dev/null
+++ b/finger/ehole/MetInfo.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-MetInfo
+manual: false
+detail:
+    fingerprint:
+        name: MetInfo
+    fofa: body="content=\"metinfo" && body="powered_by_metinfo" && body="/images/css/metinfo.css" || body="content=\"MetInfo" || body="powered_by_metinfo" || body="/images/css/metinfo.css" || body="content=\"metinfo" || title="powered by metinfo"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="metinfo') && response.body_string.contains("powered_by_metinfo") && response.body_string.contains("/images/css/metinfo.css")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="MetInfo')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered_by_metinfo")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/images/css/metinfo.css")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="metinfo')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("powered by metinfo")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/Metabase.yml b/finger/ehole/Metabase.yml
new file mode 100644
index 0000000..fd64937
--- /dev/null
+++ b/finger/ehole/Metabase.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Metabase
+manual: false
+detail:
+    fingerprint:
+        name: Metabase
+    fofa: icon_hash="1953726032" || title="Metabase"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1953726032
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Metabase")
+expression: r0() || r1()
diff --git a/finger/ehole/MeterSphere.yml b/finger/ehole/MeterSphere.yml
new file mode 100644
index 0000000..9b2c2df
--- /dev/null
+++ b/finger/ehole/MeterSphere.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-MeterSphere
+manual: false
+detail:
+    fingerprint:
+        name: MeterSphere
+    fofa: icon_hash="1023469568" || body="<title>MeterSphere</title>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1023469568
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>MeterSphere</title>")
+expression: r0() || r1()
diff --git a/finger/ehole/Microsoft IIS.yml b/finger/ehole/Microsoft IIS.yml
new file mode 100644
index 0000000..d696c58
--- /dev/null
+++ b/finger/ehole/Microsoft IIS.yml	
@@ -0,0 +1,79 @@
+name: fingerprint-yaml-Microsoft IIS
+manual: false
+detail:
+    fingerprint:
+        name: Microsoft IIS
+    fofa: 'icon_hash="-1414475558" || body="<html><head><title>Site Not Found</title></head>.<body>No web site is configured at this address.</body></html>" || body="<id id=\"Comment1\"><!--Problem--></id><id id=\"errorText\">Under Construction</id></h1>" || body="<P ID=Comment1><!--Problem--><P ID=\"errorText\">Under Construction</h1>" || body="If you are the Web site administrator and feel you have received this message in error, please see &quot;Enabling and Disabling Dynamic Content&quot; in IIS Help." || body="<a href=\"http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409\"><img src=\"welcome.png\" alt=\"IIS7\" width=\"571\" height=\"411\" /></a>" || body="<a href=\"http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409\"><img src=\"iis-85.png\" alt=\"IIS\" width=\"960\" height=\"600\" /></a>" || body="<h1 style=\"COLOR:000000; FONT: 13pt/15pt verdana\"><!--Problem-->The page cannot be found</h1>" || body="<li>Go to <a href=\"http://go.microsoft.com/fwlink/?linkid=8180\">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>" || body="<li>Go to <a href=\"http://go.microsoft.com/fwlink/?linkid=8180\">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>403</b>.</li>"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1414475558
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<html><head><title>Site Not Found</title></head>.<body>No web site is configured at this address.</body></html>")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<id id="Comment1"><!--Problem--></id><id id="errorText">Under Construction</id></h1>')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<P ID=Comment1><!--Problem--><P ID="errorText">Under Construction</h1>')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("If you are the Web site administrator and feel you have received this message in error, please see &quot;Enabling and Disabling Dynamic Content&quot; in IIS Help.")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409"><img src="welcome.png" alt="IIS7" width="571" height="411" /></a>')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409"><img src="iis-85.png" alt="IIS" width="960" height="600" /></a>')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains(''<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be found</h1>'')'
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>')
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>403</b>.</li>')
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9()
diff --git a/finger/ehole/Microsoft Outlook.yml b/finger/ehole/Microsoft Outlook.yml
new file mode 100644
index 0000000..aefdefb
--- /dev/null
+++ b/finger/ehole/Microsoft Outlook.yml	
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Microsoft Outlook
+manual: false
+detail:
+    fingerprint:
+        name: Microsoft Outlook
+    fofa: icon_hash="-1249852061"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1249852061
+expression: r0()
diff --git a/finger/ehole/Microsoft-SharePoint.yml b/finger/ehole/Microsoft-SharePoint.yml
new file mode 100644
index 0000000..b43a628
--- /dev/null
+++ b/finger/ehole/Microsoft-SharePoint.yml
@@ -0,0 +1,121 @@
+name: fingerprint-yaml-Microsoft-SharePoint
+manual: false
+detail:
+    fingerprint:
+        name: Microsoft-SharePoint
+    fofa: body="content=\"microsoft sharepoint" && body="content=\"sharepoint team" && body="id=\"msowebpartpage_postbacksource" || header="microsoftsharepointteamservices" && header="sprequestduration" || body="id=\"msowebpartpage_postbacksource" || body="content=\"sharepoint team" || body="content=\"microsoft sharepoint" || body="<noscript><div class=\"noindex\">You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.</div></noscript>" || body="<noscript><div class=\"noindex\">Please enable scripts and reload this page. If your browser does not support script, then you can visit the minimal version of this site at <a href=" || body="<meta name=\"CollaborationServer\" content=\"SharePoint Team Web Site\" />" || body="<input type=\"hidden\" name=\"MSOWebPartPage_PostbackSource\" id=\"MSOWebPartPage_PostbackSource\" value=" || body="<meta name=\"GENERATOR\" content=\"Microsoft SharePoint\" />" || body="<meta name=\"progid\" content=\"SharePoint.WebPartPage.Document\" />" || header="sprequestduration" || header="sharepointerror" || header="x-sharepointhealthscore" || header="microsoftsharepointteamservices" || title="Microsoft SharePoint"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="microsoft sharepoint') && response.body_string.contains('content="sharepoint team') && response.body_string.contains('id="msowebpartpage_postbacksource')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("microsoftsharepointteamservices")) && response.raw_header.bcontains(bytes("sprequestduration"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('id="msowebpartpage_postbacksource')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="sharepoint team')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="microsoft sharepoint')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<noscript><div class="noindex">You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.</div></noscript>')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<noscript><div class="noindex">Please enable scripts and reload this page. If your browser does not support script, then you can visit the minimal version of this site at <a href=')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<meta name="CollaborationServer" content="SharePoint Team Web Site" />')
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<input type="hidden" name="MSOWebPartPage_PostbackSource" id="MSOWebPartPage_PostbackSource" value=')
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<meta name="GENERATOR" content="Microsoft SharePoint" />')
+    r10:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<meta name="progid" content="SharePoint.WebPartPage.Document" />')
+    r11:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("sprequestduration"))
+    r12:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("sharepointerror"))
+    r13:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("x-sharepointhealthscore"))
+    r14:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("microsoftsharepointteamservices"))
+    r15:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Microsoft SharePoint")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9() || r10() || r11() || r12() || r13() || r14() || r15()
diff --git a/finger/ehole/MicrosoftAzure.yml b/finger/ehole/MicrosoftAzure.yml
new file mode 100644
index 0000000..a251dc1
--- /dev/null
+++ b/finger/ehole/MicrosoftAzure.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-MicrosoftAzure
+manual: false
+detail:
+    fingerprint:
+        name: MicrosoftAzure
+    fofa: title="Microsoft Azure"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Microsoft Azure")
+expression: r0()
diff --git a/finger/ehole/MinIO.yml b/finger/ehole/MinIO.yml
new file mode 100644
index 0000000..121ef62
--- /dev/null
+++ b/finger/ehole/MinIO.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-MinIO
+manual: false
+detail:
+    fingerprint:
+        name: MinIO
+    fofa: 'body="MinIO Console" || title="MinIO Browser" || body="<img src=\"/minio/logo.svg\" alt=\"\">" && body="<title>Minio Browser</title>" || header="Server: MinIO" || body="MinIO Browser"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("MinIO Console")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("MinIO Browser")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<img src="/minio/logo.svg" alt="">') && response.body_string.contains("<title>Minio Browser</title>")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("Server: MinIO"))'
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("MinIO Browser")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/MobileIron.yml b/finger/ehole/MobileIron.yml
new file mode 100644
index 0000000..af16d24
--- /dev/null
+++ b/finger/ehole/MobileIron.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-MobileIron
+manual: false
+detail:
+    fingerprint:
+        name: MobileIron
+    fofa: icon_hash="545827989" || icon_hash="967636089" || icon_hash="362091310" || icon_hash="2086228042"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 545827989
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 967636089
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 362091310
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 2086228042
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/Moodle.yml b/finger/ehole/Moodle.yml
new file mode 100644
index 0000000..00e7307
--- /dev/null
+++ b/finger/ehole/Moodle.yml
@@ -0,0 +1,93 @@
+name: fingerprint-yaml-Moodle
+manual: false
+detail:
+    fingerprint:
+        name: Moodle
+    fofa: icon_hash="-438482901" || body="title=\"moodle\" href=\"http://moodle.org/" && body="moodle" && body="moodle\":" || header="moodlesession=" && header="moodleid_" || header="moodle" || body="m.str = {\"moodle\":" || body="content=\"moodle" || body="title=\"moodle\" href=\"http://moodle.org/" || body="moodle" || body="moodle\":" || header="moodleid_" || header="moodlesession=" || title="moodle"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -438482901
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('title="moodle" href="http://moodle.org/') && response.body_string.contains("moodle") && response.body_string.contains('moodle":')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("moodlesession=")) && response.raw_header.bcontains(bytes("moodleid_"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("moodle"))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('m.str = {"moodle":')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="moodle')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('title="moodle" href="http://moodle.org/')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("moodle")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('moodle":')
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("moodleid_"))
+    r10:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("moodlesession="))
+    r11:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("moodle")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9() || r10() || r11()
diff --git a/finger/ehole/NETENTSEC-NGFW.yml b/finger/ehole/NETENTSEC-NGFW.yml
new file mode 100644
index 0000000..1ab58b9
--- /dev/null
+++ b/finger/ehole/NETENTSEC-NGFW.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-NETENTSEC-NGFW
+manual: false
+detail:
+    fingerprint:
+        name: NETENTSEC-NGFW
+    fofa: body="/images/dashboard/dashboard.png"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/images/dashboard/dashboard.png")
+expression: r0()
diff --git a/finger/ehole/NETGEAR-DGND3700.yml b/finger/ehole/NETGEAR-DGND3700.yml
new file mode 100644
index 0000000..be88a71
--- /dev/null
+++ b/finger/ehole/NETGEAR-DGND3700.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-NETGEAR-DGND3700
+manual: false
+detail:
+    fingerprint:
+        name: NETGEAR-DGND3700
+    fofa: body="var host_name=\"dgnd3700\"" && body="content=\"dgnd3700" || header="netgear dgnd3700" || header="NETGEAR DGND3700" || body="content=\"dgnd3700" || body="var host_name=\"dgnd3700\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('var host_name="dgnd3700"') && response.body_string.contains('content="dgnd3700')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("netgear dgnd3700"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("NETGEAR DGND3700"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="dgnd3700')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('var host_name="dgnd3700"')
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/NEWS.yml b/finger/ehole/NEWS.yml
new file mode 100644
index 0000000..a1aa6d0
--- /dev/null
+++ b/finger/ehole/NEWS.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-NEWS
+manual: false
+detail:
+    fingerprint:
+        name: NEWS
+    fofa: body="<img id=\"createcheckcode\" src=\"login/picturecheckcode\" name=\"check_code\" ng-click=\"reloadcheckcode(" && body="ng-disabled=\"!loginform.$valid\"" || body="ng-disabled=\"!loginform.$valid\"" && body="<img id=\"createcheckcode\" src=\"login/picturecheckcode\" name=\"check_code\" ng-click=\"reloadcheckcode()" || body="<img id=\"createcheckcode\" src=\"login/picturecheckcode\" name=\"check_code\" ng-click=\"reloadcheckcode" || body="ng-disabled=\"!loginform.$valid\"" || body="<img id=\"createcheckcode\" src=\"login/picturecheckcode\" name=\"check_code\" ng-click=\"reloadcheckcode()"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<img id="createcheckcode" src="login/picturecheckcode" name="check_code" ng-click="reloadcheckcode(') && response.body_string.contains('ng-disabled="!loginform.$valid"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('ng-disabled="!loginform.$valid"') && response.body_string.contains('<img id="createcheckcode" src="login/picturecheckcode" name="check_code" ng-click="reloadcheckcode()')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<img id="createcheckcode" src="login/picturecheckcode" name="check_code" ng-click="reloadcheckcode')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('ng-disabled="!loginform.$valid"')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<img id="createcheckcode" src="login/picturecheckcode" name="check_code" ng-click="reloadcheckcode()')
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/NSFOCUS-NGFW.yml b/finger/ehole/NSFOCUS-NGFW.yml
new file mode 100644
index 0000000..c5ab5e2
--- /dev/null
+++ b/finger/ehole/NSFOCUS-NGFW.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-NSFOCUS-NGFW
+manual: false
+detail:
+    fingerprint:
+        name: NSFOCUS-NGFW
+    fofa: body="/login_logo_nf_zh_cn.png" || title="nsfocus nf"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/login_logo_nf_zh_cn.png")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("nsfocus nf")
+expression: r0() || r1()
diff --git a/finger/ehole/NSFOCUS-SAS.yml b/finger/ehole/NSFOCUS-SAS.yml
new file mode 100644
index 0000000..24b0a28
--- /dev/null
+++ b/finger/ehole/NSFOCUS-SAS.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-NSFOCUS-SAS
+manual: false
+detail:
+    fingerprint:
+        name: NSFOCUS-SAS
+    fofa: body="/login_logo_sas_zh_cn.png" || header="NSFOCUS SAS" || title="NSFOCUS SAS" || title="nsfocus&nbsp;sas"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/login_logo_sas_zh_cn.png")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("NSFOCUS SAS"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("NSFOCUS SAS")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("nsfocus&nbsp;sas")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/NUUO-NVRmini.yml b/finger/ehole/NUUO-NVRmini.yml
new file mode 100644
index 0000000..b6837b2
--- /dev/null
+++ b/finger/ehole/NUUO-NVRmini.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-NUUO-NVRmini
+manual: false
+detail:
+    fingerprint:
+        name: NUUO-NVRmini
+    fofa: body="nvrmini"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("nvrmini")
+expression: r0()
diff --git a/finger/ehole/Nacos.yml b/finger/ehole/Nacos.yml
new file mode 100644
index 0000000..430093d
--- /dev/null
+++ b/finger/ehole/Nacos.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Nacos
+manual: false
+detail:
+    fingerprint:
+        name: Nacos
+    fofa: title="Nacos" || body="<title>Nacos</title>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Nacos")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Nacos</title>")
+expression: r0() || r1()
diff --git a/finger/ehole/Nagios.yml b/finger/ehole/Nagios.yml
new file mode 100644
index 0000000..06078a6
--- /dev/null
+++ b/finger/ehole/Nagios.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Nagios
+manual: false
+detail:
+    fingerprint:
+        name: Nagios
+    fofa: body="/nagios/cgi-bin/status.cgi" || header="nagios " || header="Nagios access" || header="nagios"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/nagios/cgi-bin/status.cgi")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("nagios "))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Nagios access"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("nagios"))
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/Neo4j.yml b/finger/ehole/Neo4j.yml
new file mode 100644
index 0000000..fedea84
--- /dev/null
+++ b/finger/ehole/Neo4j.yml
@@ -0,0 +1,65 @@
+name: fingerprint-yaml-Neo4j
+manual: false
+detail:
+    fingerprint:
+        name: Neo4j
+    fofa: body="content=\"neo4j" && body="ng-show=\"neo4j.enterpriseedition" && body="play-topic=\"neo4j-sync" && body="neo4jdeveloperdoc" || header="Neo4j" || body="{{ neo4j.version | neo4jdeveloperdoc }}/" || body="play-topic=\"neo4j-sync" || body="ng-show=\"neo4j.enterpriseedition" || body="content=\"neo4j" || body="neo4jdeveloperdoc" || title="Neo4j"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="neo4j') && response.body_string.contains('ng-show="neo4j.enterpriseedition') && response.body_string.contains('play-topic="neo4j-sync') && response.body_string.contains("neo4jdeveloperdoc")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Neo4j"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("{{ neo4j.version | neo4jdeveloperdoc }}/")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('play-topic="neo4j-sync')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('ng-show="neo4j.enterpriseedition')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="neo4j')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("neo4jdeveloperdoc")
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Neo4j")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7()
diff --git a/finger/ehole/NetMizer.yml b/finger/ehole/NetMizer.yml
new file mode 100644
index 0000000..1dd9011
--- /dev/null
+++ b/finger/ehole/NetMizer.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-NetMizer
+manual: false
+detail:
+    fingerprint:
+        name: NetMizer
+    fofa: header="NetMizer" || title="NetMizer"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("NetMizer"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("NetMizer")
+expression: r0() || r1()
diff --git a/finger/ehole/Netgear.yml b/finger/ehole/Netgear.yml
new file mode 100644
index 0000000..05ae643
--- /dev/null
+++ b/finger/ehole/Netgear.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Netgear
+manual: false
+detail:
+    fingerprint:
+        name: Netgear
+    fofa: icon_hash="-1319025408"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1319025408
+expression: r0()
diff --git a/finger/ehole/Netsys.yml b/finger/ehole/Netsys.yml
new file mode 100644
index 0000000..6bc2f42
--- /dev/null
+++ b/finger/ehole/Netsys.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Netsys
+manual: false
+detail:
+    fingerprint:
+        name: Netsys
+    fofa: header="Netsys" || title="Netsys"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Netsys"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Netsys")
+expression: r0() || r1()
diff --git a/finger/ehole/Nginx.yml b/finger/ehole/Nginx.yml
new file mode 100644
index 0000000..b46289c
--- /dev/null
+++ b/finger/ehole/Nginx.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Nginx
+manual: false
+detail:
+    fingerprint:
+        name: Nginx
+    fofa: 'header="Welcome to nginx" && header="(Server: nginx" || header="server: nginx"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("Welcome to nginx")) && response.raw_header.bcontains(bytes("(Server: nginx"))'
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: nginx"))'
+expression: r0() || r1()
diff --git a/finger/ehole/Nuxt JS.yml b/finger/ehole/Nuxt JS.yml
new file mode 100644
index 0000000..4b84379
--- /dev/null
+++ b/finger/ehole/Nuxt JS.yml	
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Nuxt JS
+manual: false
+detail:
+    fingerprint:
+        name: Nuxt JS
+    fofa: icon_hash="-1442789563"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1442789563
+expression: r0()
diff --git a/finger/ehole/Nuxt_js.yml b/finger/ehole/Nuxt_js.yml
new file mode 100644
index 0000000..886e32c
--- /dev/null
+++ b/finger/ehole/Nuxt_js.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Nuxt_js
+manual: false
+detail:
+    fingerprint:
+        name: Nuxt.js
+    fofa: title="Nuxt.js"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Nuxt.js")
+expression: r0()
diff --git a/finger/ehole/OTCMS.yml b/finger/ehole/OTCMS.yml
new file mode 100644
index 0000000..db1e64f
--- /dev/null
+++ b/finger/ehole/OTCMS.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-OTCMS
+manual: false
+detail:
+    fingerprint:
+        name: OTCMS
+    fofa: body="OTCMS" || title="OTCMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("OTCMS")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("OTCMS")
+expression: r0() || r1()
diff --git a/finger/ehole/OpenResty.yml b/finger/ehole/OpenResty.yml
new file mode 100644
index 0000000..b869613
--- /dev/null
+++ b/finger/ehole/OpenResty.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-OpenResty
+manual: false
+detail:
+    fingerprint:
+        name: OpenResty
+    fofa: 'body="<center>openresty/" || header="ngx_openresty" || body="Thank you for flying OpenResty" || header="Server: openresty" || body="If you see this page, the OpenResty web platform is successfully installed and working" || header="server: openresty" || title="OpenResty"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<center>openresty/")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("ngx_openresty"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Thank you for flying OpenResty")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("Server: openresty"))'
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("If you see this page, the OpenResty web platform is successfully installed and working")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: openresty"))'
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("OpenResty")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/OpenSNS.yml b/finger/ehole/OpenSNS.yml
new file mode 100644
index 0000000..140cf58
--- /dev/null
+++ b/finger/ehole/OpenSNS.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-OpenSNS
+manual: false
+detail:
+    fingerprint:
+        name: OpenSNS
+    fofa: body="powered by opensns" && body="content=\"opensns" && body="os-icon-home app-icon " || body="content=\"OpenSNS" || body="os-icon-home app-icon " || body="content=\"opensns" || body="powered by opensns" || body="os-icon-home app-icon"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by opensns") && response.body_string.contains('content="opensns') && response.body_string.contains("os-icon-home app-icon ")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="OpenSNS')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("os-icon-home app-icon ")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="opensns')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by opensns")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("os-icon-home app-icon")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/OpenSolaris.yml b/finger/ehole/OpenSolaris.yml
new file mode 100644
index 0000000..03bbe96
--- /dev/null
+++ b/finger/ehole/OpenSolaris.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-OpenSolaris
+manual: false
+detail:
+    fingerprint:
+        name: OpenSolaris
+    fofa: header="OpenSolaris"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("OpenSolaris"))
+expression: r0()
diff --git a/finger/ehole/OpenStack.yml b/finger/ehole/OpenStack.yml
new file mode 100644
index 0000000..428ebe9
--- /dev/null
+++ b/finger/ehole/OpenStack.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-OpenStack
+manual: false
+detail:
+    fingerprint:
+        name: OpenStack
+    fofa: icon_hash="786533217" || icon_hash="-923088984" || icon_hash="1232596212" || title="openstack dashboard"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 786533217
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -923088984
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1232596212
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("openstack dashboard")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/OpenVPN.yml b/finger/ehole/OpenVPN.yml
new file mode 100644
index 0000000..15126a8
--- /dev/null
+++ b/finger/ehole/OpenVPN.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-OpenVPN
+manual: false
+detail:
+    fingerprint:
+        name: OpenVPN
+    fofa: 'icon_hash="396533629" || header="realm=\"openvpn" || header="server: openvpn"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 396533629
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes('realm="openvpn'))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: openvpn"))'
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/Openfire.yml b/finger/ehole/Openfire.yml
new file mode 100644
index 0000000..9525217
--- /dev/null
+++ b/finger/ehole/Openfire.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-Openfire
+manual: false
+detail:
+    fingerprint:
+        name: Openfire
+    fofa: 'body="class=\"row justify-content-center\"" && body="<title>openfire 管理界面</title>" || body="<title>openfire 管理界面</title>" && body="class=\"row justify-content-center\"" || body="background: transparent url(images/login_logo.gif) no-repeat" || body="class=\"row justify-content-center\"" || body="<title>openfire 管理界面</title>" || title="Openfire"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('class="row justify-content-center"') && response.body_string.contains("<title>openfire 管理界面</title>")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>openfire 管理界面</title>") && response.body_string.contains('class="row justify-content-center"')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains("background: transparent url(images/login_logo.gif) no-repeat")'
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('class="row justify-content-center"')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>openfire 管理界面</title>")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Openfire")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/Oracle Commerce.yml b/finger/ehole/Oracle Commerce.yml
new file mode 100644
index 0000000..d6bb4f6
--- /dev/null
+++ b/finger/ehole/Oracle Commerce.yml	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Oracle Commerce
+manual: false
+detail:
+    fingerprint:
+        name: Oracle Commerce
+    fofa: header="Oracle Commerce" || title="Oracle Commerce"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Oracle Commerce"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Oracle Commerce")
+expression: r0() || r1()
diff --git a/finger/ehole/Oracle-Application-Server.yml b/finger/ehole/Oracle-Application-Server.yml
new file mode 100644
index 0000000..41b1d90
--- /dev/null
+++ b/finger/ehole/Oracle-Application-Server.yml
@@ -0,0 +1,107 @@
+name: fingerprint-yaml-Oracle-Application-Server
+manual: false
+detail:
+    fingerprint:
+        name: Oracle-Application-Server
+    fofa: 'body="oracle http server</font></font></b></h1>" || header="oracle-application-server" || header="Oracle-Application-Server" || header="Oracle Application Server" || body="mod_ose documentation" && body="oracle jsp documentation" && body="mod_ssl web site" || body="mod_ssl web site" || body="oracle jsp documentation" || body="mod_ose documentation" || header="server: oracle_web_listener" || header="server: oracle http server" || header="server: oracle containers for j2ee" || header="server: oracle application server" || title="Oracle Application Server" || title="oracle http server"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("oracle http server</font></font></b></h1>")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("oracle-application-server"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Oracle-Application-Server"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Oracle Application Server"))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("mod_ose documentation") && response.body_string.contains("oracle jsp documentation") && response.body_string.contains("mod_ssl web site")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("mod_ssl web site")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("oracle jsp documentation")
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("mod_ose documentation")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: oracle_web_listener"))'
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: oracle http server"))'
+    r10:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: oracle containers for j2ee"))'
+    r11:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: oracle application server"))'
+    r12:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Oracle Application Server")
+    r13:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("oracle http server")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9() || r10() || r11() || r12() || r13()
diff --git a/finger/ehole/Oracle-Fusion-Middleware.yml b/finger/ehole/Oracle-Fusion-Middleware.yml
new file mode 100644
index 0000000..f7231b6
--- /dev/null
+++ b/finger/ehole/Oracle-Fusion-Middleware.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-Oracle-Fusion-Middleware
+manual: false
+detail:
+    fingerprint:
+        name: Oracle-Fusion-Middleware
+    fofa: body="href=\"css/fmw_bottom_area.css" || header="oracle-fusion-middleware" || body="<title>Welcome to Oracle Fusion Middleware</title>" || body="<link href=\"css/fmw_bottom_area.css\" rel=\"stylesheet\" type=\"text/css\">" || title="welcome to oracle fusion middleware"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="css/fmw_bottom_area.css')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("oracle-fusion-middleware"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Welcome to Oracle Fusion Middleware</title>")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<link href="css/fmw_bottom_area.css" rel="stylesheet" type="text/css">')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("welcome to oracle fusion middleware")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/Outlook.yml b/finger/ehole/Outlook.yml
new file mode 100644
index 0000000..5586f1e
--- /dev/null
+++ b/finger/ehole/Outlook.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Outlook
+manual: false
+detail:
+    fingerprint:
+        name: Outlook
+    fofa: body="owa/auth" && body="Outlook" && body="logonDiv"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("owa/auth") && response.body_string.contains("Outlook") && response.body_string.contains("logonDiv")
+expression: r0()
diff --git a/finger/ehole/PHP.yml b/finger/ehole/PHP.yml
new file mode 100644
index 0000000..c39df0e
--- /dev/null
+++ b/finger/ehole/PHP.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-PHP
+manual: false
+detail:
+    fingerprint:
+        name: PHP
+    fofa: 'header="x-powered-by: php" || body=".php?" || header="php_errors" || header="php_session" || header="php/"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("x-powered-by: php"))'
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains(".php?")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("php_errors"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("php_session"))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("php/"))
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/PHPMyWind.yml b/finger/ehole/PHPMyWind.yml
new file mode 100644
index 0000000..4a28a31
--- /dev/null
+++ b/finger/ehole/PHPMyWind.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-PHPMyWind
+manual: false
+detail:
+    fingerprint:
+        name: PHPMyWind
+    fofa: body="phpmywind.com all rights reserved" && body="content=\"phpmywind" || body="phpMyWind.com All Rights Reserved" || body="content=\"PHPMyWind" || body="PHPMyWind" || body="content=\"phpmywind" || body="phpmywind.com all rights reserved"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("phpmywind.com all rights reserved") && response.body_string.contains('content="phpmywind')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("phpMyWind.com All Rights Reserved")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="PHPMyWind')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("PHPMyWind")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="phpmywind')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("phpmywind.com all rights reserved")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/PHPWEB.yml b/finger/ehole/PHPWEB.yml
new file mode 100644
index 0000000..41743b8
--- /dev/null
+++ b/finger/ehole/PHPWEB.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-PHPWEB
+manual: false
+detail:
+    fingerprint:
+        name: PHPWEB
+    fofa: body="pdv_pagename" || body="PDV_PAGENAME"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("pdv_pagename")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("PDV_PAGENAME")
+expression: r0() || r1()
diff --git a/finger/ehole/Palo Alto Networks.yml b/finger/ehole/Palo Alto Networks.yml
new file mode 100644
index 0000000..4fb6b54
--- /dev/null
+++ b/finger/ehole/Palo Alto Networks.yml	
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Palo Alto Networks
+manual: false
+detail:
+    fingerprint:
+        name: Palo Alto Networks
+    fofa: icon_hash="-318947884"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -318947884
+expression: r0()
diff --git a/finger/ehole/Panabit-Panalog.yml b/finger/ehole/Panabit-Panalog.yml
new file mode 100644
index 0000000..16655f9
--- /dev/null
+++ b/finger/ehole/Panabit-Panalog.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Panabit-Panalog
+manual: false
+detail:
+    fingerprint:
+        name: Panabit-Panalog
+    fofa: body="img/logo.gif" && body="Maintain" && body="unamexx" && body="img/12.png" || body="id=\"codeno\"" || body="日志系统" && body="id=\"codeno\"" || title="panalog"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("img/logo.gif") && response.body_string.contains("Maintain") && response.body_string.contains("unamexx") && response.body_string.contains("img/12.png")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('id="codeno"')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("日志系统") && response.body_string.contains('id="codeno"')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("panalog")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/PbootCMS.yml b/finger/ehole/PbootCMS.yml
new file mode 100644
index 0000000..a8e9dd9
--- /dev/null
+++ b/finger/ehole/PbootCMS.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-PbootCMS
+manual: false
+detail:
+    fingerprint:
+        name: PbootCMS
+    fofa: 'header="PbootSystem" || header="PbootCMS" || header="set-cookie: pbootsystem=" || title="PbootCMS"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("PbootSystem"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("PbootCMS"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("set-cookie: pbootsystem="))'
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("PbootCMS")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/PeopleSoft.yml b/finger/ehole/PeopleSoft.yml
new file mode 100644
index 0000000..e7985e6
--- /dev/null
+++ b/finger/ehole/PeopleSoft.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-PeopleSoft
+manual: false
+detail:
+    fingerprint:
+        name: PeopleSoft
+    fofa: title="PeopleSoft"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("PeopleSoft")
+expression: r0()
diff --git a/finger/ehole/Percussion.yml b/finger/ehole/Percussion.yml
new file mode 100644
index 0000000..0df5af2
--- /dev/null
+++ b/finger/ehole/Percussion.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Percussion
+manual: false
+detail:
+    fingerprint:
+        name: Percussion
+    fofa: header="Percussion" || title="Percussion"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Percussion"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Percussion")
+expression: r0() || r1()
diff --git a/finger/ehole/Phoenix.yml b/finger/ehole/Phoenix.yml
new file mode 100644
index 0000000..965c4c5
--- /dev/null
+++ b/finger/ehole/Phoenix.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Phoenix
+manual: false
+detail:
+    fingerprint:
+        name: Phoenix
+    fofa: header="Phoenix" || title="Phoenix"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Phoenix"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Phoenix")
+expression: r0() || r1()
diff --git a/finger/ehole/PhpWind.yml b/finger/ehole/PhpWind.yml
new file mode 100644
index 0000000..46e6a32
--- /dev/null
+++ b/finger/ehole/PhpWind.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-PhpWind
+manual: false
+detail:
+    fingerprint:
+        name: PhpWind
+    fofa: body="content=\"phpwind" || body="phpwind" || body="Powered by <a href=\"http://www.phpwind.net/\" target=\"_blank\"><b>PHPWind</b></a>" || title="powered by phpwind"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="phpwind')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("phpwind")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('Powered by <a href="http://www.phpwind.net/" target="_blank"><b>PHPWind</b></a>')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("powered by phpwind")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/PigCms.yml b/finger/ehole/PigCms.yml
new file mode 100644
index 0000000..9830d44
--- /dev/null
+++ b/finger/ehole/PigCms.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-PigCms
+manual: false
+detail:
+    fingerprint:
+        name: PigCms
+    fofa: 'header="x-powered-by: pigcms.com" || header="X-Powered-By:PigCms.com"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("x-powered-by: pigcms.com"))'
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("X-Powered-By:PigCms.com"))
+expression: r0() || r1()
diff --git a/finger/ehole/Po_st.yml b/finger/ehole/Po_st.yml
new file mode 100644
index 0000000..5154852
--- /dev/null
+++ b/finger/ehole/Po_st.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Po_st
+manual: false
+detail:
+    fingerprint:
+        name: Po.st
+    fofa: header="Po.st" || title="Po.st"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Po.st"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Po.st")
+expression: r0() || r1()
diff --git a/finger/ehole/Polycom.yml b/finger/ehole/Polycom.yml
new file mode 100644
index 0000000..9a476b8
--- /dev/null
+++ b/finger/ehole/Polycom.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Polycom
+manual: false
+detail:
+    fingerprint:
+        name: Polycom
+    fofa: icon_hash="77044418" || body="kAllowDirectHTMLFileAccess"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 77044418
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("kAllowDirectHTMLFileAccess")
+expression: r0() || r1()
diff --git a/finger/ehole/PrestaShop.yml b/finger/ehole/PrestaShop.yml
new file mode 100644
index 0000000..d012103
--- /dev/null
+++ b/finger/ehole/PrestaShop.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-PrestaShop
+manual: false
+detail:
+    fingerprint:
+        name: PrestaShop
+    fofa: body="Shop powered by PrestaShop" || header="PrestaShop"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Shop powered by PrestaShop")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("PrestaShop"))
+expression: r0() || r1()
diff --git a/finger/ehole/REDDOXX.yml b/finger/ehole/REDDOXX.yml
new file mode 100644
index 0000000..256ed18
--- /dev/null
+++ b/finger/ehole/REDDOXX.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-REDDOXX
+manual: false
+detail:
+    fingerprint:
+        name: REDDOXX
+    fofa: body="148779de-1cf1-49bb-8bdb-129321cf8974"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("148779de-1cf1-49bb-8bdb-129321cf8974")
+expression: r0()
diff --git a/finger/ehole/RabbitMQ.yml b/finger/ehole/RabbitMQ.yml
new file mode 100644
index 0000000..de91412
--- /dev/null
+++ b/finger/ehole/RabbitMQ.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-RabbitMQ
+manual: false
+detail:
+    fingerprint:
+        name: RabbitMQ
+    fofa: body="<title>RabbitMQ Management</title>" || icon_hash="1064742722" || header="RabbitMQ" || title="RabbitMQ" || title="rabbitmq management"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>RabbitMQ Management</title>")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1064742722
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("RabbitMQ"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("RabbitMQ")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("rabbitmq management")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/RedHat JBoss.yml b/finger/ehole/RedHat JBoss.yml
new file mode 100644
index 0000000..191dccf
--- /dev/null
+++ b/finger/ehole/RedHat JBoss.yml	
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-RedHat JBoss
+manual: false
+detail:
+    fingerprint:
+        name: RedHat JBoss
+    fofa: body="<h3>JBoss Management</h3>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<h3>JBoss Management</h3>")
+expression: r0()
diff --git a/finger/ehole/Redhat.yml b/finger/ehole/Redhat.yml
new file mode 100644
index 0000000..6238315
--- /dev/null
+++ b/finger/ehole/Redhat.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-Redhat
+manual: false
+detail:
+    fingerprint:
+        name: Redhat
+    fofa: header="Redhat" || header="Red Hat" || title="Red Hat"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Redhat"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Red Hat"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Red Hat")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/Resin.yml b/finger/ehole/Resin.yml
new file mode 100644
index 0000000..614a937
--- /dev/null
+++ b/finger/ehole/Resin.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Resin
+manual: false
+detail:
+    fingerprint:
+        name: Resin
+    fofa: 'body="<script type=\"text/javascript\" src=\"/resin-doc/js/default.js\">" || header="Server: Resin" || header="Server:Resin" || header="server: resin"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<script type="text/javascript" src="/resin-doc/js/default.js">')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("Server: Resin"))'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Server:Resin"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: resin"))'
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/RichMail.yml b/finger/ehole/RichMail.yml
new file mode 100644
index 0000000..7b4ce54
--- /dev/null
+++ b/finger/ehole/RichMail.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-RichMail
+manual: false
+detail:
+    fingerprint:
+        name: RichMail
+    fofa: body="content=\"richmail" && body="app_download\":\"\",\"richmail官网" || body="/resource/se/lang/se/mail_zh_CN.js" || body="content=\"Richmail" || body="app_download\":\"\",\"richmail官网" || body="content=\"richmail" || title="richmail 企业邮箱" || title="richmail"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="richmail') && response.body_string.contains('app_download":"","richmail官网')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/resource/se/lang/se/mail_zh_CN.js")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="Richmail')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('app_download":"","richmail官网')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="richmail')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("richmail 企业邮箱")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("richmail")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/Ruby on Rails.yml b/finger/ehole/Ruby on Rails.yml
new file mode 100644
index 0000000..33d208b
--- /dev/null
+++ b/finger/ehole/Ruby on Rails.yml	
@@ -0,0 +1,100 @@
+name: fingerprint-yaml-Ruby on Rails
+manual: false
+detail:
+    fingerprint:
+        name: Ruby on Rails
+    fofa: 'header="Ruby on Rails" || body="<!-- This file lives in public/404.html -->" || body="<!-- This file lives in public/422.html -->" || body="<!-- This file lives in public/500.html -->" || body="// This file is automatically included by javascript_include_tag :defaults" || body="No route matches \"/doesnotexist\" with {:method=>:get}" || body="<title>The page you were looking for doesn\"t exist (404)</title>" || body="#errorExplanation h2 {" || body="<h3><a href=\"rails/info/properties\" onclick=\"about(); return false\">About your application&rsquo;s environment</a></h3>" || body="<p>Run <tt>rake db:migrate</tt> to create your database. If you\"re not using SQLite (the default), edit <tt>config/database.yml</tt> with your username and password.</p>" || body="<title>Action Controller: Exception caught</title>" || body="<div id=\"session_dump\" style=\"display:none\"><pre class=\"debug_dump\">---" || title="Ruby on Rails"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Ruby on Rails"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<!-- This file lives in public/404.html -->")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<!-- This file lives in public/422.html -->")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<!-- This file lives in public/500.html -->")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("// This file is automatically included by javascript_include_tag :defaults")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('No route matches "/doesnotexist" with {:method=>:get}')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<title>The page you were looking for doesn"t exist (404)</title>')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("#errorExplanation h2 {")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<h3><a href="rails/info/properties" onclick="about(); return false">About your application&rsquo;s environment</a></h3>')
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<p>Run <tt>rake db:migrate</tt> to create your database. If you"re not using SQLite (the default), edit <tt>config/database.yml</tt> with your username and password.</p>')
+    r10:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains("<title>Action Controller: Exception caught</title>")'
+    r11:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<div id="session_dump" style="display:none"><pre class="debug_dump">---')
+    r12:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Ruby on Rails")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9() || r10() || r11() || r12()
diff --git a/finger/ehole/Ruby.yml b/finger/ehole/Ruby.yml
new file mode 100644
index 0000000..98263de
--- /dev/null
+++ b/finger/ehole/Ruby.yml
@@ -0,0 +1,72 @@
+name: fingerprint-yaml-Ruby
+manual: false
+detail:
+    fingerprint:
+        name: Ruby
+    fofa: header="ruby" && header="phusion" && header="x-rack-cache" && header="rubyversion" || body="content=\"authenticity_token" && body="name=\"csrf-param" && body="src=\"/assets/" || header="rubyversion" || header="rails_env" || header="x-rack-cache" || header="mongrel" || header="phusion" || header="webrick" || header="ruby"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("ruby")) && response.raw_header.bcontains(bytes("phusion")) && response.raw_header.bcontains(bytes("x-rack-cache")) && response.raw_header.bcontains(bytes("rubyversion"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="authenticity_token') && response.body_string.contains('name="csrf-param') && response.body_string.contains('src="/assets/')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("rubyversion"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("rails_env"))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("x-rack-cache"))
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("mongrel"))
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("phusion"))
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("webrick"))
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("ruby"))
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8()
diff --git a/finger/ehole/Ruckus.yml b/finger/ehole/Ruckus.yml
new file mode 100644
index 0000000..8451745
--- /dev/null
+++ b/finger/ehole/Ruckus.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Ruckus
+manual: false
+detail:
+    fingerprint:
+        name: Ruckus
+    fofa: body="mon.  Tell me your username"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("mon.  Tell me your username")
+expression: r0()
diff --git a/finger/ehole/Ruijie--EWEB.yml b/finger/ehole/Ruijie--EWEB.yml
new file mode 100644
index 0000000..312345c
--- /dev/null
+++ b/finger/ehole/Ruijie--EWEB.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-Ruijie--EWEB
+manual: false
+detail:
+    fingerprint:
+        name: Ruijie--EWEB
+    fofa: body="<span class=\"resource\" mark=\"login.copyright\">锐捷网络</span>" && body="login.getdeviceinfo" || body="login.getdeviceinfo" && body="<span class=\"resource\" mark=\"login.copyright\">锐捷网络</span>" || body="<span class=\"resource\" mark=\"login.copyright\">锐捷网络</span>" || body="login.getdeviceinfo" || title="锐捷网络-eweb网管系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<span class="resource" mark="login.copyright">锐捷网络</span>') && response.body_string.contains("login.getdeviceinfo")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("login.getdeviceinfo") && response.body_string.contains('<span class="resource" mark="login.copyright">锐捷网络</span>')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<span class="resource" mark="login.copyright">锐捷网络</span>')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("login.getdeviceinfo")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("锐捷网络-eweb网管系统")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/Ruijie.yml b/finger/ehole/Ruijie.yml
new file mode 100644
index 0000000..75500aa
--- /dev/null
+++ b/finger/ehole/Ruijie.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Ruijie
+manual: false
+detail:
+    fingerprint:
+        name: Ruijie
+    fofa: body="4008 111 000"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("4008 111 000")
+expression: r0()
diff --git a/finger/ehole/RuoYi.yml b/finger/ehole/RuoYi.yml
new file mode 100644
index 0000000..87250ab
--- /dev/null
+++ b/finger/ehole/RuoYi.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-RuoYi
+manual: false
+detail:
+    fingerprint:
+        name: RuoYi
+    fofa: body="All Rights Reserved. RuoYi" && body="/ry-ui.css" && body="/ry-ui.js" && body="" && body="(e49fd30ea870c7a820464ca56a113e6e"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("All Rights Reserved. RuoYi") && response.body_string.contains("/ry-ui.css") && response.body_string.contains("/ry-ui.js") && response.body_string.contains("") && response.body_string.contains("(e49fd30ea870c7a820464ca56a113e6e")
+expression: r0()
diff --git a/finger/ehole/SAFETY-LOGBASE.yml b/finger/ehole/SAFETY-LOGBASE.yml
new file mode 100644
index 0000000..3034557
--- /dev/null
+++ b/finger/ehole/SAFETY-LOGBASE.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-SAFETY-LOGBASE
+manual: false
+detail:
+    fingerprint:
+        name: SAFETY-LOGBASE
+    fofa: 'body="onclick=\"location.href=''trustcert.cgi''" || body="onclick=\"location.href=\"trustcert.cgi\"" || header="server: dummy" || title="logbase"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("onclick=\"location.href='trustcert.cgi'")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('onclick="location.href="trustcert.cgi"')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: dummy"))'
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("logbase")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/SANGFOR-EDR.yml b/finger/ehole/SANGFOR-EDR.yml
new file mode 100644
index 0000000..b75ba49
--- /dev/null
+++ b/finger/ehole/SANGFOR-EDR.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-SANGFOR-EDR
+manual: false
+detail:
+    fingerprint:
+        name: SANGFOR-EDR
+    fofa: body="datalayer','gtm-tl7g2lw'" || body="datalayer\",\"gtm-tl7g2lw\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("datalayer','gtm-tl7g2lw'")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('datalayer","gtm-tl7g2lw"')
+expression: r0() || r1()
diff --git a/finger/ehole/SAP Netweaver.yml b/finger/ehole/SAP Netweaver.yml
new file mode 100644
index 0000000..cf64aa5
--- /dev/null
+++ b/finger/ehole/SAP Netweaver.yml	
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-SAP Netweaver
+manual: false
+detail:
+    fingerprint:
+        name: SAP Netweaver
+    fofa: icon_hash="-266008933" || header="SAP NetWeaver" || title="SAP NetWeaver" || title="SAPNetWeaver"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -266008933
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("SAP NetWeaver"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("SAP NetWeaver")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("SAPNetWeaver")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/SMP.yml b/finger/ehole/SMP.yml
new file mode 100644
index 0000000..982a133
--- /dev/null
+++ b/finger/ehole/SMP.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-SMP
+manual: false
+detail:
+    fingerprint:
+        name: SMP
+    fofa: header="/sso/index.do?appid=ssa"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("/sso/index.do?appid=ssa"))
+expression: r0()
diff --git a/finger/ehole/SPIP.yml b/finger/ehole/SPIP.yml
new file mode 100644
index 0000000..64a998e
--- /dev/null
+++ b/finger/ehole/SPIP.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-SPIP
+manual: false
+detail:
+    fingerprint:
+        name: SPIP
+    fofa: body="<div class=\"formulaire_spip formulaire_recherche\"" || body="<a href=\"spip.php" || body="<img src=\"/spip"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<div class="formulaire_spip formulaire_recherche"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="spip.php')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<img src="/spip')
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/SVN.yml b/finger/ehole/SVN.yml
new file mode 100644
index 0000000..c0d26c9
--- /dev/null
+++ b/finger/ehole/SVN.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-SVN
+manual: false
+detail:
+    fingerprint:
+        name: SVN
+    fofa: 'header="server: svn"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: svn"))'
+expression: r0()
diff --git a/finger/ehole/Safedog.yml b/finger/ehole/Safedog.yml
new file mode 100644
index 0000000..f249245
--- /dev/null
+++ b/finger/ehole/Safedog.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-Safedog
+manual: false
+detail:
+    fingerprint:
+        name: Safedog
+    fofa: 'body="<a href=\"http://security.safedog.cn/index.html\"><input type=\"button\" name=\"feedback\"" || body="safedog-flow-item=" || header="safedog-flow-item=" || header="set-cookie: safedog" || header="server: safedog" || header="waf/2.0"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="http://security.safedog.cn/index.html"><input type="button" name="feedback"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("safedog-flow-item=")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("safedog-flow-item="))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("set-cookie: safedog"))'
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: safedog"))'
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("waf/2.0"))
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/SaltStack.yml b/finger/ehole/SaltStack.yml
new file mode 100644
index 0000000..3805da3
--- /dev/null
+++ b/finger/ehole/SaltStack.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-SaltStack
+manual: false
+detail:
+    fingerprint:
+        name: SaltStack
+    fofa: body="shape=\"ss-logo-black\"" || body="<title>SaltStack</title>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('shape="ss-logo-black"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>SaltStack</title>")
+expression: r0() || r1()
diff --git a/finger/ehole/Sangfor SSL VPN.yml b/finger/ehole/Sangfor SSL VPN.yml
new file mode 100644
index 0000000..6c25938
--- /dev/null
+++ b/finger/ehole/Sangfor SSL VPN.yml	
@@ -0,0 +1,72 @@
+name: fingerprint-yaml-Sangfor SSL VPN
+manual: false
+detail:
+    fingerprint:
+        name: Sangfor SSL VPN
+    fofa: body="/por/login_psw.csp" || body="loginPageSP/loginPrivacy.js" || body="login_psw.csp" && body="<font color=\"white\">深信服科技版权所有" && body="ssl vpn" || header="twfid" || body="ssl vpn" && body="<font color=\"white\">深信服科技版权所有" || body="luyi 20120223" || body="login_psw.csp" || body="ssl vpn" || title="sangfor-ssl"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/por/login_psw.csp")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("loginPageSP/loginPrivacy.js")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("login_psw.csp") && response.body_string.contains('<font color="white">深信服科技版权所有') && response.body_string.contains("ssl vpn")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("twfid"))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ssl vpn") && response.body_string.contains('<font color="white">深信服科技版权所有')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("luyi 20120223")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("login_psw.csp")
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ssl vpn")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("sangfor-ssl")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8()
diff --git a/finger/ehole/Sangfor.yml b/finger/ehole/Sangfor.yml
new file mode 100644
index 0000000..a51dab1
--- /dev/null
+++ b/finger/ehole/Sangfor.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-Sangfor
+manual: false
+detail:
+    fingerprint:
+        name: Sangfor
+    fofa: icon_hash="123821839" || icon_hash="-1926484046" || icon_hash="-1810847295"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 123821839
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1926484046
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1810847295
+expression: r0() || r1() || r2()
diff --git "a/finger/ehole/Sapido-\350\267\257\347\224\261\345\231\250.yml" "b/finger/ehole/Sapido-\350\267\257\347\224\261\345\231\250.yml"
new file mode 100644
index 0000000..0ed8cb1
--- /dev/null
+++ "b/finger/ehole/Sapido-\350\267\257\347\224\261\345\231\250.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Sapido-路由器
+manual: false
+detail:
+    fingerprint:
+        name: Sapido-路由器
+    fofa: body="<script>MML(\"change password\");</script>" && body="><script>MML('Traditional Chinese'"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<script>MML("change password");</script>') && response.body_string.contains("><script>MML('Traditional Chinese'")
+expression: r0()
diff --git a/finger/ehole/Seafile.yml b/finger/ehole/Seafile.yml
new file mode 100644
index 0000000..51a4c21
--- /dev/null
+++ b/finger/ehole/Seafile.yml
@@ -0,0 +1,79 @@
+name: fingerprint-yaml-Seafile
+manual: false
+detail:
+    fingerprint:
+        name: Seafile
+    fofa: icon_hash="-12700016" || body="css/seahub.min.css" && body="seafile_global" && body="seafile" || body="<img src=\"/media/img/seafile-logo.png\"" || header="seafile" || body="seafile" && body="seafile_global" && body="css/seahub.min.css" || body="css/seahub.min.css" || body="seafile_global" || body="seafile" || title="seafile" || title="private seafile"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -12700016
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("css/seahub.min.css") && response.body_string.contains("seafile_global") && response.body_string.contains("seafile")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<img src="/media/img/seafile-logo.png"')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("seafile"))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("seafile") && response.body_string.contains("seafile_global") && response.body_string.contains("css/seahub.min.css")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("css/seahub.min.css")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("seafile_global")
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("seafile")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("seafile")
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("private seafile")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9()
diff --git a/finger/ehole/Seeyon.yml b/finger/ehole/Seeyon.yml
new file mode 100644
index 0000000..aa79494
--- /dev/null
+++ b/finger/ehole/Seeyon.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Seeyon
+manual: false
+detail:
+    fingerprint:
+        name: Seeyon
+    fofa: body="href=\"/seeyon/common/images/"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="/seeyon/common/images/')
+expression: r0()
diff --git a/finger/ehole/Sentry.yml b/finger/ehole/Sentry.yml
new file mode 100644
index 0000000..580facc
--- /dev/null
+++ b/finger/ehole/Sentry.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Sentry
+manual: false
+detail:
+    fingerprint:
+        name: Sentry
+    fofa: icon_hash="2063428236"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 2063428236
+expression: r0()
diff --git a/finger/ehole/Shiro.yml b/finger/ehole/Shiro.yml
new file mode 100644
index 0000000..c80bdf0
--- /dev/null
+++ b/finger/ehole/Shiro.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-Shiro
+manual: false
+detail:
+    fingerprint:
+        name: Shiro
+    fofa: header="rememberMe=" || header="=deleteMe" || header="shiroCookie" || body="rememberMe=" || body="=deleteMe"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("rememberMe="))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("=deleteMe"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("shiroCookie"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("rememberMe=")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("=deleteMe")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/ShopNC.yml b/finger/ehole/ShopNC.yml
new file mode 100644
index 0000000..1b7c9bd
--- /dev/null
+++ b/finger/ehole/ShopNC.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-ShopNC
+manual: false
+detail:
+    fingerprint:
+        name: ShopNC
+    fofa: body="powered by shopnc" && body="copyright 2007-2014 shopnc inc" && body="content=\"shopnc" || body="Powered by ShopNC" || body="Copyright 2007-2014 ShopNC Inc" || body="content=\"ShopNC" || body="content=\"shopnc" || body="copyright 2007-2014 shopnc inc" || body="powered by shopnc"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by shopnc") && response.body_string.contains("copyright 2007-2014 shopnc inc") && response.body_string.contains('content="shopnc')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Powered by ShopNC")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Copyright 2007-2014 ShopNC Inc")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="ShopNC')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="shopnc')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("copyright 2007-2014 shopnc inc")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by shopnc")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/ShopsN.yml b/finger/ehole/ShopsN.yml
new file mode 100644
index 0000000..30fcbc2
--- /dev/null
+++ b/finger/ehole/ShopsN.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-ShopsN
+manual: false
+detail:
+    fingerprint:
+        name: ShopsN
+    fofa: 'body="content=\"shopsn" && body="href=\"http://www.shopsn.net\">商城系统</a>&nbsp;提供技术支持" && body="<span>shopsn全网开源<a style=\"padding: 0px\" href=\"http://www.shopsn.net" || header="ShopsN" || body="<span>shopsn全网开源<a style=\"padding: 0px\" href=\"http://www.shopsn.net" || body="href=\"http://www.shopsn.net\">商城系统</a>&nbsp;提供技术支持" || body="content=\"shopsn" || title="ShopsN"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains(''content="shopsn'') && response.body_string.contains(''href="http://www.shopsn.net">商城系统</a>&nbsp;提供技术支持'') && response.body_string.contains(''<span>shopsn全网开源<a style="padding: 0px" href="http://www.shopsn.net'')'
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("ShopsN"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains(''<span>shopsn全网开源<a style="padding: 0px" href="http://www.shopsn.net'')'
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="http://www.shopsn.net">商城系统</a>&nbsp;提供技术支持')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="shopsn')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("ShopsN")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/Solarwinds-Traffic-Management.yml b/finger/ehole/Solarwinds-Traffic-Management.yml
new file mode 100644
index 0000000..b47f214
--- /dev/null
+++ b/finger/ehole/Solarwinds-Traffic-Management.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Solarwinds-Traffic-Management
+manual: false
+detail:
+    fingerprint:
+        name: Solarwinds-Traffic-Management
+    fofa: body="solarwinds" && body="solarwinds.css" || body="solarwinds.css" || body="solarwinds" || title="solarwinds network management"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("solarwinds") && response.body_string.contains("solarwinds.css")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("solarwinds.css")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("solarwinds")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("solarwinds network management")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/SonarQube.yml b/finger/ehole/SonarQube.yml
new file mode 100644
index 0000000..8593e8f
--- /dev/null
+++ b/finger/ehole/SonarQube.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-SonarQube
+manual: false
+detail:
+    fingerprint:
+        name: SonarQube
+    fofa: icon_hash="1485257654" || body="content=\"sonarqube" && body="sonarqube" || body="content=\"sonarqube" || body="sonarqube" || title="sonarqube"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1485257654
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="sonarqube') && response.body_string.contains("sonarqube")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="sonarqube')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("sonarqube")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("sonarqube")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/SonicWALL-SSL-VPN.yml b/finger/ehole/SonicWALL-SSL-VPN.yml
new file mode 100644
index 0000000..7ed0296
--- /dev/null
+++ b/finger/ehole/SonicWALL-SSL-VPN.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-SonicWALL-SSL-VPN
+manual: false
+detail:
+    fingerprint:
+        name: SonicWALL-SSL-VPN
+    fofa: 'body="javascript/aventail.js" || header="server: sonicwall ssl-vpn "'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("javascript/aventail.js")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: sonicwall ssl-vpn "))'
+expression: r0() || r1()
diff --git a/finger/ehole/SonicWALL.yml b/finger/ehole/SonicWALL.yml
new file mode 100644
index 0000000..aa9fad7
--- /dev/null
+++ b/finger/ehole/SonicWALL.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-SonicWALL
+manual: false
+detail:
+    fingerprint:
+        name: SonicWALL
+    fofa: icon_hash="631108382" || header="Server:SonicWALL"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 631108382
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Server:SonicWALL"))
+expression: r0() || r1()
diff --git a/finger/ehole/Sophos-Web-Appliance.yml b/finger/ehole/Sophos-Web-Appliance.yml
new file mode 100644
index 0000000..9160106
--- /dev/null
+++ b/finger/ehole/Sophos-Web-Appliance.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-Sophos-Web-Appliance
+manual: false
+detail:
+    fingerprint:
+        name: Sophos-Web-Appliance
+    fofa: body="resources/images/sophos_web.ico" && body="url(resources/images/en/login_swa.jpg" || body="resources/images/sophos_web.ico" || body="url(resources/images/en/login_swa.jpg)" || body="urlresources/images/en/login_swa.jpg" || title="sophos web appliance"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("resources/images/sophos_web.ico") && response.body_string.contains("url(resources/images/en/login_swa.jpg")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("resources/images/sophos_web.ico")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("url(resources/images/en/login_swa.jpg)")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("urlresources/images/en/login_swa.jpg")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("sophos web appliance")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/Spark.yml b/finger/ehole/Spark.yml
new file mode 100644
index 0000000..4b035e5
--- /dev/null
+++ b/finger/ehole/Spark.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-Spark
+manual: false
+detail:
+    fingerprint:
+        name: Spark
+    fofa: body="serversparkversion" || title="spark://" || title="spark worker at"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("serversparkversion")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("spark://")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("spark worker at")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/Spring-Boot-Admin.yml b/finger/ehole/Spring-Boot-Admin.yml
new file mode 100644
index 0000000..e561fcd
--- /dev/null
+++ b/finger/ehole/Spring-Boot-Admin.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Spring-Boot-Admin
+manual: false
+detail:
+    fingerprint:
+        name: Spring-Boot-Admin
+    fofa: body="spring boot admin"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("spring boot admin")
+expression: r0()
diff --git a/finger/ehole/Spring-Framework.yml b/finger/ehole/Spring-Framework.yml
new file mode 100644
index 0000000..8034146
--- /dev/null
+++ b/finger/ehole/Spring-Framework.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Spring-Framework
+manual: false
+detail:
+    fingerprint:
+        name: Spring-Framework
+    fofa: body="org.springframework.web.servlet.i18n.cookielocaleresolver.locale=" && body="<h1>whitelabel error page</h1>" || body="<h1>whitelabel error page</h1>" || body="org.springframework.web.servlet.i18n.cookielocaleresolver.locale=" || header="org.springframework.web.servlet.i18n.cookielocaleresolver.locale="
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("org.springframework.web.servlet.i18n.cookielocaleresolver.locale=") && response.body_string.contains("<h1>whitelabel error page</h1>")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<h1>whitelabel error page</h1>")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("org.springframework.web.servlet.i18n.cookielocaleresolver.locale=")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("org.springframework.web.servlet.i18n.cookielocaleresolver.locale="))
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/Squid.yml b/finger/ehole/Squid.yml
new file mode 100644
index 0000000..b53d267
--- /dev/null
+++ b/finger/ehole/Squid.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Squid
+manual: false
+detail:
+    fingerprint:
+        name: Squid
+    fofa: 'header="server: squid" || header="squid"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: squid"))'
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("squid"))
+expression: r0() || r1()
diff --git a/finger/ehole/Strapi.yml b/finger/ehole/Strapi.yml
new file mode 100644
index 0000000..e445725
--- /dev/null
+++ b/finger/ehole/Strapi.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Strapi
+manual: false
+detail:
+    fingerprint:
+        name: Strapi
+    fofa: header="Strapi" || title="Strapi"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Strapi"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Strapi")
+expression: r0() || r1()
diff --git a/finger/ehole/Strato.yml b/finger/ehole/Strato.yml
new file mode 100644
index 0000000..deef709
--- /dev/null
+++ b/finger/ehole/Strato.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Strato
+manual: false
+detail:
+    fingerprint:
+        name: Strato
+    fofa: header="Strato" || title="Strato"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Strato"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Strato")
+expression: r0() || r1()
diff --git a/finger/ehole/Struts2.yml b/finger/ehole/Struts2.yml
new file mode 100644
index 0000000..aa70523
--- /dev/null
+++ b/finger/ehole/Struts2.yml
@@ -0,0 +1,65 @@
+name: fingerprint-yaml-Struts2
+manual: false
+detail:
+    fingerprint:
+        name: Struts2
+    fofa: header="Struts2" || body="no result defined for action,result input" || body="there is no action mapped for namespace" || body="struts problem report" || header="jboss" || header="servlet" || header="jsessionid" || title="Struts2"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Struts2"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("no result defined for action,result input")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("there is no action mapped for namespace")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("struts problem report")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("jboss"))
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("servlet"))
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("jsessionid"))
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Struts2")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7()
diff --git a/finger/ehole/Superdata-OA.yml b/finger/ehole/Superdata-OA.yml
new file mode 100644
index 0000000..c9087c1
--- /dev/null
+++ b/finger/ehole/Superdata-OA.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Superdata-OA
+manual: false
+detail:
+    fingerprint:
+        name: Superdata-OA
+    fofa: body="速达软件技术（广州）有限公司"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("速达软件技术（广州）有限公司")
+expression: r0()
diff --git a/finger/ehole/Swagger.yml b/finger/ehole/Swagger.yml
new file mode 100644
index 0000000..bf788e5
--- /dev/null
+++ b/finger/ehole/Swagger.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-Swagger
+manual: false
+detail:
+    fingerprint:
+        name: Swagger
+    fofa: body="<div id=\"swagger-ui\"></div>" || body="swagger-ui.css" && body="swagger-ui.js" || body="swagger-ui.js" || body="swagger-ui.css" || title="swagger ui"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<div id="swagger-ui"></div>')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("swagger-ui.css") && response.body_string.contains("swagger-ui.js")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("swagger-ui.js")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("swagger-ui.css")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("swagger ui")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/Synology-NAS.yml b/finger/ehole/Synology-NAS.yml
new file mode 100644
index 0000000..1c378e6
--- /dev/null
+++ b/finger/ehole/Synology-NAS.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-Synology-NAS
+manual: false
+detail:
+    fingerprint:
+        name: Synology-NAS
+    fofa: body="content=\"synology diskstation" && body="content=\"synology nas 提供功能完整的网络存储" || body="modules/BackupReplicationApp" || header="webman/index.cgi" || body="content=\"synology nas 提供功能完整的网络存储" || body="content=\"synology diskstation" || body="nas" && body="content=\"diskstation" || title="synology diskstation"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="synology diskstation') && response.body_string.contains('content="synology nas 提供功能完整的网络存储')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("modules/BackupReplicationApp")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("webman/index.cgi"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="synology nas 提供功能完整的网络存储')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="synology diskstation')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("nas") && response.body_string.contains('content="diskstation')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("synology diskstation")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/TOPSEC-Firewall.yml b/finger/ehole/TOPSEC-Firewall.yml
new file mode 100644
index 0000000..1588493
--- /dev/null
+++ b/finger/ehole/TOPSEC-Firewall.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-TOPSEC-Firewall
+manual: false
+detail:
+    fingerprint:
+        name: TOPSEC-Firewall
+    fofa: body="web user interface" || header="topwebserver" || header="TopSec Firewall" || title="TopSec Firewall" || title="topsec tos web user"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("web user interface")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("topwebserver"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("TopSec Firewall"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("TopSec Firewall")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("topsec tos web user")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/TOPSEC-VPN.yml b/finger/ehole/TOPSEC-VPN.yml
new file mode 100644
index 0000000..b9c19fd
--- /dev/null
+++ b/finger/ehole/TOPSEC-VPN.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-TOPSEC-VPN
+manual: false
+detail:
+    fingerprint:
+        name: TOPSEC-VPN
+    fofa: body="window.location=\"/portal_default/index.html\";</script>" && body="window.location.href=\"/vone/pub/pda.html\";" || header="topsecsvportalname=" || header="TopSec VPN" || body="window.location=\"/portal_default/index.html\";</script>" || body="window.location.href=\"/vone/pub/pda.html\";" || title="TopSec VPN"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('window.location="/portal_default/index.html";</script>') && response.body_string.contains('window.location.href="/vone/pub/pda.html";')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("topsecsvportalname="))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("TopSec VPN"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('window.location="/portal_default/index.html";</script>')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('window.location.href="/vone/pub/pda.html";')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("TopSec VPN")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/TRENDnet-TEW-731BR.yml b/finger/ehole/TRENDnet-TEW-731BR.yml
new file mode 100644
index 0000000..47eca7a
--- /dev/null
+++ b/finger/ehole/TRENDnet-TEW-731BR.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-TRENDnet-TEW-731BR
+manual: false
+detail:
+    fingerprint:
+        name: TRENDnet-TEW-731BR
+    fofa: body="<font size=4><b>tew-731br"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<font size=4><b>tew-731br")
+expression: r0()
diff --git "a/finger/ehole/TamronOS IPTV\347\263\273\347\273\237.yml" "b/finger/ehole/TamronOS IPTV\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..507c047
--- /dev/null
+++ "b/finger/ehole/TamronOS IPTV\347\263\273\347\273\237.yml"	
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-TamronOS IPTV系统
+manual: false
+detail:
+    fingerprint:
+        name: TamronOS IPTV系统
+    fofa: body="TamronOS" && body="loginbox" && body="tamronos.com"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("TamronOS") && response.body_string.contains("loginbox") && response.body_string.contains("tamronos.com")
+expression: r0()
diff --git "a/finger/ehole/Teleport \345\240\241\345\236\222\346\234\272.yml" "b/finger/ehole/Teleport \345\240\241\345\236\222\346\234\272.yml"
new file mode 100644
index 0000000..0ca5efb
--- /dev/null
+++ "b/finger/ehole/Teleport \345\240\241\345\236\222\346\234\272.yml"	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Teleport 堡垒机
+manual: false
+detail:
+    fingerprint:
+        name: Teleport 堡垒机
+    fofa: body="TELEPORT" && body="teleport.js" && body="login-account" || body="teleport.js" && body="login-type-oath" && body="bind-oath"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("TELEPORT") && response.body_string.contains("teleport.js") && response.body_string.contains("login-account")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("teleport.js") && response.body_string.contains("login-type-oath") && response.body_string.contains("bind-oath")
+expression: r0() || r1()
diff --git a/finger/ehole/Tencent-Exmail.yml b/finger/ehole/Tencent-Exmail.yml
new file mode 100644
index 0000000..fcffd6d
--- /dev/null
+++ b/finger/ehole/Tencent-Exmail.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-Tencent-Exmail
+manual: false
+detail:
+    fingerprint:
+        name: Tencent-Exmail
+    fofa: header="ssl_edition=mail.qq.com" || body="cgi-bin/getinvestigate?flowid=" && body="cgi-bin/bizmail_portal" || body="/cgi-bin/getinvestigate?flowid=" && body="/cgi-bin/bizmail_portal" && body="content=\"登录腾讯企业邮箱" || body="content=\"登录腾讯企业邮箱" || body="/cgi-bin/bizmail_portal" || body="/cgi-bin/getinvestigate?flowid=" || title="腾讯企业邮箱"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("ssl_edition=mail.qq.com"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("cgi-bin/getinvestigate?flowid=") && response.body_string.contains("cgi-bin/bizmail_portal")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/cgi-bin/getinvestigate?flowid=") && response.body_string.contains("/cgi-bin/bizmail_portal") && response.body_string.contains('content="登录腾讯企业邮箱')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="登录腾讯企业邮箱')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/cgi-bin/bizmail_portal")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/cgi-bin/getinvestigate?flowid=")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("腾讯企业邮箱")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/Tenda-Router.yml b/finger/ehole/Tenda-Router.yml
new file mode 100644
index 0000000..345bc2e
--- /dev/null
+++ b/finger/ehole/Tenda-Router.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Tenda-Router
+manual: false
+detail:
+    fingerprint:
+        name: Tenda-Router
+    fofa: body="('tenda '+sys_target+' router';" && body="router to restore" && body="router and reset" || body="\"tenda \"+sys_target+\" router\";" || body="router to restore" || body="router and reset"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("('tenda '+sys_target+' router';") && response.body_string.contains("router to restore") && response.body_string.contains("router and reset")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('"tenda "+sys_target+" router";')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("router to restore")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("router and reset")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/Tengine.yml b/finger/ehole/Tengine.yml
new file mode 100644
index 0000000..a09237f
--- /dev/null
+++ b/finger/ehole/Tengine.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Tengine
+manual: false
+detail:
+    fingerprint:
+        name: Tengine
+    fofa: 'body="If you see this page, the tengine web server is successfully installed and" || header="Server: Tengine" || header="Server:Tengine" || header="server: tengine"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("If you see this page, the tengine web server is successfully installed and")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("Server: Tengine"))'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Server:Tengine"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: tengine"))'
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/ThinkCMF.yml b/finger/ehole/ThinkCMF.yml
new file mode 100644
index 0000000..7da3132
--- /dev/null
+++ b/finger/ehole/ThinkCMF.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-ThinkCMF
+manual: false
+detail:
+    fingerprint:
+        name: ThinkCMF
+    fofa: 'body="content=\"thinkcmf" && body="http://www.thinkcmf.com\" target=\"_blank\">thinkcmf</a>" || header="x-powered-by: thinkcmf" || header="ThinkCMF" || body="made by <a href=\"http://www.thinkcmf.com\" target=\"_blank\">thinkcmf</a>" || body="content=\"thinkcmf" || body="http://www.thinkcmf.com\" target=\"_blank\">thinkcmf</a>" || title="ThinkCMF"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="thinkcmf') && response.body_string.contains('http://www.thinkcmf.com" target="_blank">thinkcmf</a>')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("x-powered-by: thinkcmf"))'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("ThinkCMF"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('made by <a href="http://www.thinkcmf.com" target="_blank">thinkcmf</a>')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="thinkcmf')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('http://www.thinkcmf.com" target="_blank">thinkcmf</a>')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("ThinkCMF")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/ThinkPHP.yml b/finger/ehole/ThinkPHP.yml
new file mode 100644
index 0000000..479f46c
--- /dev/null
+++ b/finger/ehole/ThinkPHP.yml
@@ -0,0 +1,72 @@
+name: fingerprint-yaml-ThinkPHP
+manual: false
+detail:
+    fingerprint:
+        name: ThinkPHP
+    fofa: 'header="ThinkPHP" || body="href=\"http://www.thinkphp.cn\">ThinkPHP</a>" && body="十年磨一剑-为API开发设计的高性能框架" || header="thinkphp" && header="think_template" || body="ThinkPHP" || header="thinkphp" || header="think_template" || icon_hash="1165838194" || body="href=\"http://www.thinkphp.cn\">thinkphp</a><sup>" || header="X-Powered-By: ThinkPHP"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("ThinkPHP"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="http://www.thinkphp.cn">ThinkPHP</a>') && response.body_string.contains("十年磨一剑-为API开发设计的高性能框架")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("thinkphp")) && response.raw_header.bcontains(bytes("think_template"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ThinkPHP")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("thinkphp"))
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("think_template"))
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1165838194
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="http://www.thinkphp.cn">thinkphp</a><sup>')
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("X-Powered-By: ThinkPHP"))'
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8()
diff --git a/finger/ehole/ThinkSNS.yml b/finger/ehole/ThinkSNS.yml
new file mode 100644
index 0000000..624a3bb
--- /dev/null
+++ b/finger/ehole/ThinkSNS.yml
@@ -0,0 +1,65 @@
+name: fingerprint-yaml-ThinkSNS
+manual: false
+detail:
+    fingerprint:
+        name: ThinkSNS
+    fofa: body="_static/image/favicon.ico" && body="powered by <a href=\"http://www.thinksns.com\">" || header="t3_lang" && header="tsv3_lang" || body="_static/image/favicon.ico" || body="ThinkSNS" || header="T3_lang" || body="powered by <a href=\"http://www.thinksns.com\">" || header="tsv3_lang" || header="t3_lang"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("_static/image/favicon.ico") && response.body_string.contains('powered by <a href="http://www.thinksns.com">')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("t3_lang")) && response.raw_header.bcontains(bytes("tsv3_lang"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("_static/image/favicon.ico")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ThinkSNS")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("T3_lang"))
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('powered by <a href="http://www.thinksns.com">')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("tsv3_lang"))
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("t3_lang"))
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7()
diff --git a/finger/ehole/Tongda.yml b/finger/ehole/Tongda.yml
new file mode 100644
index 0000000..972b93f
--- /dev/null
+++ b/finger/ehole/Tongda.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Tongda
+manual: false
+detail:
+    fingerprint:
+        name: Tongda
+    fofa: icon_hash="-759108386"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -759108386
+expression: r0()
diff --git a/finger/ehole/TopSec TopApp.yml b/finger/ehole/TopSec TopApp.yml
new file mode 100644
index 0000000..22fe421
--- /dev/null
+++ b/finger/ehole/TopSec TopApp.yml	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-TopSec TopApp
+manual: false
+detail:
+    fingerprint:
+        name: TopSec TopApp
+    fofa: header="TopSec TopApp" || title="TopSec TopApp"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("TopSec TopApp"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("TopSec TopApp")
+expression: r0() || r1()
diff --git a/finger/ehole/TurboMail.yml b/finger/ehole/TurboMail.yml
new file mode 100644
index 0000000..35e67ce
--- /dev/null
+++ b/finger/ehole/TurboMail.yml
@@ -0,0 +1,72 @@
+name: fingerprint-yaml-TurboMail
+manual: false
+detail:
+    fingerprint:
+        name: TurboMail
+    fofa: body="powered by turbomail" && body="wzcon1 clearfix" && body="<a href=\"http://www.turbomail.org\">powered by turbomail</a>" && body="alt=\"turbomail 电子邮件系统\"/>" || body="Powered by TurboMail" || body="wzcon1 clearfix" || body="alt=\"turbomail 电子邮件系统\"/>" || body="<a href=\"http://www.turbomail.org\">powered by turbomail</a>" || body="powered by turbomail" || body="TurboMail管理系统" || body="powered by turbomail" && body="wzcon1 clearfix" || title="turbomail邮件系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by turbomail") && response.body_string.contains("wzcon1 clearfix") && response.body_string.contains('<a href="http://www.turbomail.org">powered by turbomail</a>') && response.body_string.contains('alt="turbomail 电子邮件系统"/>')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Powered by TurboMail")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("wzcon1 clearfix")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('alt="turbomail 电子邮件系统"/>')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="http://www.turbomail.org">powered by turbomail</a>')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by turbomail")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("TurboMail管理系统")
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by turbomail") && response.body_string.contains("wzcon1 clearfix")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("turbomail邮件系统")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8()
diff --git a/finger/ehole/Typecho.yml b/finger/ehole/Typecho.yml
new file mode 100644
index 0000000..3e3afa3
--- /dev/null
+++ b/finger/ehole/Typecho.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-Typecho
+manual: false
+detail:
+    fingerprint:
+        name: Typecho
+    fofa: body="typecho" && body="usr/themes" || body="generator\" content=\"Typecho" || body="Typecho"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("typecho") && response.body_string.contains("usr/themes")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('generator" content="Typecho')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Typecho")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/UCMS.yml b/finger/ehole/UCMS.yml
new file mode 100644
index 0000000..e35c8fc
--- /dev/null
+++ b/finger/ehole/UCMS.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-UCMS
+manual: false
+detail:
+    fingerprint:
+        name: UCMS
+    fofa: title="UCMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("UCMS")
+expression: r0()
diff --git a/finger/ehole/UEditor.yml b/finger/ehole/UEditor.yml
new file mode 100644
index 0000000..3e582f5
--- /dev/null
+++ b/finger/ehole/UEditor.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-UEditor
+manual: false
+detail:
+    fingerprint:
+        name: UEditor
+    fofa: title="UEditor"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("UEditor")
+expression: r0()
diff --git "a/finger/ehole/V2\350\247\206\351\242\221\344\274\232\350\256\256.yml" "b/finger/ehole/V2\350\247\206\351\242\221\344\274\232\350\256\256.yml"
new file mode 100644
index 0000000..291f6d5
--- /dev/null
+++ "b/finger/ehole/V2\350\247\206\351\242\221\344\274\232\350\256\256.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-V2视频会议
+manual: false
+detail:
+    fingerprint:
+        name: V2视频会议
+    fofa: header="V2视频会议" || title="V2视频会议"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("V2视频会议"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("V2视频会议")
+expression: r0() || r1()
diff --git "a/finger/ehole/V2\350\247\206\351\242\221\344\274\232\350\256\256\347\263\273\347\273\237.yml" "b/finger/ehole/V2\350\247\206\351\242\221\344\274\232\350\256\256\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..0b5e389
--- /dev/null
+++ "b/finger/ehole/V2\350\247\206\351\242\221\344\274\232\350\256\256\347\263\273\347\273\237.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-V2视频会议系统
+manual: false
+detail:
+    fingerprint:
+        name: V2视频会议系统
+    fofa: title="V2视频会议系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("V2视频会议系统")
+expression: r0()
diff --git "a/finger/ehole/VA \350\231\232\346\213\237\345\272\224\347\224\250\347\256\241\347\220\206\345\271\263\345\217\260.yml" "b/finger/ehole/VA \350\231\232\346\213\237\345\272\224\347\224\250\347\256\241\347\220\206\345\271\263\345\217\260.yml"
new file mode 100644
index 0000000..27ec8f8
--- /dev/null
+++ "b/finger/ehole/VA \350\231\232\346\213\237\345\272\224\347\224\250\347\256\241\347\220\206\345\271\263\345\217\260.yml"	
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-VA 虚拟应用管理平台
+manual: false
+detail:
+    fingerprint:
+        name: VA 虚拟应用管理平台
+    fofa: body="Res/Images/logo_va.png" && body="panel_login"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Res/Images/logo_va.png") && response.body_string.contains("panel_login")
+expression: r0()
diff --git a/finger/ehole/VMware Horizon.yml b/finger/ehole/VMware Horizon.yml
new file mode 100644
index 0000000..032c64c
--- /dev/null
+++ b/finger/ehole/VMware Horizon.yml	
@@ -0,0 +1,100 @@
+name: fingerprint-yaml-VMware Horizon
+manual: false
+detail:
+    fingerprint:
+        name: VMware Horizon
+    fofa: icon_hash="-1255992602" || icon_hash="1895360511" || icon_hash="-991123252" || body="VMware" && body="ui-page" && body="portal/favicon" || title="VMware Horizon" || icon_hash="1182206475" || body="href='https://www.vmware.com/go/viewclients'" && body="alt=\"vmware horizon\">" || header="VMware Horizon" || body="alt=\"vmware horizon\">" || body="href=\"https://www.vmware.com/go/viewclients\"" || body="<title>VMware Horizon</title>" || title="VMware Horizon" || title="vmware horizon"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1255992602
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1895360511
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -991123252
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("VMware") && response.body_string.contains("ui-page") && response.body_string.contains("portal/favicon")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("VMware\u00a0Horizon")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1182206475
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("href='https://www.vmware.com/go/viewclients'") && response.body_string.contains('alt="vmware horizon">')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("VMware Horizon"))
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('alt="vmware horizon">')
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="https://www.vmware.com/go/viewclients"')
+    r10:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>VMware Horizon</title>")
+    r11:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("VMware Horizon")
+    r12:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("vmware horizon")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9() || r10() || r11() || r12()
diff --git a/finger/ehole/VMware Workspace ONE Access.yml b/finger/ehole/VMware Workspace ONE Access.yml
new file mode 100644
index 0000000..c167c9c
--- /dev/null
+++ b/finger/ehole/VMware Workspace ONE Access.yml	
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-VMware Workspace ONE Access
+manual: false
+detail:
+    fingerprint:
+        name: VMware Workspace ONE Access
+    fofa: body="VMware Workspace ONE Access" || body="VMware Workspace" && body="Assist" || icon_hash="-1250474341"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("VMware Workspace ONE Access")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("VMware Workspace") && response.body_string.contains("Assist")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1250474341
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/VNC.yml b/finger/ehole/VNC.yml
new file mode 100644
index 0000000..7f71fd2
--- /dev/null
+++ b/finger/ehole/VNC.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-VNC
+manual: false
+detail:
+    fingerprint:
+        name: VNC
+    fofa: body="<applet code=vncviewer.class archive=vncviewer.jar"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<applet code=vncviewer.class archive=vncviewer.jar")
+expression: r0()
diff --git a/finger/ehole/VOP.yml b/finger/ehole/VOP.yml
new file mode 100644
index 0000000..c8c2f59
--- /dev/null
+++ b/finger/ehole/VOP.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-VOP
+manual: false
+detail:
+    fingerprint:
+        name: VOP
+    fofa: body="id=\"lgform\" action=\"/sso/login" && body="vop" || body="lgdynacodebtn"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('id="lgform" action="/sso/login') && response.body_string.contains("vop")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("lgdynacodebtn")
+expression: r0() || r1()
diff --git a/finger/ehole/Veritas-NetBackup.yml b/finger/ehole/Veritas-NetBackup.yml
new file mode 100644
index 0000000..e4fc5a7
--- /dev/null
+++ b/finger/ehole/Veritas-NetBackup.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Veritas-NetBackup
+manual: false
+detail:
+    fingerprint:
+        name: Veritas-NetBackup
+    fofa: body="href=\"/opscenter/features/common/images/favicon.ico\"" || header="Veritas Netbackup" || title="Veritas Netbackup" || title="veritas netbackup web management console"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="/opscenter/features/common/images/favicon.ico"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Veritas Netbackup"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Veritas Netbackup")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("veritas netbackup web management console")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/Vivotek (Camera).yml b/finger/ehole/Vivotek (Camera).yml
new file mode 100644
index 0000000..de7b8f7
--- /dev/null
+++ b/finger/ehole/Vivotek (Camera).yml	
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Vivotek (Camera)
+manual: false
+detail:
+    fingerprint:
+        name: Vivotek (Camera)
+    fofa: icon_hash="-1654229048"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1654229048
+expression: r0()
diff --git a/finger/ehole/WD-MyCloud.yml b/finger/ehole/WD-MyCloud.yml
new file mode 100644
index 0000000..b3c9fe3
--- /dev/null
+++ b/finger/ehole/WD-MyCloud.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-WD-MyCloud
+manual: false
+detail:
+    fingerprint:
+        name: WD-MyCloud
+    fofa: body="_project_model_id_kings_canyon"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("_project_model_id_kings_canyon")
+expression: r0()
diff --git a/finger/ehole/WISEGIGA.yml b/finger/ehole/WISEGIGA.yml
new file mode 100644
index 0000000..d16c602
--- /dev/null
+++ b/finger/ehole/WISEGIGA.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-WISEGIGA
+manual: false
+detail:
+    fingerprint:
+        name: WISEGIGA
+    fofa: body="/admin/css/style_wisegiga.css" && body="images/i_logo01.gif" || body="images/i_logo01.gif" || body="/admin/css/style_wisegiga.css" || title="wisegiga"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/admin/css/style_wisegiga.css") && response.body_string.contains("images/i_logo01.gif")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("images/i_logo01.gif")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/admin/css/style_wisegiga.css")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("wisegiga")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/WS-server.yml b/finger/ehole/WS-server.yml
new file mode 100644
index 0000000..4080956
--- /dev/null
+++ b/finger/ehole/WS-server.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-WS-server
+manual: false
+detail:
+    fingerprint:
+        name: WS-server
+    fofa: body="websocket servers index.html"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("websocket servers index.html")
+expression: r0()
diff --git a/finger/ehole/WUZHICMS.yml b/finger/ehole/WUZHICMS.yml
new file mode 100644
index 0000000..0045d9a
--- /dev/null
+++ b/finger/ehole/WUZHICMS.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-WUZHICMS
+manual: false
+detail:
+    fingerprint:
+        name: WUZHICMS
+    fofa: body="powered by wuzhicms" && body="content=\"wuzhicms" || body="Powered by wuzhicms" || body="content=\"wuzhicms" || body="powered by wuzhicms" || body="<meta name=\"generator\" content=\"wuzhicms" || body="content=\"wuzhicms" && body="powered by wuzhicms"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by wuzhicms") && response.body_string.contains('content="wuzhicms')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Powered by wuzhicms")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="wuzhicms')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by wuzhicms")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<meta name="generator" content="wuzhicms')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="wuzhicms') && response.body_string.contains("powered by wuzhicms")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/Walle.yml b/finger/ehole/Walle.yml
new file mode 100644
index 0000000..35a96be
--- /dev/null
+++ b/finger/ehole/Walle.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Walle
+manual: false
+detail:
+    fingerprint:
+        name: Walle
+    fofa: body="/dist/js/jquery.mobile.custom.min.js" || body="walle" && body="jquery(\".widget-box.visible\").removeclass(\"visible\")" && body="/dist/js/jquery.mobile.custom.min.js" || body="walle" || title="walle 瓦力平台"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/dist/js/jquery.mobile.custom.min.js")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("walle") && response.body_string.contains('jquery(".widget-box.visible").removeclass("visible")') && response.body_string.contains("/dist/js/jquery.mobile.custom.min.js")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("walle")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("walle 瓦力平台")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/We7.yml b/finger/ehole/We7.yml
new file mode 100644
index 0000000..b18501a
--- /dev/null
+++ b/finger/ehole/We7.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-We7
+manual: false
+detail:
+    fingerprint:
+        name: We7
+    fofa: body="/widgets/widgetcollection/" || body="/Widgets/WidgetCollection/" || body="<title>微擎" && body="w7.cc"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/widgets/widgetcollection/")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/Widgets/WidgetCollection/")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>微擎") && response.body_string.contains("w7.cc")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/We7CMS.yml b/finger/ehole/We7CMS.yml
new file mode 100644
index 0000000..5e2d15f
--- /dev/null
+++ b/finger/ehole/We7CMS.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-We7CMS
+manual: false
+detail:
+    fingerprint:
+        name: We7CMS
+    fofa: body="/Widgets/WidgetCollection/"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/Widgets/WidgetCollection/")
+expression: r0()
diff --git a/finger/ehole/WebBuilder.yml b/finger/ehole/WebBuilder.yml
new file mode 100644
index 0000000..3a8df2a
--- /dev/null
+++ b/finger/ehole/WebBuilder.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-WebBuilder
+manual: false
+detail:
+    fingerprint:
+        name: WebBuilder
+    fofa: body="src=\"webbuilder/script/wb.js" || header="WebBuilder" || title="WebBuilder"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('src="webbuilder/script/wb.js')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("WebBuilder"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("WebBuilder")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/WebOffice.yml b/finger/ehole/WebOffice.yml
new file mode 100644
index 0000000..aa4d56c
--- /dev/null
+++ b/finger/ehole/WebOffice.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-WebOffice
+manual: false
+detail:
+    fingerprint:
+        name: WebOffice
+    fofa: header="WebOffice" || title="WebOffice"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("WebOffice"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("WebOffice")
+expression: r0() || r1()
diff --git a/finger/ehole/Weblogic Server.yml b/finger/ehole/Weblogic Server.yml
new file mode 100644
index 0000000..f235f6b
--- /dev/null
+++ b/finger/ehole/Weblogic Server.yml	
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Weblogic Server
+manual: false
+detail:
+    fingerprint:
+        name: Weblogic Server
+    fofa: body="<META NAME=\"GENERATOR\" CONTENT=\"WebLogic Server\">"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<META NAME="GENERATOR" CONTENT="WebLogic Server">')
+expression: r0()
diff --git a/finger/ehole/Weblogic.yml b/finger/ehole/Weblogic.yml
new file mode 100644
index 0000000..de50d25
--- /dev/null
+++ b/finger/ehole/Weblogic.yml
@@ -0,0 +1,72 @@
+name: fingerprint-yaml-Weblogic
+manual: false
+detail:
+    fingerprint:
+        name: Weblogic
+    fofa: body="Error 404--Not Found" || body="Error 403--" || body="/console/framework/skins/wlsconsole/images/login_WebLogic_branding.png" || body="Welcome to Weblogic Application Server" || body="<i>Hypertext Transfer Protocol -- HTTP/1.1</i>" || body="<TITLE>Error 404--Not Found</TITLE>" && body="<i>Hypertext Transfer Protocol -- HTTP/1.1</i>" || body="<title>Oracle WebLogic Server 管理控制台</title>" || body="WebLogic" || body="Hypertext Transfer Protocol"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Error 404--Not Found")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Error 403--")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/console/framework/skins/wlsconsole/images/login_WebLogic_branding.png")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Welcome to Weblogic Application Server")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<i>Hypertext Transfer Protocol -- HTTP/1.1</i>")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<TITLE>Error 404--Not Found</TITLE>") && response.body_string.contains("<i>Hypertext Transfer Protocol -- HTTP/1.1</i>")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>Oracle WebLogic Server 管理控制台</title>")
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("WebLogic")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Hypertext Transfer Protocol")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8()
diff --git a/finger/ehole/Western-Digital.yml b/finger/ehole/Western-Digital.yml
new file mode 100644
index 0000000..7c5174a
--- /dev/null
+++ b/finger/ehole/Western-Digital.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Western-Digital
+manual: false
+detail:
+    fingerprint:
+        name: Western-Digital
+    fofa: header="wt263cdn"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("wt263cdn"))
+expression: r0()
diff --git a/finger/ehole/Windows-2000.yml b/finger/ehole/Windows-2000.yml
new file mode 100644
index 0000000..899058d
--- /dev/null
+++ b/finger/ehole/Windows-2000.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Windows-2000
+manual: false
+detail:
+    fingerprint:
+        name: Windows-2000
+    fofa: 'header="server: windows 2000"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: windows 2000"))'
+expression: r0()
diff --git a/finger/ehole/Windows-Server-2003.yml b/finger/ehole/Windows-Server-2003.yml
new file mode 100644
index 0000000..e99e6f4
--- /dev/null
+++ b/finger/ehole/Windows-Server-2003.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Windows-Server-2003
+manual: false
+detail:
+    fingerprint:
+        name: Windows-Server-2003
+    fofa: 'header="server: 5.2.3790" && header="server: /service pack" || header="server: windows server 2003"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: 5.2.3790")) && response.raw_header.bcontains(bytes("server: /service pack"))'
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: windows server 2003"))'
+expression: r0() || r1()
diff --git a/finger/ehole/Windows-Server-2012.yml b/finger/ehole/Windows-Server-2012.yml
new file mode 100644
index 0000000..5df874e
--- /dev/null
+++ b/finger/ehole/Windows-Server-2012.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Windows-Server-2012
+manual: false
+detail:
+    fingerprint:
+        name: Windows-Server-2012
+    fofa: 'header="server: windows server 2012"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: windows server 2012"))'
+expression: r0()
diff --git a/finger/ehole/Windows.yml b/finger/ehole/Windows.yml
new file mode 100644
index 0000000..4206e7a
--- /dev/null
+++ b/finger/ehole/Windows.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Windows
+manual: false
+detail:
+    fingerprint:
+        name: Windows
+    fofa: 'header="server: microsoft-windows" || header="server: windows"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: microsoft-windows"))'
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: windows"))'
+expression: r0() || r1()
diff --git a/finger/ehole/WooCommerce.yml b/finger/ehole/WooCommerce.yml
new file mode 100644
index 0000000..c5c5528
--- /dev/null
+++ b/finger/ehole/WooCommerce.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-WooCommerce
+manual: false
+detail:
+    fingerprint:
+        name: WooCommerce
+    fofa: title="WooCommerce"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("WooCommerce")
+expression: r0()
diff --git a/finger/ehole/XUNRUICMS.yml b/finger/ehole/XUNRUICMS.yml
new file mode 100644
index 0000000..5547788
--- /dev/null
+++ b/finger/ehole/XUNRUICMS.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-XUNRUICMS
+manual: false
+detail:
+    fingerprint:
+        name: XUNRUICMS
+    fofa: body="alt=\"xunruicms\"" || header="Xunruicms" || title="Xunruicms"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('alt="xunruicms"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Xunruicms"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Xunruicms")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/YAPI.yml b/finger/ehole/YAPI.yml
new file mode 100644
index 0000000..7b838d0
--- /dev/null
+++ b/finger/ehole/YAPI.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-YAPI
+manual: false
+detail:
+    fingerprint:
+        name: YAPI
+    fofa: 'body="content=\"yapi" && body="<div id=\"yapi\" style=\"height: 100%;" || body="<div id=\"yapi\" style=\"height: 100%;" || body="content=\"yapi" || body="YApi" && body="可视化接口管理平台"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains(''content="yapi'') && response.body_string.contains(''<div id="yapi" style="height: 100%;'')'
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains(''<div id="yapi" style="height: 100%;'')'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="yapi')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("YApi") && response.body_string.contains("可视化接口管理平台")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/YONYOU NC.yml b/finger/ehole/YONYOU NC.yml
new file mode 100644
index 0000000..7be351c
--- /dev/null
+++ b/finger/ehole/YONYOU NC.yml	
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-YONYOU NC
+manual: false
+detail:
+    fingerprint:
+        name: YONYOU NC
+    fofa: body="uclient.yonyou.com" && body="UClient" || body="url=nccloud" || body="YONYOU NC" && body="img/logo_small.ico"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("uclient.yonyou.com") && response.body_string.contains("UClient")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("url=nccloud")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("YONYOU NC") && response.body_string.contains("img/logo_small.ico")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/Yii-Framework.yml b/finger/ehole/Yii-Framework.yml
new file mode 100644
index 0000000..dcde665
--- /dev/null
+++ b/finger/ehole/Yii-Framework.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Yii-Framework
+manual: false
+detail:
+    fingerprint:
+        name: Yii-Framework
+    fofa: body="get started with yii" || header="yii_csrf_token" || title="Yii_Framework" || title="Yii Framework"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("get started with yii")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("yii_csrf_token"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Yii_Framework")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Yii Framework")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/Yonyou-ERP-NC.yml b/finger/ehole/Yonyou-ERP-NC.yml
new file mode 100644
index 0000000..404772e
--- /dev/null
+++ b/finger/ehole/Yonyou-ERP-NC.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Yonyou-ERP-NC
+manual: false
+detail:
+    fingerprint:
+        name: Yonyou-ERP-NC
+    fofa: body="/nc/servlet/nc.ui.iufo.login.index" || title="用友新世纪"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/nc/servlet/nc.ui.iufo.login.index")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("用友新世纪")
+expression: r0() || r1()
diff --git a/finger/ehole/Yonyou-ERP.yml b/finger/ehole/Yonyou-ERP.yml
new file mode 100644
index 0000000..b63ad1e
--- /dev/null
+++ b/finger/ehole/Yonyou-ERP.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-Yonyou-ERP
+manual: false
+detail:
+    fingerprint:
+        name: Yonyou-ERP
+    fofa: body="login_main_bg" && body="login_owner" || body="login_owner" && body="login_main_bg" || body="login_main_bg" || body="login_owner"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("login_main_bg") && response.body_string.contains("login_owner")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("login_owner") && response.body_string.contains("login_main_bg")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("login_main_bg")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("login_owner")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/Yonyou-TurboCRM.yml b/finger/ehole/Yonyou-TurboCRM.yml
new file mode 100644
index 0000000..a42d906
--- /dev/null
+++ b/finger/ehole/Yonyou-TurboCRM.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Yonyou-TurboCRM
+manual: false
+detail:
+    fingerprint:
+        name: Yonyou-TurboCRM
+    fofa: body="turboui.js" || title="用友turbocrm"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("turboui.js")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("用友turbocrm")
+expression: r0() || r1()
diff --git a/finger/ehole/Yonyou-U8-cloud.yml b/finger/ehole/Yonyou-U8-cloud.yml
new file mode 100644
index 0000000..cc3a1f2
--- /dev/null
+++ b/finger/ehole/Yonyou-U8-cloud.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Yonyou-U8-cloud
+manual: false
+detail:
+    fingerprint:
+        name: Yonyou-U8-cloud
+    fofa: body="开启u8 cloud云端之旅"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("开启u8 cloud云端之旅")
+expression: r0()
diff --git a/finger/ehole/Yonyou-UFIDA.yml b/finger/ehole/Yonyou-UFIDA.yml
new file mode 100644
index 0000000..37726a7
--- /dev/null
+++ b/finger/ehole/Yonyou-UFIDA.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Yonyou-UFIDA
+manual: false
+detail:
+    fingerprint:
+        name: Yonyou-UFIDA
+    fofa: body="/system/login/login.asp?appid="
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/system/login/login.asp?appid=")
+expression: r0()
diff --git a/finger/ehole/YoudianCMS.yml b/finger/ehole/YoudianCMS.yml
new file mode 100644
index 0000000..0ec9935
--- /dev/null
+++ b/finger/ehole/YoudianCMS.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-YoudianCMS
+manual: false
+detail:
+    fingerprint:
+        name: YoudianCMS
+    fofa: header="YoudianCMS" || title="YoudianCMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("YoudianCMS"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("YoudianCMS")
+expression: r0() || r1()
diff --git a/finger/ehole/YunAnBao-YunXZ.yml b/finger/ehole/YunAnBao-YunXZ.yml
new file mode 100644
index 0000000..db6b6ec
--- /dev/null
+++ b/finger/ehole/YunAnBao-YunXZ.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-YunAnBao-YunXZ
+manual: false
+detail:
+    fingerprint:
+        name: YunAnBao-YunXZ
+    fofa: 'body="id=mtokenplugin width=0 height=0 style=\"position: absolute;left: 0px; top: 0px\"" && body="type=application/x-xtx-axhost"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains(''id=mtokenplugin width=0 height=0 style="position: absolute;left: 0px; top: 0px"'') && response.body_string.contains("type=application/x-xtx-axhost")'
+expression: r0()
diff --git a/finger/ehole/Z-Blog.yml b/finger/ehole/Z-Blog.yml
new file mode 100644
index 0000000..72b3ab2
--- /dev/null
+++ b/finger/ehole/Z-Blog.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-Z-Blog
+manual: false
+detail:
+    fingerprint:
+        name: Z-Blog
+    fofa: 'body="generator\" content=\"z-blog" || header="product: z-blog" || body="generator\" content=\"Z-Blog" || body="z-blog" || body="Z-Blog" || header="Product:Z-Blog" || title="zblog"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('generator" content="z-blog')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("product: z-blog"))'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('generator" content="Z-Blog')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("z-blog")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Z-Blog")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Product:Z-Blog"))
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("zblog")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/Z-BlogPHP.yml b/finger/ehole/Z-BlogPHP.yml
new file mode 100644
index 0000000..df3bb24
--- /dev/null
+++ b/finger/ehole/Z-BlogPHP.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Z-BlogPHP
+manual: false
+detail:
+    fingerprint:
+        name: Z-BlogPHP
+    fofa: header="Product:Z-BlogPHP"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Product:Z-BlogPHP"))
+expression: r0()
diff --git a/finger/ehole/ZTE-Router.yml b/finger/ehole/ZTE-Router.yml
new file mode 100644
index 0000000..e390cc5
--- /dev/null
+++ b/finger/ehole/ZTE-Router.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ZTE-Router
+manual: false
+detail:
+    fingerprint:
+        name: ZTE-Router
+    fofa: 'header="server: zte/rosng"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: zte/rosng"))'
+expression: r0()
diff --git a/finger/ehole/Zabbix.yml b/finger/ehole/Zabbix.yml
new file mode 100644
index 0000000..a45ae08
--- /dev/null
+++ b/finger/ehole/Zabbix.yml
@@ -0,0 +1,72 @@
+name: fingerprint-yaml-Zabbix
+manual: false
+detail:
+    fingerprint:
+        name: Zabbix
+    fofa: body="zabbix" && body="Zabbix SIA" || icon_hash="892542951" || body="images/general/zabbix.ico" && body="meta name=\"author\" content=\"zabbix sia\"" || header="zbx_sessionid" || body="href=\"https://www.zabbix.com/support\"" || body="images/general/zabbix.ico" || body="meta name=\"Author\" content=\"Zabbix SIA\"" || body="meta name=\"author\" content=\"zabbix sia\"" || body="Zabbix SIA" && body="zabbix"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("zabbix") && response.body_string.contains("Zabbix SIA")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 892542951
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("images/general/zabbix.ico") && response.body_string.contains('meta name="author" content="zabbix sia"')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("zbx_sessionid"))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="https://www.zabbix.com/support"')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("images/general/zabbix.ico")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('meta name="Author" content="Zabbix SIA"')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('meta name="author" content="zabbix sia"')
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Zabbix SIA") && response.body_string.contains("zabbix")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8()
diff --git a/finger/ehole/Zimbra.yml b/finger/ehole/Zimbra.yml
new file mode 100644
index 0000000..6db6282
--- /dev/null
+++ b/finger/ehole/Zimbra.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-Zimbra
+manual: false
+detail:
+    fingerprint:
+        name: Zimbra
+    fofa: body="window._zimbramail" && body="content=\"zimbra" || header="zm_test=" || header="ZM_TEST" || body="content=\"zimbra" || body="window._zimbramail" || body="ImgZimbraIcon" || title="zimbra 网络客户端登录"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("window._zimbramail") && response.body_string.contains('content="zimbra')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("zm_test="))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("ZM_TEST"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="zimbra')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("window._zimbramail")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ImgZimbraIcon")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("zimbra 网络客户端登录")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/ZoneMinder.yml b/finger/ehole/ZoneMinder.yml
new file mode 100644
index 0000000..dff3073
--- /dev/null
+++ b/finger/ehole/ZoneMinder.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-ZoneMinder
+manual: false
+detail:
+    fingerprint:
+        name: ZoneMinder
+    fofa: body="zoneminder login" || body="ZoneMinder Login" || body="<tr><td colspan=\"2\" class=\"smallhead\" align=\"center\">ZoneMinder Login</td></tr>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("zoneminder login")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ZoneMinder Login")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<tr><td colspan="2" class="smallhead" align="center">ZoneMinder Login</td></tr>')
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/Zookeeper.yml b/finger/ehole/Zookeeper.yml
new file mode 100644
index 0000000..b145857
--- /dev/null
+++ b/finger/ehole/Zookeeper.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Zookeeper
+manual: false
+detail:
+    fingerprint:
+        name: Zookeeper
+    fofa: header="Zookeeper" || title="Zookeeper"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Zookeeper"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Zookeeper")
+expression: r0() || r1()
diff --git a/finger/ehole/ZyXEL-USG-20.yml b/finger/ehole/ZyXEL-USG-20.yml
new file mode 100644
index 0000000..153c735
--- /dev/null
+++ b/finger/ehole/ZyXEL-USG-20.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ZyXEL-USG-20
+manual: false
+detail:
+    fingerprint:
+        name: ZyXEL-USG-20
+    fofa: title="zywall usg 20"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("zywall usg 20")
+expression: r0()
diff --git a/finger/ehole/ZyXEL-USG110.yml b/finger/ehole/ZyXEL-USG110.yml
new file mode 100644
index 0000000..2daa646
--- /dev/null
+++ b/finger/ehole/ZyXEL-USG110.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ZyXEL-USG110
+manual: false
+detail:
+    fingerprint:
+        name: ZyXEL-USG110
+    fofa: body="<div class=\"model\" id=\"model\" name=\"model\">usg110</div>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<div class="model" id="model" name="model">usg110</div>')
+expression: r0()
diff --git a/finger/ehole/ZyXEL-USG1100.yml b/finger/ehole/ZyXEL-USG1100.yml
new file mode 100644
index 0000000..b3802fd
--- /dev/null
+++ b/finger/ehole/ZyXEL-USG1100.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ZyXEL-USG1100
+manual: false
+detail:
+    fingerprint:
+        name: ZyXEL-USG1100
+    fofa: body="usg_icon"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("usg_icon")
+expression: r0()
diff --git a/finger/ehole/ZyXEL-USG1900.yml b/finger/ehole/ZyXEL-USG1900.yml
new file mode 100644
index 0000000..e06572e
--- /dev/null
+++ b/finger/ehole/ZyXEL-USG1900.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ZyXEL-USG1900
+manual: false
+detail:
+    fingerprint:
+        name: ZyXEL-USG1900
+    fofa: body="<div class=\"model\" id=\"model\" name=\"model\">usg1900</div>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<div class="model" id="model" name="model">usg1900</div>')
+expression: r0()
diff --git a/finger/ehole/ZyXEL-USG210.yml b/finger/ehole/ZyXEL-USG210.yml
new file mode 100644
index 0000000..e8fe572
--- /dev/null
+++ b/finger/ehole/ZyXEL-USG210.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ZyXEL-USG210
+manual: false
+detail:
+    fingerprint:
+        name: ZyXEL-USG210
+    fofa: title="usg210"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("usg210")
+expression: r0()
diff --git a/finger/ehole/ZyXEL-USG310.yml b/finger/ehole/ZyXEL-USG310.yml
new file mode 100644
index 0000000..1ef6fae
--- /dev/null
+++ b/finger/ehole/ZyXEL-USG310.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ZyXEL-USG310
+manual: false
+detail:
+    fingerprint:
+        name: ZyXEL-USG310
+    fofa: body="<div class=\"model\" id=\"model\" name=\"model\">usg310</div>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<div class="model" id="model" name="model">usg310</div>')
+expression: r0()
diff --git a/finger/ehole/ZyXEL-USG40W.yml b/finger/ehole/ZyXEL-USG40W.yml
new file mode 100644
index 0000000..105652c
--- /dev/null
+++ b/finger/ehole/ZyXEL-USG40W.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ZyXEL-USG40W
+manual: false
+detail:
+    fingerprint:
+        name: ZyXEL-USG40W
+    fofa: title="usg40w"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("usg40w")
+expression: r0()
diff --git a/finger/ehole/ZyXEL-USG60.yml b/finger/ehole/ZyXEL-USG60.yml
new file mode 100644
index 0000000..fc7a6a8
--- /dev/null
+++ b/finger/ehole/ZyXEL-USG60.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ZyXEL-USG60
+manual: false
+detail:
+    fingerprint:
+        name: ZyXEL-USG60
+    fofa: body="<div class=\"model\" id=\"model\" name=\"model\">usg60</div>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<div class="model" id="model" name="model">usg60</div>')
+expression: r0()
diff --git a/finger/ehole/ZyXEL-ZYWALL-1100.yml b/finger/ehole/ZyXEL-ZYWALL-1100.yml
new file mode 100644
index 0000000..c89e454
--- /dev/null
+++ b/finger/ehole/ZyXEL-ZYWALL-1100.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ZyXEL-ZYWALL-1100
+manual: false
+detail:
+    fingerprint:
+        name: ZyXEL-ZYWALL-1100
+    fofa: title="zywall 1100"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("zywall 1100")
+expression: r0()
diff --git a/finger/ehole/ZyXEL-ZyWALL-110.yml b/finger/ehole/ZyXEL-ZyWALL-110.yml
new file mode 100644
index 0000000..b3e1daa
--- /dev/null
+++ b/finger/ehole/ZyXEL-ZyWALL-110.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ZyXEL-ZyWALL-110
+manual: false
+detail:
+    fingerprint:
+        name: ZyXEL-ZyWALL-110
+    fofa: title="zywall 110"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("zywall 110")
+expression: r0()
diff --git a/finger/ehole/ZyXEL-ZyWALL-310.yml b/finger/ehole/ZyXEL-ZyWALL-310.yml
new file mode 100644
index 0000000..d0b0dc7
--- /dev/null
+++ b/finger/ehole/ZyXEL-ZyWALL-310.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ZyXEL-ZyWALL-310
+manual: false
+detail:
+    fingerprint:
+        name: ZyXEL-ZyWALL-310
+    fofa: title="zywall 310"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("zywall 310")
+expression: r0()
diff --git a/finger/ehole/ZyXEL.yml b/finger/ehole/ZyXEL.yml
new file mode 100644
index 0000000..5055396
--- /dev/null
+++ b/finger/ehole/ZyXEL.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-ZyXEL
+manual: false
+detail:
+    fingerprint:
+        name: ZyXEL
+    fofa: icon_hash="943925975" || body="Forms/rpAuth_1"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 943925975
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Forms/rpAuth_1")
+expression: r0() || r1()
diff --git a/finger/ehole/Zyxel ZyWALL.yml b/finger/ehole/Zyxel ZyWALL.yml
new file mode 100644
index 0000000..7d7e038
--- /dev/null
+++ b/finger/ehole/Zyxel ZyWALL.yml	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Zyxel ZyWALL
+manual: false
+detail:
+    fingerprint:
+        name: Zyxel ZyWALL
+    fofa: icon_hash="-440644339" || icon_hash="-484708885"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -440644339
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -484708885
+expression: r0() || r1()
diff --git a/finger/ehole/Zyxel-USG20W.yml b/finger/ehole/Zyxel-USG20W.yml
new file mode 100644
index 0000000..bb5cc33
--- /dev/null
+++ b/finger/ehole/Zyxel-USG20W.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-Zyxel-USG20W
+manual: false
+detail:
+    fingerprint:
+        name: Zyxel-USG20W
+    fofa: body=" class=\"usg_icon\"" || body="class=\"usg_icon\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains(' class="usg_icon"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('class="usg_icon"')
+expression: r0() || r1()
diff --git a/finger/ehole/anysec.yml b/finger/ehole/anysec.yml
new file mode 100644
index 0000000..9e1dbd3
--- /dev/null
+++ b/finger/ehole/anysec.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-anysec
+manual: false
+detail:
+    fingerprint:
+        name: anysec
+    fofa: title="anysec login"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("anysec login")
+expression: r0()
diff --git a/finger/ehole/apache-ambari.yml b/finger/ehole/apache-ambari.yml
new file mode 100644
index 0000000..a7132be
--- /dev/null
+++ b/finger/ehole/apache-ambari.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-apache-ambari
+manual: false
+detail:
+    fingerprint:
+        name: apache-ambari
+    fofa: body="\"/licenses/NOTICE.txt\"" && body="<title>Ambari</title>" || title="ambari"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('"/licenses/NOTICE.txt"') && response.body_string.contains("<title>Ambari</title>")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("ambari")
+expression: r0() || r1()
diff --git a/finger/ehole/apache-axis2.yml b/finger/ehole/apache-axis2.yml
new file mode 100644
index 0000000..cbb1e6a
--- /dev/null
+++ b/finger/ehole/apache-axis2.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-apache-axis2
+manual: false
+detail:
+    fingerprint:
+        name: apache-axis2
+    fofa: body="axis2-admin" && body="axis2-web"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("axis2-admin") && response.body_string.contains("axis2-web")
+expression: r0()
diff --git a/finger/ehole/appex-lotapp.yml b/finger/ehole/appex-lotapp.yml
new file mode 100644
index 0000000..eaf5137
--- /dev/null
+++ b/finger/ehole/appex-lotapp.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-appex-lotapp
+manual: false
+detail:
+    fingerprint:
+        name: appex-lotapp
+    fofa: body="appex network corporation" && body="/change_lan.php?lanid=en" || body="appex network corporation" || body="/change_lan.php?lanid=en" || title="lotapp 应用交付系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("appex network corporation") && response.body_string.contains("/change_lan.php?lanid=en")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("appex network corporation")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/change_lan.php?lanid=en")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("lotapp 应用交付系统")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/axis2.yml b/finger/ehole/axis2.yml
new file mode 100644
index 0000000..00aabb4
--- /dev/null
+++ b/finger/ehole/axis2.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-axis2
+manual: false
+detail:
+    fingerprint:
+        name: axis2
+    fofa: body="Axis2"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Axis2")
+expression: r0()
diff --git a/finger/ehole/beecms.yml b/finger/ehole/beecms.yml
new file mode 100644
index 0000000..e5e84ee
--- /dev/null
+++ b/finger/ehole/beecms.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-beecms
+manual: false
+detail:
+    fingerprint:
+        name: beecms
+    fofa: body="BEESCMS" || body="template/default/images/slides.min.jquery.js"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("BEESCMS")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("template/default/images/slides.min.jquery.js")
+expression: r0() || r1()
diff --git a/finger/ehole/bocweb.yml b/finger/ehole/bocweb.yml
new file mode 100644
index 0000000..7cc5fcb
--- /dev/null
+++ b/finger/ehole/bocweb.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-bocweb
+manual: false
+detail:
+    fingerprint:
+        name: bocweb
+    fofa: title="bocweb"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("bocweb")
+expression: r0()
diff --git a/finger/ehole/citrix-xenmobile.yml b/finger/ehole/citrix-xenmobile.yml
new file mode 100644
index 0000000..0c79323
--- /dev/null
+++ b/finger/ehole/citrix-xenmobile.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-citrix-xenmobile
+manual: false
+detail:
+    fingerprint:
+        name: citrix-xenmobile
+    fofa: 'header="Citrix-TransactionId: *" || header="Citrix-TransactionId: *" && header="Set-Cookie: xmscookie"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("Citrix-TransactionId: *"))'
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("Citrix-TransactionId: *")) && response.raw_header.bcontains(bytes("Set-Cookie: xmscookie"))'
+expression: r0() || r1()
diff --git a/finger/ehole/crocus.yml b/finger/ehole/crocus.yml
new file mode 100644
index 0000000..a010b9f
--- /dev/null
+++ b/finger/ehole/crocus.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-crocus
+manual: false
+detail:
+    fingerprint:
+        name: crocus
+    fofa: body="src=\"images/logo.png\"" || body="for=\"inp_verification\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('src="images/logo.png"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('for="inp_verification"')
+expression: r0() || r1()
diff --git a/finger/ehole/cyberwisdom-wizbank.yml b/finger/ehole/cyberwisdom-wizbank.yml
new file mode 100644
index 0000000..020f077
--- /dev/null
+++ b/finger/ehole/cyberwisdom-wizbank.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-cyberwisdom-wizbank
+manual: false
+detail:
+    fingerprint:
+        name: cyberwisdom-wizbank
+    fofa: title="wizbank"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("wizbank")
+expression: r0()
diff --git a/finger/ehole/dlink.yml b/finger/ehole/dlink.yml
new file mode 100644
index 0000000..ab8ad0b
--- /dev/null
+++ b/finger/ehole/dlink.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-dlink
+manual: false
+detail:
+    fingerprint:
+        name: dlink
+    fofa: header="dlinkrouter" || body="D-Link Systems, Inc"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("dlinkrouter"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("D-Link Systems, Inc")
+expression: r0() || r1()
diff --git a/finger/ehole/dswjcms.yml b/finger/ehole/dswjcms.yml
new file mode 100644
index 0000000..caf1d44
--- /dev/null
+++ b/finger/ehole/dswjcms.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-dswjcms
+manual: false
+detail:
+    fingerprint:
+        name: dswjcms
+    fofa: body="content=\"Dswjcms" || body="Powered by Dswjcms"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="Dswjcms')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Powered by Dswjcms")
+expression: r0() || r1()
diff --git a/finger/ehole/dubbo.yml b/finger/ehole/dubbo.yml
new file mode 100644
index 0000000..a0b59c8
--- /dev/null
+++ b/finger/ehole/dubbo.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-dubbo
+manual: false
+detail:
+    fingerprint:
+        name: dubbo
+    fofa: body="dubbo"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("dubbo")
+expression: r0()
diff --git a/finger/ehole/e-Learning.yml b/finger/ehole/e-Learning.yml
new file mode 100644
index 0000000..042242c
--- /dev/null
+++ b/finger/ehole/e-Learning.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-e-Learning
+manual: false
+detail:
+    fingerprint:
+        name: e-Learning
+    fofa: body="method=\"post\" action=\"/eln3_asp/login.do"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('method="post" action="/eln3_asp/login.do')
+expression: r0()
diff --git a/finger/ehole/e-mobile.yml b/finger/ehole/e-mobile.yml
new file mode 100644
index 0000000..86b62ee
--- /dev/null
+++ b/finger/ehole/e-mobile.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-e-mobile
+manual: false
+detail:
+    fingerprint:
+        name: e-mobile
+    fofa: body="weaver,e-mobile"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("weaver,e-mobile")
+expression: r0()
diff --git a/finger/ehole/e-office.yml b/finger/ehole/e-office.yml
new file mode 100644
index 0000000..2a5621a
--- /dev/null
+++ b/finger/ehole/e-office.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-e-office
+manual: false
+detail:
+    fingerprint:
+        name: e-office
+    fofa: 'body="/general/login/view//images/updateLoad.gif" || header="general/login/index.php" || body="eoffice" && body="szfeatures" || body="/general/login/view//images/updateload.gif" || header="server: eoffice"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/general/login/view//images/updateLoad.gif")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("general/login/index.php"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("eoffice") && response.body_string.contains("szfeatures")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/general/login/view//images/updateload.gif")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: eoffice"))'
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/eGroupWare.yml b/finger/ehole/eGroupWare.yml
new file mode 100644
index 0000000..1a08d82
--- /dev/null
+++ b/finger/ehole/eGroupWare.yml
@@ -0,0 +1,86 @@
+name: fingerprint-yaml-eGroupWare
+manual: false
+detail:
+    fingerprint:
+        name: eGroupWare
+    fofa: body="content=\"egroupware" || body="content=\"eGroupWare" || body="<meta name=\"author\" content=\"eGroupWare http://www.egroupware.org\" />" || body="<div align=\"center\"><font color=\"#FF0000\">Votre session n\"est pas valide.</font></div>" || body="<div id=\"loginCdMessage\"><font color=\"red\">Your session could not be verified.</font></div>" || body="<title>EGroupware [Login]</title>" || body="<!-- we don\"t need body tags anymore, do we?) we do!!! onload!! LK -->" || body="<META NAME=\"description\" CONTENT=\"Expresso Livre login screen, working environment powered by eGroupWare\">" || body="<META NAME=\"keywords\" CONTENT=\"Expresso Livre login screen, eGroupWare, groupware, groupware suite\">" || body="<br><a title=\"eGroupWare\" target=\"_blank\" href=\"http://www.egroupware.org/\"> Powered by eGroupWare </a></div></td>" || body="<TITLE>Expresso Livre - Login</TITLE>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="egroupware')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="eGroupWare')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<meta name="author" content="eGroupWare http://www.egroupware.org" />')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<div align="center"><font color="#FF0000">Votre session n"est pas valide.</font></div>')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<div id="loginCdMessage"><font color="red">Your session could not be verified.</font></div>')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>EGroupware [Login]</title>")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<!-- we don"t need body tags anymore, do we?) we do!!! onload!! LK -->')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<META NAME="description" CONTENT="Expresso Livre login screen, working environment powered by eGroupWare">')
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<META NAME="keywords" CONTENT="Expresso Livre login screen, eGroupWare, groupware, groupware suite">')
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<br><a title="eGroupWare" target="_blank" href="http://www.egroupware.org/"> Powered by eGroupWare </a></div></td>')
+    r10:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<TITLE>Expresso Livre - Login</TITLE>")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9() || r10()
diff --git a/finger/ehole/eHTTP.yml b/finger/ehole/eHTTP.yml
new file mode 100644
index 0000000..7a14760
--- /dev/null
+++ b/finger/ehole/eHTTP.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-eHTTP
+manual: false
+detail:
+    fingerprint:
+        name: eHTTP
+    fofa: title="eHTTP"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("eHTTP")
+expression: r0()
diff --git a/finger/ehole/eclass.yml b/finger/ehole/eclass.yml
new file mode 100644
index 0000000..e27acf9
--- /dev/null
+++ b/finger/ehole/eclass.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-eclass
+manual: false
+detail:
+    fingerprint:
+        name: eclass
+    fofa: header="eclass" || title="eclass"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("eclass"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("eclass")
+expression: r0() || r1()
diff --git a/finger/ehole/ecology.yml b/finger/ehole/ecology.yml
new file mode 100644
index 0000000..68721f0
--- /dev/null
+++ b/finger/ehole/ecology.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-ecology
+manual: false
+detail:
+    fingerprint:
+        name: ecology
+    fofa: header="ecology_JSessionid" || body="ecology_JSessionid"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("ecology_JSessionid"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ecology_JSessionid")
+expression: r0() || r1()
diff --git a/finger/ehole/epoint.yml b/finger/ehole/epoint.yml
new file mode 100644
index 0000000..f8d9828
--- /dev/null
+++ b/finger/ehole/epoint.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-epoint
+manual: false
+detail:
+    fingerprint:
+        name: epoint
+    fofa: body="江苏国泰新点"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("江苏国泰新点")
+expression: r0()
diff --git a/finger/ehole/esafenet-dlp.yml b/finger/ehole/esafenet-dlp.yml
new file mode 100644
index 0000000..2c19a0a
--- /dev/null
+++ b/finger/ehole/esafenet-dlp.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-esafenet-dlp
+manual: false
+detail:
+    fingerprint:
+        name: esafenet-dlp
+    fofa: body="cdgserver3" || title="esafenet_dlp"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("cdgserver3")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("esafenet_dlp")
+expression: r0() || r1()
diff --git a/finger/ehole/everything.yml b/finger/ehole/everything.yml
new file mode 100644
index 0000000..ad3c046
--- /dev/null
+++ b/finger/ehole/everything.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-everything
+manual: false
+detail:
+    fingerprint:
+        name: everything
+    fofa: body="everything.gif" || body="everything.png"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("everything.gif")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("everything.png")
+expression: r0() || r1()
diff --git a/finger/ehole/exchange.yml b/finger/ehole/exchange.yml
new file mode 100644
index 0000000..5e394a7
--- /dev/null
+++ b/finger/ehole/exchange.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-exchange
+manual: false
+detail:
+    fingerprint:
+        name: exchange
+    fofa: body="owaLgnBdy" || header="owa" || header="OutlookSession"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("owaLgnBdy")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("owa"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("OutlookSession"))
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/eyoucms.yml b/finger/ehole/eyoucms.yml
new file mode 100644
index 0000000..a38d5c7
--- /dev/null
+++ b/finger/ehole/eyoucms.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-eyoucms
+manual: false
+detail:
+    fingerprint:
+        name: eyoucms
+    fofa: body="powered by eyoucms" && body="name=\"generator\" content=\"eyoucms" || body="name=\"generator\" content=\"eyoucms" || body="powered by eyoucms"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by eyoucms") && response.body_string.contains('name="generator" content="eyoucms')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('name="generator" content="eyoucms')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("powered by eyoucms")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/ezOFFICE.yml b/finger/ehole/ezOFFICE.yml
new file mode 100644
index 0000000..46db343
--- /dev/null
+++ b/finger/ehole/ezOFFICE.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-ezOFFICE
+manual: false
+detail:
+    fingerprint:
+        name: ezOFFICE
+    fofa: 'body="EZOFFICEUSERNAME" || body="whirRootPath" || body="/defaultroot/js/cookie.js" || header="Location: /defaultroot/portal.jsp?access=oa"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("EZOFFICEUSERNAME")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("whirRootPath")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/defaultroot/js/cookie.js")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("Location: /defaultroot/portal.jsp?access=oa"))'
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/f5 Big IP.yml b/finger/ehole/f5 Big IP.yml
new file mode 100644
index 0000000..3bacfb1
--- /dev/null
+++ b/finger/ehole/f5 Big IP.yml	
@@ -0,0 +1,170 @@
+name: fingerprint-yaml-f5 Big IP
+manual: false
+detail:
+    fingerprint:
+        name: f5 Big IP
+    fofa: 'icon_hash="-335242539" || body="content=\"f5 networks, inc." || header="bigipserver" && header="mrhshint=" || header="BIGipServer" || header="X-WA-Info" || header="X-PvInfo" || header="F5 BigIP" || header="F5 BIG-IP" || header="mrhshint=" || header="f5_ht_shrinked=" || header="f5_fullwt=" || header="lastmrh_session" || header="mrhsession" || header="server: big-ip" || header="server: bigip" || header="realm=\"big-ip" || header="f5_load" || header="x-pvinfo" || header="x-wa-info" || header="bigipserver" || title="F5 BigIP" || title="F5 BIG-IP" || title="big-ip&reg;"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -335242539
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="f5 networks, inc.')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("bigipserver")) && response.raw_header.bcontains(bytes("mrhshint="))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("BIGipServer"))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("X-WA-Info"))
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("X-PvInfo"))
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("F5 BigIP"))
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("F5 BIG-IP"))
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("mrhshint="))
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("f5_ht_shrinked="))
+    r10:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("f5_fullwt="))
+    r11:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("lastmrh_session"))
+    r12:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("mrhsession"))
+    r13:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: big-ip"))'
+    r14:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("server: bigip"))'
+    r15:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes('realm="big-ip'))
+    r16:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("f5_load"))
+    r17:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("x-pvinfo"))
+    r18:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("x-wa-info"))
+    r19:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("bigipserver"))
+    r20:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("F5 BigIP")
+    r21:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("F5 BIG-IP")
+    r22:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("big-ip&reg;")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9() || r10() || r11() || r12() || r13() || r14() || r15() || r16() || r17() || r18() || r19() || r20() || r21() || r22()
diff --git a/finger/ehole/faqrobot.yml b/finger/ehole/faqrobot.yml
new file mode 100644
index 0000000..fd74087
--- /dev/null
+++ b/finger/ehole/faqrobot.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-faqrobot
+manual: false
+detail:
+    fingerprint:
+        name: faqrobot
+    fofa: body="content=\"faq客服机器人" && body="南京云问网络技术有限公司" || body="南京云问网络技术有限公司" && body="content=\"faq客服机器人" || body="content=\"faq客服机器人" || body="南京云问网络技术有限公司"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="faq客服机器人') && response.body_string.contains("南京云问网络技术有限公司")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("南京云问网络技术有限公司") && response.body_string.contains('content="faq客服机器人')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="faq客服机器人')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("南京云问网络技术有限公司")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/flask.yml b/finger/ehole/flask.yml
new file mode 100644
index 0000000..a78b855
--- /dev/null
+++ b/finger/ehole/flask.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-flask
+manual: false
+detail:
+    fingerprint:
+        name: flask
+    fofa: 'header="etag: flask" && header="x-powered-by: flask" || header="x-powered-by: flask" || header="etag: flask"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("etag: flask")) && response.raw_header.bcontains(bytes("x-powered-by: flask"))'
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("x-powered-by: flask"))'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("etag: flask"))'
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/fortinet-fortigate.yml b/finger/ehole/fortinet-fortigate.yml
new file mode 100644
index 0000000..dfd9c54
--- /dev/null
+++ b/finger/ehole/fortinet-fortigate.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-fortinet-fortigate
+manual: false
+detail:
+    fingerprint:
+        name: fortinet-fortigate
+    fofa: body="top.location=window.location;top.location=\"/remote/login\";"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('top.location=window.location;top.location="/remote/login";')
+expression: r0()
diff --git a/finger/ehole/gitlist.yml b/finger/ehole/gitlist.yml
new file mode 100644
index 0000000..d9644f4
--- /dev/null
+++ b/finger/ehole/gitlist.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-gitlist
+manual: false
+detail:
+    fingerprint:
+        name: gitlist
+    fofa: header="gitlist" || title="gitlist"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("gitlist"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("gitlist")
+expression: r0() || r1()
diff --git a/finger/ehole/hanweb.yml b/finger/ehole/hanweb.yml
new file mode 100644
index 0000000..d59b22e
--- /dev/null
+++ b/finger/ehole/hanweb.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-hanweb
+manual: false
+detail:
+    fingerprint:
+        name: hanweb
+    fofa: 'body="Use the correct document accordingly" || body="BORDER-RIGHT: #e6e6e6" || title="hanweb"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Use the correct document accordingly")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.body_string.contains("BORDER-RIGHT: #e6e6e6")'
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("hanweb")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/iCMS.yml b/finger/ehole/iCMS.yml
new file mode 100644
index 0000000..fc25108
--- /dev/null
+++ b/finger/ehole/iCMS.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-iCMS
+manual: false
+detail:
+    fingerprint:
+        name: iCMS
+    fofa: title="iCMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("iCMS")
+expression: r0()
diff --git "a/finger/ehole/iDS\350\201\224\347\275\221\346\225\260\345\255\227\346\240\207\347\211\214\347\256\241\347\220\206\347\263\273\347\273\237.yml" "b/finger/ehole/iDS\350\201\224\347\275\221\346\225\260\345\255\227\346\240\207\347\211\214\347\256\241\347\220\206\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..4968b1d
--- /dev/null
+++ "b/finger/ehole/iDS\350\201\224\347\275\221\346\225\260\345\255\227\346\240\207\347\211\214\347\256\241\347\220\206\347\263\273\347\273\237.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-iDS联网数字标牌管理系统
+manual: false
+detail:
+    fingerprint:
+        name: iDS联网数字标牌管理系统
+    fofa: title="iDS联网数字标牌管理系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("iDS联网数字标牌管理系统")
+expression: r0()
diff --git a/finger/ehole/iXCache.yml b/finger/ehole/iXCache.yml
new file mode 100644
index 0000000..a59d89a
--- /dev/null
+++ b/finger/ehole/iXCache.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-iXCache
+manual: false
+detail:
+    fingerprint:
+        name: iXCache
+    fofa: body="iXCache" && body="/login/userverify.cgi"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("iXCache") && response.body_string.contains("/login/userverify.cgi")
+expression: r0()
diff --git a/finger/ehole/iframe.yml b/finger/ehole/iframe.yml
new file mode 100644
index 0000000..22643b0
--- /dev/null
+++ b/finger/ehole/iframe.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-iframe
+manual: false
+detail:
+    fingerprint:
+        name: iframe
+    fofa: body="<iframe"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<iframe")
+expression: r0()
diff --git a/finger/ehole/igenus.yml b/finger/ehole/igenus.yml
new file mode 100644
index 0000000..1bd8658
--- /dev/null
+++ b/finger/ehole/igenus.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-igenus
+manual: false
+detail:
+    fingerprint:
+        name: igenus
+    fofa: title="igenus"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("igenus")
+expression: r0()
diff --git "a/finger/ehole/imo\344\272\221\345\212\236\345\205\254\345\256\244.yml" "b/finger/ehole/imo\344\272\221\345\212\236\345\205\254\345\256\244.yml"
new file mode 100644
index 0000000..77e0530
--- /dev/null
+++ "b/finger/ehole/imo\344\272\221\345\212\236\345\205\254\345\256\244.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-imo云办公室
+manual: false
+detail:
+    fingerprint:
+        name: imo云办公室
+    fofa: body="<a title=\"imo云办公室\"" || body="高效率网上办公平台" && body="imo_setup.exe"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a title="imo云办公室"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("高效率网上办公平台") && response.body_string.contains("imo_setup.exe")
+expression: r0() || r1()
diff --git a/finger/ehole/ioffice.yml b/finger/ehole/ioffice.yml
new file mode 100644
index 0000000..8e645f7
--- /dev/null
+++ b/finger/ehole/ioffice.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-ioffice
+manual: false
+detail:
+    fingerprint:
+        name: ioffice
+    fofa: body="iofficeocxsetup.exe" && body="hongfan. all rights reserved" || body="hongfan. all rights reserved" || body="iofficeocxsetup.exe" || body="ioffice.net" || body="/ioffice/js" || title="ioffice.net"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("iofficeocxsetup.exe") && response.body_string.contains("hongfan. all rights reserved")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("hongfan. all rights reserved")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("iofficeocxsetup.exe")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ioffice.net")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/ioffice/js")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("ioffice.net")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/irecms.yml b/finger/ehole/irecms.yml
new file mode 100644
index 0000000..26fc524
--- /dev/null
+++ b/finger/ehole/irecms.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-irecms
+manual: false
+detail:
+    fingerprint:
+        name: irecms
+    fofa: header="IRe.CMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("IRe.CMS"))
+expression: r0()
diff --git a/finger/ehole/joinf-ERP.yml b/finger/ehole/joinf-ERP.yml
new file mode 100644
index 0000000..8da9d13
--- /dev/null
+++ b/finger/ehole/joinf-ERP.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-joinf-ERP
+manual: false
+detail:
+    fingerprint:
+        name: joinf-ERP
+    fofa: body="<h1>富通天下erp</h1>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<h1>富通天下erp</h1>")
+expression: r0()
diff --git a/finger/ehole/justcall.yml b/finger/ehole/justcall.yml
new file mode 100644
index 0000000..3a4f402
--- /dev/null
+++ b/finger/ehole/justcall.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-justcall
+manual: false
+detail:
+    fingerprint:
+        name: justcall
+    fofa: body="justadmin" && body="form.action=\"/justadmin/index.html\";" && body="<a href=\"http://www.justcall.cn\" target=\"_blank\">" && body="userweb/index.php?module=user&action=login" && body="justadmin" || body="justadmin" && body="userweb/index.php?module=user&action=login" || body="<a href=\"http://www.justcall.cn\" target=\"_blank\">" || body="form.action=\"/justadmin/index.html\";" || body="justadmin" || body="userweb/index.php?module=user&action=login"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("justadmin") && response.body_string.contains('form.action="/justadmin/index.html";') && response.body_string.contains('<a href="http://www.justcall.cn" target="_blank">') && response.body_string.contains("userweb/index.php?module=user&action=login") && response.body_string.contains("justadmin")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("justadmin") && response.body_string.contains("userweb/index.php?module=user&action=login")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="http://www.justcall.cn" target="_blank">')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('form.action="/justadmin/index.html";')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("justadmin")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("userweb/index.php?module=user&action=login")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/kingdee-EAS.yml b/finger/ehole/kingdee-EAS.yml
new file mode 100644
index 0000000..c5aae6f
--- /dev/null
+++ b/finger/ehole/kingdee-EAS.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-kingdee-EAS
+manual: false
+detail:
+    fingerprint:
+        name: kingdee-EAS
+    fofa: body="eassessionid" || header="eassessionid" || body="/eassso/common" || header="eassso/login" || header="easportal" || title="kingdee_eas"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("eassessionid")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("eassessionid"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/eassso/common")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("eassso/login"))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("easportal"))
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("kingdee_eas")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/kingdee-OA.yml b/finger/ehole/kingdee-OA.yml
new file mode 100644
index 0000000..216f20a
--- /dev/null
+++ b/finger/ehole/kingdee-OA.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-kingdee-OA
+manual: false
+detail:
+    fingerprint:
+        name: kingdee-OA
+    fofa: body="location.href=\"/kingdee/index.jsp\"" && body="logo-kingdee.png" || body="logo-kingdee.png" || body="location.href=\"/kingdee/index.jsp\"" || header="oa/login/logout.jsp" || title="kingdee_oa"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('location.href="/kingdee/index.jsp"') && response.body_string.contains("logo-kingdee.png")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("logo-kingdee.png")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('location.href="/kingdee/index.jsp"')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("oa/login/logout.jsp"))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("kingdee_oa")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/kingsoft-KingGate.yml b/finger/ehole/kingsoft-KingGate.yml
new file mode 100644
index 0000000..e3a7d25
--- /dev/null
+++ b/finger/ehole/kingsoft-KingGate.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-kingsoft-KingGate
+manual: false
+detail:
+    fingerprint:
+        name: kingsoft-KingGate
+    fofa: body="/src/system/login.php"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/src/system/login.php")
+expression: r0()
diff --git a/finger/ehole/kodcloud.yml b/finger/ehole/kodcloud.yml
new file mode 100644
index 0000000..2d4591c
--- /dev/null
+++ b/finger/ehole/kodcloud.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-kodcloud
+manual: false
+detail:
+    fingerprint:
+        name: kodcloud
+    fofa: title="kodcloud"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("kodcloud")
+expression: r0()
diff --git a/finger/ehole/kodexplorer.yml b/finger/ehole/kodexplorer.yml
new file mode 100644
index 0000000..8dcc7c6
--- /dev/null
+++ b/finger/ehole/kodexplorer.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-kodexplorer
+manual: false
+detail:
+    fingerprint:
+        name: kodexplorer
+    fofa: body="kodexplorer"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("kodexplorer")
+expression: r0()
diff --git a/finger/ehole/landray.yml b/finger/ehole/landray.yml
new file mode 100644
index 0000000..3e3db72
--- /dev/null
+++ b/finger/ehole/landray.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-landray
+manual: false
+detail:
+    fingerprint:
+        name: landray
+    fofa: title="landray"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("landray")
+expression: r0()
diff --git a/finger/ehole/magtech-JournalX.yml b/finger/ehole/magtech-JournalX.yml
new file mode 100644
index 0000000..a4d451b
--- /dev/null
+++ b/finger/ehole/magtech-JournalX.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-magtech-JournalX
+manual: false
+detail:
+    fingerprint:
+        name: magtech-JournalX
+    fofa: body="journalx/authorlogon.action?mag_id"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("journalx/authorlogon.action?mag_id")
+expression: r0()
diff --git a/finger/ehole/memcached.yml b/finger/ehole/memcached.yml
new file mode 100644
index 0000000..8630629
--- /dev/null
+++ b/finger/ehole/memcached.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-memcached
+manual: false
+detail:
+    fingerprint:
+        name: memcached
+    fofa: header="memcached" || title="memcached"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("memcached"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("memcached")
+expression: r0() || r1()
diff --git a/finger/ehole/mongo-express.yml b/finger/ehole/mongo-express.yml
new file mode 100644
index 0000000..2bda8b5
--- /dev/null
+++ b/finger/ehole/mongo-express.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-mongo-express
+manual: false
+detail:
+    fingerprint:
+        name: mongo-express
+    fofa: header="mongo-express" || body="Mongo Express" && body="mongo-express-logo.png" || title="mongo-express"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("mongo-express"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Mongo Express") && response.body_string.contains("mongo-express-logo.png")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("mongo-express")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/moosefs.yml b/finger/ehole/moosefs.yml
new file mode 100644
index 0000000..8c91cbe
--- /dev/null
+++ b/finger/ehole/moosefs.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-moosefs
+manual: false
+detail:
+    fingerprint:
+        name: moosefs
+    fofa: body="mfs.cgi" && body="under-goal files" || body="under-goal files" || body="mfs.cgi"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("mfs.cgi") && response.body_string.contains("under-goal files")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("under-goal files")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("mfs.cgi")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/mpsec.yml b/finger/ehole/mpsec.yml
new file mode 100644
index 0000000..b10947c
--- /dev/null
+++ b/finger/ehole/mpsec.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-mpsec
+manual: false
+detail:
+    fingerprint:
+        name: mpsec
+    fofa: title="mpsec"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("mpsec")
+expression: r0()
diff --git a/finger/ehole/netoray_nsg.yml b/finger/ehole/netoray_nsg.yml
new file mode 100644
index 0000000..54cf6f0
--- /dev/null
+++ b/finger/ehole/netoray_nsg.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-netoray_nsg
+manual: false
+detail:
+    fingerprint:
+        name: netoray_nsg
+    fofa: title="netoray_nsg"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("netoray_nsg")
+expression: r0()
diff --git a/finger/ehole/netpower.yml b/finger/ehole/netpower.yml
new file mode 100644
index 0000000..7b805cd
--- /dev/null
+++ b/finger/ehole/netpower.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-netpower
+manual: false
+detail:
+    fingerprint:
+        name: netpower
+    fofa: title="netpower"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("netpower")
+expression: r0()
diff --git a/finger/ehole/nginxWebUI.yml b/finger/ehole/nginxWebUI.yml
new file mode 100644
index 0000000..410aa6b
--- /dev/null
+++ b/finger/ehole/nginxWebUI.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-nginxWebUI
+manual: false
+detail:
+    fingerprint:
+        name: nginxWebUI
+    fofa: body="nginxWebUI"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("nginxWebUI")
+expression: r0()
diff --git a/finger/ehole/nps.yml b/finger/ehole/nps.yml
new file mode 100644
index 0000000..1bebd14
--- /dev/null
+++ b/finger/ehole/nps.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-nps
+manual: false
+detail:
+    fingerprint:
+        name: nps
+    fofa: body="nps" && body="ehang" && body="login" || body="ehang" && body="login" && body="nps"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("nps") && response.body_string.contains("ehang") && response.body_string.contains("login")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ehang") && response.body_string.contains("login") && response.body_string.contains("nps")
+expression: r0() || r1()
diff --git a/finger/ehole/oVirt-Virtualization.yml b/finger/ehole/oVirt-Virtualization.yml
new file mode 100644
index 0000000..8ffee4c
--- /dev/null
+++ b/finger/ehole/oVirt-Virtualization.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-oVirt-Virtualization
+manual: false
+detail:
+    fingerprint:
+        name: oVirt-Virtualization
+    fofa: body="<a href=\"https://www.ovirt.org\" class=\"obrand_loginpagelogolink\">" || header="/ovirt-engine/"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="https://www.ovirt.org" class="obrand_loginpagelogolink">')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("/ovirt-engine/"))
+expression: r0() || r1()
diff --git a/finger/ehole/pgAdmin.yml b/finger/ehole/pgAdmin.yml
new file mode 100644
index 0000000..63833f8
--- /dev/null
+++ b/finger/ehole/pgAdmin.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-pgAdmin
+manual: false
+detail:
+    fingerprint:
+        name: pgAdmin
+    fofa: body="pgadmin 客户端安装包"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("pgadmin 客户端安装包")
+expression: r0()
diff --git a/finger/ehole/phpstudy.yml b/finger/ehole/phpstudy.yml
new file mode 100644
index 0000000..502b617
--- /dev/null
+++ b/finger/ehole/phpstudy.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-phpstudy
+manual: false
+detail:
+    fingerprint:
+        name: phpstudy
+    fofa: body="<a href=\"https://www.xp.cn\" target=\"_blank\">www.xp.cn</a>" && body="1：新建站点、数据库、FTP可在phpstudy面板操作，数据库可在环境中下载数据库管理软件等；" || body="<a href=\"https://www.xp.cn\" target=\"_blank\">www.xp.cn</a>" || body="1：新建站点、数据库、FTP可在phpstudy面板操作，数据库可在环境中下载数据库管理软件等；"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="https://www.xp.cn" target="_blank">www.xp.cn</a>') && response.body_string.contains("1：新建站点、数据库、FTP可在phpstudy面板操作，数据库可在环境中下载数据库管理软件等；")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="https://www.xp.cn" target="_blank">www.xp.cn</a>')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("1：新建站点、数据库、FTP可在phpstudy面板操作，数据库可在环境中下载数据库管理软件等；")
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/pkpmbs.yml b/finger/ehole/pkpmbs.yml
new file mode 100644
index 0000000..28dfbdc
--- /dev/null
+++ b/finger/ehole/pkpmbs.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-pkpmbs
+manual: false
+detail:
+    fingerprint:
+        name: pkpmbs
+    fofa: body="pkpmbs" || title="pkpmbs"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("pkpmbs")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("pkpmbs")
+expression: r0() || r1()
diff --git a/finger/ehole/playSMS.yml b/finger/ehole/playSMS.yml
new file mode 100644
index 0000000..3946ece
--- /dev/null
+++ b/finger/ehole/playSMS.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-playSMS
+manual: false
+detail:
+    fingerprint:
+        name: playSMS
+    fofa: body="<a href=\"index.php?app=page&inc=register\">Register an account</a>" || body="<a href=\"index.php?app=page&inc=forgot\">Forgot password</a>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="index.php?app=page&inc=register">Register an account</a>')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="index.php?app=page&inc=forgot">Forgot password</a>')
+expression: r0() || r1()
diff --git a/finger/ehole/portainer.yml b/finger/ehole/portainer.yml
new file mode 100644
index 0000000..4e6fd86
--- /dev/null
+++ b/finger/ehole/portainer.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-portainer
+manual: false
+detail:
+    fingerprint:
+        name: portainer
+    fofa: body="href=\"ico/safari-pinned-tab.svg\"" || body="meta name=\"author\" content=\"Portainer.io" || header="portainer" || body="<meta name=\"author\" content=\"Portainer.io\" />" || body="content=\"Portainer.io\"" || title="portainer"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="ico/safari-pinned-tab.svg"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('meta name="author" content="Portainer.io')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("portainer"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<meta name="author" content="Portainer.io" />')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="Portainer.io"')
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("portainer")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/postgresql.yml b/finger/ehole/postgresql.yml
new file mode 100644
index 0000000..9a14ced
--- /dev/null
+++ b/finger/ehole/postgresql.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-postgresql
+manual: false
+detail:
+    fingerprint:
+        name: postgresql
+    fofa: header="postgresql" || title="postgresql"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("postgresql"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("postgresql")
+expression: r0() || r1()
diff --git a/finger/ehole/rcms.yml b/finger/ehole/rcms.yml
new file mode 100644
index 0000000..a691e07
--- /dev/null
+++ b/finger/ehole/rcms.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-rcms
+manual: false
+detail:
+    fingerprint:
+        name: rcms
+    fofa: body="/r/cms/www/" || body="jhtml"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/r/cms/www/")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("jhtml")
+expression: r0() || r1()
diff --git a/finger/ehole/ruijie-smart-web.yml b/finger/ehole/ruijie-smart-web.yml
new file mode 100644
index 0000000..dcd5cb8
--- /dev/null
+++ b/finger/ehole/ruijie-smart-web.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ruijie-smart-web
+manual: false
+detail:
+    fingerprint:
+        name: ruijie-smart-web
+    fofa: body="无线smartWeb"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("无线smartWeb")
+expression: r0()
diff --git a/finger/ehole/sapido-router.yml b/finger/ehole/sapido-router.yml
new file mode 100644
index 0000000..884d3ba
--- /dev/null
+++ b/finger/ehole/sapido-router.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-sapido-router
+manual: false
+detail:
+    fingerprint:
+        name: sapido-router
+    fofa: body="/etop_home_menu_style.css" && body="/b28n.js" || body="/b28n.js" && body="/etop_home_menu_style.css" || body="/etop_home_menu_style.css" || body="/b28n.js"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/etop_home_menu_style.css") && response.body_string.contains("/b28n.js")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/b28n.js") && response.body_string.contains("/etop_home_menu_style.css")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/etop_home_menu_style.css")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/b28n.js")
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/sophos.yml b/finger/ehole/sophos.yml
new file mode 100644
index 0000000..6b89cd7
--- /dev/null
+++ b/finger/ehole/sophos.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-sophos
+manual: false
+detail:
+    fingerprint:
+        name: sophos
+    fofa: header="Sophos"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Sophos"))
+expression: r0()
diff --git "a/finger/ehole/spring\346\241\206\346\236\266.yml" "b/finger/ehole/spring\346\241\206\346\236\266.yml"
new file mode 100644
index 0000000..bb7c673
--- /dev/null
+++ "b/finger/ehole/spring\346\241\206\346\236\266.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-spring框架
+manual: false
+detail:
+    fingerprint:
+        name: spring框架
+    fofa: header="spring框架" || title="spring框架"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("spring框架"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("spring框架")
+expression: r0() || r1()
diff --git a/finger/ehole/supervisord.yml b/finger/ehole/supervisord.yml
new file mode 100644
index 0000000..185a463
--- /dev/null
+++ b/finger/ehole/supervisord.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-supervisord
+manual: false
+detail:
+    fingerprint:
+        name: supervisord
+    fofa: body="images/supervisor.gif" || title="supervisor status"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("images/supervisor.gif")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("supervisor status")
+expression: r0() || r1()
diff --git a/finger/ehole/tiki-Wiki-CMS.yml b/finger/ehole/tiki-Wiki-CMS.yml
new file mode 100644
index 0000000..8d3dfc8
--- /dev/null
+++ b/finger/ehole/tiki-Wiki-CMS.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-tiki-Wiki-CMS
+manual: false
+detail:
+    fingerprint:
+        name: tiki-Wiki-CMS
+    fofa: body="jquerytiki = new object" || body="jqueryTiki = new Object"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("jquerytiki = new object")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("jqueryTiki = new Object")
+expression: r0() || r1()
diff --git a/finger/ehole/topsec-TopAudit.yml b/finger/ehole/topsec-TopAudit.yml
new file mode 100644
index 0000000..7487521
--- /dev/null
+++ b/finger/ehole/topsec-TopAudit.yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-topsec-TopAudit
+manual: false
+detail:
+    fingerprint:
+        name: topsec-TopAudit
+    fofa: body="topaudit" && body="ta-w 登录系统" || body="onclick=\"dlg_download()" || body="ta-w 登录系统" && body="topaudit" || body="topaudit" || body="ta-w 登录系统" || title="天融信网络审计系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("topaudit") && response.body_string.contains("ta-w 登录系统")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('onclick="dlg_download()')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ta-w 登录系统") && response.body_string.contains("topaudit")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("topaudit")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ta-w 登录系统")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("天融信网络审计系统")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git a/finger/ehole/tp-link.yml b/finger/ehole/tp-link.yml
new file mode 100644
index 0000000..8d907e4
--- /dev/null
+++ b/finger/ehole/tp-link.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-tp-link
+manual: false
+detail:
+    fingerprint:
+        name: tp-link
+    fofa: body="TP-LINK"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("TP-LINK")
+expression: r0()
diff --git a/finger/ehole/tutucms.yml b/finger/ehole/tutucms.yml
new file mode 100644
index 0000000..7ba3cf4
--- /dev/null
+++ b/finger/ehole/tutucms.yml
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-tutucms
+manual: false
+detail:
+    fingerprint:
+        name: tutucms
+    fofa: body="content=\"TUTUCMS" || body="Powered by TUTUCMS" || body="TUTUCMS\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="TUTUCMS')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Powered by TUTUCMS")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('TUTUCMS"')
+expression: r0() || r1() || r2()
diff --git a/finger/ehole/v2_conference.yml b/finger/ehole/v2_conference.yml
new file mode 100644
index 0000000..447e58e
--- /dev/null
+++ b/finger/ehole/v2_conference.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-v2_conference
+manual: false
+detail:
+    fingerprint:
+        name: v2_conference
+    fofa: title="v2_conference"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("v2_conference")
+expression: r0()
diff --git a/finger/ehole/venustech-USG.yml b/finger/ehole/venustech-USG.yml
new file mode 100644
index 0000000..8cd12d6
--- /dev/null
+++ b/finger/ehole/venustech-USG.yml
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-venustech-USG
+manual: false
+detail:
+    fingerprint:
+        name: venustech-USG
+    fofa: body="span id=\"changeyzm\"" && body="var hasloading = $changeyzm.is(\".item_code_loading\"" || title="天清汉马usg"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('span id="changeyzm"') && response.body_string.contains('var hasloading = $changeyzm.is(".item_code_loading"')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("天清汉马usg")
+expression: r0() || r1()
diff --git a/finger/ehole/vmware-vRealize.yml b/finger/ehole/vmware-vRealize.yml
new file mode 100644
index 0000000..2959d03
--- /dev/null
+++ b/finger/ehole/vmware-vRealize.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-vmware-vRealize
+manual: false
+detail:
+    fingerprint:
+        name: vmware-vRealize
+    fofa: body="正在重定向到 vrealize operations manager web"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("正在重定向到 vrealize operations manager web")
+expression: r0()
diff --git a/finger/ehole/vmware-vsphere.yml b/finger/ehole/vmware-vsphere.yml
new file mode 100644
index 0000000..a49896e
--- /dev/null
+++ b/finger/ehole/vmware-vsphere.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-vmware-vsphere
+manual: false
+detail:
+    fingerprint:
+        name: vmware-vsphere
+    fofa: body="<meta name=\"description\" content=\"VMware vSphere"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<meta name="description" content="VMware vSphere')
+expression: r0()
diff --git a/finger/ehole/wavlink-WN579X3.yml b/finger/ehole/wavlink-WN579X3.yml
new file mode 100644
index 0000000..a0cee2f
--- /dev/null
+++ b/finger/ehole/wavlink-WN579X3.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-wavlink-WN579X3
+manual: false
+detail:
+    fingerprint:
+        name: wavlink-WN579X3
+    fofa: body="var model=\"wn579x3\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('var model="wn579x3"')
+expression: r0()
diff --git a/finger/ehole/wdcp.yml b/finger/ehole/wdcp.yml
new file mode 100644
index 0000000..0c50cb4
--- /dev/null
+++ b/finger/ehole/wdcp.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-wdcp
+manual: false
+detail:
+    fingerprint:
+        name: wdcp
+    fofa: body="wdcp"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("wdcp")
+expression: r0()
diff --git a/finger/ehole/yii.yml b/finger/ehole/yii.yml
new file mode 100644
index 0000000..f0590fe
--- /dev/null
+++ b/finger/ehole/yii.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-yii
+manual: false
+detail:
+    fingerprint:
+        name: yii
+    fofa: header="YII_CSRF_TOKEN"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("YII_CSRF_TOKEN"))
+expression: r0()
diff --git a/finger/ehole/yonyou-U8.yml b/finger/ehole/yonyou-U8.yml
new file mode 100644
index 0000000..95be762
--- /dev/null
+++ b/finger/ehole/yonyou-U8.yml
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-yonyou-U8
+manual: false
+detail:
+    fingerprint:
+        name: yonyou-U8
+    fofa: body="getfirstu8accid" && body="javascript/bw8.js" && body="var servervendor = 'yonyouupcn'" || body="var servervendor = \"yonyouupcn\"" && body="javascript/bw8.js" || body="getfirstu8accid" || body="javascript/bw8.js" || body="var servervendor = \"yonyouupcn\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("getfirstu8accid") && response.body_string.contains("javascript/bw8.js") && response.body_string.contains("var servervendor = 'yonyouupcn'")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('var servervendor = "yonyouupcn"') && response.body_string.contains("javascript/bw8.js")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("getfirstu8accid")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("javascript/bw8.js")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('var servervendor = "yonyouupcn"')
+expression: r0() || r1() || r2() || r3() || r4()
diff --git a/finger/ehole/yunec.yml b/finger/ehole/yunec.yml
new file mode 100644
index 0000000..0d4af5b
--- /dev/null
+++ b/finger/ehole/yunec.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-yunec
+manual: false
+detail:
+    fingerprint:
+        name: yunec
+    fofa: body="href=\"/17rec.html\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="/17rec.html"')
+expression: r0()
diff --git a/finger/ehole/zfsoft.yml b/finger/ehole/zfsoft.yml
new file mode 100644
index 0000000..8a73b25
--- /dev/null
+++ b/finger/ehole/zfsoft.yml
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-zfsoft
+manual: false
+detail:
+    fingerprint:
+        name: zfsoft
+    fofa: title="zfsoft"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("zfsoft")
+expression: r0()
diff --git a/finger/ehole/zxoa.yml b/finger/ehole/zxoa.yml
new file mode 100644
index 0000000..976de13
--- /dev/null
+++ b/finger/ehole/zxoa.yml
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-zxoa
+manual: false
+detail:
+    fingerprint:
+        name: zxoa
+    fofa: body="obj.src = \"createcheckcode.aspx?id\"+strmath;" && body="name=\"button1\" value=\"\" onclick=\"javascript:return checkfrom(;\" id=\"button1\" class=\"loginbtn\" />" || body="name=\"button1\" value=\"\" onclick=\"javascript:return checkfrom();\" id=\"button1\" class=\"loginbtn\" />" || body="obj.src = \"createcheckcode.aspx?id\"+strmath;" || body="name=\"button1\" value=\"\" onclick=\"javascript:return checkfrom;\" id=\"button1\" class=\"loginbtn\" />"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('obj.src = "createcheckcode.aspx?id"+strmath;') && response.body_string.contains('name="button1" value="" onclick="javascript:return checkfrom(;" id="button1" class="loginbtn" />')
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('name="button1" value="" onclick="javascript:return checkfrom();" id="button1" class="loginbtn" />')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('obj.src = "createcheckcode.aspx?id"+strmath;')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('name="button1" value="" onclick="javascript:return checkfrom;" id="button1" class="loginbtn" />')
+expression: r0() || r1() || r2() || r3()
diff --git a/finger/ehole/zzcms.yml b/finger/ehole/zzcms.yml
new file mode 100644
index 0000000..55d20bb
--- /dev/null
+++ b/finger/ehole/zzcms.yml
@@ -0,0 +1,58 @@
+name: fingerprint-yaml-zzcms
+manual: false
+detail:
+    fingerprint:
+        name: zzcms
+    fofa: body="/zx/search.php" && body="/inc/showuserlogin.php?style=h&t=math.random(" || body="_ZCMS_ShowNewMessage" || body="zcms_skin" || body="/inc/showuserlogin.php?style=h&t=math.random()" || body="/zx/search.php" || body="/inc/showuserlogin.php?style=h&t=math.random" || title="zzcms-"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/zx/search.php") && response.body_string.contains("/inc/showuserlogin.php?style=h&t=math.random(")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("_ZCMS_ShowNewMessage")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("zcms_skin")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/inc/showuserlogin.php?style=h&t=math.random()")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/zx/search.php")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/inc/showuserlogin.php?style=h&t=math.random")
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("zzcms-")
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6()
diff --git a/finger/ehole/zzzcms(zzzphp).yml b/finger/ehole/zzzcms(zzzphp).yml
new file mode 100644
index 0000000..73bcf5b
--- /dev/null
+++ b/finger/ehole/zzzcms(zzzphp).yml
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-zzzcms(zzzphp)
+manual: false
+detail:
+    fingerprint:
+        name: zzzcms(zzzphp)
+    fofa: body="zzzcms" || body="zzzphp" || header="zzzcms" || header="zzzphp" || title="zzzcms" || title="zzzphp"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("zzzcms")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("zzzphp")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("zzzcms"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("zzzphp"))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("zzzcms")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("zzzphp")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git "a/finger/ehole/\344\270\200\347\261\263OA.yml" "b/finger/ehole/\344\270\200\347\261\263OA.yml"
new file mode 100644
index 0000000..62d299e
--- /dev/null
+++ "b/finger/ehole/\344\270\200\347\261\263OA.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-一米OA
+manual: false
+detail:
+    fingerprint:
+        name: 一米OA
+    fofa: body="/yimioa.apk"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/yimioa.apk")
+expression: r0()
diff --git "a/finger/ehole/\344\270\207\346\210\267 OA.yml" "b/finger/ehole/\344\270\207\346\210\267 OA.yml"
new file mode 100644
index 0000000..6bc16a0
--- /dev/null
+++ "b/finger/ehole/\344\270\207\346\210\267 OA.yml"	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-万户 OA
+manual: false
+detail:
+    fingerprint:
+        name: 万户 OA
+    fofa: body="defaultroot" && body="Logon!logon.action" && body="domainAccount" || title="万户OA"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("defaultroot") && response.body_string.contains("Logon!logon.action") && response.body_string.contains("domainAccount")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("万户OA")
+expression: r0() || r1()
diff --git "a/finger/ehole/\344\270\255\345\205\264\350\267\257\347\224\261\345\231\250.yml" "b/finger/ehole/\344\270\255\345\205\264\350\267\257\347\224\261\345\231\250.yml"
new file mode 100644
index 0000000..7de3db3
--- /dev/null
+++ "b/finger/ehole/\344\270\255\345\205\264\350\267\257\347\224\261\345\231\250.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-中兴路由器
+manual: false
+detail:
+    fingerprint:
+        name: 中兴路由器
+    fofa: header="Server:Mini web server 1.0 ZTE corp 2005."
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Server:Mini web server 1.0 ZTE corp 2005."))
+expression: r0()
diff --git "a/finger/ehole/\344\270\255\346\226\260\351\207\221\347\233\276\344\277\241\346\201\257\345\256\211\345\205\250\347\256\241\347\220\206\347\263\273\347\273\237.yml" "b/finger/ehole/\344\270\255\346\226\260\351\207\221\347\233\276\344\277\241\346\201\257\345\256\211\345\205\250\347\256\241\347\220\206\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..c75545e
--- /dev/null
+++ "b/finger/ehole/\344\270\255\346\226\260\351\207\221\347\233\276\344\277\241\346\201\257\345\256\211\345\205\250\347\256\241\347\220\206\347\263\273\347\273\237.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-中新金盾信息安全管理系统
+manual: false
+detail:
+    fingerprint:
+        name: 中新金盾信息安全管理系统
+    fofa: body="中新金盾信息安全管理系统" && body="login" && body="useusbkey"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("中新金盾信息安全管理系统") && response.body_string.contains("login") && response.body_string.contains("useusbkey")
+expression: r0()
diff --git "a/finger/ehole/\344\270\255\346\234\233OA.yml" "b/finger/ehole/\344\270\255\346\234\233OA.yml"
new file mode 100644
index 0000000..7a7f802
--- /dev/null
+++ "b/finger/ehole/\344\270\255\346\234\233OA.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-中望OA
+manual: false
+detail:
+    fingerprint:
+        name: 中望OA
+    fofa: body="/app_qjuserinfo/qjuserinfoadd.jsp" || body="/IMAGES/default/first/xtoa_logo.png"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/app_qjuserinfo/qjuserinfoadd.jsp")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/IMAGES/default/first/xtoa_logo.png")
+expression: r0() || r1()
diff --git "a/finger/ehole/\344\270\255\350\277\234\351\272\222\351\272\237\345\240\241\345\236\222\346\234\272.yml" "b/finger/ehole/\344\270\255\350\277\234\351\272\222\351\272\237\345\240\241\345\236\222\346\234\272.yml"
new file mode 100644
index 0000000..01a4a21
--- /dev/null
+++ "b/finger/ehole/\344\270\255\350\277\234\351\272\222\351\272\237\345\240\241\345\236\222\346\234\272.yml"
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-中远麒麟堡垒机
+manual: false
+detail:
+    fingerprint:
+        name: 中远麒麟堡垒机
+    fofa: body="admin.php" && body="controller=admin_index&action=login" || header="中远麒麟堡垒机" || title="中远麒麟堡垒机"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("admin.php") && response.body_string.contains("controller=admin_index&action=login")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("中远麒麟堡垒机"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("中远麒麟堡垒机")
+expression: r0() || r1() || r2()
diff --git "a/finger/ehole/\344\271\205\345\205\266\346\212\245\350\241\250.yml" "b/finger/ehole/\344\271\205\345\205\266\346\212\245\350\241\250.yml"
new file mode 100644
index 0000000..ab96e0a
--- /dev/null
+++ "b/finger/ehole/\344\271\205\345\205\266\346\212\245\350\241\250.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-久其报表
+manual: false
+detail:
+    fingerprint:
+        name: 久其报表
+    fofa: title="久其报表"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("久其报表")
+expression: r0()
diff --git "a/finger/ehole/\344\272\221EC\347\224\265\345\225\206\347\263\273\347\273\237.yml" "b/finger/ehole/\344\272\221EC\347\224\265\345\225\206\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..07e3a2e
--- /dev/null
+++ "b/finger/ehole/\344\272\221EC\347\224\265\345\225\206\347\263\273\347\273\237.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-云EC电商系统
+manual: false
+detail:
+    fingerprint:
+        name: 云EC电商系统
+    fofa: title="云EC电商系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("云EC电商系统")
+expression: r0()
diff --git "a/finger/ehole/\344\272\221\344\274\230CMS(YUNUCMS).yml" "b/finger/ehole/\344\272\221\344\274\230CMS(YUNUCMS).yml"
new file mode 100644
index 0000000..129fea2
--- /dev/null
+++ "b/finger/ehole/\344\272\221\344\274\230CMS(YUNUCMS).yml"
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-云优CMS(YUNUCMS)
+manual: false
+detail:
+    fingerprint:
+        name: 云优CMS(YUNUCMS)
+    fofa: body="云优CMS" || body="YUNUCMS" || header="云优CMS" || header="YUNUCMS" || title="云优CMS" || title="YUNUCMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("云优CMS")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("YUNUCMS")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("云优CMS"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("YUNUCMS"))
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("云优CMS")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("YUNUCMS")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git "a/finger/ehole/\344\272\277\350\265\233\351\200\232(DLP).yml" "b/finger/ehole/\344\272\277\350\265\233\351\200\232(DLP).yml"
new file mode 100644
index 0000000..89dfb5a
--- /dev/null
+++ "b/finger/ehole/\344\272\277\350\265\233\351\200\232(DLP).yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-亿赛通(DLP)
+manual: false
+detail:
+    fingerprint:
+        name: 亿赛通(DLP)
+    fofa: body="CDGServer3" && body="welcomebg.jpg"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("CDGServer3") && response.body_string.contains("welcomebg.jpg")
+expression: r0()
diff --git "a/finger/ehole/\344\272\277\350\265\233\351\200\232DLP.yml" "b/finger/ehole/\344\272\277\350\265\233\351\200\232DLP.yml"
new file mode 100644
index 0000000..70e6dfc
--- /dev/null
+++ "b/finger/ehole/\344\272\277\350\265\233\351\200\232DLP.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-亿赛通DLP
+manual: false
+detail:
+    fingerprint:
+        name: 亿赛通DLP
+    fofa: body="CDGServer3"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("CDGServer3")
+expression: r0()
diff --git "a/finger/ehole/\344\272\277\350\265\233\351\200\232\347\224\265\345\255\220\346\226\207\346\241\243\345\256\211\345\205\250\347\256\241\347\220\206\347\263\273\347\273\237.yml" "b/finger/ehole/\344\272\277\350\265\233\351\200\232\347\224\265\345\255\220\346\226\207\346\241\243\345\256\211\345\205\250\347\256\241\347\220\206\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..8fe98cc
--- /dev/null
+++ "b/finger/ehole/\344\272\277\350\265\233\351\200\232\347\224\265\345\255\220\346\226\207\346\241\243\345\256\211\345\205\250\347\256\241\347\220\206\347\263\273\347\273\237.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-亿赛通电子文档安全管理系统
+manual: false
+detail:
+    fingerprint:
+        name: 亿赛通电子文档安全管理系统
+    fofa: body="电子文档安全管理系统" && body="CDGServer3" || body="<title>电子文档安全管理系统</title>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("电子文档安全管理系统") && response.body_string.contains("CDGServer3")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>电子文档安全管理系统</title>")
+expression: r0() || r1()
diff --git "a/finger/ehole/\344\272\277\351\202\256\351\202\256\344\273\266\347\263\273\347\273\237.yml" "b/finger/ehole/\344\272\277\351\202\256\351\202\256\344\273\266\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..a2a0e0f
--- /dev/null
+++ "b/finger/ehole/\344\272\277\351\202\256\351\202\256\344\273\266\347\263\273\347\273\237.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-亿邮邮件系统
+manual: false
+detail:
+    fingerprint:
+        name: 亿邮邮件系统
+    fofa: body="eYou" && body="q=login" && body="tpl/user" || body="eYou" && body="q=help" && body="tpl/user"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("eYou") && response.body_string.contains("q=login") && response.body_string.contains("tpl/user")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("eYou") && response.body_string.contains("q=help") && response.body_string.contains("tpl/user")
+expression: r0() || r1()
diff --git "a/finger/ehole/\344\275\221\345\217\213\351\230\262\347\201\253\345\242\231.yml" "b/finger/ehole/\344\275\221\345\217\213\351\230\262\347\201\253\345\242\231.yml"
new file mode 100644
index 0000000..63a7960
--- /dev/null
+++ "b/finger/ehole/\344\275\221\345\217\213\351\230\262\347\201\253\345\242\231.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-佑友防火墙
+manual: false
+detail:
+    fingerprint:
+        name: 佑友防火墙
+    fofa: body="<title>佑友防火墙</title>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>佑友防火墙</title>")
+expression: r0()
diff --git "a/finger/ehole/\344\277\241\345\221\274 OA.yml" "b/finger/ehole/\344\277\241\345\221\274 OA.yml"
new file mode 100644
index 0000000..db14551
--- /dev/null
+++ "b/finger/ehole/\344\277\241\345\221\274 OA.yml"	
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-信呼 OA
+manual: false
+detail:
+    fingerprint:
+        name: 信呼 OA
+    fofa: icon_hash="1652488516"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1652488516
+expression: r0()
diff --git "a/finger/ehole/\345\205\250\346\201\257AI\345\274\261\347\224\265\347\275\221\347\273\234\347\273\274\345\220\210\350\277\220\347\273\264\345\271\263\345\217\260.yml" "b/finger/ehole/\345\205\250\346\201\257AI\345\274\261\347\224\265\347\275\221\347\273\234\347\273\274\345\220\210\350\277\220\347\273\264\345\271\263\345\217\260.yml"
new file mode 100644
index 0000000..8ab4315
--- /dev/null
+++ "b/finger/ehole/\345\205\250\346\201\257AI\345\274\261\347\224\265\347\275\221\347\273\234\347\273\274\345\220\210\350\277\220\347\273\264\345\271\263\345\217\260.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-全息AI弱电网络综合运维平台
+manual: false
+detail:
+    fingerprint:
+        name: 全息AI弱电网络综合运维平台
+    fofa: body="全息AI" && body="g_is_hk" && body="login"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("全息AI") && response.body_string.contains("g_is_hk") && response.body_string.contains("login")
+expression: r0()
diff --git "a/finger/ehole/\345\215\216\344\270\272\344\272\221\346\241\214\351\235\242.yml" "b/finger/ehole/\345\215\216\344\270\272\344\272\221\346\241\214\351\235\242.yml"
new file mode 100644
index 0000000..a597174
--- /dev/null
+++ "b/finger/ehole/\345\215\216\344\270\272\344\272\221\346\241\214\351\235\242.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-华为云桌面
+manual: false
+detail:
+    fingerprint:
+        name: 华为云桌面
+    fofa: body="Desktop@FusionAccess" && body="/webui/"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Desktop@FusionAccess") && response.body_string.contains("/webui/")
+expression: r0()
diff --git "a/finger/ehole/\345\215\216\345\237\237Reporter.yml" "b/finger/ehole/\345\215\216\345\237\237Reporter.yml"
new file mode 100644
index 0000000..d592656
--- /dev/null
+++ "b/finger/ehole/\345\215\216\345\237\237Reporter.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-华域Reporter
+manual: false
+detail:
+    fingerprint:
+        name: 华域Reporter
+    fofa: body="reporter" && body="login" && body="action.php"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("reporter") && response.body_string.contains("login") && response.body_string.contains("action.php")
+expression: r0()
diff --git "a/finger/ehole/\345\215\232\345\215\216\347\275\221\351\276\231\344\277\241\346\201\257\345\256\211\345\205\250\344\270\200\344\275\223\346\234\272.yml" "b/finger/ehole/\345\215\232\345\215\216\347\275\221\351\276\231\344\277\241\346\201\257\345\256\211\345\205\250\344\270\200\344\275\223\346\234\272.yml"
new file mode 100644
index 0000000..40cf566
--- /dev/null
+++ "b/finger/ehole/\345\215\232\345\215\216\347\275\221\351\276\231\344\277\241\346\201\257\345\256\211\345\205\250\344\270\200\344\275\223\346\234\272.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-博华网龙信息安全一体机
+manual: false
+detail:
+    fingerprint:
+        name: 博华网龙信息安全一体机
+    fofa: title="博华网龙信息安全一体机"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("博华网龙信息安全一体机")
+expression: r0()
diff --git "a/finger/ehole/\345\220\210\346\255\243\347\275\221\347\253\231\347\276\244\345\206\205\345\256\271\347\256\241\347\220\206\347\263\273\347\273\237.yml" "b/finger/ehole/\345\220\210\346\255\243\347\275\221\347\253\231\347\276\244\345\206\205\345\256\271\347\256\241\347\220\206\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..737640b
--- /dev/null
+++ "b/finger/ehole/\345\220\210\346\255\243\347\275\221\347\253\231\347\276\244\345\206\205\345\256\271\347\256\241\347\220\206\347\263\273\347\273\237.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-合正网站群内容管理系统
+manual: false
+detail:
+    fingerprint:
+        name: 合正网站群内容管理系统
+    fofa: body="Produced By" || body="网站群内容管理系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Produced By")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("网站群内容管理系统")
+expression: r0() || r1()
diff --git "a/finger/ehole/\345\220\214\346\234\233iOA.yml" "b/finger/ehole/\345\220\214\346\234\233iOA.yml"
new file mode 100644
index 0000000..b68d672
--- /dev/null
+++ "b/finger/ehole/\345\220\214\346\234\233iOA.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-同望iOA
+manual: false
+detail:
+    fingerprint:
+        name: 同望iOA
+    fofa: header="同望iOA" || title="同望iOA"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("同望iOA"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("同望iOA")
+expression: r0() || r1()
diff --git "a/finger/ehole/\345\220\221\346\227\245\350\221\265-SunLogin.yml" "b/finger/ehole/\345\220\221\346\227\245\350\221\265-SunLogin.yml"
new file mode 100644
index 0000000..6527a21
--- /dev/null
+++ "b/finger/ehole/\345\220\221\346\227\245\350\221\265-SunLogin.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-向日葵-SunLogin
+manual: false
+detail:
+    fingerprint:
+        name: 向日葵-SunLogin
+    fofa: body="{\"success\":false,\"msg\":\"Verification failure\"}"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('{"success":false,"msg":"Verification failure"}')
+expression: r0()
diff --git "a/finger/ehole/\345\244\247\345\215\216-\346\231\272\350\203\275\347\211\251\350\201\224\347\273\274\345\220\210\347\256\241\347\220\206\345\271\263\345\217\260.yml" "b/finger/ehole/\345\244\247\345\215\216-\346\231\272\350\203\275\347\211\251\350\201\224\347\273\274\345\220\210\347\256\241\347\220\206\345\271\263\345\217\260.yml"
new file mode 100644
index 0000000..49824ca
--- /dev/null
+++ "b/finger/ehole/\345\244\247\345\215\216-\346\231\272\350\203\275\347\211\251\350\201\224\347\273\274\345\220\210\347\256\241\347\220\206\345\271\263\345\217\260.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-大华-智能物联综合管理平台
+manual: false
+detail:
+    fingerprint:
+        name: 大华-智能物联综合管理平台
+    fofa: body="static/qwebchannel.js" && body="moment"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("static/qwebchannel.js") && response.body_string.contains("moment")
+expression: r0()
diff --git "a/finger/ehole/\345\244\247\345\215\216DSS.yml" "b/finger/ehole/\345\244\247\345\215\216DSS.yml"
new file mode 100644
index 0000000..88c4cc6
--- /dev/null
+++ "b/finger/ehole/\345\244\247\345\215\216DSS.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-大华DSS
+manual: false
+detail:
+    fingerprint:
+        name: 大华DSS
+    fofa: header="大华DSS" || title="大华DSS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("大华DSS"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("大华DSS")
+expression: r0() || r1()
diff --git "a/finger/ehole/\345\244\247\345\215\216\346\231\272\346\205\247\345\233\255\345\214\272\347\273\274\345\220\210\347\256\241\347\220\206\345\271\263\345\217\260.yml" "b/finger/ehole/\345\244\247\345\215\216\346\231\272\346\205\247\345\233\255\345\214\272\347\273\274\345\220\210\347\256\241\347\220\206\345\271\263\345\217\260.yml"
new file mode 100644
index 0000000..d46ec62
--- /dev/null
+++ "b/finger/ehole/\345\244\247\345\215\216\346\231\272\346\205\247\345\233\255\345\214\272\347\273\274\345\220\210\347\256\241\347\220\206\345\271\263\345\217\260.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-大华智慧园区综合管理平台
+manual: false
+detail:
+    fingerprint:
+        name: 大华智慧园区综合管理平台
+    fofa: body="URL='/WPMS'"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("URL='/WPMS'")
+expression: r0()
diff --git "a/finger/ehole/\345\244\247\346\261\211JCMS.yml" "b/finger/ehole/\345\244\247\346\261\211JCMS.yml"
new file mode 100644
index 0000000..4fb1134
--- /dev/null
+++ "b/finger/ehole/\345\244\247\346\261\211JCMS.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-大汉JCMS
+manual: false
+detail:
+    fingerprint:
+        name: 大汉JCMS
+    fofa: title="大汉JCMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("大汉JCMS")
+expression: r0()
diff --git "a/finger/ehole/\345\244\251\346\223\216.yml" "b/finger/ehole/\345\244\251\346\223\216.yml"
new file mode 100644
index 0000000..6b0232d
--- /dev/null
+++ "b/finger/ehole/\345\244\251\346\223\216.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-天擎
+manual: false
+detail:
+    fingerprint:
+        name: 天擎
+    fofa: body="index/logo" && body="天擎</title>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("index/logo") && response.body_string.contains("天擎</title>")
+expression: r0()
diff --git "a/finger/ehole/\345\244\251\350\236\215\344\277\241 \346\227\245\345\277\227\346\224\266\351\233\206\344\270\216\345\210\206\346\236\220\347\263\273\347\273\237.yml" "b/finger/ehole/\345\244\251\350\236\215\344\277\241 \346\227\245\345\277\227\346\224\266\351\233\206\344\270\216\345\210\206\346\236\220\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..dd420bf
--- /dev/null
+++ "b/finger/ehole/\345\244\251\350\236\215\344\277\241 \346\227\245\345\277\227\346\224\266\351\233\206\344\270\216\345\210\206\346\236\220\347\263\273\347\273\237.yml"	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-天融信 日志收集与分析系统
+manual: false
+detail:
+    fingerprint:
+        name: 天融信 日志收集与分析系统
+    fofa: header="天融信 日志收集与分析系统" || title="天融信 日志收集与分析系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("天融信 日志收集与分析系统"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("天融信 日志收集与分析系统")
+expression: r0() || r1()
diff --git "a/finger/ehole/\345\244\251\350\236\215\344\277\241-\344\270\212\347\275\221\350\241\214\344\270\272\347\256\241\347\220\206\347\263\273\347\273\237.yml" "b/finger/ehole/\345\244\251\350\236\215\344\277\241-\344\270\212\347\275\221\350\241\214\344\270\272\347\256\241\347\220\206\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..0d2c3c2
--- /dev/null
+++ "b/finger/ehole/\345\244\251\350\236\215\344\277\241-\344\270\212\347\275\221\350\241\214\344\270\272\347\256\241\347\220\206\347\263\273\347\273\237.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-天融信-上网行为管理系统
+manual: false
+detail:
+    fingerprint:
+        name: 天融信-上网行为管理系统
+    fofa: body="images/logo3.gif" && body="dkey_activex_download.php" && body="login_commit.php"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("images/logo3.gif") && response.body_string.contains("dkey_activex_download.php") && response.body_string.contains("login_commit.php")
+expression: r0()
diff --git "a/finger/ehole/\345\244\251\350\236\215\344\277\241VPN.yml" "b/finger/ehole/\345\244\251\350\236\215\344\277\241VPN.yml"
new file mode 100644
index 0000000..00a07aa
--- /dev/null
+++ "b/finger/ehole/\345\244\251\350\236\215\344\277\241VPN.yml"
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-天融信VPN
+manual: false
+detail:
+    fingerprint:
+        name: 天融信VPN
+    fofa: header="topsecsvportalstyle" || header="TopWebServer" || header="topsecsvportalname"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("topsecsvportalstyle"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("TopWebServer"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("topsecsvportalname"))
+expression: r0() || r1() || r2()
diff --git "a/finger/ehole/\345\244\251\350\236\215\344\277\241\346\225\260\346\215\256\351\230\262\346\263\204\346\274\217\347\263\273\347\273\237.yml" "b/finger/ehole/\345\244\251\350\236\215\344\277\241\346\225\260\346\215\256\351\230\262\346\263\204\346\274\217\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..610cc59
--- /dev/null
+++ "b/finger/ehole/\345\244\251\350\236\215\344\277\241\346\225\260\346\215\256\351\230\262\346\263\204\346\274\217\347\263\273\347\273\237.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-天融信数据防泄漏系统
+manual: false
+detail:
+    fingerprint:
+        name: 天融信数据防泄漏系统
+    fofa: body="topdlp_show" && body="天融信数据防泄漏系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("topdlp_show") && response.body_string.contains("天融信数据防泄漏系统")
+expression: r0()
diff --git "a/finger/ehole/\345\244\251\350\236\215\344\277\241\347\275\221\347\273\234\345\256\241\350\256\241\347\263\273\347\273\237.yml" "b/finger/ehole/\345\244\251\350\236\215\344\277\241\347\275\221\347\273\234\345\256\241\350\256\241\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..6307df1
--- /dev/null
+++ "b/finger/ehole/\345\244\251\350\236\215\344\277\241\347\275\221\347\273\234\345\256\241\350\256\241\347\263\273\347\273\237.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-天融信网络审计系统
+manual: false
+detail:
+    fingerprint:
+        name: 天融信网络审计系统
+    fofa: body="onclick=\"dlg_download()"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('onclick="dlg_download()')
+expression: r0()
diff --git "a/finger/ehole/\345\244\251\350\236\215\344\277\241\350\204\206\345\274\261\346\200\247\346\211\253\346\217\217\344\270\216\347\256\241\347\220\206\347\263\273\347\273\237.yml" "b/finger/ehole/\345\244\251\350\236\215\344\277\241\350\204\206\345\274\261\346\200\247\346\211\253\346\217\217\344\270\216\347\256\241\347\220\206\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..1d5317b
--- /dev/null
+++ "b/finger/ehole/\345\244\251\350\236\215\344\277\241\350\204\206\345\274\261\346\200\247\346\211\253\346\217\217\344\270\216\347\256\241\347\220\206\347\263\273\347\273\237.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-天融信脆弱性扫描与管理系统
+manual: false
+detail:
+    fingerprint:
+        name: 天融信脆弱性扫描与管理系统
+    fofa: body="/js/report/horizontalReportPanel.js"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/js/report/horizontalReportPanel.js")
+expression: r0()
diff --git "a/finger/ehole/\345\244\251\350\236\215\344\277\241\351\230\262\347\201\253\345\242\231.yml" "b/finger/ehole/\345\244\251\350\236\215\344\277\241\351\230\262\347\201\253\345\242\231.yml"
new file mode 100644
index 0000000..d245dd9
--- /dev/null
+++ "b/finger/ehole/\345\244\251\350\236\215\344\277\241\351\230\262\347\201\253\345\242\231.yml"
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-天融信防火墙
+manual: false
+detail:
+    fingerprint:
+        name: 天融信防火墙
+    fofa: body="TOPSEC" && body="image/aaa.png" && body="username" || body="WEB User Interface" || header="TopWebServer"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("TOPSEC") && response.body_string.contains("image/aaa.png") && response.body_string.contains("username")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("WEB User Interface")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("TopWebServer"))
+expression: r0() || r1() || r2()
diff --git "a/finger/ehole/\345\245\275\350\247\206\351\200\232.yml" "b/finger/ehole/\345\245\275\350\247\206\351\200\232.yml"
new file mode 100644
index 0000000..b8242cd
--- /dev/null
+++ "b/finger/ehole/\345\245\275\350\247\206\351\200\232.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-好视通
+manual: false
+detail:
+    fingerprint:
+        name: 好视通
+    fofa: body="fsmeeting" && body="loginCheck.do" && body="app.result"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("fsmeeting") && response.body_string.contains("loginCheck.do") && response.body_string.contains("app.result")
+expression: r0()
diff --git "a/finger/ehole/\345\255\232\347\233\237\344\272\221 CRM.yml" "b/finger/ehole/\345\255\232\347\233\237\344\272\221 CRM.yml"
new file mode 100644
index 0000000..875bb96
--- /dev/null
+++ "b/finger/ehole/\345\255\232\347\233\237\344\272\221 CRM.yml"	
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-孚盟云 CRM
+manual: false
+detail:
+    fingerprint:
+        name: 孚盟云 CRM
+    fofa: icon_hash="1533124028"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1533124028
+expression: r0()
diff --git "a/finger/ehole/\345\255\232\347\233\237\344\272\221.yml" "b/finger/ehole/\345\255\232\347\233\237\344\272\221.yml"
new file mode 100644
index 0000000..2769505
--- /dev/null
+++ "b/finger/ehole/\345\255\232\347\233\237\344\272\221.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-孚盟云
+manual: false
+detail:
+    fingerprint:
+        name: 孚盟云
+    fofa: body="fumasoft" && body="孚盟云"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("fumasoft") && response.body_string.contains("孚盟云")
+expression: r0()
diff --git "a/finger/ehole/\345\256\211\346\201\222\346\230\216\345\276\241\345\256\211\345\205\250\347\275\221\345\205\263.yml" "b/finger/ehole/\345\256\211\346\201\222\346\230\216\345\276\241\345\256\211\345\205\250\347\275\221\345\205\263.yml"
new file mode 100644
index 0000000..a5c8479
--- /dev/null
+++ "b/finger/ehole/\345\256\211\346\201\222\346\230\216\345\276\241\345\256\211\345\205\250\347\275\221\345\205\263.yml"
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-安恒明御安全网关
+manual: false
+detail:
+    fingerprint:
+        name: 安恒明御安全网关
+    fofa: title="明御安全网关" || header="安恒明御安全网关" || title="安恒明御安全网关"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("明御安全网关")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("安恒明御安全网关"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("安恒明御安全网关")
+expression: r0() || r1() || r2()
diff --git "a/finger/ehole/\345\270\206\350\275\257\346\212\245\350\241\250-FineReport.yml" "b/finger/ehole/\345\270\206\350\275\257\346\212\245\350\241\250-FineReport.yml"
new file mode 100644
index 0000000..ee34c3d
--- /dev/null
+++ "b/finger/ehole/\345\270\206\350\275\257\346\212\245\350\241\250-FineReport.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-帆软报表-FineReport
+manual: false
+detail:
+    fingerprint:
+        name: 帆软报表-FineReport
+    fofa: body="ReportServer" && body="=fs"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ReportServer") && response.body_string.contains("=fs")
+expression: r0()
diff --git "a/finger/ehole/\345\270\206\350\275\257\346\225\260\346\215\256\345\206\263\347\255\226\347\263\273\347\273\237.yml" "b/finger/ehole/\345\270\206\350\275\257\346\225\260\346\215\256\345\206\263\347\255\226\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..6a53375
--- /dev/null
+++ "b/finger/ehole/\345\270\206\350\275\257\346\225\260\346\215\256\345\206\263\347\255\226\347\263\273\347\273\237.yml"
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-帆软数据决策系统
+manual: false
+detail:
+    fingerprint:
+        name: 帆软数据决策系统
+    fofa: body=">数据决策系统" && body="ReportServer?op" || body="/webroot/decision/file?path=" || body="FineReport/decision"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains(">数据决策系统") && response.body_string.contains("ReportServer?op")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/webroot/decision/file?path=")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("FineReport/decision")
+expression: r0() || r1() || r2()
diff --git "a/finger/ehole/\345\270\225\346\213\211\350\277\252\347\273\237\344\270\200\345\256\211\345\205\250\347\256\241\347\220\206\344\270\216\347\273\274\345\220\210\345\256\241\350\256\241\347\263\273\347\273\237.yml" "b/finger/ehole/\345\270\225\346\213\211\350\277\252\347\273\237\344\270\200\345\256\211\345\205\250\347\256\241\347\220\206\344\270\216\347\273\274\345\220\210\345\256\241\350\256\241\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..7d8fc55
--- /dev/null
+++ "b/finger/ehole/\345\270\225\346\213\211\350\277\252\347\273\237\344\270\200\345\256\211\345\205\250\347\256\241\347\220\206\344\270\216\347\273\274\345\220\210\345\256\241\350\256\241\347\263\273\347\273\237.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-帕拉迪统一安全管理与综合审计系统
+manual: false
+detail:
+    fingerprint:
+        name: 帕拉迪统一安全管理与综合审计系统
+    fofa: header="帕拉迪统一安全管理与综合审计系统" || title="帕拉迪统一安全管理与综合审计系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("帕拉迪统一安全管理与综合审计系统"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("帕拉迪统一安全管理与综合审计系统")
+expression: r0() || r1()
diff --git "a/finger/ehole/\346\201\251\347\211\271\345\256\242\346\210\267\350\265\204\346\272\220\347\256\241\347\220\206\347\263\273\347\273\237.yml" "b/finger/ehole/\346\201\251\347\211\271\345\256\242\346\210\267\350\265\204\346\272\220\347\256\241\347\220\206\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..bf385dd
--- /dev/null
+++ "b/finger/ehole/\346\201\251\347\211\271\345\256\242\346\210\267\350\265\204\346\272\220\347\256\241\347\220\206\347\263\273\347\273\237.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-恩特客户资源管理系统
+manual: false
+detail:
+    fingerprint:
+        name: 恩特客户资源管理系统
+    fofa: header="恩特客户资源管理系统" || title="恩特客户资源管理系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("恩特客户资源管理系统"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("恩特客户资源管理系统")
+expression: r0() || r1()
diff --git "a/finger/ehole/\346\202\237\347\251\272CRM.yml" "b/finger/ehole/\346\202\237\347\251\272CRM.yml"
new file mode 100644
index 0000000..d45eec1
--- /dev/null
+++ "b/finger/ehole/\346\202\237\347\251\272CRM.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-悟空CRM
+manual: false
+detail:
+    fingerprint:
+        name: 悟空CRM
+    fofa: icon_hash="872805507" || body="/Public/js/5kcrm.js"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 872805507
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/Public/js/5kcrm.js")
+expression: r0() || r1()
diff --git "a/finger/ehole/\346\203\240\345\260\224\351\241\277\344\270\212\347\275\221\350\241\214\344\270\272\347\256\241\347\220\206\347\263\273\347\273\237.yml" "b/finger/ehole/\346\203\240\345\260\224\351\241\277\344\270\212\347\275\221\350\241\214\344\270\272\347\256\241\347\220\206\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..39c15f4
--- /dev/null
+++ "b/finger/ehole/\346\203\240\345\260\224\351\241\277\344\270\212\347\275\221\350\241\214\344\270\272\347\256\241\347\220\206\347\263\273\347\273\237.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-惠尔顿上网行为管理系统
+manual: false
+detail:
+    fingerprint:
+        name: 惠尔顿上网行为管理系统
+    fofa: body="updateLoginPswd.php" || body="PassroedEle"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("updateLoginPswd.php")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("PassroedEle")
+expression: r0() || r1()
diff --git "a/finger/ehole/\346\214\207\346\214\245\350\260\203\345\272\246\345\271\263\345\217\260.yml" "b/finger/ehole/\346\214\207\346\214\245\350\260\203\345\272\246\345\271\263\345\217\260.yml"
new file mode 100644
index 0000000..0b25e9e
--- /dev/null
+++ "b/finger/ehole/\346\214\207\346\214\245\350\260\203\345\272\246\345\271\263\345\217\260.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-指挥调度平台
+manual: false
+detail:
+    fingerprint:
+        name: 指挥调度平台
+    fofa: icon_hash="-1971504131"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1971504131
+expression: r0()
diff --git "a/finger/ehole/\346\223\216\345\244\251\347\224\265\345\255\220\346\224\277\345\212\241.yml" "b/finger/ehole/\346\223\216\345\244\251\347\224\265\345\255\220\346\224\277\345\212\241.yml"
new file mode 100644
index 0000000..c47b1c6
--- /dev/null
+++ "b/finger/ehole/\346\223\216\345\244\251\347\224\265\345\255\220\346\224\277\345\212\241.yml"
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-擎天电子政务
+manual: false
+detail:
+    fingerprint:
+        name: 擎天电子政务
+    fofa: body="App_Themes/1/Style.css" || body="window.location = \"homepages/index.aspx" || body="homepages/content_page.aspx"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("App_Themes/1/Style.css")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('window.location = "homepages/index.aspx')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("homepages/content_page.aspx")
+expression: r0() || r1() || r2()
diff --git "a/finger/ehole/\346\227\266\347\251\272\346\231\272\345\217\213.yml" "b/finger/ehole/\346\227\266\347\251\272\346\231\272\345\217\213.yml"
new file mode 100644
index 0000000..237c239
--- /dev/null
+++ "b/finger/ehole/\346\227\266\347\251\272\346\231\272\345\217\213.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-时空智友
+manual: false
+detail:
+    fingerprint:
+        name: 时空智友
+    fofa: body="login.jsp?login" && body="登录"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("login.jsp?login") && response.body_string.contains("登录")
+expression: r0()
diff --git "a/finger/ehole/\346\230\216\346\272\220\344\272\221ERP.yml" "b/finger/ehole/\346\230\216\346\272\220\344\272\221ERP.yml"
new file mode 100644
index 0000000..64a5842
--- /dev/null
+++ "b/finger/ehole/\346\230\216\346\272\220\344\272\221ERP.yml"
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-明源云ERP
+manual: false
+detail:
+    fingerprint:
+        name: 明源云ERP
+    fofa: icon_hash="-626335361" || title="明源云ERP" || body="PubPlatform" && body="明源云" && body="LoginHandler" || body="#153290" && body="明源软件" || body="明源云ERP"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -626335361
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("明源云ERP")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("PubPlatform") && response.body_string.contains("明源云") && response.body_string.contains("LoginHandler")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("#153290") && response.body_string.contains("明源软件")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("明源云ERP")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git "a/finger/ehole/\346\260\270\344\270\255DCS.yml" "b/finger/ehole/\346\260\270\344\270\255DCS.yml"
new file mode 100644
index 0000000..081ce3f
--- /dev/null
+++ "b/finger/ehole/\346\260\270\344\270\255DCS.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-永中DCS
+manual: false
+detail:
+    fingerprint:
+        name: 永中DCS
+    fofa: body="<title>永中文档在线预览DCS</title>" && body="www.yozodcs.com" || body="<title>永中文档在线预览DCS</title>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>永中文档在线预览DCS</title>") && response.body_string.contains("www.yozodcs.com")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>永中文档在线预览DCS</title>")
+expression: r0() || r1()
diff --git "a/finger/ehole/\346\263\233\345\276\256 OA.yml" "b/finger/ehole/\346\263\233\345\276\256 OA.yml"
new file mode 100644
index 0000000..1dcf7df
--- /dev/null
+++ "b/finger/ehole/\346\263\233\345\276\256 OA.yml"	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-泛微 OA
+manual: false
+detail:
+    fingerprint:
+        name: 泛微 OA
+    fofa: icon_hash="1578525679" || title="泛微OA"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1578525679
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("泛微OA")
+expression: r0() || r1()
diff --git "a/finger/ehole/\346\263\233\345\276\256E-office.yml" "b/finger/ehole/\346\263\233\345\276\256E-office.yml"
new file mode 100644
index 0000000..859b13d
--- /dev/null
+++ "b/finger/ehole/\346\263\233\345\276\256E-office.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-泛微E-office
+manual: false
+detail:
+    fingerprint:
+        name: 泛微E-office
+    fofa: header="泛微E-office" || title="泛微E-office"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("泛微E-office"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("泛微E-office")
+expression: r0() || r1()
diff --git "a/finger/ehole/\346\265\252\346\275\256\346\224\277\345\212\241\347\263\273\347\273\237.yml" "b/finger/ehole/\346\265\252\346\275\256\346\224\277\345\212\241\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..3dcfd89
--- /dev/null
+++ "b/finger/ehole/\346\265\252\346\275\256\346\224\277\345\212\241\347\263\273\347\273\237.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-浪潮政务系统
+manual: false
+detail:
+    fingerprint:
+        name: 浪潮政务系统
+    fofa: body="OnlineQuery/QueryList.aspx" || body="LangChao.ECGAP.OutPortal"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("OnlineQuery/QueryList.aspx")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("LangChao.ECGAP.OutPortal")
+expression: r0() || r1()
diff --git "a/finger/ehole/\346\265\267\345\272\267\345\250\201\350\247\206 \346\265\201\345\252\222\344\275\223\347\256\241\347\220\206\346\234\215\345\212\241\345\231\250.yml" "b/finger/ehole/\346\265\267\345\272\267\345\250\201\350\247\206 \346\265\201\345\252\222\344\275\223\347\256\241\347\220\206\346\234\215\345\212\241\345\231\250.yml"
new file mode 100644
index 0000000..ec5d6bf
--- /dev/null
+++ "b/finger/ehole/\346\265\267\345\272\267\345\250\201\350\247\206 \346\265\201\345\252\222\344\275\223\347\256\241\347\220\206\346\234\215\345\212\241\345\231\250.yml"	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-海康威视 流媒体管理服务器
+manual: false
+detail:
+    fingerprint:
+        name: 海康威视 流媒体管理服务器
+    fofa: body="流媒体管理服务器" && body="MSHTML" && body="login" || body="MSHTML" && body="login" && body="流媒体管理服务器"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("流媒体管理服务器") && response.body_string.contains("MSHTML") && response.body_string.contains("login")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("MSHTML") && response.body_string.contains("login") && response.body_string.contains("流媒体管理服务器")
+expression: r0() || r1()
diff --git "a/finger/ehole/\346\265\267\345\272\267\345\250\201\350\247\206iVMS.yml" "b/finger/ehole/\346\265\267\345\272\267\345\250\201\350\247\206iVMS.yml"
new file mode 100644
index 0000000..cd48192
--- /dev/null
+++ "b/finger/ehole/\346\265\267\345\272\267\345\250\201\350\247\206iVMS.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-海康威视iVMS
+manual: false
+detail:
+    fingerprint:
+        name: 海康威视iVMS
+    fofa: body="g_szCacheTime" || body="iVMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("g_szCacheTime")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("iVMS")
+expression: r0() || r1()
diff --git "a/finger/ehole/\346\265\267\346\264\213CMS.yml" "b/finger/ehole/\346\265\267\346\264\213CMS.yml"
new file mode 100644
index 0000000..8d4ee15
--- /dev/null
+++ "b/finger/ehole/\346\265\267\346\264\213CMS.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-海洋CMS
+manual: false
+detail:
+    fingerprint:
+        name: 海洋CMS
+    fofa: body="Powered by SeaCms" || body="content=\"seacms"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Powered by SeaCms")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="seacms')
+expression: r0() || r1()
diff --git "a/finger/ehole/\346\267\261\344\277\241\346\234\215ssl-vpn.yml" "b/finger/ehole/\346\267\261\344\277\241\346\234\215ssl-vpn.yml"
new file mode 100644
index 0000000..7eef430
--- /dev/null
+++ "b/finger/ehole/\346\267\261\344\277\241\346\234\215ssl-vpn.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-深信服ssl-vpn
+manual: false
+detail:
+    fingerprint:
+        name: 深信服ssl-vpn
+    fofa: body="login_psw.csp" || header="TWFID"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("login_psw.csp")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("TWFID"))
+expression: r0() || r1()
diff --git "a/finger/ehole/\346\267\261\344\277\241\346\234\215\345\272\224\347\224\250\344\272\244\344\273\230\346\212\245\350\241\250\347\263\273\347\273\237.yml" "b/finger/ehole/\346\267\261\344\277\241\346\234\215\345\272\224\347\224\250\344\272\244\344\273\230\346\212\245\350\241\250\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..29398aa
--- /dev/null
+++ "b/finger/ehole/\346\267\261\344\277\241\346\234\215\345\272\224\347\224\250\344\272\244\344\273\230\346\212\245\350\241\250\347\263\273\347\273\237.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-深信服应用交付报表系统
+manual: false
+detail:
+    fingerprint:
+        name: 深信服应用交付报表系统
+    fofa: body="/reportCenter/index.php?cls_mode=cluster_mode_others"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/reportCenter/index.php?cls_mode=cluster_mode_others")
+expression: r0()
diff --git "a/finger/ehole/\347\213\256\345\255\220\351\261\274CMS.yml" "b/finger/ehole/\347\213\256\345\255\220\351\261\274CMS.yml"
new file mode 100644
index 0000000..0a7ce9c
--- /dev/null
+++ "b/finger/ehole/\347\213\256\345\255\220\351\261\274CMS.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-狮子鱼CMS
+manual: false
+detail:
+    fingerprint:
+        name: 狮子鱼CMS
+    fofa: body="/seller.php?s=/Public/login"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/seller.php?s=/Public/login")
+expression: r0()
diff --git "a/finger/ehole/\347\221\236\345\217\213\345\244\251\347\277\274\357\274\215\345\272\224\347\224\250\350\231\232\346\213\237\345\214\226\347\263\273\347\273\237.yml" "b/finger/ehole/\347\221\236\345\217\213\345\244\251\347\277\274\357\274\215\345\272\224\347\224\250\350\231\232\346\213\237\345\214\226\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..23d6b46
--- /dev/null
+++ "b/finger/ehole/\347\221\236\345\217\213\345\244\251\347\277\274\357\274\215\345\272\224\347\224\250\350\231\232\346\213\237\345\214\226\347\263\273\347\273\237.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-瑞友天翼－应用虚拟化系统
+manual: false
+detail:
+    fingerprint:
+        name: 瑞友天翼－应用虚拟化系统
+    fofa: body="DownLoad.XGI" && body="realor.cn" && body="dvLogin"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("DownLoad.XGI") && response.body_string.contains("realor.cn") && response.body_string.contains("dvLogin")
+expression: r0()
diff --git "a/finger/ehole/\347\221\236\346\230\237.yml" "b/finger/ehole/\347\221\236\346\230\237.yml"
new file mode 100644
index 0000000..2afd481
--- /dev/null
+++ "b/finger/ehole/\347\221\236\346\230\237.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-瑞星
+manual: false
+detail:
+    fingerprint:
+        name: 瑞星
+    fofa: title="瑞星"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("瑞星")
+expression: r0()
diff --git "a/finger/ehole/\347\224\250\345\217\213 E-HR.yml" "b/finger/ehole/\347\224\250\345\217\213 E-HR.yml"
new file mode 100644
index 0000000..febf3bd
--- /dev/null
+++ "b/finger/ehole/\347\224\250\345\217\213 E-HR.yml"	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-用友 E-HR
+manual: false
+detail:
+    fingerprint:
+        name: 用友 E-HR
+    fofa: header="用友 E-HR" || title="用友 E-HR"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("用友 E-HR"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("用友 E-HR")
+expression: r0() || r1()
diff --git "a/finger/ehole/\347\224\250\345\217\213 NC Cloud.yml" "b/finger/ehole/\347\224\250\345\217\213 NC Cloud.yml"
new file mode 100644
index 0000000..8bbb223
--- /dev/null
+++ "b/finger/ehole/\347\224\250\345\217\213 NC Cloud.yml"	
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-用友 NC Cloud
+manual: false
+detail:
+    fingerprint:
+        name: 用友 NC Cloud
+    fofa: body="platform/pub/welcome.do"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("platform/pub/welcome.do")
+expression: r0()
diff --git "a/finger/ehole/\347\224\250\345\217\213-\346\227\266\347\251\272KSOA.yml" "b/finger/ehole/\347\224\250\345\217\213-\346\227\266\347\251\272KSOA.yml"
new file mode 100644
index 0000000..4f78eef
--- /dev/null
+++ "b/finger/ehole/\347\224\250\345\217\213-\346\227\266\347\251\272KSOA.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-用友-时空KSOA
+manual: false
+detail:
+    fingerprint:
+        name: 用友-时空KSOA
+    fofa: body="/images_index/productKSOA.jpg"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/images_index/productKSOA.jpg")
+expression: r0()
diff --git "a/finger/ehole/\347\224\250\345\217\213A6.yml" "b/finger/ehole/\347\224\250\345\217\213A6.yml"
new file mode 100644
index 0000000..56f2c60
--- /dev/null
+++ "b/finger/ehole/\347\224\250\345\217\213A6.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-用友A6
+manual: false
+detail:
+    fingerprint:
+        name: 用友A6
+    fofa: title="用友A6"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("用友A6")
+expression: r0()
diff --git "a/finger/ehole/\347\224\250\345\217\213GRP-U8.yml" "b/finger/ehole/\347\224\250\345\217\213GRP-U8.yml"
new file mode 100644
index 0000000..0592516
--- /dev/null
+++ "b/finger/ehole/\347\224\250\345\217\213GRP-U8.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-用友GRP-U8
+manual: false
+detail:
+    fingerprint:
+        name: 用友GRP-U8
+    fofa: body="用友GRP-U8行政事业内控管理软件" || icon_hash="3995446927"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("用友GRP-U8行政事业内控管理软件")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 3995446927
+expression: r0() || r1()
diff --git "a/finger/ehole/\347\224\250\345\217\213NC.yml" "b/finger/ehole/\347\224\250\345\217\213NC.yml"
new file mode 100644
index 0000000..093da94
--- /dev/null
+++ "b/finger/ehole/\347\224\250\345\217\213NC.yml"
@@ -0,0 +1,51 @@
+name: fingerprint-yaml-用友NC
+manual: false
+detail:
+    fingerprint:
+        name: 用友NC
+    fofa: body="logo/images/ufida_nc.png" && body="用友NC" || body="/web/icc/js/chat-msg.js" || body="/js/ext/resources/css/xtheme-blue.css" || body="href=\"logo/images/ufida.ico\">" || body="UClient" && body="uclient.yonyou.com" || title="用友NC"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("logo/images/ufida_nc.png") && response.body_string.contains("用友NC")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/web/icc/js/chat-msg.js")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/js/ext/resources/css/xtheme-blue.css")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('href="logo/images/ufida.ico">')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("UClient") && response.body_string.contains("uclient.yonyou.com")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("用友NC")
+expression: r0() || r1() || r2() || r3() || r4() || r5()
diff --git "a/finger/ehole/\347\224\250\345\217\213TurboCRM.yml" "b/finger/ehole/\347\224\250\345\217\213TurboCRM.yml"
new file mode 100644
index 0000000..eba8501
--- /dev/null
+++ "b/finger/ehole/\347\224\250\345\217\213TurboCRM.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-用友TurboCRM
+manual: false
+detail:
+    fingerprint:
+        name: 用友TurboCRM
+    fofa: header="用友TurboCRM" || title="用友TurboCRM"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("用友TurboCRM"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("用友TurboCRM")
+expression: r0() || r1()
diff --git "a/finger/ehole/\347\224\250\345\217\213U8.yml" "b/finger/ehole/\347\224\250\345\217\213U8.yml"
new file mode 100644
index 0000000..6f2c1ce
--- /dev/null
+++ "b/finger/ehole/\347\224\250\345\217\213U8.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-用友U8
+manual: false
+detail:
+    fingerprint:
+        name: 用友U8
+    fofa: body="getFirstU8Accid"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("getFirstU8Accid")
+expression: r0()
diff --git "a/finger/ehole/\347\224\250\345\217\213ufida.yml" "b/finger/ehole/\347\224\250\345\217\213ufida.yml"
new file mode 100644
index 0000000..b7c2517
--- /dev/null
+++ "b/finger/ehole/\347\224\250\345\217\213ufida.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-用友ufida
+manual: false
+detail:
+    fingerprint:
+        name: 用友ufida
+    fofa: body="/System/Login/Login.asp?AppID="
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/System/Login/Login.asp?AppID=")
+expression: r0()
diff --git "a/finger/ehole/\347\224\265\344\277\241\347\275\221\345\205\263\351\205\215\347\275\256\347\256\241\347\220\206\347\263\273\347\273\237.yml" "b/finger/ehole/\347\224\265\344\277\241\347\275\221\345\205\263\351\205\215\347\275\256\347\256\241\347\220\206\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..21f5abd
--- /dev/null
+++ "b/finger/ehole/\347\224\265\344\277\241\347\275\221\345\205\263\351\205\215\347\275\256\347\256\241\347\220\206\347\263\273\347\273\237.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-电信网关配置管理系统
+manual: false
+detail:
+    fingerprint:
+        name: 电信网关配置管理系统
+    fofa: body="<TITLE>系统登录" && body="login.php" && body="img/login_bg3.png" && body="360.cn" || body="src=\"img/dl.gif\"" && body="<TITLE>系统登录</TITLE>"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<TITLE>系统登录") && response.body_string.contains("login.php") && response.body_string.contains("img/login_bg3.png") && response.body_string.contains("360.cn")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('src="img/dl.gif"') && response.body_string.contains("<TITLE>系统登录</TITLE>")
+expression: r0() || r1()
diff --git "a/finger/ehole/\347\225\205\346\215\267\351\200\232 T+.yml" "b/finger/ehole/\347\225\205\346\215\267\351\200\232 T+.yml"
new file mode 100644
index 0000000..e144b0b
--- /dev/null
+++ "b/finger/ehole/\347\225\205\346\215\267\351\200\232 T+.yml"	
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-畅捷通 T+
+manual: false
+detail:
+    fingerprint:
+        name: 畅捷通 T+
+    fofa: body="location='/tplus/'"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("location='/tplus/'")
+expression: r0()
diff --git "a/finger/ehole/\347\231\276\344\270\272\346\231\272\350\203\275\346\265\201\346\216\247\350\267\257\347\224\261\345\231\250.yml" "b/finger/ehole/\347\231\276\344\270\272\346\231\272\350\203\275\346\265\201\346\216\247\350\267\257\347\224\261\345\231\250.yml"
new file mode 100644
index 0000000..b3858ca
--- /dev/null
+++ "b/finger/ehole/\347\231\276\344\270\272\346\231\272\350\203\275\346\265\201\346\216\247\350\267\257\347\224\261\345\231\250.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-百为智能流控路由器
+manual: false
+detail:
+    fingerprint:
+        name: 百为智能流控路由器
+    fofa: body="<a href=\"http://www.bytevalue.com/\" target=\"_blank\">"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<a href="http://www.bytevalue.com/" target="_blank">')
+expression: r0()
diff --git "a/finger/ehole/\347\242\247\346\265\267\344\272\221\347\233\222.yml" "b/finger/ehole/\347\242\247\346\265\267\344\272\221\347\233\222.yml"
new file mode 100644
index 0000000..6e21da8
--- /dev/null
+++ "b/finger/ehole/\347\242\247\346\265\267\344\272\221\347\233\222.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-碧海云盒
+manual: false
+detail:
+    fingerprint:
+        name: 碧海云盒
+    fofa: body="碧海云盒" && body="mt_login" && body="login.php" || title="碧海云盒"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("碧海云盒") && response.body_string.contains("mt_login") && response.body_string.contains("login.php")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("碧海云盒")
+expression: r0() || r1()
diff --git "a/finger/ehole/\347\242\247\346\265\267\345\250\201.yml" "b/finger/ehole/\347\242\247\346\265\267\345\250\201.yml"
new file mode 100644
index 0000000..9bae063
--- /dev/null
+++ "b/finger/ehole/\347\242\247\346\265\267\345\250\201.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-碧海威
+manual: false
+detail:
+    fingerprint:
+        name: 碧海威
+    fofa: title="碧海威"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("碧海威")
+expression: r0()
diff --git "a/finger/ehole/\347\246\205\351\201\223.yml" "b/finger/ehole/\347\246\205\351\201\223.yml"
new file mode 100644
index 0000000..7750c8a
--- /dev/null
+++ "b/finger/ehole/\347\246\205\351\201\223.yml"
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-禅道
+manual: false
+detail:
+    fingerprint:
+        name: 禅道
+    fofa: body="self.location" && body="Lw==" || body="/theme/default/images/main/zt-logo.png" || header="zentaosid" || body="zentaosid"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("self.location") && response.body_string.contains("Lw==")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/theme/default/images/main/zt-logo.png")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("zentaosid"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("zentaosid")
+expression: r0() || r1() || r2() || r3()
diff --git "a/finger/ehole/\347\246\205\351\201\223\351\241\271\347\233\256\347\256\241\347\220\206.yml" "b/finger/ehole/\347\246\205\351\201\223\351\241\271\347\233\256\347\256\241\347\220\206.yml"
new file mode 100644
index 0000000..50fa4b8
--- /dev/null
+++ "b/finger/ehole/\347\246\205\351\201\223\351\241\271\347\233\256\347\256\241\347\220\206.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-禅道项目管理
+manual: false
+detail:
+    fingerprint:
+        name: 禅道项目管理
+    fofa: title="禅道项目管理"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("禅道项目管理")
+expression: r0()
diff --git "a/finger/ehole/\347\256\241\347\220\206\346\230\223.yml" "b/finger/ehole/\347\256\241\347\220\206\346\230\223.yml"
new file mode 100644
index 0000000..46b18ca
--- /dev/null
+++ "b/finger/ehole/\347\256\241\347\220\206\346\230\223.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-管理易
+manual: false
+detail:
+    fingerprint:
+        name: 管理易
+    fofa: body="管理易" || body="minierp"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("管理易")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("minierp")
+expression: r0() || r1()
diff --git "a/finger/ehole/\347\275\221\345\212\250\344\272\221\350\247\206\350\256\257\345\271\263\345\217\260.yml" "b/finger/ehole/\347\275\221\345\212\250\344\272\221\350\247\206\350\256\257\345\271\263\345\217\260.yml"
new file mode 100644
index 0000000..7f28a0d
--- /dev/null
+++ "b/finger/ehole/\347\275\221\345\212\250\344\272\221\350\247\206\350\256\257\345\271\263\345\217\260.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-网动云视讯平台
+manual: false
+detail:
+    fingerprint:
+        name: 网动云视讯平台
+    fofa: body="/js/roomHeight.js" || body="meetingShow!show.action"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/js/roomHeight.js")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("meetingShow!show.action")
+expression: r0() || r1()
diff --git "a/finger/ehole/\347\275\221\345\272\267NS-ASG\345\272\224\347\224\250\345\256\211\345\205\250\347\275\221\345\205\263.yml" "b/finger/ehole/\347\275\221\345\272\267NS-ASG\345\272\224\347\224\250\345\256\211\345\205\250\347\275\221\345\205\263.yml"
new file mode 100644
index 0000000..a7f0eb1
--- /dev/null
+++ "b/finger/ehole/\347\275\221\345\272\267NS-ASG\345\272\224\347\224\250\345\256\211\345\205\250\347\275\221\345\205\263.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-网康NS-ASG应用安全网关
+manual: false
+detail:
+    fingerprint:
+        name: 网康NS-ASG应用安全网关
+    fofa: header="网康NS-ASG应用安全网关" || title="网康NS-ASG应用安全网关"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("网康NS-ASG应用安全网关"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("网康NS-ASG应用安全网关")
+expression: r0() || r1()
diff --git "a/finger/ehole/\347\275\221\345\272\267\344\270\213\344\270\200\344\273\243\351\230\262\347\201\253\345\242\231.yml" "b/finger/ehole/\347\275\221\345\272\267\344\270\213\344\270\200\344\273\243\351\230\262\347\201\253\345\242\231.yml"
new file mode 100644
index 0000000..b79beed
--- /dev/null
+++ "b/finger/ehole/\347\275\221\345\272\267\344\270\213\344\270\200\344\273\243\351\230\262\347\201\253\345\242\231.yml"
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-网康下一代防火墙
+manual: false
+detail:
+    fingerprint:
+        name: 网康下一代防火墙
+    fofa: header="网康下一代防火墙" || body="<title>网康下一代防火墙</title>" && body="netentsec.css" || title="网康下一代防火墙"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("网康下一代防火墙"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("<title>网康下一代防火墙</title>") && response.body_string.contains("netentsec.css")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("网康下一代防火墙")
+expression: r0() || r1() || r2()
diff --git "a/finger/ehole/\347\275\221\346\230\223\344\274\201\344\270\232\351\202\256\347\256\261.yml" "b/finger/ehole/\347\275\221\346\230\223\344\274\201\344\270\232\351\202\256\347\256\261.yml"
new file mode 100644
index 0000000..4ee3a33
--- /dev/null
+++ "b/finger/ehole/\347\275\221\346\230\223\344\274\201\344\270\232\351\202\256\347\256\261.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-网易企业邮箱
+manual: false
+detail:
+    fingerprint:
+        name: 网易企业邮箱
+    fofa: body="frmvalidator"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("frmvalidator")
+expression: r0()
diff --git "a/finger/ehole/\347\275\221\347\245\236SecGate 3600\351\230\262\347\201\253\345\242\231.yml" "b/finger/ehole/\347\275\221\347\245\236SecGate 3600\351\230\262\347\201\253\345\242\231.yml"
new file mode 100644
index 0000000..f55986b
--- /dev/null
+++ "b/finger/ehole/\347\275\221\347\245\236SecGate 3600\351\230\262\347\201\253\345\242\231.yml"	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-网神SecGate 3600防火墙
+manual: false
+detail:
+    fingerprint:
+        name: 网神SecGate 3600防火墙
+    fofa: body="网神SecGate" && body="3600防火墙" && body="css/lsec/login.css" || icon_hash="-1385513933"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("网神SecGate") && response.body_string.contains("3600防火墙") && response.body_string.contains("css/lsec/login.css")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == -1385513933
+expression: r0() || r1()
diff --git "a/finger/ehole/\347\275\221\347\245\236\351\230\262\347\201\253\345\242\231.yml" "b/finger/ehole/\347\275\221\347\245\236\351\230\262\347\201\253\345\242\231.yml"
new file mode 100644
index 0000000..e466851
--- /dev/null
+++ "b/finger/ehole/\347\275\221\347\245\236\351\230\262\347\201\253\345\242\231.yml"
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-网神防火墙
+manual: false
+detail:
+    fingerprint:
+        name: 网神防火墙
+    fofa: body="css/lsec/login.css" || body="3600防火墙" && body="网神SecGate" || body="resources/image/logo_header.png" && body="网神防火墙系统"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("css/lsec/login.css")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("3600防火墙") && response.body_string.contains("网神SecGate")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("resources/image/logo_header.png") && response.body_string.contains("网神防火墙系统")
+expression: r0() || r1() || r2()
diff --git "a/finger/ehole/\350\201\224\346\203\263\344\274\201\344\270\232\347\275\221\347\233\230.yml" "b/finger/ehole/\350\201\224\346\203\263\344\274\201\344\270\232\347\275\221\347\233\230.yml"
new file mode 100644
index 0000000..5c946ab
--- /dev/null
+++ "b/finger/ehole/\350\201\224\346\203\263\344\274\201\344\270\232\347\275\221\347\233\230.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-联想企业网盘
+manual: false
+detail:
+    fingerprint:
+        name: 联想企业网盘
+    fofa: title="联想企业网盘"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("联想企业网盘")
+expression: r0()
diff --git "a/finger/ehole/\350\205\276\350\256\257\344\274\201\344\270\232\351\202\256\347\256\261.yml" "b/finger/ehole/\350\205\276\350\256\257\344\274\201\344\270\232\351\202\256\347\256\261.yml"
new file mode 100644
index 0000000..2c5110f
--- /dev/null
+++ "b/finger/ehole/\350\205\276\350\256\257\344\274\201\344\270\232\351\202\256\347\256\261.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-腾讯企业邮箱
+manual: false
+detail:
+    fingerprint:
+        name: 腾讯企业邮箱
+    fofa: body="/cgi-bin/getinvestigate?flowid="
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/cgi-bin/getinvestigate?flowid=")
+expression: r0()
diff --git "a/finger/ehole/\350\207\264\350\277\234OA.yml" "b/finger/ehole/\350\207\264\350\277\234OA.yml"
new file mode 100644
index 0000000..10dad0b
--- /dev/null
+++ "b/finger/ehole/\350\207\264\350\277\234OA.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-致远OA
+manual: false
+detail:
+    fingerprint:
+        name: 致远OA
+    fofa: body="/seeyon/USER-DATA/IMAGES/LOGIN/login.gif" || body="/seeyon/common/"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/seeyon/USER-DATA/IMAGES/LOGIN/login.gif")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/seeyon/common/")
+expression: r0() || r1()
diff --git "a/finger/ehole/\350\213\245\344\276\235.yml" "b/finger/ehole/\350\213\245\344\276\235.yml"
new file mode 100644
index 0000000..ba4966f
--- /dev/null
+++ "b/finger/ehole/\350\213\245\344\276\235.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-若依
+manual: false
+detail:
+    fingerprint:
+        name: 若依
+    fofa: body="ruoyi" && body="若依" && body="login" || body="ruoyi/login.js"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ruoyi") && response.body_string.contains("若依") && response.body_string.contains("login")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ruoyi/login.js")
+expression: r0() || r1()
diff --git "a/finger/ehole/\350\213\271\346\236\234CMS(Maccms).yml" "b/finger/ehole/\350\213\271\346\236\234CMS(Maccms).yml"
new file mode 100644
index 0000000..98ae30a
--- /dev/null
+++ "b/finger/ehole/\350\213\271\346\236\234CMS(Maccms).yml"
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-苹果CMS(Maccms)
+manual: false
+detail:
+    fingerprint:
+        name: 苹果CMS(Maccms)
+    fofa: body="Maccms" || body="maccms.com" || header="Maccms" || title="Maccms"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Maccms")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("maccms.com")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("Maccms"))
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("Maccms")
+expression: r0() || r1() || r2() || r3()
diff --git "a/finger/ehole/\350\213\271\346\236\234CMS.yml" "b/finger/ehole/\350\213\271\346\236\234CMS.yml"
new file mode 100644
index 0000000..100583a
--- /dev/null
+++ "b/finger/ehole/\350\213\271\346\236\234CMS.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-苹果CMS
+manual: false
+detail:
+    fingerprint:
+        name: 苹果CMS
+    fofa: body="maccms:voddaycount"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("maccms:voddaycount")
+expression: r0()
diff --git "a/finger/ehole/\350\223\235\345\207\214 \346\231\272\346\205\247\345\215\217\345\220\214\345\271\263\345\217\260.yml" "b/finger/ehole/\350\223\235\345\207\214 \346\231\272\346\205\247\345\215\217\345\220\214\345\271\263\345\217\260.yml"
new file mode 100644
index 0000000..f71a124
--- /dev/null
+++ "b/finger/ehole/\350\223\235\345\207\214 \346\231\272\346\205\247\345\215\217\345\220\214\345\271\263\345\217\260.yml"	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-蓝凌 智慧协同平台
+manual: false
+detail:
+    fingerprint:
+        name: 蓝凌 智慧协同平台
+    fofa: header="蓝凌 智慧协同平台" || title="蓝凌 智慧协同平台"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("蓝凌 智慧协同平台"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("蓝凌 智慧协同平台")
+expression: r0() || r1()
diff --git "a/finger/ehole/\350\277\205\347\235\277CMS.yml" "b/finger/ehole/\350\277\205\347\235\277CMS.yml"
new file mode 100644
index 0000000..24a786b
--- /dev/null
+++ "b/finger/ehole/\350\277\205\347\235\277CMS.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-迅睿CMS
+manual: false
+detail:
+    fingerprint:
+        name: 迅睿CMS
+    fofa: body="迅睿CMS" || title="迅睿CMS"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("迅睿CMS")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("迅睿CMS")
+expression: r0() || r1()
diff --git "a/finger/ehole/\350\277\252\346\231\256VPN.yml" "b/finger/ehole/\350\277\252\346\231\256VPN.yml"
new file mode 100644
index 0000000..a7c97f4
--- /dev/null
+++ "b/finger/ehole/\350\277\252\346\231\256VPN.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-迪普VPN
+manual: false
+detail:
+    fingerprint:
+        name: 迪普VPN
+    fofa: body="dptech_ssl" && body="sslvpn" && body="loginAPI.js"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("dptech_ssl") && response.body_string.contains("sslvpn") && response.body_string.contains("loginAPI.js")
+expression: r0()
diff --git "a/finger/ehole/\351\200\232\350\276\276OA.yml" "b/finger/ehole/\351\200\232\350\276\276OA.yml"
new file mode 100644
index 0000000..ba674ab
--- /dev/null
+++ "b/finger/ehole/\351\200\232\350\276\276OA.yml"
@@ -0,0 +1,44 @@
+name: fingerprint-yaml-通达OA
+manual: false
+detail:
+    fingerprint:
+        name: 通达OA
+    fofa: body="/images/tongda.ico" || body="Office Anywhere" || body="通达OA" && body="login" || body="<link rel=\"shortcut icon\" href=\"/images/tongda.ico\" />" || body="Office Anywhere 2013"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/images/tongda.ico")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Office Anywhere")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("通达OA") && response.body_string.contains("login")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('<link rel="shortcut icon" href="/images/tongda.ico" />')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Office Anywhere 2013")
+expression: r0() || r1() || r2() || r3() || r4()
diff --git "a/finger/ehole/\351\207\221\344\270\207\347\273\264\345\274\202\351\200\237\350\201\224.yml" "b/finger/ehole/\351\207\221\344\270\207\347\273\264\345\274\202\351\200\237\350\201\224.yml"
new file mode 100644
index 0000000..378a257
--- /dev/null
+++ "b/finger/ehole/\351\207\221\344\270\207\347\273\264\345\274\202\351\200\237\350\201\224.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-金万维异速联
+manual: false
+detail:
+    fingerprint:
+        name: 金万维异速联
+    fofa: body="GNRemote.dll?GNFunction="
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("GNRemote.dll?GNFunction=")
+expression: r0()
diff --git "a/finger/ehole/\351\207\221\345\222\214 OA.yml" "b/finger/ehole/\351\207\221\345\222\214 OA.yml"
new file mode 100644
index 0000000..54259bd
--- /dev/null
+++ "b/finger/ehole/\351\207\221\345\222\214 OA.yml"	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-金和 OA
+manual: false
+detail:
+    fingerprint:
+        name: 金和 OA
+    fofa: body="金和网络" && body="Jinher Software" || title="金和OA"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("金和网络") && response.body_string.contains("Jinher Software")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("金和OA")
+expression: r0() || r1()
diff --git "a/finger/ehole/\351\207\221\345\261\261KingGate.yml" "b/finger/ehole/\351\207\221\345\261\261KingGate.yml"
new file mode 100644
index 0000000..4cecbe6
--- /dev/null
+++ "b/finger/ehole/\351\207\221\345\261\261KingGate.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-金山KingGate
+manual: false
+detail:
+    fingerprint:
+        name: 金山KingGate
+    fofa: body="/src/system/login.php"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/src/system/login.php")
+expression: r0()
diff --git "a/finger/ehole/\351\207\221\345\261\261V8\347\273\210\347\253\257\345\256\211\345\205\250\347\263\273\347\273\237.yml" "b/finger/ehole/\351\207\221\345\261\261V8\347\273\210\347\253\257\345\256\211\345\205\250\347\263\273\347\273\237.yml"
new file mode 100644
index 0000000..c822578
--- /dev/null
+++ "b/finger/ehole/\351\207\221\345\261\261V8\347\273\210\347\253\257\345\256\211\345\205\250\347\263\273\347\273\237.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-金山V8终端安全系统
+manual: false
+detail:
+    fingerprint:
+        name: 金山V8终端安全系统
+    fofa: body="iepngfix/iepngfix_tilebg.js"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("iepngfix/iepngfix_tilebg.js")
+expression: r0()
diff --git "a/finger/ehole/\351\207\221\350\235\266 EAS.yml" "b/finger/ehole/\351\207\221\350\235\266 EAS.yml"
new file mode 100644
index 0000000..5442044
--- /dev/null
+++ "b/finger/ehole/\351\207\221\350\235\266 EAS.yml"	
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-金蝶 EAS
+manual: false
+detail:
+    fingerprint:
+        name: 金蝶 EAS
+    fofa: body="eassso" && body="portalClientHelper.jsp" || body="EAS系统登录" || body="easSessionId"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("eassso") && response.body_string.contains("portalClientHelper.jsp")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("EAS系统登录")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("easSessionId")
+expression: r0() || r1() || r2()
diff --git "a/finger/ehole/\351\207\221\350\235\266OA.yml" "b/finger/ehole/\351\207\221\350\235\266OA.yml"
new file mode 100644
index 0000000..4fdffc7
--- /dev/null
+++ "b/finger/ehole/\351\207\221\350\235\266OA.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-金蝶OA
+manual: false
+detail:
+    fingerprint:
+        name: 金蝶OA
+    fofa: body="EAS系统登录" && body="金蝶国际软件集团有限公司" || title="金蝶OA"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("EAS系统登录") && response.body_string.contains("金蝶国际软件集团有限公司")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("金蝶OA")
+expression: r0() || r1()
diff --git "a/finger/ehole/\351\207\221\350\235\266\344\272\221\346\230\237\347\251\272.yml" "b/finger/ehole/\351\207\221\350\235\266\344\272\221\346\230\237\347\251\272.yml"
new file mode 100644
index 0000000..90a0bf7
--- /dev/null
+++ "b/finger/ehole/\351\207\221\350\235\266\344\272\221\346\230\237\347\251\272.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-金蝶云星空
+manual: false
+detail:
+    fingerprint:
+        name: 金蝶云星空
+    fofa: body="HTML5/content/themes/kdcss.min.css" || body="/ClientBin/Kingdee.BOS.XPF.App.xap"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("HTML5/content/themes/kdcss.min.css")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/ClientBin/Kingdee.BOS.XPF.App.xap")
+expression: r0() || r1()
diff --git "a/finger/ehole/\351\223\266\350\276\276\346\261\207\346\231\272\346\231\272\346\205\247\347\273\274\345\220\210\347\256\241\347\220\206\345\271\263\345\217\260.yml" "b/finger/ehole/\351\223\266\350\276\276\346\261\207\346\231\272\346\231\272\346\205\247\347\273\274\345\220\210\347\256\241\347\220\206\345\271\263\345\217\260.yml"
new file mode 100644
index 0000000..c801c59
--- /dev/null
+++ "b/finger/ehole/\351\223\266\350\276\276\346\261\207\346\231\272\346\231\272\346\205\247\347\273\274\345\220\210\347\256\241\347\220\206\345\271\263\345\217\260.yml"
@@ -0,0 +1,30 @@
+name: fingerprint-yaml-银达汇智智慧综合管理平台
+manual: false
+detail:
+    fingerprint:
+        name: 银达汇智智慧综合管理平台
+    fofa: body="福州银达云创信息科技有限公司" && body="miniui/crypto/CodeManage.js" || body="miniui" && body="Help ?" && body="main.aspx" || icon_hash="1170487960"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("福州银达云创信息科技有限公司") && response.body_string.contains("miniui/crypto/CodeManage.js")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("miniui") && response.body_string.contains("Help ?") && response.body_string.contains("main.aspx")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 1170487960
+expression: r0() || r1() || r2()
diff --git "a/finger/ehole/\351\224\220\346\215\267 EG\346\230\223\347\275\221\345\205\263.yml" "b/finger/ehole/\351\224\220\346\215\267 EG\346\230\223\347\275\221\345\205\263.yml"
new file mode 100644
index 0000000..906dcc3
--- /dev/null
+++ "b/finger/ehole/\351\224\220\346\215\267 EG\346\230\223\347\275\221\345\205\263.yml"	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-锐捷 EG易网关
+manual: false
+detail:
+    fingerprint:
+        name: 锐捷 EG易网关
+    fofa: header="锐捷 EG易网关" || title="锐捷 EG易网关"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("锐捷 EG易网关"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("锐捷 EG易网关")
+expression: r0() || r1()
diff --git "a/finger/ehole/\351\224\220\346\215\267 NBR \350\267\257\347\224\261\345\231\250.yml" "b/finger/ehole/\351\224\220\346\215\267 NBR \350\267\257\347\224\261\345\231\250.yml"
new file mode 100644
index 0000000..32ed8d5
--- /dev/null
+++ "b/finger/ehole/\351\224\220\346\215\267 NBR \350\267\257\347\224\261\345\231\250.yml"	
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-锐捷 NBR 路由器
+manual: false
+detail:
+    fingerprint:
+        name: 锐捷 NBR 路由器
+    fofa: icon_hash="738520282" || body="free_nbr_login_form.png"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 738520282
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("free_nbr_login_form.png")
+expression: r0() || r1()
diff --git "a/finger/ehole/\351\224\220\346\215\267\351\230\262\347\201\253\345\242\231.yml" "b/finger/ehole/\351\224\220\346\215\267\351\230\262\347\201\253\345\242\231.yml"
new file mode 100644
index 0000000..d508dca
--- /dev/null
+++ "b/finger/ehole/\351\224\220\346\215\267\351\230\262\347\201\253\345\242\231.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-锐捷防火墙
+manual: false
+detail:
+    fingerprint:
+        name: 锐捷防火墙
+    fofa: body="下一代防火墙" && body="锐捷网络"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("下一代防火墙") && response.body_string.contains("锐捷网络")
+expression: r0()
diff --git "a/finger/ehole/\351\230\277\351\207\214\344\274\201\344\270\232\351\202\256\347\256\261.yml" "b/finger/ehole/\351\230\277\351\207\214\344\274\201\344\270\232\351\202\256\347\256\261.yml"
new file mode 100644
index 0000000..f2b8307
--- /dev/null
+++ "b/finger/ehole/\351\230\277\351\207\214\344\274\201\344\270\232\351\202\256\347\256\261.yml"
@@ -0,0 +1,23 @@
+name: fingerprint-yaml-阿里企业邮箱
+manual: false
+detail:
+    fingerprint:
+        name: 阿里企业邮箱
+    fofa: header="阿里企业邮箱" || title="阿里企业邮箱"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("阿里企业邮箱"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("阿里企业邮箱")
+expression: r0() || r1()
diff --git "a/finger/ehole/\351\243\236\351\261\274\346\230\237\344\270\212\347\275\221\350\241\214\344\270\272\347\256\241\347\220\206.yml" "b/finger/ehole/\351\243\236\351\261\274\346\230\237\344\270\212\347\275\221\350\241\214\344\270\272\347\256\241\347\220\206.yml"
new file mode 100644
index 0000000..28d03c5
--- /dev/null
+++ "b/finger/ehole/\351\243\236\351\261\274\346\230\237\344\270\212\347\275\221\350\241\214\344\270\272\347\256\241\347\220\206.yml"
@@ -0,0 +1,16 @@
+name: fingerprint-yaml-飞鱼星上网行为管理
+manual: false
+detail:
+    fingerprint:
+        name: 飞鱼星上网行为管理
+    fofa: body="css/R1Login.css" && body="share.ti_username" && body="login_logo"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("css/R1Login.css") && response.body_string.contains("share.ti_username") && response.body_string.contains("login_logo")
+expression: r0()
diff --git "a/finger/ehole/\351\275\220\346\262\273\345\240\241\345\236\222\346\234\272.yml" "b/finger/ehole/\351\275\220\346\262\273\345\240\241\345\236\222\346\234\272.yml"
new file mode 100644
index 0000000..cfae70a
--- /dev/null
+++ "b/finger/ehole/\351\275\220\346\262\273\345\240\241\345\236\222\346\234\272.yml"
@@ -0,0 +1,37 @@
+name: fingerprint-yaml-齐治堡垒机
+manual: false
+detail:
+    fingerprint:
+        name: 齐治堡垒机
+    fofa: body="fp_download" && body="logo-icon-ico72.png" || header="齐治堡垒机" || body="//xfpverifyExec.jsp;" || title="齐治堡垒机"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("fp_download") && response.body_string.contains("logo-icon-ico72.png")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("齐治堡垒机"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("//xfpverifyExec.jsp;")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("齐治堡垒机")
+expression: r0() || r1() || r2() || r3()