Common Platform Enumeration
(CPE) is a standardized way to name software applications, operating
systems, and hardware platforms. Nmap includes CPE output for service
and OS detection.
Structure of a CPE Name
A CPE name is a URL that encodes seven ordered fields:
Some of the fields may be left blank, and empty fields may be left off
the end of the URL. The main division of CPE names is in the
<part> field; this can take
on only three values:
a for applications,
h for hardware platforms, or
o for operating systems.
By looking at the beginning of the URL you can easily see that
cpe:/a:microsoft:sql_server:6.5 names an application,
cpe:/h:asus:rt-n16 names a kind of hardware, and
cpe:/o:freebsd:freebsd:3.5.1 names an operating
system.
Nmap can output all three kinds of CPE names: OS detection can print
h and o; and service detection can
potentially output all three. The CPE names are mixed in with normal OS
and service output, for example:
Example 13.13. Normal output with CPE highlighted
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.39
OS details: Linux 2.6.39
Network Distance: 10 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
CPE names for applications (with part a) are not
shown in normal output, but they are present in XML. CPE is represented
as a cpe element that can be a child of
service or osclass.