Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Ubiquiti Discovery Service - PRs #1454 and #1457

From: Tom Sellers <nmap () fadedcode net>
Date: Mon, 4 Feb 2019 07:45:40 -0600
All,

  I've created two PRs related to the Ubiquiti Discovery Service which listens on 10001/udp.

If there aren't any objections or changes requested I will commit this code and the corresponding Changelogs entry this 
week.

Thank much,
 Tom



*********************************************************************************
Service Detection: Add Ubiquiti Discovery Service on 10001/udp
  https://github.com/nmap/nmap/pull/1454

This PR adds a UDP service probe and match for Ubiquiti Discovery Service on 10001/udp.
The Discovery Service is used by various Ubiquiti networking gear. The Ubiquiti Discovery Tool sends a 4 byte payload of \x01\0\0\0 and devices with the service will respond with hostname, model, firmware, MAC addresses, IP Addresses, etc. 

PORT      STATE SERVICE            REASON       VERSION
10001/udp open  ubiquiti-discovery udp-response Ubiquiti Discovery Service




*********************************************************************************
[NSE] Ubiquiti Discovery Service and decoding (unicast)
  https://github.com/nmap/nmap/pull/1457
This script leverages Ubiquiti's Discovery Service to discover Ubiquiti's networking gear if it is listening on 10001/udp. This was the default state for many devices and versions of firmware. This is related to PR #1454. 

This is a unicast probe to the specified target.

Context: https://blog.rapid7.com/2019/02/01/ubiquiti-discovery-service-exposures/

If there aren't any objections or changes requested I will commit this code and the corresponding Changelog entry this 
week.

nmap -sU -p 10001 --script ubiquiti-discovery.nse <target>


 PORT      STATE SERVICE            VERSION
10001/udp open  ubiquiti-discovery Ubiquiti Discovery Service (ER-X v1.10.7)

| ubiquiti-discovery:
|   uptime_seconds: 84592
|   uptime: 0 days 23:29:52
|   hostname: ubnt-router
|   product: ER-X
|   firmware: EdgeRouter.ER-e50.v1.10.7.5127989.181001.1227
|   version: v1.10.7
|   mac_ip:
|     80:2a:a8:df:a1:63: 192.168.0.1
|     80:2a:a8:df:a1:5e: 55.55.55.55
|   mac_addresses:
|     80:2a:a8:df:a1:63
|_    80:2a:a8:df:a1:5e

There is potential for a multicast script but this will need to wait until next week.
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: