Nmap Development mailing list archives
Re: [PATCH] UPnP script and library updates
From: Patrik Karlsson <patrik () cqure net>
Date: Fri, 19 Nov 2010 20:37:31 +0100
On 19 nov 2010, at 18.39, Thomas Buchanan wrote:
Hello. I've done a little refactoring on the UPnP script and library that Patrik worked on a couple of weeks ago [1]. I split one of the library functions into two separate pieces that better align with the actual steps taken by the script to detect UPnP devices and retrieve information about them. I also replaced the HTTP handling routines with calls to the HTTP library, so we're not duplicating functionality any more. In addition, I added a script argument to the unicast version of the script, upnp-info.nse. It controls whether the library will override the IP address of the webserver that hosts the XML files used to describe the UPnP device. On some cable modem / DSL devices, the UPnP service is available on the external network interface, but the location of the XML file that gets returned often contains the IP address of the internal NIC. In these cases, if we override that IP address with the one we already have (the external NIC), we can sometimes go ahead and retrieve the XML file successfully. I've set this script argument to default to true, as that gives the most informative and accurate results, in the testing that I've done. This restores the behavior of the script to what it was prior to Patrik's rework. Comments and questions are welcome!
Great work! I tested it against a few hosts of mine and against a few other ones that don't respond to upnp and it worked fine. I noticed you did some pattern matching to extract the host and port from a url. You could probably use url.parse for that instead. Anyway, it's in as r21117 with a minor change to your previous patch as I replaced the if comparison of response with result.
Thanks, Thomas [1] http://seclists.org/nmap-dev/2010/q4/224 <upnp-refactor.diff>_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
//Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [PATCH] UPnP script and library updates Thomas Buchanan (Nov 19)
- Re: [PATCH] UPnP script and library updates Patrik Karlsson (Nov 19)