Lucene search

K
nmapPatrik KarlssonNMAP:BROADCAST-UPNP-INFO.NSE
HistoryNov 02, 2010 - 7:05 p.m.

broadcast-upnp-info NSE Script

2010-11-0219:05:19
Patrik Karlsson
nmap.org
151

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Attempts to extract system information from the UPnP service by sending a multicast query, then collecting, parsing, and displaying all responses.

Script Arguments

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

max-newtargets, newtargets

See the documentation for the target library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -sV --script=broadcast-upnp-info <target>

Script Output

| broadcast-upnp-info:
|   1.2.3.50
|       Debian/4.0 DLNADOC/1.50 UPnP/1.0 MiniDLNA/1.0
|       Location:  http://1.2.3.50:8200/rootDesc.xml
|       Webserver:  Debian/4.0 DLNADOC/1.50 UPnP/1.0 MiniDLNA/1.0
|       Name: BUBBA|TWO DLNA Server
|       Manufacturer: Justin Maggard
|       Model Descr: MiniDLNA on Debian
|       Model Name: Windows Media Connect compatible (MiniDLNA)
|       Model Version: 1
|   1.2.3.114
|       Linux/2.6 UPnP/1.0 KDL-32EX701/1.7
|       Location:  http://1.2.3.114:52323/dmr.xml
|       Webserver:  Linux/2.6 UPnP/1.0 KDL-32EX701/1.7
|       Name: BRAVIA KDL-32EX701
|       Manufacturer: Sony Corporation
|_      Model Name: KDL-32EX701

Requires


local stdnse = require "stdnse"
local upnp = require "upnp"

description = [[
Attempts to extract system information from the UPnP service by sending a multicast query, then collecting, parsing, and displaying all responses.
]]

---
-- @output
-- | broadcast-upnp-info:
-- |   1.2.3.50
-- |       Debian/4.0 DLNADOC/1.50 UPnP/1.0 MiniDLNA/1.0
-- |       Location:  http://1.2.3.50:8200/rootDesc.xml
-- |       Webserver:  Debian/4.0 DLNADOC/1.50 UPnP/1.0 MiniDLNA/1.0
-- |       Name: BUBBA|TWO DLNA Server
-- |       Manufacturer: Justin Maggard
-- |       Model Descr: MiniDLNA on Debian
-- |       Model Name: Windows Media Connect compatible (MiniDLNA)
-- |       Model Version: 1
-- |   1.2.3.114
-- |       Linux/2.6 UPnP/1.0 KDL-32EX701/1.7
-- |       Location:  http://1.2.3.114:52323/dmr.xml
-- |       Webserver:  Linux/2.6 UPnP/1.0 KDL-32EX701/1.7
-- |       Name: BRAVIA KDL-32EX701
-- |       Manufacturer: Sony Corporation
-- |_      Model Name: KDL-32EX701

-- Version 0.1

-- Created 10/29/2010 - v0.1 - created by Patrik Karlsson <[email protected]>

author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"broadcast", "safe"}


prerule = function() return true end

---
-- Sends UPnP discovery packet to host,
-- and extracts service information from results
action = function()
  local helper = upnp.Helper:new()
  helper:setMulticast(true)
  local status, result = helper:queryServices()

  if ( status ) then
    return stdnse.format_output(true, result)
  end
end

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Related for NMAP:BROADCAST-UPNP-INFO.NSE