Script ubiquiti-discovery

Script types: portrule
Categories: default, discovery, version, safe
Download: https://svn.nmap.org/nmap/scripts/ubiquiti-discovery.nse

Script Summary

Extracts information from Ubiquiti networking devices.

This script leverages Ubiquiti's Discovery Service which is enabled by default on many products. It will attempt to leverage version 1 of the protocol first and, if that fails, attempt version 2.

Example Usage

nmap -sU -p 10001 --script ubiquiti-discovery.nse <target>

Script Output

PORT      STATE SERVICE            VERSION
10001/udp open  ubiquiti-discovery Ubiquiti Discovery Service (v1 protocol, ER-X software ver. v1.10.7)
| ubiquiti-discovery:
|   protocol: v1
|   uptime_seconds: 113144
|   uptime: 1 days 07:25:44
|   hostname: ubnt-router
|   product: ER-X
|   firmware: EdgeRouter.ER-e50.v1.10.7.5127989.181001.1227
|   version: v1.10.7
|   interface_to_ip:
|     80:2a:a8:ae:f1:63:
|       192.168.0.1
|       172.25.16.1
|     80:2a:a8:ae:f1:5e:
|       55.55.55.10
|       55.55.55.11
|       55.55.55.12
|   mac_addresses:
|     80:2a:a8:ae:f1:63
|_    80:2a:a8:ae:f1:5e

PORT      STATE SERVICE            REASON       VERSION
10001/udp open  ubiquiti-discovery udp-response Ubiquiti Discovery Service (v2 protocol, UCK-v2 software ver. 5.9.29)
| ubiquiti-discovery:
|   protocol: v2
|   firmware: UCK.mtk7623.v0.12.0.29a26c9.181001.1444
|   version: 5.9.29
|   model: UCK-v2
|   config_status: managed/adopted
|   interface_to_ip:
|     78:8a:20:21:ae:7b:
|       192.168.0.30
|   mac_addresses:
|_    78:8a:20:21:ae:7b

Requires

• nmap
• shortport
• stdnse
• string
• ipOps
• tableaux

---

Author:

• Tom Sellers

License: Same as Nmap--See https://nmap.org/book/man-legal.html

portrule

portrule (host, port)

Parameters

host

 

port

 

Usage:

nmap -sU -p 10001 --script ubiquiti-discovery.nse <target>