Closed pvdl closed 9 years ago
tautology0
commented
11 years ago Hmmm, all UPnP. I've wondered about adding these as I've sniffed clients' network traffic before, but never done anything about it.
I wonder whether these sort of URLs should be kept somewhere central (like an OWASP project) and then reference by us, w3af, burp, nessus ad nauseam.
I'll have a go at doing a plugin. Good suggestion!
sullo
commented
11 years ago Why does it need a plugin versus just tests? (I admit I didn't look in detail).
On Jun 24, 2013, at 4:31 PM, tautology0 notifications@github.com wrote:
Hmmm, all UPnP. I've wondered about adding these as I've sniffed clients' network traffic before, but never done anything about it.
I wonder whether these sort of URLs should be kept somewhere central (like an OWASP project) and then reference by us, w3af, burp, nessus ad nauseam.
I'll have a go at doing a plugin. Good suggestion!
— Reply to this email directly or view it on GitHub.
pvdl
commented
11 years ago I am not so familiar with the deeper Nikto architecture. Maybe you can use a already made plugin to do the scans. And tag it like UPnP vendor xml or something like that. In fact the pattern is always url:portnumer/somevendor.xml
So you need to build a db with de list I mentioned above and do the scans.
pvdl
commented
11 years ago Here is a list on wikipedia for more info about UPnP vendors: https://en.wikipedia.org/wiki/List_of_UPnP_AV_media_servers_and_clients Shodan is our friend here for investigations!
pvdl
commented
11 years ago Very useful info: http://www.upnp-database.info
sullo
commented
9 years ago not sure why this sat so long, but I added tests for all the xml files as suggested. Thanks, and sorry for taking forever to get it done!
I discovered a lot of interesting vendor XML files of devices. In almost all cases the XML file is accessible without authentication. Is it possible to make a vendorxml plugin?
A list of interesting XML files (including IP address)
Acutvista - http://81.10.107.85:80/edevicedesc.xml AMTK - http://168.226.149.227:80/edevicedesc.xml Anelesys - http://140.137.14.67:80/edevicedesc.xml D-link - http://211.247.110.88:5531/rss/Starter_desc.xml D-Link - http://182.19.193.178:1844/rootDesc.xml Edimax - http://88.116.27.186:80/IPCamDesc.xml Edimax - http://2.230.118.75:501/IPCamDesc.xml EFM Networks - http://203.128.218.64:2048/etc/linuxigd/gatedesc.xml Fiberhome - http://186.59.111.227:4444/rootDesc.xml Fritz! - http://90.149.223.89:49000/configd.xml Fritz! - http://149.12.97.222:49000/igddesc.xml Fritz! - http://46.128.221.131:49000/mini.xml FritZ! - http://178.254.117.73:49000/MediaServerDevDesc.xml FUJI XEROX - http://128.134.60.20/upnp/printer/ddf.xml INTELLINET NETWORK SOLUTIONS - http://208.94.78.119:80/IPCamDesc.xml Internet Camera - http://202.55.40.217:7000/IPCamDesc.xml Kodak - http://208.107.233.7/PrintBasicDevice.xml Lanier - http://128.223.212.18/bmlinks/ddf.xml LevelOne - http://41.226.255.202:10252/description.xml Huawei - http://80.47.176.131:37215/tr064dev.xml Micronet - http://203.198.37.89:8000/IPCamDesc.xml NanRui - http://222.46.49.3:5880/NasDevice.xml Netgear - http://81.140.130.97:5000/Public_UPNP_gatedesc.xml Netgear ReaddyNAS - http://144.118.45.208:10000/nasService.xml Netgear ReaddyNAS - http://149.144.235.10:50000/rootDesc.xml PLANEX COMMUNICATIONS - http://183.180.184.43:81/IPCamDesc.xml Ralink - http://124.120.97.203:5555/DeviceDescription.xml Realtek - http://220.156.201.4:52881/simplecfg.xml Ricoh - http://165.106.157.246/bmlinks/ddf.xml Thomson - http://125.214.84.231/upnp/IGD.xml Savin - http://129.130.161.191/bmlinks/ddf.xml SmoothWall Express - http://66.178.75.5:5555/rootDesc.xml Vivotek - http://62.81.202.125:13182/description.xml Vivotek - http://189.253.97.153:59828/description.xml Vivotek - http://81.215.110.177:12612/description.xml VIJE - http://180.65.151.223:49152/edevicedesc.xml ZyXEL- http://61.90.89.153:5555/DeviceDescription.xml