White Hat Institute

White Hat Institute Logo - I
Menu
Donate

Miranda - discover Universal Plug and Play (UPnP) hosts

Miranda is a Python-based Universal Plug-n-Play client application intended to discover, query, and connect with UPnP gadgets, especially Internet Gateway Devices. It very well may be utilized to review UPnP-empowered devices on a system for potential vulnerabilities.

Universal Plug and Play (UPnP) is a collection of networking protocols that allow interconnected devices such as computers, printers, Internet gateways, Wi-Fi access points, and handheld platforms to identify and establish functional network services for data sharing, communications, and entertainment. UPnP is primarily designed for home networks without enterprise-class devices.

To run this tool, type “miranda” in the terminal.

Ex: (root@kali:~# miranda).

It is always beneficial to run the “help” command if you want to know more about the available options.

miranda

Now, let’s search for an active UPNP host by typing “msearch.” It will explore the whole network for Universal Plug-N-Play clients and list them below.

miranda 2

To view more details regarding the clients, click on the XML file links, and it will take you to a page with a lot of client-based information.

miranda 3

To query host information and interact with a host’s services, use the command: “host.” It will show you all available sub-options that can be used with the “host” command.

miranda 4

Use the “host list” command to list all UPNP hosts in the network.

miranda 5

To enumerate data of a particular host (0), use the command “host get 0,” and if you want to list all identified data on the screen, then use the command “host info 0.”

miranda 6

If you want to view the only summary of the host (0), then use the command “host summary 0.”

miranda 7

Miranda can overtly or covertly discover UPnP hosts, and a single command can enumerate all of a host’s reported device types, services, activities, and variables. Variables in the service state are automatically connected with activities and designated as input or output variables for each activity. Miranda holds all host information for all hosts in a single data structure, which you may traverse and inspect all of its contents easily.