Adds probe and matches for Ubiquiti Discovery Protocol. Closes #1454

CHANGELOG

@@ -1,5 +1,10 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
+o [GH#1454] New service probes and match lines for v1 and v2 of the Ubiquiti
+  Discovery protocol. Devices often leave the related service open and it
+  exposes significant amounts of information as well as the risk of being used
+  as part of a DDoS. New nmap-payload entry for v1 of the protocol. [Tom Sellers]
+
 o [NSE] Removes hostmap-ip2hosts.nse as the API has been broken for a while
   and the service will be completely shutdown on Feb 17th. [Paulino Calderon]
 

nmap-payloads

@@ -242,6 +242,9 @@ udp 5353
 # CoAP GET .well-known/core
 udp 5683 "@\x01\x01\xce\xbb.well-known\x04core"
 
+# Ubiquiti Discovery Service - v1
+udp 10001 "\x01\x00\x00\x00"
+
 # Amanda backup service noop request. I think that this does nothing on the
 # server but only asks it to send back its feature list. In reply we expect an
 # ACK or (more likely) an ERROR. I couldn't find good online documentation of

nmap-service-probes

@@ -16291,6 +16291,36 @@ ports 4533
 # Maybe rigctld also?
 match rotctld m|^get_info: (.*)\nRPRT 0\n| p/Hamlib rotctld/ i/model: $1/
 
+##############################NEXT PROBE##############################
+# Ubiquiti Discovery Protocol
+Probe UDP UbiquitiDiscoveryv1 q|\x01\0\0\0|
+rarity 9
+ports 10001
+
+# Valid response is protocol version (\x01) and cmd (\0) followed
+# by 2 bytes of length then TLV groups
+match ubiquiti-discovery m|^\x01\0.[^\0].*\x0c\0\x06AirCam|s p/Ubiquiti Discovery Service/ i/v1 protocol, AirCam/ cpe:/h:ubnt:aircam:/
+match ubiquiti-discovery m|^\x01\0.[^\0].*\x0c\0\nAirCamDome|s p/Ubiquiti Discovery Service/ i/v1 protocol, AirCamDome/ cpe:/h:ubnt:aircam_dome:/
+
+# Match short model name = \x0c followed by 2 byte len then value
+# No known type bytes fall in \w the following regex should be safe
+match ubiquiti-discovery m|^\x01\0.[^\0].*\x0c\0.([\w-]+)|s p/Ubiquiti Discovery Service/ i/v1 protocol, $1/
+
+softmatch ubiquiti-discovery m|^\x01\0.[^\0].{48}|s p/Ubiquiti Discovery Service/ i/v1 protocol/
+
+##############################NEXT PROBE##############################
+# Ubiquiti Discovery Protocol
+Probe UDP UbiquitiDiscoveryv2 q|\x02\x08\0\0|
+rarity 9
+ports 10001
+
+# Valid response is protocol version (\x02 ) and cmd followed
+# by 2 bytes of length then TLV groups
+# Known cmd values are \x06, \x09, and \x0b
+match ubiquiti-discovery m|^\x02[\x06\x09\x0b].[^\0].*\x15\0.([\w-]+)\x16\0.([\d.]+)|s p/Ubiquiti Discovery Service/ i/v2 protocol, $1 software ver. $2/
+match ubiquiti-discovery m|^\x02[\x06\x09\x0b].[^\0].*\x15\0.([\w-]+)|s p/Ubiquiti Discovery Service/ i/v2 protocol, $1/
+softmatch ubiquiti-discovery m|^\x02[\x06\x09\x0b].[^\0].{48}|s p/Ubiquiti Discovery Service/ i/v2 protocol/
+
 ##############################NEXT PROBE##############################
 # Sharp TV IP/Serial remote control protocol
 # 4 requests: device name, model name, software version, IP protocol version.