detect unifi in ssh sessions

lib/metasploit/framework/login_scanner/ssh.rb

@@ -116,11 +116,18 @@ def gather_proof
               proof = ssh_socket.exec!("id\n").to_s
               if (proof =~ /id=/)
                 proof << ssh_socket.exec!("uname -a\n").to_s
-                if (proof =~/JUNOS /)
+                if (proof =~ /JUNOS /)
                   # We're in the SSH shell for a Juniper JunOS, we can pull the version from the cli
                   # line 2 is hostname, 3 is model, 4 is the Base OS version
                   proof = ssh_socket.exec!("cli show version\n").split("\n")[2..4].join(", ").to_s
                 end
+                proof << ssh_socket.exec!("grep unifi.version /tmp/system.cfg\n").to_s
+                if (proof =~ /unifi.version/)
+                  # The /tmp/*.cfg files don't give us device info, however the info command does
+                  # we dont call it originally since it doesnt say unifi/ubiquiti in it and info
+                  # is a linux command as well
+                  proof << ssh_socket.exec!("grep board.name /etc/board.info\n").to_s
+                end
               else
                 # Cisco IOS
                 if proof =~ /Unknown command or computer name/
@@ -151,6 +158,8 @@ def set_sane_defaults
 
         def get_platform(proof)
           case proof
+          when /unifi\.version/ #Ubiquiti Unifi.  uname -a is left in, so we got to pull before Linux
+            'unifi'
           when /Linux/
             'linux'
           when /Darwin/

lib/msf/core/module/platform.rb

@@ -403,6 +403,14 @@ class Juniper < Msf::Module::Platform
     Alias = "juniper"
   end
 
+  #
+  # Ubiquiti Unifi
+  #
+  class Unifi < Msf::Module::Platform
+    Rank = 100
+    Alias = "unifi"
+  end
+
   #
   # Solaris
   #

lib/msf/core/payload/uuid.rb

@@ -75,6 +75,7 @@ class Msf::Payload::UUID
     24 => 'r',
     25 => 'apple_ios',
     26 => 'juniper',
+    27 => 'unifi',
   }
 
   # The raw length of the UUID structure