Drone Discovery - nicholasaleks/Damn-Vulnerable-Drone GitHub Wiki
Identifying the presence and type of drones in an area using signal detection.
Damn Vulnerable Drone > Attack Scenarios > Reconnaissance > Drone Discovery
Drone signal discovery involves scanning a network range of endpoint addresses and ports on a UAV or MAVLink-compatible device to discover open ports and active services. Typically this technique requires the attacker to be on the same wireless network as the GCS and drone data link. This process helps in understanding the UAV's network interface setup and identifying potential entry points for further analysis or penetration testing.
Drone systems that use MAVLink can choose arbitrary ports for communication. However, there are several commonly used UDP ports within the drone and ground station ecosystems: 14550, 14540, 14560, 14580, 5760, 5762, 5763.
⚠️ Solution Guide (Non-WiFi Mode – Half-Baked)
Verify that you are connected to the Docker bridge network:
ip addr showYou should see a network interface with an IP address in the 10.13.0.0/24 range.
Use Nmap to identify active IPs, excluding the attacker and simulator IPs:
nmap -sn 10.13.0.0/24 --exclude 10.13.0.1,10.13.0.5This will list other systems active on the Docker bridge network.
Scan all ports on the subnet to identify UAV or MAVLink-compatible services:
nmap 10.13.0.0/24 -p 1-16000 --exclude 10.13.0.1,10.13.0.5This will return port information for any live devices—look out for UDP ports like 14550, 14580, etc.
⚠️ Solution Guide (WiFi Mode – Fully Deployed)
Use your WEP credentials obtained from the Wifi Analysis & Cracking page to connect to the drone's simulated network.
Identify hosts on the wireless subnet, excluding your attacker's IP:
nmap -sn 192.168.13.0/24 --exclude 192.168.13.10This will help locate the IP addresses of other connected devices.
Perform a full port scan of the WiFi subnet to find MAVLink services:
nmap 192.168.13.0/24 -p 1-16000 --exclude 192.168.13.10Watch for typical MAVLink ports: 14550, 5760, 14580, etc., which indicate drone or GCS activity.