diff --git a/CHANGELOG b/CHANGELOG index f90e999b3..1533732e1 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,4 +1,7 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Added sip-methods script which enumerates a SIP server's allowed + methods. [Hani Benhabiles] + o [NSE] Added sip-call-spoof script which spoofs a call to a SIP phone and detects the action taken by the target. [Hani Benhabiles] diff --git a/scripts/script.db b/scripts/script.db index 5ab79f605..60e8def16 100644 --- a/scripts/script.db +++ b/scripts/script.db @@ -319,6 +319,7 @@ Entry { filename = "servicetags.nse", categories = { "default", "discovery", "sa Entry { filename = "sip-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "sip-call-spoof.nse", categories = { "discovery", "intrusive", } } Entry { filename = "sip-enum-users.nse", categories = { "auth", "intrusive", } } +Entry { filename = "sip-methods.nse", categories = { "default", "safe", "discovery" } } Entry { filename = "skypev2-version.nse", categories = { "version", } } Entry { filename = "smb-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "smb-check-vulns.nse", categories = { "dos", "exploit", "intrusive", "vuln", } } diff --git a/scripts/sip-methods.nse b/scripts/sip-methods.nse new file mode 100644 index 000000000..16272851f --- /dev/null +++ b/scripts/sip-methods.nse @@ -0,0 +1,53 @@ +local shortport = require "shortport" +local sip = require "sip" +local stdnse = require "stdnse" +local table = require "table" + +description = [[ +Enumerates a SIP Server's allowed methods. + +The script works by sending an OPTION request to the server and checking for +the value of the Allow header in the response. +]] + +--- +-- @usage +-- nmap --script=sip-methods -sU -p 5060 +-- +--@output +-- 5060/udp open sip +-- | sip-methods: +-- |_ INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO + + +author = "Hani Benhabiles" + +license = "Same as Nmap--See http://nmap.org/book/man-legal.html" + +categories = {"default", "safe", "discovery"} + + +portrule = shortport.port_or_service(5060, "sip", {"tcp", "udp"}) + +action = function(host, port) + local status, session, response + session = sip.Session:new(host, port) + status = session:connect() + if not status then + return "ERROR: Failed to connect to the SIP server." + end + + status, response = session:options() + if status then + -- If port state not set to open, set it to open. + if nmap.get_port_state(host, port) ~= "open" then + nmap.set_port_state(host, port, "open") + end + + -- Check if allow header exists in response + local allow = response:getHeader("allow") + if allow then + return stdnse.format_output(true, allow) + end + end +end