PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-12 02:39:03 +00:00
Code Issues Projects Releases Wiki Activity

Added sip-methods script which enumerates a SIP server's allowed methods.

Browse Source
This commit is contained in:
kroosec
2012-07-09 08:57:12 +00:00
parent 68a9a54f4c
commit eca8ab5563
3 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -1,4 +1,7 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE] Added sip-methods script which enumerates a SIP server's allowed
methods. [Hani Benhabiles]
o [NSE] Added sip-call-spoof script which spoofs a call to a SIP phone and o [NSE] Added sip-call-spoof script which spoofs a call to a SIP phone and
detects the action taken by the target. [Hani Benhabiles] detects the action taken by the target. [Hani Benhabiles]

1
scripts/script.db
View File

@@ -319,6 +319,7 @@ Entry { filename = "servicetags.nse", categories = { "default", "discovery", "sa
Entry { filename = "sip-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "sip-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "sip-call-spoof.nse", categories = { "discovery", "intrusive", } } Entry { filename = "sip-call-spoof.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "sip-enum-users.nse", categories = { "auth", "intrusive", } } Entry { filename = "sip-enum-users.nse", categories = { "auth", "intrusive", } }
Entry { filename = "sip-methods.nse", categories = { "default", "safe", "discovery" } }
Entry { filename = "skypev2-version.nse", categories = { "version", } } Entry { filename = "skypev2-version.nse", categories = { "version", } }
Entry { filename = "smb-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "smb-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "smb-check-vulns.nse", categories = { "dos", "exploit", "intrusive", "vuln", } } Entry { filename = "smb-check-vulns.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }

53
scripts/sip-methods.nse Normal file
View File

@@ -0,0 +1,53 @@
local shortport = require "shortport"
local sip = require "sip"
local stdnse = require "stdnse"
local table = require "table"
description = [[
Enumerates a SIP Server's allowed methods.
The script works by sending an OPTION request to the server and checking for
the value of the Allow header in the response.
]]
---
-- @usage
-- nmap --script=sip-methods -sU -p 5060 <targets>
--
--@output
-- 5060/udp open sip
-- | sip-methods:
-- |_ INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
author = "Hani Benhabiles"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "safe", "discovery"}
portrule = shortport.port_or_service(5060, "sip", {"tcp", "udp"})
action = function(host, port)
local status, session, response
session = sip.Session:new(host, port)
status = session:connect()
if not status then
return "ERROR: Failed to connect to the SIP server."
end
status, response = session:options()
if status then
-- If port state not set to open, set it to open.
if nmap.get_port_state(host, port) ~= "open" then
nmap.set_port_state(host, port, "open")
end
-- Check if allow header exists in response
local allow = response:getHeader("allow")
if allow then
return stdnse.format_output(true, allow)
end
end
end