Added sip-methods script which enumerates a SIP server's allowed methods.

2025-12-10 17:59:04 +00:00 · 2012-07-09 08:57:12 +00:00
parent 68a9a54f4c
commit eca8ab5563
3 changed files with 57 additions and 0 deletions
--- a/3
+++ b/3
@@ -1,4 +1,7 @@
 # Nmap Changelog ($Id$); -*-text-*-
+o [NSE] Added sip-methods script which enumerates a SIP server's allowed
+  methods. [Hani Benhabiles]
+
 o [NSE] Added sip-call-spoof script which spoofs a call to a SIP phone and
  detects the action taken by the target. [Hani Benhabiles]

--- a/scripts/script.db
+++ b/scripts/script.db
@@ -319,6 +319,7 @@ Entry { filename = "servicetags.nse", categories = { "default", "discovery", "sa
 Entry { filename = "sip-brute.nse", categories = { "brute", "intrusive", } }
 Entry { filename = "sip-call-spoof.nse", categories = { "discovery", "intrusive", } }
 Entry { filename = "sip-enum-users.nse", categories = { "auth", "intrusive", } }
+Entry { filename = "sip-methods.nse", categories = { "default", "safe", "discovery" } }
 Entry { filename = "skypev2-version.nse", categories = { "version", } }
 Entry { filename = "smb-brute.nse", categories = { "brute", "intrusive", } }
 Entry { filename = "smb-check-vulns.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
--- a/scripts/sip-methods.nse
+++ b/scripts/sip-methods.nse
@@ -0,0 +1,53 @@
+local shortport = require "shortport"
+local sip = require "sip"
+local stdnse = require "stdnse"
+local table = require "table"
+
+description = [[
+Enumerates a SIP Server's allowed methods.
+
+The script works by sending an OPTION request to the server and checking for
+the value of the Allow header in the response.
+]]
+
+---
+-- @usage
+-- nmap --script=sip-methods -sU -p 5060 <targets>
+--
+--@output
+-- 5060/udp open  sip
+-- | sip-methods: 
+-- |_  INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
+
+
+author = "Hani Benhabiles"
+
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+
+categories = {"default", "safe", "discovery"}
+
+
+portrule = shortport.port_or_service(5060, "sip", {"tcp", "udp"})
+
+action = function(host, port)
+    local status, session, response
+    session = sip.Session:new(host, port)
+    status = session:connect()
+    if not status then
+	return "ERROR: Failed to connect to the SIP server."
+    end
+
+    status, response = session:options()
+    if status then
+	-- If port state not set to open, set it to open.
+	if nmap.get_port_state(host, port) ~= "open" then
+	    nmap.set_port_state(host, port, "open")
+	end
+
+	-- Check if allow header exists in response
+	local allow = response:getHeader("allow")
+	if allow then
+	    return stdnse.format_output(true, allow)
+	end
+    end
+end