Nmap Development mailing list archives
Re: [NSE] sip-extensions.nse
From: David Fifield <david () bamsoftware com>
Date: Wed, 4 Jul 2012 04:45:17 -0700
On Sat, Jun 30, 2012 at 11:14:41AM +0100, Hani Benhabiles wrote:
On 06/29/2012 09:07 PM, Patrik Karlsson wrote:There seems to be some overlap here with sip-enum-users? Or am I missing something?Hi Patrik, SIP servers in the wild use usually either usernames or numbers as extensions. The later seems to be more common as I came across it more often and given how many testing tools and suites (i.e sipvicious, metasploit aux etc...) focus on scanning ranges of numbers (with things such as padding 0's) rather than on usernames from a dictionnary list. I believe having two separates scripts that do simple and effective work depending on the situation is better than one bloated script with many options and requiring the user to supply many script-arguments.
I disagree with this thought. There should not be two scripts with two implementations of what is basically the same function. Both scripts should be the same script and should probably use the brute library. A custom user name iterator can handle creating all the numeric extensions. There are not many name in usernames.lst, so checking them in addition to extensions will not be much more cost. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] sip-extensions.nse David Fifield (Jul 04)
- Re: [NSE] sip-extensions.nse Hani Benhabiles (Jul 14)
- Message not available
- Re: [NSE] sip-extensions.nse Hani Benhabiles (Jul 14)
- Message not available
- Message not available
- Re: [NSE] sip-extensions.nse Hani Benhabiles (Jul 14)
- Re: [NSE] sip-extensions.nse David Fifield (Jul 16)
- Re: [NSE] sip-extensions.nse Hani Benhabiles (Jul 14)