Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] specify source port

From: Ferdy Riphagen <f.riphagen () nsec nl>
Date: Wed, 30 May 2007 19:48:32 +0200
Eddie Bell wrote:

hi ferdy,

Unfortunately this is not currently possible because the connect()
syscall, which NSE uses, does not support custom source ports.


Thanks, for clearing up. I couldn't find any info in nse_nsock.* either.
I wanted to use it for attached script. It's just a do-and-learn test to
get familiar with nse/lua.
At least some Cisco's require sport 5060 or 5061 (the two I know).

--Ferdy--



-- Nmap NSE script to detect a SIP server running on port 5060.
-- Feel free to report any coding issue's.

id="SIP server/agent detection"

description="Try to detect a SIP server/agent it's response by sending an incomplete \
             OPTIONS message. It will probably respond with a '404 Not Found' error." 

author = "Ferdy Riphagen <f.riphagen () nsec nl>"

license = "See nmap's COPYING for license"

categories = {"safe", "discovery"}

portrule = function(host, port)
        if port.number == 5060 and 
           port.service == "sip" and
           port.protocol == "udp" or "tcp" and
           port.state == "open|filtered" or "open"
        then
                return true
        else
                return false
        end
end

action = function(host, port)
        local soc, conn, r, res, status, ver, lines 

        soc = nmap.new_socket()
        soc:set_timeout(10000)
        conn = soc:connect(host.ip, port.number, port.protocol)

        if (conn) then
                r = "OPTIONS sip:" .. host.ip .. " SIP/2.0\r\n"  
                r = r .. "Via: SIP/2.0/" .. port.protocol .. "127.0.0.1:" .. port.number .. "\r\n" 
                r = r .. "To: <sip:" .. host.ip .. ":" .. port.number .. ">\r\n"
                r = r .. "From: <sip:127.0.0.1:" .. port.number .. ">\r\n"
                r = r .. "Contact: nmap <sip:127.0.0.1:" .. port.number .. ">\r\n"
                r = r .. "Call-ID: 1234\r\n"
                r = r .. "Cseq: 1 OPTIONS\r\n"
                r = r .. "Content-Length: 0\r\n\r\n"
                soc:send(r)
                
                while true do
                        status, lines = soc:receive()
                        if not status then 
                                break 
                        end

                        res = ""
                        res = res .. lines
                        if (string.find(res, "User.-Agent:")) then
                                ver = string.match(res, "User.-Agent: (.-)\r\n")
                        else 
                                if (string.find(res, "Server:")) then
                                        ver = string.match(res, "Server: (.-)\r\n")
                                end
        
                        end
        
                end
        
                soc:close()
        end

        if (ver) then 
                return "" .. string.gsub(ver, "\n", "")
        end

end



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: