Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Testing SIP detection script

From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 1 Nov 2010 08:15:07 +0100

On 31 okt 2010, at 20.37, Jamuse wrote:


I attached a SIP detection script. I've only tested it against an
Asterisk SIP server which seems to work well. Please send me any
feedback to improve the script.

localhost:/opt/nmap-5.35DC1/scripts# nmap -sU -p 5060 localhost
--script sip-version.nse

Starting Nmap 5.35DC1 ( http://nmap.org ) at 2010-10-31 21:28 IST
Nmap scan report for localhost (127.0.0.1)
Host is up.
Other addresses for localhost (not scanned): 127.0.0.1
PORT     STATE SERVICE
5060/udp open  sip
| sip-version:  Asterisk PBX 1.6.2.0
|_Allow:  INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY

Nmap done: 1 IP address (1 host up) scanned in 2.11 seconds
<sip-version.nse>_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Hi Jamuse,

Last year I submitted a SIP version detection script only to find out that what I did was already supported by service 
detection engine.
It turned out to be a rather long thread which is available here: http://seclists.org/nmap-dev/2009/q4/473
The script I submitted is in there to somewhere a long with the probes/matches that were added.

One difference with the script you're submitting is the allow header.
It could probably be extracted as "Miscellaneous further information" by modifying the existing matches in 
nmap-service-probes.
The file format is documented here: http://nmap.org/book/vscan-fileformat.html

If I was to comment your script anyway, I think it looks very good. Some minor improvements (in my opinion) would be:
* replacing receive_bytes(1) with receive() - I'll make sure to do the same in my scripts :-)
* declaring status and response on the same line that they're used: local status, response = socket:receive()

Regards,
//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: