Re: SIP version detection script

[Patrik Karlsson <patrik () cqure net>]

On 24 nov 2009, at 03.24, Tom Sellers wrote:

> Patrik Karlsson wrote:
> > Hi all,
> > I just finished my first nmap script with some great help from Ron Bowes. Like the e-mail subject states it does 
> > version detection for the SIP protocol.
> > I've done some basic testing and it looks as if it does what it't intended to.
> > Here's some sample output:
> > Interesting ports on 192.168.56.3:
> > PORT     STATE         SERVICE VERSION
> > 5060/udp open|filtered sip     Asterisk PBX
> > Interesting ports on 192.168.56.4:
> > PORT     STATE         SERVICE VERSION
> > 5060/udp open|filtered sip     3CXPhoneSystem 8.0.9844.0
> > Bug reports or comments and suggestions on things that could be done better/differently are most welcome.
>
>
> Patrik,
>
>       I have not had a chance to look at your code, but looking at your output
> I would suggest setting the port state to open when you successfully identify the
> service.
>
> Something like this should work:
>
>        nmap.set_port_port(host, port, "open")
>
>
> Tom

Thanks Tom!

I have an updated script that does that and works against 5060/tcp and 5061/tcp (SIP TLS).
However, as I posted earlier I realized that there is a static probe in nmap-service-probes that already works against 
5060/tcp. So I'm guessing that same probe could be sent to 5060/udp as well and make my script redundant?

Patrik
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/