Nmap Development mailing list archives
Re: Testing SIP detection script
From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 1 Nov 2010 08:15:07 +0100
On 31 okt 2010, at 20.37, Jamuse wrote:
I attached a SIP detection script. I've only tested it against an Asterisk SIP server which seems to work well. Please send me any feedback to improve the script. localhost:/opt/nmap-5.35DC1/scripts# nmap -sU -p 5060 localhost --script sip-version.nse Starting Nmap 5.35DC1 ( http://nmap.org ) at 2010-10-31 21:28 IST Nmap scan report for localhost (127.0.0.1) Host is up. Other addresses for localhost (not scanned): 127.0.0.1 PORT STATE SERVICE 5060/udp open sip | sip-version: Asterisk PBX 1.6.2.0 |_Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Nmap done: 1 IP address (1 host up) scanned in 2.11 seconds <sip-version.nse>_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Hi Jamuse, Last year I submitted a SIP version detection script only to find out that what I did was already supported by service detection engine. It turned out to be a rather long thread which is available here: http://seclists.org/nmap-dev/2009/q4/473 The script I submitted is in there to somewhere a long with the probes/matches that were added. One difference with the script you're submitting is the allow header. It could probably be extracted as "Miscellaneous further information" by modifying the existing matches in nmap-service-probes. The file format is documented here: http://nmap.org/book/vscan-fileformat.html If I was to comment your script anyway, I think it looks very good. Some minor improvements (in my opinion) would be: * replacing receive_bytes(1) with receive() - I'll make sure to do the same in my scripts :-) * declaring status and response on the same line that they're used: local status, response = socket:receive() Regards, //Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Testing SIP detection script Jamuse (Oct 31)
- Re: Testing SIP detection script Patrik Karlsson (Nov 01)
- Re: Testing SIP detection script David Fifield (Nov 01)
- Re: Testing SIP detection script Patrik Karlsson (Nov 01)