Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] sip-call-spoof
From: Hani Benhabiles <kroosec () gmail com>
Date: Thu, 28 Jun 2012 11:51:34 +0100

On 06/27/2012 09:19 PM, Toni Ruottu wrote:
Would it make sense to report the time it took to get the response?

On Wed, Jun 27, 2012 at 8:32 PM, Hani Benhabiles <kroosec () gmail com> wrote:
Hi list,

description = [[
Spoofs a call to a SIP phone and detects the action taken by the target.

This works by sending a fake sip invite request to the target phone and
checking
the responses. A response with status code 180 means that the phone is
ringing.
The script waits for the next responses until timeout is reached or a
special
response is received.  Special responses include:  Busy (486), Decline
(603),
Timeout (408) or Hang up (200).
]]

---
-- () args sip-call-spoof.ua Source application's user agent. Defaults to
-- <code>Ekiga</code>.
--
-- () args sip-call-spoof.from Caller user ID. Defaults to <code>Home</code>.
--
-- () args sip-call-spoof.extension SIP Extension to send request from.
Defaults to
-- <code>100</code>.
--
-- () args sip-call-spoof.src Source address to spoof.
--
-- () args sip-call-spoof.timeout Time to wait for a response. Defaults to
-- <code>5</code> seconds.
--
-- @usage
-- nmap --script=sip-call-spoof -sU -p 5060 <targets>
-- nmap --script=sip-call-spoof -sU -p 5060 --script-args
-- 'sip-call-spoof.ua=Nmap, sip-call-spoof.from=Boss' <targets>
--
-- () output
-- 5060/udp open  sip
-- | sip-call-spoof:
-- |_  Target hung up.

As always, tests and feedback are welcome.

Cheers,
Hani.

--
Hani Benhabiles

Twitter: https://twitter.com/#!/kroosec
Blog: http://kroosec.blogspot.com


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Hi Toni,

I am attaching a version which also outputs time it has taken the target to hang up or decline the call.

Cheers,
Hani.

--
Hani Benhabiles

Twitter: https://twitter.com/#!/kroosec
Blog: http://kroosec.blogspot.com

Attachment: sip-call-spoof.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault