If someone can check this SIP nasl or test it more I'll appriciate it.
Regards,
-- Ferdy
#
# Script Written By Ferdy Riphagen
# <f[dot]riphagen[at]nsec[dot]nl>
#
# Script distributed under the GNU GPLv2 License.
#
desc["english"] = "
Synopsis :
The remote system is a SIP signaling device.
Description :
The remote system is listening to and sending Session Initiation
Protocol (SIP) requests.
SIP is a messaging protocol to initiate communication sessions
between systems. It is a protocol used mostly in IP Telephony
networks/systems to setup, control and teardown sessions
between two or more systems.
Solution :
If the service is not needed disable it, or filter incoming
requests to the ports.
See Also :
http://www.ietf.org/rfc/rfc2543.txt
Risk factor :
None";
if (description) {
script_id(200014);
script_version("$Revision: 1.0 $");
name["english"] = "SIP Device Detection";
script_name(english:name["english"]);
script_description(english:desc["english"]);
summary["english"] = "Check if the remote system is accepting SIP requests";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_family(english:"Service detection");
script_copyright(english:"This script is Copyright (C) 2006 Ferdy Riphagen");
script_require_udp_ports(5060);
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
port = 5060;
if (!get_udp_port_state(port)) exit(0);
# Check if we are scanning our local system.
# If so we can't use source port 5060, but it is worth a try.
if (islocalhost()) {
soc = open_sock_udp(port);
}
# Some systems only want to talk if the source port is 5060.
else soc = open_priv_sock_udp(sport:5060, dport:port);
if (!soc) exit(0);
# Generate a "SIP OPTION" message.
# This will result in a "404 or 484" error if we get a response.
payload = string(
"OPTIONS sip:*@", get_host_name(), "SIP/2.0\r\n",
"Via: SIP/2.0/UDP ", this_host(), "\r\n",
"To: <sip:*@", get_host_name(), ">\r\n",
"From: <sip:*@", this_host(), ">\r\n",
"Call-ID: 1234567890@", this_host(), "\r\n",
"CSeq: 123456 OPTIONS\r\n",
"User-Agent: Nessus Vulnerability Scanner\r\n",
"Content-Type: application/sdp\r\n",
"Content-Length: 0\r\n",
"\r\n");
debug_print("payload: ", payload, "\n");
send(socket:soc, data:payload);
recv = recv(socket:soc, length:512);
debug_print("recv: ", recv, "\n");
if (recv == NULL) exit(0);
# Check if we can get a good response back.
if ("Via: SIP/2.0/UDP" >< recv &&
(agent = egrep(pattern:"User-Agent: |Server: ", string:recv))) {
banner = ereg_replace(pattern:".*User-Agent: |.*Server: ", string:agent, replace:"");
banner = chomp(banner);
if (banner == agent) banner = NULL;
debug_print("banner: ", banner, "\n");
# Also try to report the remote capabilities.
options = egrep(pattern:"^Allow:.+OPTIONS", string:recv);
if (options) options = options - string("Allow: ");
debug_print("options: ", options, "\n");
if (banner != NULL) {
# Create the report.
report = string(desc["english"], "\n\n",
"Plugin output:\n\n",
"The remote SIP device is a:\n",
banner);
# Register the banner information in KB.
set_kb_item(name:"sip/banner/" + port, value:banner);
if (options != NULL) {
report = string(report, "\n\n",
"The system is supporting the following options:\n",
options);
}
}
else report = desc["english"];
register_service(ipproto:"udp", proto:"sip", port:port);
security_note(port:port, data:report);
exit(0);
}
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Thu Jan 19 2006 - 06:09:14 PST