Nmap sip-call-spoof NSE Script

Script Overview

---

Script source code: https://github.com/nmap/nmap/tree/master/scripts/sip-call-spoof.nse
Script categories: discovery, intrusive
Target service / protocol: sip, tcp, udp
Target network port(s): 5060
List of CVEs: -

Script Description

---

The sip-call-spoof.nse script spoofs a call to a SIP phone and detects the action taken by the target (busy, declined, hung up, etc.)

This works by sending a fake sip invite request to the target phone and checking the responses. A response with status code 180 means that the phone is ringing. The script waits for the next responses until timeout is reached or a special response is received. Special responses include: Busy (486), Decline (603), Timeout (408) or Hang up (200).

Sip-call-spoof NSE Script Arguments

---

This is a full list of arguments supported by the sip-call-spoof.nse script:

extension

Request SIP extension.

from

SIP From field.

session

SIP Session to use.

sip-call-spoof.extension

SIP Extension to send request from. Defaults to 100.

sip-call-spoof.from

Caller user ID. Defaults to Home.

sip-call-spoof.src

Source address to spoof.

sip-call-spoof.timeout

Time to wait for a response. Defaults to 5s

sip-call-spoof.ua

Source application's user agent. Defaults to Ekiga.

src

Request source address to spoof.

ua

User Agent to use.

sip.timeout

Specifies the session (socket) timeout in seconds

- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:

nmap --script=sip-call-spoof --script-args extension=value,from=value <target>

Sip-call-spoof NSE Script Example Usage

---

Here's an example of how to use the sip-call-spoof.nse script:

nmap --script=sip-call-spoof -sU -p 5060 <targets>

nmap --script=sip-call-spoof -sU -p 5060 --script-args
'sip-call-spoof.ua=Nmap, sip-call-spoof.from=Boss' <targets>

Sip-call-spoof NSE Script Example Output

---

Here's a sample output from the sip-call-spoof.nse script:

5060/udp open  sip
| sip-call-spoof:
|_  Target hung up. (After 10.9 seconds)

Sip-call-spoof NSE Script Example XML Output

---

There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.

Author

---

• Hani Benhabiles

References

---

• https://nmap.org/nsedoc/scripts/sip-call-spoof.html
• https://github.com/nmap/nmap/tree/master/scripts/sip-call-spoof.nse

See Also

---

Related NSE scripts to the sip-call-spoof.nse script:

• sip-brute.nse
• sip-enum-users.nse
• sip-methods.nse

Visit Nmap NSE Library for more scripts.

The sip-call-spoof.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.

Failed to connect to the SIP server.

---

Here is a relevant code snippet related to the "Failed to connect to the SIP server." error message:

138:	  timeout = (timeout or 5) * 1000
139:	
140:	  session = sip.Session:new(host, port)
141:	  status = session:connect()
142:	  if not status then
143:	    return stdnse.format_output(false, "Failed to connect to the SIP server.")
144:	  end
145:	
146:	  local ringing, result, waittime = invitespoof(session, ua, from, src, extension, timeout)
147:	  -- If we get a response, we set the port to open.
148:	  if result then