Categories: discovery, intrusive
Spoofs a call to a SIP phone and detects the action taken by the target (busy, declined, hung up, etc.)
This works by sending a fake sip invite request to the target phone and checking the responses. A response with status code 180 means that the phone is ringing. The script waits for the next responses until timeout is reached or a special response is received. Special responses include: Busy (486), Decline (603), Timeout (408) or Hang up (200).
Caller user ID. Defaults to
SIP Extension to send request from. Defaults to
Source application's user agent. Defaults to
Time to wait for a response. Defaults to
Source address to spoof.
sip.timeoutSee the documentation for the sip library.
nmap --script=sip-call-spoof -sU -p 5060 <targets> nmap --script=sip-call-spoof -sU -p 5060 --script-args 'sip-call-spoof.ua=Nmap, sip-call-spoof.from=Boss' <targets>
5060/udp open sip | sip-call-spoof: |_ Target hung up. (After 10.9 seconds)
License: Same as Nmap--See https://nmap.org/book/man-legal.html