Script sip-call-spoof

Script types: portrule
Categories: discovery, intrusive
Download: https://svn.nmap.org/nmap/scripts/sip-call-spoof.nse

Script Summary

Spoofs a call to a SIP phone and detects the action taken by the target (busy, declined, hung up, etc.)

This works by sending a fake sip invite request to the target phone and checking the responses. A response with status code 180 means that the phone is ringing. The script waits for the next responses until timeout is reached or a special response is received. Special responses include: Busy (486), Decline (603), Timeout (408) or Hang up (200).

Script Arguments

sip-call-spoof.from

Caller user ID. Defaults to Home.

sip-call-spoof.extension

SIP Extension to send request from. Defaults to 100.

sip-call-spoof.ua

Source application's user agent. Defaults to Ekiga.

sip-call-spoof.timeout

Time to wait for a response. Defaults to 5s

sip-call-spoof.src

Source address to spoof.

sip.timeout

See the documentation for the sip library.

Example Usage

nmap --script=sip-call-spoof -sU -p 5060 <targets>
nmap --script=sip-call-spoof -sU -p 5060 --script-args
'sip-call-spoof.ua=Nmap, sip-call-spoof.from=Boss' <targets>

Script Output

5060/udp open  sip
| sip-call-spoof:
|_  Target hung up. (After 10.9 seconds)

Requires

• nmap
• shortport
• sip
• stdnse

---

Author:

• Hani Benhabiles

License: Same as Nmap--See https://nmap.org/book/man-legal.html