Script sip-call-spoof

Script types: portrule
Categories: discovery, intrusive

Script Summary

Spoofs a call to a SIP phone and detects the action taken by the target (busy, declined, hung up, etc.)

This works by sending a fake sip invite request to the target phone and checking the responses. A response with status code 180 means that the phone is ringing. The script waits for the next responses until timeout is reached or a special response is received. Special responses include: Busy (486), Decline (603), Timeout (408) or Hang up (200).

Script Arguments


Caller user ID. Defaults to Home.


SIP Extension to send request from. Defaults to 100.

Source application's user agent. Defaults to Ekiga.


Time to wait for a response. Defaults to 5s


Source address to spoof.


See the documentation for the sip library.

Example Usage

nmap --script=sip-call-spoof -sU -p 5060 <targets>
nmap --script=sip-call-spoof -sU -p 5060 --script-args
', sip-call-spoof.from=Boss' <targets>

Script Output

5060/udp open  sip
| sip-call-spoof:
|_  Target hung up. (After 10.9 seconds)



  • Hani Benhabiles

License: Same as Nmap--See