Nmap SIP version script

As I’ve been tinkering with VoIP for a while I decided to write a version detection script for Nmap. It’s my first stab at both Nmap scripting and the Lua programming language so don’t expect to much. The limited tests I have made show that it does a reasonable job and returns any version information present in the server response. The script can be found here.

The script is quite simple and works by sending a SIP OPTION request to the server and then retrieves the value returned in either the User-Agent or Server header.

In order to “activate” it:

  1. Decompress the zip archive and copy sip-version.nse to the script directory eg. /usr/share/nmap/scripts
  2. As root, run the following command:

To test it, simply run a version scan against port 5060 on a SIP server:

If it worked it should return something like this:

Interesting ports on x.x.x.x:
PORT     STATE         SERVICE VERSION
5060/udp open|filtered sip     3CXPhoneSystem 8.0.9844.0

Interesting ports on y.y.y.y:
PORT     STATE         SERVICE VERSION
5060/udp open|filtered sip     Asterisk PBX