As I’ve been tinkering with VoIP for a while I decided to write a version detection script for Nmap. It’s my first stab at both Nmap scripting and the Lua programming language so don’t expect to much. The limited tests I have made show that it does a reasonable job and returns any version information present in the server response. The script can be found here.

The script is quite simple and works by sending a SIP OPTION request to the server and then retrieves the value returned in either the User-Agent or Server header.

In order to “activate” it:

1. Decompress the zip archive and copy sip-version.nse to the script directory eg. /usr/share/nmap/scripts
2. As root, run the following command:

   nmap --script-update

To test it, simply run a version scan against port 5060 on a SIP server:

nmap -sV -sU sip.domain.suffix -p 5060

If it worked it should return something like this:

Interesting ports on x.x.x.x:
PORT     STATE         SERVICE VERSION
5060/udp open|filtered sip     3CXPhoneSystem 8.0.9844.0

Interesting ports on y.y.y.y:
PORT     STATE         SERVICE VERSION
5060/udp open|filtered sip     Asterisk PBX

This entry was posted on Saturday, November 21st, 2009 at 12:06 pm and is filed under cqure.net. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.