Nmap Developmentmailing list archives

By Date

By Thread

Re: [NSE] sip-extensions.nse

On 07/04/2012 12:45 PM, David Fifield wrote:

On Sat, Jun 30, 2012 at 11:14:41AM +0100, Hani Benhabiles wrote:

On 06/29/2012 09:07 PM, Patrik Karlsson wrote:

There seems to be some overlap here with sip-enum-users?Or am I missing something?

Hi Patrik,SIP servers in the wild use usually either usernames or numbers asextensions. The later seems to be more common as I came across itmore often and given how many testing tools and suites (i.esipvicious, metasploit aux etc...) focus on scanning ranges ofnumbers (with things such as padding 0's) rather than on usernamesfrom a dictionnary list. I believe having two separates scripts thatdo simple and effective work depending on the situation is betterthan one bloated script with many options and requiring the user tosupply many script-arguments.

I disagree with this thought. There should not be two scripts with twoimplementations of what is basically the same function.Both scripts should be the same script and should probably use the brutelibrary. A custom user name iterator can handle creating all the numericextensions. There are not many name in usernames.lst, so checking themin addition to extensions will not be much more cost.David Fifield

Hi,

Cheers,Hani.--Hani BenhabilesTwitter:https://twitter.com/#!/kroosecBlog:http://kroosec.blogspot.com

Attachment:sip-enum-extensions.nse
Description:

_______________________________________________Sent through the nmap-dev mailing listhttp://cgi.insecure.org/mailman/listinfo/nmap-devArchived athttp://seclists.org/nmap-dev/

By Date

By Thread

Current thread:

• Re: [NSE] sip-extensions.nseDavid Fifield (Jul 04)
  • Re: [NSE] sip-extensions.nseHani Benhabiles (Jul 14)
    • Message not available
      • Re: [NSE] sip-extensions.nseHani Benhabiles (Jul 14)
    • Message not available
      • Re: [NSE] sip-extensions.nseHani Benhabiles (Jul 14)
      • Re: [NSE] sip-extensions.nseDavid Fifield (Jul 16)