smap is a simple scanner for SIP enabled devices

smap sends off various SIP requests awaiting responses from SIP enabled
DSL router, proxies and user agents.
It could be considered a mashup of nmap and sipsak ;)

--- Usage ---------------------------------------------------------------------

usage: smap [-hdlO] [ Options ] <ip | ip/mask | host>

            -h: this help
            -d: increase debugging
            -O: enable fingerprinting
            -l: fingerprint learning mode
           -P0: Treat all hosts as online - skip host discovery
     -p <port>: destination port
   -D <domain>: SIP domain to use without leading sip:
  -w <timeout>: timeout in msec

The following command can be used to probe a single host:

$ smap sipgate.net
map 0.3.4 <hscholz@raisdorf.net> http://www.wormulon.net/

Host 217.10.79.8:5060: (ICMP untested) SIP enabled

1 hosts scanned, 0 up, 1 SIP enabled

$

Scanning a network is as easy:

$ smap 89.53.9.104/29
smap 0.3.4 <hscholz@raisdorf.net> http://www.wormulon.net/

Host 89.53.9.104:5060: (ICMP untested) SIP enabled
Host 89.53.9.105:5060: (ICMP untested) SIP enabled
Host 89.53.9.106:5060: (ICMP untested) SIP enabled
Host 89.53.9.107:5060: (ICMP untested) SIP enabled
Host 89.53.9.108:5060: (ICMP untested) SIP enabled
Host 89.53.9.109:5060: (ICMP untested) SIP enabled
Host 89.53.9.110:5060: (ICMP untested) SIP enabled
Host 89.53.9.111:5060: (ICMP untested) SIP enabled

8 hosts scanned, 0 up, 8 SIP enabled

$ 

Optional fingerprinting can be enabled using the -O option.
This will send more messages to each host in order to build a fingerprint
and compare to a nmap like fingerprinting database.

$ smap -O router.wormulon.net

smap 0.3.4 <hscholz@raisdorf.net> http://www.wormulon.net/

Host 89.53.13.54:5060: (ICMP untested) SIP enabled
device identified as:
  AVM FRITZ!Box Fon Series firmware: ??.04.01 (Jan 25 2006)
headers found:
  User-Agent: AVM FRITZ!Box Fon WLAN 7170 29.04.02 (Jan 25 2006)

1 hosts scanned, 0 up, 1 SIP enabled

$

If you are dealing with unidentified devices try the learning mode by
passing -l to smap:

$ smap -l router.wormulon.net

smap 0.3.4 <hscholz@raisdorf.net> http://www.wormulon.net/

NOTICE: test_headers: cmpstr: "Via:From:To:Call-ID:CSeq:User-Agent:Content-Length:"
NOTICE: test_allow: "Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, UPDATE, PRACK, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE"
Host 89.53.13.54:5060: (ICMP untested) SIP enabled
device identified as:
  AVM FRITZ!Box Fon Series firmware: ??.04.01 (Jan 25 2006)

FINGERPRINT information:
newmethod=405
allow_class=2
supported_class=NR
hoe_class=10
options=406
brokenfromto=400
prack=405
invite=406
headers found:
  User-Agent: AVM FRITZ!Box Fon WLAN 7170 29.04.02 (Jan 25 2006)


1 hosts scanned, 0 up, 1 SIP enabled
$

--- Compilation ---------------------------------------------------------------

smap has been tested on the following systems:

 - FreeBSD/5.x i386
 - FreeBSD/6.x i386
 - OpenBSD/3.8 amd64
 - OpenBSD/3.8 sparc64
 - Debian Linux 2.6.x i386
 - Mac OS X 10.4.7 (powerpc)

Compilation itself should be a simple 'make' or 'gmake' on *BSD systems.
See the Makefile for some compilation options.

--- Contact -------------------------------------------------------------------

Please contact Hendrik Scholz at hscholz@raisdorf.net in case of
questions et al.
Updated versions of smap might be available at http://www.wormulon.net/

--- License -------------------------------------------------------------------

smap is released under the BSD license so feel free to do anything you
like with it as long as it complies with the license.


-------------------------------------------------------------------------------
$Id: README,v 1.5 2006-08-27 09:46:13 hscholz Exp $
