Merge #3713, @hmoore-r7's SIP cleanup of my SIP cleanup

2014-08-26 17:52:35 -07:00 · 2014-08-26 17:52:35 -07:00 · 1f35c0ff1c
parent 8d26b66e2f 316a952e9c
commit 1f35c0ff1c
1 changed files with 44 additions and 24 deletions
--- a/lib/msf/core/exploit/sip.rb
+++ b/lib/msf/core/exploit/sip.rb
@ -16,38 +16,58 @@ module Msf
        return false
      end

-      # We know it is SIP, so report
-      report_service(
-        host: rhost,
-        port: rport,
-        proto: proto.downcase,
-        name: 'sip'
-      )
-
-      # Do header extraction as necessary
+      # Extracted headers, stored as a hash where the key is the header name
+      # and the value is a list of all values seen for the header, covering the
+      # case where the same header value is seen multiple times
      extracted_headers = {}
      unless desired_headers.nil? || desired_headers.empty?
        desired_headers.each do |desired_header|
          next unless (found_header = options_response.header(desired_header))
          extracted_headers[desired_header] ||= []
-          extracted_headers[desired_header] |= found_header
-        end
-
-        # report on any extracted headers
-        extracted_headers.each do |k, v|
-          report_note(
-            host: rhost,
-            port: rport,
-            proto: proto.downcase,
-            type: "sip_header.#{k.gsub(/-/, '_').downcase}",
-            data: v.join(',')
-          )
+          extracted_headers[desired_header]  |= found_header
        end
      end

-      status = "#{endpoint} #{options_response.status_line}"
-      status += ": #{extracted_headers}" unless extracted_headers.empty?
-      print_status(status)
+      # Create a SIP OPTIONS fingerprint hash
+      fprint = {
+        'code'    => options_response.code,
+        'message' => options_response.message
+      }
+
+      # compact the header values, append the header information to the
+      # fingerprint hash
+      extracted_headers.each_pair do |k,v|
+        value = v.join(',')
+        extracted_headers[k] = value
+        fprint['header_' + k.gsub('-', '_').downcase] = value
+      end
+
+      # Create a summary of the response
+      status = options_response.status_line.dup
+      unless extracted_headers.keys.empty?
+        status << ": #{extracted_headers}"
+      end
+
+      # Report the service with the status information
+      report_service(
+        host: rhost,
+        port: rport,
+        proto: proto.downcase,
+        name: 'sip',
+        info: status
+      )
+
+      # Report the fingerprint information
+      report_note(
+        host: rhost,
+        port: rport,
+        proto: proto.downcase,
+        type: "sip.options.fingerprint",
+        data: fprint
+      )
+
+      # Display the actual result to the user
+      print_status(endpoint + " " + status)
      true
    end