vulncheck-oss · jesusprubio · Jul 16, 2025 · Jul 16, 2025 · Jul 22, 2025 · Jul 22, 2025
diff --git a/.golangci.yml b/.golangci.yml
@@ -101,6 +101,11 @@ linters:
           - staticcheck
         path: cli/commandline_test.go
         text: SA1019
+      - linters:
+          - gocognit
+          - gocyclo
+          - cyclop
+        path: protocol/sip/helper_test.go
     paths:
       - protocol/mikrotik/msg.go
       - third_party$

diff --git a/go.mod b/go.mod
@@ -5,6 +5,7 @@ go 1.24.1
 require (
 	github.com/Masterminds/semver v1.5.0
 	github.com/antchfx/htmlquery v1.3.4
+	github.com/emiago/sipgo v0.33.0
 	github.com/lor00x/goldap v0.0.0-20240304151906-8d785c64d1c8
 	github.com/vjeantet/ldapserver v1.0.2-0.20240305064909-a417792e2906
 	golang.org/x/crypto v0.40.0
@@ -16,8 +17,12 @@ require (
 require (
 	github.com/antchfx/xpath v1.3.3 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/gobwas/httphead v0.1.0 // indirect
+	github.com/gobwas/pool v0.2.1 // indirect
+	github.com/gobwas/ws v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/uuid v1.6.0 // indirect
+	github.com/icholy/digest v1.1.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect

diff --git a/go.sum b/go.sum
@@ -4,24 +4,41 @@ github.com/antchfx/htmlquery v1.3.4 h1:Isd0srPkni2iNTWCwVj/72t7uCphFeor5Q8nCzj1j
 github.com/antchfx/htmlquery v1.3.4/go.mod h1:K9os0BwIEmLAvTqaNSua8tXLWRWZpocZIH73OzWQbwM=
 github.com/antchfx/xpath v1.3.3 h1:tmuPQa1Uye0Ym1Zn65vxPgfltWb/Lxu2jeqIGteJSRs=
 github.com/antchfx/xpath v1.3.3/go.mod h1:i54GszH55fYfBmoZXapTHN8T8tkcHfRgLyVwwqzXNcs=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/emiago/sipgo v0.33.0 h1:UxPKCoPREffSjrRE6oesG/RPz5/ZSp8tA8Jc6YvYUsk=
+github.com/emiago/sipgo v0.33.0/go.mod h1:gbOLw/kZHZ3wS/5PIa9qVjpdil/IKLdigbZFIYFpHTs=
+github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
+github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
+github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
+github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
+github.com/gobwas/ws v1.3.2 h1:zlnbNHxumkRvfPWgfXu8RBwyNR1x8wh9cf5PTOCqs9Q=
+github.com/gobwas/ws v1.3.2/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/icholy/digest v1.1.0 h1:HfGg9Irj7i+IX1o1QAmPfIBNu/Q5A5Tu3n/MED9k9H4=
+github.com/icholy/digest v1.1.0/go.mod h1:QNrsSGQ5v7v9cReDI0+eyjsXGUoRSUZQHeQ5C4XLa0Y=
 github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3/go.mod h1:37YR9jabpiIxsb8X9VCIx8qFOjTDIIrIHHODa8C4gz0=
 github.com/lor00x/goldap v0.0.0-20240304151906-8d785c64d1c8 h1:z9RDOBcFcf3f2hSfKuoM3/FmJpt8M+w0fOy4wKneBmc=
 github.com/lor00x/goldap v0.0.0-20240304151906-8d785c64d1c8/go.mod h1:37YR9jabpiIxsb8X9VCIx8qFOjTDIIrIHHODa8C4gz0=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/vjeantet/ldapserver v1.0.2-0.20240305064909-a417792e2906 h1:qHFp1iRg6qE8xYel3bQT9x70pyxsdPLbJnM40HG3Oig=
 github.com/vjeantet/ldapserver v1.0.2-0.20240305064909-a417792e2906/go.mod h1:YvUqhu5vYhmbcLReMLrm/Tq3S7Yj43kSVFvvol6Lh6k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
@@ -105,6 +122,10 @@ golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxb
 golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
 golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=
+gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
 modernc.org/cc/v4 v4.26.1 h1:+X5NtzVBn0KgsBCBe+xkDC7twLb/jNVj9FPgiwSQO3s=
 modernc.org/cc/v4 v4.26.1/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
 modernc.org/ccgo/v4 v4.28.0 h1:rjznn6WWehKq7dG4JtLRKxb52Ecv8OUGah8+Z/SfpNU=

diff --git a/protocol/sip/examples/README.md b/protocol/sip/examples/README.md
@@ -0,0 +1,13 @@
+# SIP examples
+
+## Usage
+
+Start the local Asterisk server and run a example.
+
+```sh
+cd protocol/sip/examples
+docker compose up -d
+go run ping/main.go
+# go run tcp/main.go
+# go run call/main.go
+```
diff --git a/protocol/sip/examples/call/main.go b/protocol/sip/examples/call/main.go
@@ -0,0 +1,111 @@
+// This example registers an endpoint (user authentication) in a server
+// and starts a call (only the SIP related part).
+package main
+
+import (
+	sipgo "github.com/emiago/sipgo/sip"
+	"github.com/icholy/digest"
+	"github.com/vulncheck-oss/go-exploit/output"
+	"github.com/vulncheck-oss/go-exploit/protocol"
+	"github.com/vulncheck-oss/go-exploit/protocol/sip"
+)
+
+const (
+	host     = "127.0.0.1"
+	fromUser = "john.doe"
+	pass     = "password"
+	toUser   = "dembele"
+)
+
+func main() {
+	port := sip.DefaultPorts[sip.UDP]
+	conn, ok := protocol.UDPConnect(host, port)
+	if !ok {
+		output.PrintfFrameworkError("Connecting to server %s:%d", host, port)
+
+		return
+	}
+	defer conn.Close()
+	reqOpts := sip.NewSipRequestOpts{
+		Port:   port,
+		User:   fromUser,
+		ToUser: fromUser,
+	}
+	req, ok := sip.NewSipRequest(sipgo.REGISTER, host, &reqOpts)
+	if !ok {
+		output.PrintfFrameworkError("Creating REGISTER request to %s with options %+v", host, reqOpts)
+
+		return
+	}
+	resp, ok := sip.SendAndReceiveUDP(conn, req)
+	if !ok {
+		output.PrintfFrameworkError("Sending REGISTER request %s", req.String())
+
+		return
+	}
+	if resp.StatusCode != sipgo.StatusUnauthorized {
+		output.PrintfFrameworkError("Unexpected response %d (%s) to REGISTER request", resp.StatusCode, resp.Reason)
+
+		return
+	}
+	wwwAuth := resp.GetHeader("WWW-Authenticate")
+	chal, err := digest.ParseChallenge(wwwAuth.Value())
+	if err != nil {
+		output.PrintfFrameworkError("Parsing WWW-Authenticate header: %s", err)
+
+		return
+	}
+	cred, _ := digest.Digest(chal, digest.Options{
+		Method:   req.Method.String(),
+		URI:      host,
+		Username: fromUser,
+		Password: pass,
+	})
+	newReq := req.Clone()
+	authHeader := sipgo.NewHeader("Authorization", cred.String())
+	newReq.AppendHeader(authHeader)
+	cseqHeader := sipgo.CSeqHeader{SeqNo: uint32(2), MethodName: sipgo.REGISTER}
+	newReq.ReplaceHeader(&cseqHeader)
+	resp, ok = sip.SendAndReceiveUDP(conn, newReq)
+	if !ok {
+		output.PrintfFrameworkError("Sending REGISTER request with Authorization header %s", newReq.String())
+
+		return
+	}
+	if resp.StatusCode != sipgo.StatusOK {
+		output.PrintfFrameworkError("Unexpected response %d (%s) to REGISTER request with Authorization header", resp.StatusCode, resp.Reason)
+
+		return
+	}
+	reqOpts = sip.NewSipRequestOpts{
+		Port:   port,
+		ToUser: toUser,
+		User:   fromUser,
+	}
+	req, ok = sip.NewSipRequest(sipgo.INVITE, host, &reqOpts)
+	if !ok {
+		output.PrintfFrameworkError("Creating INVITE request to %s with options %+v", host, reqOpts)
+
+		return
+	}
+	cred, _ = digest.Digest(chal, digest.Options{
+		Method:   sipgo.INVITE.String(),
+		URI:      host,
+		Username: fromUser,
+		Password: pass,
+	})
+	authHeader = sipgo.NewHeader("Authorization", cred.String())
+	req.AppendHeader(authHeader)
+	resp, ok = sip.SendAndReceiveUDP(conn, req)
+	if !ok {
+		output.PrintfFrameworkError("Sending INVITE request %s", req.String())
+
+		return
+	}
+	// Not found is expected here, as we are not actually calling a real user.
+	if resp.StatusCode == sipgo.StatusNotFound {
+		output.PrintfFrameworkSuccess("Response (INVITE): %s", resp.String())
+	} else {
+		output.PrintfFrameworkError("Unexpected response (INVITE): %s", resp.String())
+	}
+}
diff --git a/protocol/sip/examples/docker-compose.yml b/protocol/sip/examples/docker-compose.yml
@@ -0,0 +1,15 @@
+name: go-exploit-examples
+
+services:
+  asterisk:
+    image: mlan/asterisk
+    network_mode: bridge # For testing
+    cap_add:
+      - sys_ptrace # For testing
+    ports:
+      - "5060:5060/udp" # SIP UDP
+      - "5060:5060" # SIP TCP
+      - "5061:5061" # SIP TLS
+      - "10000-10099:10000-10099/udp" # RTP
+    environment:
+      - HOSTNAME=asterisk.${DOMAIN-docker.localhost}
diff --git a/protocol/sip/examples/ping/main.go b/protocol/sip/examples/ping/main.go
@@ -0,0 +1,47 @@
+// This example checks if a UDP server is up.
+//
+// The OPTION method is used to discover the server capabilities:
+// - https://datatracker.ietf.org/doc/html/rfc3261#section-11
+package main
+
+import (
+	sipgo "github.com/emiago/sipgo/sip"
+	"github.com/vulncheck-oss/go-exploit/output"
+	"github.com/vulncheck-oss/go-exploit/protocol"
+	"github.com/vulncheck-oss/go-exploit/protocol/sip"
+)
+
+const (
+	host = "127.0.0.1"
+	// Most of the times the servers answer without them.
+	fromUser = "bob"
+	toUser   = "alice"
+)
+
+func main() {
+	port := sip.DefaultPorts[sip.UDP]
+	conn, ok := protocol.UDPConnect(host, port)
+	if !ok {
+		output.PrintfFrameworkError("Connecting to server %s:%d", host, port)
+
+		return
+	}
+	defer conn.Close()
+	reqOpts := sip.NewSipRequestOpts{
+		Port:   port,
+		ToUser: toUser,
+		User:   fromUser,
+	}
+	req, ok := sip.NewSipRequest(sipgo.OPTIONS, host, &reqOpts)
+	if !ok {
+		output.PrintfFrameworkError("Creating request to %s with options %+v", host, reqOpts)
+
+		return
+	}
+	resp, ok := sip.SendAndReceiveUDP(conn, req)
+	if ok {
+		output.PrintfFrameworkSuccess("Server is up, response: %s", resp.String())
+	} else {
+		output.PrintfFrameworkError("Sending request %s", req.String())
+	}
+}
diff --git a/protocol/sip/examples/tcp/main.go b/protocol/sip/examples/tcp/main.go
@@ -0,0 +1,45 @@
+// This example sends an OPTIONS request over TCP (or TLS).
+package main
+
+import (
+	sipgo "github.com/emiago/sipgo/sip"
+	"github.com/vulncheck-oss/go-exploit/output"
+	"github.com/vulncheck-oss/go-exploit/protocol"
+	"github.com/vulncheck-oss/go-exploit/protocol/sip"
+)
+
+const (
+	host   = "127.0.0.1"
+	useTLS = true
+)
+
+func main() {
+	transport := sip.TCP
+	if useTLS {
+		transport = sip.TLS
+	}
+	port := sip.DefaultPorts[transport]
+	conn, ok := protocol.MixedConnect(host, port, useTLS)
+	if !ok {
+		output.PrintfFrameworkError("Connecting to server %s:%d", host, port)
+
+		return
+	}
+	defer conn.Close()
+	reqOpts := sip.NewSipRequestOpts{
+		Port:      port,
+		Transport: transport,
+	}
+	req, ok := sip.NewSipRequest(sipgo.OPTIONS, host, &reqOpts)
+	if !ok {
+		output.PrintfFrameworkError("Creating request to %s with options %+v", host, reqOpts)
+
+		return
+	}
+	resp, ok := sip.SendAndReceiveTCP(conn, req)
+	if ok {
+		output.PrintfFrameworkSuccess("Response: %s", resp.String())
+	} else {
+		output.PrintfFrameworkError("Sending request %s", req.String())
+	}
+}