• Stars
    star
    396
  • Rank 108,801 (Top 3 %)
  • Language
  • License
    Creative Commons ...
  • Created over 4 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

a list of awesome resources related to security and hacking of VoIP, WebRTC and VoLTE

Awesome Real-time Communications hacking & pentesting resources

Covers VoIP, WebRTC and VoLTE security related topics.

Please create a PR if you think anything should be added to this list. Let us know if you think anything should be removed.

Table of Contents

Newsletters

Presentation Slides

Videos

Advisories

Open-source tools

  • SIPVicious OSS - A set of tools to audit SIP based systems.
  • SIPPTS - Another set of tools to audit VoIP servers and devices using SIP protocol.
  • bluebox-ng - Pentesting framework using Node.js powers, focused in VoIP.
  • SigPloit - Tool which covers all used SS7, GTP (3G), Diameter (4G) or even SIP protocols for IMS and VoLTE infrastructures.
  • vsaudit - VoIP security assessment framework.
  • rtpnatscan - Tool which tests for rtpbleed vulnerability.
  • VIPROY - VoIP pentest framework which can be used with the metasploit-framework.
  • SIP Proxy - A VoIP security testing tool.
  • Metasploit auxiliary modules
  • SIPp: SIP based test tool / traffic generator.
  • Mr.SIP - SIP based audit and attack tool.
  • VoIPShark - Open Source VoIP Analysis Platform
  • Turner - PoC for tunnelling HTTP over a permissive/open TURN server.
  • sipsak - SIP swiss army knife, has some features that can be used for security testing (e.g. flood more or random mode)
  • turnproxy - Tool to abuse open TURN relays
  • SeeYouCM Thief - download and parse configuration files from Cisco phone systems searching for SSH credentials
  • stunner - a tool to test and exploit STUN, TURN and TURN over TCP servers.
  • VoIP Hopper - a tool to exploit insecure VLANs that are often found in IP Telephony infrastructure.

Papers

Blogs

Notable blog posts and articles

Books

Commercial tools

Vulnerabilities

The following are generic or common vulnerabilities that are related to either signalling, media or infrastructure.

CTFs and playgrounds

Related lists

More Repositories

1

wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
Python
5,190
star
2

sipvicious

SIPVicious OSS is a VoIP security testing toolset. It helps security teams, QA and developers test SIP-based VoIP systems and applications. This toolset is useful in simulating VoIP hacking attacks against PBX systems especially through identification, scanning, extension enumeration and password cracking.
Python
881
star
3

Webapp-Exploit-Payloads

a collection of payloads for common webapps
JavaScript
73
star
4

tftptheft

TFTP Theft is a tool which allows one to quickly scan/bruteforce a tftp server for files and download them instantly
Python
67
star
5

advisories

Security advisories published by Enable Security
Python
37
star
6

Identity-Crisis

A Burp Suite extension that checks if a particular URL responds differently to various User-Agent headers
Python
15
star
7

burp-luhn-payload-processor

A plugin for Burp Suite Pro to work with attacker payloads and automatically generate check digits for credit card numbers and similar numbers that end with a check digit generated using the Luhn algorithm or formula (also known as the "modulus 10" or "mod 10" algorithm).
Python
10
star
8

surfjack

Automatically exported from code.google.com/p/surfjack - not actively maintained
Python
9
star
9

Vulnerability-Disclosure-Policy

How Enable Security handles security vulnerabilities
9
star
10

reports

Reports issued by Enable Security
8
star
11

kamailio-exec-module-examples

Examples referenced from https://www.rtcsec.com/article/kamailio-exec-module-considered-harmful
Smarty
4
star
12

svpro-docker

SIPVicious PRO docker image to make it easier to run the toolset anywhere
Dockerfile
4
star
13

fuzzing-images

A set of Docker images for fuzzing source code
Shell
1
star