• Stars
    star
    881
  • Rank 51,820 (Top 2 %)
  • Language
    Python
  • License
    Other
  • Created over 9 years ago
  • Updated about 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

SIPVicious OSS is a VoIP security testing toolset. It helps security teams, QA and developers test SIP-based VoIP systems and applications. This toolset is useful in simulating VoIP hacking attacks against PBX systems especially through identification, scanning, extension enumeration and password cracking.

Welcome to SIPVicious OSS security tools

SIPVicious mascot

SIPVicious OSS is a set of security tools that can be used to audit SIP based VoIP systems. Specifically, it allows you to find SIP servers, enumerate SIP extensions and finally, crack their password.

To get started read the following:

For usage help make use of -h or --help switch.

A note to vendors and service providers

If you are looking for a professional grade toolset to test your RTC systems, please consider SIPVicious PRO.

The tools

The SIPVicious OSS toolset consists of the following tools:

  • svmap
  • svwar
  • svcrack
  • svreport
  • svcrash

svmap

this is a sip scanner. When launched against
ranges of ip address space, it will identify any SIP servers 
which it finds on the way. Also has the option to scan hosts 
on ranges of ports.

Usage: <https://github.com/EnableSecurity/sipvicious/wiki/SVMap-Usage>

svwar

identifies working extension lines on a PBX. A working 
extension is one that can be registered. 
Also tells you if the extension line requires authentication or not. 

Usage: <https://github.com/EnableSecurity/sipvicious/wiki/SVWar-Usage>

svcrack

a password cracker making use of digest authentication. 
It is able to crack passwords on both registrar servers and proxy 
servers. Current cracking modes are either numeric ranges or
words from dictionary files.

Usage: <https://github.com/EnableSecurity/sipvicious/wiki/SVCrack-Usage>

svreport

able to manage sessions created by the rest of the tools
and export to pdf, xml, csv and plain text.

Usage: <https://github.com/EnableSecurity/sipvicious/wiki/SVReport-Usage>

svcrash

responds to svwar and svcrack SIP messages with a message that
causes old versions to crash. 

Usage: <https://github.com/EnableSecurity/sipvicious/wiki/SVCrash-FAQ>

Installation

Please refer to the installation documentation.

Further information

Check out the wiki for documentation.

More Repositories

1

wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
Python
5,190
star
2

awesome-rtc-hacking

a list of awesome resources related to security and hacking of VoIP, WebRTC and VoLTE
396
star
3

Webapp-Exploit-Payloads

a collection of payloads for common webapps
JavaScript
73
star
4

tftptheft

TFTP Theft is a tool which allows one to quickly scan/bruteforce a tftp server for files and download them instantly
Python
67
star
5

advisories

Security advisories published by Enable Security
Python
37
star
6

Identity-Crisis

A Burp Suite extension that checks if a particular URL responds differently to various User-Agent headers
Python
15
star
7

burp-luhn-payload-processor

A plugin for Burp Suite Pro to work with attacker payloads and automatically generate check digits for credit card numbers and similar numbers that end with a check digit generated using the Luhn algorithm or formula (also known as the "modulus 10" or "mod 10" algorithm).
Python
10
star
8

surfjack

Automatically exported from code.google.com/p/surfjack - not actively maintained
Python
9
star
9

Vulnerability-Disclosure-Policy

How Enable Security handles security vulnerabilities
9
star
10

reports

Reports issued by Enable Security
8
star
11

kamailio-exec-module-examples

Examples referenced from https://www.rtcsec.com/article/kamailio-exec-module-considered-harmful
Smarty
4
star
12

svpro-docker

SIPVicious PRO docker image to make it easier to run the toolset anywhere
Dockerfile
4
star
13

fuzzing-images

A set of Docker images for fuzzing source code
Shell
1
star