SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems.
Project description
Welcome to SIPVicious OSS security tools
SIPVicious OSS is a set of security tools that can be used to audit SIP based VoIP systems. Specifically, it allows you to find SIP servers, enumerate SIP extensions and finally, crack their password.
To get started read the following:
- Getting started on the Wiki
- Communication Breakdown blog: Attacking a real VoIP System with SIPVicious OSS.
For usage help make use of -h or --help switch.
A note to vendors and service providers
If you are looking for professional VoIP and WebRTC penetration testing services, please check out our offerings at Enable Security.
The tools
The SIPVicious OSS toolset consists of the following tools:
- svmap
- svwar
- svcrack
- svreport
- svcrash
svmap
this is a sip scanner. When launched against
ranges of ip address space, it will identify any SIP servers
which it finds on the way. Also has the option to scan hosts
on ranges of ports.
Usage: <https://github.com/EnableSecurity/sipvicious/wiki/SVMap-Usage>
svwar
identifies working extension lines on a PBX. A working
extension is one that can be registered.
Also tells you if the extension line requires authentication or not.
Usage: <https://github.com/EnableSecurity/sipvicious/wiki/SVWar-Usage>
svcrack
a password cracker making use of digest authentication.
It is able to crack passwords on both registrar servers and proxy
servers. Current cracking modes are either numeric ranges or
words from dictionary files.
Usage: <https://github.com/EnableSecurity/sipvicious/wiki/SVCrack-Usage>
IPv6 target syntax
svwarandsvcrackaccept-6with either a bare IPv6 literal such as2001:db8::10or a URI such asudp://[2001:db8::10]:5060.svmapaccepts-6with bare or bracketed IPv6 literals such as2001:db8::10or[2001:db8::10].svmapdoes not accept URI syntax for IPv6 targets. Use-pto choose the destination port, for examplesipvicious_svmap -6 -p 5060 [2001:db8::10].
svreport
able to manage sessions created by the rest of the tools
and export to pdf, xml, csv and plain text.
Usage: <https://github.com/EnableSecurity/sipvicious/wiki/SVReport-Usage>
svcrash
responds to svwar and svcrack SIP messages with a message that
causes old versions to crash.
Usage: <https://github.com/EnableSecurity/sipvicious/wiki/SVCrash-FAQ>
Installation
Please refer to the installation documentation.
Further information
Check out the wiki for documentation.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sipvicious-0.3.6.tar.gz.
File metadata
- Download URL: sipvicious-0.3.6.tar.gz
- Upload date:
- Size: 54.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7e51a886d7a3e8f296ccbe2df0e6f7ac2f2f7c3bf18cda337e1cffa49c0d8a64
|
|
| MD5 |
39e35aaa233ad9046f5e1e59601e8f1c
|
|
| BLAKE2b-256 |
519b46fd8a74c8505cb28ebb8471b50ffe986efc3fb4c51829ad6f6030fc8da6
|
File details
Details for the file sipvicious-0.3.6-py3-none-any.whl.
File metadata
- Download URL: sipvicious-0.3.6-py3-none-any.whl
- Upload date:
- Size: 57.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bbd5e56a67d809d0778798f032f33bf197068448e843101fde8102ad91060069
|
|
| MD5 |
e4cf29ff7bcd66eb7173b3b1b19094a0
|
|
| BLAKE2b-256 |
b06479b5da25893f54da1b8dbf0c2247244612493d9d6c0da2d981db8bca41cc
|
