You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SIPVicious OSS is a VoIP security testing toolset. It helps security teams, QA and developers test SIP-based VoIP systems and applications. This toolset is useful in simulating VoIP hacking attacks against PBX systems especially through identification, scanning, extension enumeration and password cracking.
SIPVicious OSS is a set of security tools that can be used to audit SIP based VoIP systems. Specifically, it allows you to find SIP servers, enumerate SIP extensions and finally, crack their password.
If you are looking for professional VoIP and WebRTC penetration testing services, please check out our offerings at Enable Security.
The tools
The SIPVicious OSS toolset consists of the following tools:
svmap
svwar
svcrack
svreport
svcrash
svmap
this is a sip scanner. When launched against
ranges of ip address space, it will identify any SIP servers
which it finds on the way. Also has the option to scan hosts
on ranges of ports.
Usage: <https://github.com/EnableSecurity/sipvicious/wiki/SVMap-Usage>
svwar
identifies working extension lines on a PBX. A working
extension is one that can be registered.
Also tells you if the extension line requires authentication or not.
Usage: <https://github.com/EnableSecurity/sipvicious/wiki/SVWar-Usage>
svcrack
a password cracker making use of digest authentication.
It is able to crack passwords on both registrar servers and proxy
servers. Current cracking modes are either numeric ranges or
words from dictionary files.
Usage: <https://github.com/EnableSecurity/sipvicious/wiki/SVCrack-Usage>
svreport
able to manage sessions created by the rest of the tools
and export to pdf, xml, csv and plain text.
Usage: <https://github.com/EnableSecurity/sipvicious/wiki/SVReport-Usage>
svcrash
responds to svwar and svcrack SIP messages with a message that
causes old versions to crash.
Usage: <https://github.com/EnableSecurity/sipvicious/wiki/SVCrash-FAQ>
SIPVicious OSS is a VoIP security testing toolset. It helps security teams, QA and developers test SIP-based VoIP systems and applications. This toolset is useful in simulating VoIP hacking attacks against PBX systems especially through identification, scanning, extension enumeration and password cracking.
