Jump to content
Fi8sVrs

Viproy - VoIP Penetration Testing Kit

By Fi8sVrs, in Programe hacking

Recommended Posts

  • Active Members
Fi8sVrs Rookie

Fi8sVrs

Posted
  • Active Members
Posted

Viproy - VoIP Penetration Testing Kit

Project Page : http://www.github.com/fozavci/viproy-voipkit

Download : https://github.com/fozavci/viproy-voipkit/archive/master.zip

Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.

SIP Pen-test guide will be published soon. Basic Usage of Modules are presented below, it can be used before guide. All modules have DEBUG and VERBOSE supports

Preparing Test Network

VulnVOIP is vulnerable SIP server, you can use it for tests

VulnVOIP : VulnVoIP Archives - Rebootuser

Installation

Copy "lib" and "modules" folders' content to Metasploit Root Directory.

Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) Should Contain This Line

require 'msf/core/auxiliary/sip'

Videos & Papers

Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video (50 mins)

This is a training video for penetration testing of SIP servers.

Chapters of Training Video

1-Footprinting of SIP Services

2-Enumerating SIP Services

3-Registering SIP Service with/without Credentials

4-Brute Force Attack for SIP Service

5-Call Initiation with/without Spoof & Credentials

6-Hacking Trust Relationships

7-Intercepting SIP Client with SIP Proxy

Viproy - VoIP Penetration Testing Kit

Project Page : http://www.github.com/fozavci/viproy-voipkit

Download : https://github.com/fozavci/viproy-voipkit/archive/master.zip

Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.

SIP Pen-test guide will be published soon. Basic Usage of Modules are presented below, it can be used before guide. All modules have DEBUG and VERBOSE supports

Preparing Test Network

VulnVOIP is vulnerable SIP server, you can use it for tests

VulnVOIP : VulnVoIP Archives - Rebootuser

Installation

Copy "lib" and "modules" folders' content to Metasploit Root Directory.

Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) Should Contain This Line

require 'msf/core/auxiliary/sip'

Videos & Papers

Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video (50 mins)

This is a training video for penetration testing of SIP servers.

Chapters of Training Video

1-Footprinting of SIP Services

2-Enumerating SIP Services

3-Registering SIP Service with/without Credentials

4-Brute Force Attack for SIP Service

5-Call Initiation with/without Spoof & Credentials

6-Hacking Trust Relationships

7-Intercepting SIP Client with SIP Proxy

Sample Usage Video

Hacking Trust Relationships of SIP/NGN Gateways - Video

Hacking Trust Relationships Between SIP Gateways (PDF)

http://viproy.com/files/siptrust.pdf

Usage

Global Settings

setg CHOST 192.168.1.99 #Local Host
setg CPORT 5099 #Local Port
setg RHOSTS 192.168.1.1-254 #Target Network
setg RHOST 192.168.1.201 #Target Host

Basic Usage of OPTIONS Module

use auxiliary/scanner/sip/vsipoptions
show options
set THREADS 255
run

Basic Usage of REGISTER Module

use auxiliary/scanner/sip/vsipregister
show options
run

set LOGIN true
set USERNAME 101
set PASSWORD s3cur3
run

Basic Usage of INVITE Module

use auxiliary/scanner/sip/vsipinvite
set FROM 2000
set TO 1000
run

set LOGIN true
set FROM 102
set USERNAME 102
set PASSWORD letmein123
run

set DOS_MODE true
set NUMERIC_USERS true
set NUMERIC_MIN 200
set NUMERIC_MAX 205
run

Basic Usage of ENUMERATOR Module

use auxiliary/scanner/sip/vsipenumerator
show options
unset USERNAME
set USER_FILE /tmp/files/users2
set VERBOSE false
set METHOD SUBSCRIBE
run

unset USER_FILE
set METHOD SUBSCRIBE
set NUMERIC_USERS true
set NUMERIC_MAX 2300
run

set METHOD REGISTER
run

Basic Usage of BRUTE FORCE Module


use auxiliary/scanner/sip/vsipbruteforce
show options
set RHOST 192.168.1.201
set USERNAME 2000
set PASS_FILE /tmp/files/passwords
set VERBOSE false
run

unset USERNAME
set USER_FILE /tmp/files/users2
run

unset USER_FILE
set NUMERIC_USERS true
set NUMERIC_MAX 500
run

Basic Usage of Trust Analyzer Module

use auxiliary/scanner/sip/vsiptrust
show options
set SRC_RHOSTS 192.168.1.200-210
set SRC_RPORTS 5060
set SIP_SERVER 192.168.1.201
set INTERFACE eth0
set TO 101
run

show options
set ACTION CALL
set SRC_RHOSTS 192.168.1.202
set FROM James Bond
run

Basic Usage of SIP Proxy Module

use auxiliary/scanner/sip/vsipproxy
show options
set PRXCLT_PORT 5060
set PRXCLT_IP 192.168.1.99
set PRXSRV_PORT 5089
set PRXSRV_IP 192.168.1.99
set CLIENT_IP 192.168.1.120
set CLIENT_PORT 5060
set SERVER_IP 192.168.1.201
set SERVER_PORT 5060
set CONF_FILE /tmp/sipproxy_replace.txt
set LOG true
set VERBOSE false
run

Source Viproy - Tools

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...