Skip to content

Home

Jump to bottom
Jose Luis Verdeguer edited this page Jul 26, 2024 · 15 revisions

Set of tools for penetration testing on the SIP protocol

Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Python script and the tools are:

  • Sipscan is a fast scanner for SIP services that uses multithread. Sipscan can check several IPs and port ranges and it can work over UDP or TCP.

Click here to read more about SIPscan

  • Sipexten identifies extensions on a SIP server. Also tells you if the extension line requires authentication or not. Sipexten can check several IPs and port ranges.

Click here to read more about SIPexten

  • Siprcrack is a remote password cracker. Siprcrack can test passwords for several users in different IPs and port ranges.

Click here to read more about SIPRcrack

  • Sipinvite checks if a server allow us to make calls without authentication. If the SIP server has a bad configuration, it will allow us to make calls to external numbers. Also it can allow us to transfer the call to a second external number.

Click here to read more about SIPinvite

  • SipDigestLeak Exploits the SIP digest leak vulnerability discovered by Sandro Gauci that affects a large number of hardware and software devices.

Click here to read more about SIPDigestLeak

  • SipFlood Send unlimited messages to the target.

Click here to read more about SIPFlood

  • SipSend Allow us to send a customized SIP message and analyze the response.

Click here to read more about SIPSend

  • WsSend Allow us to send a customized SIP message over WebSockets and analyze the response.

Click here to read more about WsSend

  • SipEnumerate Enumerate available methods of a SIP service/server.

Click here to read more about SIPEnumerate

  • SipDump Extracts SIP Digest authentications from a PCAP file.

Click here to read more about SIPDump

  • SipCrack Cracking tool to crack the digest authentications within the SIP protocol.

Click here to read more about SIPCrack

  • RTPBleed is a known bug that affects several versions of Asterisk and RTPProxy.

Click here to read more about RTPBleed

Click here to read more about RTCPBleed

Click here to read more about RTPBleedFlood

Click here to read more about RTPBleedInject

Clone this wiki locally