Skip to content
SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems.
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
man1 preparing for v0.2.8 and adhering to some debian packaging rules Nov 18, 2012
resources updated changelog, added sv.xsl to resources and fixed some markdown … Dec 8, 2012
sipvicious updated error handling when invalid ip mask is provided Jan 4, 2019
THANKS formatting changes Dec 8, 2012
TODO fixed url Feb 21, 2018 should be called sipvicious Aug 4, 2017

Welcome to SIPVicious security tools

The 5 tools that you should be looking at are:

  • svmap
  • svwar
  • svcrack
  • svreport
  • svcrash


The tools


this is a sip scanner. When launched against
ranges of ip address space, it will identify any SIP servers 
which it finds on the way. Also has the option to scan hosts 
on ranges of ports.


identifies working extension lines on a PBX. A working 
extension is one that can be registered. 
Also tells you if the extension line requires authentication or not. 


a password cracker making use of digest authentication. 
It is able to crack passwords on both registrar servers and proxy 
servers. Current cracking modes are either numeric ranges or
words from dictionary files.


able to manage sessions created by the rest of the tools
and export to pdf, xml, csv and plain text.


responds to svwar and svcrack SIP messages with a message that
causes old versions to crash. 

For usage help make use of -h or --help switch.

Also check out the wiki

And if you're stuck you're welcome to contact the author.

Sandro Gauci

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.