Skip to content


Sandro Gauci edited this page Jun 2, 2021 · 4 revisions

SIPVicious Wiki

Clone this wiki locally

Since release 0.3.4, SIPVicious OSS provides a new functionality that eases the process of integration of the tool with automated testing systems and CI/CD pipelines.

All of three tools provided in the SIPVicious OSS toolset, namely svmap, svcrack and svwar standardize the following exit codes:

Code Description
0 hakuna matata
10 command syntax or flag related errors
20 catch-all of errors
30 network connectivity problems
40 security issue detected

Each tool gives out a specific exit code from the above table after execution. 0 indicates perfect execution cycle. An exit code of 40 indicates that a security issue (username enumeration / cracked password) has been detected. Similarly, 30 indicates that the end target is probably not responding / there were network connectivity problems in between.

NOTE: As an exception svmap does not return code 40 since detecting the presence of an element that talks SIP is not deemed as a security issue.

An exemplary way in which the toolset could be integrated is as below (from examples within autotest):

do_test() {
    if [ $? -ne $1 ]; then exit 1; fi

# see if the demo server is responding at all
do_test 0 "sipvicious_map"
# try guessing some extensions
do_test 40 "sipvicious_svwar udp:// -e 1000-1200"
# cracking password for user 1000
do_test 40 "sipvicious_svcrack -u 1000 -r 1400-1600"

In this case, the script checks that particular vulnerabilities are detected by looking for exit code 40, to ensure that the demo server is functional. In the case of an automated system for testing an RTC product or service, it is likely that the script would be rewritten so that all tools should return exit code 0.