Set of tools to audit SIP based VoIP Systems
Branch: master
Clone or download
Latest commit d85be43 Jan 22, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE.txt Add files via upload Aug 14, 2018
_config.yml Set theme jekyll-theme-hacker Mar 13, 2018
changelog.txt
readme.md Update readme.md Jan 22, 2019
sipcrack.pl fixes Jan 21, 2019
sipdigestleak.pl Added -fn param (from name) Jan 22, 2019
sipexten.pl fixes Jan 21, 2019
sipinvite.pl fixes Jan 21, 2019
sippts_empty.db Add files via upload Mar 13, 2018
sipreport.pl fixes Jan 21, 2019
sipscan.pl fixes Jan 21, 2019
sipsniff.pl fixes Jan 21, 2019
sipspy.pl fixes Jan 21, 2019
version New script: sipdigestleak Jan 21, 2019

readme.md

What is Sippts?

Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Perl script and it allows us to check the security of a VoIP server using SIP protocol.

Is it free?

Yes. You can freely use, modify and distribute. If modified, please put a reference to this site.

Can be use sippts for illegal purposes?

Most security tools can be used for illegal purposes, but the finality of this tool is to check security of your own servers and not to use to do bad purposes. I am not responsible for the misuse of this tool.

Set of tools for penetration test over SIP protocol

Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Perl script and the tools are:

  • Sipscan is a fast scanner for SIP services that uses multithread. Sipscan can check several IPs and port ranges and it can work over UDP or TCP.

Click here to read more about SIPscan

  • Sipexten identifies extensions on a SIP server. Also tells you if the extension line requires authentication or not. Sipexten can check several IPs and port ranges.

Click here to read more about SIPexten

  • Sipcrack is a remote password cracker. Sipcrack can test passwords for several users in different IPs and port ranges.

Click here to read more about SIPcrack

  • Sipinvite checks if a server allow us to make calls without authentication. If the SIP server has a bad configuration, it will allow us to make calls to external numbers. Also it can allow us to transfer the call to a second external number.

Click here to read more about SIPinvite

  • Sipsniff is a simple sniffer for SIP protocol that allows us to filter by SIP method type.

Click here to read more about SIPsniff

  • Sipspy is a simple sip server that show us digest auth requests and responses.

Click here to read more about SIPspy

  • SipDigestLeak Exploits the SIP digest leak vulnerability discovered by Sandro Gauci that affects a large number of hardware and software devices.

Click here to read more about SIPDigestLeak

Operating System

Sippts has been tested on:

  • Linux
  • Mac OS X
  • Windows

Requirements

  • Perl

And install next modules:

  • cpan -i IO:Socket:Timeout
  • cpan -i NetAddr:IP
  • cpan -i String:HexConvert
  • cpan -i Net:Pcap
  • cpan -i Net::Address::IP::Local