Skip to content
Jose Luis Verdeguer edited this page Jan 22, 2019 · 5 revisions

Suite of tools for penetration test over SIP protocol

Sippts is a suite of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Perl script and it consists of:

Sipscan

Fast scanner for SIP services that uses multithread. Sipscan can check several IPs and port ranges and it works with UDP or TCP.

Click here to read more about SIPscan

Sipexten

Identifies extensions on a SIP server. Also tells you if the extension line requires authentication or not. Sipexten uses multithread and can check several IPs and port ranges.

Click here to read more about SIPexten

Sipcrack

Remote password cracker. Sipcrack uses multithread and can test passwords for several users in different IPs and port ranges.

Click here to read more about SIPcrack

Sipreport

All tools can save results into a SQLite database. With Sipreport it is possible to extract info from the database.

Click here to read more about SIPreport

Sipinvite

Checks if a server allow us to make calls without authentication. If the SIP server has a bad configuration, it will allow us to make calls to external numbers. Also it can allow us to transfer the call to a second external number.

Click here to read more about SIPinvite

Sipsniff

Simple sniffer for SIP protocol that allows us to filter by SIP method type.

Click here to read more about SIPsniff

Sipspy

Simple sip server that show us digest auth requests and responses.

Click here to read more about SIPspy

SipDigestLeak

SipDigestLeak exploits the vulnerability discovered by Sandro Gauci that affects a large number of hardware and software devices.

Click here to read more about SIPDigestLeak

You can’t perform that action at this time.