Suite of tools for penetration test over SIP protocol
Sippts is a suite of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Perl script and it consists of:
Fast scanner for SIP services that uses multithread. Sipscan can check several IPs and port ranges and it works with UDP or TCP.
Identifies extensions on a SIP server. Also tells you if the extension line requires authentication or not. Sipexten uses multithread and can check several IPs and port ranges.
Remote password cracker. Sipcrack uses multithread and can test passwords for several users in different IPs and port ranges.
All tools can save results into a SQLite database. With Sipreport it is possible to extract info from the database.
Checks if a server allow us to make calls without authentication. If the SIP server has a bad configuration, it will allow us to make calls to external numbers. Also it can allow us to transfer the call to a second external number.
Simple sniffer for SIP protocol that allows us to filter by SIP method type.
Simple sip server that show us digest auth requests and responses.
SipDigestLeak exploits the vulnerability discovered by Sandro Gauci that affects a large number of hardware and software devices.