Skip to content

Home

Jump to bottom
Jose Luis Verdeguer edited this page Sep 18, 2024 · 16 revisions

Set of tools for penetration testing on the SIP protocol

Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Python script and the tools are:

Click here to read more about SIPexten

  • Siprcrack is a remote password cracker. Siprcrack can test passwords for several users in different IPs and port ranges.

Click here to read more about SIPRcrack

  • Sipinvite checks if a server allow us to make calls without authentication. If the SIP server has a bad configuration, it will allow us to make calls to external numbers. Also it can allow us to transfer the call to a second external number.

Click here to read more about SIPinvite

  • SipDigestLeak Exploits the SIP digest leak vulnerability discovered by Sandro Gauci that affects a large number of hardware and software devices.

Click here to read more about SIPDigestLeak

  • SipFlood Send unlimited messages to the target.

Click here to read more about SIPFlood

  • SipSend Allow us to send a customized SIP message and analyze the response.

Click here to read more about SIPSend

  • WsSend Allow us to send a customized SIP message over WebSockets and analyze the response.

Click here to read more about WsSend

  • SipEnumerate Enumerate available methods of a SIP service/server.

Click here to read more about SIPEnumerate

  • SipDump Extracts SIP Digest authentications from a PCAP file.

Click here to read more about SIPDump

  • SipCrack Cracking tool to crack the digest authentications within the SIP protocol.

Click here to read more about SIPCrack

  • RTPBleed is a known bug that affects several versions of Asterisk and RTPProxy.

Click here to read more about RTPBleed

Click here to read more about RTCPBleed

Click here to read more about RTPBleedFlood

Click here to read more about RTPBleedInject

Clone this wiki locally