This is an opensource tool to perform attacks to general voip services It allows to scans the whole network or single host to do the gathering phase, then it is able to search for most known vulnerabilities on the founds alive hosts and try to exploit them.
To start using vsaudit you must install the 'bundler' package that will be used to install the requireds gem dependencies through the Gemfile.
Download directly from website:
http://bundler.io/
Or install with 'gem' (ruby package manager) with:
deftcode ~ $ gem install bundler
After that the installation has been completed, run (in the directory where is located vsaudit):
deftcode vsaudit $ bundle
Now you can start vsaudit with:
deftcode vsaudit $ ruby vsaudit.rb
NOTE: If you get an error with gem, you need to install the ruby-dev and libssl-dev packages (kali-linux: apt install ruby-dev libssl-dev).
- Display the available options that can be set
- List the environment variables
- Get the value of environment variable
- Set or change the environment variables
- Check mistakes in the local configuration files
- Scan a local o remote network
- Enumerate the extensions
- Bruteforce extensions
- Get the live network traffic
- Intercept the network traffic by custom bpf
- Get informations about modules or address
- Show the report list
- Show the extensions list
- Display the help message
- Quit from the framework
- Manual: http://deftcode.ninja/post/vsaudit-voip-security-audit-framework
- RFC-3261 (SIP - Session Initiation Protocol): https://www.ietf.org/rfc/rfc3261.txt