Skip to main content
Sandro Gauci

Sandro Gauci, Enable Security

SIPVicious tools in the works

Published on Sep 11, 2007 in , ,

Been working on more features with regards to svmap. Some of these features find themselves in svwar and svcrack as well in the next release version. So what features of interest?

Svmap is now session based. This allows us to have the following features:

  • You may stop a current scan, go have a coffee and resume it later.
  • If the power cuts, a natural disaster occurs or anything bad happens, you can resume your scan later because of the autosave feature, provided you survived the accident.
  • Results are now stored in BSD database form. Svreport.py comes in quite handy .. more on this below.

You can now pass various types of host ranges to svmap, depending on your (bad) taste and habits. Examples:

  • 1.1.1.1-20 1.1.2-4.1-10
  • 1.1.1.*
  • 1.1.1.1-1.1.2.20
  • sipvicious.org/22
  • 10.0.0.1/24
  • sipvicious.org

Random scans. Two kinds of random scans:

  • Internet random - you don’t pass svmap any host/ip ranges. It scans the IPs randomly, avoiding those that belong to private networks or reserved address space
  • Random targeted scan. You pass a range of hosts/ips and they are scanned randomly instead of sequentially.

Output to an ASCII table when the scan is complete. If you need to see the results instantly, then the verbose option is your friend. Double verbose gives out a lot of debug information.

Lots of bug fixes, optimizations and cleaning up ;)

Earlier I mentioned svreport.py which is a new script that will be soon added to the suite. It will grab previous sessions from SIPVicious tools and export them to the following formats:

  • PDF - Portable Document Format
  • XML - Extensible Markup Language
  • CSV - Comma delimited files
  • Text - Human friendly format

That’s all for now. If you’re curious check out the svn repository. Otherwise version 0.2 is on the way.


Sandro Gauci

Sandro Gauci

CEO, Chief Mischief Officer at Enable Security

Sandro Gauci leads the operations and research at Enable Security. He is the original developer of SIPVicious OSS, the SIP security testing toolset. His role is to focus on the vision of the company, design offensive security tools and engage in security research and testing. Therefore, he is the proud owner of the title of Chief Mischief Officer at Enable Security.

He offers public office hours and is reachable here.