Skip to main content
Sandro Gauci

Sandro Gauci, Enable Security

Upcoming changes in SIPVicious

Published on Sep 9, 2008 in ,

The following are two updates for the next version of SIPVicious’s PBX extension enumeration tool svwar:

  1. svwar now tries to guess common numbers by default. It scans for the following ranges: 1000,2000… 9000, 1001, 2001..9001, 1111,2222… 9999, 11111,22222…99999, 100-999, 1234,2345 ..7890 and so on. This feature has a tendency to identify extensions on many PBX configurations. If you would like to disable it simply pass the –disabledefaults option to svwar.
  2. svwar now sends ACK responses to SIP responses with code 200 because some PBXes keep sending packets until they receive an acknowledge.

That’s it for now. Please let me know about your experience with the new features. To give the code a try simply run svn update from the sipvicious directory, or gte the latest by running the following:

svn checkout sipvicious-read-only

Have fun!

Sandro Gauci

Sandro Gauci

CEO, Chief Mischief Officer at Enable Security

Sandro Gauci leads the operations and research at Enable Security. He is the original developer of SIPVicious OSS, the SIP security testing toolset. His role is to focus on the vision of the company, design offensive security tools and engage in security research and testing. Therefore, he is the proud owner of the title of Chief Mischief Officer at Enable Security.

He offers public office hours and is reachable here.