Skip to main content
Sandro Gauci

Sandro Gauci, Enable Security

Scan your public facing PBX with

Published on Jul 17, 2009 in , ,

Announcing, the SaaS Voice over IP Security scanner. If you’re already familiar with SIPVicious, then you can guess what this tool does. This online tool makes it easier than ever to check if the Asterisk box you just installed, or most other SIP PBX servers, is misconfigured and contains weak credentials. Attackers on the ’net are already doing this for their own benefit, don’t wait until they hit your PBX!

Using this tool consists of the following steps:

  1. Register an account and buy credit (or use the time limited promo SIPV to get some for free)
  2. Enter the IP address of your PBX server and scan away
  3. Receive a report by email that shows the findings

How does it work really? is making use of the next generation of SIPVicious (2.0) in the background and right now it does the following automatically:

  1. Checks if an IP PBX is listening on the given address
  2. Does extension enumeration, just like svwar in SIPVicious
  3. For each extension found it starts a password cracking attack
  4. Generate a PDF report such as this one

Any feedback or affiliate requests, contact me.

Sandro Gauci

Sandro Gauci

CEO, Chief Mischief Officer at Enable Security

Sandro Gauci leads the operations and research at Enable Security. He is the original developer of SIPVicious OSS, the SIP security testing toolset. His role is to focus on the vision of the company, design offensive security tools and engage in security research and testing. Therefore, he is the proud owner of the title of Chief Mischief Officer at Enable Security.

He offers public office hours and is reachable here.