Skip to main content
Sandro Gauci

Sandro Gauci, Enable Security

SIPVicious 0.2.7 released and rewrite coming up, looking for testers!

Published on Feb 22, 2012 in , ,

Get it now! This is the last release in the 0.2 series which fixes a number of stability issues and bugs before moving on to a total rewrite.

Are you a SIPVicious user? Get in contact if you have a VoIP lab or simply want to test the rewrite of SIPVicious. The internal version already includes support for TCP, TLS and IPv6 ;-)

The changelog for this one:

  • Feature: svcrash.py has a new option -b which bruteforces the attacker’s port 
  • Feature: svcrack.py now tries the extension as password by default, automatically 
  • Feature: svcrack.py and svwar.py now support setting of source port 
  • Feature: new parameter –domain can be passed to all tools which specifies a custom domain in the SIP uri instead of the destination IP 
  • Feature: new –debug switch which shows the messages recieved 
  • Bug fix: Sometimes nonces could not be extracted due to an incorrect regex 
  • Bug fix: Fixed an unhandled exception when decoding tags 
  • Bug fix: now using hashlib when available instead of md5 
  • Bug fix: removed the space after the SIP address in the From header which led to newer version of Asterisk to ignore the SIP messages 
  • Bug fix: dictionaries with new lines made svcrack.py stop without this fix 
  • Change: renamed everything to start with sv 
  • Bug fix: changed the way shelved files are opened by the fingerprinting module 
  • Change: fingerprinting disabled by default since it was giving too many problems and very little benefits

Download SIPVicious from http://code.google.com/p/sipvicious/


Sandro Gauci

Sandro Gauci

CEO, Chief Mischief Officer at Enable Security

Sandro Gauci leads the operations and research at Enable Security. He is the original developer of SIPVicious OSS, the SIP security testing toolset. His role is to focus on the vision of the company, design offensive security tools and engage in security research and testing. Therefore, he is the proud owner of the title of Chief Mischief Officer at Enable Security.

He offers public office hours and is reachable here.