What we’re excited about in this minor update is the addition of a new feature to the SIP cracker in SIPVicious PRO. Basically, it now takes input from external tools through standard input.
Why? Because it allows infinite ways of generating potential usernames, passwords and/or SIP extensions when making use of external tools such as the maskprocessor included in the well known password cracker, hashcat. Here’s an animation showing usage of the maskprocessor to generate passwords for the SIP online cracking tool:
Of course, one could easily use this to write up a python script (or similar) to generate custom input for the SIP cracker in no time. This feature applies to the following flags in the
sip crack online tool:
--dictionarywhich contains straight passwords to be used in the password guessing attack
--extensions-filewhich contains straight SIP extensions to be tested, useful when testing a single password against different SIP extensions
--credentialswhich contains usernames and passwords (and an optional extension) for when you want to test combinations of credentials
Also, there’s the following updates:
- The SIP fuzzer now randomizes SIP methods by default unless one specifies which SIP message to fuzz
- User-friendly CUI (sort of)! A number of common user mistakes are detected so that the tool can issue a warning and helpful suggestions
- A number of bug fixes, of course!
Beta is closing soon so get in touch if you still want to test.