Skip to main content

SIPVicious PRO 6.0.0-beta.2 takes STDIN and fixes various bugs

What we’re excited about in this minor update is the addition of a new feature to the SIP cracker in SIPVicious PRO. Basically, it now takes input from external tools through standard input.

Why? Because it allows infinite ways of generating potential usernames, passwords and/or SIP extensions when making use of external tools such as the maskprocessor included in the well known password cracker, hashcat. Here’s an animation showing usage of the maskprocessor to generate passwords for the SIP online cracking tool:

SIPVicious PRO’s sip crack online tool and hashcat’s mask processor working hand in hand

Of course, one could easily use this to write up a python script (or similar) to generate custom input for the SIP cracker in no time. This feature applies to the following flags in the sip crack online tool:

  • --dictionary which contains straight passwords to be used in the password guessing attack
  • --extensions-file which contains straight SIP extensions to be tested, useful when testing a single password against different SIP extensions
  • --credentials which contains usernames and passwords (and an optional extension) for when you want to test combinations of credentials

Also, there’s the following updates:

  • The SIP fuzzer now randomizes SIP methods by default unless one specifies which SIP message to fuzz
  • User-friendly CUI (sort of)! A number of common user mistakes are detected so that the tool can issue a warning and helpful suggestions
  • A number of bug fixes, of course!

Beta is closing soon so get in touch if you still want to test.