Without further ado, please say hello to SIPVicious OSS 0.3.3!
To install or upgrade run pip install -U sipvicious. For more installation methods, see the wiki.
What’s new?
SIP extensions and passwords from standard input
We have a new feature which seems so simple yet so powerful: STDIN for dictionary input! This works for both svwar and svcrack. It is similar to what we did with SIPVicious PRO, which (surprisingly) proved to be a very popular feature. So, we thought of backporting it to SVOSS (SIPVicious OSS). From now on, one can easily use external tools to generate passwords on the fly for cracking with svcrack, or to generate SIP extensions on the fly for SIP extension enumeration with svwar. To do so, instead of specifying a filename to the --dictionary flag, give it - as its value.
Using hashcat’s maskprocessor with svwar to enumerate SIP extensions on our demo server.
The SIPVicious OSS wiki has been updated with examples of how to use this feature:
Target URL format
In the case of svwar and svcrack, one can now make use of the target format in SVOSS that’s available on the PRO version. For example, instead of making use of a bare IP address such as 127.0.0.1, one can now specify udp://127.0.0.1:5080 (note the non-default port). The main advantage from an end user point of view is that the port can be specified per target, no need to pass the port using the --port flag.
The other advantage is that people using SVOSS can more easily switch between SVPRO and SVOSS and vice-versa.
Check out the updated wiki for examples on specifying the target using this format:
What else?
Not much, just a bit of refactoring. We’re thinking of making smaller and more frequent releases to keep things going. Feedback is welcome, so please do get in touch if you have ideas or bug reports related to the project or VoIP security in general.
Thanks go to …
@0xInfection for his excellent work on this release!