SIPVicious OSS 0.3.3 released with new STDIN and target URL specification
Last updated: Mar 25, 2021
Without further ado, please say hello to SIPVicious OSS 0.3.3!
To install or upgrade run
pip install -U sipvicious. For more installation methods, see the wiki.
SIP extensions and passwords from standard input
We have a new feature which seems so simple yet so powerful: STDIN for dictionary input! This works for both
svcrack. It is similar to what we did with SIPVicious PRO, which (surprisingly) proved to be a very popular feature. So, we thought of backporting it to SVOSS (SIPVicious OSS). From now on, one can easily use external tools to generate passwords on the fly for cracking with
svcrack, or to generate SIP extensions on the fly for SIP extension enumeration with
svwar. To do so, instead of specifying a filename to the
--dictionary flag, give it
- as its value.
The SIPVicious OSS wiki has been updated with examples of how to use this feature:
Target URL format
In the case of
svcrack, one can now make use of the target format in SVOSS that’s available on the PRO version. For example, instead of making use of a bare IP address such as
127.0.0.1, one can now specify
udp://127.0.0.1:5080 (note the non-default port). The main advantage from an end user point of view is that the port can be specified per target, no need to pass the port using the
The other advantage is that people using SVOSS can more easily switch between SVPRO and SVOSS and vice-versa.
Check out the updated wiki for examples on specifying the target using this format:
Not much, just a bit of refactoring. We’re thinking of making smaller and more frequent releases to keep things going. Feedback is welcome, so please do get in touch if you have ideas or bug reports related to the project or VoIP security in general.
Thanks go to …
@0xInfection for his excellent work on this release!