Offensive security tools
Last updated: Feb 11, 2021
Our tools
Across the years we have built tools to aid us with our research and security testing work. The following are the main tools that we can talk about:
| Tool | What is it? | Availability | Posts |
|---|---|---|---|
| SIPVicious OSS | A set of tools for testing the security of SIP infrastructure | Github | Click |
| SIPVicious PRO | A professional toolset for testing real-time communications security | Documentation | Click |
| WAFW00F | Detect web application firewalls | Github | not here |
| TFTP Theft | Quick bruteforce tool for TFTP servers, useful for attacking provisioning systems | Github | Click |
| Stunner | STUN and TURN offensive security tool featuring proxy abuse, fuzzing and manual testing | Internal tool | Click |
| Gasoline | Fuzzer for SIP and RTP used to discover vulnerabilities in various SIP solutions | Internal tool | Click |
| XMPPScanner | XMPP enumeration, DoS security tests and manual testing tool | Internal tool | none yet |
| Connflood | An extremely effective DoS tool that creates TCP connections and keeps them open | Internal tool | none yet |
| Janus Prober | A tool for probing Janus and manual testing | Internal tool | none yet |
| Web root inspector | A web server security analysis tool for finding interesting or rogue files, including backdoors | Internal tool | none yet |
| ES toolkit | Tool for testing software with different configurations in virtual environments | Internal tool | none yet |
| Cert forger | Creates self-signed certificates that have the same certificate details as the original certificate | Internal tool | none yet |
| Simple TLS MITM | A very simple TLS MITM tool, especially useful for SIP MITM tests | Internal tool | none yet |
SIPVicious OSS
The open-source version of SIPVicious, first published back in 2007, was written in Python and is available on Github for free. This includes three main tools, svmap which is a scanner for SIP, svwar which enumerates extensions on SIP devices and svcrack that tries to guess passwords for SIP extensions. The tools only support SIP over UDP and do not offer support for TCP or TLS due to design issues.
We still maintain the toolset through bug fixes and add new features from time to time, including IPv6 support!
SIPVicious PRO
What is SIPVicious PRO?
SIPVicious PRO is a set of tools that allow security testers, quality assurance and developers to test Real-Time Communications systems, especially VoIP and WebRTC infrastructure, against known and unknown vulnerabilities. It’s objectives are to:
- Detect vulnerabilities
- Demonstrate vulnerabilities
What makes SIPVicious PRO unique
Our aim is to help vendors and implementers of VoIP and WebRTC infrastructures to build products that withstand attack. That’s why SIPVicious PRO is built on our experience in penetration testing RTC systems and is meant to be a professional-grade security testing suite that can integrated in your testing methodology.
Key features
It’s key features are:
- Various attacks, including SIP flood, RTP flood, SIP enumeration, Digest leak, RTP Bleed and RTP inject
- Support for SIP over different transport protocols: TCP, UDP, TLS and WebSockets
- Integration within QA automation systems, including CI/CD pipelines
- SIP messages may be easily modified using a flexible templating system
- Support for RTP attacks
- Insane speed, especially useful for flood attacks with rate limiting capabilities
- Compliance to RFCs1
How to get SIPVicious PRO
The software will be licensed to approved vendors and implementers of VoIP and WebRTC infrastructure and included in our penetration testing services. At the moment, we are compiling a list of interested parties. If that includes you, please fill in the [form here][2]. Alternatively, get in touch with us by writing to hello@enablesecurity.com.
SIPVicious PRO is designed to test for security flaws and can damage target systems due to the nature of its functionality. The user must take due care when using the software. When used on production systems or any other system, the user has to accept the full warning in the license agreement.
To review the software license, please click here.
SIPVicious OSS vs SIPVicious PRO
SIPVicious PRO is a complete rewrite in Go, with a larger feature-set and more ambitious goals. End users get an executable binary for their OS rather than Python scripts.
It is meant to be used by vendors and system integrators internally to identify common RTC vulnerabilities before making it to production. Therefore, it supports the most commonly used protocols for SIP, that is, UDP, TCP, TLS and WebSockets. With WebSocket and DTLS-SRTP support, the tool can be used to test WebRTC infrastructure. Additionally, SIPVicious PRO can make and receive calls, handling SIP flows correctly. This allows for a number of attacks to be reproduced on test systems. The template system allows testers to quickly modify the SIP messages sent to the target system to include custom headers and other peculiarities as need be. SIPVicious PRO is not limited to just tests on SIP, but also other related protocols such as RTP. And finally, SIPVicious PRO makes use of our internal network library which gives the tool speed while maintaining sessions and other logical complexities in check.
-
RFC compliance: especially concerning SIP and RTP. This applies unless the attack requires non-compliance! ↩︎