Skip to main content

Tags security tools

If SIPVicious gives you a ring…

Note: SIPVicious version 0.28 is out, go get it. I like to keep an eye on the social media and Google alerts for SIPVicious and in the last few months I noticed a rise in mentions of the tools. Specifically, a number of Korean twitter users (who have their service with KT, a VoIP service provider) complaining about receiving a call from a caller-id showing ‘SIPVicious’. After contacting a Korean friend, this led to an interview by a reporter for an article that was published on a Korean tech news site Boan News.…

Read more »

SIPVicious 0.2.7 released and rewrite coming up, looking for testers!

Published on Feb 22, 2012 in , ,

Get it now! This is the last release in the 0.2 series which fixes a number of stability issues and bugs before moving on to a total rewrite. Are you a SIPVicious user? Get in contact if you have a VoIP lab or simply want to test the rewrite of SIPVicious. The internal version already includes support for TCP, TLS and IPv6 ;-) The changelog for this one: Feature: has a new option -b which bruteforces the attacker’s port Feature: svcrack.…

Read more »

Asterisk forensics: the logs vs the attackers

Published on Jan 2, 2012 in , , ,

Recently I had the opportunity to present on VoIP insecurity around various conferences this year, on my own and also with Joffrey Czarny. At Secure 2011 we had one day a workshop and one of the things we showed was the effect of a typical SIPVicious attack on an Asterisk box. The following videos (best seen in full screen and high quality) illustrate what happens. When we run, nothing usually shows up on the asterisk logs.…

Read more »

VOIPPACK updated to v1.4

Published on Jan 25, 2011 in , ,

Quick note, VOIPPACK now includes support for Cisco Call Manager and more tools to break that Asterisk PBX (FreePBX / Trixbox focus). The blog post on EnableSecurity includes more details.…

Read more »

Distributed SIP scanning during Halloween weekend

Published on Nov 4, 2010 in , ,

Over last weekend there were a number of reports of VoIP (especially Asterisk) servers that were “under heavy attack”. I have looked at some packet traces and noticed how the SIP messages look very similar to the ones generated by SIPVicious especially In fact, I think this is a modified version of SIPVicious that is being distributed on a botnet. Take a look at the following message generated by these new scans:…

Read more »

New beta of VIPER VAST released 2.76

Published on Jul 21, 2010 in ,

And that includes all the latest goodness, including SIPVicious. This is a great tool for those needing an up to date VoIP hackin.. er penetration testing distro :-) Download it from here.…

Read more »

How to crash SIPVicious - introducing

Published on Jun 22, 2010 in , ,

A new tool has been added to SIPVicious - As the name implies, it crashes something - and This tool is meant to be used by system administrators and organizations that are receiving unauthorized scans on their exposed IP PBX. Quick links: Download the latest version :: Watch a short demo of Since this is a little different from the usual, I’ll provide a bit of background first.…

Read more »

New tool in the works: TFTPTheft

Published on May 28, 2010 in ,

Most sysadmins just love the idea of switching on a box that just works automatically. In the case of IP phones that is typically possible by setting up the right DHCP config and a TFTP server hosting firmware and configuration. My introduction to TFTP The TFTP protocol typically runs over port 69, and the above image shows a rather insecure doll. The TFTP protocol is rather simple and lightweight: Runs on top of UDP Does not support authentication Only supports pulling and pushing (GET and PUT) of files (no directory listing) New tools?…

Read more »

SIPVicious 0.2.5 out

Published on May 19, 2010 in , ,

Latest SIPVicious. It has been a while since I released an update to SIPVicious. It is mostly a bug-fix and “play nice” update. Download it from here. Changelog: v0.2.5 (20100519) Feature: has “scan for default / typical extensions” option. This option tries to guess numeric extensions which have certain patterns such as 1212 etc. Option is -D, –enabledefaults General: and now have a new option which allows you to see how long the tools will scan without receiving any response back.…

Read more »

VIPER VAST includes SIPVicious

Published on Oct 5, 2009 in ,

A quick post to refer to the live bootable CD from Viperlabs called VIPER VAST. It’s a Linux distribution that includes a good number of tools that can help in a VoIP security assessment. I think I’ll be giving this a try next time around. What makes this useful is if you want to quickly have a machine with all the right libraries, drivers and packages installed to be able to run tools such as UCsniff.…

Read more »