Tags › sipvicious releases
SIPVicious PRO incremental update - and Gitlab CI/CD examples
Published on Mar 7, 2023 in sip security, sipvicious pro, sip security testing, sipvicious releases, devops, security tools
We just pushed out a new SIPVicious PRO update to our subscribing members! This version does not include any new major features. Instead, it fixes various bugs and brings missing but necessary features to various SIPVicious PRO tools. We have the following highlights in this update: Documentation now includes realistic Gitlab CI/CD examples The RTP fuzzer in the experimental version now supports SRTP Support for new SIP DoS flood request methods The RTP inject tool can now specify the RTP’s SSRC and payload ID The SIP password cracking tool now supports closing the connection upon each attempt The SIP ping utility supports INVITE For the boring details, including a list of bug fixes, do read the release notes for v6.…
Read more »SIPVicious PRO experimental now supports STIR/SHAKEN and 5 new tools
Published on Jul 6, 2022 in sip security, sipvicious pro, sip security testing, sipvicious releases
We just made two builds available to our SIPVicious PRO members. One is called the stable build, while the other is the experimental build. The v6.0.0-beta.5 stable build includes a large number of fixes, much better (or sane) defaults and full coverage of SRTP throughout the toolset. The experimental version is where the excitement is. Our members now have access to 5 new tools that we find useful in our work:…
Read more »
Sandro Gauci, Enable Security
SIPVicious OSS v0.3.4 released with exit codes and automation features
Published on Jun 2, 2021 in sipvicious oss, security tools, sip security, sipvicious releases
We just made SIPVicious OSS v0.3.4 available, so go get it! Or install it via pip: pip install sipvicious --upgrade What’s new? Two main things: Exit codes, just like SIPVicious PRO’s Integration with Github Actions This release makes it much easier to use SIPVicious OSS within your CI/CD pipelines and other automation systems. One should, of course, read the documentation on automation for more information. But here’s an example script to get the idea of what can be done:…
Read more »SIPVicious PRO 6.0.0-beta.4 getting close to take-off!
Published on May 20, 2021 in sip security, sipvicious pro, sip security testing, sipvicious releases
This one’s a bit of a boring update for SIPVicious PRO. That’s because we’re getting to a stable place where flag names and values do not change too often. Which means, we’re getting out of beta rather soon! However, it is still a major update because we made a significant number of internal changes. For example, we standardized a number of flags to be the same across all tools. We discovered that we can minimize each tool’s flagset by making use of config flags such as --auth-config that allows you to configure behaviours specific to how SIPVicious handles authentication (e.…
Read more »SIPVicious OSS 0.3.3 released with new STDIN and target URL specification
Published on Mar 25, 2021 in sipvicious oss, security tools, sip security, sipvicious releases
Without further ado, please say hello to SIPVicious OSS 0.3.3! To install or upgrade run pip install -U sipvicious. For more installation methods, see the wiki. What’s new? SIP extensions and passwords from standard input We have a new feature which seems so simple yet so powerful: STDIN for dictionary input! This works for both svwar and svcrack. It is similar to what we did with SIPVicious PRO, which (surprisingly) proved to be a very popular feature.…
Read more »SIPVicious OSS 0.3.2 released with more IPv6 goodness!
Published on Mar 3, 2021 in sipvicious oss, security tools, sip security, sipvicious releases
The free and opensource version of SIPVicious has been updated so that support for IPv6 is also available in svmap. If you can’t wait to try it out, you can get it at the official repository or by using pip3 install sipvicious --upgrade. So now, with svmap’s IPv6 support, you can do stuff like: sipvicious_svmap -6 -v 2a01:7e01::f03c:92ff:fecf:60a8 INFO:DrinkOrSip:trying to get self ip .. might take a while INFO:root:start your engines INFO:DrinkOrSip:-:61500 -> 2a01:7e01::f03c:92ff:fecf:60a8:5060 -> kamailio (5.…
Read more »SIPVicious PRO 6.0.0-beta.2 takes STDIN and fixes various bugs
Published on Feb 9, 2021 in sip security, sipvicious pro, sip security testing, sipvicious releases
What we’re excited about in this minor update is the addition of a new feature to the SIP cracker in SIPVicious PRO. Basically, it now takes input from external tools through standard input. Why? Because it allows infinite ways of generating potential usernames, passwords and/or SIP extensions when making use of external tools such as the maskprocessor included in the well known password cracker, hashcat. Here’s an animation showing usage of the maskprocessor to generate passwords for the SIP online cracking tool:…
Read more »SIPVicious PRO beta release contains SIP fuzzer and better automation
Published on Dec 3, 2020 in fuzzing, sip security, sipvicious pro, sip security testing, sipvicious releases
We just made SIPVicious PRO v6.0.0-beta.1 available to our beta testers. This latest release brings a new SIP fuzzer and enhancements for automation to your favourite RTC offensive security toolset. We have the following highlights with this release: New fuzzing tools - sip fuzz method. This used to be in a separate internal tool called gasoline (see our toolset page); this now been polished and has joined the SVPRO toolset; this has been used to identify vulnerabilities in Kamailio (advisory), sngrep (advisory 1 and 2) and other SIP servers.…
Read more »SIPVicious PRO v6.0.0 alpha.5 available to our clients
Published on Jun 3, 2020 in sipvicious pro, security-tools, sipvicious releases
With great pleasure, we announce the availability of the v6.0.0-alpha.5 version of SIPVicious PRO. This is a major update since most of the promised feature-set of the existent modules is now available. While you are encouraged to read the release notes, the main highlights are the following: Target demo server (demo.sipvicious.pro) now implemented, used throughout the documentation for attack examples and training purposes An extensive getting started page is now available, with instructions on how to use most of the modules Exit codes!…
Read more »Sandro Gauci, Enable Security
SIPVicious OSS 0.3.0 released
Published on Mar 10, 2020 in sipvicious oss, security tools, sipvicious releases
It’s been a few years since we released a new version of SIPVicious. Truth is, we were working on SIPVicious PRO which we started making available to some of our clients. Many people still use the open-source version of SIPVicious and it is included in various pentest Linux distributions, and definitely is useful to a number of people (especially after they change the user-agent string). And so, with the impending Python2 apocalypse, we decided to make a new release, porting SIPVicious OSS to Python 3 and including various updates that happened since 2015 in the master branch.…
Read more »