Viproy – VoIP Penetration Testing Kit

Project Page : http://www.github.com/fozavci/viproy-voipkit
Download : https://github.com/fozavci/viproy-voipkit/archive/master.zip

Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.

SIP Pen-test guide will be published soon. Basic Usage of Modules are presented below, it can be used before guide. All modules have DEBUG and VERBOSE supports

Preparing Test Network

VulnVOIP is vulnerable SIP server, you can use it for tests
VulnVOIP : http://www.rebootuser.com/?cat=371

Installation

Copy “lib” and “modules” folders’ content to Metasploit Root Directory.
Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) Should Contain This Line
require ‘msf/core/auxiliary/sip’

Videos & Papers


Attacking and Hacking SIP Services – Video

It’s rendering, it will be available soon.

Sample Usage Video

http://www.youtube.com/watch?v=1vDTujNVKGM

Hacking Trust Relationships of SIP/NGN Gateways – Video

http://www.youtube.com/watch?v=BVJq2yrHYhI

Hacking Trust Relationships Between SIP Gateways (PDF)

http://viproy.com/files/siptrust.pdf

 

Usage


Global Settings

setg CHOST 192.168.1.99 #Local Host
setg CPORT 5099 #Local Port
setg RHOSTS 192.168.1.1-254 #Target Network
setg RHOST 192.168.1.201 #Target Host

Basic Usage of OPTIONS Module

use auxiliary/scanner/sip/vsipoptions
show options
set THREADS 255
run

Basic Usage of REGISTER Module

use auxiliary/scanner/sip/vsipregister
show options
run

set LOGIN true
set USERNAME 101
set PASSWORD s3cur3
run

Basic Usage of INVITE Module

use auxiliary/scanner/sip/vsipinvite
set FROM 2000
set TO 1000
run

set LOGIN true
set FROM 102
set USERNAME 102
set PASSWORD letmein123
run

set DOS_MODE true
set NUMERIC_USERS true
set NUMERIC_MIN 200
set NUMERIC_MAX 205
run

Basic Usage of ENUMERATOR Module

use auxiliary/scanner/sip/vsipenumerator
show options
unset USERNAME
set USER_FILE /tmp/files/users2
set VERBOSE false
set METHOD SUBSCRIBE
run

unset USER_FILE
set METHOD SUBSCRIBE
set NUMERIC_USERS true
set NUMERIC_MAX 2300
run

set METHOD REGISTER
run

Basic Usage of BRUTE FORCE Module

use auxiliary/scanner/sip/vsipbruteforce
show options
set RHOST 192.168.1.201
set USERNAME 2000
set PASS_FILE /tmp/files/passwords
set VERBOSE false
run

unset USERNAME
set USER_FILE /tmp/files/users2
run

unset USER_FILE
set NUMERIC_USERS true
set NUMERIC_MAX 500
run

Basic Usage of Trust Analyzer Module

use auxiliary/scanner/sip/vsiptrust
show options
set SRC_RHOSTS 192.168.1.200-210
set SRC_RPORTS 5060
set SIP_SERVER 192.168.1.201
set INTERFACE eth0
set TO 101
run

show options
set ACTION CALL
set SRC_RHOSTS 192.168.1.202
set FROM James Bond
run

Basic Usage of SIP Proxy Module

use auxiliary/scanner/sip/vsipproxy
show options
set PRXCLT_PORT 5060
set PRXCLT_IP 192.168.1.99
set PRXSRV_PORT 5089
set PRXSRV_IP 192.168.1.99
set CLIENT_IP 192.168.1.120
set CLIENT_PORT 5060
set SERVER_IP 192.168.1.201
set SERVER_PORT 5060
set CONF_FILE /tmp/sipproxy_replace.txt
set LOG true
set VERBOSE false
run

Credit: Fatih Ozavci

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s