sippts v3.0 releases: Set of tools to audit SIP based VoIP Systems
What is Sippts?
Sippts is a suite of tools to audit VoIP servers and devices using SIP protocol. It is programmed in Perl script and it allows us to check the security of a VoIP server using SIP protocol.
A suite of tools for penetration test over SIP protocol
Sippts is a suite of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Perl script and it consists of:
- Sipscan Fast scanner for SIP services that uses multithread. Sipscan can check IP and port ranges and works with UDP or TCP.
- Sipexten Identifies extensions on a SIP server. Sipexten uses multithread and can check IP and port ranges
- Sipcrack Remote password cracker. Sipcrack uses multithread and can test passwords for several users in IP and port ranges
- Sipinvite Check if a server allows us to make calls without authentication. If the SIP server has a bad configuration, it will allow us to make calls to external numbers. Also, it can allow us to transfer the call to a second external number
- Sipsniff Simple sniffer for SIP protocol that allows us to filter by SIP method type
- Sipspy Simple sip server that shows us digest auth requests and responses. Example:
- SipDigestLeak Exploits the SIP digest leak vulnerability discovered by Sandro Gauci that affects a large number of hardware and software devices. Sipspy is a fake SIP server that listens on port 5060/UDP and responds to REGISTER message authentication requests.
- New version coded in python
- Erased some scripts: sipsniff, sipspy and sipreport
- Renamed script sipcracker to siprcrack
- New script sipenumerate to enumerate available methods of a SIP sevice/server
- New script sipdump to extract SIP Digest authentications from a PCAP file
- New script sipcrack to crack the digest authentications within the SIP protocol
git clone https://github.com/Pepelux/sippts.git
- cpan -i IO:Socket:Timeout
- cpan -i NetAddr:IP
- cpan -i String:HexConvert
Copyright (C) 2018 Pepelux