sippts v3.3 releases: Set of tools to audit SIP based VoIP Systems
What is Sippts?
Sippts is a suite of tools to audit VoIP servers and devices using SIP protocol. It is programmed in Perl script and it allows us to check the security of a VoIP server using SIP protocol.
A suite of tools for penetration test over SIP protocol
Sippts is a suite of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Perl script and it consists of:
- Sipscan Fast scanner for SIP services that uses multithread. Sipscan can check IP and port ranges and works with UDP or TCP.
- Sipexten Identifies extensions on a SIP server. Sipexten uses multithread and can check IP and port ranges
- Sipcrack Remote password cracker. Sipcrack uses multithread and can test passwords for several users in IP and port ranges
- Sipinvite Check if a server allows us to make calls without authentication. If the SIP server has a bad configuration, it will allow us to make calls to external numbers. Also, it can allow us to transfer the call to a second external number
- Sipsniff Simple sniffer for SIP protocol that allows us to filter by SIP method type
- Sipspy Simple sip server that shows us digest auth requests and responses. Example:
- SipDigestLeak Exploits the SIP digest leak vulnerability discovered by Sandro Gauci that affects a large number of hardware and software devices. Sipspy is a fake SIP server that listens on port 5060/UDP and responds to REGISTER message authentication requests.
- added param -th to allow threads
- added params -b -a -min -max to create malformed headers
- manage large ranges of IP networks. Fixed memory leak problems
- can now run faster. Supports 800 threads without memory consumption
- added param -random to randomize target hosts
- now can attack several IP addresses or network ranges
- added param -ping to ping the host and connect to them only if it is alive
- added param –file lo load IPs from a file, with format (ip:port/proto)
- use threads to run faster
- show fingerprinting to give more information
- new module to check if a server/device is alive
- new module to inject RTP frames when RTPBleed vulnerability is present
- new module to send SIP messages over WebSockets
- new module to perform a SIP fuzzing test on several SIP methods
- bug fixes
git clone https://github.com/Pepelux/sippts.git
- cpan -i IO:Socket:Timeout
- cpan -i NetAddr:IP
- cpan -i String:HexConvert
Copyright (C) 2018 Pepelux