Viproy Voip Pen-Test Kit for Metasploit Framework

Viproy VoIP Pen-Test Kit provides penetration testing modules for VoIP networks. It’s developed for security testing of VoIP and Unified Communications services. Viproy has Skinny, SIP and MSRP libraries to develop custom security tests, as well as PoC security testing modules. The modules below can be used to test SIP design and authorization flaws, Skinny service issues, cloud VoIP design issues and client software vulnerabilities. Viproy had the key role for the VoIP Wars research series presented in major security conferences including Black Hat (USA, Europe), Defcon, Troopers, Hack in the Box, Ruxcon and AusCERT.

Current Testing Modules

• SIP Register
• SIP Invite
• SIP Message
• SIP Negotiate
• SIP Options
• SIP Subscribe
• SIP Enumerate
• SIP Brute Force
• SIP Trust Hacking
• SIP UDP Amplification DoS
• SIP Proxy Bounce
• Skinny Register
• Skinny Call
• Skinny Call Forward
• CUCDM Call Forwarder
• CUCDM Speed Dial Manipulator
• MITM Proxy TCP
• MITM Proxy UDP
• Cisco CDP Spoofer
• Boghe VoIP Client INVITE PoC Exploit (New)
• Boghe VoIP Client MSRP PoC Exploit (New)
• SIP Message with INVITE Support (New)
• Sample SIP SDP Fuzzer (New)
• MSRP Message Tester with SIP INVITE Support (New)
• Sample MSRP Message Fuzzer with SIP INVITE Support (New)
• Sample MSRP Message Header Fuzzer with SIP INVITE Support (New)

Installation

git clone https://github.com/fozavci/viproy-voipkit.git

Copy “lib” and “modules” folders’ content to the Metasploit root directory.
Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) should contains the following lines
require ‘msf/core/auxiliary/sip’
require ‘msf/core/auxiliary/skinny’
require ‘msf/core/auxiliary/msrp’

Tutorial

Copyright (c) 2012, Fatih Ozavci / Viproy
All rights reserved.