vsaudit

This is an opensource tool to perform attacks to general VoIP services It allows to scans the whole network or single host to do the gathering phase, then it is able to search for most known vulnerabilities on the founds alive hosts and try to exploit them.

Install dependencies

To start using vsaudit you must install the ‘bundler’ package that will be used to install the required gem dependencies through the Gemfile.

Download directly from website:

http://bundler.io/

Or install with ‘gem’ (ruby package manager) with:

deftcode ~ $ gem install bundler

After that the installation has been completed, run (in the directory where is located vsaudit):

deftcode vsaudit $ bundle

Now you can start vsaudit with:

deftcode vsaudit $ ruby vsaudit.rb

NOTE: If you get an error with gem, you need to install the libssl-dev package (kali-linux: apt install libssl-dev).

Environment commands

• Display the available options that can be set
• List the environment variables
• Get the value of environment variable
• Set or change the environment variables

Audit commands

• Check mistakes in the local configuration files
• Scan a local o remote network
• Enumerate the extensions
• Bruteforce extensions
• Get the live network traffic
• Intercept the network traffic by custom bpf

Information commands

• Get informations about modules or address
• Show the report list
• Show the extensions list

Global commands

• Display the help message
• Quit from the framework

Screenshots

Reference

• Manual: http://deftcode.ninja/post/vsaudit-voip-security-audit-framework
• RFC-3261 (SIP – Session Initiation Protocol): https://www.ietf.org/rfc/rfc3261.txt

Source: https://github.com/eurialo/vsaudit