Viproy VoIP Penetration Testing and Exploitation Kit

Project Page:
Author : Fatih Ozavci

Viproy Voip Pen-Test Kit is developed to improve the quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 10 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.

SIP Pen-test guide will be published soon. Basic Usage of Modules are presented below, it can be used before guide. All modules have DEBUG and VERBOSE supports

Preparing The Test Network

VulnVOIP is vulnerable SIP server, you can use it for tests
VulnVOIP :

Installation - Metasploit Github Edition

Copy "lib", "modules" and "data" folders' content to Metasploit Root "/" Directory.
Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) Should Contain This Line
require 'msf/core/auxiliary/sip'

Installation - Metasploit Pro Edition

Copy "lib", "modules" and "data" folders' content to /opt/metasploit/apps/pro/msf3 directory.
Mixins.rb File (/opt/metasploit/apps/pro/msf3/lib/msf/core/auxiliary/mixins.rb) Should Contain This Line
require 'msf/core/auxiliary/sip'

For SIP Trust Analyzer module.
Install "pcaprub" via "/opt/metasploit/ruby/bin/gem install pcaprub"
Metasploit - How To install Pcaprub For Windows


  • VoIP Wars: Return of the SIP - DEF CON 21 (USA) Ruxcon 2013 (Australia)

  • Viproy VoIP Penetration Testing Kit - Blackhat Arsenal USA 2013

  • Videos & Papers

    DEF CON 21 - Fatih Ozavci - VoIP Wars Return of the SIP

    Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video (50 mins)

    This is a training video for penetration testing of SIP servers.

    Chapters of Training Video
    1-Footprinting of SIP Services
    2-Enumerating SIP Services
    3-Registering SIP Service with/without Credentials
    4-Brute Force Attack for SIP Service
    5-Call Initiation with/without Spoof & Credentials
    6-Hacking Trust Relationships
    7-Intercepting SIP Client with SIP Proxy

    Sample Usage Video

    Hacking Trust Relationships of SIP/NGN Gateways - Video

    Hacking Trust Relationships Between SIP Gateways (PDF)

    VoIP Wars : Return of the SIP (Defcon 21 Presentation)