Viproy VoIP Penetration Testing and Exploitation Kit

Project Page: http://www.github.com/fozavci/viproy-voipkit
Download: https://github.com/fozavci/viproy-voipkit/archive/master.zip
Author : Fatih Ozavci

Viproy Voip Pen-Test Kit is developed to improve the quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 10 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.

SIP Pen-test guide will be published soon. Basic Usage of Modules are presented below, it can be used before guide. All modules have DEBUG and VERBOSE supports


Preparing The Test Network

VulnVOIP is vulnerable SIP server, you can use it for tests
VulnVOIP : http://www.rebootuser.com/?cat=371

Installation - Metasploit Github Edition

Copy "lib", "modules" and "data" folders' content to Metasploit Root "/" Directory.
Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) Should Contain This Line
require 'msf/core/auxiliary/sip'

Installation - Metasploit Pro Edition

Copy "lib", "modules" and "data" folders' content to /opt/metasploit/apps/pro/msf3 directory.
Mixins.rb File (/opt/metasploit/apps/pro/msf3/lib/msf/core/auxiliary/mixins.rb) Should Contain This Line
require 'msf/core/auxiliary/sip'

For SIP Trust Analyzer module.
Install "pcaprub" via "/opt/metasploit/ruby/bin/gem install pcaprub"
or
Metasploit - How To install Pcaprub For Windows


Events


  • VoIP Wars: Return of the SIP - DEF CON 21 (USA) Ruxcon 2013 (Australia)

  • Viproy VoIP Penetration Testing Kit - Blackhat Arsenal USA 2013


  • Videos & Papers


    DEF CON 21 - Fatih Ozavci - VoIP Wars Return of the SIP

    Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video (50 mins)

    This is a training video for penetration testing of SIP servers.

    Chapters of Training Video
    1-Footprinting of SIP Services
    2-Enumerating SIP Services
    3-Registering SIP Service with/without Credentials
    4-Brute Force Attack for SIP Service
    5-Call Initiation with/without Spoof & Credentials
    6-Hacking Trust Relationships
    7-Intercepting SIP Client with SIP Proxy


    Sample Usage Video

    http://www.youtube.com/watch?v=1vDTujNVKGM

    Hacking Trust Relationships of SIP/NGN Gateways - Video

    http://www.youtube.com/watch?v=BVJq2yrHYhI

    Hacking Trust Relationships Between SIP Gateways (PDF)

    http://viproy.com/files/siptrust.pdf

    VoIP Wars : Return of the SIP (Defcon 21 Presentation)