- Sniffing Tools
- Scanning and Enumeration Tools
- enumIAX
- fping
- IAX Enumerator
- iWar
- Nessus
- Nmap
- SIP Forum Test Framework (SFTF)
- SIPcrack
- sipflanker
- python sipflanker.py 192.168.1-254
- SIP-Scan
- SIP.Tastic
- SIPVicious
- SiVuS
- SMAP
- smap IP_Address/Subnet_Mask
- smap -o IP_Address/Subnet_Mask
- smap -l IP_Address
- snmpwalk
- VLANping
- VoIPAudit
- VoIP GHDB Entries
- VoIP Voicemail Database
- Packet Creation and Flooding Tools
- H.323 Injection Files
- H225regreject
- IAXHangup
- IAXAuthJack
- IAX.Brute
- IAXFlooder
- ./iaxflood sourcename destinationname numpackets
- INVITE Flooder
- ./inviteflood interface target_user target_domain ip_address_target no_of_packets
- kphone-ddos
- RTP Flooder
- rtpbreak
- Scapy
- Seagull
- SIPBomber
- SIPNess
- SIPp
- SIPsak
- Tracing paths: – sipsak -T -s sip:[email protected]
- Options request:- sipsak -vv -s sip:[email protected]
- Query registered bindings:- sipsak -I -C empty -a password -s sip:[email protected]
- SIP-Send-Fun
- SIPVicious
- Spitter
- TFTP Brute Force
- perl tftpbrute.pl <tftpserver> <filelist> <maxprocesses>
- UDP Flooder
- ./udpflood source_ip target_destination_ip src_port dest_port no_of_packets
- UDP Flooder (with VLAN Support)
- ./udpflood source_ip target_destination_ip src_port dest_port TOS user_priority VLAN ID no_of_packets
- Voiphopper
- Fuzzing Tools
- Signaling Manipulation Tools
- AuthTool
- ./authtool captured_sip_msgs_file -d dictionary -r usernames_passwords -v
- BYE Teardown
- Check Sync Phone Rebooter
- RedirectPoison
- ./redirectpoison interface target_source_ip target_source_port “<contact_information i.e. sip:100.77.50.52;line=xtrfgy>”
- Registration Adder
- Registration Eraser
- Registration Hijacker
- SIP-Kill
- SIP-Proxy-Kill
- SIP-RedirectRTP
- SipRogue
- vnak
- AuthTool
- Media Manipulation Tools
- RTP InsertSound
- ./rtpinsertsound interface source_rtp_ip source_rtp_port destination_rtp_ip destination_rtp_port file
- RTP MixSound
- ./rtpmixsound interface source_rtp_ip source_rtp_port destination_rtp_ip destination_rtp_port file
- RTPProxy
- RTPInject
- RTP InsertSound
- Generic Software Suites
- OAT Office Communication Server Tool Assessment
- EnableSecurity VOIPPACK
- Note: – Add-on for Immunity Canvas
- References
- URL’s
- Common Vulnerabilities and Exploits (CVE)
- Vulnerabilties and exploit information relating to these products can be found here: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=voip
- Default Passwords
- Hacking Exposed VoIP
- Tool Pre-requisites
- VoIPsa
- Common Vulnerabilities and Exploits (CVE)
- White Papers
- An Analysis of Security Threats and Tools in SIP-Based VoIP Systems
- An Analysis of VoIP Security Threats and Tools
- Hacking VoIP Exposed
- Security testing of SIP implementations
- SIP Stack Fingerprinting and Stack Difference Attacks
- Two attacks against VoIP
- VoIP Attacks!
- VoIP Security Audit Program (VSAP)
- URL’s