Home - Pepelux/sippts GitHub Wiki
Set of tools for penetration testing on the SIP protocol
Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Python script and the tools are:
-
Sipscan is a fast scanner for SIP services that uses multithread. Sipscan can check several IPs and port ranges and it can work over UDP or TCP. https://github.com/Pepelux/sippts/wiki/Command-rtpbleedinject Click here to read more about SIPscan
-
Sipexten identifies extensions on a SIP server. Also tells you if the extension line requires authentication or not. Sipexten can check several IPs and port ranges.
Click here to read more about SIPexten
- Siprcrack is a remote password cracker. Siprcrack can test passwords for several users in different IPs and port ranges.
Click here to read more about SIPRcrack
- Sipinvite checks if a server allow us to make calls without authentication. If the SIP server has a bad configuration, it will allow us to make calls to external numbers. Also it can allow us to transfer the call to a second external number.
Click here to read more about SIPinvite
- SipDigestLeak Exploits the SIP digest leak vulnerability discovered by Sandro Gauci that affects a large number of hardware and software devices.
Click here to read more about SIPDigestLeak
- SipFlood Send unlimited messages to the target.
Click here to read more about SIPFlood
- SipSend Allow us to send a customized SIP message and analyze the response.
Click here to read more about SIPSend
- WsSend Allow us to send a customized SIP message over WebSockets and analyze the response.
Click here to read more about WsSend
- SipEnumerate Enumerate available methods of a SIP service/server.
Click here to read more about SIPEnumerate
- SipDump Extracts SIP Digest authentications from a PCAP file.
Click here to read more about SIPDump
- SipCrack Cracking tool to crack the digest authentications within the SIP protocol.
Click here to read more about SIPCrack
- RTPBleed is a known bug that affects several versions of Asterisk and RTPProxy.
Click here to read more about RTPBleed
Click here to read more about RTCPBleed