Viproy Voip Pen-Test Kit is developed to improve the quality of SIP Penetration Tests.
It provides authentication feature that helps to create simple tests.
It includes 10 different modules with authentication support: options tester,
brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester.
All attacks could perform before and after authentication to fuzz SIP
services and value added services.
SIP Pen-test guide will be published soon.
Basic Usage of Modules are presented below, it can be used before guide.
All modules have DEBUG and VERBOSE supports
Copy "lib", "modules" and "data" folders' content to Metasploit Root "/" Directory.
Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) Should Contain This Line require 'msf/core/auxiliary/sip'
Installation - Metasploit Pro Edition
Copy "lib", "modules" and "data" folders' content to /opt/metasploit/apps/pro/msf3 directory.
Mixins.rb File (/opt/metasploit/apps/pro/msf3/lib/msf/core/auxiliary/mixins.rb) Should Contain This Line require 'msf/core/auxiliary/sip'
DEF CON 21 - Fatih Ozavci - VoIP Wars Return of the SIP
Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video (50 mins)
This is a training video for penetration testing of SIP servers.
Chapters of Training Video
1-Footprinting of SIP Services
2-Enumerating SIP Services
3-Registering SIP Service with/without Credentials
4-Brute Force Attack for SIP Service
5-Call Initiation with/without Spoof & Credentials
6-Hacking Trust Relationships
7-Intercepting SIP Client with SIP Proxy