Viproy VoIP Penetration Testing and Exploitation Kit

Project Page: http://www.github.com/fozavci/viproy-voipkit
Download: Viproy 2.5 (Viproy 2.0)
Author : Fatih Ozavci

Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support, Cisco CDP spoofer/sniffer, Cisco Skinny protocol analysers, CUCDM exploits and network analysis modules. Furthermore, Viproy provides SIP and Skinny development libraries for custom fuzzing and analyse modules.

Current testing modules:

  • SIP Register
  • SIP Invite
  • SIP Message
  • SIP Negotiate
  • SIP Options
  • SIP Subscribe
  • SIP Enumerate
  • SIP Brute Force
  • SIP Trust Hacking
  • SIP UDP Amplification DoS
  • SIP Proxy Bounce
  • Skinny Register
  • Skinny Call
  • Skinny Call Forward
  • CUCDM Call Forwarder
  • CUCDM Speed Dial Manipulator
  • MITM Proxy TCP
  • MITM Proxy UDP
  • Cisco CDP Spoofer

  • Events


  • Training: Practical VoIP Hacking with Viproy - Kiwicon 2014

  • VoIP Wars: Attack of the Cisco Phones - DEF CON 22, Blackhat USA 2014

  • Viproy VoIP Penetration Testing Kit 2.0 - Blackhat Arsenal USA 2014

  • VoIP Wars: Return of the SIP - DEF CON 21, Ruxcon 2013 (Australia)

  • Viproy VoIP Penetration Testing Kit 1.0 - Blackhat Arsenal USA 2013


  • Documentation


    Usage Samples

    Usage of SIP Modules
    https://github.com/fozavci/viproy-voipkit/blob/master/SIPUSAGE.md

    Usage of Skinny Modules
    https://github.com/fozavci/viproy-voipkit/blob/master/SKINNYUSAGE.md

    Usage of Auxiliary Viproy Modules
    https://github.com/fozavci/viproy-voipkit/blob/master/OTHERSUSAGE.md

    Preparing The Test Network

    VulnVOIP is vulnerable SIP server, you can use it for tests
    VulnVOIP : http://www.rebootuser.com/?cat=371

    Installation - Metasploit Github Edition

    Copy "lib", "modules" and "data" folders' content to Metasploit Root "/" Directory.
    Mixins.rb file (lib/msf/core/auxiliary/mixins.rb) should contain the following lines
    require 'msf/core/auxiliary/sip'
    require 'msf/core/auxiliary/skinny'

    Installation - Metasploit Pro Edition

    Copy "lib", "modules" and "data" folders' content to /opt/metasploit/apps/pro/msf3 directory.
    Mixins.rb file (/opt/metasploit/apps/pro/msf3/lib/msf/core/auxiliary/mixins.rb) should contain the following lines
    require 'msf/core/auxiliary/sip'
    require 'msf/core/auxiliary/skinny'

    For SIP Trust Analyzer module.
    Install "pcaprub" via "/opt/metasploit/ruby/bin/gem install pcaprub"
    or
    Metasploit - How To install Pcaprub For Windows


    Videos & Papers


    VoIP Wars : Attack of the Cisco Phones (Blackhat 2014)



    VoIP Wars : Attack of the Cisco Phones (DEF CON 22 & Blackhat 2014)



    VoIP Wars : Attack of the Cisco Phones - Live Demo Remake



    DEF CON 21 - Fatih Ozavci - VoIP Wars Return of the SIP



    Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video (50 mins)

    This is a training video for penetration testing of SIP servers.

    Chapters of Training Video
    1-Footprinting of SIP Services
    2-Enumerating SIP Services
    3-Registering SIP Service with/without Credentials
    4-Brute Force Attack for SIP Service
    5-Call Initiation with/without Spoof & Credentials
    6-Hacking Trust Relationships
    7-Intercepting SIP Client with SIP Proxy


    Sample Usage Video

    http://www.youtube.com/watch?v=1vDTujNVKGM

    Hacking Trust Relationships of SIP/NGN Gateways - Video

    http://www.youtube.com/watch?v=BVJq2yrHYhI

    Hacking Trust Relationships Between SIP Gateways (PDF)

    http://viproy.com/files/siptrust.pdf

    VoIP Wars : Return of the SIP (Defcon 21 Presentation)