View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0004863Kali LinuxQueued Tool Additionpublic2018-07-24 16:522024-03-22 09:05
Reporterpepelux Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status acknowledgedResolutionopen 
Summary0004863: sippts - Suite of tools for penetration test over SIP protocol
Description

==Suite of tools for penetration test over SIP protocol==

========
Download

https://github.com/Pepelux/sippts

Sippts is a suite of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Perl script and it consists of:

=======
Sipscan

Fast scanner for SIP services that uses multithread. Sipscan can check IP and port ranges and works over UDP or TCP.

$ perl sipscan.pl

SipSCAN - by Pepelux <[email protected]>

Usage: perl sipscan.pl -h <host> [options]

== Options ==
-m <string> = Method: REGISTER/INVITE/OPTIONS (default: OPTIONS)
-u <string> = Username
-s <integer> = Source number (CallerID) (default: 100)
-d <integer> = Destination number (default: 100)
-r <integer> = Remote port (default: 5060)
-proto <string> = Protocol (udp, tcp or all (both of them) - By default: ALL)
-ip <string> = Source IP (by default it is the same as host)
-nodb = Don't save into database (default save results on sippts.db)
-v = Verbose (trace information)
-vv = More verbose (more detailed trace)

== Examples ==
$perl sipscan.pl -h 192.168.0.1
To search SIP services on 192.168.0.1 port 5060 (using OPTIONS method)
To search several ranges
$perl sipscan.pl -h 192.168.0.1,192.168.2.0/24.192.168.3.1-192.168.20.200
To search SIP services using INVITE method
$perl sipscan.pl -h 192.168.0.1 -m INVITE
To search SIP services on 192.168.0.1 port 5060 (using INVITE method)
$perl sipscan.pl -h 192.168.0.0/24 -v -t tcp
To search SIP services on 192.168.0.0 network by TCP connection (using OPTIONS method)
$perl sipscan.pl -h 192.168.0.1-192.168.0.100 -r 5060-5070 -vv
To search SIP services on 192.168.0.100 ports from 5060 to 5070 (using OPTIONS method)

========
Sipexten

Identifies extensions on a SIP server. Sipexten uses multithread and can check IP and port ranges

$ perl sipexten.pl

SipEXTEN - by Pepelux <[email protected]>

Usage: perl sipexten.pl -h <host> [options]

== Options ==
-e <string> = Extensions (default 100-300)
-s <integer> = Source number (CallerID) (default: 100)
-d <integer> = Destination number (default: 100)
-r <integer> = Remote port (default: 5060)
-p <string> = Prefix (for extensions)
-proto <string> = Protocol (udp, tcp or all (both of them) - By default: ALL)
-ip <string> = Source IP (by default it is the same as host)
-nodb = Don't save into database (default save results on sippts.db)
-v = Verbose (trace information)
-vv = More verbose (more detailed trace)

== Examples ==
$perl sipexten.pl -h 192.168.0.1 -e 100-200 -v
To check extensions range from 100 to 200 (with verbose mode)
$perl sipexten.pl -h 192.168.0.1 -e 100-200 -v
To check several ranges
$perl sipexten.pl -h 192.168.0.1,192.168.2.0/24.192.168.3.1-192.168.50.200
To check extensions range from user100 to user200
$perl sipexten.pl -h 192.168.0.0/24 -e 100 -r 5060-5080 -vv
To check extension 100 with destination port between 5060 and 5080 (with packages info)

========
Sipcrack

Remote password cracker. Sipcrack uses multithread and can test passwords for several users in IP and port ranges

$ perl sipcrack.pl

SipCRACK - by Pepelux <[email protected]>

Usage: perl sipcrack.pl -h <host> -w wordlist [options]

== Options ==
-e <string> = Extension (default from 100 to 1000)
-s <integer> = Source number (CallerID) (default: 100)
-d <integer> = Destination number (default: 100)
-r <integer> = Remote port (default: 5060)
-p <string> = Prefix (for extensions)
-proto <string> = Protocol (udp or tcp - By default: udp)
-ip <string> = Source IP (by default it is the same as host)
-resume = Resume last session
-w = Wordlist
-nodb = Don't save into database (default save results on sippts.db)
-v = Verbose (trace information)
-vv = More verbose (more detailed trace)

== Examples ==
$perl sipcrack.pl -h 192.168.0.1 -w wordlist
Try to crack extensions from 100 to 1000 on 192.168.0.1 port 5060
$perl sipcrack.pl -h 192.168.0.0/24 -e 100-200 -p user -w wordlist -v
Try to crack extensions from user100 to user200 on 192.168.0.0 network

=========
Sipinvite

Check if a server allow us to make calls without authentication. If the SIP server has a bad configuration, it will allows us to make calls to external numbers. Also it can allow us to transfer the call to a second external number

$ perl sipinvite.pl

SipINVITE - by Pepelux <[email protected]>

Usage: perl sipinvite.pl -h <host> -d <dst_number> [options]

== Options ==
-d <integer> = Destination number
-u <string> = Username to authenticate
-p <string> = Password to authenticate
-s <integer> = Source number (CallerID) (default: 100)
-l <integer> = Local port (default: 5070)
-r <integer> = Remote port (default: 5060)
-t <integer> = Transfer call to another number
-ip <string> = Source IP (by default it is the same as host)
-v = Verbose (trace information)

== Examples ==
$perl sipinvite.pl -h 192.168.0.1 -d 100
Trying to make a call to exten 100 (without auth)
$perl sipinvite.pl -h 192.168.0.1 -u sipuser -p supersecret -d 100 -r 5080
Trying to make a call to exten 100 (with auth)
$perl sipinvite.pl -h 192.168.0.1 -s 200 -d 555555555 -v
Trying to make a call to number 555555555 (without auth) with source number 200
$perl sipinvite.pl -h 192.168.0.1 -d 555555555 -t 666666666
Trying to make a call to number 555555555 (without auth) and transfer it to number 666666666
$perl sipinvite.pl -h 192.168.0.1 -d 555555555 -t 666666666 -s 123456789
Trying to make a call to number 555555555 (without auth) using callerid 123456789 and transfer it to number 666666666

========
Sipsniff

Simple sniffer for SIP protocol that allows us to filter by SIP method type

$ perl sipsniff.pl

SipSNIFF - by Pepelux <[email protected]>

Usage: sudo perl -i <interface> sipsniff.pl [options]

== Options ==
-i <string> = Interface (ex: eth0)
-p <integer> = Port (default: 5060)
-m <string> = Filter method (ex: INVITE, REGISTER)
-u = Filter authentication digest

== Examples ==
$sudo perl sipsniff.pl -i eth0
$sudo perl sipsniff.pl -i eth0 -m INVITE
$sudo perl sipsniff.pl -i eth0 -u

======
Sipspy

Simple sip server that show us digest auth requests and responses. Example:

[=>] 192.168.1.129:43455 REGISTER
[ Sending digest => WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="405a7bc0" ]
[=>] 192.168.1.129:43455 REGISTER
[ Digest response => Authorization: Digest username="200", realm="asterisk", nonce="405a7bc0", uri="sip:[email protected]", response="e270e69d53011d2f1219b6dfe018743d", algorithm=MD5 ]

$ perl sipspy.pl -h

SipSPY - by Pepelux <[email protected]>

Usage: sudo perl sipspy.pl [options]

== Options ==
-p <integer> = Port (default: 5060)
-v = Verbose

==Operating System==
Sippts was tested on:

  • Linux
  • Mac OS X
  • Windows

==Requirements==

  • Perl

sudo apt-get install libnet-pcap-perl libio-socket-ip-perl libsocket-perl libnetaddr-ip-perl libdbd-sqlite3-perl
sudo cpan -i IO:Socket:Timeout
sudo cpan -i String:HexConvert

Attached Files
sippts-master.zip (25,915 bytes)

Activities

pepelux

pepelux

2018-11-28 10:13

reporter   ~0010035

New version: 1.2.2

sippts-1.2.2.zip (37,459 bytes)
pepelux

pepelux

2018-12-10 18:28

reporter   ~0010100

Hi! Has anyone been able to review it?
pepelux

pepelux

2019-01-22 12:22

reporter   ~0010230

New version: 1.2.6

  • Bug fixes
  • Added a new script to exploit the SIP Digest Leak vulnerability that affects a large number of hardware and software devices.
sippts-v1.2.6.zip (42,165 bytes)
pepelux

pepelux

2019-05-13 08:58

reporter   ~0010578

Version 1.2.7 released

https://github.com/Pepelux/sippts
g0tmi1k

g0tmi1k

2019-10-28 13:23

administrator   ~0011235

Last edited: 2020-01-06 13:19

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging
vseva

vseva

2019-12-10 11:56

reporter   ~0011629

package source at https://github.com/linuxmaniac/sippts
pepelux

pepelux

2022-05-18 09:03

reporter   ~0016158

New release 3.0.0 coded in python

  • Erased some scripts: sipsniff, sipspy and sipreport
  • Renamed script sipcracker to siprcrack
  • New script sipenumerate to enumerate available methods of a SIP sevice/server
  • New script sipdump to extract SIP Digest authentications from a PCAP file
  • New script sipcrack to crack the digest authentications within the SIP protocol

https://github.com/Pepelux/sippts/releases/tag/v3.0.0
wearecaster

wearecaster

2024-03-21 21:59

reporter   ~0019063

Hi. I want to help with packaging, however this tool requires such dependencies:
pyshark
arpspoof
rel
websocket-client

These are not available as packages in the Kali repositories (python3-pyshark, python3-arpspoof, python3-rel, python3-websocket-client)
What should I do?

@pepelux
Arszilla

Arszilla

2024-03-22 09:03

reporter   ~0019064

Last edited: 2024-03-22 09:05

@wearecaster refer to https://www.kali.org/docs/development/advanced-packaging-example/

You will have to package those dependencies too, then use the appropriate gbp flag to supply those dependencies, while having the Build-Depends mention the package names in your debian/rules.

Do note that you will have to create a ticket for those additional dependencies to be added to the repos.

Issue History

Date Modified Username Field Change
2018-07-24 16:52 pepelux New Issue
2018-07-24 16:52 pepelux File Added: sippts-master.zip
2018-07-28 20:49 elwood Status new => acknowledged
2018-08-06 10:24 g0tmi1k Summary Suite of tools for penetration test over SIP protocol => Sipscan/Sipexten/Sipcrack/Sipinvite/Sipsniff/Sipspy - Suite of tools for penetration test over SIP protocol
2018-11-28 10:13 pepelux File Added: sippts-1.2.2.zip
2018-11-28 10:13 pepelux Note Added: 0010035
2018-12-10 18:28 pepelux Note Added: 0010100
2019-01-22 12:22 pepelux File Added: sippts-v1.2.6.zip
2019-01-22 12:22 pepelux Note Added: 0010230
2019-05-13 08:58 pepelux Note Added: 0010578
2019-10-28 13:23 g0tmi1k Note Added: 0011235
2019-10-28 13:23 g0tmi1k Status acknowledged => new
2019-10-28 13:23 g0tmi1k Category New Tool Requests => Queued Tool Addition
2019-10-28 16:01 g0tmi1k Severity minor => feature
2019-10-28 16:01 g0tmi1k Status new => assigned
2019-12-10 11:56 vseva Note Added: 0011629
2020-01-06 13:07 g0tmi1k Status assigned => acknowledged
2020-01-06 13:19 g0tmi1k Note Edited: 0011235
2020-06-17 14:57 g0tmi1k Severity feature => minor
2022-05-18 09:03 pepelux Note Added: 0016158
2023-10-18 11:42 daniruiz Summary Sipscan/Sipexten/Sipcrack/Sipinvite/Sipsniff/Sipspy - Suite of tools for penetration test over SIP protocol => Sipspy - Suite of tools for penetration test over SIP protocol
2024-03-17 12:23 daniruiz Summary Sipspy - Suite of tools for penetration test over SIP protocol => sippts - Suite of tools for penetration test over SIP protocol
2024-03-21 21:59 wearecaster Note Added: 0019063
2024-03-22 09:03 Arszilla Note Added: 0019064
2024-03-22 09:05 Arszilla Note Edited: 0019064