View Issue Details

IDProjectCategoryView StatusLast Update
0004863Kali LinuxQueued Tool Additionpublic2024-06-23 13:25
Reporterpepelux Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status acknowledgedResolutionopen 
Summary0004863: sippts - Suite of tools for penetration test over SIP protocol
Description

==Suite of tools for penetration test over SIP protocol==

========
Download

https://github.com/Pepelux/sippts

Sippts is a suite of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Perl script and it consists of:

=======
Sipscan

Fast scanner for SIP services that uses multithread. Sipscan can check IP and port ranges and works over UDP or TCP.

$ perl sipscan.pl

SipSCAN - by Pepelux <[email protected]>

Usage: perl sipscan.pl -h <host> [options]

== Options ==
-m <string> = Method: REGISTER/INVITE/OPTIONS (default: OPTIONS)
-u <string> = Username
-s <integer> = Source number (CallerID) (default: 100)
-d <integer> = Destination number (default: 100)
-r <integer> = Remote port (default: 5060)
-proto <string> = Protocol (udp, tcp or all (both of them) - By default: ALL)
-ip <string> = Source IP (by default it is the same as host)
-nodb = Don't save into database (default save results on sippts.db)
-v = Verbose (trace information)
-vv = More verbose (more detailed trace)

== Examples ==
$perl sipscan.pl -h 192.168.0.1
To search SIP services on 192.168.0.1 port 5060 (using OPTIONS method)
To search several ranges
$perl sipscan.pl -h 192.168.0.1,192.168.2.0/24.192.168.3.1-192.168.20.200
To search SIP services using INVITE method
$perl sipscan.pl -h 192.168.0.1 -m INVITE
To search SIP services on 192.168.0.1 port 5060 (using INVITE method)
$perl sipscan.pl -h 192.168.0.0/24 -v -t tcp
To search SIP services on 192.168.0.0 network by TCP connection (using OPTIONS method)
$perl sipscan.pl -h 192.168.0.1-192.168.0.100 -r 5060-5070 -vv
To search SIP services on 192.168.0.100 ports from 5060 to 5070 (using OPTIONS method)

========
Sipexten

Identifies extensions on a SIP server. Sipexten uses multithread and can check IP and port ranges

$ perl sipexten.pl

SipEXTEN - by Pepelux <[email protected]>

Usage: perl sipexten.pl -h <host> [options]

== Options ==
-e <string> = Extensions (default 100-300)
-s <integer> = Source number (CallerID) (default: 100)
-d <integer> = Destination number (default: 100)
-r <integer> = Remote port (default: 5060)
-p <string> = Prefix (for extensions)
-proto <string> = Protocol (udp, tcp or all (both of them) - By default: ALL)
-ip <string> = Source IP (by default it is the same as host)
-nodb = Don't save into database (default save results on sippts.db)
-v = Verbose (trace information)
-vv = More verbose (more detailed trace)

== Examples ==
$perl sipexten.pl -h 192.168.0.1 -e 100-200 -v
To check extensions range from 100 to 200 (with verbose mode)
$perl sipexten.pl -h 192.168.0.1 -e 100-200 -v
To check several ranges
$perl sipexten.pl -h 192.168.0.1,192.168.2.0/24.192.168.3.1-192.168.50.200
To check extensions range from user100 to user200
$perl sipexten.pl -h 192.168.0.0/24 -e 100 -r 5060-5080 -vv
To check extension 100 with destination port between 5060 and 5080 (with packages info)

========
Sipcrack

Remote password cracker. Sipcrack uses multithread and can test passwords for several users in IP and port ranges

$ perl sipcrack.pl

SipCRACK - by Pepelux <[email protected]>

Usage: perl sipcrack.pl -h <host> -w wordlist [options]

== Options ==
-e <string> = Extension (default from 100 to 1000)
-s <integer> = Source number (CallerID) (default: 100)
-d <integer> = Destination number (default: 100)
-r <integer> = Remote port (default: 5060)
-p <string> = Prefix (for extensions)
-proto <string> = Protocol (udp or tcp - By default: udp)
-ip <string> = Source IP (by default it is the same as host)
-resume = Resume last session
-w = Wordlist
-nodb = Don't save into database (default save results on sippts.db)
-v = Verbose (trace information)
-vv = More verbose (more detailed trace)

== Examples ==
$perl sipcrack.pl -h 192.168.0.1 -w wordlist
Try to crack extensions from 100 to 1000 on 192.168.0.1 port 5060
$perl sipcrack.pl -h 192.168.0.0/24 -e 100-200 -p user -w wordlist -v
Try to crack extensions from user100 to user200 on 192.168.0.0 network

=========
Sipinvite

Check if a server allow us to make calls without authentication. If the SIP server has a bad configuration, it will allows us to make calls to external numbers. Also it can allow us to transfer the call to a second external number

$ perl sipinvite.pl

SipINVITE - by Pepelux <[email protected]>

Usage: perl sipinvite.pl -h <host> -d <dst_number> [options]

== Options ==
-d <integer> = Destination number
-u <string> = Username to authenticate
-p <string> = Password to authenticate
-s <integer> = Source number (CallerID) (default: 100)
-l <integer> = Local port (default: 5070)
-r <integer> = Remote port (default: 5060)
-t <integer> = Transfer call to another number
-ip <string> = Source IP (by default it is the same as host)
-v = Verbose (trace information)

== Examples ==
$perl sipinvite.pl -h 192.168.0.1 -d 100
Trying to make a call to exten 100 (without auth)
$perl sipinvite.pl -h 192.168.0.1 -u sipuser -p supersecret -d 100 -r 5080
Trying to make a call to exten 100 (with auth)
$perl sipinvite.pl -h 192.168.0.1 -s 200 -d 555555555 -v
Trying to make a call to number 555555555 (without auth) with source number 200
$perl sipinvite.pl -h 192.168.0.1 -d 555555555 -t 666666666
Trying to make a call to number 555555555 (without auth) and transfer it to number 666666666
$perl sipinvite.pl -h 192.168.0.1 -d 555555555 -t 666666666 -s 123456789
Trying to make a call to number 555555555 (without auth) using callerid 123456789 and transfer it to number 666666666

========
Sipsniff

Simple sniffer for SIP protocol that allows us to filter by SIP method type

$ perl sipsniff.pl

SipSNIFF - by Pepelux <[email protected]>

Usage: sudo perl -i <interface> sipsniff.pl [options]

== Options ==
-i <string> = Interface (ex: eth0)
-p <integer> = Port (default: 5060)
-m <string> = Filter method (ex: INVITE, REGISTER)
-u = Filter authentication digest

== Examples ==
$sudo perl sipsniff.pl -i eth0
$sudo perl sipsniff.pl -i eth0 -m INVITE
$sudo perl sipsniff.pl -i eth0 -u

======
Sipspy

Simple sip server that show us digest auth requests and responses. Example:

[=>] 192.168.1.129:43455 REGISTER
[ Sending digest => WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="405a7bc0" ]
[=>] 192.168.1.129:43455 REGISTER
[ Digest response => Authorization: Digest username="200", realm="asterisk", nonce="405a7bc0", uri="sip:[email protected]", response="e270e69d53011d2f1219b6dfe018743d", algorithm=MD5 ]

$ perl sipspy.pl -h

SipSPY - by Pepelux <[email protected]>

Usage: sudo perl sipspy.pl [options]

== Options ==
-p <integer> = Port (default: 5060)
-v = Verbose

==Operating System==
Sippts was tested on:

  • Linux
  • Mac OS X
  • Windows

==Requirements==

  • Perl

sudo apt-get install libnet-pcap-perl libio-socket-ip-perl libsocket-perl libnetaddr-ip-perl libdbd-sqlite3-perl
sudo cpan -i IO:Socket:Timeout
sudo cpan -i String:HexConvert

Attached Files
sippts-master.zip (25,915 bytes)

Activities

pepelux

pepelux

2018-11-28 10:13

reporter   ~0010035

New version: 1.2.2

sippts-1.2.2.zip (37,459 bytes)
pepelux

pepelux

2018-12-10 18:28

reporter   ~0010100

Hi! Has anyone been able to review it?

pepelux

pepelux

2019-01-22 12:22

reporter   ~0010230

New version: 1.2.6

  • Bug fixes
  • Added a new script to exploit the SIP Digest Leak vulnerability that affects a large number of hardware and software devices.
sippts-v1.2.6.zip (42,165 bytes)
pepelux

pepelux

2019-05-13 08:58

reporter   ~0010578

Version 1.2.7 released

https://github.com/Pepelux/sippts

g0tmi1k

g0tmi1k

2019-10-28 13:23

administrator   ~0011235

Last edited: 2020-01-06 13:19

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging

vseva

vseva

2019-12-10 11:56

reporter   ~0011629

package source at https://github.com/linuxmaniac/sippts

pepelux

pepelux

2022-05-18 09:03

reporter   ~0016158

New release 3.0.0 coded in python

  • Erased some scripts: sipsniff, sipspy and sipreport
  • Renamed script sipcracker to siprcrack
  • New script sipenumerate to enumerate available methods of a SIP sevice/server
  • New script sipdump to extract SIP Digest authentications from a PCAP file
  • New script sipcrack to crack the digest authentications within the SIP protocol

https://github.com/Pepelux/sippts/releases/tag/v3.0.0

wearecaster

wearecaster

2024-03-21 21:59

reporter   ~0019063

Hi. I want to help with packaging, however this tool requires such dependencies:
pyshark
arpspoof
rel
websocket-client

These are not available as packages in the Kali repositories (python3-pyshark, python3-arpspoof, python3-rel, python3-websocket-client)
What should I do?

@pepelux

Arszilla

Arszilla

2024-03-22 09:03

reporter   ~0019064

Last edited: 2024-03-22 09:05

@wearecaster refer to https://www.kali.org/docs/development/advanced-packaging-example/

You will have to package those dependencies too, then use the appropriate gbp flag to supply those dependencies, while having the Build-Depends mention the package names in your debian/rules.

Do note that you will have to create a ticket for those additional dependencies to be added to the repos.

pepelux

pepelux

2024-05-15 19:22

reporter   ~0019299

New version 4.0 available: https://github.com/Pepelux/sippts/releases/tag/v4.0

Now all scripts are unified into one

@wearecaster it has been tested in Kali ... only download from github and execute: pip3 install .

@vseva packed for Kali 2 years ago and nothing happened. It is hard work to package the files and I am not going to repeat it again if it is not going to be integrated into Kali.

pepelux

pepelux

2024-06-15 12:24

reporter   ~0019456

@g0tmi1k

I have been trying to get the SIPPTS tool added to Kali for 6 years now. It is not an ego issue and I have no special interest in myself. Nor do I have a financial interest. I know there are many pentesting tools in general, and you can't include all of them, but there is no other free program in Kali that is as complete in auditing VoIP networks. And, in fact, there are no tools in Kali that do the same, so it's not an issue of duplication. Sipvicious is an excellent tool, but the opensource part falls short.

If there is a technical reason that I can fix, I can work on it. If it's not really an option and you don't want to add it, close the request and I won't report anything anymore.

Arszilla

Arszilla

2024-06-23 13:25

reporter   ~0019465

@pepelux, the issue is that the team is working on many things at once, and I am one of the only few I know who volunteer to package tools. I volunteer and package whatever tools I can in my free time.

I understand your frustration, but if you look at the tool addition requests in general, there are dozens of tool additions queued, and I just randomly go through them and package whatever I can. If you wish to speed up the process, take a look at the documentation on how to help out with packaging.

Taking a brief look at sippts, there are 4 Python libraries that will have to be packaged before sippts is packaged.

Issue History

Date Modified Username Field Change
2018-07-24 16:52 pepelux New Issue
2018-07-24 16:52 pepelux File Added: sippts-master.zip
2018-07-28 20:49 elwood Status new => acknowledged
2018-08-06 10:24 g0tmi1k Summary Suite of tools for penetration test over SIP protocol => Sipscan/Sipexten/Sipcrack/Sipinvite/Sipsniff/Sipspy - Suite of tools for penetration test over SIP protocol
2018-11-28 10:13 pepelux File Added: sippts-1.2.2.zip
2018-11-28 10:13 pepelux Note Added: 0010035
2018-12-10 18:28 pepelux Note Added: 0010100
2019-01-22 12:22 pepelux File Added: sippts-v1.2.6.zip
2019-01-22 12:22 pepelux Note Added: 0010230
2019-05-13 08:58 pepelux Note Added: 0010578
2019-10-28 13:23 g0tmi1k Note Added: 0011235
2019-10-28 13:23 g0tmi1k Status acknowledged => new
2019-10-28 13:23 g0tmi1k Category New Tool Requests => Queued Tool Addition
2019-10-28 16:01 g0tmi1k Severity minor => feature
2019-10-28 16:01 g0tmi1k Status new => assigned
2019-12-10 11:56 vseva Note Added: 0011629
2020-01-06 13:07 g0tmi1k Status assigned => acknowledged
2020-01-06 13:19 g0tmi1k Note Edited: 0011235
2020-06-17 14:57 g0tmi1k Severity feature => minor
2022-05-18 09:03 pepelux Note Added: 0016158
2023-10-18 11:42 daniruiz Summary Sipscan/Sipexten/Sipcrack/Sipinvite/Sipsniff/Sipspy - Suite of tools for penetration test over SIP protocol => Sipspy - Suite of tools for penetration test over SIP protocol
2024-03-17 12:23 daniruiz Summary Sipspy - Suite of tools for penetration test over SIP protocol => sippts - Suite of tools for penetration test over SIP protocol
2024-03-21 21:59 wearecaster Note Added: 0019063
2024-03-22 09:03 Arszilla Note Added: 0019064
2024-03-22 09:05 Arszilla Note Edited: 0019064
2024-05-15 19:22 pepelux Note Added: 0019299
2024-06-15 12:24 pepelux Note Added: 0019456
2024-06-23 13:25 Arszilla Note Added: 0019465