View Issue Details

IDProjectCategoryView StatusLast Update
0004863Kali LinuxQueued Tool Additionpublic2024-07-11 10:26
Reporterpepelux Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status acknowledgedResolutionopen 
Summary0004863: sippts - Suite of tools for penetration test over SIP protocol
Description

==Suite of tools for penetration test over SIP protocol==

========
Download

https://github.com/Pepelux/sippts

Sippts is a suite of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Perl script and it consists of:

=======
Sipscan

Fast scanner for SIP services that uses multithread. Sipscan can check IP and port ranges and works over UDP or TCP.

$ perl sipscan.pl

SipSCAN - by Pepelux <[email protected]>

Usage: perl sipscan.pl -h <host> [options]

== Options ==
-m <string> = Method: REGISTER/INVITE/OPTIONS (default: OPTIONS)
-u <string> = Username
-s <integer> = Source number (CallerID) (default: 100)
-d <integer> = Destination number (default: 100)
-r <integer> = Remote port (default: 5060)
-proto <string> = Protocol (udp, tcp or all (both of them) - By default: ALL)
-ip <string> = Source IP (by default it is the same as host)
-nodb = Don't save into database (default save results on sippts.db)
-v = Verbose (trace information)
-vv = More verbose (more detailed trace)

== Examples ==
$perl sipscan.pl -h 192.168.0.1
To search SIP services on 192.168.0.1 port 5060 (using OPTIONS method)
To search several ranges
$perl sipscan.pl -h 192.168.0.1,192.168.2.0/24.192.168.3.1-192.168.20.200
To search SIP services using INVITE method
$perl sipscan.pl -h 192.168.0.1 -m INVITE
To search SIP services on 192.168.0.1 port 5060 (using INVITE method)
$perl sipscan.pl -h 192.168.0.0/24 -v -t tcp
To search SIP services on 192.168.0.0 network by TCP connection (using OPTIONS method)
$perl sipscan.pl -h 192.168.0.1-192.168.0.100 -r 5060-5070 -vv
To search SIP services on 192.168.0.100 ports from 5060 to 5070 (using OPTIONS method)

========
Sipexten

Identifies extensions on a SIP server. Sipexten uses multithread and can check IP and port ranges

$ perl sipexten.pl

SipEXTEN - by Pepelux <[email protected]>

Usage: perl sipexten.pl -h <host> [options]

== Options ==
-e <string> = Extensions (default 100-300)
-s <integer> = Source number (CallerID) (default: 100)
-d <integer> = Destination number (default: 100)
-r <integer> = Remote port (default: 5060)
-p <string> = Prefix (for extensions)
-proto <string> = Protocol (udp, tcp or all (both of them) - By default: ALL)
-ip <string> = Source IP (by default it is the same as host)
-nodb = Don't save into database (default save results on sippts.db)
-v = Verbose (trace information)
-vv = More verbose (more detailed trace)

== Examples ==
$perl sipexten.pl -h 192.168.0.1 -e 100-200 -v
To check extensions range from 100 to 200 (with verbose mode)
$perl sipexten.pl -h 192.168.0.1 -e 100-200 -v
To check several ranges
$perl sipexten.pl -h 192.168.0.1,192.168.2.0/24.192.168.3.1-192.168.50.200
To check extensions range from user100 to user200
$perl sipexten.pl -h 192.168.0.0/24 -e 100 -r 5060-5080 -vv
To check extension 100 with destination port between 5060 and 5080 (with packages info)

========
Sipcrack

Remote password cracker. Sipcrack uses multithread and can test passwords for several users in IP and port ranges

$ perl sipcrack.pl

SipCRACK - by Pepelux <[email protected]>

Usage: perl sipcrack.pl -h <host> -w wordlist [options]

== Options ==
-e <string> = Extension (default from 100 to 1000)
-s <integer> = Source number (CallerID) (default: 100)
-d <integer> = Destination number (default: 100)
-r <integer> = Remote port (default: 5060)
-p <string> = Prefix (for extensions)
-proto <string> = Protocol (udp or tcp - By default: udp)
-ip <string> = Source IP (by default it is the same as host)
-resume = Resume last session
-w = Wordlist
-nodb = Don't save into database (default save results on sippts.db)
-v = Verbose (trace information)
-vv = More verbose (more detailed trace)

== Examples ==
$perl sipcrack.pl -h 192.168.0.1 -w wordlist
Try to crack extensions from 100 to 1000 on 192.168.0.1 port 5060
$perl sipcrack.pl -h 192.168.0.0/24 -e 100-200 -p user -w wordlist -v
Try to crack extensions from user100 to user200 on 192.168.0.0 network

=========
Sipinvite

Check if a server allow us to make calls without authentication. If the SIP server has a bad configuration, it will allows us to make calls to external numbers. Also it can allow us to transfer the call to a second external number

$ perl sipinvite.pl

SipINVITE - by Pepelux <[email protected]>

Usage: perl sipinvite.pl -h <host> -d <dst_number> [options]

== Options ==
-d <integer> = Destination number
-u <string> = Username to authenticate
-p <string> = Password to authenticate
-s <integer> = Source number (CallerID) (default: 100)
-l <integer> = Local port (default: 5070)
-r <integer> = Remote port (default: 5060)
-t <integer> = Transfer call to another number
-ip <string> = Source IP (by default it is the same as host)
-v = Verbose (trace information)

== Examples ==
$perl sipinvite.pl -h 192.168.0.1 -d 100
Trying to make a call to exten 100 (without auth)
$perl sipinvite.pl -h 192.168.0.1 -u sipuser -p supersecret -d 100 -r 5080
Trying to make a call to exten 100 (with auth)
$perl sipinvite.pl -h 192.168.0.1 -s 200 -d 555555555 -v
Trying to make a call to number 555555555 (without auth) with source number 200
$perl sipinvite.pl -h 192.168.0.1 -d 555555555 -t 666666666
Trying to make a call to number 555555555 (without auth) and transfer it to number 666666666
$perl sipinvite.pl -h 192.168.0.1 -d 555555555 -t 666666666 -s 123456789
Trying to make a call to number 555555555 (without auth) using callerid 123456789 and transfer it to number 666666666

========
Sipsniff

Simple sniffer for SIP protocol that allows us to filter by SIP method type

$ perl sipsniff.pl

SipSNIFF - by Pepelux <[email protected]>

Usage: sudo perl -i <interface> sipsniff.pl [options]

== Options ==
-i <string> = Interface (ex: eth0)
-p <integer> = Port (default: 5060)
-m <string> = Filter method (ex: INVITE, REGISTER)
-u = Filter authentication digest

== Examples ==
$sudo perl sipsniff.pl -i eth0
$sudo perl sipsniff.pl -i eth0 -m INVITE
$sudo perl sipsniff.pl -i eth0 -u

======
Sipspy

Simple sip server that show us digest auth requests and responses. Example:

[=>] 192.168.1.129:43455 REGISTER
[ Sending digest => WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="405a7bc0" ]
[=>] 192.168.1.129:43455 REGISTER
[ Digest response => Authorization: Digest username="200", realm="asterisk", nonce="405a7bc0", uri="sip:[email protected]", response="e270e69d53011d2f1219b6dfe018743d", algorithm=MD5 ]

$ perl sipspy.pl -h

SipSPY - by Pepelux <[email protected]>

Usage: sudo perl sipspy.pl [options]

== Options ==
-p <integer> = Port (default: 5060)
-v = Verbose

==Operating System==
Sippts was tested on:

  • Linux
  • Mac OS X
  • Windows

==Requirements==

  • Perl

sudo apt-get install libnet-pcap-perl libio-socket-ip-perl libsocket-perl libnetaddr-ip-perl libdbd-sqlite3-perl
sudo cpan -i IO:Socket:Timeout
sudo cpan -i String:HexConvert

Attached Files
sippts-master.zip (25,915 bytes)

Activities

pepelux

pepelux

2018-11-28 10:13

reporter   ~0010035

New version: 1.2.2

sippts-1.2.2.zip (37,459 bytes)
pepelux

pepelux

2018-12-10 18:28

reporter   ~0010100

Hi! Has anyone been able to review it?

pepelux

pepelux

2019-01-22 12:22

reporter   ~0010230

New version: 1.2.6

  • Bug fixes
  • Added a new script to exploit the SIP Digest Leak vulnerability that affects a large number of hardware and software devices.
sippts-v1.2.6.zip (42,165 bytes)
pepelux

pepelux

2019-05-13 08:58

reporter   ~0010578

Version 1.2.7 released

https://github.com/Pepelux/sippts

g0tmi1k

g0tmi1k

2019-10-28 13:23

administrator   ~0011235

Last edited: 2020-01-06 13:19

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging

vseva

vseva

2019-12-10 11:56

reporter   ~0011629

package source at https://github.com/linuxmaniac/sippts

pepelux

pepelux

2022-05-18 09:03

reporter   ~0016158

New release 3.0.0 coded in python

  • Erased some scripts: sipsniff, sipspy and sipreport
  • Renamed script sipcracker to siprcrack
  • New script sipenumerate to enumerate available methods of a SIP sevice/server
  • New script sipdump to extract SIP Digest authentications from a PCAP file
  • New script sipcrack to crack the digest authentications within the SIP protocol

https://github.com/Pepelux/sippts/releases/tag/v3.0.0

wearecaster

wearecaster

2024-03-21 21:59

reporter   ~0019063

Hi. I want to help with packaging, however this tool requires such dependencies:
pyshark
arpspoof
rel
websocket-client

These are not available as packages in the Kali repositories (python3-pyshark, python3-arpspoof, python3-rel, python3-websocket-client)
What should I do?

@pepelux

Arszilla

Arszilla

2024-03-22 09:03

reporter   ~0019064

Last edited: 2024-03-22 09:05

@wearecaster refer to https://www.kali.org/docs/development/advanced-packaging-example/

You will have to package those dependencies too, then use the appropriate gbp flag to supply those dependencies, while having the Build-Depends mention the package names in your debian/rules.

Do note that you will have to create a ticket for those additional dependencies to be added to the repos.

pepelux

pepelux

2024-05-15 19:22

reporter   ~0019299

New version 4.0 available: https://github.com/Pepelux/sippts/releases/tag/v4.0

Now all scripts are unified into one

@wearecaster it has been tested in Kali ... only download from github and execute: pip3 install .

@vseva packed for Kali 2 years ago and nothing happened. It is hard work to package the files and I am not going to repeat it again if it is not going to be integrated into Kali.

pepelux

pepelux

2024-06-15 12:24

reporter   ~0019456

@g0tmi1k

I have been trying to get the SIPPTS tool added to Kali for 6 years now. It is not an ego issue and I have no special interest in myself. Nor do I have a financial interest. I know there are many pentesting tools in general, and you can't include all of them, but there is no other free program in Kali that is as complete in auditing VoIP networks. And, in fact, there are no tools in Kali that do the same, so it's not an issue of duplication. Sipvicious is an excellent tool, but the opensource part falls short.

If there is a technical reason that I can fix, I can work on it. If it's not really an option and you don't want to add it, close the request and I won't report anything anymore.

Arszilla

Arszilla

2024-06-23 13:25

reporter   ~0019465

@pepelux, the issue is that the team is working on many things at once, and I am one of the only few I know who volunteer to package tools. I volunteer and package whatever tools I can in my free time.

I understand your frustration, but if you look at the tool addition requests in general, there are dozens of tool additions queued, and I just randomly go through them and package whatever I can. If you wish to speed up the process, take a look at the documentation on how to help out with packaging.

Taking a brief look at sippts, there are 4 Python libraries that will have to be packaged before sippts is packaged.

Arszilla

Arszilla

2024-06-23 21:34

reporter   ~0019467

Last edited: 2024-06-23 21:39

@pepelux I have drafted a provisional package, but seems like the tool is broken. The contents of the package are as follows:

drwxr-xr-x root/root         0 2024-06-23 12:55 ./
drwxr-xr-x root/root         0 2024-06-23 12:55 ./usr/
drwxr-xr-x root/root         0 2024-06-23 12:55 ./usr/bin/
-rwxr-xr-x root/root     12493 2024-06-23 12:55 ./usr/bin/sippts
drwxr-xr-x root/root         0 2024-06-23 12:55 ./usr/lib/
drwxr-xr-x root/root         0 2024-06-23 12:55 ./usr/lib/python3/
drwxr-xr-x root/root         0 2024-06-23 12:55 ./usr/lib/python3/dist-packages/
drwxr-xr-x root/root         0 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts-4.0.dev0.dist-info/
-rw-r--r-- root/root         7 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts-4.0.dev0.dist-info/INSTALLER
-rw-r--r-- root/root     56149 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts-4.0.dev0.dist-info/METADATA
-rw-r--r-- root/root        92 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts-4.0.dev0.dist-info/WHEEL
-rw-r--r-- root/root         7 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts-4.0.dev0.dist-info/top_level.txt
drwxr-xr-x root/root         0 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/
-rw-r--r-- root/root     11041 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/arpspoof.py
drwxr-xr-x root/root         0 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/data/
-rw-r--r-- root/root     41414 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/data/cve.csv
drwxr-xr-x root/root         0 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/lib/
-rw-r--r-- root/root         0 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/lib/__init__.py
-rw-r--r-- root/root      1210 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/lib/color.py
-rw-r--r-- root/root     38002 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/lib/functions.py
-rw-r--r-- root/root      5341 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/lib/logos.py
-rw-r--r-- root/root     95298 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/lib/params.py
-rw-r--r-- root/root      2539 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/rtcpbleed.py
-rw-r--r-- root/root      4262 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/rtpbleed.py
-rw-r--r-- root/root      3603 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/rtpbleedflood.py
-rw-r--r-- root/root      4946 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/rtpbleedinject.py
-rw-r--r-- root/root     14752 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/sipdigestcrack.py
-rw-r--r-- root/root     25670 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/sipdigestleak.py
-rw-r--r-- root/root     11720 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/sipenumerate.py
-rw-r--r-- root/root     14794 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/sipexten.py
-rw-r--r-- root/root     12156 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/sipflood.py
-rw-r--r-- root/root     23474 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/sipinvite.py
-rw-r--r-- root/root      2848 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/sippcapdump.py
-rw-r--r-- root/root     10536 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/sipping.py
-rw-r--r-- root/root     19814 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/siprcrack.py
-rw-r--r-- root/root     29017 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/sipscan.py
-rw-r--r-- root/root     16481 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/sipsend.py
-rw-r--r-- root/root     12688 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/sipsniff.py
-rw-r--r-- root/root      3760 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/siptshark.py
-rw-r--r-- root/root      6951 2024-06-23 12:55 ./usr/lib/python3/dist-packages/sippts/wssend.py
drwxr-xr-x root/root         0 2024-06-23 12:55 ./usr/share/
drwxr-xr-x root/root         0 2024-06-23 12:55 ./usr/share/doc/
drwxr-xr-x root/root         0 2024-06-23 12:55 ./usr/share/doc/sippts/
-rw-r--r-- root/root       145 2024-06-23 12:55 ./usr/share/doc/sippts/changelog.Debian.gz
-rw-r--r-- root/root      2083 2024-05-15 19:10 ./usr/share/doc/sippts/changelog.gz
-rw-r--r-- root/root      1082 2024-06-23 12:55 ./usr/share/doc/sippts/copyright

When all the dependencies are installed, sippts -h throws this error:

┌──(root㉿faa79509345f)-[~]
└─# sippts -h
Traceback (most recent call last):
  File &quot;/usr/bin/sippts&quot;, line 411, in &lt;module>
    main()
  File &quot;/usr/bin/sippts&quot;, line 14, in main
    params = get_sippts_args()
             ^^^^^^^^^^^^^^^^^
  File &quot;/usr/lib/python3/dist-packages/sippts/lib/params.py&quot;, line 48, in get_sippts_args
    local_cve_version = load_cve_version()
                        ^^^^^^^^^^^^^^^^^^
  File &quot;/usr/lib/python3/dist-packages/sippts/lib/functions.py&quot;, line 1137, in load_cve_version
    with open(path) as f:
         ^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/usr/local/lib/python3.11/dist-packages/sippts/data/cve.csv'

Beyond that, despite declaring several dependencies in requirements.txt, you have seem to have missed requests. Please make sure all your dependencies are declared properly and clearly.

Until this issue is solved, sippts cannot be added to Kali. However, the provisional package and its dependencies are available below:

pepelux

pepelux

2024-07-11 10:22

reporter   ~0019516

@arszilla

I really appreciate the selfless time you spend in packaging and reviewing all the tools. I was just asking if there was any intention to add the tool, if it is useful for Kali, mostly to stop uploading updates and stop insisting. I'm in no hurry, but it's been 6 years since the submit :)

I think the bugs you mentioned are fixed. I don't have experience packaging tools, but on a clean Kali, with a 'pip3 install .' it installs and works correctly.

Anything else let me know and I'll check it out.

Thank you very much.

Translated with DeepL.com (free version)

Arszilla

Arszilla

2024-07-11 10:26

reporter   ~0019517

Please refer to the packaging documentation to understand how the packaging is done:

We cannot nor will use pip3 install etc. in any shape or form to build/install a package. This is not the Debian way of packaging tools/libraries etc.

I will check the package again later this week for a new release, so please make sure a release is out.

Issue History

Date Modified Username Field Change
2018-07-24 16:52 pepelux New Issue
2018-07-24 16:52 pepelux File Added: sippts-master.zip
2018-07-28 20:49 elwood Status new => acknowledged
2018-08-06 10:24 g0tmi1k Summary Suite of tools for penetration test over SIP protocol => Sipscan/Sipexten/Sipcrack/Sipinvite/Sipsniff/Sipspy - Suite of tools for penetration test over SIP protocol
2018-11-28 10:13 pepelux File Added: sippts-1.2.2.zip
2018-11-28 10:13 pepelux Note Added: 0010035
2018-12-10 18:28 pepelux Note Added: 0010100
2019-01-22 12:22 pepelux File Added: sippts-v1.2.6.zip
2019-01-22 12:22 pepelux Note Added: 0010230
2019-05-13 08:58 pepelux Note Added: 0010578
2019-10-28 13:23 g0tmi1k Note Added: 0011235
2019-10-28 13:23 g0tmi1k Status acknowledged => new
2019-10-28 13:23 g0tmi1k Category New Tool Requests => Queued Tool Addition
2019-10-28 16:01 g0tmi1k Severity minor => feature
2019-10-28 16:01 g0tmi1k Status new => assigned
2019-12-10 11:56 vseva Note Added: 0011629
2020-01-06 13:07 g0tmi1k Status assigned => acknowledged
2020-01-06 13:19 g0tmi1k Note Edited: 0011235
2020-06-17 14:57 g0tmi1k Severity feature => minor
2022-05-18 09:03 pepelux Note Added: 0016158
2023-10-18 11:42 daniruiz Summary Sipscan/Sipexten/Sipcrack/Sipinvite/Sipsniff/Sipspy - Suite of tools for penetration test over SIP protocol => Sipspy - Suite of tools for penetration test over SIP protocol
2024-03-17 12:23 daniruiz Summary Sipspy - Suite of tools for penetration test over SIP protocol => sippts - Suite of tools for penetration test over SIP protocol
2024-03-21 21:59 wearecaster Note Added: 0019063
2024-03-22 09:03 Arszilla Note Added: 0019064
2024-03-22 09:05 Arszilla Note Edited: 0019064
2024-05-15 19:22 pepelux Note Added: 0019299
2024-06-15 12:24 pepelux Note Added: 0019456
2024-06-23 13:25 Arszilla Note Added: 0019465
2024-06-23 21:34 Arszilla Note Added: 0019467
2024-06-23 21:39 Arszilla Note Edited: 0019467
2024-07-11 10:22 pepelux Note Added: 0019516
2024-07-11 10:26 Arszilla Note Added: 0019517