View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004863 | Kali Linux | [All Projects] Queued Tool Addition | public | 2018-07-24 16:52 | 2022-05-18 09:03 |
| Reporter | pepelux | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | acknowledged | Resolution | open | ||
| Product Version | |||||
| Target Version | Fixed in Version | ||||
| Summary | 0004863: Sipscan/Sipexten/Sipcrack/Sipinvite/Sipsniff/Sipspy - Suite of tools for penetration test over SIP protocol | ||||
| Description | ==Suite of tools for penetration test over SIP protocol== ======== Download ======== https://github.com/Pepelux/sippts Sippts is a suite of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Perl script and it consists of: ======= Sipscan ======= Fast scanner for SIP services that uses multithread. Sipscan can check IP and port ranges and works over UDP or TCP. $ perl sipscan.pl SipSCAN - by Pepelux <pepeluxx@gmail.com> ------- Usage: perl sipscan.pl -h <host> [options] == Options == -m <string> = Method: REGISTER/INVITE/OPTIONS (default: OPTIONS) -u <string> = Username -s <integer> = Source number (CallerID) (default: 100) -d <integer> = Destination number (default: 100) -r <integer> = Remote port (default: 5060) -proto <string> = Protocol (udp, tcp or all (both of them) - By default: ALL) -ip <string> = Source IP (by default it is the same as host) -nodb = Don't save into database (default save results on sippts.db) -v = Verbose (trace information) -vv = More verbose (more detailed trace) == Examples == $perl sipscan.pl -h 192.168.0.1 To search SIP services on 192.168.0.1 port 5060 (using OPTIONS method) To search several ranges $perl sipscan.pl -h 192.168.0.1,192.168.2.0/24.192.168.3.1-192.168.20.200 To search SIP services using INVITE method $perl sipscan.pl -h 192.168.0.1 -m INVITE To search SIP services on 192.168.0.1 port 5060 (using INVITE method) $perl sipscan.pl -h 192.168.0.0/24 -v -t tcp To search SIP services on 192.168.0.0 network by TCP connection (using OPTIONS method) $perl sipscan.pl -h 192.168.0.1-192.168.0.100 -r 5060-5070 -vv To search SIP services on 192.168.0.100 ports from 5060 to 5070 (using OPTIONS method) ======== Sipexten ======== Identifies extensions on a SIP server. Sipexten uses multithread and can check IP and port ranges $ perl sipexten.pl SipEXTEN - by Pepelux <pepeluxx@gmail.com> -------- Usage: perl sipexten.pl -h <host> [options] == Options == -e <string> = Extensions (default 100-300) -s <integer> = Source number (CallerID) (default: 100) -d <integer> = Destination number (default: 100) -r <integer> = Remote port (default: 5060) -p <string> = Prefix (for extensions) -proto <string> = Protocol (udp, tcp or all (both of them) - By default: ALL) -ip <string> = Source IP (by default it is the same as host) -nodb = Don't save into database (default save results on sippts.db) -v = Verbose (trace information) -vv = More verbose (more detailed trace) == Examples == $perl sipexten.pl -h 192.168.0.1 -e 100-200 -v To check extensions range from 100 to 200 (with verbose mode) $perl sipexten.pl -h 192.168.0.1 -e 100-200 -v To check several ranges $perl sipexten.pl -h 192.168.0.1,192.168.2.0/24.192.168.3.1-192.168.50.200 To check extensions range from user100 to user200 $perl sipexten.pl -h 192.168.0.0/24 -e 100 -r 5060-5080 -vv To check extension 100 with destination port between 5060 and 5080 (with packages info) ======== Sipcrack ======== Remote password cracker. Sipcrack uses multithread and can test passwords for several users in IP and port ranges $ perl sipcrack.pl SipCRACK - by Pepelux <pepeluxx@gmail.com> -------- Usage: perl sipcrack.pl -h <host> -w wordlist [options] == Options == -e <string> = Extension (default from 100 to 1000) -s <integer> = Source number (CallerID) (default: 100) -d <integer> = Destination number (default: 100) -r <integer> = Remote port (default: 5060) -p <string> = Prefix (for extensions) -proto <string> = Protocol (udp or tcp - By default: udp) -ip <string> = Source IP (by default it is the same as host) -resume = Resume last session -w = Wordlist -nodb = Don't save into database (default save results on sippts.db) -v = Verbose (trace information) -vv = More verbose (more detailed trace) == Examples == $perl sipcrack.pl -h 192.168.0.1 -w wordlist Try to crack extensions from 100 to 1000 on 192.168.0.1 port 5060 $perl sipcrack.pl -h 192.168.0.0/24 -e 100-200 -p user -w wordlist -v Try to crack extensions from user100 to user200 on 192.168.0.0 network ========= Sipinvite ========= Check if a server allow us to make calls without authentication. If the SIP server has a bad configuration, it will allows us to make calls to external numbers. Also it can allow us to transfer the call to a second external number $ perl sipinvite.pl SipINVITE - by Pepelux <pepeluxx@gmail.com> --------- Usage: perl sipinvite.pl -h <host> -d <dst_number> [options] == Options == -d <integer> = Destination number -u <string> = Username to authenticate -p <string> = Password to authenticate -s <integer> = Source number (CallerID) (default: 100) -l <integer> = Local port (default: 5070) -r <integer> = Remote port (default: 5060) -t <integer> = Transfer call to another number -ip <string> = Source IP (by default it is the same as host) -v = Verbose (trace information) == Examples == $perl sipinvite.pl -h 192.168.0.1 -d 100 Trying to make a call to exten 100 (without auth) $perl sipinvite.pl -h 192.168.0.1 -u sipuser -p supersecret -d 100 -r 5080 Trying to make a call to exten 100 (with auth) $perl sipinvite.pl -h 192.168.0.1 -s 200 -d 555555555 -v Trying to make a call to number 555555555 (without auth) with source number 200 $perl sipinvite.pl -h 192.168.0.1 -d 555555555 -t 666666666 Trying to make a call to number 555555555 (without auth) and transfer it to number 666666666 $perl sipinvite.pl -h 192.168.0.1 -d 555555555 -t 666666666 -s 123456789 Trying to make a call to number 555555555 (without auth) using callerid 123456789 and transfer it to number 666666666 ======== Sipsniff ======== Simple sniffer for SIP protocol that allows us to filter by SIP method type $ perl sipsniff.pl SipSNIFF - by Pepelux <pepeluxx@gmail.com> -------- Usage: sudo perl -i <interface> sipsniff.pl [options] == Options == -i <string> = Interface (ex: eth0) -p <integer> = Port (default: 5060) -m <string> = Filter method (ex: INVITE, REGISTER) -u = Filter authentication digest == Examples == $sudo perl sipsniff.pl -i eth0 $sudo perl sipsniff.pl -i eth0 -m INVITE $sudo perl sipsniff.pl -i eth0 -u ====== Sipspy ====== Simple sip server that show us digest auth requests and responses. Example: [=>] 192.168.1.129:43455 REGISTER [ Sending digest => WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="405a7bc0" ] [=>] 192.168.1.129:43455 REGISTER [ Digest response => Authorization: Digest username="200", realm="asterisk", nonce="405a7bc0", uri="sip:201@192.168.1.129", response="e270e69d53011d2f1219b6dfe018743d", algorithm=MD5 ] $ perl sipspy.pl -h SipSPY - by Pepelux <pepeluxx@gmail.com> -------- Usage: sudo perl sipspy.pl [options] == Options == -p <integer> = Port (default: 5060) -v = Verbose ==Operating System== Sippts was tested on: * Linux * Mac OS X * Windows ==Requirements== * Perl sudo apt-get install libnet-pcap-perl libio-socket-ip-perl libsocket-perl libnetaddr-ip-perl libdbd-sqlite3-perl sudo cpan -i IO:Socket:Timeout sudo cpan -i String:HexConvert | ||||
|
|
sippts-master.zip (25,915 bytes) |
|
|
New version: 1.2.2 sippts-1.2.2.zip (37,459 bytes) |
|
|
Hi! Has anyone been able to review it? |
|
|
New version: 1.2.6 - Bug fixes - Added a new script to exploit the SIP Digest Leak vulnerability that affects a large number of hardware and software devices. sippts-v1.2.6.zip (42,165 bytes) |
|
|
Version 1.2.7 released https://github.com/Pepelux/sippts |
|
|
@kali-team, please could this be packaged up. @author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging |
|
|
package source at https://github.com/linuxmaniac/sippts |
|
|
New release 3.0.0 coded in python - Erased some scripts: sipsniff, sipspy and sipreport - Renamed script sipcracker to siprcrack - New script sipenumerate to enumerate available methods of a SIP sevice/server - New script sipdump to extract SIP Digest authentications from a PCAP file - New script sipcrack to crack the digest authentications within the SIP protocol https://github.com/Pepelux/sippts/releases/tag/v3.0.0 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-07-24 16:52 | pepelux | New Issue | |
| 2018-07-24 16:52 | pepelux | File Added: sippts-master.zip | |
| 2018-07-28 20:49 | elwood | Status | new => acknowledged |
| 2018-08-06 10:24 | g0tmi1k | Summary | Suite of tools for penetration test over SIP protocol => Sipscan/Sipexten/Sipcrack/Sipinvite/Sipsniff/Sipspy - Suite of tools for penetration test over SIP protocol |
| 2018-11-28 10:13 | pepelux | File Added: sippts-1.2.2.zip | |
| 2018-11-28 10:13 | pepelux | Note Added: 0010035 | |
| 2018-12-10 18:28 | pepelux | Note Added: 0010100 | |
| 2019-01-22 12:22 | pepelux | File Added: sippts-v1.2.6.zip | |
| 2019-01-22 12:22 | pepelux | Note Added: 0010230 | |
| 2019-05-13 08:58 | pepelux | Note Added: 0010578 | |
| 2019-10-28 13:23 | g0tmi1k | Note Added: 0011235 | |
| 2019-10-28 13:23 | g0tmi1k | Status | acknowledged => new |
| 2019-10-28 13:23 | g0tmi1k | Category | New Tool Requests => Queued Tool Addition |
| 2019-10-28 16:01 | g0tmi1k | Severity | minor => feature |
| 2019-10-28 16:01 | g0tmi1k | Status | new => assigned |
| 2019-12-10 11:56 | vseva | Note Added: 0011629 | |
| 2020-01-06 13:07 | g0tmi1k | Status | assigned => acknowledged |
| 2020-01-06 13:19 | g0tmi1k | Note Edited: 0011235 | View Revisions |
| 2020-06-17 14:57 | g0tmi1k | Severity | feature => minor |
| 2022-05-18 09:03 | pepelux | Note Added: 0016158 |