EnableSecurity VOIPPACK

EnableSecurity VoIPPack for CANVAS is a set of tools that are designed to work with Immunity CANVAS software. The tools target VoIP systems such as PBX servers, IP Phones and SIP gateways. The tools currently feature:

  • sipscan – Scans the network for SIP devices and identifies the user-agent and if the device is a PBX
  • sipenumerate – Enumerates extensions on a PBX server
  • sipcrack – Launches password attacks on the PBX server
  • sipautohack – Given a target network, this module will scan for SIP devices, enumerate any extensions on all PBX servers found and try to guess their password
  • iax2scan – Scans the network for IAX2 (Asterisk) devices
  • asterisknow_exec – Installs MOSDEF on an AsteriskNOW 1.0.2 if configuration credentials are known
  • voipdnssrv – Enumerates SRV records that are relevant to VOIP (SIP, IAX2, H.323) and resolves to IP address
  • sipdigestleak – Forces IP Phones to leak out the digest credentials and performs a quick offline password attack
  • ghostcall – Rings all phones on a target network at the same time
  • digestcracker – offline SIP digest password recovery tool
  • sipphonecall – emulates  the control part of an IP phone and can be used to test if a phone will ring
  • sipgetringers – Finds out which number / extension an IP Phone rings on
  • iax2enumerate – which like sipenumerate, tries to guess extensions present on the Asterisk box, and will inform you if the extension has any password set or not
  • iax2cracker – which given a known extension on the Asterisk box, will attempt to recover the password through an online bruteforce attack
  • iax2autohack – which finds out any Asterisk servers on the network, enumerates the extensions and launches a password cracking attack on each extension
  • asteriskdiscomfort – a DoS vulnerability fixed in AST-2009-010
  • asterisksscanfdos – a DoS vulnerability fixed in AST-2009-005
  • bypassalwaysreject – enumerating extensions on Asterisk boxes that use the alwaysauthreject option
  • elastix_defaults – checks for the default passwords and paths in Elastix
  • iax2resourceexhaust – a protocol design vulnerability that was mitigated in AST-2009-006
  • sipinviteflood – an old SIP DoS that still works on a number of SIP devices
  • sipopenrelay – checks for SIP open relays, that may allow anonymous users to make fraudulent calls
  • trixbox_defaults – checks for the default passwords and paths in Trixbox

Buy VOIPPACK

You can now purchase the software from our resellers Immunity!

Discussions on VOIPPACK: contact us.

Check out the demonstration videos:

Brochure PDF download

Screenshots

voippacksc