Skip to main content

Tags sipvicious pro

SIPVicious PRO 6.0.0-beta.2 takes STDIN and fixes various bugs

What we’re excited about in this minor update is the addition of a new feature to the SIP cracker in SIPVicious PRO. Basically, it now takes input from external tools through standard input. Why? Because it allows infinite ways of generating potential usernames, passwords and/or SIP extensions when making use of external tools such as the maskprocessor included in the well known password cracker, hashcat. Here’s an animation showing usage of the maskprocessor to generate passwords for the SIP online cracking tool:…

Read more »

Bug discovery diaries: uncovering sngrep overflow issues with blackbox fuzzing

Executive summary (TL;DR) During OpenSIPIt, we crashed sngrep by mistake while briefly fuzzing OpenSIPS. Later on we setup a docker environment to reproduce the issue, identified the actual bugs and reported them upstream. If you want to learn the simple steps to do this, you actually have to read the rest of the post :-) sngrep crash during the live OpenSIPit event Last year we participated in OpenSIPIt’s interoperability testing event which was held between the 14th and 15th of September 2020.…

Read more »

SIPVicious PRO beta release contains SIP fuzzer and better automation

We just made SIPVicious PRO v6.0.0-beta.1 available to our beta testers. This latest release brings a new SIP fuzzer and enhancements for automation to your favourite RTC offensive security toolset. We have the following highlights with this release: New fuzzing tools - sip fuzz method. This used to be in a separate internal tool called gasoline (see our toolset page); this now been polished and has joined the SVPRO toolset; this has been used to identify vulnerabilities in Kamailio (advisory), sngrep (advisory 1 and 2) and other SIP servers.…

Read more »

How doing QA testing for SIPVicious PRO led to an Asterisk DoS

Executive summary (TL;DR) While heavily testing SIPVicious PRO for bugs, we encountered an unexpected crash in Asterisk. We reported this to the Asterisk team, who recently issued a fix. If you’re a vendor, you too can beta test SIPVicious PRO! How the Asterisk crash was found We test our software as much as we can because, like any other software, ours contains bugs too! When it comes to SIPVicious PRO, one of our quality assurance tests is to run it against instances of Asterisk and Kamailio and check for expected results.…

Read more »

SIPVicious PRO v6.0.0 alpha.5 available to our clients

Published on Jun 3, 2020 in , ,

With great pleasure, we announce the availability of the v6.0.0-alpha.5 version of SIPVicious PRO. This is a major update since most of the promised feature-set of the existent modules is now available. While you are encouraged to read the release notes, the main highlights are the following: Target demo server (demo.sipvicious.pro) now implemented, used throughout the documentation for attack examples and training purposes An extensive getting started page is now available, with instructions on how to use most of the modules Exit codes!…

Read more »

What’s up with SIPVicious PRO?

Published on Mar 30, 2020 in ,

In the past 3 years we have been working on developing SIPVicious PRO during our work as penetration testers and in between engagements. Since our chief demolition officer, Alfred joined up with Enable Security, the development has had a much-needed push so that we started making it available to a limited number of companies that happen to be our clients. Today, we’re making version 6.0.0-alpha.4 available to our clients which includes Opus support, further support for SRTP and of course, a number of bug fixes.…

Read more »