/sippts

Set of tools to audit SIP based VoIP Systems

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

logo

What is Sippts?

Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Python and it allows us to check the security of a VoIP server using SIP protocol.

Is it free?

Yes. You can freely use, modify and distribute. If modified, please put a reference to this site.

Can be use sippts for illegal purposes?

Most security tools can be used for illegal purposes, but the purpose of this tool is to check the security of your own servers and not to use to do bad things. I am not responsible for the misuse of this tool.

Set of tools for penetration test over SIP protocol

Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Perl script and the tools are:

  • Sipscan is a fast scanner for SIP services that uses multithread. Sipscan can check several IPs and port ranges and it can work over UDP or TCP.

Click here to read more about SIPscan

  • Sipexten identifies extensions on a SIP server. Also tells you if the extension line requires authentication or not. Sipexten can check several IPs and port ranges.

Click here to read more about SIPexten

  • Siprcrack is a remote password cracker. Siprcrack can test passwords for several users in different IPs and port ranges.

Click here to read more about SIPRcrack

  • Sipinvite checks if a server allow us to make calls without authentication. If the SIP server has a bad configuration, it will allow us to make calls to external numbers. Also it can allow us to transfer the call to a second external number.

Click here to read more about SIPinvite

  • SipDigestLeak Exploits the SIP digest leak vulnerability discovered by Sandro Gauci that affects a large number of hardware and software devices.

Click here to read more about SIPDigestLeak

  • SipFlood Send unlimited messages to the target.

Click here to read more about SIPFlood

  • SipSend Allow us to send a customized SIP message and analyze the response.

Click here to read more about SIPSend

  • WsSend Allow us to send a customized SIP message over WebSockets and analyze the response.

Click here to read more about WsSend

  • SipEnumerate Enumerate available methods of a SIP service/server.

Click here to read more about SIPEnumerate

  • SipDump Extracts SIP Digest authentications from a PCAP file.

Click here to read more about SIPDump

  • SipCrack Cracking tool to crack the digest authentications within the SIP protocol.

Click here to read more about SIPCrack

  • SipTshark Extract data of SIP protocol from a PCAP file.

Click here to read more about SIPTshark

  • RTPBleed to exploit RTPBleed vulnerability sending data to RTP ports.

Click here to read more about RTPBleed

  • RTCPBleed to exploit RTPBleed vulnerability sending data to RTCP ports.

Click here to read more about RTCPBleed

  • RTPBleedFlood to exploit RTPBleed vulnerability flooding a RTP port with an active dialog.

Click here to read more about RTPBleedFlood

  • RTPBleedInject to exploit RTPBleed vulnerability injecting RTP traffic.

Click here to read more about RTPBleedInject

Operating System

Sippts has been tested on:

  • Linux
  • Mac OS X
  • Windows

Requirements

  • Python 3

Instalation & Usage

  • Clone or download the repository
  • pip3 install -r requirements.txt
  • Enjoy