stefan
/
husk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
husk/build/misc/telecommunications/_sipvicious/README.html

328 lines
48 KiB
HTML
Raw Normal View History

init
2022-09-02 09:05:59 +02:00
<!doctype html>
<html lang="en">
<center>
<head>
<script src="https://cdn.jsdelivr.net/npm/fuse.js/dist/fuse.js"></script>
<!-- mathjax -->
<script src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
<script type="text/javascript" src="/static/js/auto-complete.js"></script>
<script type="text/javascript" src="/static/js/lunr.min.js"></script>
<script type="text/javascript" src="/static/js/search.js"></script>
<link rel="stylesheet" href="/static/stylesheet.css">
<link rel="stylesheet" href="/static/auto-complete.css">
<br>
<title>In the Open</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
</head>
<body>
<!-- topmenu -->
<div class="menu">
<a href="/" style="text-decoration:none">In the Open</a>
</div>
<div class="search-container">
<label for="search-by"><i class="fas fa-search"></i></label>
<input data-search-input="" id="search-by" type="search" placeholder="Search..." autocomplete="off">
<!--button type="submit"><i class="search"></i>&#128269;</button>-->
<span data-search-clear=""><i class="fas fa-times"></i></span>
</div>
</div>
<div class="menu">
</div>
<!--br><br-->
</center>
<p></p>
<div class="columns">
<!-- Sidebar -->
<div class="column column-1">
<ul><details id=crypto ontoggle="linkClick(this); return false;" ><summary>Crypto</summary><ul><details id=openssl ontoggle="linkClick(this); return false;" ><summary>Openssl</summary><ul><li><a href="/crypto/openssl/openssl.html">openssl</a></li><li><a href="/crypto/openssl/openssl_engine.html">openssl_engine</a></li></ul></details><li><a href="/crypto/rsa.html">rsa</a></li></ul></details><details id=enumeration ontoggle="linkClick(this); return false;" ><summary>Enumeration</summary><ul><details id=containers ontoggle="linkClick(this); return false;" ><summary>Containers</summary><ul></ul></details><details id=docs ontoggle="linkClick(this); return false;" ><summary>Docs</summary><ul><li><a href="/enumeration/docs/aws.html">aws</a></li><li><a href="/enumeration/docs/cewl.html">cewl</a></li><li><a href="/enumeration/docs/dns.html">dns</a></li><li><a href="/enumeration/docs/docker_enumeration.html">docker_enumeration</a></li><li><a href="/enumeration/docs/ffuf.html">ffuf</a></li><li><a href="/enumeration/docs/gobuster.html">gobuster</a></li><li><a href="/enumeration/docs/kerberoast.html">kerberoast</a></li><li><a href="/enumeration/docs/kubectl.html">kubectl</a></li><li><a href="/enumeration/docs/ldap.html">ldap</a></li><li><a href="/enumeration/docs/linux_basics.html">linux_basics</a></li><li><a href="/enumeration/docs/microk8s.html">microk8s</a></li><li><a href="/enumeration/docs/nfs.html">nfs</a></li><li><a href="/enumeration/docs/nikto.html">nikto</a></li><li><a href="/enumeration/docs/nmap.html">nmap</a></li><li><a href="/enumeration/docs/port_knocking.html">port_knocking</a></li><li><a href="/enumeration/docs/rpcclient.html">rpcclient</a></li><li><a href="/enumeration/docs/rsync.html">rsync</a></li><li><a href="/enumeration/docs/rustscan.html">rustscan</a></li><li><a href="/enumeration/docs/shodan.html">shodan</a></li><details id=snmp ontoggle="linkClick(this); return false;" ><summary>Snmp</summary><ul><li><a href="/enumeration/docs/snmp/onesixtyone.html">onesixtyone</a></li><li><a href="/enumeration/docs/snmp/snmpcheck.html">snmpcheck</a></li></ul></details><li><a href="/enumeration/docs/websites.html">websites</a></li><li><a href="/enumeration/docs/wfuzz.html">wfuzz</a></li><li><a href="/enumeration/docs/wpscan.html">wpscan</a></li></ul></details><details id=network_scanners ontoggle="linkClick(this); return false;" ><summary>Network_scanners</summary><ul></ul></details><details id=windows ontoggle="linkClick(this); return false;" ><summary>Windows</summary><ul><li><a href="/enumeration/windows/bloodhound.html">bloodhound</a></li><li><a href="/enumeration/windows/event_log.html">event_log</a></li><li><a href="/enumeration/windows/manual_enum.html">manual_enum</a></li><li><a href="/enumeration/windows/powershell.html">powershell</a></li><li><a href="/enumeration/windows/rpcclient.html">rpcclient</a></li><li><a href="/enumeration/windows/sysinternals.html">sysinternals</a></li><li><a href="/enumeration/windows/sysmon.html">sysmon</a></li><li><a href="/enumeration/windows/vss.html">vss</a></li></ul></details></ul></details><details id=exfiltration ontoggle="linkClick(this); return false;" ><summary>Exfiltration</summary><ul><details id=dns ontoggle="linkClick(this); return false;" ><summary>Dns</summary><ul><li><a href="/exfiltration/dns/dns.html">dns</a></li></ul></details><details id=linux ontoggle="linkClick(this); return false;" ><summary>Linux</summary><ul><li><a href="/exfiltration/linux/nc.html">nc</a></li><li><a href="/exfiltration/linux/wget.html">wget</a></li></ul></details><details id=windows ontoggle="linkClick(this); return false;" ><summary>Windows</summary><ul><li><a href="/exfiltration/windows/evil-winrm.html">evil-winrm</a></li><li><a href="/exfiltration/windows/loot.html">loot</a></li><li><a href="/exfiltration/windows/smb_connection.html">smb_connection</a></li></ul></details></ul></details><details id=exploit ontoggle="linkClick(this); return false;" ><summary>Exploit</summary><ul><details id=CPUs ontoggle="linkClick(this); return false;" ><summary>CPUs</summary><ul><li><a href="/exploit/CPUs
</ul>
</div>
<div class="column column-2">
<span class="body">
<style>pre { line-height: 125%; }
td.linenos .normal { color: #37474F; background-color: #263238; padding-left: 5px; padding-right: 5px; }
span.linenos { color: #37474F; background-color: #263238; padding-left: 5px; padding-right: 5px; }
td.linenos .special { color: #607A86; background-color: #263238; padding-left: 5px; padding-right: 5px; }
span.linenos.special { color: #607A86; background-color: #263238; padding-left: 5px; padding-right: 5px; }
.codehilite .hll { background-color: #2C3B41 }
.codehilite .c { color: #546E7A; font-style: italic } /* Comment */
.codehilite .err { color: #FF5370 } /* Error */
.codehilite .esc { color: #89DDFF } /* Escape */
.codehilite .g { color: #EEFFFF } /* Generic */
.codehilite .k { color: #BB80B3 } /* Keyword */
.codehilite .l { color: #C3E88D } /* Literal */
.codehilite .n { color: #EEFFFF } /* Name */
.codehilite .o { color: #89DDFF } /* Operator */
.codehilite .p { color: #89DDFF } /* Punctuation */
.codehilite .ch { color: #546E7A; font-style: italic } /* Comment.Hashbang */
.codehilite .cm { color: #546E7A; font-style: italic } /* Comment.Multiline */
.codehilite .cp { color: #546E7A; font-style: italic } /* Comment.Preproc */
.codehilite .cpf { color: #546E7A; font-style: italic } /* Comment.PreprocFile */
.codehilite .c1 { color: #546E7A; font-style: italic } /* Comment.Single */
.codehilite .cs { color: #546E7A; font-style: italic } /* Comment.Special */
.codehilite .gd { color: #FF5370 } /* Generic.Deleted */
.codehilite .ge { color: #89DDFF } /* Generic.Emph */
.codehilite .gr { color: #FF5370 } /* Generic.Error */
.codehilite .gh { color: #C3E88D } /* Generic.Heading */
.codehilite .gi { color: #C3E88D } /* Generic.Inserted */
.codehilite .go { color: #546E7A } /* Generic.Output */
.codehilite .gp { color: #FFCB6B } /* Generic.Prompt */
.codehilite .gs { color: #FF5370 } /* Generic.Strong */
.codehilite .gu { color: #89DDFF } /* Generic.Subheading */
.codehilite .gt { color: #FF5370 } /* Generic.Traceback */
.codehilite .kc { color: #89DDFF } /* Keyword.Constant */
.codehilite .kd { color: #BB80B3 } /* Keyword.Declaration */
.codehilite .kn { color: #89DDFF; font-style: italic } /* Keyword.Namespace */
.codehilite .kp { color: #89DDFF } /* Keyword.Pseudo */
.codehilite .kr { color: #BB80B3 } /* Keyword.Reserved */
.codehilite .kt { color: #BB80B3 } /* Keyword.Type */
.codehilite .ld { color: #C3E88D } /* Literal.Date */
.codehilite .m { color: #F78C6C } /* Literal.Number */
.codehilite .s { color: #C3E88D } /* Literal.String */
.codehilite .na { color: #BB80B3 } /* Name.Attribute */
.codehilite .nb { color: #82AAFF } /* Name.Builtin */
.codehilite .nc { color: #FFCB6B } /* Name.Class */
.codehilite .no { color: #EEFFFF } /* Name.Constant */
.codehilite .nd { color: #82AAFF } /* Name.Decorator */
.codehilite .ni { color: #89DDFF } /* Name.Entity */
.codehilite .ne { color: #FFCB6B } /* Name.Exception */
.codehilite .nf { color: #82AAFF } /* Name.Function */
.codehilite .nl { color: #82AAFF } /* Name.Label */
.codehilite .nn { color: #FFCB6B } /* Name.Namespace */
.codehilite .nx { color: #EEFFFF } /* Name.Other */
.codehilite .py { color: #FFCB6B } /* Name.Property */
.codehilite .nt { color: #FF5370 } /* Name.Tag */
.codehilite .nv { color: #89DDFF } /* Name.Variable */
.codehilite .ow { color: #89DDFF; font-style: italic } /* Operator.Word */
.codehilite .w { color: #EEFFFF } /* Text.Whitespace */
.codehilite .mb { color: #F78C6C } /* Literal.Number.Bin */
.codehilite .mf { color: #F78C6C } /* Literal.Number.Float */
.codehilite .mh { color: #F78C6C } /* Literal.Number.Hex */
.codehilite .mi { color: #F78C6C } /* Literal.Number.Integer */
.codehilite .mo { color: #F78C6C } /* Literal.Number.Oct */
.codehilite .sa { color: #BB80B3 } /* Literal.String.Affix */
.codehilite .sb { color: #C3E88D } /* Literal.String.Backtick */
.codehilite .sc { color: #C3E88D } /* Literal.String.Char */
.codehilite .dl { color: #EEFFFF } /* Literal.String.Delimiter */
.codehilite .sd { color: #546E7A; font-style: italic } /* Literal.String.Doc */
.codehilite .s2 { color: #C3E88D } /* Literal.String.Double */
.codehilite .se { color: #EEFFFF } /* Literal.String.Escape */
.codehilite .sh { color: #C3E88D } /* Literal.String.Heredoc */
.codehilite .si { color: #89DDFF } /* Literal.String.Interpol */
.codehilite .sx { color: #C3E88D } /* Literal.String.Other */
.codehilite .sr { color: #89DDFF } /* Literal.String.Regex */
.codehilite .s1 { color: #C3E88D } /* Literal.String.Single */
.codehilite .ss { color: #89DDFF } /* Literal.String.Symbol */
.codehilite .bp { color: #89DDFF } /* Name.Builtin.Pseudo */
.codehilite .fm { color: #82AAFF } /* Name.Function.Magic */
.codehilite .vc { color: #89DDFF } /* Name.Variable.Class */
.codehilite .vg { color: #89DDFF } /* Name.Variable.Global */
.codehilite .vi { color: #89DDFF } /* Name.Variable.Instance */
.codehilite .vm { color: #82AAFF } /* Name.Variable.Magic */
.codehilite .il { color: #F78C6C } /* Literal.Number.Integer.Long */</style>
<div class="column column-3">
<ul>
<li><a href="#welcome-to-sipvicious-oss-security-tools">Welcome to SIPVicious OSS security tools</a><ul>
<li><a href="#a-note-to-vendors-and-service-providers">A note to vendors and service providers</a></li>
<li><a href="#the-tools">The tools</a><ul>
<li><a href="#svmap">svmap</a></li>
<li><a href="#svwar">svwar</a></li>
<li><a href="#svcrack">svcrack</a></li>
<li><a href="#svreport">svreport</a></li>
<li><a href="#svcrash">svcrash</a></li>
</ul>
</li>
<li><a href="#installation">Installation</a></li>
<li><a href="#further-information">Further information</a></li>
</ul>
</li>
</ul>
</div>
<h1 id="welcome-to-sipvicious-oss-security-tools">Welcome to SIPVicious OSS security tools</h1>
<p><img alt="SIPVicious mascot" src="https://repository-images.githubusercontent.com/32133566/55b41300-12d9-11eb-89d8-58f60930e3fa" /></p>
<p>SIPVicious OSS is a set of security tools that can be used to audit SIP based VoIP systems. Specifically, it allows you to find SIP servers, enumerate SIP extensions and finally, crack their password.</p>
<p>To get started read the following:</p>
<ul>
<li><a href="https://github.com/enablesecurity/sipvicious/wiki/Getting-Started">Getting started on the Wiki</a></li>
<li>Communication Breakdown blog: <a href="https://www.rtcsec.com/2020/06/02-attacking-voip-system-with-sipvicious/">Attacking a real VoIP System with SIPVicious OSS</a>.</li>
</ul>
<p>For usage help make use of <code>-h</code> or <code>--help</code> switch.</p>
<h2 id="a-note-to-vendors-and-service-providers">A note to vendors and service providers</h2>
<p>If you are looking for a professional grade toolset to test your RTC systems, please consider <a href="https://www.sipvicious.pro">SIPVicious PRO</a>.</p>
<h2 id="the-tools">The tools</h2>
<p>The SIPVicious OSS toolset consists of the following tools:</p>
<ul>
<li>svmap</li>
<li>svwar</li>
<li>svcrack</li>
<li>svreport</li>
<li>svcrash</li>
</ul>
<h3 id="svmap">svmap</h3>
<div class="codehilite"><pre><span></span><code>this is a sip scanner. When launched against
ranges of ip address space, it will identify any SIP servers
which it finds on the way. Also has the option to scan hosts
on ranges of ports.
Usage: &lt;https://github.com/EnableSecurity/sipvicious/wiki/SVMap-Usage&gt;
</code></pre></div>
<h3 id="svwar">svwar</h3>
<div class="codehilite"><pre><span></span><code><span class="n">identifies</span><span class="w"> </span><span class="n">working</span><span class="w"> </span><span class="n">extension</span><span class="w"> </span><span class="n">lines</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">PBX</span><span class="p">.</span><span class="w"> </span><span class="n">A</span><span class="w"> </span><span class="n">working</span><span class="w"> </span>
<span class="n">extension</span><span class="w"> </span><span class="n">is</span><span class="w"> </span><span class="n">one</span><span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">registered</span><span class="p">.</span><span class="w"> </span>
<span class="n">Also</span><span class="w"> </span><span class="n">tells</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">extension</span><span class="w"> </span><span class="n">line</span><span class="w"> </span><span class="n">requires</span><span class="w"> </span><span class="n">authentication</span><span class="w"> </span><span class="k">or</span><span class="w"> </span><span class="k">not</span><span class="p">.</span><span class="w"></span>
<span class="nl">Usage:</span><span class="w"> </span><span class="o">&lt;</span><span class="nl">https:</span><span class="c1">//github.com/EnableSecurity/sipvicious/wiki/SVWar-Usage&gt;</span>
</code></pre></div>
<h3 id="svcrack">svcrack</h3>
<div class="codehilite"><pre><span></span><code><span class="n">a</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="n">cracker</span><span class="w"> </span><span class="n">making</span><span class="w"> </span><span class="n">use</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">digest</span><span class="w"> </span><span class="n">authentication</span><span class="p">.</span><span class="w"> </span>
<span class="n">It</span><span class="w"> </span><span class="n">is</span><span class="w"> </span><span class="n">able</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">crack</span><span class="w"> </span><span class="n">passwords</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="n">both</span><span class="w"> </span><span class="n">registrar</span><span class="w"> </span><span class="n">servers</span><span class="w"> </span><span class="k">and</span><span class="w"> </span><span class="n">proxy</span><span class="w"> </span>
<span class="n">servers</span><span class="p">.</span><span class="w"> </span><span class="n">Current</span><span class="w"> </span><span class="n">cracking</span><span class="w"> </span><span class="n">modes</span><span class="w"> </span><span class="n">are</span><span class="w"> </span><span class="n">either</span><span class="w"> </span><span class="n">numeric</span><span class="w"> </span><span class="n">ranges</span><span class="w"> </span><span class="k">or</span><span class="w"></span>
<span class="n">words</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="n">dictionary</span><span class="w"> </span><span class="n">files</span><span class="p">.</span><span class="w"></span>
<span class="nl">Usage:</span><span class="w"> </span><span class="o">&lt;</span><span class="nl">https:</span><span class="c1">//github.com/EnableSecurity/sipvicious/wiki/SVCrack-Usage&gt;</span>
</code></pre></div>
<h3 id="svreport">svreport</h3>
<div class="codehilite"><pre><span></span><code><span class="n">able</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">manage</span><span class="w"> </span><span class="n">sessions</span><span class="w"> </span><span class="n">created</span><span class="w"> </span><span class="n">by</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">rest</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">tools</span><span class="w"></span>
<span class="ow">and</span><span class="w"> </span><span class="k">export</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">pdf</span><span class="p">,</span><span class="w"> </span><span class="n">xml</span><span class="p">,</span><span class="w"> </span><span class="n">csv</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">plain</span><span class="w"> </span><span class="n">text</span><span class="o">.</span><span class="w"></span>
<span class="n">Usage</span><span class="p">:</span><span class="w"> </span><span class="o">&lt;</span><span class="n">https</span><span class="p">:</span><span class="o">//</span><span class="n">github</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">EnableSecurity</span><span class="o">/</span><span class="n">sipvicious</span><span class="o">/</span><span class="n">wiki</span><span class="o">/</span><span class="n">SVReport</span><span class="o">-</span><span class="n">Usage</span><span class="o">&gt;</span><span class="w"></span>
</code></pre></div>
<h3 id="svcrash">svcrash</h3>
<div class="codehilite"><pre><span></span><code>responds to svwar and svcrack SIP messages with a message that
causes old versions to crash.
Usage: &lt;https://github.com/EnableSecurity/sipvicious/wiki/SVCrash-FAQ&gt;
</code></pre></div>
<h2 id="installation">Installation</h2>
<p>Please refer to the <a href="https://github.com/EnableSecurity/sipvicious/wiki/Basics#installation">installation documentation</a>.</p>
<h2 id="further-information">Further information</h2>
<p>Check out the <a href="https://github.com/enablesecurity/sipvicious/wiki">wiki</a> for documentation.</p>
</span>
</div>
</div>
<div id="footer">
<p></p>
<center>
&copy; Stefan Friese
</center>
</div>
<script>
function linkClick(obj) {
if (obj.open) {
console.log('open');
if (sessionStorage.getItem(obj.id) && !(sessionStorage.getItem(obj.id) === "open")) {
sessionStorage.removeItem(obj.id);
}
sessionStorage.setItem(obj.id,"open");
console.log(obj.id);
} else {
console.log('closed');
sessionStorage.removeItem(obj.id);
}
// if (obj.open) {
// console.log('open');
// if (sessionStorage.getItem("opened") && !(sessionStorage.getItem("opened") === obj.id)) {
// sessionStorage.removeItem("opened");
// }
// sessionStorage.setItem("opened", obj.id);
// console.log(obj);
// } else {
// console.log('closed');
// sessionStorage.removeItem("opened");
//
// }
}
//if ( sessionStorage.getItem("opened")) {
// var item = sessionStorage.getItem("opened")
// document.getElementById(item)['open'] = 'open';
//}
let _keys = Object.keys(sessionStorage);
if (_keys) {
for ( let i = 0; i < _keys.length; i++ ) {
document.getElementById(_keys[i])['open'] = 'open';
}
}
// const detailsElement = document.querySelector('.details-sidebar');
// detailsElement.addEventListener('toggle', event => {
// if (event.target.open) {
// console.log('open');
// if (sessionStorage.getItem("opened") && !(sessionStorage.getItem("opened") === detailsElement.id)) {
// sessionStorage.removeItem("opened");
// }
// sessionStorage.setItem("opened", detailsElement.id);
// console.log(detailsElement);
//
// } else {
// console.log('closed');
// sessionStorage.removeItem("opened");
//
// }
// });
//
// async function fetchIndexJSON() {
// const response = await fetch('/index.json');
// const index = await response.json();
// return index;
// }
// // Extract the `q` query parameter
//var queryStringRegex = /[\?&]q=([^&]+)/g;
//var matches = queryStringRegex.exec(window.location.search);
//if(matches && matches[1]) {
// var value = decodeURIComponent(matches[1].replace(/\+/g, '%20'));
//
//
// // fetchIndexJSON()
// // .then(index => { console.log(index['index']);});
// // Load the posts to search
// fetch('/index').then(function(posts) {
// // Remember to include Fuse.js before this script.
//
// var fuse = new Fuse(posts, {
// keys: ['title', 'tags', 'content'] // What we're searching
// });
//
// // Run the search
// var results = fuse.search(value);
// //console.log(results);
//
// // Generate markup for the posts, implement SearchResults however you want.
// // var $results = SearchResults(results);
//
// // Add the element to the empty <div> from before.
//// $('#searchResults').append($results);
// });
//}
</script>
<script type="text/javascript" src="https://cdn.jsdelivr.net/npm/mathjax@2/MathJax.js"></script>
<script src="https://cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML" type="text/javascript"></script>
</script>
<script type="text/x-mathjax-config">
MathJax.Hub.Config({
config: ["MMLorHTML.js"],
jax: ["input/TeX", "output/HTML-CSS", "output/NativeMML"],
extensions: ["MathMenu.js", "MathZoom.js"]
});
</script>
</body>
</html>