VIPROY - VoIP Pen-Test Kit for Metasploit Framework
Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure.
Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support, Cisco CDP spoofer/sniffer, Cisco Skinny protocol analysers, VOSS exploits and network analysis modules. Furthermore, Viproy provides SIP and Skinny development libraries for custom fuzzing and analyse modules.
Current Version and Updates
Current version: 4.1 (Requires ruby 2.1.X and Metasploit Framework Github Repo)
Pre-installed repo: https://github.com/fozavci/metasploit-framework-with-viproy
Worldwide Conference Talks
Black Hat USA 2016 - VoIP Wars: The Phreakers Awaken
Black Hat Europe 2015 - VoIP Wars: Destroying Jar Jar Lync
DEF CON 23 - The Art of VoIP Hacking Workshop Slide Deck
DEFCON 21 - VoIP Wars: Return of the SIP
Attacking SIP/VoIP Servers Using Viproy
Current Testing Modules
- SIP Register
- SIP Invite
- SIP Message
- SIP Negotiate
- SIP Options
- SIP Subscribe
- SIP Enumerate
- SIP Brute Force
- SIP Trust Hacking
- SIP UDP Amplification DoS
- SIP Proxy Bounce
- Skinny Register
- Skinny Call
- Skinny Call Forward
- CUCDM Call Forwarder
- CUCDM Speed Dial Manipulator
- MITM Proxy TCP
- MITM Proxy UDP
- Cisco CDP Spoofer
- Boghe VoIP Client INVITE PoC Exploit (New)
- Boghe VoIP Client MSRP PoC Exploit (New)
- SIP Message with INVITE Support (New)
- Sample SIP SDP Fuzzer (New)
- MSRP Message Tester with SIP INVITE Support (New)
- Sample MSRP Message Fuzzer with SIP INVITE Support (New)
- Sample MSRP Message Header Fuzzer with SIP INVITE Support (New)
- Copy "lib" and "modules" folders' content to Metasploit root directory.
- Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) should contains the following lines
- require 'msf/core/auxiliary/sip'
- require 'msf/core/auxiliary/skinny'
- require 'msf/core/auxiliary/msrp'