Friday, June 20, 2008

Backtrack 3 out - with VoIP security tools

The final Backtrack 3 is out and it features some VoIP tools in the /pentest directory:
  • SIPVicious (guess you know by now what this is about :)
  • Voiper - a SIP fuzzing toolkit which aims at identifying flaws in VoIP products that do SIP and SDP.
  • Sipbomber - a SIP testing tool which has test cases that are run against SIP enabled software / devices
  • SIP Rogue - allows application level man in the middle (MITM) attacks on SIP devices.
In the $PATH one can find:
  • VoIP Hopper - allows one to hop between VLANS.
  • VOIPONG - a Voice over IP sniffer - will record any phone calls that it sees.
  • sipdump / sipcrack - an offline password cracker for the digest authentication used by SIP
Tools that were previously found in Backtrack 2 are described on the tools page.

Grab Backtrack from the official site.

Tuesday, June 17, 2008

Ladies and Gentlemen please welcome..

EnableSecurity! I will be publishing my security research and rants as well as providing Security Consultancy, Research and Design. A brief "who am I" can be seen at the Linkedin Profile page, while Google has further details.

So what sort of things am I doing?
  • Wireless security auditing
  • Web Application Security
  • VoIP security research
  • Reverse Engineering

I'll continue developing SIPVicious and publish additional tools to help security professionals get the job done.

And one more thing - I suggest that you subscribe to the RSS as I shall be releasing some research later on this week.

Wednesday, June 11, 2008

SIPVicious tools roadmap

I'm looking at improving SIPVicious and would appreciate your input for new features or any possible bug fixes. Send me an email with ideas, or simply leave a comment.

Check my current "to do" list here.

Tuesday, June 3, 2008

SIPVicious version 0.2.3 with fingerprinting and dns goodies

Just posted a new version of SIPVicious v0.2.3. This includes some new features as well as bug fixes. However be warned - bugs have been invariably introduced in the course of adding these new features, so please help me test it out ;-)

Here's the link you've been looking for.

From the Changelog:

  • Feature: Fingerprinting support for svmap. Included and 3 databases used for fingerprinting.
  • Feature: Added which allows one to add new signatures to db and send them to the author.
  • Feature: Added DNS SRV check to svmap. Use ./ --srv to give it a try

  • Feature: added the ability for svreport to count results when doing a list
  • Bug fix: fixed a bug related to resuming a scan which does not have an extension