Friday, July 17, 2009

Scan your public facing PBX with VOIPSCANNER.com

Announcing VOIPSCANNER.com, the SaaS Voice over IP Security scanner. If you're already familiar with SIPVicious, then you can guess what this tool does. This online tool makes it easier than ever to check if the Asterisk box you just installed, or most other SIP PBX servers, is misconfigured and contains weak credentials. Attackers on the 'net are already doing this for their own benefit, don't wait until they hit your PBX!

Using this tool consists of the following steps:
  1. Register an account and buy credit (or use the time limited promo SIPV to get some for free)
  2. Enter the IP address of your PBX server and scan away
  3. Receive a report by email that shows the findings

How does it work really?
VoIPScanner.com is making use of the next generation of SIPVicious (2.0) in the background and right now it does the following automatically:
  1. Checks if an IP PBX is listening on the given address
  2. Does extension enumeration, just like svwar in SIPVicious
  3. For each extension found it starts a password cracking attack
  4. Generate a PDF report such as this one
Any feedback or affiliate requests, contact me.

No comments: