Wednesday, February 22, 2012

SIPVicious 0.2.7 released and rewrite coming up, looking for testers!

Get it now! This is the last release in the 0.2 series which fixes a number of stability issues and bugs before moving on to a total rewrite.

Are you a SIPVicious user? Get in contact if you have a VoIP lab or simply want to test the rewrite of SIPVicious. The internal version already includes support for TCP, TLS and IPv6 ;-)

The changelog for this one:
  • Feature: svcrash.py has a new option -b which bruteforces the attacker's port 
  • Feature: svcrack.py now tries the extension as password by default, automatically 
  • Feature: svcrack.py and svwar.py now support setting of source port 
  • Feature: new parameter --domain can be passed to all tools which specifies a custom domain in the SIP uri instead of the destination IP 
  • Feature: new --debug switch which shows the messages recieved 
  • Bug fix: Sometimes nonces could not be extracted due to an incorrect regex 
  • Bug fix: Fixed an unhandled exception when decoding tags 
  • Bug fix: now using hashlib when available instead of md5 
  • Bug fix: removed the space after the SIP address in the From header which led to newer version of Asterisk to ignore the SIP messages 
  • Bug fix: dictionaries with new lines made svcrack.py stop without this fix 
  • Change: renamed everything to start with sv 
  • Bug fix: changed the way shelved files are opened by the fingerprinting module 
  • Change: fingerprinting disabled by default since it was giving too many problems and very little benefits
Download SIPVicious from http://code.google.com/p/sipvicious/

4 comments:

magicrhesus said...

package for archlinux updated, thanks

commenting said...

whaa? you don't allow feedback via SIMPLE?

what about XMPP?

:)

commenting said...

(gtalk is bastardized xmpp)

sandro said...

get in touch regarding xmpp =)