Wednesday, February 22, 2012

SIPVicious 0.2.7 released and rewrite coming up, looking for testers!

Get it now! This is the last release in the 0.2 series which fixes a number of stability issues and bugs before moving on to a total rewrite.

Are you a SIPVicious user? Get in contact if you have a VoIP lab or simply want to test the rewrite of SIPVicious. The internal version already includes support for TCP, TLS and IPv6 ;-)

The changelog for this one:
  • Feature: has a new option -b which bruteforces the attacker's port 
  • Feature: now tries the extension as password by default, automatically 
  • Feature: and now support setting of source port 
  • Feature: new parameter --domain can be passed to all tools which specifies a custom domain in the SIP uri instead of the destination IP 
  • Feature: new --debug switch which shows the messages recieved 
  • Bug fix: Sometimes nonces could not be extracted due to an incorrect regex 
  • Bug fix: Fixed an unhandled exception when decoding tags 
  • Bug fix: now using hashlib when available instead of md5 
  • Bug fix: removed the space after the SIP address in the From header which led to newer version of Asterisk to ignore the SIP messages 
  • Bug fix: dictionaries with new lines made stop without this fix 
  • Change: renamed everything to start with sv 
  • Bug fix: changed the way shelved files are opened by the fingerprinting module 
  • Change: fingerprinting disabled by default since it was giving too many problems and very little benefits
Download SIPVicious from


magicrhesus said...

package for archlinux updated, thanks

Anonymous said...

whaa? you don't allow feedback via SIMPLE?

what about XMPP?


Anonymous said...

(gtalk is bastardized xmpp)

sandro said...

get in touch regarding xmpp =)