SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools:

• svmap - this is a sip scanner. Lists SIP devices found on an IP range
• svwar - identifies active extensions on a PBX
• svcrack - an online password cracker for SIP PBX
• svreport - manages sessions and exports reports to various formats
• svcrash - attempts to stop unauthorized svwar and svcrack scans

What is the last release from SIPVicious?

the last release from SIPVicious is 0.2.7 and this is the last release in the 0.2 series which fixes a number of stability issues and bugs before moving on to a total rewrite. The internal version already includes support for TCP, TLS and IPv6 ;-)

The changelog for this one:

    Feature: svcrash.py has a new option -b which bruteforces the attacker's port
    Feature: svcrack.py now tries the extension as password by default, automatically
    Feature: svcrack.py and svwar.py now support setting of source port
    Feature: new parameter --domain can be passed to all tools which specifies a custom domain in the SIP uri instead of the destination IP
    Feature: new --debug switch which shows the messages recieved
    Bug fix: Sometimes nonces could not be extracted due to an incorrect regex
    Bug fix: Fixed an unhandled exception when decoding tags
    Bug fix: now using hashlib when available instead of md5
    Bug fix: removed the space after the SIP address in the From header which led to newer version of Asterisk to ignore the SIP messages
    Bug fix: dictionaries with new lines made svcrack.py stop without this fix
    Change: renamed everything to start with sv
    Bug fix: changed the way shelved files are opened by the fingerprinting module
    Change: fingerprinting disabled by default since it was giving too many problems and very little benefits

Requirements

Python

SIPVicious works on any system that supports python 2.4 or greater.

Operating System

It was tested on the following systems:

• Linux
• Mac OS X
• Windows
• FreeBSD 6.2
• Jailbroken iPhone with python installed

If you use it on systems that are not mentioned here please let me know goes it goes

Download SIPVicious from http://code.google.com/p/sipvicious/