Tools

SIPVicious Tools for auditing SIP devices

Introduction

Welcome to SIPVicious security tools.

The 4 tools that you should be looking at are:

svmap
svwar
svcrack
svreport

The tools

svmap

This is a sip scanner. When launched against ranges of ip address space, it will identify any SIP servers which it finds on the way. Also has the option to scan hosts on ranges of ports.
See: svmap Usage

svwar

Traditionally a war dialer used to call up numbers on the phone network to identify ones that are interesting from ones that are not. With SIP, you can do something similar to identify active users.
See: svwar Usage

svcrack

This is a password cracker making use of digest authentication. It is able to crack passwords on both registrar servers and proxy servers. It can make use of ranges of numbers or a dictionary file full of possible passwords.
See: svcrack Usage

svreport

Able to manage sessions created by the rest of the tools and export to pdf, xml, csv and plain text.
See: svreport Usage

General help

For usage help make use of -h or --help switch.

And if you're stuck you can always pull up issues on the bug tracker.

Last edited by @0xInfection - 2021/06/01

SIPVicious Wiki

Home - Welcome to the wiki!
Introduction:
- Basics - Setting up dependencies & sipvicious.
- Toolset - Know the tools within the toolset.
- Getting Started - Running the tools you just installed.
Manual usage:
- svmap Usage - Using svmap.
- svwar Usage - Using svwar.
- svcrack Usage - Using svcrack.
- svreport Usage - Using svreport.
- svcrash FAQs - Solving queries about svcrash.
- Other FAQs - Answers to your common questions.
Automation - Automated testing and integration with CI/CD pipelines.
Development:
- Changelog - Tracking changes through the development.
Others:
- Media Mentions - Media mentions about sipvicious.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly