Skip to main content

Taking an offensive approach to RTC Security?
You will need the right tools

SIPVicious is a toolset for security teams, QA and developers that enables you to battle-test a wide range of RTC systems, applications and protocols.

Illustration of hand clutching phone receiver

Specifically designed to target RTC applications and protocols

Built off years of RTC-focused pentesting and security research

SIPVicious OSS mascot with white background

SIPVicious OSS

An open source set of security tools used to audit SIP based VoIP systems to find SIP servers, enumerate SIP extensions and crack their password.
Learn more about SIPVicious OSS »
SIPVicious PRO mascot with white background

SIPVicious PRO

A professional-grade RTC security testing suite that covers VoIP and WebRTC infrastructure and applications, aiding in the discovery and demonstration of vulnerabilities.
Learn more about SIPVicious PRO »

What can it do?

SIPVicious PRO and SIPVicious OSS are a unique set of tools designed to help you enumerate, audit and stress-test VoIP and WebRTC systems by implementing an ever-growing number of versatile attack patterns that can be chained together to achieve your testing goals.


Support for SIP over UDP transport, the most common transport for SIP

Extension enumeration OSS PRO

Identify SIP extensions or addresses on a given target server

SIP message flood OSS PRO

Standard SIP Flood Denial of Service (DoS) testing

Password cracking OSS PRO

Online SIP digest authentication password cracking on both registrar servers and proxy servers

IPv6 built-in OSS PRO

Targets can be hostnames, IPv4 or IPv6 addresses


Support for SIP over UDP transport


Support for SIP over TLS

WebRTC security testing PRO

DTLS-SRTP, TURN and STUN and SIP over WebSocket

SIP fuzzing PRO

Use fuzzing techniques to discover unknown vulnerabilities

SIP call flood PRO

Flood the target server with calls using INVITE, while handling the responses to test for Denial of Service (DoS)

SIP Digest Leak PRO

Test user-agent clients and servers for leakage of digest challenge response

SIP call enumeration PRO

Enumerate SIP extensions using SIP INVITE handling the session like any normal caller

RTP bleed attack PRO

Check media servers and RTP proxies for this wide-spread vulnerability

SIP method enumeration PRO

Find out which SIP methods are supported and if any allow authentication bypass

RFC compliant PRO

Complies to the standards (unless the attack requires non-compliance)

SIP message modification PRO

Easily modify SIP messages using a flexible templating system

RTP flood PRO

Test for DoS in voice/video recording systems including SIPREC and voicemail

The leading toolkit for
advanced RTC security testing

SIPVicious OSS and SIPVicious PRO are used by
professionals and organisations of all sizes to test RTC systems.

Who uses SIPVicious?

SIPVicious is used by information security professionals (penetration testers, blue teams and red teams), quality assurance teams and RTC developers to assess security issues in systems that make use of SIP, VoIP, WebRTC and other RTC protocols.

How can SIPVicious help?

SIPVicious allows you to discover, audit and stress-test RTC systems by providing a variety of offensive RTC attacks out-of-the-box. With SIPVicious, you can find new vulnerabilities through customised attack payloads and fuzzing capabilities.

Who uses SIPVicious?

SIPVicious OSS serves as a stable, well-maintained SIP auditing toolbox for users who simply need to test their phone system.
SIPVicious PRO offers a full-featured, professional-grade RTC security suite for SIP, WebRTC and other RTC protocols.

Learn more about SIPVicious

Learn more about SIPVicious OSS and SIPVicious PRO use cases and features.