Looking to up your
VoIP security testing game?
SIPVicious PRO helps security teams, QA and developers battle-test modern VoIP and WebRTC systems, applications and protocols for manual and automated testing.
VoIP security testing tools for professionals
Not just
SIP or UDP
Fast.
Very fast
Automate security with CI/CD
Fuzzing for unknown
Vulnerabilities
What features are supported?
Wide variety of protocols
Support for a wide variety of protocols including SIP, SDP, SDES, RTP, DTLS, SIP TLS and WebSocket
WebRTC security testing tools
DTLS-SRTP, STUN and SIP over WebSocket are supported
Fuzzing
Mutation-based testing to find buffer overflows, memory corruption and other security violations
Encrypted traffic
SIP servers with TLS as well as client certificates supported, together with SDES-SRTP and DTLS-SRTP
DoS testing
Various modules to aid with Denial of Service testing often used to simulate DDoS attacks
RFC compliant
Complies to the standards (unless the attack requires non-compliance)
SIP message modification
All SIP related tools in SIPVicious PRO allow customization of SIP messages before they are sent via a powerful templating system
Automation
To integrate with automated testing processes, including CI/CD pipelines, each tool supports exit codes and JSON output
Utilities for manual testing
A number of tools to aid with manual debugging and tests, useful during manual VoIP penetration tests
Attacks on the media
Various attacks affecting an often neglected vector - media servers supporting RTP, SRTP and various codecs
STIR/SHAKEN Experimental
Fuzzing and support for calls signed with STIR/SHAKEN, in addition to support for manual attacks using the protocol
Ever growing list of attack tools
Each attack tool is commercially supported with new tools being developed. See our roadmap.
SIPVicious PRO
Bug-O-Rama
SIPVicious PRO has been used to find several previously unknown security vulnerabilities.
Overflow vulnerabilities
- CSEQ header parsing heap overflow affecting Asterisk
chan_pjsip
and PJSIP (CVE-2017-9372) - Kamailio off-by-one heap overflow (CVE-2018-8828)
- SUBSCRIBE message with a large
Accept
value stack corruption (CVE-2018-7284) - Segmentation fault in asterisk with an invalid SDP
fmtp
attribute (CVE-2018-1000099) - Segmentation fault in Asterisk with an invalid SDP
media
format description (CVE-2018-1000098) sngrep
crash due to a buffer overflow caused by a malformed SDP media typesngrep
crash due to a stack overflow caused by a malformed SDP connection address- VoIPmonitor buffer overflow vulnerability when using the live sniffer (CVE-2021-1000005)
- Show 5 more
Denial of Service
- Crash occurs when sending a repeated number of
INVITE
messages over TCP or TLS transport (CVE-2018-7286) - Asterisk crash due to
INVITE
flood over TCP (CVE-2020-28327) - FreeSWITCH susceptible to Denial of Service via invalid SRTP packets (CVE-2021-41105)
- FreeSWITCH susceptible to Denial of Service via SIP flooding (CVE-2021-41145)
- Show 1 more
Other
- Asterisk RTP Bleed vulnerability (CVE-2017-14099)
- VoIPmonitor web GUI vulnerable to Cross-Site Scripting via SIP messages (CVE-2021-1000004)
- FreeSWITCH vulnerable to SIP digest leak for configured gateways (CVE-2021-41158)
- FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing (CVE-2021-37624)
- FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default (CVE-2021-41157)
- Show 2 more
Support for advanced
attacks out-of-the-box
SIP Flood DoS
Standard and advanced SIP Flood Denial of Service (DoS) testing
SIP digest leak
Test user-agent clients and servers for leakage of digest challenge response
SIP online password cracker
Online SIP digest authentication password cracking on both registrar servers and proxy servers
SIP extension enumeration
Identify SIP extensions or addresses on a given target server
SIP method enumeration
Find out which SIP methods are supported and if any allow authentication bypass
SIP method fuzzer
Fuzzes each SIP method, headers and body to find SIP parser and logic issues
RTP bleed
Check media servers and RTP proxies for this wide-spread vulnerability
RTP Flood DoS
Flood the target with RTP packets
RTP inject
Inject RTP packets in ongoing media streams targeting both media servers and clients
STIR/SHAKEN fuzzer Experimental
Fuzz the STIR/SHAKEN SIP headers to identify parser and logic issues
RTP fuzzer Experimental
Fuzz the RTP packets to identify vulnerabilities in the RTP parser and codec handling
SIP fuzzing server Experimental
Fuzz SIP clients (UAC) by pointing them to this server
TCP Flood DoS Experimental
TCP connection flooder
Subscribe to SIPVicious PRO
SIPVicious PRO is commercially available to vendors and service providers.
Get in touch to find out more.