Skip to main content

Looking to up your
VoIP security testing game?

SIPVicious PRO helps security teams, QA and developers battle-test modern VoIP and WebRTC systems, applications and protocols for manual and automated testing.

SIPVicious PRO mascot with white background

VoIP security testing tools for professionals

Not just
SIP or UDP

In addition to SIP over UDP, SIPVicious PRO supports SIP over different transport protocols including SIP over TCP, TLS and WebSocket. Tests for RTP and SRTP too.
Target Specification »

Fast.
Very fast

SIPVicious PRO’s concurrent design allow it to achieve extraordinary speeds, making it perfect for DDoS simulations and SIP flood tests.
SIP Flood »

Automate security with CI/CD

Do not push new code or configuration without automated security testing first. Continuously test for vulnerabilities on each commit + fuzzing & DoS testing.
Automation »

Fuzzing for unknown
Vulnerabilities

Fuzzing modules which help identify security flaws that lurk in the code, whether it be the SIP stack, SIP/RTP parser or the codecs.
SIP Fuzzing »

What features are supported?

Wide variety of protocols

Support for a wide variety of protocols including SIP, SDP, SDES, RTP, DTLS, SIP TLS and WebSocket

WebRTC security testing tools

DTLS-SRTP, STUN and SIP over WebSocket are supported

Fuzzing

Mutation-based testing to find buffer overflows, memory corruption and other security violations

Encrypted traffic

SIP servers with TLS as well as client certificates supported, together with SDES-SRTP and DTLS-SRTP

DoS testing

Various modules to aid with Denial of Service testing often used to simulate DDoS attacks

RFC compliant

Complies to the standards (unless the attack requires non-compliance)

SIP message modification

All SIP related tools in SIPVicious PRO allow customization of SIP messages before they are sent via a powerful templating system

Automation

To integrate with automated testing processes, including CI/CD pipelines, each tool supports exit codes and JSON output

Utilities for manual testing

A number of tools to aid with manual debugging and tests, useful during manual VoIP penetration tests

Attacks on the media

Various attacks affecting an often neglected vector - media servers supporting RTP, SRTP and various codecs

STIR/SHAKEN Experimental

Fuzzing and support for calls signed with STIR/SHAKEN, in addition to support for manual attacks using the protocol

Ever growing list of attack tools

Each attack tool is commercially supported with new tools being developed. See our roadmap.

SIPVicious PRO
Bug-O-Rama

SIPVicious PRO has been used to find several previously unknown security vulnerabilities.

Overflow vulnerabilities

  1. CSEQ header parsing heap overflow affecting Asterisk chan_pjsip and PJSIP (CVE-2017-9372)
  2. Kamailio off-by-one heap overflow (CVE-2018-8828)
  3. SUBSCRIBE message with a large Accept value stack corruption (CVE-2018-7284)
  4. Segmentation fault in asterisk with an invalid SDP fmtp attribute (CVE-2018-1000099)
  5. Segmentation fault in Asterisk with an invalid SDP media format description (CVE-2018-1000098)
  6. sngrep crash due to a buffer overflow caused by a malformed SDP media type
  7. sngrep crash due to a stack overflow caused by a malformed SDP connection address
  8. VoIPmonitor buffer overflow vulnerability when using the live sniffer (CVE-2021-1000005)
  9. Show 5 more

Denial of Service

  1. Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport (CVE-2018-7286)
  2. Asterisk crash due to INVITE flood over TCP (CVE-2020-28327)
  3. FreeSWITCH susceptible to Denial of Service via invalid SRTP packets (CVE-2021-41105)
  4. FreeSWITCH susceptible to Denial of Service via SIP flooding (CVE-2021-41145)
  5. Show 1 more

Other

  1. Asterisk RTP Bleed vulnerability (CVE-2017-14099)
  2. VoIPmonitor web GUI vulnerable to Cross-Site Scripting via SIP messages (CVE-2021-1000004)
  3. FreeSWITCH vulnerable to SIP digest leak for configured gateways (CVE-2021-41158)
  4. FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing (CVE-2021-37624)
  5. FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default (CVE-2021-41157)
  6. Show 2 more

Support for advanced
attacks out-of-the-box

SIP Flood DoS

Standard and advanced SIP Flood Denial of Service (DoS) testing

SIP digest leak

Test user-agent clients and servers for leakage of digest challenge response

SIP online password cracker

Online SIP digest authentication password cracking on both registrar servers and proxy servers

SIP extension enumeration

Identify SIP extensions or addresses on a given target server

SIP method enumeration

Find out which SIP methods are supported and if any allow authentication bypass

SIP method fuzzer

Fuzzes each SIP method, headers and body to find SIP parser and logic issues

RTP bleed

Check media servers and RTP proxies for this wide-spread vulnerability

RTP Flood DoS

Flood the target with RTP packets

RTP inject

Inject RTP packets in ongoing media streams targeting both media servers and clients

STIR/SHAKEN fuzzer Experimental

Fuzz the STIR/SHAKEN SIP headers to identify parser and logic issues

RTP fuzzer Experimental

Fuzz the RTP packets to identify vulnerabilities in the RTP parser and codec handling

SIP fuzzing server Experimental

Fuzz SIP clients (UAC) by pointing them to this server

TCP Flood DoS Experimental

TCP connection flooder

Subscribe to SIPVicious PRO

SIPVicious PRO is commercially available to vendors and service providers.
Get in touch to find out more.

We'll never share your email with anyone else.
We hate spam and are committed to protecting and respecting your privacy. You can unsubscribe from these communications at any time. By subscribing, you are agreeing to the Privacy Policy.