Tags › Security Tools
DVRTC v0.2.0: pbx2 and SIP SQL injection
Published on Apr 21, 2026 in DVRTC, voip security, webrtc security, training, sip security, opensips, freeswitch, demo server, security tools
DVRTC v0.2.0 expands the lab with pbx2, a new OpenSIPS, FreeSWITCH, and rtpproxy scenario. It also adds a fun SIP-driven Lua SQL injection exercise, along with new docs, workflows, and attack paths to try.…
SIPVicious tutorial: testing VoIP security with DVRTC
Published on Apr 13, 2026 in sipvicious oss, security tools, sip security, voip security, DVRTC, demo server, kamailio, asterisk, training
A hands-on tutorial showing how to use SIPVicious OSS to scan, enumerate, and crack SIP credentials on our DVRTC vulnerable lab at pbx1.dvrtc.net. This is an updated version of our 2020 tutorial that used the now-retired demo.sipvicious.pro server.…
OpenSIPS Security Audit Report is fully disclosed and out there
Published on Mar 17, 2023 in sip security, sip security testing, security tools, opensips, kamailio, fuzzing, denial of service, research
It’s almost a year since the OpenSIPS project published a minimized version of our security audit report from 2022. Now, the full version has been published, with all the information intact on how to reproduce the vulnerabilities and extra details in an 80+ page report.
The OpenSIPS security audit report can be found here.
What is the OpenSIPS security audit?
OpenSIPS is a SIP server that often has a critical security function within an IP communications system. Thus, it makes absolute sense to perform a thorough security audit for such software. We had been dealing with OpenSIPS servers from time to time in our work so we were rather familiar with the software and the project itself. Then back in January 2021, the lead developer for OpenSIPS, Bogdan-Andrei Iancu, asked us if we would be interested in doing some proper security work. Naturally, our answer was yes please!
…SIPVicious PRO incremental update - and Gitlab CI/CD examples
Published on Mar 7, 2023 in sip security, sipvicious pro, sip security testing, sipvicious releases, devops, security tools
We just pushed out a new SIPVicious PRO update to our subscribing members! This version does not include any new major features. Instead, it fixes various bugs and brings missing but necessary features to various SIPVicious PRO tools. We have the following highlights in this update:
- Documentation now includes realistic Gitlab CI/CD examples
- The RTP fuzzer in the experimental version now supports SRTP
- Support for new SIP DoS flood request methods
- The RTP inject tool can now specify the RTP’s SSRC and payload ID
- The SIP password cracking tool now supports closing the connection upon each attempt
- The SIP ping utility supports INVITE
For the boring details, including a list of bug fixes, do read the release notes for v6.0.0-experimental.6 and v6.0.0-beta.6.
…SIPVicious OSS v0.3.4 released with exit codes and automation features
Published on Jun 2, 2021 in sipvicious oss, security tools, sip security, sipvicious releases
We just made SIPVicious OSS v0.3.4 available, so go get it! Or install it via pip:
pip install sipvicious --upgrade
What’s new?
Two main things:
- Exit codes, just like SIPVicious PRO’s
- Integration with Github Actions
This release makes it much easier to use SIPVicious OSS within your CI/CD pipelines and other automation systems. One should, of course, read the documentation on automation for more information. But here’s an example script to get the idea of what can be done:
…SIPVicious OSS 0.3.3 released with new STDIN and target URL specification
Published on Mar 25, 2021 in sipvicious oss, security tools, sip security, sipvicious releases
Without further ado, please say hello to SIPVicious OSS 0.3.3!
To install or upgrade run pip install -U sipvicious. For more installation methods, see the wiki.
What’s new?
SIP extensions and passwords from standard input
We have a new feature which seems so simple yet so powerful: STDIN for dictionary input! This works for both svwar and svcrack. It is similar to what we did with SIPVicious PRO, which (surprisingly) proved to be a very popular feature. So, we thought of backporting it to SVOSS (SIPVicious OSS). From now on, one can easily use external tools to generate passwords on the fly for cracking with svcrack, or to generate SIP extensions on the fly for SIP extension enumeration with svwar. To do so, instead of specifying a filename to the --dictionary flag, give it - as its value.
SIPVicious OSS 0.3.2 released with more IPv6 goodness!
Published on Mar 3, 2021 in sipvicious oss, security tools, sip security, sipvicious releases
The free and opensource version of SIPVicious has been updated so that support for IPv6 is also available in svmap. If you can’t wait to try it out, you can get it at the official repository or by using pip3 install sipvicious --upgrade.
So now, with svmap’s IPv6 support, you can do stuff like:
sipvicious_svmap -6 -v 2a01:7e01::f03c:92ff:fecf:60a8
INFO:DrinkOrSip:trying to get self ip .. might take a while
INFO:root:start your engines
INFO:DrinkOrSip:-:61500 -> 2a01:7e01::f03c:92ff:fecf:60a8:5060 -> kamailio (5.4.4 (x86_64/linux))
INFO:root:we have 1 devices
+-------------------------------------+---------------------------------+
| SIP Device | User Agent |
+=====================================+=================================+
| 2a01:7e01::f03c:92ff:fecf:60a8:5060 | kamailio (5.4.4 (x86_64/linux)) |
+-------------------------------------+---------------------------------+
INFO:root:Total time: 0:00:03.028053
Do note that CIDR scans on IPv6 are unsupported, but of course, one can scan multiple ports for SIP on a target.
…Attacking a real VoIP System with SIPVicious OSS
Published on Jun 8, 2020 in sipvicious oss, security tools, sip security
Warning
The demo serverdemo.sipvicious.pro referenced in this post has been retired. We have published an updated version of this tutorial using our new DVRTC vulnerable lab at pbx1.dvrtc.net.Recently, we put out a target server on the Internet at demo.sipvicious.pro which hosts a Kamailio Server handling SIP over UDP,
TCP, TLS as well as WebSockets. Behind that, the observant reader will soon discover that an Asterisk
server handles the voicemail and echo services. This is actually a fully functioning (real) VoIP system that’s ready to be attacked.
Therefore, in combination, these software packages allow us to reproduce
a number of common security vulnerabilities affecting VoIP and WebRTC systems.
SIPVicious PRO v6.0.0 alpha.5 available to our clients
Published on Jun 3, 2020 in sipvicious pro, security tools, sipvicious releases
With great pleasure, we announce the availability of the v6.0.0-alpha.5 version of SIPVicious PRO. This is a major update since most of the promised feature-set of the existent modules is now available. While you are encouraged to read the release notes, the main highlights are the following:
- Target demo server (
demo.sipvicious.pro) now implemented, used throughout the documentation for attack examples and training purposes - An extensive getting started page is now available, with instructions on how to use most of the modules
- Exit codes! Yes, for automation, say, in your CI pipelines
- All flags that were previously marked as TODO are now fully functional (with the exception of DTLS SRTP)
- SDES SRTP supported throughout all modules
- DTMF tone generation, because in RTP inject attacks, this is particularly useful
- Lots of bug fixes and refactoring thanks to more consistent internal testing and the perseverance of our dear developers and internal testers
If you already had access to SVPRO at the time, you should have received an email from us with further details. Today, SIPVicious PRO is not commercially available.
…What’s up with SIPVicious PRO?
Published on Mar 30, 2020 in sipvicious pro, security tools
In the past 3 years we have been working on developing SIPVicious PRO during our work as penetration testers and in between engagements. Since our chief demolition officer, Alfred joined up with Enable Security, the development has had a much-needed push so that we started making it available to a limited number of companies that happen to be our clients.
Today, we’re making version 6.0.0-alpha.4 available to our clients which includes Opus support, further support for SRTP and of course, a number of bug fixes. Our release notes can be read at the support site.