diff --git a/README.md b/README.md index 93b13fc..33db4ab 100644 --- a/README.md +++ b/README.md @@ -161,73 +161,39 @@ sippts -up # Set of tools for penetration test over SIP protocol # Sippts is a set of tools for auditing VoIP servers and devices using the SIP protocol. Sippts is programmed in Python and consists of the following commands or modules: - * _**scan**_ is a fast scanner for SIP services that uses multithread. Scan can check several IPs and port ranges and it can work over UDP or TCP. + * _**scan**_ is a fast scanner for SIP services that uses multithread. Scan can check several IPs and port ranges and it can work over UDP or TCP. [Click here to read more about scan command](https://github.com/Pepelux/sippts/wiki/Command-scan) -[Click here to read more about scan](https://github.com/Pepelux/sippts/wiki/Command-scan) + * _**exten**_ identifies extensions on a SIP server. Also tells you if the extension line requires authentication or not. Exten can check several IPs and port ranges. [Click here to read more about exten command](https://github.com/Pepelux/sippts/wiki/Command-exten) - * _**exten**_ identifies extensions on a SIP server. Also tells you if the extension line requires authentication or not. Exten can check several IPs and port ranges. + * _**rcrack**_ is a remote password cracker. Rcrack can test passwords for several users in different IPs and port ranges. [Click here to read more about rcrack command](https://github.com/Pepelux/sippts/wiki/Command-rcrack) -[Click here to read more about exten](https://github.com/Pepelux/sippts/wiki/Command-exten) + * _**invite**_ checks if a server allow us to make calls without authentication. If the SIP server has a bad configuration, it will allow us to make calls to external numbers. Also it can allow us to transfer the call to a second external number. [Click here to read more about invite command](https://github.com/Pepelux/sippts/wiki/Command-invite) - * _**rcrack**_ is a remote password cracker. Rcrack can test passwords for several users in different IPs and port ranges. + * _**leak**_ Exploits the SIP Digest Leak vulnerability discovered by Sandro Gauci that affects a large number of hardware and software devices. [Click here to read more about leak command](https://github.com/Pepelux/sippts/wiki/Command-leak) -[Click here to read more about rcrack](https://github.com/Pepelux/sippts/wiki/Command-rcrack) + * _**flood**_ Send unlimited messages to the target. [Click here to read more about flood command](https://github.com/Pepelux/sippts/wiki/Command-flood) - * _**invite**_ checks if a server allow us to make calls without authentication. If the SIP server has a bad configuration, it will allow us to make calls to external numbers. Also it can allow us to transfer the call to a second external number. + * _**send**_ Allow us to send a customized SIP message and analyze the response. [Click here to read more about send command](https://github.com/Pepelux/sippts/wiki/Command-send) -[Click here to read more about invite](https://github.com/Pepelux/sippts/wiki/Command-invite) + * _**wssend**_ Allow us to send a customized SIP message over WebSockets and analyze the response. [Click here to read more about wssend command](https://github.com/Pepelux/sippts/wiki/Command-wssend) - * _**leak**_ Exploits the SIP Digest Leak vulnerability discovered by Sandro Gauci that affects a large number of hardware and software devices. + * _**enumerate**_ Enumerate available methods of a SIP service/server. [Click here to read more about enumerate command](https://github.com/Pepelux/sippts/wiki/Command-enumerate) -[Click here to read more about leak](https://github.com/Pepelux/sippts/wiki/Command-leak) + * _**dump**_ Extracts SIP Digest authentications from a PCAP file. [Click here to read more about dump command](https://github.com/Pepelux/sippts/wiki/Command-dump) - * _**flood**_ Send unlimited messages to the target. + * _**dcrack**_ Cracking tool to crack the digest authentications within the SIP protocol. [Click here to read more about dcrack command](https://github.com/Pepelux/sippts/wiki/Command-dcrack) -[Click here to read more about flood](https://github.com/Pepelux/sippts/wiki/Command-flood) + * _**tshark**_ Extract data of SIP protocol from a PCAP file. [Click here to read more about tshark command](https://github.com/Pepelux/sippts/wiki/Command-tshark) - * _**send**_ Allow us to send a customized SIP message and analyze the response. + * _**ping**_ SIP ping. [Click here to read more about ping command](https://github.com/Pepelux/sippts/wiki/Command-ping) -[Click here to read more about SIPSend](https://github.com/Pepelux/sippts/wiki/Command-send) + * _**rtpbleed**_ to exploit RTP Bleed vulnerability sending data to RTP ports. [Click here to read more about rtpbleed command](https://github.com/Pepelux/sippts/wiki/Command-rtpbleed) - * _**wssend**_ Allow us to send a customized SIP message over WebSockets and analyze the response. + * _**rtcpbleed**_ to exploit RTP bleed vulnerability sending data to RTCP ports. [Click here to read more about rtcpbleed command](https://github.com/Pepelux/sippts/wiki/Command-rtcpbleed) -[Click here to read more about WsSend](https://github.com/Pepelux/sippts/wiki/Command-wssend) + * _**rtpbleedflood**_ to exploit RTP Bleed vulnerability flooding a RTP port with an active dialog. [Click here to read more about rtpbleedflood command](https://github.com/Pepelux/sippts/wiki/Commmand-rtpbleedflood) - * _**enumerate**_ Enumerate available methods of a SIP service/server. - -[Click here to read more about enumerate](https://github.com/Pepelux/sippts/wiki/Command-enumerate) - - * _**dump**_ Extracts SIP Digest authentications from a PCAP file. - -[Click here to read more about dump](https://github.com/Pepelux/sippts/wiki/Command-dump) - - * _**dcrack**_ Cracking tool to crack the digest authentications within the SIP protocol. - -[Click here to read more about dcrack](https://github.com/Pepelux/sippts/wiki/Command-dcrack) - - * _**tshark**_ Extract data of SIP protocol from a PCAP file. - -[Click here to read more about tshark](https://github.com/Pepelux/sippts/wiki/Command-tshark) - - * _**ping**_ SIP ping. - -[Click here to read more about ping](https://github.com/Pepelux/sippts/wiki/Command-ping) - - * _**rtpbleed**_ to exploit RTP Bleed vulnerability sending data to RTP ports. - -[Click here to read more about rtpbleed](https://github.com/Pepelux/sippts/wiki/Command-rtpbleed) - - * _**rtcpbleed**_ to exploit RTP bleed vulnerability sending data to RTCP ports. - -[Click here to read more about rtcpbleed](https://github.com/Pepelux/sippts/wiki/Command-rtcpbleed) - - * _**rtpbleedflood**_ to exploit RTP Bleed vulnerability flooding a RTP port with an active dialog. - -[Click here to read more about rtpbleedflood](https://github.com/Pepelux/sippts/wiki/Commmand-rtpbleedflood) - -* _**rtpbleedinject**_ to exploit RTP Bleed vulnerability injecting RTP traffic. - -[Click here to read more about rtpbleedinject](https://github.com/Pepelux/sippts/wiki/Command-rtpbleedinject) +* _**rtpbleedinject**_ to exploit RTP Bleed vulnerability injecting RTP traffic. [Click here to read more about rtpbleedinject command](https://github.com/Pepelux/sippts/wiki/Command-rtpbleedinject) ## Operating System ## Sippts has been tested on: