WireBug: set of tools for Voice-over-IP pentest

WireBug is a set of tools for Voice-over-IP penetration testing. It is designed as a guide which makes it easy to use.

The tools are designed for individual use, so each tool is a single python or bash program.

Contents hide
Installation
Tools
Use

Installation

Install dependencies in requirements.txt and python dependencies in requirements_python.txt. If you have problems installing netfilterqueue, you can download it from the source:

pip install -U git + https: //github.com/kti/python-netfilterqueue.git

Use configure.sh to download and create it Cisco Systems SRTP library.

Tools

  • FullBridge: This is a simple bash script for creating a layer2 bridge with two defined interfaces.
  • BridgeTrap: This script is useful in conjunction with the FullBridge tool. It will reflect the movement of the bridge (bridge) in a defined interface e.g. a raspberry pi with two interfaces for bridge and one as monitoring.
  • DoubleEncapsulation: Αυτό το πρόγραμμα python θα δημιουργήσει ένα διπλό πακέτο ICMP και θα το στείλει στον προορισμό - πιθανό VLAN Hopping.
  • : Εργαλείο για απόκριση σε αίτημα NTP σε θέση (also with FullBridge) timestamped in the past or future. You can easily check if the client (VoIP phone) checks the validity of the server certificate (SIPS, H.323s, HTTPS, LDAPS, etc.), or just use it as a DOS tool.
  • VlanEnum: This bash script creates virtual 802.1Q interfaces with VLAN tags and waits for possible DHCP responses. If download was possible s IP, the interface will remain live, otherwise it will be deleted.
  • SaCLaC: Includes two prothe pythons. One to spoof LLDP-MED packets to get into the VoIP VLAN or to trigger a DoS by instructing the client to set a VLAN tag, and one to parse the CDP information of a PCAP file.
  • DecodeSRTP: This script makes it easy to use SRTP library of Cisco systems to decrypt an SRTP-SDES stream if the AES key was extracted from the signal compartment.
  • SIPCraft: Αυτό το εργαλείο έρχεται με ορισμένα βασικά μηνύματα SIP (ΕΓΓΡΑΦΗ, ΕΠΙΛΟΓΕΣ, ΚΑΛΕΣΤΕ, BYE), αλλά είναι επίσης για τη δημιουργία του δικού σας μηνύματος SIP χρησιμοποιώντας την επιλογή "- άτομο". Με αυτήν την επιλογή μπορείτε να αποθηκεύσετε το περιεχόμενο SIP σε ένα απλό αρχείο κειμένου και, στη συνέχεια, να το πλαστογραφήσετε με το εργαλείο sip craft. Το σενάριο υποστηρίζει TCP και UDP.
  • CrackTheSIP: A simple brute force tool to break SIP digest authentication using a word list.
  • ZRTPDowngrade: A tool for removing packages started with ZRTP in a man-in-the-middle position.
  • EvilSTUN: A simple tool for fake STUN answers.
  • SIPFuzz: A tool for SIP fuzzing.
  • SIPEnum: This tool lists SIP extensions from a given file.
  • SIPBrute: A tool for online brute force attacks against SIP proxies.
  • RTPFuzz: A tool for removing random RTP packets (noise) in current streams.

Use

python3 wirebug.py

You can download the program from here.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

penetration testingVoice-over-IP

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).