Friday, June 22, 2012

SIP Security1: Scanning VoIP/PBX Servers


To find out a device/machine which is providing VoIP service, scan for ports 5060/5061 on both UDP and TCP. By default VoIP devices run on UDP 5060 port.

We can use tools like SIPVicious svmap.py or SIPSCAN(windows only).
svmap.py is a CLI (Command Line Interface) tool whereas SIPSCAN is a GUI (Graphical User Interface) tool. SIPSCAN is username enumerator rather than a Scanner.


Both the tools support OPTIONS, INVITE and REGISTER methods to find User Agent Server (UAS). But svmap.py can be used to pass any SIP method, infact we can pass invalid argument to detect the VoIP Server.


By default SIPSCAN tries with following extensions/usernames
thisisthecanary, test, echo, admin, dave, 101 to 110 excluding 109, 201 to 210 excluding 209, 401 to 410 excluding 409 and 501 to 510 excluding 509.




While scanning with SIPSCAN leave "Target SIP Domain" as default value to example.com or add domain or IP of your SIP Server. If you leave "Target SIP Domain" blank will not show  any results but with



Happy Week end :-) !!!

1 comment:

  1. I believe all small business should have business phone service. If you are one or two employee company or in business where all your staff is on the road, then you don't really need a business line. Just get a Toll Free number and it will work on top of your staff personal cell phones. When they receive a call, it will indicate that it is a business call on their call display so they can answer it professionally. All your staff can have their own professional voicemail system. You can monitor how many calls are answered and missed. I have been usingbusiness phone service from telcan. Check them out at: Check out Check out Hosted Pbx

    ReplyDelete