Friday, June 22, 2012

SIP Security1: Scanning VoIP/PBX Servers


To find out a device/machine which is providing VoIP service, scan for ports 5060/5061 on both UDP and TCP. By default VoIP devices run on UDP 5060 port.

We can use tools like SIPVicious svmap.py or SIPSCAN(windows only).
svmap.py is a CLI (Command Line Interface) tool whereas SIPSCAN is a GUI (Graphical User Interface) tool. SIPSCAN is username enumerator rather than a Scanner.


Both the tools support OPTIONS, INVITE and REGISTER methods to find User Agent Server (UAS). But svmap.py can be used to pass any SIP method, infact we can pass invalid argument to detect the VoIP Server.


By default SIPSCAN tries with following extensions/usernames
thisisthecanary, test, echo, admin, dave, 101 to 110 excluding 109, 201 to 210 excluding 209, 401 to 410 excluding 409 and 501 to 510 excluding 509.




While scanning with SIPSCAN leave "Target SIP Domain" as default value to example.com or add domain or IP of your SIP Server. If you leave "Target SIP Domain" blank will not show  any results but with



Happy Week end :-) !!!