Friday, June 22, 2012

SIP Security1: Scanning VoIP/PBX Servers

To find out a device/machine which is providing VoIP service, scan for ports 5060/5061 on both UDP and TCP. By default VoIP devices run on UDP 5060 port.

We can use tools like SIPVicious or SIPSCAN(windows only). is a CLI (Command Line Interface) tool whereas SIPSCAN is a GUI (Graphical User Interface) tool. SIPSCAN is username enumerator rather than a Scanner.

Both the tools support OPTIONS, INVITE and REGISTER methods to find User Agent Server (UAS). But can be used to pass any SIP method, infact we can pass invalid argument to detect the VoIP Server.

By default SIPSCAN tries with following extensions/usernames
thisisthecanary, test, echo, admin, dave, 101 to 110 excluding 109, 201 to 210 excluding 209, 401 to 410 excluding 409 and 501 to 510 excluding 509.

While scanning with SIPSCAN leave "Target SIP Domain" as default value to or add domain or IP of your SIP Server. If you leave "Target SIP Domain" blank will not show  any results but with

Happy Week end :-) !!!


  1. I believe all small business should have business phone service. If you are one or two employee company or in business where all your staff is on the road, then you don't really need a business line. Just get a Toll Free number and it will work on top of your staff personal cell phones. When they receive a call, it will indicate that it is a business call on their call display so they can answer it professionally. All your staff can have their own professional voicemail system. You can monitor how many calls are answered and missed. I have been usingbusiness phone service from telcan. Check them out at: Check out Check out Hosted Pbx

  2. This comment has been removed by the author.

  3. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. Serious Security

  4. Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work! security guards

  5. I was just browsing through the internet looking for some information and came across your blog. I am impressed by the information that you have on this blog. It shows how well you understand this subject. Bookmarked this page, will come back for more. security company