GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → meliht → Mr.sip

meliht / Mr.sip

Licence: gpl-3.0
SIP-Based Audit and Attack Tool

Programming Languages

python
139335 projects - #7 most used programming language

Labels

pentestauditvoipattacksipdosddos

Projects that are alternatives of or similar to Mr.sip

WireBug
WireBug is a toolset for Voice-over-IP penetration testing
Stars: ✭ 142 (-46.62%)
Mutual labels:  sip, voip, pentest
Python-Botnet
This is a simple DDoS python botnet script with remote monitoring & management for education purposes.
Stars: ✭ 119 (-55.26%)
Mutual labels:  ddos, dos, attack
NTPDoser
NTP Doser is a NTP Amplification DoS/DDoS attack tool for penttesting
Stars: ✭ 96 (-63.91%)
Mutual labels:  ddos, dos, pentest
ddos
DDoS Attack & Protection Tools for Windows, Linux & Android
Stars: ✭ 84 (-68.42%)
Mutual labels:  ddos, dos, attack
Sippts
Set of tools to audit SIP based VoIP Systems
Stars: ✭ 116 (-56.39%)
Mutual labels:  voip, sip, pentest
awesome-ddos-tools
Collection of several DDos tools.
Stars: ✭ 75 (-71.8%)
Mutual labels:  ddos, dos, attack
SIPTorch
A "SIP Torture" (RFC 4475) testing suite.
Stars: ✭ 54 (-79.7%)
Mutual labels:  sip, audit, voip
pyfreebilling
Routing and rating VoIP application for service providers - API based - AGPL v3 - Based on kamailio
Stars: ✭ 75 (-71.8%)
Mutual labels:  sip, voip
AmpliSpy
Check local or remote list of DNS servers for suitability in DNS Amplification DoS.
Stars: ✭ 39 (-85.34%)
Mutual labels:  ddos, dos
Fastnetmon
FastNetMon - very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support
Stars: ✭ 2,860 (+975.19%)
Mutual labels:  dos, ddos
app
studio link - app - mirror repo only -> issues now https://gitlab.com/studio.link/app
Stars: ✭ 56 (-78.95%)
Mutual labels:  sip, voip
qSIP
VoIP/SIP client (softphone)
Stars: ✭ 20 (-92.48%)
Mutual labels:  sip, voip
baresipy
baresip python wrapper
Stars: ✭ 16 (-93.98%)
Mutual labels:  sip, voip
sip3-captain-ce
SIP3 Captain (Community Edition)
Stars: ✭ 73 (-72.56%)
Mutual labels:  sip, voip
Katari
Katari - Python Session Initiated Protocol Framework
Stars: ✭ 29 (-89.1%)
Mutual labels:  sip, voip
AmiClient
Modern .NET Standard client for accessing the Asterisk AMI protocol using async/await and Reactive Extensions (Rx)
Stars: ✭ 30 (-88.72%)
Mutual labels:  sip, voip
ciscoaxl
Python SDK for Cisco CUCM AXL API
Stars: ✭ 51 (-80.83%)
Mutual labels:  sip, voip
sip3-salto-ce
SIP3 Salto (Community Edition)
Stars: ✭ 71 (-73.31%)
Mutual labels:  sip, voip
linphone-xamarin
Linphone.org mirror for linphone-xamarin (git://git.linphone.org/linphone-xamarin.git)
Stars: ✭ 23 (-91.35%)
Mutual labels:  sip, voip
kamailioexamples
configurations for voip solution architectures and usecases involving SIP servers
Stars: ✭ 59 (-77.82%)
Mutual labels:  sip, voip
View All Similar Projects ➔

Black Hat Arsenal Black Hat Arsenal Black Hat Arsenal Offzone Moscow DEF CON 28 Black Hat Arsenal

< Mr.SIP: SIP-Based Audit and Attack Tool! >

What is Mr.SIP (public version)?

Mr.SIP is a simple console based SIP-based Audit and Attack Tool. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and then as an idea to convert it to a fully functional SIP-based penetration testing tool. So far Mr SIP resulted several academic research papers, and journal articles. Mr.SIP can also be used as SIP client simulator and SIP traffic generator.

In the current state, public version of Mr.SIP contains 3 modules; SIP-NES (network scanner), SIP-ENUM (enumerator), SIP-DAS (DoS attack simulator). It detects SIP components and existing users on the network and generate various TDoS attacks. Mr.SIP has some competitive features including; high performance multi-threading, powerful IP spoofing engine and smart SIP message generation. We have seen practitioners also use Mr.SIP as a client simulator and traffic generator.

Mr.SIP Public Version Modules

  • Network Scanner detects SIP components, manufacturer and version information.
  • SIP Enumerator identifies valid SIP users and authentications information.
  • You can performs TDoS-based attacks using DoS Attack Simulator which has a powerful IP spoofer.

What is Mr.SIP Pro (private version)?

Mr.SIP Pro is the most comprehensive attack oriented VoIP product ever! In the Pro version, we have added 7 more modules. We also extended the public modules with new features. In Pro version, it contains 10 modules in 3 categories; Information Gathering, Vulnerability Scanning and Offensive Modules. There are 2 helper components called: IP Spoofing Engine and Message Generator. Also in our roadmap; there are 5 new attack modules. In addition, we will develop an easy-to-use GUI.

Mr.SIP is a tool that should be in every pentester's and red teamer's toolbox. It detects SIP components and existing users on the network, intervenes and filters and manipulates call information, reports known vulnerabilities and exploits, develops various TDoS attacks, including status-controlled advanced ones and breaks user passwords. It also has many innovative and competitive features. For example; high performance multi-threading, IP spoofing, smart SIP message generation, self-hiding and intervention skills. Mr.SIP has also customisable scenario development framework for stateful attacks.

Information Gathering Modules:

  • SIP-NES (network scanner)
  • SIP-ENUM (SIP enumerator)
  • SIP-SNIFF (SIP traffic sniffer)
  • SIP-EAVES (call eavesdropper)

Vulnerability Scanning:

  • SIP-VSCAN (vulns & exploit scanner)

Offensive Modules:

  • SIP-DAS (DoS attack simulator)
  • SIP-MANMID (MiTM attacker)
  • SIP-ASP (attack scenario player)
  • SIP-CRACK (digest authentication cracker)
  • SIP-SIM (signaling manipulator)

Mr.SIP Pro 10 Modules (more to come)

  • Network Scanner detects SIP components, manufacturer and version information.
  • SIP Enumerator identifies valid SIP users and authentications information.
  • You can capture SIP traffic using SIP Sniffer which also supports MiTM attack.
  • Eavesdropper allows you listen the SIP traffic and collect the call-specific information and it supports MiTM attack too.
  • SIP-VSCAN detects and reports known vulnerabilities and exploits.
  • You can performs TDoS-based attacks, ush DoS Attack Simulator which has a powerful IP spoofer.
  • We have seperated MiTM Attacker which allows to act as a proxy in the network.
  • Attack Scenario Player allows to perform stateful SIP scenarios, and it has pre-defined attack scenarios, you can also add more.
  • By using SIP Password Cracker you can performs real-time digest authentication cracking by intervening which also support MiTM attack too.
  • Signaling Manipulator allows generating custom SIP messages helping to perform caller-id spoofing attacks.

Roadmap of Mr.SIP Pro:

We will add 5 new modules along with a friendly GUI. We will add fuzzing, media sniffing, media injection/manipulation, robocall (SPIT) and DTMF tone stealing features soon.

How to Support Mr.SIP

Please give star in our Github, please follow our empty Twitter account for updates. And, please subscribe our Youtube channel as we need 100 subscribers to update the URL.

If you want you get more out of Mr.SIP, check out PRO version ---> https://mrsip.gitlab.io/

Mr.SIP Pro Installation

Mr.SIP is a console based Python3 tool. In order to run Mr.SIP in your Kali, you need install some python libraries. Please see help and usage for full instructions.

pip install -r requirements.txt
apt-get install python-scapy

python3 mr.sip.py --help
python3 mr.sip.py –usage

Mr.SIP Usages:

General Usage:

python mr.sip.py [--nes|--enum|--das| --sniff| --manmid| --eaves| --crack| --sim| --asp| --vscan] [parameters]

Global Default Parameters If Not Given:
Default interface (--if=) is eth0
Default thread count (--tc=) is 10
Default destination port (--dp=) is 5060

SIP-NES Usage:

python3 mr.sip.py --nes --tn=<target_IP> --mt=options --from=<from_extention> --to=<to_extension>
python3 mr.sip.py --nes --tn=<target_network_range> --mt=invite --from=<from_extention> --to=<to_extension>
python3 mr.sip.py --nes --tn <target_network_address> --mt=subscribe --from=<from_extention> --to=<to_extension>

NOTE-1: <target_network_range> should be like 192.168.1.10-192.168.1.20
NOTE-2: <target_network> should be like 192.168.1.0
NOTE-3: You can specify the output by -i <output_file_name>. By default the output will be written to ip_list.txt file which is already exists in the repo. SIP-ENUM uses that file as an input.
NOTE-4: Default destination (--dp) is port 5060, if not given.
NOTE-5: Default message type (--mt=) is options, if not given.
NOTE-6: Supported message types: options, invite, subscribe, register
NOTE-7: from and to values can be arbitrary extension number.

Output of SIP-NES:

Alt text

SIP-ENUM Usage:

python3 mr.sip.py --enum --from=from.txt 
python3 mr.sip.py --enum --tn=<target_IP> --from=from.txt

NOTE-1: If target network (--tn) is not given, SIP-ENUM uses ip_list.txt file as an input which is output of SIP-NES.
NOTE-2: Default from user (--from=) is fromUser.txt
NOTE-3: Default message type (--mt) is subscribe, if not given.

Output of SIP-ENUM:

Alt text

SIP-DAS Usage:
By using scapy library (IP spoofing is supported)

python3 mr.sip.py --das -mt=invite -c <package_count> --tn=<target_IP> -r 
python3 mr.sip.py --das --mt=invite -c <package_count> --tn=<target_IP> -s 
python3 mr.sip.py --das --mt=invite -c <package_count> --tn=<target_IP> -m --il=ip_list.txt

By using socket library (but doesn't support IP spoofing)

python3 mr.sip.py --das -mt=invite -c <package_count> --tn=<target_IP> -r -l
python3 mr.sip.py --das --mt=invite -c <package_count> --tn=<target_IP> -s -l 
python3 mr.sip.py --das --mt=invite -c <package_count> --tn=<target_IP> -m --il=ip_list.txt -l

NOTE-1: Default to users (--to=) is toUser.txt
NOTE-2: Default from users (--from=) is fromUser.txt
NOTE-3: Default user-agent (--ua=) is userAgent.txt
NOTE-4: Default packet counter (-c=) is flood

Output of SIP-DAS:

Alt text

Media Mentions and Citations

  • Mr.SIP is evolving and actively being used by researchers and practitioners.
  • Shared on various popular forums and news sources, including BlackHat's homepage. Here
  • Cited in Cisco publications.
  • Used in Caller-ID spoofing tests as part of Turkish Standards Institute (TSE) collaboration for national VoIP standard setting studies.
  • Used in various prestigious academic publications. (Elsevier, IEEE)

References

  • I. M. Tas, B.G.Unsalver, and S. Baktir, "A Novel SIP Based Distributed Reflection Denial-of-Service Attack and an Effective Defense Mechanism", IEEE Access 2020-25937, Vol. 8, pp. 112574–112584, June. 2020 Read More
  • I. M. Tas, B. Ugurdogan, and S. Baktir, ‘‘Novel Session Initiation Protocol Based Distributed Denial-of-Service Attacks and Effective Defense Strategies,’’ Computers & Security, Vol. 63, pp. 29–44, Nov. 2016 Read More
  • Defcon28 2020
  • BlackHat EU 2019
  • BlackHat USA 2019
  • Offzone Moscow 2019
  • BlackHat Asia 2019
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].