VoIP Wars: Destroying Jar Jar Lync Materials

VoIP Wars: Destroying Jar Jar Lync has been presented at Blackhat Europe 2015, GSEC Hack In The Box Singapore 2015 and Ruxcon 2015. The presentation contains newly published security vulnerabilities for the Microsoft Skype for Business platform, a test methodology and a customised testing tool named Viproxy. The unfiltered edition of the presentation, Viproxy 2.0, exploits, security advisory and demonstration video are available below.

VoIP Wars: Destroying Jar Jar Lync (HITB Singapore presentation video)



VoIP Wars: Destroying Jar Jar Lync (Presentation) 

SOS-15-005 – Microsoft Skype for Business 2016 unauthorised script execution security advisory (including P0C exploits)

http://www.senseofsecurity.com.au/advisories/SOS-15-005.pdf

SOS-15-005 – Microsoft Skype for Business 2016 unauthorised script execution demonstration

Viproxy 2.0

http://viproy.com/files/viproxy-2.0.zip

Detailed information about Viproy VoIP Pen-Test Kit and VoIP Wars research series.

http://www.viproy.com 

VoIP Wars – Destroying Jar Jar Lync (Filtered version)

Enterprise companies are increasingly using Microsoft Lync 2010/2013 (a.k.a Skype for Business 2015) services as call centre, internal communication, cloud communication and video conference platform. These services are based on the VoIP and instant messaging protocols, and support multiple client types such as Microsoft Office 365, Microsoft Lync, Skype for Business, IP phones and teleconference devices. Also the official clients are available for mobile devices (e.g. Windows phone, Android and iOS), desktops (Mac, Linux and Windows) and web applications developed with .NET framework. Although the Microsoft Lync platform has been developed along with the new technologies, it still suffers from old VoIP, teleconference and platform issues.

Modern VoIP attacks can be used to attack Microsoft Lync environments to obtain unauthorised access to the infrastructure. Open MS Lync frontend and edge servers, insecure federation security design, lack of encryption, insufficient defence for VoIP attacks and insecure compatibility options may allow attackers to hijack enterprise communications. The enterprise users and employees are also the next generation targets for these attackers. They can attack client soft phones and handsets using the broken communication, invalid protocol options and malicious messaging content to compromise sensitive business assets. These attacks may lead to privacy violations, legal issues, call/toll fraud and intelligence collection.

Attack vectors and practical threats against the Microsoft Lync ecosystem will be presented with newly published vulnerabilities and Microsoft Lync testing modules of the Viproy VoIP kit developed by the speaker. This will be accompanied by live demonstrations against a test environment.

•    A brief introduction to Microsoft Lync ecosystem
•    Security requirements, design vulnerabilities and priorities
•    Modern threats against commercial Microsoft Lync services
•    Demonstration of new attack vectors against target test platform

Viproy VoIP penetration testing kit 2.99.1 is released.

Viproy VoIP penetration testing kit 2.99.1 is released. This version requires ruby 2.1.5/2.1.6 and current Github version of the Metasploit Framework.

Download: https://github.com/fozavci/viproy-voipkit

Pre-installed version: https://github.com/fozavci/metasploit-framework-with-viproy

New features:

• SIP message and MSRP supports with SIP INVITE
• MSRP message tester, MSRP and SDP PoC fuzzers
• PoC client exploits for Boghe VoIP client 
• and bug fixes for the current version of the Metasploit Framework.

New modules and libraries released:

• MSRP library for MSRP messaging
• Boghe VoIP Client INVITE PoC Exploit 
• Boghe VoIP Client MSRP PoC Exploit 
• SIP Message with INVITE Support 
• Sample SIP SDP Fuzzer 
• MSRP Message Tester with SIP INVITE Support 
• Sample MSRP Message Fuzzer with SIP INVITE Support 
• Sample MSRP Message Header Fuzzer with SIP INVITE Support 

The Art of VoIP Hacking - DEF CON 23 Workshop Materials

The Art of VoIP Hacking workshop has beed provided during the DEF CON 23 USA last week. We have discussed about the VoIP vulnerabilities, design issues and current treats targeting the VoIP environments. In addition, we have also demonstrated the major attack vectors for the VoIP services including the advanced SIP attacks, exploitation of the VoIP server vulnerabilities, Cisco Skinny attacks, attacking Cisco hosted VoIP services (CUCM/CUCDM), decryption of the SRTP traffic and exploitation of the VoIP client vulnerabilities. Over than 35 attendees have used the Viproy VoIP Penetration Testing Kit to attack to the test environment which has samples for each attack exercises. The following materials are provided for the DEF CON 23 workshop, but also for the VoIP community to improve unified communications security. 

Defcon 23 Workshop: The Art of VoIP Hacking

VoIP attacks have evolved, and they are targeting Unified Communications (UC), commercial services, hosted environment and call centres using major vendor and protocol vulnerabilities. This workshop is designed to demonstrate these cutting edge VoIP attacks, and improve the VoIP skills of the incident response teams, penetration testers and network engineers. Signalling protocols are the centre of UC environments, but also susceptible to IP spoofing, trust issues, call spoofing, authentication bypass and invalid signalling flows. They can be hacked with legacy techniques, but a set of new attacks will be demonstrated in this workshop. This workshop includes basic attack types for UC infrastructure, advanced attacks to the SIP and Skinny protocol weaknesses, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy use to analyse signalling services using novel techniques. Also the well-known attacks to the network infrastructure will be combined with the current VoIP vulnerabilities to test the target workshop network. Attacking VoIP services requires limited knowledge today with the Viproy Penetration Testing Kit (written by Fatih). It has a dozen modules to test trust hacking issues, information collected from SIP and Skinny services, gaining unauthorised access, call redirection, call spoofing, brute-forcing VoIP accounts, Cisco CUCDM exploitation and debugging services using as MITM. Furthermore, Viproy provides these attack modules in the Metasploit Framework environment with full integration. The workshop contains live demonstration of practical VoIP attacks and usage of the Viproy modules.

In this hands-on workshop, attendees will learn about basic attack types for UC infrastructure, advanced attacks to the SIP protocol weaknesses, Cisco Skinny protocol hacking, hacking Cisco CUCDM and CUCM servers, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy VoIP pen-test kit to analyse VoIP services using novel techniques. New CDP, CUCDM and Cisco Skinny modules and techniques of Viproy will be demonstrated in the workshop as well.

Details and registration

https://www.defcon.org/html/defcon-23/dc-23-workshops-schedule.html#Ozavci 

Who should attend

Penetration testers, VoIP engineers, security engineers, internal auditors and all hackers who have a wireless card and a VM player.

Workshop Requirements

Participants should have an up to date Kali Linux virtual machine with Metasploit Framework. (The disk image will be provided by the tutors)

Christos Archimandritis has nearly 5 years’ of experience in information security consulting, having performed various security assessments for clients in the banking, telecom and government sector. Prior to joining Sense of Security, he was a senior security consultant with a major consulting company in Europe. While working there, he performed network and web application penetration tests, mobile application penetration tests and wireless assessments for various clients in Europe and the Middle East. Before that, he worked in the European branch of a major company in the automotive sector, developing solutions for the company’s SAP and Business Objects environments as well as administering the company’s data warehouse.

Linkedin : http://gr.linkedin.com/pub/chris-archimandritis/52/580/478

Fatih Ozavci is a Security Researcher, Principal Security Consultant with Sense of Security, and the author of the Viproy VoIP Penetration Testing Kit. Fatih has discovered several previously unknown security vulnerabilities and design flaws in IMS, Unified Communications, Embedded Devices, MDM, Mobility and SAP integrated environments for his customers. He has completed several unique penetration testing services during his career of more than 15 years. His current research is based on securing IMS/UC services, IPTV systems, attacking mobile VoIP clients, VoIP service level vulnerabilities, SaaS, mobility security testing, hardware hacking and MDM analysis. Fatih has presented his VoIP and mobile research at BlackHat USA’14, DefCon 22 and 21, Troopers’15, Cluecon 2013 and Ruxcon 2013. He has also provided VoIP and Mobility Security Testing workshop at AustCert’14, Kiwicon'15 and Troopers'15 events.

Homepage : http://viproy.com/fozavci
Linkedin : http://tr.linkedin.com/pub/fatih-ozavci/54/a71/a94

Training: Tactical VoIP Hacking with Viproy | Troopers 15

SIP and Skinny servers provide signalling services and they are the centre of Unified Communication networks and VoIP services. Signalling protocols are susceptible to IP spoofing, proxy trust issues, call spoofing, authentication bypass and bogus signalling flows. It can be hacked with legacy techniques, but a few new attack types will be demonstrated in this training. This training includes basic attack types for UC infrastructure, advanced attacks to the SIP and Skinny protocol weaknesses, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy to analyse SIP services using novel techniques.

Attacking VoIP services requires limited knowledge today with the Viproy Penetration Testing Kit (written by the trainer). It has a dozen modules to test trust hacking issues, information collected from SIP and Skinny services, gaining unauthorised access, call redirection, call spoofing, brute-forcing VoIP accounts and debugging services using as MITM. Furthermore, Viproy provides these attack modules in a Metasploit Framework environment and full integration. The training contains live demonstration of practical VoIP attacks and usage of new Viproy modules.

Registration : Troopers 15  

Training Agenda

1. Network Infrastructure 
2. VoIP Server Security
3. Signalling Security
1. Signalling Essentials
2. Testing of SIP and Skinny Services
4. Media Transport Security
1. Media Transport Essentials
2. Testing of RTP, SRTP and Proxy Services
5. Cloud VoIP Solutions Security
6. VoIP Client Security
7. Capture the Flag

Progress of the Viproy pull requests for the Metasploit Framework

I saw a few challenges to submit Viproy modules to the Metasploit Framework;

Firstly, I'm not a developer, but a pen-tester and a researcher. this means, I prepared this code during an engagement or in a testing environment. 400+ features/skills are implemented in the SIP/Skinny libraries and modules, some skills/features require special systems which I have no access now. Because of this, I cannot provide a lab environment to test all the features/options, maybe during the Kiwicon 2015 training. That's why the source code is pretty dirty, but works in many cases, especially in VoIP pen-test engagement.

Moreover, I'm the only one who improves these modules during actual VoIP penetration tests, limited feedback and no code support. This prevents me to detect/fix errors of the software, only the Metasploit Framework team submitted code modifications on them. Thanks for all the commits and suggestions.

Finally, I have some timing issues before January 2015. "rspec" modifications and full review of the features are really hard tasks, and require a working test lab with all components. I'm not sure I can provide this time to major changes, but I will try.

I believe that Viproy should have a community support, that's why it is developed with the Metasploit Framework, not as a standalone software. These commits and comments show that it still has too much errors to fix and too much features to demonstrate. Also they show that community support is very useful, the Viproy's source code is improved by a team, not the author anymore. Basically this process does work.

Thanks for all support.

Now, we have two ways to decide;

• It may be slow, but I can support/update these pull requests with you to make Viproy a part of the Metasploit Framework, as soon as I can.
• or, preparing a good plan and waiting for 2015 Q1 for the major Viproy source improvements for the full Metasploit Framework integration.

Please think about it as a team, and suggest a way to do that. Remember, the code is licensed as the Metasploit License, you're free to fix/improve all features. I'm comfortable for the both options, the problem is only my schedule before Jan 2015.

Original post link at Github : https://github.com/rapid7/metasploit-framework/pull/4066#issuecomment-61608013

/cc @todb-r7 @jhart-r7 @jvazquez-r7 @hmoore-r7

Training: Practical VoIP Hacking with Viproy (Kiwicon'14)

We have prepared a VoIP hacking training for the Kiwicon security conference at New Zealand. The training focus is the testing of the VoIP signalling protocols using Viproy. We'll explain the VoIP essentials and the protocol basics for SIP and Skinny. Also it will be demonstrated that how we can attack to the VoIP servers using web management interfaces, essential services and signalling services. Viproy VoIP penetration testing kit will be in use for the basic and advanced attacks such as SIP trust hacking, SIP proxy bounce attack, Skinny service manipulation, CUCDM exploitation and attacking VoIP clients. If you're interested in about VoIP and attending to Kiwicon, come and join us in this training.

Registration:

You can sign up this training using the form at the Kiwicon homepage.

https://kiwicon.org/the-con/training/practical-voip-hacking-with-viproy

Viproy VoIP Testing Modules Pull Requests for Metasploit Framework

I have made some cosmetic and required changes on the source of Viproy. Some modules, names and functions are changed for the Metasploit Framework compatibility. I need your testing and development support for those modules. I have submitted the Viproy SIP, Skinny, CDP testing modules, CUCDM exploits and libraries to the Metasploit Framework repository as pull requests. Please feel free to obtain the pull requests, try the code and send comments about the code or usage.

Viproy VoIP Pen-Test Kit pull requests in the Metasploit Framework Repository:

Viproy VoIP Pen-Test Kit - SIP Testing Modules
https://github.com/rapid7/metasploit-framework/pull/4060

Viproy VoIP Pen-Test Kit - Cisco CDP Testing Module
https://github.com/rapid7/metasploit-framework/pull/4061

Viproy VoIP Pen-Test Kit - Cisco CUCDM Exploits
https://github.com/rapid7/metasploit-framework/pull/4065

Viproy VoIP Pen-Test Kit - Cisco Skinny Testing Modules
https://github.com/rapid7/metasploit-framework/pull/4066

Documentation:

Usage and packet capture samples for SIP modules are available at the following link.
https://github.com/fozavci/viproy-voipkit/blob/master/SIPUSAGE.md

Usage and packet capture samples for SIP modules are available at the following link.
https://github.com/fozavci/viproy-voipkit/blob/master/SKINNYUSAGE.md

Usage and packet capture samples for the auxiliary Viproy modules are available at the following link.
https://github.com/fozavci/viproy-voipkit/blob/master/OTHERSUSAGE.md

Potential testing targets could be VulnVoIP, AsteriskNow or SipXecs distributions.

VoIP Wars: Attack of the Cisco Phones (Black Hat USA 2014 Video)

Black Hat USA 2014 videos are published yesterday. The following video is my Black Hat USA 2014 presentation, VoIP Wars: Attack of the Cisco Phones. Also I have added the presentation itself and the live demo remake video as well.

VoIP Wars: Attack of the Cisco Phones (Video)

VoIP Wars: Attack of the Cisco Phones (Presentation)

VoIP Wars: Attack of the Cisco Phones (Live Demo Remake)

VoIP Wars and the Awesome Audience

Last year, was my first DEF CON presentation “VoIP Wars: Return of the SIP.” I really enjoyed being a part of this amazing security conference. I presented some next generation VoIP attacks such as SIP trust hacking, SIP proxy bounce attacks and attacking mobile applications through the SIP protocol. I also announced my security assessment tool Viproy VoIP penetration testing kit during the security conference.

Click here to continue reading at ACM - Computers in Entertainment

VoIP Wars: Attack of the Cisco Phones

I have shared my Cisco based hosted VoIP networks security research at Blackhat USA 2014 and DEF CON 22 last week. This research contains several different attack vectors, published vulnerabilities, unpatched vulnerabilities, Skinny protocol attacks, new SIP protocol attacks, VOSS IP phone XML services attacks and new version of Viproy VoIP penetration testing kit. I'll prepare a few detailed blog entries for them, before this, you can review the slide set and the recap of the live demos of the presentation.

VoIP Wars: Attack of the Cisco Phones (Presentation)

VoIP Wars: Attack of the Cisco Phones (Live Demo Remake)

AusCERT 2014 Tutorials from Sense of Security

Sense of Security will have 2 tutorials and 3 presentations at AusCERT 2014, details are accessible at the tutorials and the presentations pages of the event. 

Nathaniel Carew, Nadeem Ahmed Salim and I have prepared a penetration testing tutorial for mobile applications, registration link is accessible from here. We're planning to explain test procedures of the mobile pen-test, testing tools and the cutting-edge techniques. We will cover iOS and Android platforms for the tutorial, the demonstrations prepared for these platforms as well. They will be based on sample vulnerable applications and real applications from the application stores. The followings are the headlines of the mobile pen-test tutorial.

Penetration Testing for Mobile Applications and Web Services

• Mobile Applications 101
• Preparing a mobile pen-test lab 
• Auditing platform integration 
• Compile options, Encryption, Storage, Caching, Logs
• Reverse engineering
• Unpacking, Deobfuscating, Permission Management
• Source code analysis, Protection bypass, Sandbox Issues
• Runtime manipulation, Debugging
• Transport and communication features 
• Certificate pinning, MITM, Fake services

Moreover, Shawn Thompson and I have prepared an another tutorial as well, Next Generation Attacks and Countermeasures for VoIP. Registration link is accessible from here and the major tool of the tutorial, Viproy, is accessible from here. We're planning to demonstrate next generation VoIP attacks starting from the LAN attacks to the SIP, Skinny, Trust and Proxy attacks. The beta versions of the new Viproy modules will be in these demonstrations as well such as Skinny signalling protocol attacks, CDP support, Cisco vendor support for SIP, TCP and SSL support for SIP. We will prepare a test lab for the tutorial which includes different SIP servers, VLAN supported switch, Cisco SIP and Skinny services. The followings are the headlines of the mobile pen-test tutorial.

Next Generation Attacks and Countermeasures for VoIP

• Network Infrastructure Analysis
• WAN/LAN/VLAN analysis, Service discovery
• IP Telephony Server Security
• Weak configuration, Management issues
• SIP, Skinny and RTP Analysis
• Discovery, Authentication, Call tests, VAS
• Enumeration, Eavesdropping, Call Spoofing
• VoIP Clients’ Security 
• Advanced Attacks
• Trust hacking, Proxy hacking, DoS, Fuzzing

If you have further questions about these tutorials, feel free to contact me at fatih.ozavci at viproy.com. 

The Notes about my USA Trip: Defcon, Blackhat and Cluecon

I have been USA for 2 weeks. I have presented my VoIP research and Viproy VoIP Penetration Testing Kit at Blackhat Arsenal 2013, Defcon 21 and Cluecon 2013. My presentation is below, VoIP Wars: Return of the SIP and you can get Viproy from www.viproy.com. I'll share my USA experience in this blog entry, my plans about Viproy and its new modules/features will be explained in an another blog entry. 

Hacking SIP Like a Boss! (Athcon 2013) Live Demo Remake

I had a presentation at Athcon 2013, Hacking SIP Like a Boss!. I have showed a Live Demo after Basic Usage Videos. This video is remake of Live Demo part. You can check basic usage of Viproy VoIP Penetration Kit from here.

Live Demo Headlines

1. SIP Proxy Bounce Attack
2. Hacking SIP Trust Relationships
3. Attacking Mobile Applications Using SIP Trust

Viproy VoIP Penetration Kit Homepage
http://viproy.com/voipkit

Blog
http://fozavci.blogspot.com

UDP Port Scanning Using SIP Proxies

Port Scanning is an important phase of network mapping. All attacks and collected information rely on this phase. It's more important when discovering VoIP networks, because of UDP and IP based trust infrastructure. We can discover network services and SIP services via UDP scan, but we can detect only accessible servers. We need more information to execute SIP Trust based attacks. 

However a simple technique helps us to discover inaccessible SIP servers. SIP Proxies redirect SIP requests to host in SIP URI. When the request contains this header "sip:HOST:PORT", SIP Proxy try to redirect request to the target HOST and its PORT. SIP Proxy returns HOST's response if there is a response, otherwise time out error generated. We can use this configuration to scan inaccessible servers such as trusted servers, 3rd party servers and private gateway services. 

I developed a PoC scanning module to scan 3rd party servers via SIP Proxies. It's useful for UDP based SIP Server discovery. This module reports accessible servers, ports and SIP service software. I prepared a demo, this is a usage of scanning module to discover ports of 192.168.1.146 and 192.168.1.203. Vulnerable SIP Proxy is 192.168.1.145, we try to scan a port range of target hosts. 

Viproy VoIP Penetration and Exploitation Kit - Github Page

http://github.com/fozavci/viproy-voipkit

Viproy VoIP Penetration and Exploitation Kit - Homepage
http://www.viproy.com/voipkit

msf auxiliary(vsipportscan-options) > show options 

Module options (auxiliary/scanner/sip/vsipportscan-options):

   Name                    Current Setting                            Required  Description
   ----                        ---------------                                --------  -----------
   CHOST                   192.168.1.100                              no        The local client address
   CPORT                   5091                                            no        The local client port
   RHOSTS                 192.168.1.146 192.168.1.203        yes       IP Range for UDP Port Scan
   RPORTS                 5060-5065                                    yes       Port Range for UDP Port Scan
   SIP_SERVER_IP       192.168.1.145                              yes       Vulnerable SIP Server IP
   SIP_SERVER_PORT  5060                                            yes       Vulnerable SIP Server Port
   THREADS               1                                                  yes       The number of concurrent threads

msf auxiliary(vsipportscan-options) > set RPORTS 5058-5062
RPORTS => 5058-5062

msf auxiliary(vsipportscan-options) > set VERBOSE true
VERBOSE => true

msf auxiliary(vsipportscan-options) > run

[*] Starting SIP Socket on 192.168.1.100:5091
[*] Sending Packet for 192.168.1.146:5058
[*] 192.168.1.146 5058 is Close/Filtered

[*] Sending Packet for 192.168.1.146:5059
[*] 192.168.1.146 5059 is Close/Filtered

[*] Sending Packet for 192.168.1.146:5060
[+] 192.168.1.146 5060 is Open
    Server : FPBX-2.11.0beta2(11.2.1)

[*] Sending Packet for 192.168.1.146:5061
[*] 192.168.1.146 5061 is Close/Filtered

[*] Sending Packet for 192.168.1.146:5062
[*] 192.168.1.146 5062 is Close/Filtered

[*] Sending Packet for 192.168.1.203:5058
[*] 192.168.1.203 5058 is Close/Filtered

[*] Sending Packet for 192.168.1.203:5059
[*] 192.168.1.203 5059 is Close/Filtered

[*] Sending Packet for 192.168.1.203:5060
[+] 192.168.1.203 5060 is Open
    User-Agent : 3CXPhoneSystem 11.0.28976.849 (28862)

[*] Sending Packet for 192.168.1.203:5061
[*] 192.168.1.203 5061 is Close/Filtered

[*] Sending Packet for 192.168.1.203:5062
[*] 192.168.1.203 5062 is Close/Filtered

[*] Stopping SIP Sockets...
[*] Auxiliary module execution completed

Security Audit of NGN and VoIP Systems (Turkish)

I have presented a seminar about NGN and VoIP Security Analysis at Cypsec 2013 event. This slide set includes NGN and VoIP Attacking Techniques in Basic, Using Viproy VoIP Kit for Attacks and Its Features. 

Viproy - VoIP Penetration and Exploitation Testing Kit

Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.

Project Page : http://www.github.com/fozavci/viproy-voipkit
Download : https://github.com/fozavci/viproy-voipkit/archive/master.zip


Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video

This is a training video for penetration testing of SIP servers.

Chapters of Training Video
1-Footprinting of SIP Services
2-Enumerating SIP Services
3-Registering SIP Service with/without Credentials
4-Brute Force Attack for SIP Service
5-Call Initiation with/without Spoof & Credentials
6-Hacking Trust Relationships
7-Intercepting SIP Client with SIP Proxy

Hacking Trust Relationships of SIP Gateways (Video Demo)

I prepared an on-the-fly video demo for SIP Trust hacking. This video contains a demonstration about my technical paper, hacking trust relationships of SIP gateways. This paper and my "SIP Pen-Testing Kit for Metasploit" available at http://gamasec.net/fozavci/index-en.html. The tool, SIP Trust Analyzer will be available after Athcon 2013. Another Shiny demo will be presented at Athcon 2013, this video means only "it's just working".

SIP/NGN Services Pen-Testing using SIP Pen-Testing Kit (Training Video)

SIP Pen-Testing Kit for Metasploit is developed to help SIP Pen-Tests. This video prepared for demonstration and training for SIP Pen-Testing Kit.

Pen-Testing Steps in the Video

• SIP Service Discovery
• Using OPTIONS Requests
• Using REGISTER Requests
• REGISTER Without Credentials
• REGISTER With Valid Credentials
• Call Tests
• Direct INVITE Without Credentials
• INVITE With Credentials
• INVITE Spoofing With Credentials
• DOS Tests
• INVITE Sending to Valid Users (With/Without Credentials)
• INVITE Sending to Numeric Range (With/Without Credentials)
• Enumeration
• Enumerating Users and Accounts with Numeric Range (SUBSCRIBE, REGISTER, INVITE)
• Enumerating Users and Accounts with a Users File (SUBSCRIBE, REGISTER, INVITE)
• Brute Force
• Password Brute Force to a Target Account
• Password Brute Force to a Numeric Range
• Password Brute Force with a Users File

For Code
http://www.github.com/fozavci/gamasec-sipmodules