Friday, 5 August 2011

SiVuS–A SIP vulnerability scanner

SiVuS (a tool which is difficult to find now) has the following capabilities:

  • SIP Device Discovery
  • Sip Vulnerability Scanning
  • SIP Message Generation
The tool is Java based (hence requiring the JRE to be installed) and has a good well features GUI.

The purpose of the tool is to enable auditing (and therefor to allow for the securing) of VoIP networks. It supports Real-Time Transport Protocol (RTP) but though the tool has tabs for H.323, it does not yet support this.

The main use of the tool is in scanning and enumerating VoIP systems and looking for vulnerabilities in the implementation (that then can we hope be corrected).

The VoIP packet generator can be used for flood testing and stress tests and with some effort can also be used as a decent Fuzzing tool for VoIP.

Finally, SiVuS can be used (Cain and Able is much better at this and is still supported) to manipulate the VoIP registration and signalling.

For more details, there is a good PDF covering many aspects of SiVuS at the following site.

I will not do a complete run-through and technical write-up as there is a very good step by step process here.

Sivus does not support MGCP and H.323 scanning. We will cover tools that can do this another time.

No comments: