Command-line basics

Introduction

The SIPVicious command is sipvicious with various subcommands, or tools. There are two types of subcommands in SIPVicious PRO:

  • attack tools
  • utility tools

Attack tools do what one would expect, launch attacks designed to discover vulnerabilities and easily reproduce them. Utility tools on the other hand, aid with usage of SIPVicious PRO or its attacks. For example, the SIP ping utility tool can be used to ping a target using SIP, while performing a DoS attack. For the full list of tools please follow the CUI-reference documentation.

Each subcommand is passed after the sipvicious command. For example, to run the RTP Bleed attack on demo.sipvicious.pro, the tester would run the following:

sipvicious rtp bleed udp://demo.sipvicious.pro

The sip subcommand includes various other subcommands. For example, to enumerate the SIP methods that are allowed on a target system, the tester would run the following command:

sipvicious sip enumerate methods udp://demo.sipvicious.pro:5060

All attack tools require a positional argument for the target while utility tools might not require it. All subcommands take flags as arguments which modify the behaviour of each tool.

Command completion

When making use of bash as a system shell, one can install a bash completion for the sipvicious command. This can be done by making use of the utils dump autocomplete subcommand. To install the auto-complete file one can execute the following commands:

sipvicious utils dump autocomplete | sudo tee /etc/bash_completion.d/sipvicious
source /etc/bash_completion.d/sipvicious