Release notes

v6.0.0-alpha.5

Released on 2020-06-03.

CUI:

  • all attack tools now support exit codes
  • logfile flag now accepts JSON log file format when filename ends with .json
  • rtp and sip subcommands now all support the srtp flag
  • rtp bleed tool now supports the rate, save-pcap and save-wav flags
  • rtp flood tool now supports the SIP templates just like all sip subcommands
  • rtp inject tool now supports the send-dtmf flag
  • sip crack digestleak tool now supports the methods flag
  • sip crack online tool has now implemented the to, extensions-file, credentials, rate, range-fmt and pattern flags
  • sip dos flood tool now supports the no-prober and dictionary flags
  • sip enumerate extensions tool now supports the ext-fmt, auth-mode and register flags
  • sip enumerate methods tool does not support the conn-count flag any more
  • sip utils call now supports passing of DTMF instructions as values for the rtp-payload flag
  • sip utils templatest test now supports the credentials flag
  • sip utils ping updated to report network errors

Documentation:

  • Target demo server (demo.sipvicious.pro) now implemented, used throughout the documentation for attack examples
  • New documentation page: Getting started with instructions on how to use most of the modules
  • Documentation of each tool now has advanced examples with comments indicating their use
  • Documentation of each tool now has an example of the output that it generates
  • Examples for usage of John the ripper and Hashcat added to the digest leak CUI page
  • Credentials flag documentation updated to show how to pass usernames or passwords that contain a colon
  • Automation documentation updated to indicate the concepts that are being implemented in SVPRO for automation
  • Duration flag definition is clarified to mean the maximum amount of time allowed for the tool
  • Documentation updated to reflect that all flags with TODO, except for DTLS SRTP support, have been fully implemented now

SIPVicious PRO core:

  • All tools now support exit codes properly
  • All tools now support returning results internally (not yet fully exposed through CUI)
  • DTMF support implemented, exposed in RTP Inject and the Caller utility
  • Changed way that hostnames are used to be compatible with IPv6 targets
  • Support for SRTP in all modules that process RTP
  • RTP Bleed support for the rate limiter, pcap and wav file generation
  • Major refactoring of the RTP Bleed module
  • RTP Flood support for the rate limiter
  • Major refactoring of the RTP Inject module
  • SIP Call module now supports DMTF RTP when the RTP payload starts with dtmf:
  • Major refactoring of the SIP Callee module to handle multiple calls at a time
  • Major refactoring of the SIP Crack Online module, plus various new features such as credentials and extensions file support and range format string
  • Major refactoring of the SIP Digest Leak module to properly support caller and callee modes
  • SIP Digest Leak module now supports John the Ripper and Hashcat output formats
  • SIP Flood module now supports a prober that detects when the target starts returning SIP or connection errors
  • Major refactoring of the SIP Flood module for stateless handling of SIP calls, and new features
  • Major refactoring of the SIP Extension Enumeration module to address problems with the previous logic; addressing false positives and negatives
  • Fixed hardcoded SIP URIs in BYE in SIP Method Enumeration module
  • Improved target host validation
  • Better handling of SIGINT (or control^c) in RTP Bleed and some other modules
  • Fixed nil pointer dereference in RTP flood, rtp-stream mode
  • Better logging in SIP Callee utility
  • SIP Digest Leak attack now ends the call correctly
  • SIP Digest Leak outputs raw SIP message to file
  • Fixed nil pointer dereference in SIP DoS Flood module
  • SIP DoS Flood now implements authentication mode and supports nonce-reuse
  • SIP Extension Enumeration module now properly supports valid authentication and enumeration using fake authentication
  • Failed DNS resolution no longer causes panic
  • SIP parsing problems on TCP addressed through the SIP splitter
  • Stale challenges during SIP authentication are now handled
  • SIP INVITE flood now sets the SDP for the win

v6.0.0-alpha.4

Released on 2020-03-30.

CUI:

  • rtp flood tool supports the srtp flag
  • rtp inject has been rewritten (note: save-pcap and send-dtmf flags not yet implemented)
  • sip crack digestleak tool supports the domain flag
  • sip dos flood flags have been renamed from from-address and from-domain to from and domain
  • sip enumerate extensions tool now takes 2 new flags: from-address and credentials
  • sip enumerate extensions now supports the register flag

Documentation:

  • release notes are now included in documentation
  • Only configuration file formats supported are now JSON, TOML and YAML
  • A number of internal links have been fixed
  • Installation page updated to remove Linux arm5 and Darwin 386 builds and gives instructions on how to install the Opus dependency
  • Documentation regarding exit codes for rtp commands has been fixed; specifically exit code 4
  • srtp flag documentation provided
  • Main page: opensource SIPVicious is now referred to as SIPVicious OSS instead of legacy; it’s first release date was actually 2007
  • Troubleshooting page has contact details

SIPVicious PRO core:

  • Opus support included in various tools
  • do not use sips: URIs then connection is TLS
  • fixed bug in the sip enumerate extensions probe phase, which meant that some results were missing
  • The SIP digest leak tool, SIP repeater and ping now obey the domain option
  • sip utils repeater now sets the From address in REGISTER messages to the one specified in the parameters rather than the destination extension
  • To address in SIP method enumeration is now as expected depending on the method
  • SIP method enumeration now observes the register flag
  • RTP inject code major re-factoring
  • Crack online tool rate limiter fixed (was crashing)
  • RTP Flooder now supports duration and further srtp related updates
  • RTP Flooder now sets the payload type/codec by inspecting SDP
  • SIP online cracker now pairing requests with responses to avoid false positives and false negatives
  • SIP extension enumeration now supports keeping a registration
  • SIP Flood fixes for negative WaitGroup bugs (resulting in crashes)
  • SIP call handling now stops call if a SIP 5xx/6xx error is received
  • SIP call handling bug fix for when call is not picked up immediately
  • When handling REGISTER responses, do not send a reply if the 401/407 response does not have an authentication header
  • Bug fix for sip enum methods which was hanging on non-existent IP on UDP
  • Bug fix for closed port on methods enumerate which was causing panic
  • SRTP calls enforce RTP/SAVP profile

v6.0.0-alpha.3

Released on 2020-11-27.

CUI:

  • rtp bleed new flags are implemented: rtcp-probe-count, proto, probe-all-ports, rtp-payload and rtcp-payload
  • sip crack online tool now made available; not all features implemented yet
  • sip enumerate methods rate limiting implemented
  • sip utils call and sip utils callee now support the srtp flag
  • sip utils callee not supports the domain flag
  • fixed bug in sip utils templates dump where if templates directory already exists, the templates get replaced
  • sip utils templates test now takes flags from command line to manipulate the output
  • all sip subcommands now take the srtp flag (might be changed in the future); but not all support it yet, thus marked with TODO

Documentation:

  • all tools now each include advanced examples
  • target specification documentation now available
  • documentation about templates now live
  • further information about the codec flag (various tools) on how to specify rates and channels in the SDP
  • sip crack online documented
  • documentation about the srtp flag added
  • sip enumerate extensions documentation about ext-fmt flag now added

SIPVicious PRO core:

  • RTP Bleed tool mostly rewritten and implemented all new options to support the rtcp-probe-count, proto, probe-all-ports, rtp-payload and rtcp-payload flags
  • SRTP mode code implemented, currently only supporting SDES
  • Fixed bug when a path was passed to a WebSocket target that led to malformed SIP URIs
  • SIP call and callee supports SRTP
  • SIP Crack Online tool created; not all features implemented yet
  • SIP Flood now shows samples of data be sent
  • SIP Ping now supports BYE
  • Bug fixes for SIP Ping which would cause it to stop on timeouts on TCP/TLS/WS/WSS
  • SIP Template test tool added
  • Default NOTIFY template now includes a Contact header
  • RTP Flooder now supports SRTP