VSAP is an automated question/answer tool to audit the security of VoIP networks (SIP/H.323/RTP). It provides security topics and audit questions for the end user to complete. Once all the questions are answered, VSAP will show all satisfactory and unsatisfactory responses and display a final score.

Prerequisites: Win32
Downloads: VSAP.exe

RTP injection files can be used with nemesis, a packet injection tool, for a variety of attacks on VoIP networks using RTP. Attacks files include Flood, BYE, and Denial of Service.

Prerequisites: Linux/Nemesis
Downloads: RTP.Packet.Injection.Files

vnak combines a number of attacks against multiple protocols in to one easy to use Python tool. Its aim is to be the one tool a user needs to attack multiple VoIP protocols. The following VoIP protocols and attacks are currently supported by vnak:

IAX - Authentication Downgrade, Known Authentication Challenge, Call Hangup, Call Hold/Quelch, Registration Reject
H.323 - Registration Reject
SIP - Registration Reject, Call Reject, Known Authentication Challenge

Prerequisites: Linux/Python

Downloads:vnak

H.323 injection files can be used with nemesis, a packet injection tool, for a variety of attacks on H.323 networks. Attacks files include Replay Attacks and Denial of Service.

Prerequisites: Linux/Nemesis
Downloads:H.323.Packet.Injection.Files

H225regreject is a tool is used to disconnect H.323 calls. It first monitors the network in order to determine if a call is taking place. Once a call has been identified, it then injects a Registration Reject packet into the call.

Prerequisites: Linux/Python
Downloads: h225regreject

The IAXHangup is a tool is used to disconnect IAX calls. It first monitors the network in order to determine if a call is taking place. Once a call has been identified, it then injects a HANGUP control frame into the call.

Prerequisites: Linux/Python
Downloads: IAXHangup

IAXAuthJack is a tool used to actively perform an authentication downgrade attack and force an endpoint to reveal its password in plaintext over the network. It performs this attack by sniffing the network for traffic indicating that a registration is taking place, and then injecting a REGAUTH specifying that the endpoint should authenticate in plaintext rather then MD5 or RSA.

Prerequisites: Linux/Python
Downloads: IAXAuthJack

IAX.Brute is a passive dictionary attack tool on IAX's challenge/response authentication method. The program is written primarily to test VoIP networks that use IAX for voice communication. The proof of concept tool shows how the challenge/response authentication process used by IAX endpoints is vulnerable to an offline brute-force attack. This attack allows malicious users to steal passwords and hijack endpoint identities.

Prerequisites: Win32
Downloads: IAX.Brute

RTPInject is a minimal-setup prerequisites attack tool that injects arbitrary audio into established RTP connections. This program is written primarily to demonstrate the vulnerability of the underlying media layer for VoIP networks. The tool identifies active conversations, enumerates the media codec in use, and allows for the injection of an arbitrary audio file that is automatically transcoded into the necessary format required. Point, click, and RTPinject.

Prerequisites: Linux/Python
Downloads:
RTPInject.tar.gz
RTPInject.Dependencies.tar.gz

SIP.Tastic is a passive dictionary attack tool on SIP's digest authentication method. The program is written primarily to test VoIP networks that use SIP for session setup. The proof of concept tool shows how the digest authentication process used by SIP endpoints is vulnerable to an offline brute-force attack. This attack allows malicious users to steal passwords and hijack endpoint identities.

Prerequisites: Win 32
Downloads: SIP.Tastic.zip