SIPVicious PRO is a toolset for security testers, quality assurance and developers of Real-Time Communications systems. The security test tools cover VoIP and WebRTC infrastructure and applications, aiding in the discovery and demonstration of known and unknown vulnerabilities. Built off the experience gained through penetration tests done by the security researchers at Enable Security, SIPVicious PRO’s tools are packaged in a professional-grade security testing suite.
Our aim is to help vendors and implementers of VoIP and WebRTC infrastructure to build products that withstand attack. The toolset is mainly aimed at two types of users: the vendors developing RTC solutions and the service providers implementing RTC solutions. Users of SIPVicious PRO include security professionals within such organisations, quality assurance, developers and operations. If this describes you, then visit the membership page to gain access to SIPVicious PRO.
SIPVicious PRO is a command-line toolset, used during manual security testing and also in automated procedures. The tools are extremely versatile and effective in the hands of an experience manual tester. But they shine when put in use within an automated system. In fact, SIPVicious PRO is designed to be integrated with quality assurance processes. This ranges from being wrapped in simple bash scripts to integration within CI/CD pipelines and fully fledged applications where SIPVicious PRO is the engine behind the platform. For further details see the automation pages.
SIPVicious PRO comes with various features that are critical when doing offensive security testing on RTC systems, including:
Go read the features page for a full list of features that are available.
Understand what the SIPVicious PRO toolset is and when it is useful.
How to install and start using SIPVicious PRO to test for RTC security issues.
How to integrate SIPVicious PRO in your continuous integration system and perform regression testing.
Change your subscription details, get support get support and troubleshooting help.
Technical documentation is to be found around here.
RFC compliance: especially concerning SIP and RTP. This applies unless the attack requires non-compliance! ↩︎