Release notes

The latest release notes.

v6.0.0-beta.3

Released on 2021-02-25

CUI: no changes at all

Documentation:

  • Website shifted to https://www.sipvicious.pro
  • A new members area is now available with details on how to become a paying member and other pages
  • Removed form for subscribing for the beta

SIPVicious PRO core:

  • Fixed a bug in the SIP callee utility where if registration fails, it would hang
  • SIP call utility now also supports DTMF payloads

v6.0.0-beta.2

Released on 2021-02-08

CUI:

  • sip crack online now takes input from standard input for password dictionaries, credentials and extensions apart from regular files
  • each tool now references the exact help page in the documentation
  • warnings related to license are given using standard logging so that it does not break automation systems
  • friendly warnings are now given for invalid target URIs
  • friendly warnings are now given for SIP URIs missing the sip: part of the URI

Documentation:

  • additional documentation on how to use GNU timeout to control SIPVicious in the automation pages
  • troubleshooting page has been updated with more compact instructions and configuration to generate debug files
  • tutorial updated with the new standardized output from the tools
  • basic installation instructions were added for radamsa and zzuf
  • documentation about using standard input for sip crack online dictionaries, extension file and credential files (username/password combination files) with example of how to use it with hashcat’s maskprocessor

SIPVicious PRO core:

  • specifying an invalid target URI now gives a more helpful error with an example of a valid target URI
  • RTP Bleed now exits gracefully when invalid hosts are specified as the target
  • SIP online cracker now scans password dictionary files line by line rather than reading the whole file in memory (led to crash on large files)
  • SIP DoS Flood tool now scans extension dictionary files line by line rather than reading the whole file in memory
  • fixed bug in password generation that was trying a blank password twice
  • SIP online cracker and extension enumeration tools now accept standard input instead of only local files for dictionary files etc
  • caller utility now waits until it exits so that a BYE can be correctly sent
  • by default, random numeric extensions are generated instead of alpha-numeric ones in the SIP online cracker
  • SIP crack online no longer generates more than one no response received error
  • SIP extension enumeration now adds a security issue when an extension does not require authentication
  • friendly warning is now given when the sip: part seems to be missing from a SIP URI
  • sip fuzz method now randomizes the SIP method when not specified
  • added client certificate support for TLS to the SIP DoS Flood and SIP fuzzing tools (other tools already supported this)
  • friendly warning added when setting parameters in SIP DoS Flood that causes authentication to never occur
  • fixed a crash due to divide by zero when only telephone-event is set in SDP response and no DTMF has been set
  • RTP Bleed and Inject are now both doing strict target validation, no port allowed

v6.0.0-beta.1

Released on 2020-12-02.

CUI:

  • new tool called sip fuzz method for fuzzing SIP messages
  • the results flag is now found in all tools
  • standardized output across all tools, with human-readable text and JSON support
  • standard error is used for logging while standard output is used for the results
  • exit codes standardized across all tools, inconsistencies fixed and updated for future compatibility (breaking change)

Documentation:

  • documentation shifted to https://docs.sipvicious.pro
  • major restructure of documentation pages with new sections called overview, learn, automation, documentation and support
  • new documentation for automation, including new pages detailing the new exit codes and results output
  • all cui-reference documents are now under the technical documentation section
  • new tool called sip fuzz method is documented
  • exit code documentation for each tool updated to highlight behaviour of exit codes 30 and 40
  • removed all example output from the tools which is now outdated
  • documentation for template functions now added

SIPVicious PRO core:

  • new SIP fuzzing functionality available in the core
  • Exit codes and Results are now standardized
  • SIGINT / CTRL^C now handled by all tools to exit gracefully
  • JSON Schema generation for each tool result
  • Added environment variable support in SIP templates
  • duration for sip dos flood fixed to work as expected
  • sip dos flood now caches templates for speed
  • sip dos flood refactoring for better clarity, handling of cnonce, nonce-reuse features
  • race condition fix in sip dos flood
  • fixed issue that netloop was stopping in sip dos flood and sip fuzz method, when rate was specified
  • added srtp support for sip dos flood and sip fuzz method
  • bug fix in sip dos flood with proxy authentication
  • fixed issue in sip dos flood when using auth and a 1xx message is received before a 401/7
  • fixed rtp flood to send a BYE at the end of a call
  • SIP method enumeration ignores provisional 100 responses
  • Fixed bugs in IPv6 support and made sure that all tools support IPv6
  • Fixed sip crack digest so that it exits when no responses are received

v6.0.0-alpha.5

Released on 2020-06-03.

CUI:

  • all attack tools now support exit codes
  • logfile flag now accepts JSON log file format when filename ends with .json
  • rtp and sip subcommands now all support the srtp flag
  • rtp bleed tool now supports the rate, save-pcap and save-wav flags
  • rtp flood tool now supports the SIP templates just like all sip subcommands
  • rtp inject tool now supports the send-dtmf flag
  • sip crack digestleak tool now supports the methods flag
  • sip crack online tool has now implemented the to, extensions-file, credentials, rate, range-fmt and pattern flags
  • sip dos flood tool now supports the no-prober and dictionary flags
  • sip enumerate extensions tool now supports the ext-fmt, auth-mode and register flags
  • sip enumerate methods tool does not support the conn-count flag any more
  • sip utils call now supports passing of DTMF instructions as values for the rtp-payload flag
  • sip utils templatest test now supports the credentials flag
  • sip utils ping updated to report network errors

Documentation:

  • Target demo server (demo.sipvicious.pro) now implemented, used throughout the documentation for attack examples
  • New documentation page: Getting started with instructions on how to use most of the modules
  • Documentation of each tool now has advanced examples with comments indicating their use
  • Documentation of each tool now has an example of the output that it generates
  • Examples for usage of John the ripper and Hashcat added to the digest leak CUI page
  • Credentials flag documentation updated to show how to pass usernames or passwords that contain a colon
  • Automation documentation updated to indicate the concepts that are being implemented in SVPRO for automation
  • Duration flag definition is clarified to mean the maximum amount of time allowed for the tool
  • Documentation updated to reflect that all flags with TODO, except for DTLS SRTP support, have been fully implemented now

SIPVicious PRO core:

  • All tools now support exit codes properly
  • All tools now support returning results internally (not yet fully exposed through CUI)
  • DTMF support implemented, exposed in RTP Inject and the Caller utility
  • Changed way that hostnames are used to be compatible with IPv6 targets
  • Support for SRTP in all modules that process RTP
  • RTP Bleed support for the rate limiter, pcap and wav file generation
  • Major refactoring of the RTP Bleed module
  • RTP Flood support for the rate limiter
  • Major refactoring of the RTP Inject module
  • SIP Call module now supports DMTF RTP when the RTP payload starts with dtmf:
  • Major refactoring of the SIP Callee module to handle multiple calls at a time
  • Major refactoring of the SIP Crack Online module, plus various new features such as credentials and extensions file support and range format string
  • Major refactoring of the SIP Digest Leak module to properly support caller and callee modes
  • SIP Digest Leak module now supports John the Ripper and Hashcat output formats
  • SIP Flood module now supports a prober that detects when the target starts returning SIP or connection errors
  • Major refactoring of the SIP Flood module for stateless handling of SIP calls, and new features
  • Major refactoring of the SIP Extension Enumeration module to address problems with the previous logic; addressing false positives and negatives
  • Fixed hardcoded SIP URIs in BYE in SIP Method Enumeration module
  • Improved target host validation
  • Better handling of SIGINT (or control^c) in RTP Bleed and some other modules
  • Fixed nil pointer dereference in RTP flood, rtp-stream mode
  • Better logging in SIP Callee utility
  • SIP Digest Leak attack now ends the call correctly
  • SIP Digest Leak outputs raw SIP message to file
  • Fixed nil pointer dereference in SIP DoS Flood module
  • SIP DoS Flood now implements authentication mode and supports nonce-reuse
  • SIP Extension Enumeration module now properly supports valid authentication and enumeration using fake authentication
  • Failed DNS resolution no longer causes panic
  • SIP parsing problems on TCP addressed through the SIP splitter
  • Stale challenges during SIP authentication are now handled
  • SIP INVITE flood now sets the SDP for the win

v6.0.0-alpha.4

Released on 2020-03-30.

CUI:

  • rtp flood tool supports the srtp flag
  • rtp inject has been rewritten (note: save-pcap and send-dtmf flags not yet implemented)
  • sip crack digestleak tool supports the domain flag
  • sip dos flood flags have been renamed from from-address and from-domain to from and domain
  • sip enumerate extensions tool now takes 2 new flags: from-address and credentials
  • sip enumerate extensions now supports the register flag

Documentation:

  • release notes are now included in documentation
  • Only configuration file formats supported are now JSON, TOML and YAML
  • A number of internal links have been fixed
  • Installation page updated to remove Linux arm5 and Darwin 386 builds and gives instructions on how to install the Opus dependency
  • Documentation regarding exit codes for rtp commands has been fixed; specifically exit code 4
  • srtp flag documentation provided
  • Main page: opensource SIPVicious is now referred to as SIPVicious OSS instead of legacy; it’s first release date was actually 2007
  • Troubleshooting page has contact details

SIPVicious PRO core:

  • Opus support included in various tools
  • do not use sips: URIs then connection is TLS
  • fixed bug in the sip enumerate extensions probe phase, which meant that some results were missing
  • The SIP digest leak tool, SIP repeater and ping now obey the domain option
  • sip utils repeater now sets the From address in REGISTER messages to the one specified in the parameters rather than the destination extension
  • To address in SIP method enumeration is now as expected depending on the method
  • SIP method enumeration now observes the register flag
  • RTP inject code major re-factoring
  • Crack online tool rate limiter fixed (was crashing)
  • RTP Flooder now supports duration and further srtp related updates
  • RTP Flooder now sets the payload type/codec by inspecting SDP
  • SIP online cracker now pairing requests with responses to avoid false positives and false negatives
  • SIP extension enumeration now supports keeping a registration
  • SIP Flood fixes for negative WaitGroup bugs (resulting in crashes)
  • SIP call handling now stops call if a SIP 5xx/6xx error is received
  • SIP call handling bug fix for when call is not picked up immediately
  • When handling REGISTER responses, do not send a reply if the 401/407 response does not have an authentication header
  • Bug fix for sip enum methods which was hanging on non-existent IP on UDP
  • Bug fix for closed port on methods enumerate which was causing panic
  • SRTP calls enforce RTP/SAVP profile

v6.0.0-alpha.3

Released on 2020-11-27.

CUI:

  • rtp bleed new flags are implemented: rtcp-probe-count, proto, probe-all-ports, rtp-payload and rtcp-payload
  • sip crack online tool now made available; not all features implemented yet
  • sip enumerate methods rate limiting implemented
  • sip utils call and sip utils callee now support the srtp flag
  • sip utils callee not supports the domain flag
  • fixed bug in sip utils templates dump where if templates directory already exists, the templates get replaced
  • sip utils templates test now takes flags from command line to manipulate the output
  • all sip subcommands now take the srtp flag (might be changed in the future); but not all support it yet, thus marked with TODO

Documentation:

  • all tools now each include advanced examples
  • target specification documentation now available
  • documentation about templates now live
  • further information about the codec flag (various tools) on how to specify rates and channels in the SDP
  • sip crack online documented
  • documentation about the srtp flag added
  • sip enumerate extensions documentation about ext-fmt flag now added

SIPVicious PRO core:

  • RTP Bleed tool mostly rewritten and implemented all new options to support the rtcp-probe-count, proto, probe-all-ports, rtp-payload and rtcp-payload flags
  • SRTP mode code implemented, currently only supporting SDES
  • Fixed bug when a path was passed to a WebSocket target that led to malformed SIP URIs
  • SIP call and callee supports SRTP
  • SIP Crack Online tool created; not all features implemented yet
  • SIP Flood now shows samples of data be sent
  • SIP Ping now supports BYE
  • Bug fixes for SIP Ping which would cause it to stop on timeouts on TCP/TLS/WS/WSS
  • SIP Template test tool added
  • Default NOTIFY template now includes a Contact header
  • RTP Flooder now supports SRTP