sip utils ping
Note
This documentation applies to SIPVicious version v6.0.0-experimental.6. Please note that only the latest version of SIPVicious PRO is supported.Summary
Ping the target using SIP
What it does
Ping the target using a SIP method of your choice. This tool is useful when testing if a target system responds to SIP messages and to monitor that target system. This tool is vaguely inspired from the ping utility and will help understand if a system is responding, if errors occur or if responses are delayed.
Tool functionality
This tool repeatedly generates and sends a SIP message and prints out basic information about the responses. The output of the tool consists of the first line in the response, the sequence number, and the response time. When the tool is stopped or comes to an end, it prints out some statistics.
Video demonstration
Command format
sipvicious sip utils ping <target1 [target2 [target3 ...]]> [flags]
Flags
--auth-config strings Specify SIP authentication configuration. See documentation for details e.g. algorithm:sha-256
-u, --credentials string Set the username and password in the following format: username:password[:realm] (e.g. 1000:test123:snowflake). Realm is optional
-D, --domain string Override domain name for the SIP address
-e, --extension string Specify a target extension or SIP URI in the To address; if not specified, a random numeric extension is used when required
-f, --from string Specify a from extension or SIP URI in the From address; if not specified, a random numeric extension is used
-i, --interval duration Interval between each ping (default 1s)
--max-requests int Set the maximum number of requests to send
-m, --method string Set the SIP message method to use (REGISTER|SUBSCRIBE|NOTIFY|PUBLISH|MESSAGE|OPTIONS|INVITE) (default "OPTIONS")
--register Maintain a registration; requires -u
--show strings Specify which response headers to monitor (default [warning])
-W, --timeout duration Time to wait for a response (default 2s)
Flags inherited from parent commands
--ca-cert string TLS CA Certificate
--client-cert string TLS client certificate
--client-key string TLS client private key
-C, --config string configuration file to use (may be JSON, TOML or YAML)
--debug set log level to debug
-T, --duration duration Stop the tool after a certain amount of time; e.g. 30s
--logfile string specify a log filename
--results string specify the filename for the result output, defaults to standard output. See documentation for information on file extension meanings
--srtp string Specify if either none, dtls or sdes to enforce SRTP for calls; format: method or method:parameters; see full documentation for details (default "none")
--templates string Directory to search for template overrides (default ".")
--tls-key-log string TLS key log
Examples
sipvicious sip utils ping udp://target:5060 --max-requests 3 --method REGISTER
sipvicious sip utils ping tcp://target:5060 --register -u user:pass -i 100ms
sipvicious sip utils ping tls://target:5061 -m OPTIONS -e 1234
sipvicious sip utils ping udp://target:5060 -T 5s
Advanced examples
# pinging with 20 maximum requests, 7 secs timeout and monitoring Server header
sipvicious sip utils ping udp://demo.sipvicious.pro:5060 --max-requests 20 --timeout 7s --show server
# specify a from address with an interval of 3 secs
sipvicious sip utils ping udp://demo.sipvicious.pro:5060 -f sip:0000@siteonsip.tld -i 3s
# registering with target and maintaining one during the pinging process
sipvicious sip utils ping udp://demo.sipvicious.pro:5060 -u 1000:1500 --register -D siteonsip.tld
# pinging extension 2000 with invite and duration 10s
sipvicious sip utils ping udp://demo.sipvicious.pro:5060 -e 2000 --duration 10s -m invite
# pinging multiple targets with the ping utility with the publish method
sipvicious sip utils ping udp://demo.sipvicious.pro:5060 tcp://demo.sipvicious.pro:5060 tls://demo.sipvicious.pro -m publish
Exit codes
Code | Description |
---|---|
40 | Security issues cannot be detected with this tool since it is a SIP utility and not an attack tool |
30 | A network connectivity issue is raised when the connection fails or when responses are missed |
Full flag documentation
Flag: --auth-config
Specify SIP authentication configuration. This flag accepts the following values:
algorithm:value
where value may bemd5
,md5-sess
,sha-256
,sha-256-sess
,sha-512-256
orsha-512-256-sess
. This value will force the tool to calculate the authorization response based on the firstWWW-Authenticate
orProxy-Authenticate
header field that matches this algorithm. If no match is found then the firstWWW-Authenticate
orProxy-Authenticate
header is selected.
Flag: --ca-cert
The CA cert can be passed when making use of client certificate authentication. The file should be formatted as PEM.
Flag: --client-cert
The client certificate must be passed when making use of client certificate authentication. The file should be formatted as PEM.
Flag: --client-key
The client key must be passed when making use of client certificate authentication. The file should be formatted as PEM.
Flag: -C
, --config
Specify a configuration file which may be a JSON, TOML and YAML config
format. To get the default settings and figure out which settings are available, one may
run the sipvicious utils dump config
command. This is typically used to create a template
configuration that can then be edited as need be.
These settings may be overwritten when the corresponding flag is explicitly set, if one is present.
Flag: -u
, --credentials
Specify valid credentials so that the request can authenticated. The following format is used username:password
(e.g. 1000:test123
).
Additionally, a realm may be specified as a third parameter (e.g. 1000:test123:snowflake
).
Flag: --debug
Tells the logger to print out debug messages.
Flag: -D
, --domain
A domain name can be specified so that the SIP URI contains that particular domain rather than the one specified as the target. This is useful for targets that expect a particular domain name.
Flag: -T
, --duration
Specify the duration of the ping test, for example 30s
, 10m
or 24h
.
Flag: -e
, --extension
This flag allows users to set a particular extension in the SIP URI, overriding the default behaviour of targeting random extensions. The value can be either just the SIP extension/username (e.g. 1234) or a SIP URI (e.g. sip:user@example.org
).
Note that in the case of OPTIONS
messages, if the extension parameter is not specified, then to URI and top most address do not contain the user part of the SIP URI (e.g. sip:example.org
). This has the effect of sending an OPTIONS
to the SIP user-agent in the case of a SIP proxy, rather than to a particular user.
Flag: -f
, --from
This flag allows users to set the From
address, overriding the default behaviour of setting a random extension or the username in the credentials when one is provided. The value can be either just the SIP extension/username (e.g. 1234) or a SIP URI (e.g. sip:user@example.org
).
Flag: -i
, --interval
Set the interval between each SIP message, e.g. 30s
or 200ms
.
Flag: --logfile
When the logfile
flag is specified, a log file is created in the location specified and logs are generated in this file instead of being sent to standard output. If the filename ends with a .json
file extension, then the output format is in JSON, otherwise it defaults to text format.
Flag: --max-requests
Specify the maximum number of messages to send before stopping the test.
Flag: -m
, --method
The SIP ping tool supports the following SIP methods:
REGISTER
SUBSCRIBE
NOTIFY
PUBLISH
MESSAGE
OPTIONS
INVITE
Flag: --register
Register requires credentials to be passed so that a REGISTER
message is sent to authenticate with a registrar server before starting the test. The registration is maintained as per SIP standards, so that authentication does not time out.
Flag: --results
When the results
flag is specified, upon completing the test, it outputs the results to the specified filename. The format for this output file is text unless the filename ends with a .json
file extension. In that case, the result output is that of JSON.
The schema for the JSON output for this submodule can be found here.
Flag: --show
Specify which response headers to display. This is useful when monitoring a particular header for changes, for example the Contact
header in an OPTIONS response which can indicate if a SIP UA is registered or not. Multiple headers can be passed, e.g. --show=contact,server,user-agent
. If the header does not exist in the response, it is simply not displayed.
The output of each specified header is displayed right after each ping update in the output.
Flag: --srtp
The srtp
flag when specified, allows users to set the SRTP mode. By default, outgoing calls do not make use of SRTP, while incoming calls automatically handle SRTP depending on the SDP body of the incoming INVITE
message. When the srtp
flag is set to none
, incoming calls do not make use of SRTP, regardless of the SDP body in an incoming INVITE
. The srtp
mode can also be either dtls
or sdes
. In both dtls
and sdes
modes, the parameters are not required and will be generated randomly as need be.
Options for both dtls
and sdes
mode may be passed after a colon. For example:
--srtp dtls:cert.crt:cert.key[:ca.crt]
where the first argument after the mode (dtls
) is the public certificatecert.crt
, then the private keycert.key
and finally, the optional certificate authority fileca.crt
--srtp sdes:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj
where the argument is the base64 encoded cryptographic master key appended with the master salt.
Note that in the case of sdes
key, the master key needs to be a valid length, which is 30 octets, for the default crypto-suite AES_CM_128_HMAC_SHA1_80
.
Flag: --templates
Allows one to set the template directory which is used to load (or save) the SIP templates.
To get the default SIP templates, make use of the sipvicious sip utils dump templates
command.
Flag: -W
, --timeout
Specify a timeout when the tool gives up waiting for a response and considers the response as not received. Increase this value when the target system is experiencing slow response times.
Flag: --tls-key-log
The TLS key log creates a file with the TLS key that can then be used to decrypt the TLS stream in tools that support it, such as Wireshark.
JSON schema
The following is the JSON schema for the JSON output of this tool:
{
"type": "object",
"properties": {
"status": {
"type": "object",
"properties": {
"returncode": { "type": "integer" },
"description": { "type": "string" }
}
},
"targets": {
"type": "array",
"items": {
"type": "object",
"properties": {
"target": { "type": "string" },
"status": {
"type": "object",
"properties": {
"returncode": { "type": "integer" },
"description": { "type": "string" }
}
},
"results": {
"type": "object",
"properties": {
"pingstats": {
"type": "array",
"items": {
"type": "object",
"properties": {
"transmitted": {"type": "integer"},
"received": {"type": "integer"},
"errors": {"type": "integer"},
"packetloss": {"type": "number"},
"duration": {"type": "string"}
}
}
}
}
},
"issues": {
"type": "object",
"properties": {
}
}
}
}
}
}
}