Release notes

SIPVicious PRO helps security teams, QA and developers battle-test modern VoIP and WebRTC systems, applications and protocols for manual and automated testing. For more information, visit https://www.enablesecurity.com/sipvicious/pro/.

The following are the latest release notes.

v6.0.0-experimental.6

Released on 2023-03-06

CUI:

sip utils iterator removed for now, it needs to be reworked
all changes in v6.0.0-beta.6

Documentation:

all changes in v6.0.0-beta.6

SIPVicious PRO core:

support for g726 codec
added SRTP configuration in RTP fuzzing and callee mode
RTCP fuzzing updated
all changes in v6.0.0-beta.6

v6.0.0-beta.6

Released on 2023-03-06

CUI:

sip dos flood now supports ACK, CANCEL, BYE, PRACK, INFO, REFER, UPDATE in addition to previously supported SIP methods
sip crack online tool now supports closing the connection with the close-conn flag
sip utils ping now supports using the INVITE method

Documentation:

added documentation about how SIPVicious PRO can be used from Gitlab-CI pipelines
added documentation on the new inject-config parameters: rtp-ssrc and rtp-payload-type
clarified help text for no-prober and duration flags
various advanced examples updated to reflect previous changes to the tools syntax

SIPVicious PRO core:

the SIP DoS flooder now handles slow rates better
the SIP DoS flooder now supports all the SIP methods supported in other tools
handle cases where no responses are received by the SIP DoS flooder’s prober (e.g. in the case of the ACK method)
fixed a panic when the SIP DoS flooder’s TCP socket did not receive any response
added the close connection functionality to the SIP online cracker
fixed the internal template for the REFER request which was not considered correct by UAS targets
fixed behavior when no SDP is received from a peer
various internal library updates (netloop, esfuzzing, fuzzerloop, iterator, rtp, rtpcodec)
the callee utility now handles multiple INVITEs/calls
fixed a bug in SDP key selection
added support for SSRC and payload type selection in RTP inject
fixed crash in the SIP DoS flooder when fake auth and rate were used
the callee utility no longer panics when trying to start a websocket listener
fixed behavior of repeater tool to only unregister once
SIP server, used in the callee and other tools, fixed to support setting of TLS certificates

v6.0.0-experimental.5

Released on 2022-06-24

CUI:

added interfaces support for sip dos flood tool, allowing setting of multiple source IPs
added stir-shaken-config flag to the tools that support STIR/SHAKEN
added a new tool called sip fuzz server which starts a server that fuzzes SIP UAs pointed at it
added tcp flood tool which runs a connection flood test
added sip fuzz stirshaken tool which fuzzes the Identity header in STIR/SHAKEN
added sip utils iterator tool which allows for manual fuzzing and injection tests
added rtp fuzz tool for fuzzing RTP packets

Documentation:

added documentation for new tools
added documentation for tools that now support STIR/SHAKEN configuration

SIPVicious PRO core:

all changes in v6.0.0-beta.5
the following new tools:
- RTP fuzzer
- SIP STIR/SHAKEN fuzzer
- SIP Iterator utility
- TCP flood tool
- SIP server for fuzzing

v6.0.0-beta.5

Released on 2022-06-24

CUI:

rtp inject’s default connection count is now set to 1 instead of 10
opus now defaults to rate 48000 (default was previously incorrect)
added inject-config to rtp inject command, to allow for specific RTP injection settings
documentation URLs given in each tool’s help corrected to point to https://docs.sipvicious.pro
SRTP now available to all SIPVicious PRO tools that benefit from it
added auth-config flag to sip crack online to allow for setting which hashing algorithm to use (we now support SHA too!)
credentials flag in sip crack online is now called credentials-file

Documentation:

full documentation of the srtp flag for various tools
introduced docker as a way to run SIPVicious PRO and related documentation
added inject-config documentation for the rtp inject tool
the templates test tool now has a new syntax, documentation updated to reflect that
brand new website design and structure!

SIPVicious PRO core:

SIP splitter now supports short form version of content-length
suppressed errors when BYE and ACK return errors due to not matching
sip utils ping gets a sane timeout
integer overflow fix in netloop (internal library)
RTP handler is now able to detect malformed SDP without proper IP/port
major rewrite of SipMessage header reading
fixed RTP flood bug that had a race condition in the case of SRTP
fixed opus SDP as per RFC7587
sip dos flood now supports debug and tls-key-log flag properly (was not working before)
race condition fixes for sip fuzz method
invalid templates now return a proper error
fixed IPv6 issue in SDP
malformed DTLS certificates are now handled properly
plugged in SRTP for tools that were missing it
fixed issue where content-length header would be removed if SIP body was not present
fixed race conditions in SIP DoS flood tool (affected fake authentication)
added rate limiter for RTP inject tool
fixed race condition in RTP inject
less noisy log messages for RTP inject
updated various tools (e.g. RTP flood) to support SRTP-DTLS

v6.0.0-beta.4

Released on 2021-05-12

CUI:

Added a new command list which produces a list of all available tools.
The credentials flag used for setting username and password can now optionally set the realm.
The about command can now output just the mascot by making use of the mascot flag. This is useful for demos.
Added auth-config flag which allows specification of authentication related parameters. For now, it allows specification of the hashing algorithm to be used with Digest Authentication, to support RFC 8760.
The about command now supports JSON output, so that the SIPVicious version can be read programmatically.
Added challenge-config parameter for sip crack digestleak tool that allows setting of settings in the digest challenge such as a custom realm and hashing algorithm.
A number of flags and their values were renamed for better consistency:
- rtp flood:
  - mode flag renamed to call-mode
  - values for call-mode are now callee, caller and rtp-stream
  - invite-mode flag is now called caller-mode
  - flags related to TLS handling added to rtp flood that was missing them:
    - client-cert
    - client-key
    - ca-cert
    - tls-key-log
- sip fuzz method:
  - fuzz flag renamed to fuzz-mode
  - invite-mode flag is now called caller-mode
- sip crack digestleak: mode flag renamed to call-mode
- sip enumerate extensions:
  - renamed the do-not-probe flag to no-prober
  - extensions-file flag created which replaces both the dictionary and sipuri-dictionary
  - from-address flag renamed to from
- sip utils templates dump now takes the method flag just like the rest of the tools
- sip utils templates test:
  - takes a positional argument for the target, just like the rest of the tools
  - uses the method flag just like the rest of the tools
- rtp bleed:
  - rounds which sets number of times to loop through the ports, now is not set thus resulting in infinite loops by default
  - removed the keep-probing flag which is no longer needed due to the default behavior
  - output flag created which replaces the save-pcap and save-wav flags
  - bleed-config flag created which replaces the following flags:
    - rtp-probe-count
    - rtp-probe-interval
    - rtp-attack-interval
    - rtcp-probe-count
    - rtcp-probe-interval
    - rtcp-attack-interval
- rtp inject:
  - rounds which sets number of times to loop through the ports, now is not set thus resulting in infinite loops by default
  - rtp-payload flag created which replaces the send-dtmf and send-wav flags
  - added rate flag which sets the inject rate for the tool
- sip dos flood:
  - flood-config flag created which replaces the nonce-reuse, static-cseq and static-branch flags
  - invite-mode flag is now called caller-mode
- sip utils call:
  - invite-mode flag is now called caller-mode
- removed the option to output to standard output for tls-key-log as this conflicted with JSON output
Fixed a bug in rtp flood where custom SIP templates were not being correctly loaded.

Documentation:

Introductory video added to main page; video at https://www.youtube.com/watch?v=9EL8Swns9z0.
Usage of the realm within the credentials flag is documented.
auth-config flag is now documented for all tools that support it.
Added instructions for RedHat-based Linux systems on how to install dependencies (Opus).
Future plans include STIR/SHAKEN support.
Documented bleed-config flag.
Updated examples for all new flags and those that were removed.

SIPVicious PRO core:

RTP Bleed: fixed bugs related to connectivity problems.
Race conditions in the SIP fuzzer as well as RTP Bleed fixed.
Fixed crashes in SIP fuzzer when too many concurrent connections were required.
RTP Bleed and Inject now support IPv6 (previously was broken).
Crash in Digest leak tool fixed, when callee mode was used together with register.
DTMF functionality added to RTP Bleed.
Fixed bug so that Digest Leak tool is no longer sending 200 OK together with the 401/407 challenge.
Various fixes to the internal SIP splitter to better handle SIP over connection transports.
Logging in all tools updated to provide better feedback.
SIP fuzzer now also supports the TLS keylog functionality.
Added delay when maximum requests have been reached in the SIP pinger so that all the results are received.
RTP flood now supports DTMF.
Maximum duration added for all tools so that the maximum run time can be limited.
RTP Inject now supports the rate limiter.
Fixed issue in RTP Bleed not quitting when network is down and ctrl^c or duration is reached.
SIP Digest Leak tool now supports DTMF and sending no RTP.
SIP Digest Leak tool now supports custom challenge values.
SIP Extension Enumeration tool was not exiting gracefully, returning results when ctrl^c or duration was reached.
RTP Flood in RTP-stream mode now also adheres to duration.
Exit codes fixes for RTP Flood and RTP Bleed which were not being set properly in the case of a bind error.
Fixed formatting error in standard output when multiple targets are provided and human-readable output is generated (did not affect JSON output).

v6.0.0-beta.3

Released on 2021-02-25

CUI: no changes at all

Documentation:

Website shifted to https://www.sipvicious.pro
A new members area is now available with details on how to become a paying member and other pages
Removed form for subscribing for the beta

SIPVicious PRO core:

Fixed a bug in the SIP callee utility where if registration fails, it would hang
SIP call utility now also supports DTMF payloads

v6.0.0-beta.2

Released on 2021-02-08

CUI:

sip crack online now takes input from standard input for password dictionaries, credentials and extensions apart from regular files
each tool now references the exact help page in the documentation
warnings related to license are given using standard logging so that it does not break automation systems
friendly warnings are now given for invalid target URIs
friendly warnings are now given for SIP URIs missing the sip: part of the URI

Documentation:

additional documentation on how to use GNU timeout to control SIPVicious in the automation pages
troubleshooting page has been updated with more compact instructions and configuration to generate debug files
tutorial updated with the new standardized output from the tools
basic installation instructions were added for radamsa and zzuf
documentation about using standard input for sip crack online dictionaries, extension file and credential files (username/password combination files) with example of how to use it with hashcat’s maskprocessor

SIPVicious PRO core:

specifying an invalid target URI now gives a more helpful error with an example of a valid target URI
RTP Bleed now exits gracefully when invalid hosts are specified as the target
SIP online cracker now scans password dictionary files line by line rather than reading the whole file in memory (led to crash on large files)
SIP DoS Flood tool now scans extension dictionary files line by line rather than reading the whole file in memory
fixed bug in password generation that was trying a blank password twice
SIP online cracker and extension enumeration tools now accept standard input instead of only local files for dictionary files etc
caller utility now waits until it exits so that a BYE can be correctly sent
by default, random numeric extensions are generated instead of alpha-numeric ones in the SIP online cracker
SIP crack online no longer generates more than one no response received error
SIP extension enumeration now adds a security issue when an extension does not require authentication
friendly warning is now given when the sip: part seems to be missing from a SIP URI
sip fuzz method now randomizes the SIP method when not specified
added client certificate support for TLS to the SIP DoS Flood and SIP fuzzing tools (other tools already supported this)
friendly warning added when setting parameters in SIP DoS Flood that causes authentication to never occur
fixed a crash due to divide by zero when only telephone-event is set in SDP response and no DTMF has been set
RTP Bleed and Inject are now both doing strict target validation, no port allowed

v6.0.0-beta.1

Released on 2020-12-02.

CUI:

new tool called sip fuzz method for fuzzing SIP messages
the results flag is now found in all tools
standardized output across all tools, with human-readable text and JSON support
standard error is used for logging while standard output is used for the results
exit codes standardized across all tools, inconsistencies fixed and updated for future compatibility (breaking change)

Documentation:

documentation shifted to https://docs.sipvicious.pro
major restructure of documentation pages with new sections called overview, learn, automation, documentation and support
new documentation for automation, including new pages detailing the new exit codes and results output
all cui-reference documents are now under the technical documentation section
new tool called sip fuzz method is documented
exit code documentation for each tool updated to highlight behaviour of exit codes 30 and 40
removed all example output from the tools which is now outdated
documentation for template functions now added

SIPVicious PRO core:

new SIP fuzzing functionality available in the core
Exit codes and Results are now standardized
SIGINT / CTRL^C now handled by all tools to exit gracefully
JSON Schema generation for each tool result
Added environment variable support in SIP templates
duration for sip dos flood fixed to work as expected
sip dos flood now caches templates for speed
sip dos flood refactoring for better clarity, handling of cnonce, nonce-reuse features
race condition fix in sip dos flood
fixed issue that netloop was stopping in sip dos flood and sip fuzz method, when rate was specified
added srtp support for sip dos flood and sip fuzz method
bug fix in sip dos flood with proxy authentication
fixed issue in sip dos flood when using auth and a 1xx message is received before a 401/7
fixed rtp flood to send a BYE at the end of a call
SIP method enumeration ignores provisional 100 responses
Fixed bugs in IPv6 support and made sure that all tools support IPv6
Fixed sip crack digest so that it exits when no responses are received

v6.0.0-alpha.5

Released on 2020-06-03.

CUI:

all attack tools now support exit codes
logfile flag now accepts JSON log file format when filename ends with .json
rtp and sip subcommands now all support the srtp flag
rtp bleed tool now supports the rate, save-pcap and save-wav flags
rtp flood tool now supports the SIP templates just like all sip subcommands
rtp inject tool now supports the send-dtmf flag
sip crack digestleak tool now supports the methods flag
sip crack online tool has now implemented the to, extensions-file, credentials, rate, range-fmt and pattern flags
sip dos flood tool now supports the no-prober and dictionary flags
sip enumerate extensions tool now supports the ext-fmt, auth-mode and register flags
sip enumerate methods tool does not support the conn-count flag any more
sip utils call now supports passing of DTMF instructions as values for the rtp-payload flag
sip utils templatest test now supports the credentials flag
sip utils ping updated to report network errors

Documentation:

Target demo server (demo.sipvicious.pro) now implemented, used throughout the documentation for attack examples
New documentation page: Getting started with instructions on how to use most of the modules
Documentation of each tool now has advanced examples with comments indicating their use
Documentation of each tool now has an example of the output that it generates
Examples for usage of John the ripper and Hashcat added to the digest leak CUI page
Credentials flag documentation updated to show how to pass usernames or passwords that contain a colon
Automation documentation updated to indicate the concepts that are being implemented in SVPRO for automation
Duration flag definition is clarified to mean the maximum amount of time allowed for the tool
Documentation updated to reflect that all flags with TODO, except for DTLS SRTP support, have been fully implemented now

SIPVicious PRO core:

All tools now support exit codes properly
All tools now support returning results internally (not yet fully exposed through CUI)
DTMF support implemented, exposed in RTP Inject and the Caller utility
Changed way that hostnames are used to be compatible with IPv6 targets
Support for SRTP in all modules that process RTP
RTP Bleed support for the rate limiter, pcap and wav file generation
Major refactoring of the RTP Bleed module
RTP Flood support for the rate limiter
Major refactoring of the RTP Inject module
SIP Call module now supports DMTF RTP when the RTP payload starts with dtmf:
Major refactoring of the SIP Callee module to handle multiple calls at a time
Major refactoring of the SIP Crack Online module, plus various new features such as credentials and extensions file support and range format string
Major refactoring of the SIP Digest Leak module to properly support caller and callee modes
SIP Digest Leak module now supports John the Ripper and Hashcat output formats
SIP Flood module now supports a prober that detects when the target starts returning SIP or connection errors
Major refactoring of the SIP Flood module for stateless handling of SIP calls, and new features
Major refactoring of the SIP Extension Enumeration module to address problems with the previous logic; addressing false positives and negatives
Fixed hardcoded SIP URIs in BYE in SIP Method Enumeration module
Improved target host validation
Better handling of SIGINT (or control^c) in RTP Bleed and some other modules
Fixed nil pointer dereference in RTP flood, rtp-stream mode
Better logging in SIP Callee utility
SIP Digest Leak attack now ends the call correctly
SIP Digest Leak outputs raw SIP message to file
Fixed nil pointer dereference in SIP DoS Flood module
SIP DoS Flood now implements authentication mode and supports nonce-reuse
SIP Extension Enumeration module now properly supports valid authentication and enumeration using fake authentication
Failed DNS resolution no longer causes panic
SIP parsing problems on TCP addressed through the SIP splitter
Stale challenges during SIP authentication are now handled
SIP INVITE flood now sets the SDP for the win

v6.0.0-alpha.4

Released on 2020-03-30.

CUI:

rtp flood tool supports the srtp flag
rtp inject has been rewritten (note: save-pcap and send-dtmf flags not yet implemented)
sip crack digestleak tool supports the domain flag
sip dos flood flags have been renamed from from-address and from-domain to from and domain
sip enumerate extensions tool now takes 2 new flags: from-address and credentials
sip enumerate extensions now supports the register flag

Documentation:

release notes are now included in documentation
Only configuration file formats supported are now JSON, TOML and YAML
A number of internal links have been fixed
Installation page updated to remove Linux arm5 and Darwin 386 builds and gives instructions on how to install the Opus dependency
Documentation regarding exit codes for rtp commands has been fixed; specifically exit code 4
srtp flag documentation provided
Main page: opensource SIPVicious is now referred to as SIPVicious OSS instead of legacy; it’s first release date was actually 2007
Troubleshooting page has contact details

SIPVicious PRO core:

Opus support included in various tools
do not use sips: URIs then connection is TLS
fixed bug in the sip enumerate extensions probe phase, which meant that some results were missing
The SIP digest leak tool, SIP repeater and ping now obey the domain option
sip utils repeater now sets the From address in REGISTER messages to the one specified in the parameters rather than the destination extension
To address in SIP method enumeration is now as expected depending on the method
SIP method enumeration now observes the register flag
RTP inject code major re-factoring
Crack online tool rate limiter fixed (was crashing)
RTP Flooder now supports duration and further srtp related updates
RTP Flooder now sets the payload type/codec by inspecting SDP
SIP online cracker now pairing requests with responses to avoid false positives and false negatives
SIP extension enumeration now supports keeping a registration
SIP Flood fixes for negative WaitGroup bugs (resulting in crashes)
SIP call handling now stops call if a SIP 5xx/6xx error is received
SIP call handling bug fix for when call is not picked up immediately
When handling REGISTER responses, do not send a reply if the 401/407 response does not have an authentication header
Bug fix for sip enum methods which was hanging on non-existent IP on UDP
Bug fix for closed port on methods enumerate which was causing panic
SRTP calls enforce RTP/SAVP profile

v6.0.0-alpha.3

Released on 2020-11-27.

CUI:

rtp bleed new flags are implemented: rtcp-probe-count, proto, probe-all-ports, rtp-payload and rtcp-payload
sip crack online tool now made available; not all features implemented yet
sip enumerate methods rate limiting implemented
sip utils call and sip utils callee now support the srtp flag
sip utils callee not supports the domain flag
fixed bug in sip utils templates dump where if templates directory already exists, the templates get replaced
sip utils templates test now takes flags from command line to manipulate the output
all sip subcommands now take the srtp flag (might be changed in the future); but not all support it yet, thus marked with TODO

Documentation:

all tools now each include advanced examples
target specification documentation now available
documentation about templates now live
further information about the codec flag (various tools) on how to specify rates and channels in the SDP
sip crack online documented
documentation about the srtp flag added
sip enumerate extensions documentation about ext-fmt flag now added

SIPVicious PRO core:

RTP Bleed tool mostly rewritten and implemented all new options to support the rtcp-probe-count, proto, probe-all-ports, rtp-payload and rtcp-payload flags
SRTP mode code implemented, currently only supporting SDES
Fixed bug when a path was passed to a WebSocket target that led to malformed SIP URIs
SIP call and callee supports SRTP
SIP Crack Online tool created; not all features implemented yet
SIP Flood now shows samples of data be sent
SIP Ping now supports BYE
Bug fixes for SIP Ping which would cause it to stop on timeouts on TCP/TLS/WS/WSS
SIP Template test tool added
Default NOTIFY template now includes a Contact header
RTP Flooder now supports SRTP