The SIPVicious command is
sipvicious with various subcommands, or tools. There are two types of subcommands in SIPVicious PRO:
- attack tools
- utility tools
Attack tools do what one would expect, launch attacks designed to discover vulnerabilities and easily reproduce them. Utility tools on the other hand, aid with usage of SIPVicious PRO or its attacks. For example, the SIP ping utility tool can be used to ping a target using SIP, while performing a DoS attack. For the full list of tools please follow the CUI-reference documentation.
Each subcommand is passed after the
sipvicious command. For example, to run the RTP Bleed attack on
demo.sipvicious.pro, the tester would run the following:
sipvicious rtp bleed udp://demo.sipvicious.pro
sip subcommand includes various other subcommands. For example, to enumerate the SIP methods that are allowed on a target system, the tester would run the following command:
sipvicious sip enumerate methods udp://demo.sipvicious.pro:5060
All attack tools require a positional argument for the target while utility tools might not require it. All subcommands take flags as arguments which modify the behaviour of each tool.
When making use of bash as a system shell, one can install a bash completion for the
sipvicious command. This can be done by making use of the
utils dump autocomplete subcommand. To install the auto-complete file one can execute the following commands:
sipvicious utils dump autocomplete | sudo tee /etc/bash_completion.d/sipvicious source /etc/bash_completion.d/sipvicious