svcrack.py - online password guessing tool for SIP devices
svcrack.py -u username [options]
target
examples: svcrack.py -u100 -d dictionary.txt
udp://10.0.0.1:5080 svcrack.py -u100 -r1-9999 -z4
10.0.0.1
- --version
- show program's version number and exit
- -h, --help
- show this help message and exit
- -v, --verbose
- Increase verbosity
- -q, --quiet
- Quiet mode
- -p PORT,
--port=PORT
- Destination port or port ranges of the SIP device - eg
-p5060,5061,8000-8100
- -P PORT,
--localport=PORT
- Source port for our packets
- -x IP,
--externalip=IP
- IP Address to use as the external ip. Specify this if you have multiple
interfaces or if you are behind NAT
- -b BINDINGIP,
--bindingip=BINDINGIP
- By default we bind to all interfaces. This option overrides that and binds
to the specified ip address
- -t SELECTTIME,
--timeout=SELECTTIME
- This option allows you to trottle the speed at which packets are sent.
Change this if you're losing packets. For example try 0.5.
- -R,
--reportback
- Send the author an exception traceback. Currently sends the command line
parameters and the traceback
- -A,
--autogetip
- Automatically get the current IP address. This is useful when you are not
getting any responses back due to SIPVicious not resolving your local
IP.
- -s NAME,
--save=NAME
- save the session. Has the benefit of allowing you to resume a previous
scan and allows you to export scans
- --resume=NAME
- resume a previous scan
- -c,
--enablecompact
- enable compact mode. Makes packets smaller but possibly less
compatible
- -u USERNAME,
--username=USERNAME
- username to try crack
- -d DICTIONARY,
--dictionary=DICTIONARY
- specify a dictionary file with passwords or - for stdin
- -r RANGE,
--range=RANGE
- specify a range of numbers. example: 100-200,300-310,400
- -e EXTENSION,
--extension=EXTENSION
- Extension to crack. Only specify this when the extension is different from
the username.
- -z PADDING,
--zeropadding=PADDING
- the number of zeros used to padd the password. the options "-r 1-9999
-z 4" would give 0001 0002 0003 ... 9999
- -n,
--reusenonce
- Reuse nonce. Some SIP devices don't mind you reusing the nonce (making
them vulnerable to replay attacks). Speeds up the cracking.
- -T TEMPLATE,
--template=TEMPLATE
- A format string which allows us to specify a template for the extensions
example svwar.py -e 1-999 --template="123%#04i999"
would scan between 1230001999 to 1230999999"
- --maximumtime=MAXIMUMTIME
- Maximum time in seconds to keep sending requests without receiving a
response back
- -D,
--enabledefaults
- Scan for default / typical passwords such as 1000,2000,3000 ... 1100, etc.
This option is off by default. Use --enabledefaults to enable this
functionality
- --domain=DOMAIN
- force a specific domain name for the SIP message, eg. -d
example.org
- --requesturi=REQUESTURI
- Force the first line URI to a specific value; e.g.
sip:999@example.org
- -6
- Scan an IPv6 address
- SIPvicious password cracker is an online password guessing tool for SIP
devices.
Copyright (C) 2021 Sandro Gauci
<sandro@enablesecurity.com>
- This program is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option)
any later version.
- This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
- You should have received a copy of the GNU General Public License along
with this program. If not, see <http://www.gnu.org/licenses/>.
The full documentation for svcrack.py can be found on
GitHub at <https://github.com/enablesecurity/sipvicious/wiki>.