Skip to content

a list of awesome resources related to security and hacking of VoIP, WebRTC and VoLTE

License

Notifications You must be signed in to change notification settings

EnableSecurity/awesome-rtc-hacking

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Awesome Real-time Communications hacking & pentesting resources

Covers VoIP, WebRTC and VoLTE security related topics.

Please create a PR if you think anything should be added to this list. Let us know if you think anything should be removed.

Table of Contents

Newsletters

Presentation Slides

Videos

Advisories

Open-source tools

  • SIPVicious OSS - A set of tools to audit SIP based systems.
  • SIPPTS - Another set of tools to audit VoIP servers and devices using SIP protocol.
  • bluebox-ng - Pentesting framework using Node.js powers, focused in VoIP.
  • SigPloit - Tool which covers all used SS7, GTP (3G), Diameter (4G) or even SIP protocols for IMS and VoLTE infrastructures.
  • vsaudit - VoIP security assessment framework.
  • rtpnatscan - Tool which tests for rtpbleed vulnerability.
  • VIPROY - VoIP pentest framework which can be used with the metasploit-framework.
  • SIP Proxy - A VoIP security testing tool.
  • Metasploit auxiliary modules
  • SIPp: SIP based test tool / traffic generator.
  • Mr.SIP - SIP based audit and attack tool.
  • VoIPShark - Open Source VoIP Analysis Platform
  • Turner - PoC for tunnelling HTTP over a permissive/open TURN server.
  • sipsak - SIP swiss army knife, has some features that can be used for security testing (e.g. flood more or random mode)
  • turnproxy - Tool to abuse open TURN relays
  • SeeYouCM Thief - download and parse configuration files from Cisco phone systems searching for SSH credentials
  • stunner - a tool to test and exploit STUN, TURN and TURN over TCP servers.
  • VoIP Hopper - a tool to exploit insecure VLANs that are often found in IP Telephony infrastructure.

Papers

Blogs

Notable blog posts and articles

Books

Commercial tools

Vulnerabilities

The following are generic or common vulnerabilities that are related to either signalling, media or infrastructure.

CTFs and playgrounds

Related lists