enumIAX

enumIAX is designed for enumerating valid usernames on IAX protocol services, commonly used in Asterisk PBX systems. It operates in two modes: sequential username guessing based on length parameters or dictionary-based attacks using wordlists. This tool is particularly useful for penetration testers assessing the security of VoIP infrastructure by identifying valid user accounts.

The tool targets the IAX protocol, which is a native communication protocol for Asterisk servers. By sending authentication requests with different usernames, enumIAX can determine which accounts exist on the target system. This information gathering technique helps identify potential attack vectors before attempting password brute-forcing.

Use cases include VoIP security assessments, PBX penetration testing, and reconnaissance of Asterisk-based telephony systems. The tool supports session persistence and rate limiting to manage long-running enumeration tasks effectively.

enumIAX sends IAX protocol authentication requests to the target host using either sequentially generated usernames within specified length ranges or usernames from a provided dictionary file. The tool analyzes protocol responses to distinguish between valid and invalid usernames. It supports auto-save functionality with configurable intervals, rate limiting to avoid overwhelming the target, and multiple verbosity levels for monitoring progress. Session state can be saved and resumed for interrupted enumerations.