Exploitationsipfloodinviteudpdos

inviteflood

inviteflood is a tool for SIP/SDP INVITE message flooding over UDP/IP to target SIP systems. It sends multiple INVITE packets to overwhelm a specified flood target.

Description

inviteflood performs SIP/SDP INVITE message flooding over UDP/IP, designed to flood a target domain and IP address with INVITE messages. It was originally tested on Linux Red Hat Fedora Core 4 but is expected to work on various Linux distributions. The tool is useful for testing the resilience of SIP infrastructure against flood attacks by simulating high volumes of INVITE requests.

Use cases include penetration testing of VoIP systems, assessing denial-of-service vulnerabilities in SIP servers, and evaluating network performance under SIP flood conditions. It requires specification of network interface, target user, domain, flood target IP, and packet count to initiate the attack.

The tool outputs details such as source and destination addresses/ports, targeted user agent, and confirms the number of packets sent.

How It Works

inviteflood sends SIP/SDP INVITE messages over UDP/IP to the specified destination IP and port (default 5060). It uses the provided interface's IP as source (customizable), crafts INVITE packets targeting a user/domain, and floods with the specified number of packets. Optional parameters allow customization of source port (default discard port 9), destination port, sleep intervals between messages, and additional headers like From alias or SNOM line strings.

Installation

bash

sudo apt install inviteflood

Flags

-aflood tool "From:" alias (e.g. jane.doe)

-iIPv4 source IP address [default is IP address of interface]

-SsrcPort (0 - 65535) [default is well-known discard port 9]

-DdestPort (0 - 65535) [default is well-known SIP port 5060]

-llineString line used by SNOM [default is blank]

-ssleep time btwn INVITE msgs (usec)

-hhelp - print this usage

-vverbose output mode

Examples

Using the eth0 interface and the provided user (5000), flood the target domain (example.local) and flood target (192.168.1.5) using 100 packets

inviteflood eth0 5000 example.local 192.168.1.5 100

Flood target using empty string as target user

inviteflood eth0 "" example.local 192.168.1.5 100

Flood using named user (john.doe) and domain (enterprise.com) with 50 packets

inviteflood eth0 john.doe enterprise.com 192.168.1.5 50

Flood with custom source IP (-i) to target IPv4 domain/address

inviteflood eth0 5000 192.168.1.10 192.168.1.5 100 -i 192.168.1.202

Flood using phone number as user, custom source port (-S), and SIP destination port (-D)

inviteflood eth0 "1+210-555-1212" example.local 192.168.1.5 100 -S 1234 -D 5060

Flood with From alias (-a), verbose output (-v)

inviteflood eth0 5000 example.local 192.168.1.5 100 -a jane.doe -v

Flood with sleep time between messages (-s in usec)

inviteflood eth0 john.doe enterprise.com 192.168.1.5 200 -s 1000

Updated 2026-04-16kali.org ↗