Sniffing & Spoofingsiphoneypotvoipfraudp2pwebhook

SentryPeer

SentryPeer is a SIP peer-to-peer honeypot for VoIP that collects bad IP addresses and phone numbers from fraudulent actors attempting calls. It enables peer-to-peer sharing of this data while allowing users to retain ownership and control over their collected information.

Description

SentryPeer functions as a fraud detection tool by letting bad actors attempt phone calls through a SIP honeypot, capturing their originating IP addresses and targeted phone numbers. This data can trigger notifications at service provider networks, enabling actions like blocking when users try to call collected numbers.

Unlike traditional systems that centralize and monetize collected data, SentryPeer emphasizes peer-to-peer sharing. Users maintain ownership of their data and can choose to share it with the SentryPeer community via P2P methods or integrate it with service provider feeds.

It protects SIP servers from bad actors and supports features like JSON logging, RESTful API, and webhooks for notifications.

How It Works

SentryPeer operates as a SIP honeypot that attracts fraudulent VoIP calls, logging the IP addresses and phone numbers involved. It supports peer-to-peer distribution of this blacklist data, avoiding central servers, with options for OAuth2-authenticated webhooks, JSON logging, and RESTful API access. Bootstrap nodes facilitate P2P connections, and data is stored in a SQLite database.

Installation

bash
sudo apt install sentrypeer

Flags

-f <DB_FILE>Set 'sentrypeer.db' location or use SENTRYPEER_DB_FILE env
-jEnable json logging or use SENTRYPEER_JSON_LOG env
-pEnable Peer to Peer mode or use SENTRYPEER_PEER_TO_PEER env
-b <BOOTSTRAP_NODE>Set Peer to Peer bootstrap node or use SENTRYPEER_BOOTSTRAP_NODE env
-i <CLIENT_ID>Set OAuth 2 client ID or use SENTRYPEER_OAUTH2_CLIENT_ID env to get a Bearer token for WebHook
-c <CLIENT_SECRET>Set OAuth 2 client secret or use SENTRYPEER_OAUTH2_CLIENT_SECRET env to get a Bearer token for WebHook
-aEnable RESTful API mode or use SENTRYPEER_API env
-w <WEBHOOK_URL>Set WebHook URL for bad actor json POSTs or use SENTRYPEER_WEBHOOK_URL env

Examples

Display help and usage information for SentryPeer
sentrypeer -h
Run SentryPeer with custom database file location
sentrypeer -f /path/to/sentrypeer.db
Enable JSON logging mode
sentrypeer -j
Enable Peer to Peer mode for data sharing
sentrypeer -p
Set bootstrap node for P2P connections
sentrypeer -b bootstrap.sentrypeer.com
Configure OAuth2 client ID and secret for webhook Bearer token
sentrypeer -i client123 -c secret456
Enable RESTful API mode
sentrypeer -a
Set webhook URL for bad actor JSON POST notifications
sentrypeer -w https://example.com/webhook
Updated 2026-04-16kali.org ↗