Vulnerability Analysisvoipsipauditpentestscannercracker

SIPPTS

SIPPTS is a set of tools to audit SIP-based VoIP systems. It allows pentesters to check the security of VoIP servers using the SIP protocol.

Description

SIPPTS is programmed in Python and provides multiple utilities for auditing VoIP servers and devices that use the SIP protocol. It enables security testing of PBX systems, extensions, and related components by simulating various attacks and scans.

Use cases include fast scanning for SIP services, searching for extensions on a PBX, remote password cracking, message sending, enumeration, and flooding attacks. The toolset supports both command-line and GUI interfaces for interactive pentesting.

It is designed for pentesters to identify vulnerabilities in VoIP infrastructure, such as weak authentication, information leaks, and protocol weaknesses.

How It Works

SIPPTS operates by leveraging the SIP protocol to interact with VoIP servers and devices. It uses Python libraries like python3-scapy for packet manipulation, python3-pyshark for sniffing, and others for network interactions. Subcommands implement techniques like scanning, enumeration, cracking, flooding, and RTP/RTCP bleeding attacks over SIP and WebSocket connections.

Installation

bash

sudo apt install sippts

Flags

videoAnimated help

astamiAsterisk AMI pentest

scanFast SIP scanner

extenSearch SIP extensions of a PBX

rcrackRemote password cracker

sendSend a customized message

-h, --helpshow this help message and exit

Examples

Show usage and list all available subcommands

sippts -h

Display animated help

sippts video

Show help for Asterisk AMI pentest command

sippts astami -h

Show help for fast SIP scanner command

sippts scan -h

Show help for searching SIP extensions of a PBX

sippts exten -h

Show help for remote password cracker

sippts rcrack -h

Show help for sending a customized message

sippts send -h

Launch the GUI interface and show help

sippts-gui --help

Updated 2026-04-16kali.org ↗