voip-pentesting
Best for Penetration testersWorks with GitHubHigh risk
⌘source
- author
@wgpsec- language
- Python
★1.2kstars
199forks
Apr 22, 2026
✦overview.md
Key Features
- ·Discovers and enumerates SIP services and extensions
- ·Performs authentication attacks against SIP systems
- ·Executes call hijacking and eavesdropping techniques
- ·Analyzes SRTP/ZRTP security and performs downgrade attacks
- ·Tests for known VoIP vulnerabilities like RTCPBleed
- ·Provides a structured methodology from discovery to exploitation
Use Cases
- →Security teams conducting authorized penetration tests on corporate VoIP infrastructure
- →Red team operators assessing the security posture of SIP-based phone systems
- →Auditors verifying compliance with telecom security standards
- →Researchers analyzing vulnerabilities in VoIP implementations like Asterisk
Best for
- ✓Penetration testers
- ✓Security auditors
- ✓Red teams
Not ideal for
- !General network troubleshooting
- !VoIP system administration
- !Non-security-focused tasks
FAQs
name
voip-pentesting
description
VoIP/SIP 服务渗透测试方法论。涵盖 SIP 服务发现与枚举、SIP 认证攻击、通话劫持与窃听、SRTP 降级攻击、SIP 注册劫持、DoS 攻击、SRTP/ZRTP 安全分析。
当 Agent 扫描发现 SIP 端口 (5060/5061) 开放、需要测试 VoIP 基础设施安全、枚举 SIP 分机、或评估通话安全性时,触发此 Skill。
metadata:{"tags":["voip","sip","rtp","语音通信","通话劫持","sipvicious"],"category":"exploit/network-service"}
VoIP/SIP 渗透测试方法论
相关 skill: 内网嗅探 ->
network-sniffing; 中间人攻击 ->mitm-attack; 凭据爆破 ->cred-spray
深入参考
- SIP 协议详解、SIPVicious 工具链、RTP 注入/窃听、Asterisk 配置审计 -> 读 references/voip-techniques.md
整体决策树
VoIP 基础设施渗透测试
├─ Phase 1: 服务发现
│ ├─ SIP 端口扫描 (5060 UDP/TCP, 5061 TLS)
│ ├─ svmap / SIPPTS scan / Nmap -> SIP 设备发现
│ ├─ PBX 附属服务 (TFTP/HTTP/MySQL/LDAP)
│ └─ Google Dorks -> 暴露的 VoIP 管理界面
├─ Phase 2: SIP 枚举
│ ├─ 方法枚举 (OPTIONS / SIPPTS enumerate)
│ ├─ 分机枚举 (svwar / SIPPTS exten)
│ ├─ 响应头分析 -> 指纹识别
│ └─ 电话号码 OSINT
├─ Phase 3: 认证攻击
│ ├─ 在线密码爆破 (svcrack / SIPPTS rcrack)
│ ├─ 离线摘要破解 (sipdump + sipcrack)
│ ├─ SIP Digest Leak 漏洞利用
│ └─ 默认凭据
├─ Phase 4: 通话劫持与窃听
│ ├─ 网络嗅探 (Wireshark / ucsniff)
│ ├─ ARP 欺骗 -> MitM -> RTP 捕获
│ ├─ ChanSpy / ExtenSpy (Asterisk 监听)
│ ├─ RTP 注入 (rtpinsertsound / rtpmixsound)
│ └─ DTMF 码提取 (voicemail 密码)
├─ Phase 5: 安全协议分析
│ ├─ TLS 使用 -> SIP 通信加密
│ ├─ SRTP 使用 -> RTP 通信加密
│ ├─ ZRTP 使用 -> 端到端加密
│ └─ 未加密 -> 完全可嗅探
├─ Phase 6: 已知漏洞与攻击
│ ├─ RTCPBleed (RTP 代理 NAT 绕过)
│ ├─ Asterisk 配置错误 (免费拨号)
│ ├─ 分机注入
│ ├─ Click2Call 滥用
│ └─ OS/固件漏洞 (FreePBX / Elastix)
└─ DoS 攻击
$install
1-click copynpx skills add wgpsec/AboutSecurity --skill voip-pentestingSafety assessment
★
Clarity score
How clear and easy to understand the SKILL.md instructions are, rated from 1 to 5.
5/ 5
excellentVery clear and well structured, with almost no room for misunderstanding.
◎
Actionability score
How directly an agent can act on the SKILL.md instructions, rated from 1 to 5.
5/ 5
very highHighly actionable with clear, concrete steps that an agent can follow directly.