Viproy VoIP Penetration Testing and Exploitation Kit (v4.1)

Project Page:
Download: Viproy 4.1
Author : Fatih Ozavci

Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It's developed for security testing of VoIP and Unified Communications services. Viproy has Skinny, SIP and MSRP libraries to develop custom security tests, as well as PoC security testing modules. The modules below can be used to test SIP design and authorisation flaws, Skinny service issues, cloud VoIP design issues and client software vulnerabilities. Viproy had the key role for the VoIP Wars research series presented in major security conferences including Black Hat (USA, Europe), Defcon, Troopers, Hack in the Box, Ruxcon and AusCERT.

Current testing modules:

  • SIP Register
  • SIP Invite
  • SIP Message
  • SIP Negotiate
  • SIP Options
  • SIP Subscribe
  • SIP Enumerate
  • SIP Brute Force
  • SIP Trust Hacking
  • SIP Proxy Bounce
  • SIP/SDP and MSRP PoC Fuzzers
  • Skinny Register
  • Skinny Call
  • Skinny Call Forward
  • Polycom Configuration Extractor
  • CUCDM Call Forwarder
  • CUCDM Speed Dial Manipulator
  • Cisco CDP Spoofer
  • MITM Proxy TCP
  • MITM Proxy UDP
  • Boghe IMS Client PoC Exploits
  • MSRP Client and Library

  • Viproxy MITM Proxy and Testing Tool (v3)

    Download: Viproxy 3.0 (Viproxy 2.0)
    Author : Fatih Ozavci

    Viproxy MITM Proxy and Testing Tools is developed using Metasploit Framework environment. It is a standalone Metasploit module which enables users to intercept the TCP/TLS traffic and to execute some attacks against thick client applications, mobile applications and VoIP clients. Viproxy can be used to attack the Microsoft Lync and Skype for Business environments as demonstrated during the VoIP Wars: The Phreakers Awaken in Black Hat USA 2016 and VoIP Wars: Destroying Jar Jar Lync presentation at Black Hat Europe 2015, GSEC Hack In The Box Singapore 2015 and Ruxcon 2015 events. Viproxy has magic words to perform inline attacks. It also has an online rule console to manage the attacks including INVITE subject update, MESSAGE content update and sending invalid content for fuzzing.


  • VoIP Wars: The Live Workshop - Troopers, Germany 2017

  • Departed Communications: Learn the ways to smash them - BSides Canberra, Australia 2017

  • VoIP Wars: The Phreakers Awaken - Black Hat USA 2016

  • Workshop: VoIP Wars: The Live Workshop - DEF CON 24

  • VoIP Wars: Destroying Jar Jar Lync - Blackhat Europe 15, GSEC HITB 15, Ruxcon 2015

  • Workshop: The Art of VoIP Hacking Workshop - DEF CON 23

  • Training: Tactical VoIP Hacking with Viproy - Troopers 15

  • Training: Practical VoIP Hacking with Viproy - Kiwicon 2014

  • VoIP Wars: Attack of the Cisco Phones - DEF CON 22, Blackhat USA 2014

  • Viproy VoIP Penetration Testing Kit 2.0 - Blackhat Arsenal USA 2014

  • VoIP Wars: Return of the SIP - DEF CON 21, Ruxcon 2013 (Australia)

  • Viproy VoIP Penetration Testing Kit 1.0 - Blackhat Arsenal USA 2013

  • Documentation

    Usage Samples

    Usage of SIP Modules

    Usage of Skinny Modules

    Usage of Auxiliary Viproy Modules

    Preparing The Test Network

    VulnVOIP is vulnerable SIP server, you can use it for tests
    VulnVOIP :

    Installation - Metasploit Github Edition

    Copy "lib", "modules" and "data" folders' content to Metasploit Root "/" Directory.
    Mixins.rb file (lib/msf/core/auxiliary/mixins.rb) should contain the following lines
    require 'msf/core/auxiliary/sip'
    require 'msf/core/auxiliary/skinny'

    Installation - Metasploit Pro Edition

    Copy "lib", "modules" and "data" folders' content to /opt/metasploit/apps/pro/msf3 directory.
    Mixins.rb file (/opt/metasploit/apps/pro/msf3/lib/msf/core/auxiliary/mixins.rb) should contain the following lines
    require 'msf/core/auxiliary/sip'
    require 'msf/core/auxiliary/skinny'

    For SIP Trust Analyzer module.
    Install "pcaprub" via "/opt/metasploit/ruby/bin/gem install pcaprub"
    Metasploit - How To install Pcaprub For Windows

    VoIP Wars IV: The Phreakers Awaken

    Presentation slides (Black Hat USA 2016)

    Presentation video (Black Hat USA 2016)

    VoIP Wars III: Destroying Jar Jar Lync

    Presentation slides (Blackhat Europe 2015, GSEC HITB 2015 and Ruxcon 2015)

    Demonstration of exploits

    Presentation video (Blackhat Europe 2015)

    The Art of VoIP Hacking Workshop

    Presentation file (Defcon 23)

    Demonstration videos of exercises (Defcon 23)

    VoIP Wars II: Attack of the Cisco Phones

    Presentation slides (DEF CON 22 and Blackhat 2014)

    Presentation video (Blackhat 2014)

    Presentation video (Defcon 22)

    Demonstration of exploits

    VoIP Wars I: Return of the SIP

    Presentation file (Defcon 21)

    Presentation video (Defcon 21)

    Videos & Papers

    Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video (50 mins)

    This is a training video for penetration testing of SIP servers.

    Chapters of Training Video
    1-Footprinting of SIP Services
    2-Enumerating SIP Services
    3-Registering SIP Service with/without Credentials
    4-Brute Force Attack for SIP Service
    5-Call Initiation with/without Spoof & Credentials
    6-Hacking Trust Relationships
    7-Intercepting SIP Client with SIP Proxy


    Sample Usage Video

    Hacking Trust Relationships of SIP/NGN Gateways - Video

    Hacking Trust Relationships Between SIP Gateways (PDF)