svcrack - Man Page

svcrack.py -u username [options] target

examples: svcrack.py -u100 -d dictionary.txt udp://10.0.0.1:5080 svcrack.py -u100 -r1-9999 -z4 10.0.0.1

--version

show program's version number and exit

-h,  --help

show this help message and exit

-v,  --verbose

Increase verbosity

-q,  --quiet

Quiet mode

-p PORT, --port=PORT

Destination port or port ranges of the SIP device - eg -p5060,5061,8000-8100

-P PORT, --localport=PORT

Source port for our packets

-x IP, --externalip=IP

IP Address to use as the external ip. Specify this if you have multiple interfaces or if you are behind NAT

-b BINDINGIP, --bindingip=BINDINGIP

By default we bind to all interfaces. This option overrides that and binds to the specified ip address

-t SELECTTIME, --timeout=SELECTTIME

This option allows you to trottle the speed at which packets are sent. Change this if you're losing packets. For example try 0.5.

-R,  --reportback

Send the author an exception traceback. Currently sends the command line parameters and the traceback

-A,  --autogetip

Automatically get the current IP address. This is useful when you are not getting any responses back due to SIPVicious not resolving your local IP.

-s NAME, --save=NAME

save the session. Has the benefit of allowing you to resume a previous scan and allows you to export scans

--resume=NAME

resume a previous scan

-c,  --enablecompact

enable compact mode. Makes packets smaller but possibly less compatible

-u USERNAME, --username=USERNAME

username to try crack

-d DICTIONARY, --dictionary=DICTIONARY

specify a dictionary file with passwords or - for stdin

-r RANGE, --range=RANGE

specify a range of numbers. example: 100-200,300-310,400

-e EXTENSION, --extension=EXTENSION

Extension to crack. Only specify this when the extension is different from the username.

-z PADDING, --zeropadding=PADDING

the number of zeros used to padd the password. the options "-r 1-9999 -z 4" would give 0001 0002 0003 ... 9999

-n,  --reusenonce

Reuse nonce. Some SIP devices don't mind you reusing the nonce (making them vulnerable to replay attacks). Speeds up the cracking.

-T TEMPLATE, --template=TEMPLATE

A format string which allows us to specify a template for the extensions                       example svwar.py -e 1-999 --template="123%#04i999" would scan between 1230001999 to 1230999999"

--maximumtime=MAXIMUMTIME

Maximum time in seconds to keep sending requests without                       receiving a response back

-D,  --enabledefaults

Scan for default / typical passwords such as 1000,2000,3000 ... 1100, etc. This option is off by default.                       Use --enabledefaults to enable this functionality

--domain=DOMAIN

force a specific domain name for the SIP message, eg. -d example.org

--requesturi=REQUESTURI

Force the first line URI to a specific value; e.g. sip:999@example.org

-6

Scan an IPv6 address

SIPvicious password cracker is an online password guessing tool for SIP devices.

Copyright (C) 2021 Sandro Gauci <sandro@enablesecurity.com>

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program.  If not, see <http://www.gnu.org/licenses/>.

The full documentation for svcrack.py can be found on GitHub at <https://github.com/enablesecurity/sipvicious/wiki>.