Bluebox-ng : Node.js VoIP penetration testing framework
Features
- Auto VoIP/UC penetration test
- Report generation
- Performance
- RFC compliant
- SIP TLS and IPv6 support
- SIP over websockets (and WSS) support (RFC 7118)
- SHODAN, exploitsearch.net and Google Dorks
- SIP common security tools (scan, extension/password bruteforce, etc.)
- Authentication and extension brute-forcing through different types of SIP requests
- SIP Torture (RFC 4475) partial support
- SIP SQLi check
- SIP denial of service (DoS) testing
- Web management panels discovery
- DNS brute-force, zone transfer, etc.
- Other common protocols brute-force: Asterisk AMI, MySQL, MongoDB, SSH, (S)FTP, HTTP(S), TFTP, LDAP, SNMP
- Some common network tools: whois, ping (also TCP), traceroute, etc.
- Asterisk AMI post-explotation
- Dumb fuzzing
- Automatic exploit searching (Exploit DB, PacketStorm, Metasploit)
- Automatic vulnerability searching (CVE, OSVDB, NVD)
- Geolocation
- Command completion
- Cross-platform support
Install
Kali GNU/Linux
curl -sL https://raw.githubusercontent.com/jesusprubio/bluebox-ng/master/artifacts/installScripts/kali2.sh | sudo bash -
Use
Console
To start the console client.
bluebox-ng
Programatically
To run it from other Node code.
const Bluebox = require('bluebox-ng');
const box = new Bluebox();
box.run('gather/network/geo', { rhost: '8.8.8.8' })
.then(res => {
console.log('Result:');
console.log(res);
})
.catch(err => {
console.log('Error:');
console.log(err);
});
Modules
- _ shodan-search _ : Find potential targets in SHODAN computer search engine.
- _ shodan-pop _ : Quick access to popular SHODAN VoIP related queries.
- *google-dorks: Find potential targets using a Google dork.
- _ sip-dns _ : DNS SRV and NAPTR discovery.
- _ sip-scan _ : A SIP host/port scanning tool.
- _ sip-brute-ext _ : Try to brute-force valid extensions of the SIP server using REGISTER (CVE-2011-2536) or INVITE (no CVE, http://goo.gl/8LRh2s ) requests.
- _ sip-brute-ext-nat _ : Try to brute-force valid extensions in Asterisk using different NAT settings (CVE-2011-4597).
- _ sip-brute-pass _ : Try to brute-force the password for an extension.
- _ sip-unauth _ : Try know if a SIP server allows unauthenticated calls.
- _ sip-unreg _ : Try to unregister another endpoint.
- _ sip-bye _ : Use BYE teardown to end an active call.
- _ sip-flood _ : Denial of service (DoS) protection mechanism stress test.
- _ dumb-fuzz _ : Really stupid fuzzer.
- _ ami-brute _ : Try to brute-force valid credentials for Asterisk AMI service.
- _ db-brute _ : Try to brute-force valid credentials for a DB (MySQL/MongoDB).
- _ ssh-brute _ : Try to brute-force valid credentials for a SSH server.
- _ sftp-brute _ : Try to brute-force valid credentials for a FTP/SFTP server.
- _ tftp-brute _ : Try to brute-force a valid file for a TFTP server.
- _ ldap-brute _ : Try to brute-force valid credentials for a LDAP/Active Directory server.
- _ http-brute _ : Try to brute-force valid credentials for an HTTP server.
- _ http-discover _ : Discover common web panel of a VoIP servers in a host (Dirscan-node).
- _ network-scan _ : Host/port scanning (Evilscan).
- _ shodan-host _ : Get indexed info of an IP address in SHODAN.
- _ shodan-vulns _ ‘: Find vulnerabilities and exploit for an specifig service version (using SHODAN API).
- _ shodan-query _ : Use a customized SHODAN VoIP query.
- _ shodan-download _ : Download an exploit.
- _ search-vulns _ : Find vulnerabilities and exploit for an specifig service version (using exploitsearch.net API).
- _ default-pass _ : Show common VoIP system default passwords.
- _ geo-locate _ : Geolozalization (Maxmind DB).
- _ get-ext-ip _ : Get you external IP address (icanhazip.com).