Node.js VoIP penetration testing framework : Bluebox-ng

Bluebox-ng : Node.js VoIP penetration testing framework

Features

• Auto VoIP/UC penetration test
• Report generation
• Performance
• RFC compliant
• SIP TLS and IPv6 support
• SIP over websockets (and WSS) support (RFC 7118)
• SHODAN, exploitsearch.net and Google Dorks
• SIP common security tools (scan, extension/password bruteforce, etc.)
• Authentication and extension brute-forcing through different types of SIP requests
• SIP Torture (RFC 4475) partial support
• SIP SQLi check
• SIP denial of service (DoS) testing
• Web management panels discovery
• DNS brute-force, zone transfer, etc.
• Other common protocols brute-force: Asterisk AMI, MySQL, MongoDB, SSH, (S)FTP, HTTP(S), TFTP, LDAP, SNMP
• Some common network tools: whois, ping (also TCP), traceroute, etc.
• Asterisk AMI post-explotation
• Dumb fuzzing
• Automatic exploit searching (Exploit DB, PacketStorm, Metasploit)
• Automatic vulnerability searching (CVE, OSVDB, NVD)
• Geolocation
• Command completion
• Cross-platform support

Install

• Install Node.js: https://nodejs.org/download

  npm i -g bluebox-ng

Kali GNU/Linux

• curl -sL https://raw.githubusercontent.com/jesusprubio/bluebox-ng/master/artifacts/installScripts/kali2.sh | sudo bash -

Use

Console

To start the console client.

bluebox-ng

Programatically

To run it from other Node code.

const Bluebox = require('bluebox-ng');

const box = new Bluebox();

box.run('gather/network/geo', { rhost: '8.8.8.8' })
.then(res => {
  console.log('Result:');
  console.log(res);
})
.catch(err => {
  console.log('Error:');
  console.log(err);
});

Modules

• _ shodan-search _ : Find potential targets in SHODAN computer search engine.
• _ shodan-pop _ : Quick access to popular SHODAN VoIP related queries.
• *google-dorks: Find potential targets using a Google dork.
• _ sip-dns _ : DNS SRV and NAPTR discovery.
• _ sip-scan _ : A SIP host/port scanning tool.
• _ sip-brute-ext _ : Try to brute-force valid extensions of the SIP server using REGISTER (CVE-2011-2536) or INVITE (no CVE, http://goo.gl/8LRh2s ) requests.
• _ sip-brute-ext-nat _ : Try to brute-force valid extensions in Asterisk using different NAT settings (CVE-2011-4597).
• _ sip-brute-pass _ : Try to brute-force the password for an extension.
• _ sip-unauth _ : Try know if a SIP server allows unauthenticated calls.
• _ sip-unreg _ : Try to unregister another endpoint.
• _ sip-bye _ : Use BYE teardown to end an active call.
• _ sip-flood _ : Denial of service (DoS) protection mechanism stress test.
• _ dumb-fuzz _ : Really stupid fuzzer.
• _ ami-brute _ : Try to brute-force valid credentials for Asterisk AMI service.
• _ db-brute _ : Try to brute-force valid credentials for a DB (MySQL/MongoDB).
• _ ssh-brute _ : Try to brute-force valid credentials for a SSH server.
• _ sftp-brute _ : Try to brute-force valid credentials for a FTP/SFTP server.
• _ tftp-brute _ : Try to brute-force a valid file for a TFTP server.
• _ ldap-brute _ : Try to brute-force valid credentials for a LDAP/Active Directory server.
• _ http-brute _ : Try to brute-force valid credentials for an HTTP server.
• _ http-discover _ : Discover common web panel of a VoIP servers in a host (Dirscan-node).
• _ network-scan _ : Host/port scanning (Evilscan).
• _ shodan-host _ : Get indexed info of an IP address in SHODAN.
• _ shodan-vulns _ ‘: Find vulnerabilities and exploit for an specifig service version (using SHODAN API).
• _ shodan-query _ : Use a customized SHODAN VoIP query.
• _ shodan-download _ : Download an exploit.
• _ search-vulns _ : Find vulnerabilities and exploit for an specifig service version (using exploitsearch.net API).
• _ default-pass _ : Show common VoIP system default passwords.
• _ geo-locate _ : Geolozalization (Maxmind DB).
• _ get-ext-ip _ : Get you external IP address (icanhazip.com).