Bluebox-ng released: is a GPL VoIP/UC vulnerability scanner written using Node.js powers.

Bluebox-ng is a GPL VoIP/UC vulnerability scanner written using Node.js powers.

Features 

  • Auto VoIP/UC penetration test (coming soon)
  • Report generation (coming soon)
  • RFC compliant
  • SIP TLS and IPv6 support
  • SIP over websockets (and WSS) support (RFC 7118)
  • SHODAN, exploitsearch.net and Google Dorks
  • SIP common security tools (scan, extension/password bruteforce, etc.)
  • Authentication and extension brute-forcing through different types of requests
  • SIP denial of service (DoS) testing
  • Other common protocols brute-force: Asterisk AMI, MySQL, MongoDB, SSH, (S)FTP, HTTP(S), TFTP, LDAP, SNMP
  • Some common network tools: whois, ping (also TCP), traceroute, etc.
  • SRV and NAPTR discovery
  • Dumb fuzzing
  • Web management panels discovery
  • Automatic exploit searching (Exploit DB, PacketStorm, Metasploit)
  • Automatic vulnerability searching (CVE, OSVDB, NVD)
  • Geolocation
  • Colored output
  • Command completion
  • Cross-platform support (GNU/Linux, Mac OS X and Windows, for now)

Install :

Dependencies. It should work in all systems which support Node:
Node.js: http://nodejs.org/
Nmap (only for “nmapScan” module): http://nmap.org/

Use
Console client: bluebox-ng
As a library:use bluebox-ng

Download Zipball: bluebox-ng-master.zip (97.2 KB) 
clone Git |
Sources : bluebox-ng