SIP-DAS (DoS Attack Simulator) is a tool developed to simulate SIP-based DoS attacks. It has been developed to be used in academic work to help developing novel SIP-based DDoS attacks and defense approaches in original.
SIP-DAS was originally written in Java, but it has been rewritten using Python, so that various advantageous libraries can be used.
+ Python 2.7.x
+ python-scapy, netifaces, ipaddress, figlet & toilet
SIP-DAS comprises four main components: spoofed IP address generator, SIP message generator, message sender and scenario player. It needs outputs of SIP-NES (Network Scanner) and SIP-ENUM (Enumerator) along with some pre-defined files. SIP-DAS also provides a framework for SIP-ASP (Attack Scenario Player).
SIP-NES needs to enter the IP range or IP subnet information. It sends SIP OPTIONS message to each IP addresses in the subnet and according to the responses cevaplara göre outputs the potential SIP clients and servers on that subnet.
SIP-ENUM outputs which SIP users are valid according to the responses in that network by sending REGISTER messages to each client IP addresses on the output of SIP-NES.
git clone https://github.com/meliht/SIP-DAS && cd SIP-DAS
sudo apt-get install python-scapy python-netifaces python-ipaddress
pip2 install figlet
pip2 install toilet
usage-1: sudo ./SIP-DAS.py -i -c <numberofpackets> -s -d <sipserverIP>
usage-2: sudo ./SIP-DAS.py -i -c <numberofpackets> -m iplist.txt -d <sipserverIP>
usage-3: sudo ./SIP-DAS.py -i -c <numberofpackets> -r -d <sipserverIP>
Tips for getting SIP trace:
ngrep -W byline -d eth0 port 5060
ngrep -W byline -d eth0 port 5060 -O capture_file
ngrep -W byline -d eth0 INVITE
tcpdump -i eth0 -n -s 0 port 5060
tcpdump -i eth0 -n -s 0 port 5060 -vvv -w /home/capture_file_name
tcpdump -nqt -s 0 -A -i en0 port 5060