+ Some details added to the “.jshintrc” file
+ package.json Version updated.
Bluebox-ng is a GPL VoIP/UC vulnerability scanner written using Node.js powers.
- Auto VoIP/UC penetration test (coming soon)
- Report generation (coming soon)
- RFC compliant
- SIP TLS and IPv6 support
- SIP over websockets (and WSS) support (RFC 7118)
- SHODAN, exploitsearch.net and Google Dorks
- SIP common security tools (scan, extension/password bruteforce, etc.)
- Authentication and extension brute-forcing through different types of requests
- SIP denial of service (DoS) testing
- Other common protocols brute-force: Asterisk AMI, MySQL, MongoDB, SSH, (S)FTP, HTTP(S), TFTP, LDAP, SNMP
- Some common network tools: whois, ping (also TCP), traceroute, etc.
- SRV and NAPTR discovery
- Dumb fuzzing
- Web management panels discovery
- Automatic exploit searching (Exploit DB, PacketStorm, Metasploit)
- Automatic vulnerability searching (CVE, OSVDB, NVD)
- Colored output
- Command completion
- Cross-platform support (GNU/Linux, Mac OS X and Windows, for now)
npm update -g bluebox-ng
+ Node.js: http://nodejs.org/.
— A comfortable way to keep your Node version updated is to use the official binary distributions: https://github.com/nodesource/distributions
— These scripts don’t work in Kali GNU/Linux (https://github.com/nodesource/distributions/issues/28#issuecomment-60062280), so we’ve implemented one which also installs Bluebox-ng. Yoy can use it using the next command: curl -sL https://raw.githubusercontent.com/jesusprubio/bluebox-ng/master/artifacts/installScripts/kali.sh | sudo bash –
+ Nmap (only for “nmapScan” module): http://nmap.org/
npm i -g bluebox-ng
NOTE: It takes a while because we’re using a lot of official modules (Mongo, LDAP, etc.) which need to compile some stuff.
Console client: bluebox-ng
As a library: