work in progress
A collection of exploits for different VoIP products. Thanks to the Go Exploit Framework.
If you ended up here looking for a VoIP pentesting solution, check out
Sippts (sippts-gui in Kali) or
SIPVicious. This project is
more focused on the exploitation phase.
git clone https://github.com/jesusprubio/bluebox.git
cd bluebox
go mod tidy
go mod vendorWe follow the Go Exploit Framework recommended patterns. For convenience, the binaries are not included in this repo.
go run cve-2021-37624/main.go -v -rhost 127.0.0.1
go run cve-2021-37624/main.go -fll DEBUG -v -c -e -rhost 127.0.0.1 -rport 5061 -transport tls -msg ey -user dembele
go run cve-2021-41145/main.go -v -c -e -rhost 127.0.0.1 -fhost randA Docker Compose file is provided, including an Asterisk server to test against.
task docker # Or `docker compose up -d`- https://github.com/vulncheck-oss/go-exploit/tree/main/docs
- https://github.com/emiago/sipgo
- https://datatracker.ietf.org/doc/html/rfc3261
- https://datatracker.ietf.org/doc/html/rfc3311
- https://datatracker.ietf.org/doc/html/rfc3581
- https://datatracker.ietf.org/doc/html/rfc3265
- https://datatracker.ietf.org/doc/html/rfc7118