Skip to content

a list of awesome resources related to security and hacking of VoIP, WebRTC and VoLTE

License

Notifications You must be signed in to change notification settings

EnableSecurity/awesome-rtc-hacking

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Awesome Real-time Communications Security Awesome

A curated list of Real-time Communications (RTC) security resources focused on VoIP, WebRTC and VoLTE penetration testing, security research and vulnerability assessment.

Latest Updates

  • 2024-12: Updated broken links and references
  • 2024-12: Add new blogs

Contributing

Your contributions are always welcome! Please read the contribution guidelines first:

  • Check if the resource is still active/available
  • Add a short description for tools and papers
  • Include publication dates where applicable
  • Keep descriptions concise and clear
  • Sort entries alphabetically within sections
  • Check your spelling and grammar
  • Make sure your text editor is set to remove trailing whitespace

License

CC0

To the extent possible under law, the authors have waived all copyright and related rights to this work.

Table of Contents

Newsletters

Presentation Slides

Videos

Advisories

Open-source tools

  • SIPVicious OSS - A set of tools to audit SIP based systems
  • SIPPTS - Another set of tools to audit VoIP servers and devices using SIP protocol.
  • bluebox-ng - Pentesting framework using Node.js powers, focused in VoIP. (public archive)
  • SigPloit - Tool which covers all used SS7, GTP (3G), Diameter (4G) or even SIP protocols for IMS and VoLTE infrastructures.
  • vsaudit - VoIP security assessment framework.
  • rtpnatscan - Tool which tests for rtpbleed vulnerability.
  • VIPROY - VoIP pentest framework which can be used with the metasploit-framework.
  • SIP Proxy - A VoIP security testing tool.
  • Metasploit auxiliary modules
  • SIPp: SIP based test tool / traffic generator.
  • Mr.SIP - SIP based audit and attack tool.
  • VoIPShark - Open Source VoIP Analysis Platform
  • Turner - PoC for tunnelling HTTP over a permissive/open TURN server.
  • sipsak - SIP swiss army knife, has some features that can be used for security testing (e.g. flood more or random mode)
  • turnproxy - Tool to abuse open TURN relays
  • SeeYouCM Thief - download and parse configuration files from Cisco phone systems searching for SSH credentials
  • stunner - a tool to test and exploit STUN, TURN and TURN over TCP servers.
  • VoIP Hopper - a tool to exploit insecure VLANs that are often found in IP Telephony infrastructure.

Papers

Blogs

Notable blog posts and articles

Books

Vulnerabilities

The following are generic or common vulnerabilities that are related to either signalling, media or infrastructure.

CTFs and Learning Resources

Related lists