Linux security tools

outline

• Introduction
• PART I: Casing the Establishment
• Chapter 1: Footprinting
• Chapter 2: Scanning
• Chapter 3: Enumeration
• PART II: Exploiting the VoIP Network
• Chapter 4: VoIP Network Infrastructure Denial of Service
• Chapter 5: Network Eavesdropping
• Chapter 6: Network and Application Interception
• PART III: Exploiting Specific VoIP Platforms
• Chapter 7: Cisco Call Manager
• Chapter 8: Avaya Communication Manager
• Chapter 9: Asterisk
• Chapter 10: Emerging Softphone Technologies
• PART IV: VoIP Session and Application Hacking
• Chapter 11: Fuzzing VoIP
• Chapter 12: Disruption of Service
• Chapter 13: VoIP Signaling and Media Manipulation
• PART V: Social Threats
• Chapter 14: SPAMMING/SPIT
• Chapter 15: VoIP Phishing

security tools

These are the tools we demonstrated in the book. The tools listed in blue are the ones we wrote ourselves. Most of our linux tools require that you also download the following two libraries: hack_library and g711conversions.

• Chapter 2: Scanning
• fping
• Nessus
• nmap
• snmpwalk
• SNSscan
• SuperScan
• VLANping

• Chapter 3: Enumeration
• netcat
• SiVuS
• sipsak
• SIPSCAN
• smap
• TFTP Brute Forcer with TFTP Bruteforce File

• Chapter 4: Infrastructure Denial of Service
• DNS Auditing tool
• Internetwork Routing Protocol Attack Suite
• UDP Flooder
• UDP Flooder w/VLAN support
• Wireshark (formerly Ethereal)

• Chapter 5: Eavesdropping
• Angst
• Cain and Abel
• DTMF Decoder
• dsniff
• NetStumbler
• Oreka
• VoIPong
• vomit

• Chapter 6: Network and Application Interception
• arpwatch
• Cain and Abel
• dsniff
• ettercap
• fragrouter
• siprogue
• XArp

• Chapter 7: Cisco Unified CallManager
• Skinny Traffic Sample

• Chapter 9: Asterisk
• IAX Flooder
• IAX Enumerator

• Chapter 11: Fuzzing
• ohrwurm RTP fuzzer
• PROTOS SIP fuzzing suite
• TCPView

• Chapter 12: Disruption of Service
• INVITE Flooder
• RTP Flooder
• UDP Flooder
• UDP Flooder w/VLAN support

• Chapter 13: Signaling and Media Manipulation
• AuthTool
• BYE Teardown
• Check Sync Phone Rebooter
• RedirectPoison
• Registration Hijacker
• Registration Eraser
• Registration Adder
• RTP InsertSound v2.0
• RTP InsertSound v3.0 (needs this library)
• RTP MixSound v2.0
• RTP MixSound v3.0 (needs this library)

• Chapter 14: SPAMMING/SPIT
• Spitter

voicemail database

This is a collection of default sound files of popular VoIP voicemail systems to assist in properly identifying the vendor. This goes along with Chapter 1.

Asterisk 1.2.x (gsm can be played with QuickTime Player): 

"[USER'S NAME] {is on the phone, is unavailable} Please leave your message after the tone. When done, hang up or press the pound key." 

Avaya IP Office / Audix:

"Your call is being answered by Audix. [USER'S NAME] {is not available ... to leave a message wait for the tone, is busy ... to leave a message wait for the tone}." 

Cisco Unity 4.x:

"Record your message at the tone. When you are finished, hang up or hold for more options."

__________________

http://213.168.78.207/cgi-bin/vmail.cgi

http://hackingvoip.com/tools.html

http://www.brighthub.com/internet/security-privacy/articles/82121.aspx

hackers.org/xss