svcrack - Man Page

manual page for svcrack.py v0.2.8

Synopsis

svcrack.py -u username [options] target

Description

examples: svcrack.py -u100 -d dictionary.txt 10.0.0.1 svcrack.py -u100 -r1-9999 -z4 10.0.0.1

Options

--version

show program's version number and exit

-h,  --help

show this help message and exit

-v,  --verbose

Increase verbosity

-q,  --quiet

Quiet mode

-p PORT, --port=PORT

Destination port or port ranges of the SIP device - eg -p5060,5061,8000-8100

-P PORT, --localport=PORT

Source port for our packets

-x IP, --externalip=IP

IP Address to use as the external ip. Specify this if you have multiple interfaces or if you are behind NAT

-b BINDINGIP, --bindingip=BINDINGIP

By default we bind to all interfaces. This option overrides that and binds to the specified ip address

-t SELECTTIME, --timeout=SELECTTIME

This option allows you to trottle the speed at which packets are sent. Change this if you're losing packets. For example try 0.5.

-R,  --reportback

Send the author an exception traceback. Currently sends the command line parameters and the traceback

-A,  --autogetip

Automatically get the current IP address. This is useful when you are not getting any responses back due to SIPVicious not resolving your local IP.

-s NAME, --save=NAME

save the session. Has the benefit of allowing you to resume a previous scan and allows you to export scans

--resume=NAME

resume a previous scan

-c,  --enablecompact

enable compact mode. Makes packets smaller but possibly less compatible

-u USERNAME, --username=USERNAME

username to try crack

-d DICTIONARY, --dictionary=DICTIONARY

specify a dictionary file with passwords

-r RANGE, --range=RANGE

specify a range of numbers. example: 100-200,300-310,400

-e EXTENSION, --extension=EXTENSION

Extension to crack. Only specify this when the extension is different from the username.

-z PADDING, --zeropadding=PADDING

the number of zeros used to padd the password. the options "-r 1-9999 -z 4" would give 0001 0002 0003 ... 9999

-n,  --reusenonce

Reuse nonce. Some SIP devices don't mind you reusing the nonce (making them vulnerable to replay attacks). Speeds up the cracking.

-T TEMPLATE, --template=TEMPLATE

A format string which allows us to specify a template for the extensions                       example svwar.py -e 1-999 --template="123%#04i999" would scan between 1230001999 to 1230999999"

--maximumtime=MAXIMUMTIME

Maximum time in seconds to keep sending requests without                       receiving a response back

-D,  --enabledefaults

Scan for default / typical passwords such as 1000,2000,3000 ... 1100, etc. This option is off by default.                       Use --enabledefaults to enable this functionality

--domain=DOMAIN

force a specific domain name for the SIP message, eg. -d example.org

SIPvicious password cracker is an online password guessing tool for SIP devices Copyright (C) 2012  Sandro Gauci <sandro@enablesecurity.com>

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program.  If not, see <http://www.gnu.org/licenses/>.

See Also

The full documentation for svcrack.py is maintained as a Texinfo manual.  If the info and svcrack.py programs are properly installed at your site, the command

info svcrack.py

should give you access to the complete manual.

Info

November 2012 svcrack.py v0.2.8