svcrack - Man Page

manual page for v0.3.3

Synopsis -u username [options] target


examples: -u100 -d dictionary.txt udp:// -u100 -r1-9999 -z4



show program's version number and exit

-h,  --help

show this help message and exit

-v,  --verbose

Increase verbosity

-q,  --quiet

Quiet mode

-p PORT, --port=PORT

Destination port or port ranges of the SIP device - eg -p5060,5061,8000-8100

-P PORT, --localport=PORT

Source port for our packets

-x IP, --externalip=IP

IP Address to use as the external ip. Specify this if you have multiple interfaces or if you are behind NAT


By default we bind to all interfaces. This option overrides that and binds to the specified ip address


This option allows you to trottle the speed at which packets are sent. Change this if you're losing packets. For example try 0.5.

-R,  --reportback

Send the author an exception traceback. Currently sends the command line parameters and the traceback

-A,  --autogetip

Automatically get the current IP address. This is useful when you are not getting any responses back due to SIPVicious not resolving your local IP.

-s NAME, --save=NAME

save the session. Has the benefit of allowing you to resume a previous scan and allows you to export scans


resume a previous scan

-c,  --enablecompact

enable compact mode. Makes packets smaller but possibly less compatible

-u USERNAME, --username=USERNAME

username to try crack


specify a dictionary file with passwords or - for stdin

-r RANGE, --range=RANGE

specify a range of numbers. example: 100-200,300-310,400


Extension to crack. Only specify this when the extension is different from the username.

-z PADDING, --zeropadding=PADDING

the number of zeros used to padd the password. the options "-r 1-9999 -z 4" would give 0001 0002 0003 ... 9999

-n,  --reusenonce

Reuse nonce. Some SIP devices don't mind you reusing the nonce (making them vulnerable to replay attacks). Speeds up the cracking.


A format string which allows us to specify a template for the extensions                       example -e 1-999 --template="123%#04i999" would scan between 1230001999 to 1230999999"


Maximum time in seconds to keep sending requests without                       receiving a response back

-D,  --enabledefaults

Scan for default / typical passwords such as 1000,2000,3000 ... 1100, etc. This option is off by default.                       Use --enabledefaults to enable this functionality


force a specific domain name for the SIP message, eg. -d


Force the first line URI to a specific value; e.g.


Scan an IPv6 address

SIPvicious password cracker is an online password guessing tool for SIP devices.

Copyright (C) 2021 Sandro Gauci <>

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program.  If not, see <>.

See Also

The full documentation for can be found on GitHub at <>.


June 2020 v0.3.3