Features
- Auto VoIP/UC penetration test
- Report generation
- Performance
- RFC compliant
- SIP TLS and IPv6 support
- SIP over websockets (and WSS) support (RFC 7118)
- SHODAN, exploitsearch.net and Google Dorks
- SIP common security tools (scan, extension/password bruteforce, etc.)
- Authentication and extension brute-forcing through different types of SIP requests
- SIP Torture (RFC 4475) partial support
- SIP SQLi check
- SIP denial of service (DoS) testing
- Web management panels discovery
- DNS brute-force, zone transfer, etc.
- Other common protocols brute-force: Asterisk AMI, MySQL, MongoDB, SSH, (S)FTP, HTTP(S), TFTP, LDAP, SNMP
- Some common network tools: whois, ping (also TCP), traceroute, etc.
- Asterisk AMI post-explotation
- Dumb fuzzing
- Automatic exploit searching (Exploit DB, PacketStorm, Metasploit)
- Automatic vulnerability searching (CVE, OSVDB, NVD)
- Geolocation
- Command completion
- Cross-platform support
Install
- Install Node.js: https://nodejs.org/download
npm i -g bluebox-ng
Kali GNU/Linux
curl -sL https://raw.githubusercontent.com/jesusprubio/bluebox-ng/master/artifacts/installScripts/kali2.sh | sudo bash -
Use
Console
To start the console client.
bluebox-ng
Programatically
To run it from other Node code.
const Bluebox = require('bluebox-ng');
const box = new Bluebox();
box.run('gather/network/geo', { rhost: '8.8.8.8' })
.then(res => {
console.log('Result:');
console.log(res);
})
.catch(err => {
console.log('Error:');
console.log(err);
});
Modules
- shodan-search: Find potential targets in SHODAN computer search engine.
- shodan-pop: Quick access to popular SHODAN VoIP related queries.
- *google-dorks: Find potential targets using a Google dork.
- sip-dns: DNS SRV and NAPTR discovery.
- sip-scan: A SIP host/port scanning tool.
- sip-brute-ext: Try to brute-force valid extensions of the SIP server using REGISTER (CVE-2011-2536) or INVITE (no CVE, http://goo.gl/8LRh2s) requests.
- sip-brute-ext-nat: Try to brute-force valid extensions in Asterisk using different NAT settings (CVE-2011-4597).
- sip-brute-pass: Try to brute-force the password for an extension.
- sip-unauth: Try know if a SIP server allows unauthenticated calls.
- sip-unreg: Try to unregister another endpoint.
- sip-bye: Use BYE teardown to end an active call.
- sip-flood: Denial of service (DoS) protection mechanism stress test.
- dumb-fuzz: Really stupid fuzzer.
- ami-brute: Try to brute-force valid credentials for Asterisk AMI service.
- db-brute: Try to brute-force valid credentials for a DB (MySQL/MongoDB).
- ssh-brute: Try to brute-force valid credentials for a SSH server.
- sftp-brute: Try to brute-force valid credentials for a FTP/SFTP server.
- tftp-brute: Try to brute-force a valid file for a TFTP server.
- ldap-brute: Try to brute-force valid credentials for a LDAP/Active Directory server.
- http-brute: Try to brute-force valid credentials for an HTTP server.
- http-discover: Discover common web panel of a VoIP servers in a host (Dirscan-node).
- network-scan: Host/port scanning (Evilscan).
- shodan-host: Get indexed info of an IP address in SHODAN.
- shodan-vulns‘: Find vulnerabilities and exploit for an specifig service version (using SHODAN API).
- shodan-query: Use a customized SHODAN VoIP query.
- shodan-download: Download an exploit.
- search-vulns: Find vulnerabilities and exploit for an specifig service version (using exploitsearch.net API).
- default-pass: Show common VoIP system default passwords.
- geo-locate: Geolozalization (Maxmind DB).
- get-ext-ip: Get you external IP address (icanhazip.com).
