EnableSecurity VoIPPack
--------------------------------------------------------------

EnableSecurity VoIPPack for CANVAS 是专门与Canvas软件一起使用的产品。该系统针对VoIP系统,例如 PBX server, IP Phones以及SIP网关。 EnableSecurity VoIPPack for CANVAS产品当前的特点如下:


vp_asteriskdiscomfort – denial of service demo for advisory AST-2009-010
vp_asterisknow_exec – tool to launch MOSDEF on AsteriskNOW 1.0.2 when web interface credentials are known
vp_asterisksscanfdos – denial of service demo for advisory AST-2009-005
vp_bypassalwaysreject – tool to enumerate extensions on an Asterisk PBX, bypassing alwaysauthreject option which tries to prevent enumeration
vp_ciscophonescanner – searches for Cisco phones on the target network by using HTTP and DNS probes
vp_cucmjailbreak – given an ssh username and password for CUCM’s restricted shell, this script creates a new root user and installs MOSDEF
vp_cucmtftplist – makes use of CUCM’s “TFTP” server to list the phone’s mac addresses / phone names
vp_digestcracker – a tool to perform an offline password cracking attack on SIP Digest authentication
vp_elastix_defaults – checks for Elastix insecure default settings
vp_fopextensionenum – enumerates extensions on FreePBX through the flash operator panel
vp_freepbx_exec1 – installs MOSDEF on vulnerable Trixbox or FreePBX servers given a username and password for the admin interface
vp_ghostcall – a tool to cause a number of phones to ring simultaneously
vp_iax2autohack – a tool to automatically find IAX2 (Asterisk) servers, enumerate their extensions and break the password for each extension
vp_iax2cracker – a tool to perform an online password cracking attack on an IAX2 (Asterisk) server
vp_iax2enumerate – a tool to enumerate extensions on an IAX2 (Asterisk) server
vp_iax2resourceexhaust – a denial of service demonstration for AST-2009-006
vp_iax2scanner – a network scanner which finds IAX2 servers
vp_mgcpscanner – a generic MGCP network scanner
vp_sipautohack – a tool to automatically find IAX2 (Asterisk) servers, enumerate their extensions and break the password for each extension
vp_sipcracker – a tool to perform an online password cracking attack on SIP servers
vp_sipdigestleak – a tool which demonstrates a weakness found in many SIP endpoints which leak the digest response, leading to their password stealing
vp_sipenumerate -  a tool to enumerate extensions on a SIP server
vp_sipgetringers – a tool which helps find out how to get a SIP phone to ring
vp_sipinviteflood – a denial of service demo tool which floods SIP entities with INVITE messages
vp_sipopenrelay – a tool to find misconfigured PBX servers that allow attackers to make phone calls for free
vp_sipphonecall – a base phone ringing tool used by other tools
vp_sipscanner – a network scanner which finds SIP entities / endpoints / servers
vp_trixbox_defaults – checks for Trixbox insecure default settings
vp_unistimscanner – a network scanner which finds UNISTIM servers
vp_voipsrvrecords – translates from SRV record to SIP server address