Bluebox-ng - VoIP Penetration Testing Framework

Bluebox-ng - VoIP/UC Penetration Testing Framework

Bluebox-ng is an open-source pen testing framework written in CoffeeScript using Node.js powers. It is primarily focused in VoIP/UC.

Bluebox-ng Execution


  • Asterisk AMI post-exploitation
  • Authentication and extension brute-forcing through different types of SIP requests
  • Auto VoIP/UC penetration test
  • Automatic exploit searching (Exploit DB, PacketStorm, Metasploit)
  • Automatic vulnerability searching (CVE, OSVDB, NVD)
  • Command completion
  • Cross-platform support
  • DNS brute-force, zone transfer, etc.
  • Dumb fuzzing
  • Geolocation
  • Other common protocols brute-force: Asterisk AMI, MySQL, MongoDB, SSH, (S)FTP, HTTP(S), TFTP, LDAP, SNMP
  • Performance
  • RFC compliant
  • Report generation
  • SHODAN, and Google Dorks
  • SIP SQLi check
  • SIP TLS and IPv6 support
  • SIP Torture (RFC 4475) partial support
  • SIP common security tools (scan, extension/password bruteforce, etc.)
  • SIP denial of service (DoS) testing
  • SIP over WebSockets (and WSS) support (RFC 7118)
  • Some common network tools: whois, ping (also TCP), traceroute, etc.
  • Web management panels discovery

No comments

Powered by Blogger.