Tools to export PINs
asterisk-voicemail-pins.sh Tool to export PINs from Asterisk voicemailThis tool is written specifically for pinpop.com with your privacy in mind. It exports PINs from the Asterisk Voicemail configuration file, /etc/asterisk/voicemail.conf in the CSV format.
Usage: ./asterisk-voicemail-pins.sh [-s] [-p]
Export PINs from Asterisk voicemail, /etc/asterisk/voicemail.conf
-s Supress PINs the same as their extensions.
-p Privacy option. Only display PINs.
VOIP Security Articles
VoIP Security Challenges: 25 Ways to Secure your VoIP NetworkA list of general ways to secure your VOIP network.
Creating Secure Asterisk LinksPresentation from AstriCon 2006 by Ken Shaw from expitrans.com.
Astricon Europe Powerpoint presentation about asterisk security and stabilityGood overview of an old Asterisk Performance Update, Asterisk Stability, Asterisk Security and Asterisk Monitoring.
www.voip-info.org/wiki Sample Firewall rules for AsteriskFirewall rules with IPTables for Linux, PF (Packet Filter) for OpenBSD/FreeBSD, IPFW for FReeBSD and ISA Server for Windows. There are good wiki comments.
www.voip-info.org/wiki Run Asterisk as a non-root userInstallation and configuration instructions to setup Asterisk without root (superuser) privileges.
docs/security.txt Security Notes with AsteriskOfficial notes on network, dial plan and log security.
voipsa.org VOIP Security ArticlesCollection of over 80 articles relating to VOIP security.
Best VOIP Security Tools
voipsa.org : VoIP Security Tool List Comprehensive tool list of free and commercial tools.
* VoIP Sniffing Tools
* VoIP Scanning and Enumeration Tools
* VoIP Packet Creation and Flooding Tools
* VoIP Fuzzing Tools
* VoIP Signaling Manipulation Tools
* VoIP Media Manipulation Tools
* Miscellaneous Tools
* Tool Tutorials and Presentations
Tools from the book Hacking VOIP.
# Chapter 2: Scanning
* fping
* Nessus
* nmap
* snmpwalk
* SNSscan
* SuperScan
* VLANping
# Chapter 3: Enumeration
* netcat
* SiVuS
* sipsak
* SIPSCAN
* smap
* TFTP Brute Forcer with TFTP Bruteforce File
# Chapter 4: Infrastructure Denial of Service
* DNS Auditing tool
* Internetwork Routing Protocol Attack Suite
* UDP Flooder
* UDP Flooder w/VLAN support
* Wireshark (formerly Ethereal)
# Chapter 5: Eavesdropping
* Angst
* Cain and Abel
* DTMF Decoder
* dsniff
* NetStumbler
* Oreka
* VoIPong
* vomit
# Chapter 6: Network and Application Interception
* arpwatch
* Cain and Abel
* dsniff
* ettercap
* fragrouter
* siprogue
* XArp
# Chapter 7: Cisco Unified CallManager
* Skinny Traffic Sample
# Chapter 9: Asterisk
* IAX Flooder
* IAX Enumerator
# Chapter 11: Fuzzing
* ohrwurm RTP fuzzer
* PROTOS SIP fuzzing suite
* TCPView
# Chapter 12: Disruption of Service
* INVITE Flooder
* RTP Flooder
* UDP Flooder
* UDP Flooder w/VLAN support
# Chapter 13: Signaling and Media Manipulation
* AuthTool
* BYE Teardown
* Check Sync Phone Rebooter
* RedirectPoison
* Registration Hijacker
* Registration Eraser
* Registration Adder
* RTP InsertSound v2.0
* RTP InsertSound v3.0 (needs this library)
* RTP MixSound v2.0
* RTP MixSound v3.0 (needs this library)
# Chapter 14: SPAMMING/SPIT
* Spitter
Zfone is a new secure VoIP phone software product which lets you make secure encrypted phone calls over the Internet. Zfone is not itself a VoIP client, but lets you make secure calls with your existing VoIP client, by filtering, encrypting and decrypting all your VoIP media packets as they pass in and out of your computer. You can use a variety of different software VoIP clients to make a VoIP call. It's as if Zfone were a "bump on the wire", sitting between the VoIP client and the Internet. Think of it as a software bump-on-the-wire, or a bump in the protocol stack.
Available for Mac OS X (10.4 or later), Linux, and Windows XP & Vista. Works with the following VOIP clients : X-Lite, Gizmo, XMeeting, Google Talk VoIP client (but only when Google Talk is using RTP), and SJphone. Sorry, no Skype.
add your link
If you have a great VOIP security resource not listed above then contact us to let us know.
