Free VIPER Self-Assessment Tools

An important part of VIPER Lab’s mission is to create open source tools for security practitioners to assess the security posture of their own environments. These tools are freely available for download. Users are strongly cautioned to use these tools only in authorized network environments and with permission of network owners. Please visit the VIPER Blog and the VIPER Forum for news, discussions, usage tips and other information about these tools.

UCSniff 2.0
New! Industry’s First IP Video Sniffer Security Assessment Tool

UCSniff 2.0 breaks new ground in open source security assessment tools with the introduction of the industry’s first IP video security assessment features. Like the original UCSniff, UCSniff enables IT managers and security practitioners to test their UC infrastructure for vulnerabilities that can lead to the unauthorized interception and recording of UC traffic, or targeted eavesdropping.

Written in C, and initially released for Linux systems, the software is freely available for anyone to download, under the GPLv3 license.

  • Extends UCSniff’s targeted user eavesdropping functionality to encompass IP video communications, including phone-to-phone video conferencing
  • Support for SCCP and RFC 3261 SIP
  • Automatic decode and re-construction of H.264 video codec
  • Automatically captures and saves video conference, into two separate AVI format video files, so that the security professional can see what both end users of the Video conference see
  • Reconstructs entire voice conversation into a separate, single WAV file format file

The existing features of UCSniff have been further tested and improved upon, including several bug fixes

  • In Learning mode, dynamically updates the IP address of phone in the event that IP address changes after phone reboot or via DHCP
  • Allows targeting of VoIP users based on corporate directory and/or extensions
  • Tracking, interception, and logging of signaling messages used for authentication to voice mail systems
  • Automatically captures and saves entire voice conversations to a single file that can be played back by media players
  • Support for G.722 and g.711 u-law compression codecs
  • Automated VLAN Hop and VLAN Discovery support
  • A VoIP Sniffer combined with a MitM redirection tool
  • Monitor Mode (like Wireshark)
  • Sniffs entire conversation even if only one phone is in source VLAN
  • Enhanced capability to ARP Poison hosts that have Gratuitous ARP Disabled
» Download UCSniff 2.0
http://ucsniff.sourceforge.net

VideoJak
New! IP Video Communications Denial-of-Service Assessment Tool

VideoJak is the industry’s first tool for simulating denial-of-service (DoS) attacks that can disrupt IP video communications in today’s leading edge Unified Communications deployments. VideoJak illustrates how an attacker can launch a targeted DoS attack that flies under the radar of typical security measures, interfering with only the communications stream associated with the video traffic. A sister tool to UCSniff, VideoJak lists the following features:

  • Automatic VLAN Hop and VLAN Discovery
  • MitM ARP Poisoning
  • Interception of SCCP Video signaling messages
  • Selection of IP Video calls from multiple calls in progress using a menu interface
  • Automatic creation of custom Video payload based on private IP Video call
  • Targeted DoS against specific IP Video phone / extension during a call session

» Download VideoJak
http://videojak.sourceforge.net

XTest
» Download XTest
http://xtest.sourceforge.net

New!  Introducing OAT!

OAT is an Open Source Security tool designed to check the password strength of Microsoft Office Communication Server users. After a password is compromised, OAT demonstrates potential UC attacks that can be performed by legitimate users if proper security controls are not in place.
 
VIPER Lab created OAT because OCS and other Microsoft products are frequently being used as part of a unified communications infrastructure in many enterprises. Our mission is to help IT manager and security practitioners evaluate the security architecture of their deployments and ensure that their mission-critical communications and systems are protected.

» Download OAT
http://voat.sourceforge.net

VIPER> Free Assessment Tools