.TH SVCRACK "1" "June 2020" "svcrack.py v0.3.3" "User Commands" .SH NAME svcrack.py \- online password guessing tool for SIP devices .SH SYNOPSIS .B svcrack.py \fI-u username \fR[\fIoptions\fR] \fItarget\fR .SH DESCRIPTION examples: svcrack.py \fB\-u100\fR \fB\-d\fR dictionary.txt udp://10.0.0.1:5080 svcrack.py \fB\-u100\fR \fB\-r1\-9999\fR \fB\-z4\fR 10.0.0.1 .SH OPTIONS .TP \fB\-\-version\fR show program's version number and exit .TP \fB\-h\fR, \fB\-\-help\fR show this help message and exit .TP \fB\-v\fR, \fB\-\-verbose\fR Increase verbosity .TP \fB\-q\fR, \fB\-\-quiet\fR Quiet mode .TP \fB\-p\fR PORT, \fB\-\-port\fR=\fIPORT\fR Destination port or port ranges of the SIP device \- eg \fB\-p5060\fR,5061,8000\-8100 .TP \fB\-P\fR PORT, \fB\-\-localport\fR=\fIPORT\fR Source port for our packets .TP \fB\-x\fR IP, \fB\-\-externalip\fR=\fIIP\fR IP Address to use as the external ip. Specify this if you have multiple interfaces or if you are behind NAT .TP \fB\-b\fR BINDINGIP, \fB\-\-bindingip\fR=\fIBINDINGIP\fR By default we bind to all interfaces. This option overrides that and binds to the specified ip address .TP \fB\-t\fR SELECTTIME, \fB\-\-timeout\fR=\fISELECTTIME\fR This option allows you to trottle the speed at which packets are sent. Change this if you're losing packets. For example try 0.5. .TP \fB\-R\fR, \fB\-\-reportback\fR Send the author an exception traceback. Currently sends the command line parameters and the traceback .TP \fB\-A\fR, \fB\-\-autogetip\fR Automatically get the current IP address. This is useful when you are not getting any responses back due to SIPVicious not resolving your local IP. .TP \fB\-s\fR NAME, \fB\-\-save\fR=\fINAME\fR save the session. Has the benefit of allowing you to resume a previous scan and allows you to export scans .TP \fB\-\-resume\fR=\fINAME\fR resume a previous scan .TP \fB\-c\fR, \fB\-\-enablecompact\fR enable compact mode. Makes packets smaller but possibly less compatible .TP \fB\-u\fR USERNAME, \fB\-\-username\fR=\fIUSERNAME\fR username to try crack .TP \fB\-d\fR DICTIONARY, \fB\-\-dictionary\fR=\fIDICTIONARY\fR specify a dictionary file with passwords or - for stdin .TP \fB\-r\fR RANGE, \fB\-\-range\fR=\fIRANGE\fR specify a range of numbers. example: 100\-200,300\-310,400 .TP \fB\-e\fR EXTENSION, \fB\-\-extension\fR=\fIEXTENSION\fR Extension to crack. Only specify this when the extension is different from the username. .TP \fB\-z\fR PADDING, \fB\-\-zeropadding\fR=\fIPADDING\fR the number of zeros used to padd the password. the options "\-r 1\-9999 \fB\-z\fR 4" would give 0001 0002 0003 \&... 9999 .TP \fB\-n\fR, \fB\-\-reusenonce\fR Reuse nonce. Some SIP devices don't mind you reusing the nonce (making them vulnerable to replay attacks). Speeds up the cracking. .TP \fB\-T\fR TEMPLATE, \fB\-\-template\fR=\fITEMPLATE\fR A format string which allows us to specify a template for the extensions example svwar.py \fB\-e\fR 1\-999 \fB\-\-template=\fR"123%#04i999" would scan between 1230001999 to 1230999999" .TP \fB\-\-maximumtime\fR=\fIMAXIMUMTIME\fR Maximum time in seconds to keep sending requests without receiving a response back .TP \fB\-D\fR, \fB\-\-enabledefaults\fR Scan for default / typical passwords such as 1000,2000,3000 ... 1100, etc. This option is off by default. Use \fB\-\-enabledefaults\fR to enable this functionality .TP \fB\-\-domain\fR=\fIDOMAIN\fR force a specific domain name for the SIP message, eg. \fB\-d\fR example.org .TP \fB\-\-requesturi\fR=\fIREQUESTURI\fR Force the first line URI to a specific value; e.g. sip:999@example.org .TP \fB\-6\fR Scan an IPv6 address .IP SIPvicious password cracker is an online password guessing tool for SIP devices. Copyright (C) 2021 Sandro Gauci .IP This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. .IP This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. .IP You should have received a copy of the GNU General Public License along with this program. If not, see . .SH "SEE ALSO" The full documentation for .B svcrack.py can be found on GitHub at .