Ip phone Scanning Made Easy (ISME) scans a VOIP environment, adapts to enterprise VOIP, and exploits the possibilities of being connected directly to an IP Phone VLAN. It seeks to get the phone's configuration file directly from a TFTP server, enable SIP/SIPS (TCP/UDP), communicate with an embedded Web server and Web server banner, identify the editor by MAC address, and identify potential default login/password combinations which should be changed.
|Tags||Security Audit Telephony Scanner|
|Operating Systems||Unix/Linux Windows Mac OS X|
Release Notes: This release adds a new SIP Scanner (UDP or TCP) module with administration services detection and information gathering on SIP UA or server. Threads have been implemented in the launcher. Several tools can now be used at the same time.
Release Notes: For the scanner, this release adds VxWorks debug mode detection.
Release Notes: This release fixes an exploit related to the Aastra IP Phone hardcode telnet login/password.
Release Notes: An incorrect name in a file blocked the launch of the main script on some systems. This has been corrected.
Release Notes: This release adds code for a polycom HDX telnet authorization bypass exploit and a "having fun with SSH on Cisco IP" phone tool.