Bluebox

work in progress

A collection of exploits for different VoIP products. Thanks to the Go Exploit Framework.

If you ended up here looking for a VoIP pentesting solution, check out Sippts (sippts-gui in Kali) or SIPVicious. This project is more focused on the exploitation phase.

Install

git clone https://github.com/jesusprubio/bluebox.git
cd bluebox
go mod tidy
go mod vendor

Usage

We follow the Go Exploit Framework recommended patterns. For convenience, the binaries are not included in this repo.

go run cve-2021-37624/main.go -v -rhost 127.0.0.1
go run cve-2021-37624/main.go -fll DEBUG -v -c -e -rhost 127.0.0.1 -rport 5061 -transport tls -msg ey -user dembele
go run cve-2021-41145/main.go -v -c -e -rhost 127.0.0.1 -fhost rand

Docker

A Docker Compose file is provided, including an Asterisk server to test against.

task docker # Or `docker compose up -d`

Name		Name	Last commit message	Last commit date
Latest commit History 405 Commits
.github		.github
cve-2017-9372		cve-2017-9372
cve-2021-37624		cve-2021-37624
cve-2021-41145		cve-2021-41145
internal		internal
tester		tester
.gitignore		.gitignore
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
README.md		README.md
Taskfile.yml		Taskfile.yml
docker-compose.yml		docker-compose.yml
go.mod		go.mod
go.sum		go.sum
staticcheck.conf		staticcheck.conf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Bluebox

Install

Usage

Docker

References

About

Uh oh!

Uh oh!

Contributors 4

Uh oh!

Languages

License

jesusprubio/bluebox

Folders and files

Latest commit

History

Repository files navigation

Bluebox

Install

Usage

Docker

References

About

Topics

Resources

License

Contributing

Uh oh!

Stars

Watchers

Forks

Uh oh!

Contributors 4

Uh oh!

Languages