Bluebox-ng – Node.js VoIP penetration testing framework


  • Auto VoIP/UC penetration test
  • Report generation
  • Performance
  • RFC compliant
  • SIP TLS and IPv6 support
  • SIP over websockets (and WSS) support (RFC 7118)
  • SHODAN, and Google Dorks
  • SIP common security tools (scan, extension/password bruteforce, etc.)
  • Authentication and extension brute-forcing through different types of SIP requests
  • SIP Torture (RFC 4475) partial support
  • SIP SQLi check
  • SIP denial of service (DoS) testing
  • Web management panels discovery
  • DNS brute-force, zone transfer, etc.
  • Other common protocols brute-force: Asterisk AMI, MySQL, MongoDB, SSH, (S)FTP, HTTP(S), TFTP, LDAP, SNMP
  • Some common network tools: whois, ping (also TCP), traceroute, etc.
  • Asterisk AMI post-explotation
  • Dumb fuzzing
  • Automatic exploit searching (Exploit DB, PacketStorm, Metasploit)
  • Automatic vulnerability searching (CVE, OSVDB, NVD)
  • Geolocation
  • Command completion
  • Cross-platform support


npm i -g bluebox-ng


Add Comment