* Port to Python 3! thanks to 0xInfection
* IPv6 support for svwar and svcrack
* svcrack now takes the --method option too
* qop and md5-sess auth support added
* lots of bug fixes
* Feature: INVITE sends a BYE and supports ACK
* Feature: man pages can be produced with --manpage and man pages are included
* Bug fix: removed fingerprinting completely
* Change: moved pptable.py and svhelper to libs/
* Change: Number of changes to adhere to Debian's guidelines (copyright/license notices etc)
* Bug fix: fixed an svcrack unhandled exception
* Feature: svcrash.py has a new option -b which bruteforces the attacker's port
* Feature: svcrack.py now tries the extension as password by default, automatically
* Feature: svcrack.py and svwar.py now support setting of source port
* Feature: new parameter --domain can be passed to all tools which specifies
a custom domain in the SIP uri instead of the destination IP
* Feature: new --debug switch which shows the messages received
* Bug fix: Sometimes nonces could not be extracted due to an incorrect regex
* Bug fix: Fixed an unhandled exception when decoding tags
* Bug fix: now using hashlib when available instead of md5
* Bug fix: removed the space after the SIP address in the From header which
led to newer version of Asterisk to ignore the SIP messages
* Bug fix: dictionaries with new lines made svcrack.py stop without this fix
* Change: renamed everything to start with sv*
* Bug fix: changed the way shelved files are opened by the fingerprinting module
* Change: fingerprinting disabled by default since it was giving too many problems
and very little benefits
* Feature: svcrash.py is a new tool for sending messages that crash svwar and
* Bug fix: helper.py has been fixed when decoding the tags (svcrash abuses
* Feature: svwar.py has "scan for default / typical extensions" option. This
option tries to guess numeric extensions which have certain patterns
such as 1212 etc. Option is -D, --enabledefaults
* General: svwar.py and svcrack.py now have a new option which allows you to set
how long the tools will scan without receiving any response back.
This allows us to prevent flooding the target. Some PBX servers now
have built-in firewalls / intrusion prevention systems which will
blacklist the IP address of anyone using svwar or svcrack. Therefore
if the IP is blacklisted it makes sense to stop scanning the target.
The default for this option is 10 seconds. Set this option by using
* Removed: svlearnfp.py is now discontinued. The tool is still included for
historic reasons but disabled.
* Feature: svmap.py now includes the following new features:
--debug - shows messages as they are received (useful for
--first - scans the first X number of hosts, useful for
random or large address pool scanning
--inputtext - scans IP ranges taken from a text file
--fromname - sets the from header to something specific
useful for abusing other security issues or
when svmap is used in a more flexible way
then usual ;-)
* Feature: svreport.py now has two new modes:
- stats, which lists some statistics
- search, allows you to search through logs looking for
specific user agents
* Bug fix: svwar.py now by default does not send ACK messages (was a buggy feature
that did not follow the standard)
* Bug fix: svwar.py - the template passed through --template option is now checked
* Feature: svwar.py can now scan for templated numbers. This allows more flexible
usage of ranges of numbers, allowing for prefixes and suffixes as
need be ;-)
* Bug fix: svwar.py now sends ACK to be nice to other devices.
* Bug fix: each tag is padded with a unique 32 bit
* Bug fix: Contact header is always added to the request to always send well
formed SIP requests
* Bug fix: Large data is sent fragmented now (mysendto)
* Bug fix: svwar.py now handles new SIP response codes
* Feature: Fingerprinting support for svmap. Included fphelper.py and
3 databases used for fingerprinting.
* Feature: Added svlearnfp.py which allows one to add new signatures to
db and send them to the author.
* Feature: Added DNS SRV check to svmap. Use ./svmap.py --srv domainname.com
to give it a try
* Feature: added the ability for svreport to count results when doing a list
* Bug fix: fixed a bug related to resuming a scan which does not have an
* Feature: updated the report function to include more information about
the system. Python version and operating system is now included
in the bug report. option now supports optional feedback.
* Feature: Store information about the state of a session. Sessions can be
complete or incomplete, so that you can resume incomplete sessions
but not complete ones.
* Feature: Added -e option to svmap. Allows you to specify an extension. This
is useful when using -m INVITE options on a SIP phone.
* Bug fix: Added a check to make sure that the python version is supported.
Anything less than version 2.4 is not supported
* Bug fix: IP in the SIP msg was being set to localhost when not explicitly
set. This is not correct behavior and was fixed. As a result of this
behavior some devices, such as Grandstream BT100 were not being detected.
Thanks to robert&someone from bulgaria for reporting this
* Bug fix: fixed a bug in the database which was reported anonymously via the --reportback / -R option.
Thanks whoever reported that. Bug concerns the dbm which does not
support certain methods supported other database modules referenced
by anydbm. Reproduced on FreeBSD. Thanks to Anthony Williams for help i
* Bug fix: Ranges of extensions in svwar could not take long numeric extensions
(xrange does not support long / large numbers). Thanks to Joern for reporting this
* Bug fix: svwar was truncating extension names containing certain characters. Fixed.
* Bug fix: when binding to a specific interface, the IP within the SIP message could be incorrect (when there are multiple interfaces). This has been fixed.
* Cosmetic: Certain PBXs reply with "603 Declined" when svwar finds that the
extension does not exist. This creates extra noise. It is now being
* Feature: replaced 3rd party functions in ip4range with our functions in helper.py
* Feature: ReportBack function is off by default but can be enabled by using -R option
* Feature: verbose and quiet mode. Now making use of logging module
* Newtool: svreport - export to csv, pdf, xml and plain text.
* Feature: session / database support. This allows two things:
- resuming of previous scans
- exporting the results to more meaningful formats
* Feature: give a warning when the default port is already being used and listen on another port
* Feature: Host arguments now accepts a variety of formats. You can now scan using ranges like the following:
- 18.104.22.168-20 1.1.1-20.1-10
* Bug fix: Generation of hosts to scan is now dynamic and does not slow down startup time
* Feature: Now making use of the standard logging module with more logging to debug problems
* Feature: When the port is already bound, svmap tries to listen on another port
* Feature: Added options to allow you to specify the ip to bind to as well as the external ip address of the scanner
* Feature: --help now shows proper usage
* Feature: New scanning method - random scan! This scans only valid internet address space.
* Feature: Randomize scan. Allows you to randomize the order of the IP addresses to be scanned.
* Bug fix: Svwar was missing valid extensions (false negatives) - fixed
* Bug fix: Logic bug which did not identify between a server that does not respond and one that sends an unexpected response.
* Bug fix: Fixed description of errors and usage
* General: --help output was updated to match the other tools.
* General: was born. Allows managing of saved sessions and exporting to different file formats.
* Feature: Reverse name lookup for ip addresses