diff options
author | franck.stauffer | 2020-07-13 11:55:09 +0200 |
---|---|---|
committer | franck.stauffer | 2020-07-13 11:55:09 +0200 |
commit | c6e3b67f9be1d4bd3895c20534c64ef992c32f44 (patch) | |
tree | 1ddb01ef096d7ddfd41ee5e2652a4ac429867ba4 | |
parent | 5f161921b6ae8714182bc680dce4493ca6d44794 (diff) | |
download | aur-c6e3b67f9be1d4bd3895c20534c64ef992c32f44.tar.gz |
Rework package(), Add sipvicious.changelog
-rw-r--r-- | PKGBUILD | 43 | ||||
-rw-r--r-- | sipvicious.changelog | 166 |
2 files changed, 194 insertions, 15 deletions
@@ -1,31 +1,44 @@ -# Maintainer: Franck Stauffer <franck.stauffer@protonmail.ch> +# Maintainer: Franck Stauffer <franck.stauffer@monaco.mc> # Contributor: GI_Jack <iamjacksemail@hackermail.com> # Contributor: Xavier Devlamynck <magicrhesus@ouranos.be> pkgname=sipvicious pkgver=0.3.0 -pkgrel=2 -pkgdesc="SIPVicious is a set of tools that can be used to audit SIP VoIP systems." +pkgrel=3 +pkgdesc="Set of security tools that can be used to audit SIP based VoIP systems" arch=('any') url="https://github.com/EnableSecurity/sipvicious" license=('GPL3') depends=('python>=3.6' 'python-scapy') makedepends=('python-setuptools') -source=("$pkgname-$pkgver.tar.gz::https://github.com/EnableSecurity/$pkgname/archive/v$pkgver.tar.gz") +changelog=$pkgname.changelog +source=("$pkgname-$pkgver.tar.gz::https://github.com/EnableSecurity/sipvicious/archive/v$pkgver.tar.gz") b2sums=('5ddcdf775db0ade6e61e77009c7991d8523db02dbdd6e8588c23f5cd6f4d2868dd1d78e7f17322cde67414b4eb2b8c89f2d4ee0079487e5f5f7ee75f4759adf5') package() { - readonly _PROGS=('svcrack' 'svcrash' 'svmap' 'svreport' 'svwar') + cd "$srcdir/$pkgname-$pkgver" - cd $srcdir/$pkgname-$pkgver - - chmod +x setup.py - ./setup.py install --root=$pkgdir + python setup.py install --root="$pkgdir" + + install -dm755 "$pkgdir/usr/share/man/man1" + + # Install svcrack + gzip -c --best man1/svcrack.1 > "$pkgdir/usr/share/man/man1/svcrack.1.gz" + install -Dm755 "$pkgdir/usr/bin/sipvicious_svcrack" "$pkgdir/usr/bin/svcrack" - install -dm755 $pkgdir/usr/share/man/man1 - for _PROG in "${_PROGS[@]}"; do - gzip -c --best man1/$_PROG.1 > man1/$_PROG.1.gz - install -Dm644 man1/$_PROG.1.gz $pkgdir/usr/share/man/man1/$_PROG.1.gz - mv $pkgdir/usr/bin/sipvicious_$_PROG $pkgdir/usr/bin/$_PROG - done + # Install svcrash + gzip -c --best man1/svcrash.1 > "$pkgdir/usr/share/man/man1/svcrash.1.gz" + install -Dm755 "$pkgdir/usr/bin/sipvicious_svcrash" "$pkgdir/usr/bin/svcrash" + + # Install svmap + gzip -c --best man1/svmap.1 > "$pkgdir/usr/share/man/man1/svmap.1.gz" + install -Dm755 "$pkgdir/usr/bin/sipvicious_svmap" "$pkgdir/usr/bin/svmap" + + # Install svreport + gzip -c --best man1/svreport.1 > "$pkgdir/usr/share/man/man1/svreport.1.gz" + install -Dm755 "$pkgdir/usr/bin/sipvicious_svreport" "$pkgdir/usr/bin/svreport" + + # Install svwar + gzip -c --best man1/svwar.1 > "$pkgdir/usr/share/man/man1/svwar.1.gz" + install -Dm755 "$pkgdir/usr/bin/sipvicious_svwar" "$pkgdir/usr/bin/svwar" } diff --git a/sipvicious.changelog b/sipvicious.changelog new file mode 100644 index 000000000000..120734fc85d9 --- /dev/null +++ b/sipvicious.changelog @@ -0,0 +1,166 @@ +v0.3.0 (20200129) +* Port to Python 3! thanks to 0xInfection +* IPv6 support for svwar and svcrack +* svcrack now takes the --method option too +* qop and md5-sess auth support added +* lots of bug fixes + +v0.2.8 (20121210) +* Feature: INVITE sends a BYE and supports ACK +* Feature: man pages can be produced with --manpage and man pages are included +* Bug fix: removed fingerprinting completely +* Change: moved pptable.py and svhelper to libs/ +* Change: Number of changes to adhere to Debian's guidelines (copyright/license notices etc) +* Bug fix: fixed an svcrack unhandled exception + +v0.2.7 (20120222) +* Feature: svcrash.py has a new option -b which bruteforces the attacker's port +* Feature: svcrack.py now tries the extension as password by default, automatically +* Feature: svcrack.py and svwar.py now support setting of source port +* Feature: new parameter --domain can be passed to all tools which specifies + a custom domain in the SIP uri instead of the destination IP +* Feature: new --debug switch which shows the messages received +* Bug fix: Sometimes nonces could not be extracted due to an incorrect regex +* Bug fix: Fixed an unhandled exception when decoding tags +* Bug fix: now using hashlib when available instead of md5 +* Bug fix: removed the space after the SIP address in the From header which + led to newer version of Asterisk to ignore the SIP messages +* Bug fix: dictionaries with new lines made svcrack.py stop without this fix +* Change: renamed everything to start with sv* +* Bug fix: changed the way shelved files are opened by the fingerprinting module +* Change: fingerprinting disabled by default since it was giving too many problems + and very little benefits + +v0.2.6 (20100621) +* Feature: svcrash.py is a new tool for sending messages that crash svwar and + svcrack +* Bug fix: helper.py has been fixed when decoding the tags (svcrash abuses + this issue) + +v0.2.5 (20100519) +* Feature: svwar.py has "scan for default / typical extensions" option. This + option tries to guess numeric extensions which have certain patterns + such as 1212 etc. Option is -D, --enabledefaults +* General: svwar.py and svcrack.py now have a new option which allows you to set + how long the tools will scan without receiving any response back. + This allows us to prevent flooding the target. Some PBX servers now + have built-in firewalls / intrusion prevention systems which will + blacklist the IP address of anyone using svwar or svcrack. Therefore + if the IP is blacklisted it makes sense to stop scanning the target. + The default for this option is 10 seconds. Set this option by using + --maximumtime [seconds] +* Removed: svlearnfp.py is now discontinued. The tool is still included for + historic reasons but disabled. +* Feature: svmap.py now includes the following new features: + --debug - shows messages as they are received (useful for + developers) + --first - scans the first X number of hosts, useful for + random or large address pool scanning + --inputtext - scans IP ranges taken from a text file + --fromname - sets the from header to something specific + useful for abusing other security issues or + when svmap is used in a more flexible way + then usual ;-) +* Feature: svreport.py now has two new modes: + - stats, which lists some statistics + - search, allows you to search through logs looking for + specific user agents +* Bug fix: svwar.py now by default does not send ACK messages (was a buggy feature + that did not follow the standard) +* Bug fix: svwar.py - the template passed through --template option is now checked + sanity. + +v0.2.4 +* Feature: svwar.py can now scan for templated numbers. This allows more flexible + usage of ranges of numbers, allowing for prefixes and suffixes as + need be ;-) +* Bug fix: svwar.py now sends ACK to be nice to other devices. +* Bug fix: each tag is padded with a unique 32 bit +* Bug fix: Contact header is always added to the request to always send well + formed SIP requests +* Bug fix: Large data is sent fragmented now (mysendto) +* Bug fix: svwar.py now handles new SIP response codes + +v0.2.3 +* Feature: Fingerprinting support for svmap. Included fphelper.py and + 3 databases used for fingerprinting. +* Feature: Added svlearnfp.py which allows one to add new signatures to + db and send them to the author. +* Feature: Added DNS SRV check to svmap. Use ./svmap.py --srv domainname.com + to give it a try + +v0.2.svn +* Feature: added the ability for svreport to count results when doing a list +* Bug fix: fixed a bug related to resuming a scan which does not have an + an extension + +v0.2.1 (maintenance) +General: +* Feature: updated the report function to include more information about + the system. Python version and operating system is now included + in the bug report. option now supports optional feedback. +* Feature: Store information about the state of a session. Sessions can be + complete or incomplete, so that you can resume incomplete sessions + but not complete ones. +* Feature: Added -e option to svmap. Allows you to specify an extension. This + is useful when using -m INVITE options on a SIP phone. +* Bug fix: Added a check to make sure that the python version is supported. + Anything less than version 2.4 is not supported +* Bug fix: IP in the SIP msg was being set to localhost when not explicitly + set. This is not correct behavior and was fixed. As a result of this + behavior some devices, such as Grandstream BT100 were not being detected. + Thanks to robert&someone from bulgaria for reporting this +* Bug fix: fixed a bug in the database which was reported anonymously via the --reportback / -R option. + Thanks whoever reported that. Bug concerns the dbm which does not + support certain methods supported other database modules referenced + by anydbm. Reproduced on FreeBSD. Thanks to Anthony Williams for help i + dentifying this +* Bug fix: Ranges of extensions in svwar could not take long numeric extensions + (xrange does not support long / large numbers). Thanks to Joern for reporting this +* Bug fix: svwar was truncating extension names containing certain characters. Fixed. +* Bug fix: when binding to a specific interface, the IP within the SIP message could be incorrect (when there are multiple interfaces). This has been fixed. +* Cosmetic: Certain PBXs reply with "603 Declined" when svwar finds that the + extension does not exist. This creates extra noise. It is now being + suppressed. + +v0.2 +General: +* Feature: replaced 3rd party functions in ip4range with our functions in helper.py +* Feature: ReportBack function is off by default but can be enabled by using -R option +* Feature: verbose and quiet mode. Now making use of logging module +* Newtool: svreport - export to csv, pdf, xml and plain text. +* Feature: session / database support. This allows two things: + - resuming of previous scans + - exporting the results to more meaningful formats +* Feature: give a warning when the default port is already being used and listen on another port + + +Svmap: +* Feature: Host arguments now accepts a variety of formats. You can now scan using ranges like the following: + - 1.1.1.1-20 1.1.1-20.1-10 + - 1.1.1.* + - 1.1.1.1-1.1.2.20 + - sipvicious.org/22 +* Bug fix: Generation of hosts to scan is now dynamic and does not slow down startup time +* Feature: Now making use of the standard logging module with more logging to debug problems +* Feature: When the port is already bound, svmap tries to listen on another port +* Feature: Added options to allow you to specify the ip to bind to as well as the external ip address of the scanner +* Feature: --help now shows proper usage +* Feature: New scanning method - random scan! This scans only valid internet address space. +* Feature: Randomize scan. Allows you to randomize the order of the IP addresses to be scanned. + +Svwar: +* Bug fix: Svwar was missing valid extensions (false negatives) - fixed +* Bug fix: Logic bug which did not identify between a server that does not respond and one that sends an unexpected response. +* Bug fix: Fixed description of errors and usage + +Svcrack: +* General: --help output was updated to match the other tools. + +Svreport: +* General: was born. Allows managing of saved sessions and exporting to different file formats. +* Feature: Reverse name lookup for ip addresses + +v0.1 +First release. + |