summarylogtreecommitdiffstats
path: root/sipvicious.changelog
diff options
context:
space:
mode:
Diffstat (limited to 'sipvicious.changelog')
-rw-r--r--sipvicious.changelog149
1 files changed, 85 insertions, 64 deletions
diff --git a/sipvicious.changelog b/sipvicious.changelog
index 120734fc85d9..a2526b759e2b 100644
--- a/sipvicious.changelog
+++ b/sipvicious.changelog
@@ -1,3 +1,15 @@
+v0.3.3 (20210325)
+* Feature: Input via STDIN for svcrack and svwar
+* Feature: Full URL format support for svwar and svcrack
+* Code refactoring
+
+v0.3.2 (20210303)
+* Feature: IPv6 support to svmap
+* Bug fix: auth header exception handling
+* Bug fix: relative import error fixes
+* github issue templates for proper structured issue reporting
+* supplementary bug fixes as and when reported
+
v0.3.0 (20200129)
* Port to Python 3! thanks to 0xInfection
* IPv6 support for svwar and svcrack
@@ -18,57 +30,58 @@ v0.2.7 (20120222)
* Feature: svcrack.py now tries the extension as password by default, automatically
* Feature: svcrack.py and svwar.py now support setting of source port
* Feature: new parameter --domain can be passed to all tools which specifies
- a custom domain in the SIP uri instead of the destination IP
+ a custom domain in the SIP uri instead of the destination IP
* Feature: new --debug switch which shows the messages received
* Bug fix: Sometimes nonces could not be extracted due to an incorrect regex
* Bug fix: Fixed an unhandled exception when decoding tags
* Bug fix: now using hashlib when available instead of md5
* Bug fix: removed the space after the SIP address in the From header which
- led to newer version of Asterisk to ignore the SIP messages
+ led to newer version of Asterisk to ignore the SIP messages
* Bug fix: dictionaries with new lines made svcrack.py stop without this fix
* Change: renamed everything to start with sv*
* Bug fix: changed the way shelved files are opened by the fingerprinting module
* Change: fingerprinting disabled by default since it was giving too many problems
- and very little benefits
+ and very little benefits
v0.2.6 (20100621)
-* Feature: svcrash.py is a new tool for sending messages that crash svwar and
- svcrack
-* Bug fix: helper.py has been fixed when decoding the tags (svcrash abuses
- this issue)
+* Feature: svcrash.py is a new tool for sending messages that crash svwar and
+ svcrack
+* Bug fix: helper.py has been fixed when decoding the tags (svcrash abuses
+ this issue)
v0.2.5 (20100519)
* Feature: svwar.py has "scan for default / typical extensions" option. This
- option tries to guess numeric extensions which have certain patterns
- such as 1212 etc. Option is -D, --enabledefaults
+ option tries to guess numeric extensions which have certain patterns
+ such as 1212 etc. Option is -D, --enabledefaults
+
* General: svwar.py and svcrack.py now have a new option which allows you to set
- how long the tools will scan without receiving any response back.
- This allows us to prevent flooding the target. Some PBX servers now
- have built-in firewalls / intrusion prevention systems which will
- blacklist the IP address of anyone using svwar or svcrack. Therefore
- if the IP is blacklisted it makes sense to stop scanning the target.
- The default for this option is 10 seconds. Set this option by using
- --maximumtime [seconds]
+ how long the tools will scan without receiving any response back.
+ This allows us to prevent flooding the target. Some PBX servers now
+ have built-in firewalls / intrusion prevention systems which will
+ blacklist the IP address of anyone using svwar or svcrack. Therefore
+ if the IP is blacklisted it makes sense to stop scanning the target.
+ The default for this option is 10 seconds. Set this option by using
+ --maximumtime [seconds]
* Removed: svlearnfp.py is now discontinued. The tool is still included for
- historic reasons but disabled.
+ historic reasons but disabled.
* Feature: svmap.py now includes the following new features:
- --debug - shows messages as they are received (useful for
- developers)
- --first - scans the first X number of hosts, useful for
- random or large address pool scanning
- --inputtext - scans IP ranges taken from a text file
- --fromname - sets the from header to something specific
- useful for abusing other security issues or
- when svmap is used in a more flexible way
- then usual ;-)
+ --debug - shows messages as they are received (useful for
+ developers)
+ --first - scans the first X number of hosts, useful for
+ random or large address pool scanning
+ --inputtext - scans IP ranges taken from a text file
+ --fromname - sets the from header to something specific
+ useful for abusing other security issues or
+ when svmap is used in a more flexible way
+ then usual ;-)
* Feature: svreport.py now has two new modes:
- - stats, which lists some statistics
- - search, allows you to search through logs looking for
- specific user agents
+ - stats, which lists some statistics
+ - search, allows you to search through logs looking for
+ specific user agents
* Bug fix: svwar.py now by default does not send ACK messages (was a buggy feature
- that did not follow the standard)
+ that did not follow the standard)
* Bug fix: svwar.py - the template passed through --template option is now checked
- sanity.
+ sanity.
v0.2.4
* Feature: svwar.py can now scan for templated numbers. This allows more flexible
@@ -82,9 +95,9 @@ v0.2.4
* Bug fix: svwar.py now handles new SIP response codes
v0.2.3
-* Feature: Fingerprinting support for svmap. Included fphelper.py and
- 3 databases used for fingerprinting.
-* Feature: Added svlearnfp.py which allows one to add new signatures to
+* Feature: Fingerprinting support for svmap. Included fphelper.py and
+ 3 databases used for fingerprinting.
+* Feature: Added svlearnfp.py which allows one to add new signatures to
db and send them to the author.
* Feature: Added DNS SRV check to svmap. Use ./svmap.py --srv domainname.com
to give it a try
@@ -92,62 +105,71 @@ v0.2.3
v0.2.svn
* Feature: added the ability for svreport to count results when doing a list
* Bug fix: fixed a bug related to resuming a scan which does not have an
- an extension
+ an extension
v0.2.1 (maintenance)
General:
* Feature: updated the report function to include more information about
- the system. Python version and operating system is now included
- in the bug report. option now supports optional feedback.
-* Feature: Store information about the state of a session. Sessions can be
- complete or incomplete, so that you can resume incomplete sessions
- but not complete ones.
+ the system. Python version and operating system is now included
+ in the bug report. option now supports optional feedback.
+
+* Feature: Store information about the state of a session. Sessions can be
+ complete or incomplete, so that you can resume incomplete sessions
+ but not complete ones.
+
* Feature: Added -e option to svmap. Allows you to specify an extension. This
- is useful when using -m INVITE options on a SIP phone.
-* Bug fix: Added a check to make sure that the python version is supported.
- Anything less than version 2.4 is not supported
-* Bug fix: IP in the SIP msg was being set to localhost when not explicitly
- set. This is not correct behavior and was fixed. As a result of this
- behavior some devices, such as Grandstream BT100 were not being detected.
- Thanks to robert&someone from bulgaria for reporting this
+ is useful when using -m INVITE options on a SIP phone.
+
+* Bug fix: Added a check to make sure that the python version is supported.
+ Anything less than version 2.4 is not supported
+
+* Bug fix: IP in the SIP msg was being set to localhost when not explicitly
+ set. This is not correct behavior and was fixed. As a result of this
+ behavior some devices, such as Grandstream BT100 were not being detected.
+ Thanks to robert&someone from bulgaria for reporting this
+
* Bug fix: fixed a bug in the database which was reported anonymously via the --reportback / -R option.
- Thanks whoever reported that. Bug concerns the dbm which does not
- support certain methods supported other database modules referenced
- by anydbm. Reproduced on FreeBSD. Thanks to Anthony Williams for help i
- dentifying this
+ Thanks whoever reported that. Bug concerns the dbm which does not
+ support certain methods supported other database modules referenced
+ by anydbm. Reproduced on FreeBSD. Thanks to Anthony Williams for help i
+ dentifying this
+
* Bug fix: Ranges of extensions in svwar could not take long numeric extensions
- (xrange does not support long / large numbers). Thanks to Joern for reporting this
+ (xrange does not support long / large numbers). Thanks to Joern for reporting this
+
* Bug fix: svwar was truncating extension names containing certain characters. Fixed.
+
* Bug fix: when binding to a specific interface, the IP within the SIP message could be incorrect (when there are multiple interfaces). This has been fixed.
+
* Cosmetic: Certain PBXs reply with "603 Declined" when svwar finds that the
- extension does not exist. This creates extra noise. It is now being
- suppressed.
+ extension does not exist. This creates extra noise. It is now being
+ suppressed.
v0.2
General:
* Feature: replaced 3rd party functions in ip4range with our functions in helper.py
* Feature: ReportBack function is off by default but can be enabled by using -R option
* Feature: verbose and quiet mode. Now making use of logging module
-* Newtool: svreport - export to csv, pdf, xml and plain text.
+* Newtool: svreport - export to csv, pdf, xml and plain text.
* Feature: session / database support. This allows two things:
- - resuming of previous scans
- - exporting the results to more meaningful formats
+ - resuming of previous scans
+ - exporting the results to more meaningful formats
* Feature: give a warning when the default port is already being used and listen on another port
Svmap:
* Feature: Host arguments now accepts a variety of formats. You can now scan using ranges like the following:
- - 1.1.1.1-20 1.1.1-20.1-10
- - 1.1.1.*
- - 1.1.1.1-1.1.2.20
- - sipvicious.org/22
+ - 1.1.1.1-20 1.1.1-20.1-10
+ - 1.1.1.*
+ - 1.1.1.1-1.1.2.20
+ - sipvicious.org/22
* Bug fix: Generation of hosts to scan is now dynamic and does not slow down startup time
* Feature: Now making use of the standard logging module with more logging to debug problems
* Feature: When the port is already bound, svmap tries to listen on another port
* Feature: Added options to allow you to specify the ip to bind to as well as the external ip address of the scanner
* Feature: --help now shows proper usage
* Feature: New scanning method - random scan! This scans only valid internet address space.
-* Feature: Randomize scan. Allows you to randomize the order of the IP addresses to be scanned.
+* Feature: Randomize scan. Allows you to randomize the order of the IP addresses to be scanned.
Svwar:
* Bug fix: Svwar was missing valid extensions (false negatives) - fixed
@@ -155,7 +177,7 @@ Svwar:
* Bug fix: Fixed description of errors and usage
Svcrack:
-* General: --help output was updated to match the other tools.
+* General: --help output was updated to match the other tools.
Svreport:
* General: was born. Allows managing of saved sessions and exporting to different file formats.
@@ -163,4 +185,3 @@ Svreport:
v0.1
First release.
-