VoIP Checklist for Penetration Testers

18 Sep

Every VoIP assessment should follow a list of specific checks in order to give the client the necessary security assurance about his VoIP infrastructure. A checklist also disallows the pentester of forgetting to execute specific tests and therefore it prevents incomplete assessments.

After years of conducting this type of test I have compiled a list of attacks in a specific order of execution that I perform in every engagement.

  • VoIP-001 – VLAN hopping from data network to voice network
  • VoIP-002 – Extension Enumeration & Number Harvesting
  • VoIP-003 – Capturing SIP Authentication
  • VoIP-004 – Eavesdropping Calls
  • VoIP-005 – CallerID spoofing
  • VoIP-006 – RTP injection
  • VoIP-007 – Signaling Manipulation
  • VoIP-008 – Identification of insecure services
  • VoIP-009 – Testing for Default Credentials
  • VoIP-010 – Application level vulnerabilities
  • VoIP-011 – Voice Mail Attacks
  • VoIP-012 – Phone Firmware Analysis

You can find the list also on my GitHub account.

If you execute on your VoIP assessments more attacks please reply with a comment and I will update the list accordingly.


Posted by on September 18, 2016 in VoIP


Tags: , , ,

2 responses to “VoIP Checklist for Penetration Testers

  1. bakie

    September 23, 2016 at 2:03 am

    Cheers bro (Greatx IDEAS)
    please FTP, SSH and others network & WEB services


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: