The founder of Metasploit, HD Moore, has released a new set of tools for voice security research and penetration testing- WarVOX. Metasploit has been around for a few years and has offered security administrators and researchers a powerful and comprehensive exploit generation and penetration testing platform that is freely available. Now, HD Moore has taken that same concept or basic goal and delivered the WarVOX suite of security tools for exploring, classifying, and auditing telephone systems.

WarVOX can be used to conduct reconnaisance and penetration testing of voice networks. It is a war-dialing tool, among other things, but a war-dialing tool with a broader approach. According to the WarVOX site "Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders. WarVOX provides the unique ability to classify all telephone lines in a given range, not just those connected to modems, allowing for a comprehensive audit of a telephone system."

I have downloaded the WarVOX installation and plan to play around with it. Metasploit has earned a great deal of respect in the general security research arena, so I expect good things from WarVOX as well. You can check out this presentation to learn more about WarVOX and how and why it was developed.

http://www.evangelyze.net/cs/blogs/t...n-testing.aspx