Results 1 to 2 of 2

Thread: WarVOX- VoIP Tools From Metasploit Founder

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002

    WarVOX- VoIP Tools From Metasploit Founder

    The founder of Metasploit, HD Moore, has released a new set of tools for voice security research and penetration testing- WarVOX. Metasploit has been around for a few years and has offered security administrators and researchers a powerful and comprehensive exploit generation and penetration testing platform that is freely available. Now, HD Moore has taken that same concept or basic goal and delivered the WarVOX suite of security tools for exploring, classifying, and auditing telephone systems.

    WarVOX can be used to conduct reconnaisance and penetration testing of voice networks. It is a war-dialing tool, among other things, but a war-dialing tool with a broader approach. According to the WarVOX site "Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders. WarVOX provides the unique ability to classify all telephone lines in a given range, not just those connected to modems, allowing for a comprehensive audit of a telephone system."

    I have downloaded the WarVOX installation and plan to play around with it. Metasploit has earned a great deal of respect in the general security research arena, so I expect good things from WarVOX as well. You can check out this presentation to learn more about WarVOX and how and why it was developed.

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Washington D.C. area
    I have downloaded the tool and installed it on Ubuntu.

    Here is what I have learned. First, after following the directions I found that two things were missing in my install that were not mentioned in the install guide. SSL tools for RUby 8.1 and a devel package for mongrel. I deduced this through compiler errors when executing the commands. Once I had these things worked out, WARVOX came to life. I have not yet paid for a voIP provoder to actually run the tool but I have looked over the screen shot results. Unlike ModemScan, I didn't see any of the login prompts that are returned to the tool like a traditional war dialer. I'm wondering if this ability actually exists within the tool and just isn't screen shotted.

    If someone pays a provider to actually run scans, I'd love to know the cost and if the scanner lives up to the benefits.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Similar Threads

  1. The history of the Mac line of Operating systems
    By gore in forum Operating Systems
    Replies: 3
    Last Post: March 7th, 2004, 08:02 AM
  2. New Aim Virus
    By Soda_Popinsky in forum Web Security
    Replies: 5
    Last Post: February 15th, 2004, 03:19 AM
  3. Xserver, VMware, and mandrake 9.1
    By emPtYKnOw in forum Newbie Security Questions
    Replies: 5
    Last Post: April 10th, 2003, 12:56 PM
  4. VoIP over internet?
    By Networker in forum The Security Tutorials Forum
    Replies: 1
    Last Post: January 15th, 2003, 07:51 PM
  5. VoIP over internet?
    By Networker in forum Network Security Discussions
    Replies: 1
    Last Post: January 15th, 2003, 07:51 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts