{"id":13701912,"url":"https://github.com/EnableSecurity/awesome-rtc-hacking","last_synced_at":"2025-05-05T04:30:33.725Z","repository":{"id":107990896,"uuid":"259825257","full_name":"EnableSecurity/awesome-rtc-hacking","owner":"EnableSecurity","description":"a list of awesome resources related to security and hacking of VoIP, WebRTC and VoLTE","archived":false,"fork":false,"pushed_at":"2024-12-13T08:43:37.000Z","size":4191,"stargazers_count":452,"open_issues_count":0,"forks_count":40,"subscribers_count":22,"default_branch":"main","last_synced_at":"2025-05-01T15:02:01.028Z","etag":null,"topics":["awesome","awesome-list","awesome-lists","bug-bounty","communications-hacking","fuzzing","hacking","hacking-voip","security","sip-security","voip-security","volte","webrtc"],"latest_commit_sha":null,"homepage":"https://www.enablesecurity.com/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EnableSecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-04-29T04:37:43.000Z","updated_at":"2025-04-25T16:04:37.000Z","dependencies_parsed_at":null,"dependency_job_id":"726d2f79-8df9-4be9-a877-30e9611ed309","html_url":"https://github.com/EnableSecurity/awesome-rtc-hacking","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnableSecurity%2Fawesome-rtc-hacking","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnableSecurity%2Fawesome-rtc-hacking/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnableSecurity%2Fawesome-rtc-hacking/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnableSecurity%2Fawesome-rtc-hacking/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EnableSecurity","download_url":"https://codeload.github.com/EnableSecurity/awesome-rtc-hacking/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252439352,"owners_count":21747991,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awesome","awesome-list","awesome-lists","bug-bounty","communications-hacking","fuzzing","hacking","hacking-voip","security","sip-security","voip-security","volte","webrtc"],"created_at":"2024-08-02T21:00:27.307Z","updated_at":"2025-05-05T04:30:33.718Z","avatar_url":"https://github.com/EnableSecurity.png","language":null,"readme":"# Awesome Real-time Communications Security [![Awesome](https://awesome.re/badge-flat2.svg)](https://awesome.re)\n\nA curated list of Real-time Communications (RTC) security resources focused on VoIP, WebRTC and VoLTE penetration testing, security research and vulnerability assessment.\n\n## Latest Updates\n\n- 2024-12: Updated broken links and references\n- 2024-12: Add new blogs\n\n\n## Contributing\n\nYour contributions are always welcome! Please read the contribution guidelines first:\n\n- Check if the resource is still active/available\n- Add a short description for tools and papers\n- Include publication dates where applicable\n- Keep descriptions concise and clear\n- Sort entries alphabetically within sections\n- Check your spelling and grammar\n- Make sure your text editor is set to remove trailing whitespace\n\n## License\n\n[![CC0](https://licensebuttons.net/p/zero/1.0/88x31.png)](https://creativecommons.org/publicdomain/zero/1.0/)\n\nTo the extent possible under law, the authors have waived all copyright and related rights to this work.\n\n## Table of Contents\n\n- [Newsletters](#newsletters)\n- [Presentation Slides](#presentation-slides)\n- [Videos](#videos)\n- [Advisories](#advisories)\n- [Open-source tools](#open-source-tools)\n- [Papers](#papers)\n- [Blogs](#blogs)\n- [Notable blog posts and articles](#notable-blog-posts-and-articles)\n- [Books](#books)\n- [Commercial tools](#commercial-tools)\n- [Vulnerabilities](#vulnerabilities)\n- [Related lists](#related-lists)\n\n## Newsletters\n\n- [RTCSec Newsletter](https://www.enablesecurity.com/newsletter/)\n\n## Presentation Slides\n\n- [Hacking VoIP Exposed](https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Endler.pdf) from Black Hat USA 2006.\n- [Mobile network hacking – All-over-IP edition](https://i.blackhat.com/eu-19/Wednesday/eu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdf) from SRLabs at Blackhat EU 2019\n- [Monitoring SIP Traffic Using Support Vector Machines](presentations/Monitoring_SIP_Traffic_Using_Support_Vector_Machines.pdf)\n\n## Videos\n\n- [OpenSSL DoS (CVE-2022-0778) versus WebRTC infrastructure](https://youtu.be/A-2lYuPjAI0)\n- [TAD Summit EMEA Americas 2020: Getting offensive: a different approach to RTC security - Sandro Gauci](https://www.youtube.com/watch?v=je959kV-MrY)\n- [HITBHaxpo D1: VoLTE Phreaking - Ralph Moonen](https://www.youtube.com/watch?v=H8vo56vImU4)\n- [Kamailio World 2019: The Various Ways Your RTC May Be Crushed - Sandro Gauci](https://www.youtube.com/watch?v=012U3NeTVlY)\n- [Kamailio World 2018: A tale of two RTC fuzzing approaches - Sandro Gauci](https://www.youtube.com/watch?v=CuxKD5zljVI)\n- [Kamailio World 2017: Listening By Speaking - Security Attacks On Media Servers And RTP Relays - Sandro Gauci](https://www.youtube.com/watch?v=cAia1owHy68)\n- [Kamailio World 2016: 9 Years Of Friendly Scanning And Vicious SIP - Sandro Gauci](https://www.youtube.com/watch?v=UC3m1PuCFE0)\n- [Kamailio World 2015: VoIP Security – Bluebox ng Continuous Pentesting - Sergio García Ramos](https://www.youtube.com/watch?v=9OSvqjxMZBs\u0026t=74s)\n- [Kamailio World 2013: VoIP Security Tools - Anton Roman](https://www.youtube.com/watch?v=NToh90VW4LM)\n- [Blackhat EU 2019: Mobile network hacking - All-over-IP edition - Karsten Nohl, Luca Melette \u0026 Sina Yazdanmehr](https://www.youtube.com/watch?v=3XUo7UBn28o)\n- [Jailbreak Brewing Company Security Summit: Whatsup with WhatsApp: A Detailed Walk Through of Reverse Engineering CVE-2019-3568 - Maddie Stone](https://vimeo.com/377181218)\n- [RhurSec 2016: Eavesdropping on WebRTC Communication - Martin Johns](https://www.youtube.com/watch?v=3K-BwDGdmko)\n- [Hak5 1813: SSL Hack Workarounds and WebRTC Flaws](https://www.youtube.com/watch?v=2a-ry2v29NY)\n- [media.ccc.de: WebRTC Security - Stephan Thamm](https://www.youtube.com/watch?v=YOAhq37wdYU) (language: german)\n\n## Advisories\n\n- [Cisco IOS and IOS XE SIP Protocol Denial of Service Vulnerability](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos)\n- [Cisco IOS XE Software NAT SIP Application Layer Gateway Denial of Service Vulnerability](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-alg)\n- [Cisco TelePresence Video Communication Server SIP DoS Vulnerability](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-vcs)\n- [Voice over LTE implementations contain multiple vulnerabilities](https://www.kb.cert.org/vuls/id/943167/)\n- [Asterisk RTP Bleed](https://github.com/EnableSecurity/advisories/tree/master/ES2017-04-asterisk-rtp-bleed)\n- [Asterisk pjSIP CSeq Overflow](https://github.com/EnableSecurity/advisories/tree/master/ES2017-01-asterisk-pjsip-cseq-overflow)\n- [Juniper Junos Router OS DoS](https://www.cisecurity.org/advisory/a-vulnerability-in-juniper-junos-os-could-allow-for-denial-of-service_2019-111/)\n- [Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA](https://www.opennet.ru/base/fire/1220546283_299.txt.html)\n- [Interaction SIP Proxy Buffer Overflow in SIPParser() Leads to DoS](https://securitytracker.com/id?1015392)\n- [Asterisk pjSIP Multi Parser Out-of-Bound Memory Access](https://github.com/EnableSecurity/advisories/tree/master/ES2017-02-asterisk-pjsip-multi-part-crash)\n- [Asterisk Skinny Memory Exhaustion](https://github.com/EnableSecurity/advisories/tree/master/ES2017-02-asterisk-pjsip-multi-part-crash)\n- [Asterisk Stack Corruption in `subscribe` Message](https://github.com/EnableSecurity/advisories/tree/master/ES2018-01-asterisk-pjsip-subscribe-stack-corruption)\n- [Asterisk Segfault with Invalid SDP `fmtp` Attribute](https://github.com/EnableSecurity/advisories/tree/master/ES2018-02-asterisk-pjsip-sdp-invalid-fmtp-segfault)\n- [Asterisk Segfault with Invalid Media Format Descriptiom](https://github.com/EnableSecurity/advisories/tree/master/ES2018-03-asterisk-pjsip-sdp-invalid-media-format-description-segfault)\n- [Asterisk Segfault with `INVITE` Replay Attack](https://github.com/EnableSecurity/advisories/tree/master/ES2018-04-asterisk-pjsip-tcp-segfault)\n- [Kamalio Off-By-One Heap Overflow](https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow)\n- [New RCS technology exposes most mobile users to hacking](https://srlabs.de/bites/rcs-hacking/)\n- [Zoom Communications user enumeration](https://blog.talosintelligence.com/2020/04/zoom-user-enumeration.html)\n\n## Open-source tools\n\n- [SIPVicious OSS](https://github.com/EnableSecurity/sipvicious/) - A set of tools to audit SIP based systems\n- [SIPPTS](https://github.com/Pepelux/sippts) - Another set of tools to audit VoIP servers and devices using SIP protocol.\n- [bluebox-ng](https://github.com/jesusprubio/bluebox-ng) - Pentesting framework using Node.js powers, focused in VoIP. (public archive)\n- [SigPloit](https://github.com/SigPloiter/SigPloit) - Tool which covers all used SS7, GTP (3G), Diameter (4G) or even SIP protocols for IMS and VoLTE infrastructures.\n- [vsaudit](https://github.com/eurialo/vsaudit) - VoIP security assessment framework.\n- [rtpnatscan](https://github.com/kapejod/rtpnatscan) - Tool which tests for [rtpbleed](http://rtpbleed.com) vulnerability.\n- [VIPROY](https://github.com/fozavci/viproy-voipkit) - VoIP pentest framework which can be used with the metasploit-framework.\n- [SIP Proxy](https://sourceforge.net/projects/sipproxy/) - A VoIP security testing tool.\n- [Metasploit auxiliary modules](https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/voip)\n- [SIPp](http://sipp.sourceforge.net/): SIP based test tool / traffic generator.\n    - [SIPp digest leak scenario](http://tomeko.net/other/sipp/sipp_cheatsheet.php)\n- [Mr.SIP](https://github.com/meliht/Mr.SIP) - SIP based audit and attack tool.\n- [VoIPShark](https://github.com/pentesteracademy/voipshark) - Open Source VoIP Analysis Platform\n- [Turner](https://github.com/staaldraad/turner) - PoC for tunnelling HTTP over a permissive/open TURN server.\n- [sipsak](https://github.com/nils-ohlmeier/sipsak) - SIP swiss army knife, has some features that can be used for security testing (e.g. flood more or random mode)\n- [turnproxy](https://github.com/trichimtrich/turnproxy/) - Tool to abuse open TURN relays\n- [SeeYouCM Thief](https://github.com/trustedsec/SeeYouCM-Thief) - download and parse configuration files from Cisco phone systems searching for SSH credentials\n- [stunner](https://github.com/firefart/stunner) -  a tool to test and exploit STUN, TURN and TURN over TCP servers.\n- [VoIP Hopper](https://github.com/iknowjason/voiphopper) - a tool to exploit insecure VLANs that are often found in IP Telephony infrastructure.\n\n## Papers\n\n- [Abusing SIP Authentication](https://www.researchgate.net/publication/4377144_Abusing_SIP_authentication)\n- [Multiple Design Patterns for Voice over IP (VoIP) Security](https://ieeexplore.ieee.org/document/1629443)\n- [Realtime Steganography with RTP](http://www.uninformed.org/?v=8\u0026a=3\u0026t=pdf) ([local copy](papers/Realtime_Steganography_with_RTP.pdf))\n- [A Lossless Steganography Technique for G.711 Telephony Speech](https://eprints.lib.hokudai.ac.jp/dspace/bitstream/2115/39690/1/MP-P2-7.pdf)\n- [CallRank: Combating SPIT Using Call Duration, SocialNetworks and Global Reputation](https://faculty.cc.gatech.edu/~hpark/papers/CallRank.pdf)\n- [Steganography of VoIP streams](https://arxiv.org/pdf/0805.2938v1)\n- [Steganalysis of compressed speech to detect covert VoIP channels](https://repository.uwl.ac.uk/id/eprint/3959/1/Steganalysis%20of%20compressed%20speech%20to%20detect%20covert%20Voice%20over%20Internet%20Protocol%20channels.pdf)\n- [Securing Voice over Internet Protocol](https://annals-csis.org/proceedings/2007/pliks/16.pdf)\n- [Protecting SIP Proxy Servers from Ringing-based Denial-of-Service Attacks](https://core.ac.uk/download/pdf/4820112.pdf)\n- [An ontology description for SIP security flaws](https://web.archive.org/web/20121222012028/http://www.cs.columbia.edu/~dgen/papers/journal/Journal-03.pdf)\n- [Analysis of DDoS Attacks in Heterogeneous VoIP Networks: A Survey](https://www.ijitee.org/wp-content/uploads/papers/v8i6s3/F10490486S319.pdf)\n- [Network security systems to counter SIP-based denial-of-service attacks](https://web.archive.org/web/20180619110044/http://www.cs.columbia.edu:80/~dgen/papers/journal/Journal-08.pdf)\n- [Multilayer Secured SIP Based VoIP Architecture](https://www.researchgate.net/profile/Rowayda_Sadek/publication/282624359_Multilayer_Secured_SIP_Based_VoIP_Architecture/links/57c3ed2a08aed010b7ee370f/Multilayer-Secured-SIP-Based-VoIP-Architecture.pdf)\n- [Battling Against DDoS in SIP](https://www.researchgate.net/profile/Georgios_Kambourakis/publication/281240581_Battling_Against_DDoS_in_SIP_Is_Machine_Learning-based_Detection_an_Effective_Weapon/links/55dc7f2508aec156b9b1801d/Battling-Against-DDoS-in-SIP-Is-Machine-Learning-based-Detection-an-Effective-Weapon.pdf)\n- [Billing Attacks on SIP-Based VoIP Systems](https://www.usenix.org/legacy/events/woot07/tech/full_papers/zhang/zhang.pdf)\n- [Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems](http://www.cs.columbia.edu/~hgs/papers/Orma0807_Secure.pdf)\n- [An Analysis of Security Threats and Tools in SIP-Based VoIP Systems](http://startrinity.com/VoIP/Resources/sip371.pdf)\n- [Fast Detection of Denial-of-ServiceAttacks on IP Telephony](https://www.eecis.udel.edu/~hnw/paper/iwqos06.pdf)\n- [VoIP Security: Threat Analysis \u0026 Countermeasures](https://fysarakis.com/uploads/2/0/6/3/20637656/MSc_Project_Thesis_VoIP.pdf) ([local copy](papers/Threat_Analysis_VoIP_Systems.pdf))\n- [Voice Over IP - Security and SPIT](http://www.rainer.baumann.info/public/voip.pdf)\n\n## Blogs\n\n- [Enable Security Blog](https://www.enablesecurity.com/blog/) - A blog about VoIP, WebRTC and real-time communications security by Enable Security\n- [Pepelux blog](https://blog.pepelux.org/) (Spanish)\n- [Kwancro - Thoughts, tips and tricks](https://www.kwancro.com/) - Often covers SIP honeypot activity and related security topics\n- [Fred Posner's Blog](https://www.fredposner.com/) - includes commentary on VoIP security topics\n\n## Notable blog posts and articles\n\n- [Understanding DTLS Usage in VoIP Communications](https://www.gremwell.com/node/954)\n- [How we abused Slack's TURN servers to gain access to internal services](https://www.enablesecurity.com/blog/slack-webrtc-turn-compromise-and-bug-bounty/)\n- [Analyzing WhatsApp Calls with Wireshark, radare2 and Frida](https://medium.com/@schirrmacher/analyzing-whatsapp-calls-176a9e776213)\n- [Adventures in Video Conferencing Part 1: The Wild World of WebRTC](https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-1.html)\n- [Adventures in Video Conferencing Part 2: Fun with FaceTime](https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-2.html)\n- [Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsApp](https://googleprojectzero.blogspot.com/search?q=Adventures+in+Video+Conferencing)\n- [Adventures in Video Conferencing Part 4: What Didn't Work Out with WhatsApp](https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-4.html)\n- [Adventures in Video Conferencing Part 5: Where Do We Go from Here?](https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-5.html)\n- [Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms](https://www.enablesecurity.com/blog/exploiting-cve-2022-0778-in-openssl-vs-webrtc-platforms/)\n- [Analyzing two FreeSWITCH vulnerabilities – CVE-2021-41157 \u0026 CVE-2021-37624](https://0xinfection.github.io/posts/analyzing-freeswitch-vulns/)\n- [Abusing Microsoft Teams Direct Routing](https://blog.syss.com/posts/abusing-ms-teams-direct-routing/)\n- [Kamailio’s exec module considered harmful](https://www.enablesecurity.com/blog/kamailio-exec-module-considered-harmful/)\n\n## Books\n\n- [Hacking Exposed Unified Communications \u0026 VoIP Security Secrets \u0026 Solutions, Second Edition 2nd Edition](https://www.amazon.com/Hacking-Exposed-Communications-Security-Solutions-ebook/dp/B00EHIEDW2/) (published December 20, 2013)\n- [Hacking VoIP: Protocols, Attacks, and Countermeasures](https://www.amazon.com/Hacking-VoIP-Protocols-Attacks-Countermeasures-ebook/dp/B004OEJN9C/ref=sr_1_1?sr=8-1) (published March 21, 2008)\n- [SIP Security](https://www.amazon.com/dp/0470516364/) (published April 27, 2009)\n\n## Vulnerabilities\n\nThe following are generic or common vulnerabilities that are related to either signalling, media or infrastructure.\n\n- [RTP bleed](https://rtpbleed.com)\n- [SIP Digest Leak](https://resources.enablesecurity.com/resources/sipdigestleak-tut.pdf)\n\n## CTFs and Learning Resources\n\n- [SIPVicious PRO demo server](https://demo.sipvicious.pro) - Live environment for testing RTC attacks\n- [CSAW CTF Qualification Round 2020 / Tasks / WebRTC](https://ctftime.org/task/13011) - CTF challenge featuring WebRTC (2020)\n\n## Related lists\n\n- [Awesome Cellular Hacking](https://github.com/W00t3k/Awesome-Cellular-Hacking)\n- [Awesome RTC](https://github.com/rtckit/awesome-rtc/)\n- [Awesome Telco](https://github.com/ravens/awesome-telco)\n","funding_links":[],"categories":["Related Lists","Awesome Repositories","Other Lists","📘 Valuable Repositories","Here is a collection of hackers, pentesters, security researchers, scripts and more:"],"sub_categories":["Notable GitHub Issues \u0026 Discussions","TeX Lists","Dart Libraries"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEnableSecurity%2Fawesome-rtc-hacking","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FEnableSecurity%2Fawesome-rtc-hacking","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEnableSecurity%2Fawesome-rtc-hacking/lists"}