{"id":13787900,"url":"https://github.com/jesusprubio/bluebox","last_synced_at":"2025-12-29T23:20:57.268Z","repository":{"id":7674272,"uuid":"9036642","full_name":"jesusprubio/bluebox","owner":"jesusprubio","description":"Pentesting framework using Node.js powers, focused in VoIP.","archived":true,"fork":false,"pushed_at":"2017-06-05T20:23:28.000Z","size":1738,"stargazers_count":261,"open_issues_count":45,"forks_count":70,"subscribers_count":44,"default_branch":"master","last_synced_at":"2025-05-08T00:02:43.768Z","etag":null,"topics":["javascript","shodan","voip"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jesusprubio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-03-26T17:57:46.000Z","updated_at":"2025-02-21T15:46:54.000Z","dependencies_parsed_at":"2022-09-13T13:03:23.899Z","dependency_job_id":null,"html_url":"https://github.com/jesusprubio/bluebox","commit_stats":null,"previous_names":["jesusprubio/bluebox"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jesusprubio%2Fbluebox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jesusprubio%2Fbluebox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jesusprubio%2Fbluebox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jesusprubio%2Fbluebox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jesusprubio","download_url":"https://codeload.github.com/jesusprubio/bluebox/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253662552,"owners_count":21944093,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["javascript","shodan","voip"],"created_at":"2024-08-03T21:00:33.043Z","updated_at":"2025-12-29T23:20:57.224Z","avatar_url":"https://github.com/jesusprubio.png","language":"JavaScript","funding_links":[],"categories":["Open-source tools"],"sub_categories":[],"readme":"# Bluebox-ng\n\n[![Black Hat Arsenal](https://www.toolswatch.org/badges/arsenal/2014.svg)](https://www.blackhat.com/eu-14/arsenal.html)\n[![Continuos integration](https://api.travis-ci.org/jesusprubio/bluebox-ng.svg)](https://travis-ci.org/jesusprubio/bluebox-ng)\n[![NSP Status](https://nodesecurity.io/orgs/bluebox-ng/projects/108045b9-2ea5-45be-b4d6-0b8ca1cdb8a7/badge)](https://nodesecurity.io/orgs/bluebox-ng/projects/108045b9-2ea5-45be-b4d6-0b8ca1cdb8a7)\n\n[![npm info](https://nodei.co/npm/bluebox-ng.png?downloads=true\u0026downloadRank=true\u0026stars=true)](https://npmjs.org/package/bluebox-ng)\n\nPentesting framework using Node.js powers. Focused in VoIP.\n\n\u003cimg src=\"http://jesusprubio.name/images/projects/bbng-logo.png\" height=\"150\" width=\"150\" \u003e\u003cimg src=\"http://jesusprubio.name/images/projects/bluebox.gif\" height=\"150\"\u003e\n\nDISCLAIMER: Pointing this tool at other people's servers is **NOT** legal in most countries.\n\n- Auto VoIP/UC penetration test\n- Report generation\n- Performance\n- RFC compliant\n- SIP TLS and IPv6 support\n- SIP over websockets (and WSS) support (RFC 7118)\n- SHODAN, exploitsearch.net and Google Dorks\n- SIP common security tools (scan, extension/password bruteforce, etc.)\n- Authentication and extension brute-forcing through different types of SIP requests\n- SIP Torture (RFC 4475) partial support\n- SIP SQLi check\n- SIP denial of service (DoS) testing\n- Web management panels discovery\n- DNS brute-force, zone transfer, etc.\n- Other common protocols brute-force: Asterisk AMI, MySQL, MongoDB, SSH, (S)FTP, HTTP(S), TFTP, LDAP, SNMP\n- Some common network tools: whois, ping (also TCP), traceroute, etc.\n- Asterisk AMI post-explotation\n- Dumb fuzzing\n- Automatic exploit searching (Exploit DB, PacketStorm, Metasploit)\n- Automatic vulnerability searching (CVE, OSVDB, NVD)\n- Geolocation\n- Command completion\n- Cross-platform support\n\n## Install\n\n- Install Node.js: https://nodejs.org/download\n\n```sh\nnpm i -g bluebox-ng\n```\n\n### Kali GNU/Linux\n\n- `curl -sL https://raw.githubusercontent.com/jesusprubio/bluebox-ng/master/artifacts/installScripts/kali2.sh | sudo bash -`\n\n\n## Use\n\n### Console\n\nTo start the console client.\n\n```sh\nbluebox-ng\n```\n\n### Programatically\n\nTo run it from other Node code.\n\n```javascript\nconst Bluebox = require('bluebox-ng');\n\nconst box = new Bluebox();\n\nbox.run('gather/network/geo', { rhost: '8.8.8.8' })\n.then(res =\u003e {\n  console.log('Result:');\n  console.log(res);\n})\n.catch(err =\u003e {\n  console.log('Error:');\n  console.log(err);\n});\n```\n\n\n## Developer guide\n\n- Use [GitHub pull requests](https://help.github.com/articles/using-pull-requests).\n\n### Environment\n\n- Get a copy of the code and install the dependencies.\n\n```sh\ngit clone https://github.com/jesusprubio/bluebox-ng\ncd bluebox-ng\nnpm i # or use yarn\n```\n\n### Debug\n\nWe use the [visionmedia module](https://github.com/visionmedia/debug), so you have to use this environment variable:\n\n```sh\nDEBUG=bluebox-ng* npm start\n```\n\n### New modules\n\nYou can add your own features to this environment following this tips:\n\n- Add a new file inside [`/modules`](./modules) and it should appear in the pentesting environment.\n- Use the most similar among the actual ones as boilerplate.\n\n### Tests\n\nWe still don't have a proper Docker setup. So, for now, the test have to be run locally. Please check its code before it, they often need a valid target service.\n\n```sh\n./node_modules/.bin/tap test/wifi\nnode test/wifi/*\n./node_modules/.bin/tap test/wifi/scanAps.js\nnode test/wifi/scanAps.js\n```\n\n### Conventions\n\n- We use [ESLint](http://eslint.org/) and [Airbnb](https://github.com/airbnb/javascript) style guide.\n- Please run to be sure your code fits with it and the tests keep passing:\n\n```sh\nnpm run posttest\n```\n\n#### Commit messages rules\n\n- It should be formed by a one-line subject, followed by one line of white space. Followed by one or more descriptive paragraphs, each separated by one line of white space. All of them finished by a dot.\n- If it fixes an issue, it should include a reference to the issue ID in the first line of the commit.\n- It should provide enough information for a reviewer to understand the changes and their relation to the rest of the code.\n\n\n## Contributors\n\n- https://github.com/jesusprubio/bluebox-ng/graphs/contributors\n\n\n## Thanks to\n\n- Our mentors: [@antonroman](https://twitter.com/antonroman), [@sandrogauci](https://twitter.com/sandrogauci) (SIPVicious was our inspiration), [@pepeluxx](https://twitter.com/pepeluxx), [@markcollier46](https://twitter.com/markcollier46) ([\"Hacking VoIP Exposed\"](http://www.hackingvoip.com/)).\n- [Quobis](http://www.quobis.com), some hours of work through personal projects program.\n- Kamailio community ([@kamailioproject](https://twitter.com/kamailioproject)), our favourite SIP Server.\n- Tom Steele ([@_tomsteele](https://twitter.com/_tomsteele)) and the rest of [exploitsearch.net](http://www.exploitsearch.net/) team.\n- All developers who have written the Node.js modules used in the project.\n- All VoIP, free software and security hackers that we read everyday.\n- Our friend Carlos Pérez, the logo designer.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjesusprubio%2Fbluebox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjesusprubio%2Fbluebox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjesusprubio%2Fbluebox/lists"}