ARTICLE WarVox 1.0.0 for auditing telephone systems released

Saturday 7 March 2009 - 527 read - ( Keywords : Metasploit , Telephony Scanner , Vulnerability Scanner , WarVox )

WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders. WarVOX provides the unique ability to classify all telephone lines in a given range, not just those connected to modems, allowing for a comprehensive audit of a telephone system.

WarVOX requires no telephony hardware and is massively scalable by leveraging Internet-based VoIP providers. A single instance of WarVOX on a residential broadband connection, with a typical VoIP account, can scan over 1,000 numbers per hour. The speed of WarVOX is limited only by downstream bandwidth and the limitations of the VoIP service. Using two providers with over 40 concurrent lines we have been able to scan entire 10,000 number prefixes within 3 hours.

The resulting call audio can be used to extract a list of modems that can be fed into a standard modem-based wardialing application for fingerprinting and banner collection. One of the great things about the WarVOX model is that once the data has been gathered, it is archived and available for re-analysis as new signatures, plugins, and tools are developed. The current release of WarVOX (1.0.0) is able to automatically detect modems, faxes, silence, voice mail boxes, dial tones, and voices.

WarVOX is intended for legal security assessment, asset inventory, and research purposes only


POSTSCRIPTUM

Download


COMPLIANCE MANDATES

Vulnerability Scanner : PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


RELATED ARTICLES

Metasploit, Telephony Scanner, Vulnerability Scanner, WarVox,

1 April 2010 : Metasploit 3.3.3-Tokamac Released
23 December 2009 : Metasploit Framework updated to v3.3.3
16 December 2009 : Metasploit Framework v3.3.2 released
3 December 2009 : Metasploit Framework v3.3.1 released
17 November 2009 : Metasploit Framework v3.3 released (includes support for Windows 7)
7 March 2009 : WarVox 1.0.0 for auditing telephone systems released