bluebox-ng v1.1.0
# Bluebox-ng
Pentesting framework using Node.js powers. Specially focused in VoIP/UC.
## Features
- Auto VoIP/UC penetration test
- Report generation
- Performance
- RFC compliant
- SIP TLS and IPv6 support
- SIP over websockets (and WSS) support (RFC 7118)
- SHODAN, exploitsearch.net and Google Dorks
- SIP common security tools (scan, extension/password bruteforce, etc.)
- Authentication and extension brute-forcing through different types of SIP requests
- SIP Torture (RFC 4475) partial support
- SIP SQLi check
- SIP denial of service (DoS) testing
- Web management panels discovery
- DNS brute-force, zone transfer, etc.
- Other common protocols brute-force: Asterisk AMI, MySQL, MongoDB, SSH, (S)FTP, HTTP(S), TFTP, LDAP, SNMP
- Some common network tools: whois, ping (also TCP), traceroute, etc.
- Asterisk AMI post-explotation
- Dumb fuzzing
- Automatic exploit searching (Exploit DB, PacketStorm, Metasploit)
- Automatic vulnerability searching (CVE, OSVDB, NVD)
- Geolocation
- Command completion
- Cross-platform support
## Install
- Install the last Node.js stable version.
- https://nodejs.org/download
A better alternative for developers is to use nvm, to test different versions.
Get a copy of the code and install Node dependencies.
npm i -g bluebox-ng
### Kali GNU/Linux
curl -sL https://raw.githubusercontent.com/jesusprubio/bluebox-ng/master/artifacts/installScripts/kali2.sh | sudo bash -
## Use
- Console client:
bluebox-ng
- As a library:
const Bluebox = require('bluebox-ng');
const bluebox = new Bluebox({});
const moduleOptions = { target: '8.8.8.8' };
console.log('Modules info:');
console.log(JSON.stringify(bluebox.help(), null, 2));
bluebox.runModule('geolocation', moduleOptions, (err, result) => {
if (err) {
console.log('Error:');
console.log(err);
} else {
console.log('Result:');
console.log(result);
}
});
Issues
Developer guide
- Start coding with one of the actual modules similar to the new one as a boilerplate.
- Use GitHub pull requests.
Conventions:
- We use ESLint and Airbnb style guide.
- Please run to be sure your code fits with it and the tests keep passing:
npm run-script cont-int
Debug
We use the visionmedia module, so you have to use this environment variable:
DEBUG=bluebox* npm start
Commit messages rules:
- It should be formed by a one-line subject, followed by one line of white space. Followed by one or more descriptive paragraphs, each separated by one line of white space. All of them finished by a dot.
- If it fixes an issue, it should include a reference to the issue ID in the first line of the commit.
- It should provide enough information for a reviewer to understand the changes and their relation to the rest of the code.
Core devs
- Jesús Pérez
- @jesusprubio
- jesusprubio gmail com
Sergio García
- @s3rgiogr
- s3rgio.gr gmail com
Contributors
## Thanks to
- Our mentors: @antonroman, @sandrogauci (SIPVicious was our inspiration), @pepeluxx, @markcollier46 ("Hacking VoIP Exposed").
- Quobis, some hours of work through personal projects program.
- Kamailio community (@kamailioproject), our favourite SIP Server.
- John Matherly (@achillean) for the SHODAN.
- Tom Steele (@_tomsteele) and the rest of exploitsearch.net team.
- All developers who have written the Node.js modules used in the project.
- All VoIP, free software and security hackers that we read everyday.
- Our friend Carlos Pérez, the logo designer.
## License This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.
8 years ago
8 years ago
8 years ago
9 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago