SVCrack – The purpose of svcrack is very straightforward.This tool will launch a password guessing attack extensions on the SIP registrar.



svcrack -u100 -d dictionary.txt
svcrack -u100 -r1-9999 -z4


  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -v, --verbose         Increase verbosity
  -q, --quiet           Quiet mode
  -p PORT, --port=PORT  Destination port or port ranges of the SIP device - eg
  -P PORT, --localport=PORT
                        Source port for our packets
  -x IP, --externalip=IP
                        IP Address to use as the external ip. Specify this if
                        you have multiple interfaces or if you are behind NAT
  -b BINDINGIP, --bindingip=BINDINGIP
                        By default we bind to all interfaces. This option
                        overrides that and binds to the specified ip address
                        This option allows you to trottle the speed at which
                        packets are sent. Change this if you're losing
                        packets. For example try 0.5.
  -R, --reportback      Send the author an exception traceback. Currently
                        sends the command line parameters and the traceback
  -A, --autogetip       Automatically get the current IP address. This is
                        useful when you are not getting any responses back due
                        to SIPVicious not resolving your local IP.
  -s NAME, --save=NAME  save the session. Has the benefit of allowing you to
                        resume a previous scan and allows you to export scans
  --resume=NAME         resume a previous scan
  -c, --enablecompact   enable compact mode. Makes packets smaller but
                        possibly less compatible
  -u USERNAME, --username=USERNAME
                        username to try crack
  -d DICTIONARY, --dictionary=DICTIONARY
                        specify a dictionary file with passwords
  -r RANGE, --range=RANGE
                        specify a range of numbers. example:
  -e EXTENSION, --extension=EXTENSION
                        Extension to crack. Only specify this when the
                        extension is different from the username.
  -z PADDING, --zeropadding=PADDING
                        the number of zeros used to padd the password.
                        the options "-r 1-9999 -z 4" would give 0001 0002 0003
                        ... 9999
  -n, --reusenonce      Reuse nonce. Some SIP devices don't mind you reusing
                        the nonce (making them vulnerable to replay attacks).
                        Speeds up the cracking.
  -T TEMPLATE, --template=TEMPLATE
                        A format string which allows us to specify a template
                        for the extensions                       example
               -e 1-999 --template="123%#04i999" would scan
                        between 1230001999 to 1230999999"
                        Maximum time in seconds to keep sending requests
                        without                       receiving a response
  -D, --enabledefaults  Scan for default / typical passwords such as
                        1000,2000,3000 ... 1100, etc. This option is off by
                        default.                       Use --enabledefaults to
                        enable this functionality
  --domain=DOMAIN       force a specific domain name for the SIP message, eg.


cyborg@cyborg:~$ svcrack –u 201
| Extension | Password |
| 201 | 201 |

Leave a reply


We're are building as a community and a team. Be a part of it.


©2018 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?