Monday 8 October 2018

SigPloit Framework (What You Need To Know)WYNTK

                 No comments    

SigPloit Framework – Telecom Vulnerability Testing for SS7, GTP (3G), Diameter(4G), and SIP Made Easy


 

SiGploit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators regardless of the geneartion being in use.

What is SigPloit


As described on GitHub, SigPloit is a framework intended for telecom security specialists. Researchers can use SigPloit for penetration testing of telecom networks in order to find known vulnerabilities in signaling protocols.

The stated purpose of the framework is security testing of all existing protocols that are used in telecom operators’ infrastructure, including SS7, GTP (3G), Diameter (4G), and even SIP for IMS and VoLTE, which is used at the access level and for encapsulating SS7 messages in SIP-T. According to the documentation, SigPloit uses testing results to provide network-specific recommendations on how to improve security.

SiGploit is developed on several versions


Note: In order to test SS7 attacks, you need to have an SS7 access or you can test in the virtual lab with the provided server sides of the attacks, the used values are provided.

Version 1: SS7


SiGploit will initially start with SS7 vulnerabilities providing the messages used to test the below attacking scenarios A- Location Tracking B- Call and SMS Interception C- Fraud

Version 2: GTP


This Version will focus on the data roaming attacks that occur on the IPX/GRX interconnects.

Version 3: Diameter


This Version will focus on the attacks occurring on the LTE roaming interconnects using Diameter as the signaling protocol.

Version 4: SIP


This is Version will be concerned with SIP as the signaling protocol used in the access layer for voice over LTE(VoLTE) and IMS infrastructure. Also, SIP will be used to encapsulate SS7 messages (ISUP) to be relayed over VoIP providers to SS7 networks taking advantage of SIP-T protocol, a protocol extension for SIP to provide intercompatability between VoIP and SS7 networks

Version 5: Reporting


This last Version will introduce the reporting feature. A comprehensive report with the tests done along with the recommendations provided for each vulnerability that has been exploited.
BETA Version of SiGploit will have the Location Tracking attacks of the SS7 phase 1

Installation and requirements


The requirements for this project are:
1) Python 2.7
2) Java version 1.7 +

To run use
python bin/SiGploit.py

Download Sigploit
Share:

0 Comments:

Post a Comment

Sample Text

Copyright © Promoting Unique Content | Powered by Blogger Design by ronangelo | Blogger Theme by NewBloggerThemes.com