[ISME v0.7] IP Phone Scanning Made Easy


ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.

Initially intended as a scanner dedicated to Cisco IP Telephony solution, ISME has evolve in a small framework to test IP Phones from several editors.

Nevertheless, the four goals I had in mind at the beginning are still present:
  • Provide a simple tool to use,
  • Trying to create something new dedicated to ip telephony,
  • Targeting enterprise solutions,
  • Exploiting LAN connexion possibilities.

Download ISME v0.7 (Zip - 5 Mb) 
isme_v0.7 documentation (PDF - 3.4 Mb)





V0.7 – 15/11/2012
· Tool: Add Cisco phone logout mobility feature abuse.
Version follow up

· Tool: Implement a module to detect the use of default Login/password on embedded
web interface from Mitel phones.
· Exploit: Add Aastra ip phone information disclosure (OSVDB-ID: 72941/EDB-ID
17376).
· Exploit: Add Avaya Ip Office Linux voicemail password file data disclosure.
· Exploit: Add the script providing phone call and remote taping on SNOM phones.
· Exploit: Add Mitel AWC unauthenticated command execution (OSVDB-ID:
69934/EDB-ID 15807).
V0.6 – 30/08/2012
· Implement code to exploit Polycom IP Phones data disclosure vulnerability (OSVDBID:
73117).
· Implement code to exploit Polycom IP Phones DoS through web interface (OSVDBID:
70697).
· Implement a module to detect Polycom SoundPoint IP Phones use of default
Login/password and unprotected web interface.
· Add the capacity to scan a full subnet for Aastra & SNOM default login/password
search. Capacity to save results in text files has been added also.
· Add an integrated graphical module for Protos SIP in ISME (need java to work).
· Cisco phone ringer & forwarder support new types of IP Phone:
7914,7915,7916,7920,7921,7925,7985
· Due to some problems met by users at the installation, I finally come back to an install
process mainly based on CPAN.
V0.5 – 06/08/2012
· Add SIP Flooding attacks (Invite, Register, Options)
· Add TCP SYN Flood attack
· Update installer
· Change menu presentation
V0.4 – 12/06/2012
· Add Cisco phone attacks (ringer & forwarder – skinny)
· Add Lan & Servers attacks (DHCP Starvation & DNS Subnet resolver)
V0.3 – 12/02/2012
· All kind of subnets are now support. ISME is no more limited to “/24”. Take care, it is
done with the utilization of a new library. Be sure to install it (or load the installation
script which add been adapted) before launching this new version.
· Add the capacity to detect default password on SNOM IP Phones.
V0.2 – 03/01/2012
· Add an installer for all the perl modules.
· Add the capacity to detect default password on Aastra IP Phones.
V0.1 – 20/12/2011
First release of ISME script.
[ISME v0.7] IP Phone Scanning Made Easy [ISME v0.7] IP Phone Scanning Made Easy Reviewed by Zion3R on 6:10 PM Rating: 5