GithubHelp home page GithubHelp logo

hartl3y94 / sigploit Goto Github PK

View Code? Open in Web Editor NEW

This project forked from anwarmohamed/sigploit

0.0 0.0 0.0 66.33 MB

SigPloit: Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP

License: MIT License

Java 50.09% Python 49.91%

sigploit's Introduction

List of Contributors

  • Rosalia D'Alessandro
  • Ilario Dal Grande

SigPloit

SigPloit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators regardless of the geneartion being in use. SigPloit aims to cover all used protocols used in the operators interconnects SS7, GTP (3G), Diameter (4G) or even SIP for IMS and VoLTE infrastructures used in the access layer and SS7 message encapsulation into SIP-T. Recommendations for each vulnerability will be provided to guide the tester and the operator the steps that should be done to enhance their security posture

SigPloit is developed on several versions

Note: In order to test SS7 attacks, you need to have an SS7 access or you can test in the virtual lab with the provided server sides of the attacks, the used values are provided.

For brief intro on SigPloit and Telecom Architecture in general please click here

SigPloit is referenced in GSMA document FS.07 "SS7 and Sigtran Network Security"

Version 1: SS7

SigPloit will initially start with SS7 vulnerabilities providing the messages used to test the below attacking scenarios

A- Location Tracking

B- Call and SMS Interception

C- Fraud

Version 2: GTP

This Version will focus on the data roaming attacks that occur on the IPX/GRX interconnects.

Version 3: Diameter

This Version will focus on the attacks occurring on the LTE roaming interconnects using Diameter as the signaling protocol.

Version 4: SIP

This is Version will be concerned with SIP as the signaling protocol used in the access layer for voice over LTE(VoLTE) and IMS infrastructure. Also, SIP will be used to encapsulate SS7 messages (ISUP) to be relayed over VoIP providers to SS7 networks taking advantage of SIP-T protocol, a protocol extension for SIP to provide intercompatability between VoIP and SS7 networks

Version 5: Reporting

This last Version will introduce the reporting feature. A comprehensive report with the tests done along with the recommendations provided for each vulnerability that has been exploited.

BETA Version of SigPloit will have the Location Tracking attacks of the SS7 phase 1

Installation and requirements

The requirements for this project are:

1) Python 2.7
2) Java version 1.7 +
3) sudo apt-get install lksctp-tools
4) Linux machine

To run use

cd SigPloit

sudo pip2 install -r requirements.txt

python sigploit.py

sigploit's People

Contributors

guyo13 avatar sigploiter avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.