VAST is a VIPER Lab live distribution that contains VIPER developed tools such as UCsniff, VoipHopper, Videojak, videosnarf, ACE, Warvox, and more. Along with VIPER tools and other essential VoIP security tools, it also contains tools penetration testers utilize such as Metasploit, Nmap, Netcat, Hydra, Hping2 etc.

This distribution is a work in progress. If you would like to see a tool or package included please feel free to suggest them to the author.

VAST also has built into synaptic package manager a third party repository link for the VIPER tools, so when you update a tool it’s as easy as “apt-get”.

Specs

• Size 900MB
• Built on Ubuntu 9.04
• Full language pack
• git,apt-get,svn
• Includes custom repository for VIPER tools

Tool List

• UCsniff
• VideoSnarf
• Videojak
• Metasploit
• SecurLogix Tools
• Hydra
• Nmap
• tshark
• Sipvicious
• SIPp
• Netcat
• Warvox
• Hping2

You can download VAST here:

VIPER_VASTbetav2.71.iso

Or read more here.

What is VideoJak?

VideoJak is an IP Video security assessment tool that can simulate a proof of concept DoS against a targeted, user-selected video session and IP video phone. VideoJak is the first of its kind security tool that analyzes video codec standards such as H.264.

VideoJak works by first capturing the RTP port used in a video conversation and analyzing the RTP packets, collecting the RTP sequence numbers and timestamp values used between the phones. Then VideoJak creates a custom video payload by changing the sequence numbers and timestamp values used in the original RTP packets between the two phones. After the user selects a targeted phone to attack in an ongoing video session, VideoJak delivers the payload over the learned RTP port against the target. This attack results in severely degraded video and audio quality.

Overview

VideoJak is designed in consideration of todays UC infrastructure implementions in which QoS requirements dictate the separation of data and VoIP/Video into discrete networks or VLANs. VideoJak is a proof of concept security assessment tool that can be used to test video applications. Future versions of the tool will support more exciting features.

Features

• VLAN Discovery (CDP) and VLAN Hop
• Call pattern tracking for SIP and SCCP signaling protocols
• Audio codec (G.711u, G.722) and Video codec (H.263, H.264) support
• Creates custom payload from H.263/H.264 packet capture
• MitM functions and host management
• Allows user to select ongoing video call from a menu
• Allows user to select a targeted IP Phone for DoS within the video session
• Enables the user to send the attack during an active, ongoing video call

You can download VideoJak here:

videojak-1.00.tar.gz

Or read more here.