ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.
Initially intended as a scanner dedicated to Cisco IP Telephony solution, ISME has evolve in a small framework to test IP Phones from several editors.
Nevertheless, the four goals I had in mind at the beginning are still present:
- Provide a simple tool to use,
- Trying to create something new dedicated to ip telephony,
- Targeting enterprise solutions,
- Exploiting LAN connexion possibilities.
Download ISME v0.7 (Zip - 5 Mb)
isme_v0.7 documentation (PDF - 3.4 Mb)
V0.7 – 15/11/2012
· Tool: Add Cisco phone logout mobility feature abuse.
Version follow up
· Tool: Implement a module to detect the use of default Login/password on embedded
web interface from Mitel phones.
· Exploit: Add Aastra ip phone information disclosure (OSVDB-ID: 72941/EDB-ID
· Exploit: Add Avaya Ip Office Linux voicemail password file data disclosure.
· Exploit: Add the script providing phone call and remote taping on SNOM phones.
· Exploit: Add Mitel AWC unauthenticated command execution (OSVDB-ID:
V0.6 – 30/08/2012
· Implement code to exploit Polycom IP Phones data disclosure vulnerability (OSVDBID:
· Implement code to exploit Polycom IP Phones DoS through web interface (OSVDBID:
· Implement a module to detect Polycom SoundPoint IP Phones use of default
Login/password and unprotected web interface.
· Add the capacity to scan a full subnet for Aastra & SNOM default login/password
search. Capacity to save results in text files has been added also.
· Add an integrated graphical module for Protos SIP in ISME (need java to work).
· Cisco phone ringer & forwarder support new types of IP Phone:
· Due to some problems met by users at the installation, I finally come back to an install
process mainly based on CPAN.
V0.5 – 06/08/2012
· Add SIP Flooding attacks (Invite, Register, Options)
· Add TCP SYN Flood attack
· Update installer
· Change menu presentation
V0.4 – 12/06/2012
· Add Cisco phone attacks (ringer & forwarder – skinny)
· Add Lan & Servers attacks (DHCP Starvation & DNS Subnet resolver)
V0.3 – 12/02/2012
· All kind of subnets are now support. ISME is no more limited to “/24”. Take care, it is
done with the utilization of a new library. Be sure to install it (or load the installation
script which add been adapted) before launching this new version.
· Add the capacity to detect default password on SNOM IP Phones.
V0.2 – 03/01/2012
· Add an installer for all the perl modules.
· Add the capacity to detect default password on Aastra IP Phones.
V0.1 – 20/12/2011
First release of ISME script.