WarVOX 1.0.0

I’ve been working on adding some wardialing and dialup hacking modules to the  Metasploit project for a while, which initially spawned this entire other project that HD went nuts on.  Hopefully we’ll get some of the tech that this project produced merged back into the Metasploit wardialling stuff, but for now it’s a separate entity.  Here’s the result:

WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders. WarVOX provides the unique ability to classify all telephone lines in a given range, not just those connected to modems, allowing for a comprehensive audit of a telephone system.

WarVOX requires no telephony hardware and is massively scalable by leveraging Internet-based VoIP providers. A single instance of WarVOX on a residential broadband connection, with a typical VoIP account, can scan over 1,000 numbers per hour. The speed of WarVOX is limited only by downstream bandwidth and the limitations of the VoIP service. Using two providers with over 40 concurrent lines we have been able to scan entire 10,000 number prefixes within 3 hours.

The resulting call audio can be used to extract a list of modems that can be fed into a standard modem-based wardialing application for fingerprinting and banner collection. One of the great things about the WarVOX model is that once the data has been gathered, it is archived and available for re-analysis as new signatures, plugins, and tools are developed. The current release of WarVOX (1.0.0) is able to automatically detect modems, faxes, silence, voice mail boxes, dial tones, and voices.

Presentation: http://warvox.org/media/warvox-1.0.0.pdf

Gallery: http://warvox.org/gallery.html

Code: http://warvox.org/install.html

Advertisements

3 Responses to “WarVOX 1.0.0”

  1. dina Says:

    ooo

  2. Wardialer Says:

    Hey there ! I am trying to do some wardialing and have a huge range of numbers to test. Can you tell me what is a stable build of WarVOX ? Is there any alternative hacking tool out there ? It sucks being a skiddie 😦

    • I)ruid Says:

      I was not involved in the WarVOX project, that’s all HD Moore. I’d hit him up if you have questions about it. The tool to use really depends on what you’re trying to detect. If you want to detect carriers, I don’t think WarVOX is the right tool for that as it uses a signal processing approach to identifying what’s on the other end of the line rather than trying to actually connect to it. The Metasploit wardialer that I wrote detects based on connections but that limits it to identifying only what it can connect to. So in short, if you want to identify carriers and what’s on the other side of them, use the Metasploit wardialer or another traditional wardialer like ToneLoc. If you want to identify practically everything else, use WarVOX.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: