lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20060115001240.GB23207@bundy.vistech.net>
Date: Sat, 14 Jan 2006 19:12:43 -0500
From: Da Beave <beave@...dy.vistech.net>
To: bugtraq@...urityfocus.com
Subject: iWar 0.07 PSTN auditing tool released...

	I've released iWar version 0.07, "Now with 100% more VoIP!"

	iWar is a PSTN (phone network) security auditing tool.
	
	The major thing this release adds is the VoIP/IAX2 support!  
You can now sit in a Starbuck's,  sipping on coffee and scan phone numbers :)  
I've started adding the signal processing back end to iWar,  but it is 
_not_ included in this version.  New screen shots are at: 
http://www.softwink.com/iwar/screenshots.html.

	As normal,  to get the source code go to:

	http://www.softwink.com/iwar/
	or
	ftp://ftp.vistech.net/pub/iwar

	This is a pretty major release in that it adds a lot of new 
functionality and fixes a lot of bugs (BSD related mostly).  I've 
tested this version under Linux (Gentoo AMD64/i386,  Slackware i386),  
OpenBSD (i386) and FreeBSD (i386).  Unfortunately, I could only get 
IAXClient to build on Linux machines.   You might have better luck using
the IAXClient CVS Head.  As it stands right now,  it _appears_ that IAX2
support is only good for Linux platforms.  It _should_ build fine under
Mac OSX (I don't have a machine to test this).  Please let me know if 
you have any problems or questions!

	I've decided to stop putting up Windows Cygwin binaries online as
it's a pain.   If there is a demand for it,  I'll put them back up.

Features:

- Random/Sequential Dialing
- ASCII flat file and MySQL logging support.
- Remote system identification (via banner detection). 
- Key stroke marking. You can "mark interesting numbers" by hitting a key.
  You can also enter a "note" about a number.
- Multiple modem support,  because hey - this is Unix.
- Nice "curses" (ncurses) display.   
- Full modem control.   iWar actually controls CTS/RTS,  DTR,  baud rate
  parity,  etc. 
- Blacklist phone number support (number to _never_ dial)
- Save state support.   If you need to quit a iWar session,  you can save
  the current state to a file.  This allows you to come back later and
  restart iWar where you left off.
- Can load pre-generated numbers.  This is useful if you want to load numbers
  generated by another routine (perl/shell script/etc).
- Tone location using two different methods.  The traditional "Toneloc" style,
  and "silence" detection.
- Records remote system banners for later review.
- Can be used to attack PBX and voice mail systems.
- Terminal window (at bottom) so you can watch modem interaction in real time.

New features:

- iWar supports the IAX2/VoIP protocol.  This means that traditional "analog"
  hardware modem are no longer required.  Works with Asterisk 
  (http://www.asterisk.org) or any IAX2 VoIP provider.  You can now
  scan while sipping coffee at your local Starbucks ! :)
  NOTE:  iWar does _NOT_ have the signal processing back end,  so 
  you'll manually have to identify numbers.
- In IAX2 mode,   0-9, * and # keys send there DTMF equivalents.
- In IAX2 mode,  iWar acts as a "full blown" VoIP client!   By hitting 
  the '[' key you can "pause and mark" a number.  In this mode, you can
  'talk' to the remote target (or play with whatever you've found).
- In IAX2 mode,  if your provider supports it,  you can "set" your caller
  ID number (caller ID spoofing).
- Added "dtrsec" option (how long to toggle DTR).

Bugs fixed:

- Various BSD (FreeBSD/OpenBSD) issues. 
- plushangup() now function better.  This is good as almost every system/modem
  support that.  DTR toggle was the default,  now plushangup() is default.
- Fixed major problem with "save state".
- Fixed bug with key stroke marking.  Caused hangups not to complete,  and
  also slowed down keyboard response time (which was brought to my 
  attention by several people).
- Of course,   move over code fixes from the unofficial 0.061pre release.
- More code cleanup.
- Made configure.in more robust.

--

Da Beave (beave@...tech.net)
Telephreak Voicemail Box 7337   |  FWD: 61106

http://deathrow.vistech.net 	|  The Deathrow OpenVMS Cluster
http://www.telephreak.org	|  Telephreak Asterisk/VoIP Playground

Key Id: 357B86AD
Key fingerprint = 1470 658D 16BB A129 462E  84BF 6C53 8FDD 357B 86AD
If it wasn't for C, we'd be using BASI, PASAL and OBOL.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ