Test Result
No test run yet
Enter your SIP server details and run the test to check if your system is vulnerable to unauthenticated calls.
SIP Response Codes
| Code | Meaning | Status |
|---|---|---|
100 | Trying | Vulnerable |
180 | Ringing | Vulnerable |
183 | Session Progress | Vulnerable |
200 | OK | Vulnerable |
401 | Unauthorized | Secure |
403 | Forbidden | Secure |
404 | Not Found | Secure |
407 | Proxy Auth Required | Secure |
488 | Not Acceptable | Secure |
— | No response (timeout) | Unknown |
FAQ
What does this tool do exactly?
It sends a single unauthenticated SIP INVITE packet to your server's SIP port and analyzes the response. If your server processes the call without requiring credentials, it is vulnerable to toll fraud.
Will this actually make a phone call?
If your system is vulnerable, it may briefly attempt to set up a call. The test is designed to detect the vulnerability — if your system is secure, the request will be rejected immediately.
Is it safe to use?
Yes, as long as you test your own servers. The tool sends a standard SIP packet — the same kind an attacker would send. Only test systems you own or have authorization to test.
Why does it say "No response"?
This usually means the SIP port is filtered by a firewall, the service is not running, or the server is unreachable. Check that port 5060 (UDP) is open and your SIP service is active.
How do I fix a vulnerable system?
In Asterisk, set allowguest=no in sip.conf or pjsip.conf. Use strong passwords for all SIP accounts, enable fail2ban, and restrict SIP port access with firewall rules.
Do you store my data?
We do not store the SIP server data you enter. Basic request metadata (IP, timestamp) is logged for abuse prevention only.