Normally, we're hired to deploy a VoIP specific penetration test, but we also like to check (in a minimal way) the rest of implied services. So I've added next modules brute-force modules:
- Asterisk AMI: It was a must because this is a very common scenario.
- MySQL: The most common DB engine among VoIP servers.
- MongoDB: It's not used in VoIP, but I've been playing lately with this system and I really like it. So I decided also to add a module.
- SSH / (S)FTP: More common protocols.
- HTTP(S): Useful when we find a web management panel for a VoIP server.
- TFTP: Widely used in VoIP to auto-provisioning the softphones of an organization.
- LDAP: Sometimes the VoIP servers perform the authentication against an existent LDAP instance (Microsoft Active Directory is also included here).
Finally I would like remark that, in my oppinion, we should solve next issues to build a professional tool:
- Network scanner: For now we're using Evilscan, but it only supports full TCP scan (neither SYN nor UDP) and the project seems stopped.
- Web vulnerability scanner: I don't know any tool for this written in Node.js. The most similar thing I found is Dirscan-node, useful to make directory brute-force but it's not a complete web vuln scanner.
In fact, I'm using Nmap and Skipfish to achieve these goals for now. So if you're thinking in a new security project (in Node.js) these ideas could be a good one. ;)