War-dialing is back, and it’s not limited to finding modems anymore. Renowned researcher HD Moore is putting the final touches on his latest project — a telephone auditing tool that also finds PBXes, dial tones, voicemail, faxes, and other phone line connections for security assessment, research, or inventory.
This is not your father’s war-dialer: The so-called WarVOX is free, Linux-based software (no telephony hardware necessary) that uses voice over IP services to place calls. It looks at the audio in a call and is much faster than old-school war-dialing, scanning more than 1,000 phone numbers per hour over a residential broadband connection, and up to 10,000 in eight hours.
Moore says WarVOX is aimed at security auditors and penetration testers looking for a faster and cheaper way to detect phone system vulnerabilities. “Right now, the target audience for WarVOX is anyone who currently uses legacy war-dialing tools and is frustrated by the amount of time and money it takes to perform the audit,” Moore says. [Information Week]