Script iax2-brute

Script types: portrule
Categories: intrusive, brute

Script Summary

Performs brute force password auditing against the Asterisk IAX2 protocol. Guessing fails when a large number of attempts is made due to the maxcallnumber limit (default 2048). In case your getting "ERROR: Too many retries, aborted ..." after a while, this is most likely what's happening. In order to avoid this problem try: - reducing the size of your dictionary - use the brute delay option to introduce a delay between guesses - split the guessing up in chunks and wait for a while between them

Script Arguments

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.


See the documentation for the creds library.

brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass

See the documentation for the brute library.

Example Usage

nmap -sU -p 4569 <ip> --script iax2-brute

Script Output

4569/udp open|filtered unknown
| iax2-brute:
|   Accounts
|     1002:password12 - Valid credentials
|   Statistics
|_    Performed 1850 guesses in 2 seconds, average tps: 925



  • Patrik Karlsson

License: Same as Nmap--See