Bluebox-ng is an open-source pen testing framework written in CoffeeScript using Node.js powers. It is primarily focused in VoIP/UC.

Features:

• Asterisk AMI post-exploitation
• Authentication and extension brute-forcing through different types of SIP requests
• Auto VoIP/UC penetration test
• Automatic exploit searching (Exploit DB, PacketStorm, Metasploit)
• Automatic vulnerability searching (CVE, OSVDB, NVD)
• Command completion
• Cross-platform support
• DNS brute-force, zone transfer, etc.
• Dumb fuzzing
• Geolocation
• Other common protocols brute-force: Asterisk AMI, MySQL, MongoDB, SSH, (S)FTP, HTTP(S), TFTP, LDAP, SNMP
• Performance
• RFC compliant
• Report generation
• SHODAN, exploitsearch.net and Google Dorks
• SIP SQLi check
• SIP TLS and IPv6 support
• SIP Torture (RFC 4475) partial support
• SIP common security tools (scan, extension/password bruteforce, etc.)
• SIP denial of service (DoS) testing
• SIP over WebSockets (and WSS) support (RFC 7118)
• Some common network tools: whois, ping (also TCP), traceroute, etc.
• Web management panels discovery