Top Menu

CRACKER™ Enterprise Edition

VoIP Penetration & Stress testing

CRACKER Enterprise allows any business to routinely check no weakness, such as an inherent design flaw, or configuration error has been introduced into their VoIP system which could leave them exposed to Toll Fraud or T-DOS & SPIT attacks.

CRACKER Enterprise edition runs a whole range of SIP Security focused tests, for example, verifying an IP PBX is fully secured from a user management/configuration management viewpoint, or that an SBC can protect against a protocol fuzzing attack.


  • SIP Port Scanning
  • Extension Discovery
  • Password Attack
  • Telephony D/DDOS Attack
  • Toll Fraud Testing
  • Nuisance Call Testing
  • VoIP End-Point Reboot Testing


  • RFC 3428 Instant Messaging for SIP
  • RFC 4475 SIP Torture Test Messages
  • RFC 4566 SDP
  • RFC 3856 Presence for SIP
  • SIP for IMS 3GPP TS 24.229

Key Benefits

  • Cloud-based service for easy, scalable, resilient service delivery
  • Find weaknesses within the SIP parsers without requiring a deep knowledge of SIP
  • Ability to create custom & default test set-ups
  • Rapid deployment means you hit the ground running immediately after order placement
  • No CAPEX or Admin costs
  • Project based pricing model means you can tailor your spending to the budget allocated to your project
  • Cloud SaaS means all new tool updates are automatic – no impact on your performance or productivity


CALL +353 21 242 8400 TODAY

Call us today or email us at to learn how we can secure your business against VoIP Fraud and other malicious attacks.


CRACKER allows for a broad range of automatic tests to be run, with support for multiple variants of the same test to be run with one, several, or all of the methods, header fields and parameters within a message modifiable, within specific pre-set criteria and ranges, for each individual test.

The SUT can be checked for weaknesses within its SIP parser(s) without the user requiring a deep knowledge of SIP, or having to create a large number of specific tests. It is designed to be highly configurable, such as testing with message lost, sent out of sequence, re-sent before and after timer expiry, incorrect or corrupt messages.

Why Regular VoIP Vulnerability Checking Matters

In a world with so many different types of security threats, the need for dedicated SIP security testing has never been greater. A solution provider or vendor’s own focused experience in the field is of vital importance but this may not be enough. Velona’s approach to VoIP Security is that it requires a Multi layered approach.

For example, the specific purpose of SBCs on both Core and Enterprise side is to stop attacks, but a level of due diligence is required to ensure these are not serving simply as demarcation points. DoS attacks using specifically formatted SIP messaging and large scale calling (another form of DoS) are both issues.

Furthermore, even after the best-in-class solutions have been designed, implemented and hardened, the possibility of human error remains a constant issue leaving the elements behind any DMZ, which should also be solidly locked down at all times, needing constant checking.

The Advantages of Partnering with Velona


CRACKER brings you:

  • Verifiable proof of the highest possible level of SIP Threat prevention for your element or end-to-end solution set
  • Access to dedicated external SIP expertise & to an ever-expanding security knowledge base
  • Higher value and promotion potential

Partnering with Velona gives you the freedom to focus on all aspects of your business, while being able to rely on a comprehensive independent evaluation of your VoIP Security capability.