Hi all, I'm currently evaluating an environment that mainly uses H.323. The SIP pieces of the environment I've been having my way with, but H.323 is a little more lacking in the tool dept. Know any good h323 focused tools?

I read about vnak can do some h323 (h225) stuff and a tool called H225regreject but not much in terms of: valid extension enumeration, brute forcing passwords of valid extensions, or signal tampering (black holing, redirecting calls, etc). I'm dorking around with Protos for fuzzing but so far fuzzing has only proven good to light up lights on the phone and cause some fun DOS conditions.

I can demonstrate call recording, pen tracing, all sorts of fun RTP attacks, DOS, but the meat of what I'm looking to get at now is attacks around the signaling pieces and extension registration, redirection, etc. Any help you can offer is greately appreciated in advance.

Also, any experience stories, good tools (so far SipVicious is your friend, cain and able/ettercap rock, but the vet so far in the ooohs and ahhhs of management department is Wireshark with its ability to replay unencrypted RTP stream and rtp attacks with audio injection).