Neurologically Paralyzing Mouseovers

    This package has been deprecated

    Author message:

    UNMANTAINED project, no time :(


    1.1.0 • Public • Published


    Black Hat Arsenal Continuos integration NSP Status

    npm info

    Pentesting framework using Node.js powers. Specially focused in VoIP/UC.


    • Auto VoIP/UC penetration test
    • Report generation
    • Performance
    • RFC compliant
    • SIP TLS and IPv6 support
    • SIP over websockets (and WSS) support (RFC 7118)
    • SHODAN, and Google Dorks
    • SIP common security tools (scan, extension/password bruteforce, etc.)
    • Authentication and extension brute-forcing through different types of SIP requests
    • SIP Torture (RFC 4475) partial support
    • SIP SQLi check
    • SIP denial of service (DoS) testing
    • Web management panels discovery
    • DNS brute-force, zone transfer, etc.
    • Other common protocols brute-force: Asterisk AMI, MySQL, MongoDB, SSH, (S)FTP, HTTP(S), TFTP, LDAP, SNMP
    • Some common network tools: whois, ping (also TCP), traceroute, etc.
    • Asterisk AMI post-explotation
    • Dumb fuzzing
    • Automatic exploit searching (Exploit DB, PacketStorm, Metasploit)
    • Automatic vulnerability searching (CVE, OSVDB, NVD)
    • Geolocation
    • Command completion
    • Cross-platform support


    • Install the last Node.js stable version.


    • A better alternative for developers is to use nvm, to test different versions.

    • Get a copy of the code and install Node dependencies.

    npm i -g bluebox-ng

    Kali GNU/Linux

    • curl -sL | sudo bash -


    • Console client: bluebox-ng
    • As a library:
    const Bluebox = require('bluebox-ng');
    const bluebox = new Bluebox({});
    const moduleOptions = { target: '' };
    console.log('Modules info:');
    console.log(JSON.stringify(, null, 2));
    bluebox.runModule('geolocation', moduleOptions, (err, result) => {
      if (err) {
      } else {


    Developer guide

    • Start coding with one of the actual modules similar to the new one as a boilerplate.
    • Use GitHub pull requests.


    • We use ESLint and Airbnb style guide.
    • Please run to be sure your code fits with it and the tests keep passing:
    npm run-script cont-int


    We use the visionmedia module, so you have to use this environment variable:

    DEBUG=bluebox* npm start

    Commit messages rules:

    • It should be formed by a one-line subject, followed by one line of white space. Followed by one or more descriptive paragraphs, each separated by one line of white space. All of them finished by a dot.
    • If it fixes an issue, it should include a reference to the issue ID in the first line of the commit.
    • It should provide enough information for a reviewer to understand the changes and their relation to the rest of the code.

    Core devs


    Thanks to


    This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

    This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

    You should have received a copy of the GNU General Public License along with this program. If not, see


    npm i bluebox-ng

    DownloadsWeekly Downloads






    Last publish


    • jesusprubio