Skip to content

On-demand audit

PBX security scanner

Point SipRadar at your public SIP endpoint to surface exposed ports, weak REGISTER credentials, verbose responses, and misconfigured TLS, then export a remediation checklist your team can ship today via POST /v1/scan.

9,847

PBX audits completed

47s

Avg scan time

6

Platforms supported

34%

Critical finding rate

Run audit

Scan your SIP endpoint

Remote audit against your public hostname or IP. No agent installation required.

Scans require domain or IP ownership verification (TXT record or signed SIP OPTIONS probe). We publish scanner IP ranges for allowlisting.

pbx-audit.reportAwaiting target

Enter a public SIP hostname or IP and run an audit to generate a remediation report.

Compatibility

Supported PBX platforms

Asterisk, Kamailio, FreeSWITCH, OpenSIPS, 3CX, and FreePBX, with platform-specific checks.

Asterisk

Detects allowguest, weak AMI, and exposed chan_sip endpoints.

Kamailio

Flags open relay misconfigs and missing dispatcher ACLs.

3CX

Surfaces default admin credentials and unpatched SBC exposure.

FreeSWITCH

Checks Sofia profile exposure and weak directory defaults.

OpenSIPS

Audits registrar auth modules and topology hiding gaps.

FreePBX

Validates extension secrets, firewall rules, and SIP TLS settings.

Developer

Automate PBX audits

Kick off scans via API and receive webhook callbacks when remediation reports are ready. Full API reference →

API integrationPOST /v1/scan

Request

$ curl -X POST https://api.sipradar.net/v1/scan \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "target": "pbx.acme-corp.example",
    "platform": "asterisk",
    "webhook_url": "https://ops.example.com/hooks/sipradar"
  }'

Response

{
  "job_id": "scan_7f3a9c2e",
  "status": "queued",
  "target": "pbx.acme-corp.example",
  "platform": "asterisk",
  "eta_seconds": 45,
  "webhook_events": ["scan.completed", "scan.failed"]
}

Lock down your edge

Unlimited PBX audits on Active Defense and Enterprise.

Get an API key for automated scans, webhook alerts, and real-time blacklist feeds.