VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop security test.  VoIP Hopper is a VoIP infrastructure security testing tool but also a tool that can be used to test the (in)security of VLANs.  Get more details on the what and why here.

April 26, 2012:  VoIP Hopper 2.04 is released!  With new Avaya, Alcatel, and LLDP-MED spoofing support.  Many special thanks to Nicolas Roux in France, for his source code contribution and debugging help with the Alcatel-Lucent support in VoIP Hopper.

• Updated Avaya Automatic VLAN discovery for DHCP client Option 242 (for newer Avaya IP Phones)
  

• Alcatel-Lucent VVID infrastructure support, with 3 new modes
  

• Spoofing MAC Address of Alcatel IP Phone in DHCP client Option 12 and 61 (for Alcatel compliant DHCP client)
  

• Proper spoofing of LLDP-MED packet TLVs with user supplied MAC address (Cisco, Alcatel).  LLDP-MED automatic VLAN discovery for Cisco and Alcatel infrastructures.
  

For a complete feature list, see here.

August 15, 2011:  VoIP Hopper 2.0 is released!  This is the same VoIP Hopper version that was demonstrated live at DefCon 19 conference in the presentation, "VoIP Hopping the Hotel:  Attacking the Crown Jewels through VoIP".  Some exciting new features of VoIP Hopper include the following:

• New "Assessment" mode:  Interactive, menu driven command interface, improves ability to VLAN Hop in Pentesting when the security tester is working against an unknown network infrastructure
  

• New VLAN Discovery methods (802.1q ARP, LLDP-MED)

• LLDP-MED spoofing and sniffing support
• Can bypass VoIP VLAN subnets that have DHCP disabled, and spoof the  IP address and MAC address of a phone by setting a static IP

If you have constructive feedback about useful features, implementation suggestions, or any insight or feedback on how VoIP Hopper helped you, I would like to hear from you.

Jason Ostrom, jpo@pobox.com