EnableSecurity

EnableSecurity / DVRTC

Public

DVRTC (Damn Vulnerable Real-Time Communications) is an intentionally vulnerable VoIP/WebRTC platform for security training and research, with isolated lab scenarios covering SIP enumeration, digest leaks, RTP bleed, SQL injection, XSS, and TURN relay abuse.

10
2
100% credibility
Found Mar 30, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
JavaScript
AI Summary

DVRTC is an intentionally vulnerable lab environment simulating a real-time voice and video communication system for security researchers and trainees to practice discovering and exploiting common flaws.

How It Works

1
📚 Discover DVRTC

You hear about this hands-on lab for practicing security on phone and video call systems, perfect for learning without real risks.

2
💻 Prepare your computer

You gather the simple requirements like enough memory and follow easy steps to note your network address, create passwords, and set up practice security certificates.

3
🚀 Launch the lab

You start everything with a quick go command, and your vulnerable practice phone system comes alive right on your machine.

4
Verify it's running

You open a web browser to see the welcome page and make a test call using sample login details to confirm calls connect smoothly.

5
🕵️ Tackle training exercises

You follow guided challenges to explore weak spots like easy logins, leaked info, and media tricks in the phone setup.

6
🧪 Test your skills

You run built-in checkers and attack simulators to prove you've found and fixed the flaws correctly.

🎉 Master secure communications

You've safely practiced real hacking techniques, gained confidence spotting dangers, and know how to build stronger phone systems.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is DVRTC?

DVRTC spins up an intentionally vulnerable VoIP/WebRTC lab for security training, covering SIP enumeration, digest leaks, RTP bleed, SQL injection, XSS, and TURN relay abuse in isolated scenarios. Developers get a full Dockerized stack—Kamailio for SIP proxying, Asterisk PBX, RTPengine media proxy, Coturn for relays, Nginx web server, and MySQL—ready via `docker compose up -d` after simple setup scripts. It's like DVWA but for real-time communications, with built-in exercises, automated verification tests, and a public demo at pbx1.dvrtc.net.

Why is it gaining traction?

Unlike generic vuln apps, DVRTC targets RTC-specific attacks like media bleed and relay abuse that hit VoIP/WebRTC deployments hard, with pinned Docker images for reproducible labs. The quick-start scripts handle networking, certs, and passwords, plus attacker and testing runners for regression checks—no manual config hell. Even with just 10 stars, its exercise docs and smoke tests make it dead simple to validate damn vulnerable behaviors.

Who should use this?

Security engineers pentesting SIP/WebRTC systems, red teamers simulating RTP injection or TURN abuse, and trainers running hands-on sessions for VoIP teams. Ideal for devs auditing real-time comms stacks without polluting prod environments.

Verdict

Grab it for RTC security drills—docs are thorough, setup is polished, and tests cover the vulns—but treat as early alpha given 10 stars and 1.0% credibility score. Solid foundation; contribute to expand scenarios.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.