Custom Module Development - starter module to read and publishing process?

Hi all,

I’m looking to create a custom module which can be downloaded via Module Admin etc. where is the best place to start?

I was looking at github com/FreePBX-ContributedModules

It is a module to query an external RESTful API before querying the dialplan


This is a base module that will give you the general structure. a lot is documented in the wiki but it is currently down.

may be one of the simplest rest examples


If you have an GNU GPL2+ licensed module that you want to contribute to the project, we can accept that provided you sign a Code Submission Agreement.

1 Like

Thanks. It was to call an external API. I’ll have a play though :slight_smile:

That would be fine. Was thinking AGPL.

I’m putting up a new API at SentryPeer com that allows users to check a numbed before it gets dialled to alert if it’s a toll fraud reconnaissance attempt. Details are collected by running your own SentryPeer org nodes that publish data to the same API.

The elixir / phoenix app will be AGPL once ready. APIs are all done and up though.

Is this for inbound calls? If so, it might be better to add a CID Superfecta module for SentryPeer to do the API call there. Depending on the complexity of the API call, it may be possible to use one of the generic Regular Expression superfecta modules.

1 Like

Hi @lgaetz

Thanks for that. This is for outbound calls. The idea, which I’m proving at the moment, is during the in-between stage of a handset/endpoint having a valid registration but it’s attempting to make test calls to see what the fraudster can do. We’ve all been there. An endpoint gets compromised somehow and you only know if your channel limits are reached or it starts calling Easter Island etc. We can catch them before that though and trigger alarms/alerts.

This is the gist from the SentryPeer project introduction (when running the standalone SentryPeer node with API enabled, not using the central sentrypeer com API):

SentryPeer® is a fraud detection tool. It lets bad actors try to make phone calls and saves the IP address they came from and number they tried to call. Those details can then be used to raise notifications at the service providers network/pbx and the next time a user/customer tries to call a collected number, you can act anyway you see fit.

For example:

Let’s say you are running your own VoIP PBX on site. What SentryPeer will allow you to do in this context, is dip into the list of phone numbers (using the RESTful API) when your users are making outbound calls. If you get a hit, you’ll get a heads-up that potentially a device within your network is trying to call known probing phone numbers that have either been:

  1. Numbers collected by SentryPeer nodes you are running yourself
  2. Numbers seen by other SentryPeer nodes which have been replicated to your node via the peer to peer network

This would allow you to generate a notification from your monitoring systems before you rack up any expensive calls or something worse happens.

What would lead to this scenario?

  1. Potential voicemail fraud. This can happen if you allow calling an inbound number (your DID/DDI) to get to your voicemail system, then prompt for a PIN. This PIN is weak and the voicemail system allows you to press ‘*’ to call back the Caller ID that left a voicemail. The attacker has left a voicemail, and they then guess your PIN and call it back. The number called is a known number that SentryPeer has seen. You can alert on it.
  2. A device has been hijacked and/or a softphone or similar is using the credentials they stole off the phone’s GUI and is registered to your system and make calls to a number seen by SentryPeer.
  3. An innocent user is calling a phishing number or known expensive number etc. that SentryPeer has seen before.

Make sense?


Do you recommend starting with this too?

wiki freepbx org/display/FOP/FreePBX+Module+Generator

That will generate basically the same thing as the helloworld with all the naming in place


Do you recommend I set this up or just use my fresh FreePBX 16 VirtualBox install?

wiki freepbx org/pages/viewpage.action?pageId=40468541

Setting up a Development environment from the FreePBX Distro (v14 and V15)

Getting pretty far now. agi php working. dialplan loading. Loading up. Got a few questions about installing the agi file and a few other things. Still OK on this post or start another?

What about a style guide? Is a logo OK?

I can’t seem to get this to stick SentryPeer-FreePBX-Module/Sentrypeer.class.php at main · SentryPeer/SentryPeer-FreePBX-Module · GitHub

How do I actually install the module again? Module Admin?

For example, config here:


getting anything commercial even under gpl in to official repos is already going to be a challenge. If you want your logo on it they will probably ask for fees etc. Just a guess.

When I am developing I put my module in /var/www/html/admin/modules/mymodule then run fwconsole ma install mymodule

not sure of the question here

Also notice the agi installs when you run apply config

1 Like

Thanks! My config isn’t working I think as I need to re-install the module so that hook runs.

Excellent! All done now.

Just one last question about my dialplan:

If the number dialled doesn’t match my outbound routes, then it hits the SentryPeer API, if it does match an outbound route, I can’t pick off the number to check it.

What’s the best context to go in? I have:

$ext->addInclude('from-internal-additional', 'sentrypeer-context');


I haven’t read this thread in detail, but check the outbound cnam module. It hooks outbound call dialplan

Module page links to, should that be

1 Like

Thanks! Will have a read later tonight.

No, dot com is correct.

The code behind will be open-source too, released under the AGPLv3, published Q1.

We’ll be hosting it and you can run the SentryPeer node from to submit data to that they can then consume via its APIs for free. Hence this is free as in beer and free software.

Those that don’t want to do that can pay to access the data we’ve collected ourselves and other things. But the core platform is open-source to help with the trust part of the service. You can run the core platform that powers yourself with a bit of work. SaaS/open-source backend is powered by Elixir/Phoenix Webframework/Phoenix LiveView and PostgreSQL.

It’s all open-source, but those that can’t be bothered to run things themselves can pay. Just like: and GitHub - plausible/analytics: Simple, open-source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics.

Above is the same idea and tech (Elixir).

This is about detecting early fraud attempts before it costs customers/service providers money.

Maybe macro-dialout-one-predial-hook is a good place to be?

All working. Dialplan in the right place.

I’m happy with that! First release made:

Thanks for all the help everyone. I ended up creating a nice little custom context for others to hook into if needed:

Now back on to the server side of things!

1 Like