THC Hydra - IPv6 attack toolkit v-2.8-dev.

THC Hydra – IPv6 attack toolkit v-2.8-dev.

CHANGELOG
=========
NOTE: More tools exist, but are only handed out to specific people who develop ipv6 security/pentest tools themselves, or support the thc-ipv6 toolkit development. If this matches *you* send me an email to vh (at) thc (dot) org , with “thc-ipv6 antispam” in the subject line.

v2.8-dev:
* TCP Fast Open support (22/06/2015)
* fake_router26:
– option -X removes router entry from targets on exit (patch from Dan Luedtke, thanks)
* flood_router26:
– Fix – the source mac was always null bytes without evasion, thank to Christopher Werny for reporting
* ndpexaust26:
– option -m generates maximum size packets
* dump_router6:
– fixed route option parsing
* thcping6:
– added -O TCP Fast Open cookie request option
* thcsyn6
– added -O TCP Fast Open fake cookie sending option
* connect6:
– will now print the known MTU path to the destination upon succesful connect
* Renamed dos_mld.sh to dos_mld6.sh and local_discovery.sh to local_discovery6.sh

INTRODUCTION
============
This code was inspired when I got into touch with IPv6, learned more and more about it – and then found no tools to play (read: “hack”) around with. First I tried to implement things with libnet, but then found out that the IPv6 implementation is only partial – and sucks. I tried to add the missing code, but well, it was not so easy, hence I saved my time and quickly wrote my own library.hydra_start

LIMITATIONS
===========
This code currently only runs on:
– Linux 2.6.x or newer (because of /proc usage)
– Ethernet
But this means for all linux guys that it will work for 98% of your use cases.
Patches are welcome! (add “antispam” in the subject line to get through my
anti-spam protection, otherwise the email will bounce)

THE TOOLS
=========
The THC IPV6 ATTACK TOOLKIT comes already with lots of effective attacking tools:
– parasite6: ICMPv6 neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite)
– alive6: an effective alive scanng, which will detect all systems listening to this address
– dnsdict6: parallized DNS IPv6 dictionary bruteforcer
– fake_router6: announce yourself as a router on the network, with the highest priority
– redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever ICMPv6 redirect spoofer
– toobig6: mtu decreaser with the same intelligence as redir6
– detect-new-ip6: detect new IPv6 devices which join the network, you can run a script to automatically scan these systems etc.
– dos-new-ip6: detect new IPv6 devices and tell them that their chosen IP collides on the network (DOS).
– trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
– flood_router6: flood a target with random router advertisements
– flood_advertise6: flood a target with random neighbor advertisements
– fuzz_ip6: fuzzer for IPv6
– implementation6: performs various implementation checks on IPv6
– implementation6d: listen daemon for implementation6 to check behind a FW
– fake_mld6: announce yourself in a multicast group of your choice on the net
– fake_mld26: same but for MLDv2
– fake_mldrouter6: fake MLD router messages
– fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
– fake_advertiser6: announce yourself on the network
– smurf6: local smurfer
– rsmurf6: remote smurfer, known to work only against linux at the moment
– exploit6: known IPv6 vulnerabilities to test against a target
– denial6: a collection of denial-of-service tests againsts a target
– thcping6: sends a hand crafted ping6 packet
– sendpees6: a tool by willdamn@gmail.com, which generates a neighbor
solicitation requests with a lot of CGAs (crypto stuff 😉 to keep the
CPU busy. nice.
and about 25 more tools for you to discover 🙂

Just run the tools without options and they will give you help and show the
command line options.
DETECTION
=========
Most tools can easily be detected by an IDS or specialized detection software. This is done on purpose to make rogue usage detection easier. The tools either specify a fixed packet signature, or generically sniff for packets (e.g. therefore also answering to ICMPv6 neighbor solitications which
are sent to a non-existing mac, and are therefore very easy to detect).

Download : thc-ipv6.zip(1.58 MB)  | Clone Url
Source : www.thc.org | vh@thc.org | Our Post Before