* fake_router26: new -f option to specify the sending mac address (thanks to Scott Winegarden for the patch) [1/7/2016]
* added alive2map.sh script to create a network map (graphviz->jpg) from a list of alive hosts
* thcsyn6: added -f and -d options
– added -m option to force DHCPv6 managed and other configuration
– reduced lifetime for -s option to 1s
* dnssecwalk: added TCP mode (-t)
* dnsrevenum6: added TCP mode (-t)
* fake_advertise6: a second packet always was sent with no flags. fixed. thanks to Christopher Werny@ERNW for reporting
* flood_rs6 and thcping6: small fixes
* re-enabled raw mode, works now with modern kernels it seems
* small reliability patches by Benjamin Kellermann, thanks!
* added man page auto generator by Benjamin Kellermann, thanks!
* small change to the Makefile to allow installation even if not everything could be compiled (libraries missing)
This code was inspired when I got into touch with IPv6, learned more and more about it – and then found no tools to play (read: “hack”) around with. First I tried to implement things with libnet, but then found out that the IPv6 implementation is only partial – and sucks. I tried to add the missing code, but well, it was not so easy, hence I saved my time and quickly wrote my own library.
This code currently only runs on:
– Linux 2.7.x or newer (because of /proc usage)
But this means for all linux guys that it will work for 98% of your use cases.
Patches are welcome! (add “antispam” in the subject line to get through my
anti-spam protection, otherwise the email will bounce)
The THC IPV6 ATTACK TOOLKIT comes already with lots of effective attacking tools:
– parasite6: ICMPv6 neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite)
– alive6: an effective alive scanng, which will detect all systems listening to this address
– dnsdict6: parallized DNS IPv6 dictionary bruteforcer
– fake_router6: announce yourself as a router on the network, with the highest priority
– redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever ICMPv6 redirect spoofer
– toobig6: mtu decreaser with the same intelligence as redir6
– detect-new-ip6: detect new IPv6 devices which join the network, you can run a script to automatically scan these systems etc.
– dos-new-ip6: detect new IPv6 devices and tell them that their chosen IP collides on the network (DOS).
– trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
– flood_router6: flood a target with random router advertisements
– flood_advertise6: flood a target with random neighbor advertisements
– fuzz_ip6: fuzzer for IPv6
– implementation6: performs various implementation checks on IPv6
– implementation6d: listen daemon for implementation6 to check behind a FW
– fake_mld6: announce yourself in a multicast group of your choice on the net
– fake_mld26: same but for MLDv2
– fake_mldrouter6: fake MLD router messages
– fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
– fake_advertiser6: announce yourself on the network
– smurf6: local smurfer
– rsmurf6: remote smurfer, known to work only against linux at the moment
– exploit6: known IPv6 vulnerabilities to test against a target
– denial6: a collection of denial-of-service tests againsts a target
– thcping6: sends a hand crafted ping6 packet
– sendpees6: a tool by email@example.com, which generates a neighbor
solicitation requests with a lot of CGAs (crypto stuff 😉 to keep the
CPU busy. nice.
and about 25 more tools for you to discover 🙂
Just run the tools without options and they will give you help and show the
command line options.
Most tools can easily be detected by an IDS or specialized detection software. This is done on purpose to make rogue usage detection easier. The tools either specify a fixed packet signature, or generically sniff for packets (e.g. therefore also answering to ICMPv6 neighbor solitications which
are sent to a non-existing mac, and are therefore very easy to detect).
THC-IPV6 requires libpcap development files being installed, also the
libopenssl development files are a good idea.
For Debian/Ubunut/Kali/Backtrack, you can install them by:
$ sudo apt-get install libpcap-dev libssl-dev
To compile simply type
All tools are installed to /usr/local/bin if you type
$ sudo make install
You need to be root to run most tools