< THC-IPV6 - attacking the IPV6 protocol suite
 THC-IPV6

 Last update 2012-01-15
 Current public version: v1.8 - CCC Camp release


 A complete tool set to attack the inherent protocol weaknesses of IPV6
 and ICMP6, and includes an easy to use packet factory library.

 Next Trainings (both can be booked already):
    CanSecWest, Vancouver, 5-6th March 2012, "Pentesting & and Securing IPv6 Networks"
    Syscan, Singapore, 24-25th April 2012, "Pentesting & and Securing IPv6 Networks"
 

 [0x00] News and Changelog
 
        Please note that public versions do not include all tools available!
        Only those who send in comprehensive patches and new tools for thc-ipv6 get the private
        versions which are released more often, include unreleased tools and more!

	If you want to participate, here is a list of tools that would be interesting:
	  * Adding raw mode (sending into a sit 6to4 tunnel) to the library (the current implemetation doesnt work)
	  * Enhancing the library so it works on FreeBSD and OSX too
	  * Create a tool which tests an ipv6 address if it is an endpoint for various tunnel protocols
	  * Adding more exploit tests to exploit6 (I can supply a long list of exploit files)
	  * Adding more denial of service tests to denial6
	  * Add a dhcp6 client fuzzer
	  * Add a dhcp6 server fuzzer
	If you want to work on a topic on the list, email me, so not multiple people are working on the same tool.
	Contact: vh(at)thc(dot)org and put "antispam" in the subject line.


	CHANGELOG:
	##########

        ! I am in a good mood, only alive26, the advanced alive scanner is not in the package,
        ! so enoy lot of new powerful tools, plus most existing ones have been enhanced.
        ! Now there are 40 tools! Have fun on the CCC Camp!
        + Upcoming: even better fake_router6, and final death stroke to RA guard / NDP security
	
	* added new tool sendpeesmp6 by Marcin Pohl
	* added new tool randicmp6 by ecore
	* added new tool ndpexhaust6 by Mario Fleischmann
	* added two alternate alive6/parasite6 tools by Fabricio Nogueira Buzeto
	  and Carlos Botelho De Paula Filho, it can be found in the contrib/ directory
	* added new tool flood_solicitate6
	* added new tool kill_router6
	* added new tool fake_dnsupdate6
	* added new tool node_query6
	* added new tool dump_router6
	* added helper scripts extract_{network,host}s.sh
	* new in public version: fake_dhcps6
	* new in public version: flood_dhcpc6
	* new in public version: fake_dns6d
	* new in public version: fake_dnsupdate6
	* new in public version: fragmentation6 (fragmentation test tool)
	* fake_advertise6: added one more ND Security bypass (-D)
	* fake_router6:
	    - added unicast reply to router solicitation requests
	    - added one more ND Security bypass (-D)
	* parasite6:
	    - added -R option to also inject the reverse route
	    - added one more ND Security bypass (-D)
	* flood_router6: one more RA guard bypass (-D)
	* dnsdict6:
	    - expanded dictionary by results from the ipv6 world day scanning
	    - added IPv4 support for selfish reasons. I'm sorry! ;-)
	* thcping6:
	    - -D renamed to -F
	    - new -D/-H option to specify options in hopbyhop and destination headers
	    - fragment header moved before other headers (except hop-by-hop)
	* speed improvements for flood_* tools
	* thc-ipv6-lib:
	    - fixed class assignment in ipv6 packet creation
	    - forgot some fclose()es thanks to mario fleischmann for reporting
	    - first OS/X porting diff sent in by oskar (at) acm (dot) org, thanks!
	

 [0x01] Introduction
 	Welcome to the mini website of the THC IPV6 project.

	This code was inspired when I got into touch with IPv6, learned more and
	more about it - and then found no tools to play (read: "hack") around with.
	First I tried to implement things with libnet, but then found out that
	the ipv6 implementation is only partial - and sucks. I tried to add the
	missing code, but well, it was not so easy, hence I saved my time and
	quickly wrote my own library.


 [0x02] Disclaimer

	1. This tool is for legal purposes only!
	2. The GPLv3 applies to this code.


 [0x03] The Included Tools
	- parasite6: icmp neighbor solitication/advertisement spoofer, puts you
	   as man-in-the-middle, same as ARP mitm (and parasite)
	- alive6: an effective alive scanng, which will detect all systems
	   listening to this address
	- dnsdict6: parallized dns ipv6 dictionary bruteforcer
	- fake_router6: announce yourself as a router on the network, with the
	   highest priority
	- redir6: redirect traffic to you intelligently (man-in-the-middle) with
	   a clever icmp6 redirect spoofer
	- toobig6: mtu decreaser with the same intelligence as redir6
	- detect-new-ip6: detect new ip6 devices which join the network, you can
	   run a script to automatically scan these systems etc.
	- dos-new-ip6: detect new ip6 devices and tell them that their chosen IP
	   collides on the network (DOS).
	- trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
	- flood_router6: flood a target with random router advertisements
	- flood_advertise6: flood a target with random neighbor advertisements
	- exploit6: known ipv6 vulnerabilities to test against a target
	- denial6: a collection of denial-of-service tests againsts a target
	- fuzz_ip6: fuzzer for ipv6
	- implementation6: performs various implementation checks on ipv6
	- implementation6d: listen daemon for implementation6 to check behind a fw
	- fake_mld6: announce yourself in a multicast group of your choice on the net
	- fake_mld26: same but for MLDv2
	- fake_mldrouter6: fake MLD router messages
	- fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
	- fake_advertiser6: announce yourself on the network
	- smurf6: local smurfer
	- rsmurf6: remote smurfer, known to work only against linux at the moment
	- sendpees6: a tool by willdamn(ad)gmail.com, which generates a neighbor
          solicitation requests with a lot of CGAs (crypto stuff ;-) to keep the CPU busy. nice.
        - thcping6: sends a hand crafted ping6 packet
        [and about 15 more tools for you to discover]


 [0x04] Documentation 
 
	THC-IPV6 comes with a rather long README file that describes the
	details about the usage and library interface.


 [0x05] Development & Contributions

	Your contributions are more than welcomed!
	
	If you find bugs, coded enhancements or wrote a new attack tool
	please send them to vh (at) thc (dot) org - and add the word "antispam"
	to the subject line.


 [0x06] The Art of Downloading: Source and Binaries
 

	The source code of THC-IPV6: thc-ipv6-1.8.tar.gz
	(Note: Linux + x86 + Ethernet !)


 Comments and suggestions are welcome.

 Yours sincerly,

 van Hauser
 The Hackers Choice
 http://www.thc.org