THC-IPv6, developed by The Hacker's Choice (THC), is a comprehensive suite of tools tailored for testing and assessing the security of IPv6 networks. It offers capabilities such as host detection, service enumeration, address spoofing, and protocol exploitation. As an open-source project, THC-IPv6 benefits from community contributions, providing security professionals with the means to identify and mitigate vulnerabilities in IPv6 implementations responsibly and ethically.
Uses and Features of THC-IPv6
Here are its primary uses and features:
1. IPv6 Network Testing: THC-IPv6 is primarily used for testing the security of IPv6 networks. It provides a wide range of tools for scanning, enumeration, and exploitation of vulnerabilities specific to IPv6 networks.
2. Scanning and Enumeration: The suite includes tools such as 'alive6' for detecting active IPv6 hosts on a network, 'dnsdict6' for performing DNS dictionary attacks over IPv6, and 'thcping6' for ICMPv6-based ping sweeps and tests.
3. Address Spoofing and Neighbor Discovery: THC-IPv6 offers tools like 'flood_router6' and 'flood_advertise6' for flooding IPv6 routers and advertisements, potentially disrupting network operations and causing denial-of-service (DoS) conditions.
4. Man-in-the-Middle (MitM) Attacks: Tools like 'fake_router6' and 'fake_mld26' facilitate IPv6 router and MLD (Multicast Listener Discovery) protocol spoofing, enabling attackers to intercept and manipulate network traffic.
5. Exploitation: THC-IPv6 includes tools for exploiting vulnerabilities in IPv6 implementations. For example, 'redir6' redirects traffic destined for one IPv6 address to another, potentially facilitating man-in-the-middle attacks.
6. Address Resolution Protocol (ARP) Spoofing: Tools like 'smurf6' and 'thc-ipv6-fake-dhcpc6' enable ARP spoofing and rogue DHCPv6 server attacks in IPv6 networks, allowing attackers to redirect traffic and perform reconnaissance.
7. Security Assessments: Security professionals and researchers use THC-IPv6 to conduct security assessments and penetration tests on IPv6-enabled networks, identifying weaknesses and recommending mitigation strategies.
8. Comprehensive Toolkit: THC-IPv6 offers a comprehensive suite of tools covering various aspects of IPv6 security, making it a valuable resource for security professionals, researchers, and ethical hackers.
9. Platform Compatibility: THC-IPv6 is compatible with various operating systems, including Linux, Unix, and macOS, providing flexibility for users across different environments.
10. Community Support: Being an open-source project, THC-IPv6 benefits from community contributions and updates, ensuring its relevance and effectiveness in detecting and exploiting IPv6 vulnerabilities.
Overall, THC-IPv6 serves as a powerful toolkit for assessing and testing the security posture of IPv6 networks. However, it should be used responsibly and ethically, with proper authorization obtained before conducting any tests or assessments on live networks.
Limitations:
This code currently only works on Linux 2.6.x or newer versions and requires
an Ethernet connection. However, for most Linux users, this should cover about
98% of their needs. If you want to contribute, feel free to send patches! Just
make sure to add "antispam" in the subject line to bypass my anti-spam
protection.
Building:
To build the tools, you'll need to have libpcap-dev installed.
Additionally, libssl-dev and libnetfilter-queue-dev are
recommended. You can install these on Kali, Debian, or
Ubuntu by running:
sudo apt-get install libpcap-dev libssl-dev libnetfilter-queue-dev
Then, you can build the tools by running:
make all
and install them with:
make install
The Tools:
The THC IPV6 ATTACK TOOLKIT includes various powerful attacking tools, such
as:
- parasite6: Spoofs ICMPv6 neighbor solicitation/advertisement to
perform man-in-the-middle attacks.
- alive6: Performs an effective scan to detect all systems listening to
a specific IPv6 address.
- dnsdict6: A parallelized DNS IPv6 dictionary bruteforcer.
- fake_router6: Announces the attacker as a router on the network with
the highest priority.
- redir6: Redirects traffic intelligently (man-in-the-middle)
using a clever ICMPv6 redirect spoofer.
- toobig6: Decreases the MTU with the same intelligence as redir6.
- detect-new-ip6: Detects new IPv6 devices joining the network.
- dos-new-ip6: Notifies new IPv6 devices that their chosen IP collides
on the network (Denial-of-Service).
- trace6: A very fast traceroute6 supporting ICMP6 echo request and
TCP-SYN.
- flood_router6: Floods a target with random router advertisements.
- flood_advertise6: Floods a target with random neighbor
advertisements.
- fuzz_ip6: A fuzzer for IPv6.
- exploit6: Tests known IPv6 vulnerabilities against a target.
- denial6: A collection of denial-of-service tests against a target.
- thcping6: Sends a handcrafted ping6 packet.
- sendpees6: Generates neighbor solicitation requests with a lot of
CGAs (crypto stuff) to keep the CPU busy, and many more tools for you to
explore!
Just run these tools without options, and they will provide you with help and
show the command-line options.
The Library:
The library thc-ipv6-lib.c is the core of all tools and any you might want to
write. It's simple to use, usually requiring just 2-4 lines to create a
complete IPv6/ICMPv6 packet with the content of your choice.
Usage Example:
thc_ipv6_hdr *my_ipv6_packet;
int my_ipv6_packet_len;
// Create an IPv6 packet
my_ipv6_packet = thc_create_ipv6_extended(interface, prefer, &my_ipv6_packet_len, src6, dst6, ttl, length, label, class, version);
// Add extension headers
thc_add_hdr_route(my_ipv6_packet, &my_ipv6_packet_len, routers, routerptr);
thc_add_hdr_fragment(my_ipv6_packet, &my_ipv6_packet_len, offset, more_frags, id);
// Add ICMPv6 header
thc_add_icmp6(my_ipv6_packet, &my_ipv6_packet_len, type, code, flags, buf, buflen, checksum);
// Generate and send the packet
thc_generate_and_send_pkt(interface, srcmac, dstmac, my_ipv6_packet, &my_ipv6_packet_len);
// Free the memory
thc_destroy_packet(my_ipv6_packet);
Detection:
Most tools can be easily detected by an IDS or specialized detection software.
This is intentional to make it easier to detect unauthorized usage. The tools
either specify a fixed packet signature or generically sniff for packets,
making them easy to detect. If you want to avoid detection, you can modify the
code accordingly.
