IPv6的工具包描述
该SI6网络公司的IPv6工具箱是一套IPv6的安全评估和故障排除工具。它可以被利用来执行IPv6网络的安全性评估,通过执行真实世界的攻击他们评估IPv6设备的弹性和麻烦射击IPv6的网络问题。包括从包各具特色的工具,该工具包范围的工具,在那里(我们scan6工具)任意邻居发现报文发送到最全面的IPv6网络扫描工具。
包括工具:
- addr6:IPv6地址分析和操作工具
- flow6:进行IPv6的流标签的安全asseessment的工具
- frag6:一个工具来执行IPv6碎片的攻击,并执行了许多碎片相关方面安全评估
- ICMP6:这种工具可以根据差错报消息进行攻击
- jumbo6:一种工具来评估IPv6中的超长报文的处理潜在缺陷
- NA6:这种工具可以发送任意邻居通告消息
- NI6:一种工具,在这样的数据包的处理发送任意的ICMPv6节点信息的消息,并评估可能出现的瑕疵
- NS6:发送任意的邻居请求消息的工具
- RA6:发送任意的路由器通告信息的工具
- RD6:这种工具可以发送任意的ICMPv6重定向报文
- RS6:发送任意的路由器请求消息的工具
- scan6:IPv6地址扫描工具
- TCP6:发送任意的TCP段和执行各种基于TCP的攻击的工具。
资料来源:http://www.si6networks.com/tools/ipv6toolkit/
IPv6的工具包首页 | 卡利IPv6的工具包回购
- 作者:费尔南多Gont
- 许可:GPLv3的
包括在IPv6的工具包工具
flow6 - 安全评估工具对IPv6的流标签字段
[email protected]:~# flow6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
flow6: Security assessment tool for the IPv6 Flow Label field
usage: flow6 -i INTERFACE -d DST_ADDR [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR]
[-s SRC_ADDR[/LEN]] [-A HOP_LIMIT] [-P PROTOCOL] [-p PORT]
[-W] [-v] [-h]
OPTIONS:
--interface, -i Network interface
--link-src-address, -S Link-layer Destination Address
--link-dst-address, -D Link-layer Source Address
--src-address, -s IPv6 Source Address
--dst-address, -d IPv6 Destination Address
--hop-limit, -A IPv6 Hop Limit
--protocol, -P IPv6 Payload protocol (valid: TCP, UDP)
--dst-port, -p Transport Protocol Destination Port
--flow-label-policy, -W Assess the Flow Label generation policy
--help, -h Print help for the flow6 tool
--verbose, -v Be verbose
Programmed by Fernando Gont on behalf of SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>
ICMP6 - 评估工具,攻击向量的基础上的ICMPv6错误信息
[email protected]:~# icmp6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
icmp6: Assessment tool for attack vectors based on ICMPv6 error messages
usage: icmp6 -i INTERFACE [-s SRC_ADDR[/LEN]] [-d DST_ADDR]
[-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-c HOP_LIMIT] [-y FRAG_SIZE]
[-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE]
[-t TYPE[:CODE] | -e CODE | -A CODE -V CODE -R CODE] [-r TARGET_ADDR]
[-x PEER_ADDR] [-c HOP_LIMIT] [-m MTU] [-O POINTER] [-p PAYLOAD_TYPE]
[-P PAYLOAD_SIZE] [-n] [-a SRC_PORTL[:SRC_PORTH]]
[-o DST_PORTL[:DST_PORTH]] [-X TCP_FLAGS] [-q TCP_SEQ] [-Q TCP_ACK]
[-V TCP_URP] [-w TCP_WIN] [-M] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]]
[-J LINK_ADDR] [-K LINK_ADDR] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]]
[-B LINK_ADDR] [-G LINK_ADDR] [-f] [-L | -l] [-z] [-v] [-h]
OPTIONS:
--interface, -i Network interface
--src-address, -s IPv6 Source Address
--dst-address, -d IPv6 Destination Address
--hop-limit, -c IPv6 Hop Limit
--frag-hdr. -y Fragment Header
--dst-opt-hdr, -u Destination Options Header (Fragmentable Part)
--dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part)
--hbh-opt-hdr, -H Hop by Hop Options Header
--link-src-address, -S Link-layer Destination Address
--link-dst-address, -D Link-layer Source Address
--icmp6, -t ICMPv6 Type:Code
--icmp6-dest-unreach, -e ICMPv6 Destination Unreachable
--icmp6-packet-too-big, -E ICMPv6 Packet Too Big
--icmp6-time-exceeded, -A ICMPv6 Time Exceeeded
--icmp6-param-problem, -R ICMPv6 Parameter Problem
--mtu, -m Next-Hop MTU (ICMPv6 Packet Too Big)
--pointer, -O Pointer (ICMPv6 Parameter Problem
--payload-type, -p Redirected Header Payload Type
--payload-size, -P Redirected Header Payload Size
--no-payload, -n Do not include a Redirected Header Option
--ipv6-hlim, -C ICMPv6 Payload's Hop Limit
--target-addr, -r ICMPv6 Payload's IPv6 Source Address
--peer-addr, -x ICMPv6 Payload's IPv6 Destination Address
--target-port, -o ICMPv6 Payload's Source Port
--peer-port, -a ICMPv6 Payload's Destination Port
--tcp-flags, -X ICMPv6 Payload's TCP Flags
--tcp-seq, -q ICMPv6 Payload's TCP SEQ Number
--tcp-ack, -Q ICMPv6 Payload's TCP ACK Number
--tcp-urg, -V ICMPv6 Payload's TCP URG Pointer
--tcp-win, -w ICMPv6 Payload's TCP Window
--resp-mcast, -M Respond to Multicast Packets
--block-src, -j Block IPv6 Source Address prefix
--block-dst, -k Block IPv6 Destination Address prefix
--block-link-src, -J Block Ethernet Source Address
--block-link-dst, -K Block Ethernet Destination Address
--accept-src, -b Accept IPv6 Source Addres prefix
--accept-dst, -g Accept IPv6 Destination Address prefix
--accept-link-src, -B Accept Ethernet Source Address
--accept-link-dst, -G Accept Ethernet Destination Address
--sanity-filters, -f Add sanity filters
--listen, -L Listen to incoming traffic
--loop, -l Send periodic ICMPv6 error messages
--sleep, -z Pause between sending ICMPv6 error messages
--help, -h Print help for the icmp6 tool
--verbose, -v Be verbose
Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>
NS6 - 安全评估工具基于NS报文的攻击向量
[email protected]:~# ns6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
ns6: Security assessment tool for attack vectors based on NS messages
usage: ns6 -i INTERFACE [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-E LINK_ADDR] [-e] [-t TARGET_ADDR[/LEN]] [-F N_SOURCES] [-T N_TARGETS] [-z SECONDS] [-l] [-v] [-h]
OPTIONS:
--interface, -i Network interface
--src-address, -s IPv6 Source Address
--dst-address, -d IPv6 Destination Address
--frag-hdr. -y Fragment Header
--dst-opt-hdr, -u Destination Options Header (Fragmentable Part)
--dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part)
--hbh-opt-hdr, -H Hop by Hop Options Header
--link-src-address, -S Link-layer Destination Address
--link-dst-address, -D Link-layer Source Address
--target-address, -t ND Target Address
--source-lla-opt, -E Source link-layer address option
--add-slla-opt, -e Add Source link-layer address option
--flood-sources, -F Number of Source Addresses to forge randomly
--flood-targets, -T Flood with NA's for multiple Target Addresses
--loop, -l Send Neighbor Solicitations periodically
--sleep, -z Pause between peiodic Neighbor Solicitations
--help, -h Print help for the ns6 tool
--verbose, -v Be verbose
Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>
NA6 - 安全评估工具的基础上NA报文攻击向量
[email protected]:~# na6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
na6: Security Assessment tool for attack vectors based on NA messages
usage: na6 -i INTERFACE [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-S LINK_SRC_ADDR] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-D LINK-DST-ADDR] [-t TARGET_ADDR[/LEN]] [-r] [-c] [-o] [-E LINK_ADDR] [-e] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] [-w PREFIX[/LEN]] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR] [-W PREFIX[/LEN]] [-F N_SOURCES] [-T N_TARGETS] [-L | -l] [-z] [-v] [-V] [-h]
OPTIONS:
--interface, -i Network interface
--src-address, -s IPv6 Source Address
--dst-address, -d IPv6 Destination Address
--frag-hdr. -y Fragment Header
--dst-opt-hdr, -u Destination Options Header (Fragmentable Part)
--dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part)
--hbh-opt-hdr, -H Hop by Hop Options Header
--link-src-address, -S Link-layer Destination Address
--link-dst-address, -D Link-layer Source Address
--target, -t ND IPv6 Target Address
--target-lla-opt, -E Source link-layer address option
--add-tlla-opt, -e Add Source link-layer address option
--router, -r Set the 'Router Flag'
--solicited, -c Set the 'Solicited' flag
--override, -o Set the 'Override' flag
--block-src, -j Block IPv6 Source Address prefix
--block-dst, -k Block IPv6 Destination Address prefix
--block-link-src, -J Block Ethernet Source Address
--block-link-dst, -K Block Ethernet Destination Address
--block-target, -w Block ND Target IPv6 prefix
--accept-src, -b Accept IPv6 Source Addres prefix
--accept-dst, -g Accept IPv6 Destination Addres prefix
--accept-link-src, -B Accept Ethernet Source Address
--accept-link-dst, -G Accept Ethernet Destination Address
--accept-target, -W Accept ND Target IPv6 prefix
--flood-targets, -T Flood with NA's for multiple Target Addresses
--flood-sources, -F Number of Source Addresses to forge randomly
--listen, -L Listen to Neighbor Solicitation messages
--loop, -l Send periodic Neighbor Advertisements
--sleep, -z Pause between sending NA messages
--help, -h Print help for the na6 tool
--verbose, -v Be verbose
Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>
scan6 - 高级IPv6地址扫描工具
[email protected]:~# scan6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
scan6: An advanced IPv6 Address Scanning tool
usage: scan6 -i INTERFACE (-L | -d) [-s SRC_ADDR[/LEN] | -f]
[-S LINK_SRC_ADDR | -F] [-p PROBE_TYPE] [-Z PAYLOAD_SIZE] [-o SRC_PORT]
[-a DST_PORT] [-X TCP_FLAGS] [-P ADDRESS_TYPE] [-q] [-e] [-t]
[-x RETRANS] [-o TIMEOUT] [-V VM_TYPE] [-b] [-B ENCODING] [-g]
[-k IEEE_OUI] [-K VENDOR] [-m PREFIXES_FILE] [-w IIDS_FILE] [-W IID]
[-Q IPV4_PREFIX[/LEN]] [-T] [-I INC_SIZE] [-r RATE(bps|pps)] [-l]
[-z SECONDS] [-c CONFIG_FILE] [-v] [-h]
OPTIONS:
--interface, -i Network interface
--src-address, -s IPv6 Source Address
--dst-address, -d IPv6 Destination Range or Prefix
--prefixes-file, -m Prefixes file
--link-src-address, -S Link-layer Destination Address
--probe-type, -p Probe type {echo, unrec, all}
--payload-size, -Z TCP/UDP Payload Size
--src-port, -o TCP/UDP Source Port
--dst-port, -a TCP/UDP Destination Port
--tcp-flags, -X TCP Flags
--print-type, -P Print address type {local, global, all}
--print-unique, -q Print only one IPv6 addresses per Ethernet address
--print-link-addr, -e Print link-layer addresses
--print-timestamp, -t Print timestamp for each alive node
--retrans, -x Number of retransmissions of each probe
--timeout, -O Timeout in seconds (default: 1 second)
--local-scan, -L Scan the local subnet
--rand-src-addr, -f Randomize the IPv6 Source Address
--rand-link-src-addr, -F Randomize the Ethernet Source Address
--tgt-virtual-machines, -V Target virtual machines
--tgt-low-byte, -b Target low-byte addresses
--tgt-ipv4-embedded, -B Target embedded-IPv4 addresses
--tgt-port-embedded, -g Target embedded-port addresses
--tgt-ieee-oui, -k Target IPv6 addresses embedding IEEE OUI
--tgt-vendor, -K Target IPv6 addresses for vendor's IEEE OUIs
--tgt-iids-file, -w Target Interface IDs (IIDs) in specified file
--tgt-iid, -W Target Interface IDs (IIDs)
--ipv4-host, -Q Host IPv4 Address/Prefix
--sort-ouis, -T Sort IEEE OUIs
--inc-size, -I Increments size
--rate-limit, -r Rate limit the address scan to specified rate
--loop, -l Send periodic probes to the specified targets
--sleep, -z Pause between periodic probes
--config-file, -c Use alternate configuration file
--help, -h Print help for the scan6 tool
--verbose, -v Be verbose
Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>
RA6 - 基于RA消息的安全评估工具,攻击向量
frag6 - 安全评估工具,基于IPv6分片攻击向量
[email protected]:~# frag6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
frag6: A security assessment tool for attack vectors based on IPv6 fragments
usage: frag6 -i INTERFACE -d DST_ADDR [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR]
[-s SRC_ADDR[/LEN]] [-A HOP_LIMIT] [-u DST_OPT_HDR_SIZE]
[-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-P FRAG_SIZE]
[-O FRAG_TYPE] [-o FRAG_OFFSET] [-I FRAG_ID] [-T] [-n]
[-p | -W | -X | -F N_FRAGS] [-l] [-z SECONDS] [-v] [-h]
OPTIONS:
--interface, -i Network interface
--link-src-address, -S Link-layer Destination Address
--link-dst-address, -D Link-layer Source Address
--src-address, -s IPv6 Source Address
--dst-address, -d IPv6 Destination Address
--hop-limit, -A IPv6 Hop Limit
--dst-opt-hdr, -u Destination Options Header (Fragmentable Part)
--dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part)
--hbh-opt-hdr, -H Hop by Hop Options Header
--frag-size, -P IPv6 fragment payload size
--frag-type, -O IPv6 Fragment Type {first, last, middle, atomic}
--frag-offset, -o IPv6 Fragment Offset
--frag-id, -I IPv6 Fragment Identification
--no-timestamp, -T Do not include a timestamp in the payload
--no-responses, -n Do not print responses to transmitted packets
--frag-reass-policy, -p Assess fragment reassembly policy
--frag-id-policy, -W Assess the Fragment ID generation policy
--pod-attack, -X Perform a 'Ping of Death' attack
--flood-frags, -F Flood target with IPv6 fragments
--loop, -l Send IPv6 fragments periodically
--sleep, -z Pause between sending IPv6 fragments
--verbose, -v Be verbose
--help, -h Print help for the frag6 tool
Programmed by Fernando Gont for SI6 Networks (http://www.si6networks.com)
Please send any bug reports to <[email protected]>
TCP6 - 安全评估工具,基于TCP / IPv6数据包的攻击向量
[email protected]:~# tcp6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
tcp6: Security assessment tool for attack vectors based on TCP/IPv6 packets
usage: tcp6 -i INTERFACE [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-A HOP_LIMIT] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-P PAYLOAD_SIZE] [-o SRC_PORT] [-a DST_PORT] [-X TCP_FLAGS] [-q TCP_SEQ] [-Q TCP_ACK] [-V TCP_URP] [-w TCP_WIN] [-N] [-f] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR] [-F N_SOURCES] [-T N_PORTS] [-L | -l] [-z SECONDS] [-v] [-h]
OPTIONS:
--interface, -i Network interface
--src-address, -s IPv6 Source Address
--dst-address, -d IPv6 Destination Address
--hop-limit, -A IPv6 Hop Limit
--frag-hdr. -y Fragment Header
--dst-opt-hdr, -u Destination Options Header (Fragmentable Part)
--dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part)
--hbh-opt-hdr, -H Hop by Hop Options Header
--link-src-address, -S Link-layer Destination Address
--link-dst-address, -D Link-layer Source Address
--payload-size, -P TCP Payload Size
--src-port, -o TCP Source Port
--dst-port, -a TCP Destination Port
--tcp-flags, -X TCP Flags
--tcp-seq, -q TCP Sequence Number
--tcp-ack, -Q TCP Acknowledgment Number
--tcp-urg, -V TCP Urgent Pointer
--tcp-win, -w TCP Window
--not-ack-data, -N Do not acknowledge the TCP payload
--not-ack-flags, -f Do not acknowledge the TCP flags
--block-src, -j Block IPv6 Source Address prefix
--block-dst, -k Block IPv6 Destination Address prefix
--block-link-src, -J Block Ethernet Source Address
--block-link-dst, -K Block Ethernet Destination Address
--accept-src, -b Accept IPv6 Source Addres prefix
--accept-dst, -g Accept IPv6 Destination Address prefix
--accept-link-src, -B Accept Ethernet Source Address
--accept-link-dst, -G Accept Ethernet Destination Address
--flood-sources, -F Flood from multiple IPv6 Source Addresses
--flood-ports, -T Flood from multiple TCP Source Ports
--listen, -L Listen to incoming packets
--loop, -l Send periodic TCP segments
--sleep, -z Pause between sending TCP segments
--help, -h Print help for the tcp6 tool
--verbose, -v Be verbose
Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>
RS6 - 基于RS消息的安全评估工具,攻击向量
[email protected]:~# rs6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
rs6: Security assessment tool for attack vectors based on RS messages
usage: rs6 -i INTERFACE [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-E LINK_ADDR] [-e] [-F N_SOURCES] [-z SECONDS] [-l] [-v] [-h]
OPTIONS:
--interface, -i Network interface
--src-address, -s IPv6 Source Address
--dst-address, -d IPv6 Destination Address
--frag-hdr. -y Fragment Header
--dst-opt-hdr, -u Destination Options Header (Fragmentable Part)
--dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part)
--hbh-opt-hdr, -H Hop by Hop Options Header
--link-src-address, -S Link-layer Destination Address
--link-dst-address, -D Link-layer Source Address
--src-link-opt, -E Source link-layer address option
--add-slla-opt, -e Add Source link-layer address option
--flood-sources, -F Number of Source Addresses to forge randomly
--loop, -l Send Router Solicitations periodically
--sleep, -z Pause between peiodic Router Solicitations
--help, -h Print help for the rs6 tool
--verbose, -v Be verbose
Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>
RD6 - 安全评估工具的基础上重定向报文攻击向量
[email protected]:~# rd6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
rd6: Security assessment tool for attack vectors based on Redirect messages
usage: rd6 -i INTERFACE [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-A HOP_LIMIT] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-r RD_DESTADDR/LEN] [-t RD_TARGETADDR/LEN] [-p PAYLOAD_TYPE] [-P PAYLOAD_SIZE] [-n] [-c HOP_LIMIT] [-x SRC_ADDR] [-a SRC_PORT] [-o DST_PORT] [-X TCP_FLAGS] [-q TCP_SEQ] [-Q TCP_ACK] [-V TCP_URP] [-w TCP_WIN] [-M] [-O] [-N] [-E LINK_ADDR] [-e] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR] [-f] [-R N_DESTS] [-T N_TARGETS] [-F N_SOURCES] [-L | -l] [-z] [-v] [-h]
OPTIONS:
--interface, -i Network interface
--src-address, -s IPv6 Source Address
--dst-address, -d IPv6 Destination Address
--hop-limit, -A IPv6 Hop Limit
--frag-hdr. -y Fragment Header
--dst-opt-hdr, -u Destination Options Header (Fragmentable Part)
--dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part)
--hbh-opt-hdr, -H Hop by Hop Options Header
--link-src-address, -S Link-layer Destination Address
--link-dst-address, -D Link-layer Source Address
--redir-dest, -r Redirect Destination Address
--redir-target, -t Redirect Target Address
--payload-type, -p Redirected Header Payload Type
--payload-size, -P Redirected Header Payload Size
--no-payload, -n Do not include a Redirected Header Option
--ipv6-hlim, -c Redirected Header Payload's Hop Limit
--peer-addr, -x Redirected Header Payload's IPv6 Source Address
--peer-port, -a Redirected Header Payload's Source Port
--redir-port, -o Redirected Header Payload's Destination Port
--tcp-flags, -X Redirected Header Payload's TCP Flags
--tcp-seq, -q Redirected Header Payload's TCP SEQ Number
--tcp-ack, -Q Redirected Header Payload's TCP ACK Number
--tcp-urg, -V Redirected Header Payload's TCP URG Pointer
--tcp-win, -w Redirected Header Payload's TCP Window
--resp-mcast, -M Respond to Multicast Packets
--make-onlink, O Make victim on-link
--learn-router, N Dynamically learn local router addresses
--target-lla-opt, -E Target link-layer address option
--add-tlla-opt, -e Add Target link-layer address option
--block-src, -j Block IPv6 Source Address prefix
--block-dst, -k Block IPv6 Destination Address prefix
--block-link-src, -J Block Ethernet Source Address
--block-link-dst, -K Block Ethernet Destination Address
--accept-src, -b Accept IPv6 Source Addres prefix
--accept-dst, -g Accept IPv6 Destination Address prefix
--accept-link-src, -B Accept Ethernet Source Address
--accept-link-dst, -G Accept Ethernet Destination Address
--sanity-filters, -f Add sanity filters
--flood-dests, -R Flood with multiple Redirect Destination Addresses
--flood-targets, -T Flood with multiple Redirect Target Addresses
--flood-sources, -F Flood with multiple IPv6 Source Addresses
--listen, -L Listen to incoming packets
--loop, -l Send periodic Redirect messages
--sleep, -z Pause between sending Redirect messages
--help, -h Print help for the rd6 tool
--verbose, -v Be verbose
Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>
NI6 - 基于ICMPv6的NI消息Securty评估工具的攻击向量
[email protected]:~# ni6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
ni6: Securty assessment tool for attack vectors based on ICMPv6 NI messages
usage:
ni6 -i INTERFACE [-S LINK_SRC_ADDR | -R] [-D LINK-DST-ADDR]
[-s SRC_ADDR[/LEN] | -r] [-d DST_ADDR] [-c HOP_LIMIT] [-y FRAG_SIZE]
[-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE]
[-P SIZE | -6 IPV6_ADDR | -4 IPV4_ADDR | -n NAME | -N LEN | -x LEN -o TYPE]
[-Z SIZE] [-e] [-C ICMP6_CODE] [-q NI_QTYPE] [-X NI_FLAGS]
[-P SIZE | -w IPV6_ADDR | -W IPV4_ADDR | -a NAME | -A LEN | -Q LEN -O TYPE]
[-E] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR]
[-K LINK_ADDR] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR]
[-G LINK_ADDR] [-L | -l] [-z] [-v] [-h]
OPTIONS:
--interface, -i Network interface
--link-src-address, -S Link-layer Destination Address
--link-dst-address, -D Link-layer Source Address
--src-address, -s IPv6 Source Address
--dst-address, -d IPv6 Destination Address
--hop-limit, -c IPv6 Hop Limit
--frag-hdr. -y Fragment Header
--dst-opt-hdr, -u Destination Options Header (Fragmentable Part)
--dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part)
--hbh-opt-hdr, -H Hop by Hop Options Header
--payload-size, -P ICMPv6 NI payload size
--subject-ipv6. -6 Subject IPv6 Address
--subject-ipv4, -4 Subject IPv4 address
--subject-name, -n Subject Name
--subject-fname, -N Forge Subject Name of specific length
--subject-ename, -x For (malformed) Subject name of specified length
--subject-nloop, -o Subject is a Name with a DNS compression loop
--max-label-size, -Z Maximum DNS label size (defaults to 63)
--sname-slabel, -e Subject Name is a single-label name
--code, -C ICMPv6 code
--qtype, -q ICMPv6 NI Qtype
--flags, -X ICMPv6 NI flags
--data-ipv6, -w Data IPv6 Address
--data-ipv4, W Data IPv4 Address
--data-name, -a Data Name
--data-fname, -A Forge Data Name of specific length
--data-ename, -Q For (malformed) Data Name of specified length
--data-nloop, -O Data is a Name with a DNS compression loop
--dname-slabel, -E Subject Name is a single-label name
--block-src, -j Block IPv6 Source Address prefix
--block-dst, -k Block IPv6 Destination Address prefix
--block-link-src, -J Block Ethernet Source Address
--block-link-dst, -K Block Ethernet Destination Address
--accept-src, -b Accept IPv6 Source Addres prefix
--accept-dst, -g Accept IPv6 Destination Address prefix
--accept-link-src, -B Accept Ethernet Source Address
--accept-link-dst, -G Accept Ethernet Destination Address
--forge-src-addr, -r Forge IPv6 Source Address
--forge-link-src-addr, -R Forge link-layer Source Address
--loop, -l Send periodic ICMPv6 error messages
--sleep, -z Pause between sending ICMPv6 messages
--listen, -L Listen to incoming traffic
--help, -h Print help for the ni6 tool
--verbose, -v Be verbose
Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>
jumbo6 - 安全评估工具,基于IPv6的巨型数据包的攻击向量
[email protected]:~# jumbo6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
jumbo6: Security assessment tool for attack vectors based on IPv6 jumbo packets
usage: jumbo6 -i INTERFACE [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR]
[-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-A HOP_LIMIT] [-H HBH_OPT_HDR_SIZE]
[-U DST_OPT_U_HDR_SIZE] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE]
[-q IPV6_LENGTH] [-Q JUMBO_LENGTH] [-P PAYLOAD_SIZE] [-j PREFIX[/LEN]]
[-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] [-b PREFIX[/LEN]]
[-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR] [-L | -l] [-z SECONDS]
[-v] [-h]
OPTIONS:
--interface, -i Network interface
--link-src-address, -S Link-layer Destination Address
--link-dst-address, -D Link-layer Source Address
--src-address, -s IPv6 Source Address
--dst-address, -d IPv6 Destination Address
--hop-limit, -A IPv6 Hop Limit
--frag-hdr. -y Fragment Header
--dst-opt-hdr, -u Destination Options Header (Fragmentable Part)
--dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part)
--hbh-opt-hdr, -H Hop by Hop Options Header
--ipv6-length, -q IPv6 Payload Length
--jumbo-length, -Q Jumbo Payload Length
--payload-size, -P ICMPv6 payload size
--block-src, -j Block IPv6 Source Address prefix
--block-dst, -k Block IPv6 Destination Address prefix
--block-link-src, -J Block Ethernet Source Address
--block-link-dst, -K Block Ethernet Destination Address
--accept-src, -b Accept IPv6 Source Addres prefix
--accept-dst, -g Accept IPv6 Destination Address prefix
--accept-link-src, -B Accept Ethernet Source Address
--accept-link-dst, -G Accept Ethernet Destination Address
--loop, -l Send periodic Redirect messages
--sleep, -z Pause between sending Redirect messages
--listen, -L Listen to incoming packets
--verbose, -v Be verbose
--help, -h Print help for the jumbo6 tool
Programmed by Fernando Gont on behalf of CPNI (http://www.cpni.gov.uk)
Please send any bug reports to <[email protected]>
addr6 - IPv6地址的分析工具
[email protected]:~# addr6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
addr6: An IPv6 address analysis tool
usage: addr6 (-i | -a) [-d | -s | -q] [-v] [-h]
OPTIONS:
--address, -a IPv6 address to be decoded
--stdin, -i Read IPv6 addresses from stdin (standard input)
--print-decode, -d Decode IPv6 addresses
--print-stats, -s Print statistics about IPv6 addresses
--print-unique, -q Discard duplicate IPv6 addresses
--accept, -j Accept IPv6 addresses from specified IPv6 prefix
--accept-type, -b Accept IPv6 addresses of specified type
--accept-scope, -k Accept IPv6 addresses of specified scope
--accept-utype, -w Accept IPv6 unicast addresses of specified type
--accept-iid, -g Accept IPv6 addresses with IIDs of specified type
--block, -J Block IPv6 addresses from specified IPv6 prefix
--block-type, -B Block IPv6 addresses of specified type
--block-scope, -K Block IPv6 addresses of specified scope
--block-utype, -W Block IPv6 unicast addresses of specified type
--block-iid, -G Block IPv6 addresses with IIDs of specified type
--verbose, -v Be verbose
--help, -h Print help for the addr6 tool
Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>
IPv6的工具使用示例
[email protected]:~# coming soon