IPv6的工具包描述
该SI6网络公司的IPv6工具箱是一套IPv6的安全评估和故障排除工具。它可以被利用来执行IPv6网络的安全性评估,通过执行真实世界的攻击他们评估IPv6设备的弹性和麻烦射击IPv6的网络问题。包括从包各具特色的工具,该工具包范围的工具,在那里(我们scan6工具)任意邻居发现报文发送到最全面的IPv6网络扫描工具。 包括工具:
- addr6:IPv6地址分析和操作工具
- flow6:进行IPv6的流标签的安全asseessment的工具
- frag6:一个工具来执行IPv6碎片的攻击,并执行了许多碎片相关方面安全评估
- ICMP6:这种工具可以根据差错报消息进行攻击
- jumbo6:一种工具来评估IPv6中的超长报文的处理潜在缺陷
- NA6:这种工具可以发送任意邻居通告消息
- NI6:一种工具,在这样的数据包的处理发送任意的ICMPv6节点信息的消息,并评估可能出现的瑕疵
- NS6:发送任意的邻居请求消息的工具
- RA6:发送任意的路由器通告信息的工具
- RD6:这种工具可以发送任意的ICMPv6重定向报文
- RS6:发送任意的路由器请求消息的工具
- scan6:IPv6地址扫描工具
- TCP6:发送任意的TCP段和执行各种基于TCP的攻击的工具。 资料来源:http://www.si6networks.com/tools/ipv6toolkit/
- 作者:费尔南多Gont
许可:GPLv3的
0x01 包括在IPv6的工具包工具
flow6 - 安全评估工具对IPv6的流标签字段
:~# flow6 -h SI6 Networks' IPv6 Toolkit v1.4.1 flow6: Security assessment tool for the IPv6 Flow Label field usage: flow6 -i INTERFACE -d DST_ADDR [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-s SRC_ADDR[/LEN]] [-A HOP_LIMIT] [-P PROTOCOL] [-p PORT] [-W] [-v] [-h] OPTIONS: --interface, -i Network interface --link-src-address, -S Link-layer Destination Address --link-dst-address, -D Link-layer Source Address --src-address, -s IPv6 Source Address --dst-address, -d IPv6 Destination Address --hop-limit, -A IPv6 Hop Limit --protocol, -P IPv6 Payload protocol (valid: TCP, UDP) --dst-port, -p Transport Protocol Destination Port --flow-label-policy, -W Assess the Flow Label generation policy --help, -h Print help for the flow6 tool --verbose, -v Be verbose Programmed by Fernando Gont on behalf of SI6 Networks <http://www.si6networks.com> Please send any bug reports to < >0x02 ICMP6 - 评估工具,攻击向量的基础上的ICMPv6错误信息
:~# icmp6 -h SI6 Networks' IPv6 Toolkit v1.4.1 icmp6: Assessment tool for attack vectors based on ICMPv6 error messages usage: icmp6 -i INTERFACE [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-c HOP_LIMIT] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-t TYPE[:CODE] | -e CODE | -A CODE -V CODE -R CODE] [-r TARGET_ADDR] [-x PEER_ADDR] [-c HOP_LIMIT] [-m MTU] [-O POINTER] [-p PAYLOAD_TYPE] [-P PAYLOAD_SIZE] [-n] [-a SRC_PORTL[:SRC_PORTH]] [-o DST_PORTL[:DST_PORTH]] [-X TCP_FLAGS] [-q TCP_SEQ] [-Q TCP_ACK] [-V TCP_URP] [-w TCP_WIN] [-M] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR] [-f] [-L | -l] [-z] [-v] [-h] OPTIONS: --interface, -i Network interface --src-address, -s IPv6 Source Address --dst-address, -d IPv6 Destination Address --hop-limit, -c IPv6 Hop Limit --frag-hdr. -y Fragment Header --dst-opt-hdr, -u Destination Options Header (Fragmentable Part) --dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part) --hbh-opt-hdr, -H Hop by Hop Options Header --link-src-address, -S Link-layer Destination Address --link-dst-address, -D Link-layer Source Address --icmp6, -t ICMPv6 Type:Code --icmp6-dest-unreach, -e ICMPv6 Destination Unreachable --icmp6-packet-too-big, -E ICMPv6 Packet Too Big --icmp6-time-exceeded, -A ICMPv6 Time Exceeeded --icmp6-param-problem, -R ICMPv6 Parameter Problem --mtu, -m Next-Hop MTU (ICMPv6 Packet Too Big) --pointer, -O Pointer (ICMPv6 Parameter Problem --payload-type, -p Redirected Header Payload Type --payload-size, -P Redirected Header Payload Size --no-payload, -n Do not include a Redirected Header Option --ipv6-hlim, -C ICMPv6 Payload's Hop Limit --target-addr, -r ICMPv6 Payload's IPv6 Source Address --peer-addr, -x ICMPv6 Payload's IPv6 Destination Address --target-port, -o ICMPv6 Payload's Source Port --peer-port, -a ICMPv6 Payload's Destination Port --tcp-flags, -X ICMPv6 Payload's TCP Flags --tcp-seq, -q ICMPv6 Payload's TCP SEQ Number --tcp-ack, -Q ICMPv6 Payload's TCP ACK Number --tcp-urg, -V ICMPv6 Payload's TCP URG Pointer --tcp-win, -w ICMPv6 Payload's TCP Window --resp-mcast, -M Respond to Multicast Packets --block-src, -j Block IPv6 Source Address prefix --block-dst, -k Block IPv6 Destination Address prefix --block-link-src, -J Block Ethernet Source Address --block-link-dst, -K Block Ethernet Destination Address --accept-src, -b Accept IPv6 Source Addres prefix --accept-dst, -g Accept IPv6 Destination Address prefix --accept-link-src, -B Accept Ethernet Source Address --accept-link-dst, -G Accept Ethernet Destination Address --sanity-filters, -f Add sanity filters --listen, -L Listen to incoming traffic --loop, -l Send periodic ICMPv6 error messages --sleep, -z Pause between sending ICMPv6 error messages --help, -h Print help for the icmp6 tool --verbose, -v Be verbose Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com> Please send any bug reports to < >0x03 NS6 - 安全评估工具基于NS报文的攻击向量
:~# ns6 -h SI6 Networks' IPv6 Toolkit v1.4.1 ns6: Security assessment tool for attack vectors based on NS messages usage: ns6 -i INTERFACE [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-E LINK_ADDR] [-e] [-t TARGET_ADDR[/LEN]] [-F N_SOURCES] [-T N_TARGETS] [-z SECONDS] [-l] [-v] [-h] OPTIONS: --interface, -i Network interface --src-address, -s IPv6 Source Address --dst-address, -d IPv6 Destination Address --frag-hdr. -y Fragment Header --dst-opt-hdr, -u Destination Options Header (Fragmentable Part) --dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part) --hbh-opt-hdr, -H Hop by Hop Options Header --link-src-address, -S Link-layer Destination Address --link-dst-address, -D Link-layer Source Address --target-address, -t ND Target Address --source-lla-opt, -E Source link-layer address option --add-slla-opt, -e Add Source link-layer address option --flood-sources, -F Number of Source Addresses to forge randomly --flood-targets, -T Flood with NA's for multiple Target Addresses --loop, -l Send Neighbor Solicitations periodically --sleep, -z Pause between peiodic Neighbor Solicitations --help, -h Print help for the ns6 tool --verbose, -v Be verbose Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com> Please send any bug reports to < >0x04 NA6 - 安全评估工具的基础上NA报文攻击向量
:~# na6 -h SI6 Networks' IPv6 Toolkit v1.4.1 na6: Security Assessment tool for attack vectors based on NA messages usage: na6 -i INTERFACE [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-S LINK_SRC_ADDR] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-D LINK-DST-ADDR] [-t TARGET_ADDR[/LEN]] [-r] [-c] [-o] [-E LINK_ADDR] [-e] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] [-w PREFIX[/LEN]] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR] [-W PREFIX[/LEN]] [-F N_SOURCES] [-T N_TARGETS] [-L | -l] [-z] [-v] [-V] [-h] OPTIONS: --interface, -i Network interface --src-address, -s IPv6 Source Address --dst-address, -d IPv6 Destination Address --frag-hdr. -y Fragment Header --dst-opt-hdr, -u Destination Options Header (Fragmentable Part) --dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part) --hbh-opt-hdr, -H Hop by Hop Options Header --link-src-address, -S Link-layer Destination Address --link-dst-address, -D Link-layer Source Address --target, -t ND IPv6 Target Address --target-lla-opt, -E Source link-layer address option --add-tlla-opt, -e Add Source link-layer address option --router, -r Set the 'Router Flag' --solicited, -c Set the 'Solicited' flag --override, -o Set the 'Override' flag --block-src, -j Block IPv6 Source Address prefix --block-dst, -k Block IPv6 Destination Address prefix --block-link-src, -J Block Ethernet Source Address --block-link-dst, -K Block Ethernet Destination Address --block-target, -w Block ND Target IPv6 prefix --accept-src, -b Accept IPv6 Source Addres prefix --accept-dst, -g Accept IPv6 Destination Addres prefix --accept-link-src, -B Accept Ethernet Source Address --accept-link-dst, -G Accept Ethernet Destination Address --accept-target, -W Accept ND Target IPv6 prefix --flood-targets, -T Flood with NA's for multiple Target Addresses --flood-sources, -F Number of Source Addresses to forge randomly --listen, -L Listen to Neighbor Solicitation messages --loop, -l Send periodic Neighbor Advertisements --sleep, -z Pause between sending NA messages --help, -h Print help for the na6 tool --verbose, -v Be verbose Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com> Please send any bug reports to < >0x05 scan6 - 高级IPv6地址扫描工具
:~# scan6 -h SI6 Networks' IPv6 Toolkit v1.4.1 scan6: An advanced IPv6 Address Scanning tool usage: scan6 -i INTERFACE (-L | -d) [-s SRC_ADDR[/LEN] | -f] [-S LINK_SRC_ADDR | -F] [-p PROBE_TYPE] [-Z PAYLOAD_SIZE] [-o SRC_PORT] [-a DST_PORT] [-X TCP_FLAGS] [-P ADDRESS_TYPE] [-q] [-e] [-t] [-x RETRANS] [-o TIMEOUT] [-V VM_TYPE] [-b] [-B ENCODING] [-g] [-k IEEE_OUI] [-K VENDOR] [-m PREFIXES_FILE] [-w IIDS_FILE] [-W IID] [-Q IPV4_PREFIX[/LEN]] [-T] [-I INC_SIZE] [-r RATE(bps|pps)] [-l] [-z SECONDS] [-c CONFIG_FILE] [-v] [-h] OPTIONS: --interface, -i Network interface --src-address, -s IPv6 Source Address --dst-address, -d IPv6 Destination Range or Prefix --prefixes-file, -m Prefixes file --link-src-address, -S Link-layer Destination Address --probe-type, -p Probe type {echo, unrec, all} --payload-size, -Z TCP/UDP Payload Size --src-port, -o TCP/UDP Source Port --dst-port, -a TCP/UDP Destination Port --tcp-flags, -X TCP Flags --print-type, -P Print address type {local, global, all} --print-unique, -q Print only one IPv6 addresses per Ethernet address --print-link-addr, -e Print link-layer addresses --print-timestamp, -t Print timestamp for each alive node --retrans, -x Number of retransmissions of each probe --timeout, -O Timeout in seconds (default: 1 second) --local-scan, -L Scan the local subnet --rand-src-addr, -f Randomize the IPv6 Source Address --rand-link-src-addr, -F Randomize the Ethernet Source Address --tgt-virtual-machines, -V Target virtual machines --tgt-low-byte, -b Target low-byte addresses --tgt-ipv4-embedded, -B Target embedded-IPv4 addresses --tgt-port-embedded, -g Target embedded-port addresses --tgt-ieee-oui, -k Target IPv6 addresses embedding IEEE OUI --tgt-vendor, -K Target IPv6 addresses for vendor's IEEE OUIs --tgt-iids-file, -w Target Interface IDs (IIDs) in specified file --tgt-iid, -W Target Interface IDs (IIDs) --ipv4-host, -Q Host IPv4 Address/Prefix --sort-ouis, -T Sort IEEE OUIs --inc-size, -I Increments size --rate-limit, -r Rate limit the address scan to specified rate --loop, -l Send periodic probes to the specified targets --sleep, -z Pause between periodic probes --config-file, -c Use alternate configuration file --help, -h Print help for the scan6 tool --verbose, -v Be verbose Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com> Please send any bug reports to < >0x06 RA6 - 基于RA消息的安全评估工具,攻击向量
五
0x07 frag6 - 安全评估工具,基于IPv6分片攻击向量
:~# frag6 -h SI6 Networks' IPv6 Toolkit v1.4.1 frag6: A security assessment tool for attack vectors based on IPv6 fragments usage: frag6 -i INTERFACE -d DST_ADDR [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-s SRC_ADDR[/LEN]] [-A HOP_LIMIT] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-P FRAG_SIZE] [-O FRAG_TYPE] [-o FRAG_OFFSET] [-I FRAG_ID] [-T] [-n] [-p | -W | -X | -F N_FRAGS] [-l] [-z SECONDS] [-v] [-h] OPTIONS: --interface, -i Network interface --link-src-address, -S Link-layer Destination Address --link-dst-address, -D Link-layer Source Address --src-address, -s IPv6 Source Address --dst-address, -d IPv6 Destination Address --hop-limit, -A IPv6 Hop Limit --dst-opt-hdr, -u Destination Options Header (Fragmentable Part) --dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part) --hbh-opt-hdr, -H Hop by Hop Options Header --frag-size, -P IPv6 fragment payload size --frag-type, -O IPv6 Fragment Type {first, last, middle, atomic} --frag-offset, -o IPv6 Fragment Offset --frag-id, -I IPv6 Fragment Identification --no-timestamp, -T Do not include a timestamp in the payload --no-responses, -n Do not print responses to transmitted packets --frag-reass-policy, -p Assess fragment reassembly policy --frag-id-policy, -W Assess the Fragment ID generation policy --pod-attack, -X Perform a 'Ping of Death' attack --flood-frags, -F Flood target with IPv6 fragments --loop, -l Send IPv6 fragments periodically --sleep, -z Pause between sending IPv6 fragments --verbose, -v Be verbose --help, -h Print help for the frag6 tool Programmed by Fernando Gont for SI6 Networks (http://www.si6networks.com) Please send any bug reports to < >0x08 TCP6 - 安全评估工具,基于TCP / IPv6数据包的攻击向量
:~# tcp6 -h SI6 Networks' IPv6 Toolkit v1.4.1 tcp6: Security assessment tool for attack vectors based on TCP/IPv6 packets usage: tcp6 -i INTERFACE [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-A HOP_LIMIT] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-P PAYLOAD_SIZE] [-o SRC_PORT] [-a DST_PORT] [-X TCP_FLAGS] [-q TCP_SEQ] [-Q TCP_ACK] [-V TCP_URP] [-w TCP_WIN] [-N] [-f] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR] [-F N_SOURCES] [-T N_PORTS] [-L | -l] [-z SECONDS] [-v] [-h] OPTIONS: --interface, -i Network interface --src-address, -s IPv6 Source Address --dst-address, -d IPv6 Destination Address --hop-limit, -A IPv6 Hop Limit --frag-hdr. -y Fragment Header --dst-opt-hdr, -u Destination Options Header (Fragmentable Part) --dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part) --hbh-opt-hdr, -H Hop by Hop Options Header --link-src-address, -S Link-layer Destination Address --link-dst-address, -D Link-layer Source Address --payload-size, -P TCP Payload Size --src-port, -o TCP Source Port --dst-port, -a TCP Destination Port --tcp-flags, -X TCP Flags --tcp-seq, -q TCP Sequence Number --tcp-ack, -Q TCP Acknowledgment Number --tcp-urg, -V TCP Urgent Pointer --tcp-win, -w TCP Window --not-ack-data, -N Do not acknowledge the TCP payload --not-ack-flags, -f Do not acknowledge the TCP flags --block-src, -j Block IPv6 Source Address prefix --block-dst, -k Block IPv6 Destination Address prefix --block-link-src, -J Block Ethernet Source Address --block-link-dst, -K Block Ethernet Destination Address --accept-src, -b Accept IPv6 Source Addres prefix --accept-dst, -g Accept IPv6 Destination Address prefix --accept-link-src, -B Accept Ethernet Source Address --accept-link-dst, -G Accept Ethernet Destination Address --flood-sources, -F Flood from multiple IPv6 Source Addresses --flood-ports, -T Flood from multiple TCP Source Ports --listen, -L Listen to incoming packets --loop, -l Send periodic TCP segments --sleep, -z Pause between sending TCP segments --help, -h Print help for the tcp6 tool --verbose, -v Be verbose Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com> Please send any bug reports to < >0x09 RS6 - 基于RS消息的安全评估工具,攻击向量
:~# rs6 -h SI6 Networks' IPv6 Toolkit v1.4.1 rs6: Security assessment tool for attack vectors based on RS messages usage: rs6 -i INTERFACE [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-E LINK_ADDR] [-e] [-F N_SOURCES] [-z SECONDS] [-l] [-v] [-h] OPTIONS: --interface, -i Network interface --src-address, -s IPv6 Source Address --dst-address, -d IPv6 Destination Address --frag-hdr. -y Fragment Header --dst-opt-hdr, -u Destination Options Header (Fragmentable Part) --dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part) --hbh-opt-hdr, -H Hop by Hop Options Header --link-src-address, -S Link-layer Destination Address --link-dst-address, -D Link-layer Source Address --src-link-opt, -E Source link-layer address option --add-slla-opt, -e Add Source link-layer address option --flood-sources, -F Number of Source Addresses to forge randomly --loop, -l Send Router Solicitations periodically --sleep, -z Pause between peiodic Router Solicitations --help, -h Print help for the rs6 tool --verbose, -v Be verbose Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com> Please send any bug reports to < >0x10 RD6 - 安全评估工具的基础上重定向报文攻击向量
:~# rd6 -h SI6 Networks' IPv6 Toolkit v1.4.1 rd6: Security assessment tool for attack vectors based on Redirect messages usage: rd6 -i INTERFACE [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-A HOP_LIMIT] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-r RD_DESTADDR/LEN] [-t RD_TARGETADDR/LEN] [-p PAYLOAD_TYPE] [-P PAYLOAD_SIZE] [-n] [-c HOP_LIMIT] [-x SRC_ADDR] [-a SRC_PORT] [-o DST_PORT] [-X TCP_FLAGS] [-q TCP_SEQ] [-Q TCP_ACK] [-V TCP_URP] [-w TCP_WIN] [-M] [-O] [-N] [-E LINK_ADDR] [-e] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR] [-f] [-R N_DESTS] [-T N_TARGETS] [-F N_SOURCES] [-L | -l] [-z] [-v] [-h] OPTIONS: --interface, -i Network interface --src-address, -s IPv6 Source Address --dst-address, -d IPv6 Destination Address --hop-limit, -A IPv6 Hop Limit --frag-hdr. -y Fragment Header --dst-opt-hdr, -u Destination Options Header (Fragmentable Part) --dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part) --hbh-opt-hdr, -H Hop by Hop Options Header --link-src-address, -S Link-layer Destination Address --link-dst-address, -D Link-layer Source Address --redir-dest, -r Redirect Destination Address --redir-target, -t Redirect Target Address --payload-type, -p Redirected Header Payload Type --payload-size, -P Redirected Header Payload Size --no-payload, -n Do not include a Redirected Header Option --ipv6-hlim, -c Redirected Header Payload's Hop Limit --peer-addr, -x Redirected Header Payload's IPv6 Source Address --peer-port, -a Redirected Header Payload's Source Port --redir-port, -o Redirected Header Payload's Destination Port --tcp-flags, -X Redirected Header Payload's TCP Flags --tcp-seq, -q Redirected Header Payload's TCP SEQ Number --tcp-ack, -Q Redirected Header Payload's TCP ACK Number --tcp-urg, -V Redirected Header Payload's TCP URG Pointer --tcp-win, -w Redirected Header Payload's TCP Window --resp-mcast, -M Respond to Multicast Packets --make-onlink, O Make victim on-link --learn-router, N Dynamically learn local router addresses --target-lla-opt, -E Target link-layer address option --add-tlla-opt, -e Add Target link-layer address option --block-src, -j Block IPv6 Source Address prefix --block-dst, -k Block IPv6 Destination Address prefix --block-link-src, -J Block Ethernet Source Address --block-link-dst, -K Block Ethernet Destination Address --accept-src, -b Accept IPv6 Source Addres prefix --accept-dst, -g Accept IPv6 Destination Address prefix --accept-link-src, -B Accept Ethernet Source Address --accept-link-dst, -G Accept Ethernet Destination Address --sanity-filters, -f Add sanity filters --flood-dests, -R Flood with multiple Redirect Destination Addresses --flood-targets, -T Flood with multiple Redirect Target Addresses --flood-sources, -F Flood with multiple IPv6 Source Addresses --listen, -L Listen to incoming packets --loop, -l Send periodic Redirect messages --sleep, -z Pause between sending Redirect messages --help, -h Print help for the rd6 tool --verbose, -v Be verbose Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com> Please send any bug reports to < >0x11 NI6 - 基于ICMPv6的NI消息Securty评估工具的攻击向量
:~# ni6 -h SI6 Networks' IPv6 Toolkit v1.4.1 ni6: Securty assessment tool for attack vectors based on ICMPv6 NI messages usage: ni6 -i INTERFACE [-S LINK_SRC_ADDR | -R] [-D LINK-DST-ADDR] [-s SRC_ADDR[/LEN] | -r] [-d DST_ADDR] [-c HOP_LIMIT] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-P SIZE | -6 IPV6_ADDR | -4 IPV4_ADDR | -n NAME | -N LEN | -x LEN -o TYPE] [-Z SIZE] [-e] [-C ICMP6_CODE] [-q NI_QTYPE] [-X NI_FLAGS] [-P SIZE | -w IPV6_ADDR | -W IPV4_ADDR | -a NAME | -A LEN | -Q LEN -O TYPE] [-E] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR] [-L | -l] [-z] [-v] [-h] OPTIONS: --interface, -i Network interface --link-src-address, -S Link-layer Destination Address --link-dst-address, -D Link-layer Source Address --src-address, -s IPv6 Source Address --dst-address, -d IPv6 Destination Address --hop-limit, -c IPv6 Hop Limit --frag-hdr. -y Fragment Header --dst-opt-hdr, -u Destination Options Header (Fragmentable Part) --dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part) --hbh-opt-hdr, -H Hop by Hop Options Header --payload-size, -P ICMPv6 NI payload size --subject-ipv6. -6 Subject IPv6 Address --subject-ipv4, -4 Subject IPv4 address --subject-name, -n Subject Name --subject-fname, -N Forge Subject Name of specific length --subject-ename, -x For (malformed) Subject name of specified length --subject-nloop, -o Subject is a Name with a DNS compression loop --max-label-size, -Z Maximum DNS label size (defaults to 63) --sname-slabel, -e Subject Name is a single-label name --code, -C ICMPv6 code --qtype, -q ICMPv6 NI Qtype --flags, -X ICMPv6 NI flags --data-ipv6, -w Data IPv6 Address --data-ipv4, W Data IPv4 Address --data-name, -a Data Name --data-fname, -A Forge Data Name of specific length --data-ename, -Q For (malformed) Data Name of specified length --data-nloop, -O Data is a Name with a DNS compression loop --dname-slabel, -E Subject Name is a single-label name --block-src, -j Block IPv6 Source Address prefix --block-dst, -k Block IPv6 Destination Address prefix --block-link-src, -J Block Ethernet Source Address --block-link-dst, -K Block Ethernet Destination Address --accept-src, -b Accept IPv6 Source Addres prefix --accept-dst, -g Accept IPv6 Destination Address prefix --accept-link-src, -B Accept Ethernet Source Address --accept-link-dst, -G Accept Ethernet Destination Address --forge-src-addr, -r Forge IPv6 Source Address --forge-link-src-addr, -R Forge link-layer Source Address --loop, -l Send periodic ICMPv6 error messages --sleep, -z Pause between sending ICMPv6 messages --listen, -L Listen to incoming traffic --help, -h Print help for the ni6 tool --verbose, -v Be verbose Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com> Please send any bug reports to < >0x12 jumbo6 - 安全评估工具,基于IPv6的巨型数据包的攻击向量
:~# jumbo6 -h SI6 Networks' IPv6 Toolkit v1.4.1 jumbo6: Security assessment tool for attack vectors based on IPv6 jumbo packets usage: jumbo6 -i INTERFACE [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-A HOP_LIMIT] [-H HBH_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-q IPV6_LENGTH] [-Q JUMBO_LENGTH] [-P PAYLOAD_SIZE] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR] [-L | -l] [-z SECONDS] [-v] [-h] OPTIONS: --interface, -i Network interface --link-src-address, -S Link-layer Destination Address --link-dst-address, -D Link-layer Source Address --src-address, -s IPv6 Source Address --dst-address, -d IPv6 Destination Address --hop-limit, -A IPv6 Hop Limit --frag-hdr. -y Fragment Header --dst-opt-hdr, -u Destination Options Header (Fragmentable Part) --dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part) --hbh-opt-hdr, -H Hop by Hop Options Header --ipv6-length, -q IPv6 Payload Length --jumbo-length, -Q Jumbo Payload Length --payload-size, -P ICMPv6 payload size --block-src, -j Block IPv6 Source Address prefix --block-dst, -k Block IPv6 Destination Address prefix --block-link-src, -J Block Ethernet Source Address --block-link-dst, -K Block Ethernet Destination Address --accept-src, -b Accept IPv6 Source Addres prefix --accept-dst, -g Accept IPv6 Destination Address prefix --accept-link-src, -B Accept Ethernet Source Address --accept-link-dst, -G Accept Ethernet Destination Address --loop, -l Send periodic Redirect messages --sleep, -z Pause between sending Redirect messages --listen, -L Listen to incoming packets --verbose, -v �� Be verbose --help, -h Print help for the jumbo6 tool Programmed by Fernando Gont on behalf of CPNI (http://www.cpni.gov.uk) Please send any bug reports to < >0x13 addr6 - IPv6地址的分析工具
:~# addr6 -h SI6 Networks' IPv6 Toolkit v1.4.1 addr6: An IPv6 address analysis tool usage: addr6 (-i | -a) [-d | -s | -q] [-v] [-h] OPTIONS: --address, -a IPv6 address to be decoded --stdin, -i Read IPv6 addresses from stdin (standard input) --print-decode, -d Decode IPv6 addresses --print-stats, -s Print statistics about IPv6 addresses --print-unique, -q Discard duplicate IPv6 addresses --accept, -j Accept IPv6 addresses from specified IPv6 prefix --accept-type, -b Accept IPv6 addresses of specified type --accept-scope, -k Accept IPv6 addresses of specified scope --accept-utype, -w Accept IPv6 unicast addresses of specified type --accept-iid, -g Accept IPv6 addresses with IIDs of specified type --block, -J Block IPv6 addresses from specified IPv6 prefix --block-type, -B Block IPv6 addresses of specified type --block-scope, -K Block IPv6 addresses of specified scope --block-utype, -W Block IPv6 unicast addresses of specified type --block-iid, -G Block IPv6 addresses with IIDs of specified type --verbose, -v Be verbose --help, -h Print help for the addr6 tool Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com> Please send any bug reports to < >0x14 IPv6的工具使用示例
:~# coming soon原文来自:https://www.hackfun.org/kali-tools/ipv6-toolkit_zh.html。转载请注明原出处,商用请联系原作者授权。