From BruCON 2015
Jump to: navigation, search

In this talk, an open-source security assessment and penetration testing framework specifically designed for IPv6 networks will be presented. This framework, instead of supporting some of the most well-known attacks against IPv6, as other known toolkits do, it offers its users the capability to construct almost any type of completely arbitrary IPv6 packets, and hence, to launch any kind of IPv6-related attacks, either known ones or any other attacks that its users can imagine. Its main focus is actually on IPv6 Extension headers, an IPv6 feature discussed quite enough in the security literature, but up to now there wasn't any tool to exploit them easily and to a full extend.

This mutli-threaded IPv6 attacking framework is written in Python and it is based on Scapy, but without requiring any knowledge about it. It is comprised of the following modules: a) an IPv6 Scanner, b) an IPv6 Local Link Tool, and c) an IPv4-to-IPv6 Proxy. All the above modules are supported by a common library that allows the creation of completely arbitrary IPv6 header chains, fragmented or not.

By using the aforementioned capabilities, this new tool can be used for various penetration testing and security assessment activities, from trivial ones like network scanning and Neighbour Discovery related attacks to some more advanced ones, such as evading security devices like IDPS or firewalls, fuzzing IPv6-capable devices regarding the handling of IPv6 Extension Headers, etc.

Any potential IPv6 weaknesses that may be found by using this framework can be exploited not only by the other modules of the framework, but, by using the IPv6-to-IPv4 proxy, by any other penetration testing tools, even if these do not support IPv6 natively.

While being simple to use, this framework retains all the necessary features and flexibility needed by ethical hackers and researchers to accomplish their goals and construct any kind of IPv6 packets they wish. It is also modular and expandable, making it a suitable candidate for being the Swiss army knife of the ethical hackers' IPv6 toolkit arsenal.

During the development of this new IPv6 attacking framework, its author used it to discover several ways of evading security devices, like IDPS, by abusing IPv6 Extension headers and some of their features. You can use just your imagination and this tool to find a lot more. Enjoy!