ipv6-toolkit Package Description

The SI6 Networks’ IPv6 toolkit is a set of IPv6 security assessment and trouble-shooting tools. It can be leveraged to perform security assessments of IPv6 networks, assess the resiliency of IPv6 devices by performing real-world attacks against them, and to trouble-shoot IPv6 networking problems. The tools comprising the toolkit range from packet-crafting tools to send arbitrary Neighbor Discovery packets to the most comprehensive IPv6 network scanning tool out there (our scan6 tool).

Included tools:

  • addr6: An IPv6 address analysis and manipulation tool
  • flow6: A tool to perform a security asseessment of the IPv6 Flow Label
  • frag6: A tool to perform IPv6 fragmentation-based attacks and to perform a security assessment of a number of fragmentation-related aspects
  • icmp6: A tool to perform attacks based on ICMPv6 error messages
  • jumbo6: A tool to assess potential flaws in the handling of IPv6 Jumbograms
  • na6: A tool to send arbitrary Neighbor Advertisement messages
  • ni6: A tool to send arbitrary ICMPv6 Node Information messages, and assess possible flaws in the processing of such packets
  • ns6: A tool to send arbitrary Neighbor Solicitation message
  • ra6: A tool to send arbitrary Router Advertisement messages
  • rd6: A tool to send arbitrary ICMPv6 Redirect messages
  • rs6: A tool to send arbitrary Router Solicitation messages
  • scan6: An IPv6 address scanning tool
  • tcp6: A tool to send arbitrary TCP segments and perform a variety of TCP- based attacks.

Source: http://www.si6networks.com/tools/ipv6toolkit/
ipv6-toolkit Homepage | Kali ipv6-toolkit Repo

  • Author: Fernando Gont
  • License: GPLv3

Tools included in the ipv6-toolkit package

flow6 – Security assessment tool for the IPv6 Flow Label field
[email protected]:~# flow6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
flow6: Security assessment tool for the IPv6 Flow Label field

usage: flow6 -i INTERFACE -d DST_ADDR [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR]
       [-s SRC_ADDR[/LEN]] [-A HOP_LIMIT] [-P PROTOCOL] [-p PORT]
       [-W] [-v] [-h]

OPTIONS:
  --interface, -i           Network interface
  --link-src-address, -S    Link-layer Destination Address
  --link-dst-address, -D    Link-layer Source Address
  --src-address, -s         IPv6 Source Address
  --dst-address, -d         IPv6 Destination Address
  --hop-limit, -A           IPv6 Hop Limit
  --protocol, -P            IPv6 Payload protocol (valid: TCP, UDP)
  --dst-port, -p            Transport Protocol Destination Port
  --flow-label-policy, -W   Assess the Flow Label generation policy
  --help, -h                Print help for the flow6 tool
  --verbose, -v             Be verbose

Programmed by Fernando Gont on behalf of SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>

icmp6 – Assessment tool for attack vectors based on ICMPv6 error messages

[email protected]:~# icmp6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
icmp6: Assessment tool for attack vectors based on ICMPv6 error messages

usage: icmp6 -i INTERFACE [-s SRC_ADDR[/LEN]] [-d DST_ADDR]
       [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-c HOP_LIMIT] [-y FRAG_SIZE]
       [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE]
       [-t TYPE[:CODE] | -e CODE | -A CODE -V CODE -R CODE] [-r TARGET_ADDR]
       [-x PEER_ADDR] [-c HOP_LIMIT] [-m MTU] [-O POINTER] [-p PAYLOAD_TYPE]
       [-P PAYLOAD_SIZE] [-n] [-a SRC_PORTL[:SRC_PORTH]]
       [-o DST_PORTL[:DST_PORTH]] [-X TCP_FLAGS] [-q TCP_SEQ] [-Q TCP_ACK]
       [-V TCP_URP] [-w TCP_WIN] [-M] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]]
       [-J LINK_ADDR] [-K LINK_ADDR] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]]
       [-B LINK_ADDR] [-G LINK_ADDR] [-f] [-L | -l] [-z] [-v] [-h]

OPTIONS:
  --interface, -i             Network interface
  --src-address, -s           IPv6 Source Address
  --dst-address, -d           IPv6 Destination Address
  --hop-limit, -c             IPv6 Hop Limit
  --frag-hdr. -y              Fragment Header
  --dst-opt-hdr, -u           Destination Options Header (Fragmentable Part)
  --dst-opt-u-hdr, -U         Destination Options Header (Unfragmentable Part)
  --hbh-opt-hdr, -H           Hop by Hop Options Header
  --link-src-address, -S      Link-layer Destination Address
  --link-dst-address, -D      Link-layer Source Address
  --icmp6, -t                 ICMPv6 Type:Code
  --icmp6-dest-unreach, -e    ICMPv6 Destination Unreachable
  --icmp6-packet-too-big, -E  ICMPv6 Packet Too Big
  --icmp6-time-exceeded, -A   ICMPv6 Time Exceeeded
  --icmp6-param-problem, -R   ICMPv6 Parameter Problem
  --mtu, -m                   Next-Hop MTU (ICMPv6 Packet Too Big)
  --pointer, -O               Pointer (ICMPv6 Parameter Problem
  --payload-type, -p          Redirected Header Payload Type
  --payload-size, -P          Redirected Header Payload Size
  --no-payload, -n            Do not include a Redirected Header Option
  --ipv6-hlim, -C             ICMPv6 Payload's Hop Limit
  --target-addr, -r           ICMPv6 Payload's IPv6 Source Address
  --peer-addr, -x             ICMPv6 Payload's IPv6 Destination Address
  --target-port, -o           ICMPv6 Payload's Source Port
  --peer-port, -a             ICMPv6 Payload's Destination Port
  --tcp-flags, -X             ICMPv6 Payload's TCP Flags
  --tcp-seq, -q               ICMPv6 Payload's TCP SEQ Number
  --tcp-ack, -Q               ICMPv6 Payload's TCP ACK Number
  --tcp-urg, -V               ICMPv6 Payload's TCP URG Pointer
  --tcp-win, -w               ICMPv6 Payload's TCP Window
  --resp-mcast, -M            Respond to Multicast Packets
  --block-src, -j             Block IPv6 Source Address prefix
  --block-dst, -k             Block IPv6 Destination Address prefix
  --block-link-src, -J        Block Ethernet Source Address
  --block-link-dst, -K        Block Ethernet Destination Address
  --accept-src, -b            Accept IPv6 Source Addres prefix
  --accept-dst, -g            Accept IPv6 Destination Address prefix
  --accept-link-src, -B       Accept Ethernet Source Address
  --accept-link-dst, -G       Accept Ethernet Destination Address
  --sanity-filters, -f        Add sanity filters
  --listen, -L                Listen to incoming traffic
  --loop, -l                  Send periodic ICMPv6 error messages
  --sleep, -z                 Pause between sending ICMPv6 error messages
  --help, -h                  Print help for the icmp6 tool
  --verbose, -v               Be verbose

 Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
 Please send any bug reports to <[email protected]>

ns6 – Security assessment tool for attack vectors based on NS messages

[email protected]:~# ns6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
ns6: Security assessment tool for attack vectors based on NS messages

usage: ns6 -i INTERFACE [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-E LINK_ADDR] [-e] [-t TARGET_ADDR[/LEN]] [-F N_SOURCES] [-T N_TARGETS] [-z SECONDS] [-l] [-v] [-h]

OPTIONS:
  --interface, -i            Network interface
  --src-address, -s          IPv6 Source Address
  --dst-address, -d          IPv6 Destination Address
  --frag-hdr. -y             Fragment Header
  --dst-opt-hdr, -u          Destination Options Header (Fragmentable Part)
  --dst-opt-u-hdr, -U        Destination Options Header (Unfragmentable Part)
  --hbh-opt-hdr, -H          Hop by Hop Options Header
  --link-src-address, -S     Link-layer Destination Address
  --link-dst-address, -D     Link-layer Source Address
  --target-address, -t       ND Target Address
  --source-lla-opt, -E       Source link-layer address option
  --add-slla-opt, -e         Add Source link-layer address option
  --flood-sources, -F        Number of Source Addresses to forge randomly
  --flood-targets, -T        Flood with NA's for multiple Target Addresses
  --loop, -l                 Send Neighbor Solicitations periodically
  --sleep, -z                Pause between peiodic Neighbor Solicitations
  --help, -h                 Print help for the ns6 tool
  --verbose, -v              Be verbose

Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>

na6 – Security Assessment tool for attack vectors based on NA messages

[email protected]:~# na6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
na6: Security Assessment tool for attack vectors based on NA messages

usage: na6 -i INTERFACE [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-S LINK_SRC_ADDR] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-D LINK-DST-ADDR] [-t TARGET_ADDR[/LEN]] [-r] [-c] [-o] [-E LINK_ADDR] [-e] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] [-w PREFIX[/LEN]] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR] [-W PREFIX[/LEN]] [-F N_SOURCES] [-T N_TARGETS] [-L | -l] [-z] [-v] [-V] [-h]

OPTIONS:
  --interface, -i            Network interface
  --src-address, -s          IPv6 Source Address
  --dst-address, -d          IPv6 Destination Address
  --frag-hdr. -y             Fragment Header
  --dst-opt-hdr, -u          Destination Options Header (Fragmentable Part)
  --dst-opt-u-hdr, -U        Destination Options Header (Unfragmentable Part)
  --hbh-opt-hdr, -H          Hop by Hop Options Header
  --link-src-address, -S     Link-layer Destination Address
  --link-dst-address, -D     Link-layer Source Address
  --target, -t               ND IPv6 Target Address
  --target-lla-opt, -E       Source link-layer address option
  --add-tlla-opt, -e         Add Source link-layer address option
  --router, -r               Set the 'Router Flag'
  --solicited, -c            Set the 'Solicited' flag
  --override, -o             Set the 'Override' flag
  --block-src, -j            Block IPv6 Source Address prefix
  --block-dst, -k            Block IPv6 Destination Address prefix
  --block-link-src, -J       Block Ethernet Source Address
  --block-link-dst, -K       Block Ethernet Destination Address
  --block-target, -w         Block ND Target IPv6 prefix
  --accept-src, -b           Accept IPv6 Source Addres prefix
  --accept-dst, -g           Accept IPv6 Destination Addres prefix
  --accept-link-src, -B      Accept Ethernet Source Address
  --accept-link-dst, -G      Accept Ethernet Destination Address
  --accept-target, -W        Accept ND Target IPv6 prefix
  --flood-targets, -T        Flood with NA's for multiple Target Addresses
  --flood-sources, -F        Number of Source Addresses to forge randomly
  --listen, -L               Listen to Neighbor Solicitation messages
  --loop, -l                 Send periodic Neighbor Advertisements
  --sleep, -z                Pause between sending NA messages
  --help, -h                 Print help for the na6 tool
  --verbose, -v              Be verbose

Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>

scan6 – An advanced IPv6 Address Scanning tool

[email protected]:~# scan6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
scan6: An advanced IPv6 Address Scanning tool

usage: scan6 -i INTERFACE (-L | -d) [-s SRC_ADDR[/LEN] | -f]
       [-S LINK_SRC_ADDR | -F] [-p PROBE_TYPE] [-Z PAYLOAD_SIZE] [-o SRC_PORT]
       [-a DST_PORT] [-X TCP_FLAGS] [-P ADDRESS_TYPE] [-q] [-e] [-t]
       [-x RETRANS] [-o TIMEOUT] [-V VM_TYPE] [-b] [-B ENCODING] [-g]
       [-k IEEE_OUI] [-K VENDOR] [-m PREFIXES_FILE] [-w IIDS_FILE] [-W IID]
       [-Q IPV4_PREFIX[/LEN]] [-T] [-I INC_SIZE] [-r RATE(bps|pps)] [-l]
       [-z SECONDS] [-c CONFIG_FILE] [-v] [-h]

OPTIONS:
  --interface, -i             Network interface
  --src-address, -s           IPv6 Source Address
  --dst-address, -d           IPv6 Destination Range or Prefix
  --prefixes-file, -m         Prefixes file
  --link-src-address, -S      Link-layer Destination Address
  --probe-type, -p            Probe type {echo, unrec, all}
  --payload-size, -Z          TCP/UDP Payload Size
  --src-port, -o              TCP/UDP Source Port
  --dst-port, -a              TCP/UDP Destination Port
  --tcp-flags, -X             TCP Flags
  --print-type, -P            Print address type {local, global, all}
  --print-unique, -q          Print only one IPv6 addresses per Ethernet address
  --print-link-addr, -e       Print link-layer addresses
  --print-timestamp, -t       Print timestamp for each alive node
  --retrans, -x               Number of retransmissions of each probe
  --timeout, -O               Timeout in seconds (default: 1 second)
  --local-scan, -L            Scan the local subnet
  --rand-src-addr, -f         Randomize the IPv6 Source Address
  --rand-link-src-addr, -F    Randomize the Ethernet Source Address
  --tgt-virtual-machines, -V  Target virtual machines
  --tgt-low-byte, -b          Target low-byte addresses
  --tgt-ipv4-embedded, -B     Target embedded-IPv4 addresses
  --tgt-port-embedded, -g     Target embedded-port addresses
  --tgt-ieee-oui, -k          Target IPv6 addresses embedding IEEE OUI
  --tgt-vendor, -K            Target IPv6 addresses for vendor's IEEE OUIs
  --tgt-iids-file, -w         Target Interface IDs (IIDs) in specified file
  --tgt-iid, -W               Target Interface IDs (IIDs)
  --ipv4-host, -Q             Host IPv4 Address/Prefix
  --sort-ouis, -T             Sort IEEE OUIs
  --inc-size, -I              Increments size
  --rate-limit, -r            Rate limit the address scan to specified rate
  --loop, -l                  Send periodic probes to the specified targets
  --sleep, -z                 Pause between periodic probes
  --config-file, -c           Use alternate configuration file
  --help, -h                  Print help for the scan6 tool
  --verbose, -v               Be verbose

 Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
 Please send any bug reports to <[email protected]>

ra6 – Security assessment tool for attack vectors based on RA messages

[email protected]:~# ra6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
ra6: Security assessment tool for attack vectors based on RA messages

usage: ra6 -i INTERFACE [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-S LINK_SRC_ADDR] [-D LINK_DST_ADDR] [-c CUR_HOP] [-t ROUTER_LIFETIME] [-r REACHABLE_TIME] [-x RETRANS_TIMER] [-m] [-o] [-a] [-q] [-p PREFERENCE] [-E LINK_ADDR] [-e] [-P PREFIX/LEN[#FLAGS[#VALID[#PREFERRED]]]] [-M MTU] [-N [LIFETIME[#DNS_ADDR]]] [-R PREFIX/LEN[#PREF[#LIFETIME]]] [-f N_PREFIXES] [-F N_SOURCES] [-w N_ROUTES] [-W N_ADDRS[#ADDRSPEROPT]] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR]  [-L] [-v] [-h]

OPTIONS:
  --interface, -i            Network interface
  --src-address, -s          IPv6 Source Address
  --dst-address, -d          IPv6 Destination Address (or IPv6 prefix when flooding)
  --frag-hdr. -y             Fragment Header
  --dst-opt-hdr, -u          Destination Options Header (Fragmentable Part)
  --dst-opt-u-hdr, -U        Destination Options Header (Unfragmentable Part)
  --hbh-opt-hdr, -H          Hop by Hop Options Header
  --managed, -m              Set de Managed bit
  --other, -o                Set the Other bit
  --home-agent, -a           Set the Home Agent bit
  --nd-proxy, -q             Set the ND Proxy bit
  --lifetime, -t             Router Lifetime
  --reachable, -r            Reachable time
  --preference, -p           Preference
  --retrans, -x              Retrans Timer
  --curhop, -c               CurHop (advised Hop Limit)
  --prefix-opt, -P           Prefix option (Prefix/Len#flags#valid#preferred)
  --mtu-opt, -M              MTU option
  --src-link-opt, -E         Source link-layer address option
  --add-slla-opt, -e         Add Source link-layer address option
  --link-src-address, -S     Link-layer Source Address
  --link-dst-address, -D     Link-layer Destination Address
  --route-opt, -R            Route Information option (Prefix/Len#pref#lifetime)
  --rdnss-opt, -N            Recursive DNS Server option (lifetime#IPv6addr)
  --flood-sources, -F        Number of Source Addresses to forge randomly
  --flood-prefixes, -f       Number of Prefix options to forge randomly
  --flood-routes, -w         Number of Route Info options to forge randomly
  --flood-dns, -W            Number of RDNSS options to forge randomly
  --loop, -l                 Send periodic Router Advertisements
  --sleep, -z                Pause between sending RA messages
  --listen, -L               Listen to Router Solicitation messagres
  --block-src, -j            Block IPv6 Source Address prefix
  --block-dst, -k            Block IPv6 Destination Address prefix
  --block-link-src, -J       Block Ethernet Source Address
  --block-link-dst, -K       Block Ethernet Destination Address
  --accept-src, -b           Accept IPv6 Source Addres prefix
  --accept-dst, -g           Accept IPv6 Destination Addres prefix
  --accept-link-src, -B      Accept Ethernet Source Address
  --accept-link-dst, -G      Accept Ethernet Destination Address
  --verbose, -v              Be verbose
  --help, -h                 Print help for the ra6 tool

Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>

frag6 – A security assessment tool for attack vectors based on IPv6 fragments

[email protected]:~# frag6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
frag6: A security assessment tool for attack vectors based on IPv6 fragments

usage: frag6 -i INTERFACE -d DST_ADDR [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR]
       [-s SRC_ADDR[/LEN]] [-A HOP_LIMIT] [-u DST_OPT_HDR_SIZE]
       [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-P FRAG_SIZE]
       [-O FRAG_TYPE] [-o FRAG_OFFSET] [-I FRAG_ID] [-T] [-n]
       [-p | -W | -X | -F N_FRAGS] [-l] [-z SECONDS] [-v] [-h]

OPTIONS:
  --interface, -i           Network interface
  --link-src-address, -S    Link-layer Destination Address
  --link-dst-address, -D    Link-layer Source Address
  --src-address, -s         IPv6 Source Address
  --dst-address, -d         IPv6 Destination Address
  --hop-limit, -A           IPv6 Hop Limit
  --dst-opt-hdr, -u         Destination Options Header (Fragmentable Part)
  --dst-opt-u-hdr, -U       Destination Options Header (Unfragmentable Part)
  --hbh-opt-hdr, -H         Hop by Hop Options Header
  --frag-size, -P           IPv6 fragment payload size
  --frag-type, -O           IPv6 Fragment Type {first, last, middle, atomic}
  --frag-offset, -o         IPv6 Fragment Offset
  --frag-id, -I             IPv6 Fragment Identification
  --no-timestamp, -T        Do not include a timestamp in the payload
  --no-responses, -n        Do not print responses to transmitted packets
  --frag-reass-policy, -p   Assess fragment reassembly policy
  --frag-id-policy, -W      Assess the Fragment ID generation policy
  --pod-attack, -X          Perform a 'Ping of Death' attack
  --flood-frags, -F         Flood target with IPv6 fragments
  --loop, -l                Send IPv6 fragments periodically
  --sleep, -z               Pause between sending IPv6 fragments
  --verbose, -v             Be verbose
  --help, -h                Print help for the frag6 tool

Programmed by Fernando Gont for SI6 Networks (http://www.si6networks.com)
Please send any bug reports to <[email protected]>

tcp6 – Security assessment tool for attack vectors based on TCP/IPv6 packets

[email protected]:~# tcp6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
tcp6: Security assessment tool for attack vectors based on TCP/IPv6 packets

usage: tcp6 -i INTERFACE [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-A HOP_LIMIT] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-P PAYLOAD_SIZE] [-o SRC_PORT] [-a DST_PORT] [-X TCP_FLAGS] [-q TCP_SEQ] [-Q TCP_ACK] [-V TCP_URP] [-w TCP_WIN] [-N] [-f] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR] [-F N_SOURCES] [-T N_PORTS] [-L | -l] [-z SECONDS] [-v] [-h]

OPTIONS:
  --interface, -i           Network interface
  --src-address, -s         IPv6 Source Address
  --dst-address, -d         IPv6 Destination Address
  --hop-limit, -A           IPv6 Hop Limit
  --frag-hdr. -y            Fragment Header
  --dst-opt-hdr, -u         Destination Options Header (Fragmentable Part)
  --dst-opt-u-hdr, -U       Destination Options Header (Unfragmentable Part)
  --hbh-opt-hdr, -H         Hop by Hop Options Header
  --link-src-address, -S    Link-layer Destination Address
  --link-dst-address, -D    Link-layer Source Address
  --payload-size, -P        TCP Payload Size
  --src-port, -o            TCP Source Port
  --dst-port, -a            TCP Destination Port
  --tcp-flags, -X           TCP Flags
  --tcp-seq, -q             TCP Sequence Number
  --tcp-ack, -Q             TCP Acknowledgment Number
  --tcp-urg, -V             TCP Urgent Pointer
  --tcp-win, -w             TCP Window
  --not-ack-data, -N        Do not acknowledge the TCP payload
  --not-ack-flags, -f       Do not acknowledge the TCP flags
  --block-src, -j           Block IPv6 Source Address prefix
  --block-dst, -k           Block IPv6 Destination Address prefix
  --block-link-src, -J      Block Ethernet Source Address
  --block-link-dst, -K      Block Ethernet Destination Address
  --accept-src, -b          Accept IPv6 Source Addres prefix
  --accept-dst, -g          Accept IPv6 Destination Address prefix
  --accept-link-src, -B     Accept Ethernet Source Address
  --accept-link-dst, -G     Accept Ethernet Destination Address
  --flood-sources, -F       Flood from multiple IPv6 Source Addresses
  --flood-ports, -T         Flood from multiple TCP Source Ports
  --listen, -L              Listen to incoming packets
  --loop, -l                Send periodic TCP segments
  --sleep, -z               Pause between sending TCP segments
  --help, -h                Print help for the tcp6 tool
  --verbose, -v             Be verbose

Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>

rs6 – Security assessment tool for attack vectors based on RS messages

[email protected]:~# rs6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
rs6: Security assessment tool for attack vectors based on RS messages

usage: rs6 -i INTERFACE [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-E LINK_ADDR] [-e] [-F N_SOURCES] [-z SECONDS] [-l] [-v] [-h]

OPTIONS:
  --interface, -i            Network interface
  --src-address, -s          IPv6 Source Address
  --dst-address, -d          IPv6 Destination Address
  --frag-hdr. -y             Fragment Header
  --dst-opt-hdr, -u          Destination Options Header (Fragmentable Part)
  --dst-opt-u-hdr, -U        Destination Options Header (Unfragmentable Part)
  --hbh-opt-hdr, -H          Hop by Hop Options Header
  --link-src-address, -S     Link-layer Destination Address
  --link-dst-address, -D     Link-layer Source Address
  --src-link-opt, -E         Source link-layer address option
  --add-slla-opt, -e         Add Source link-layer address option
  --flood-sources, -F        Number of Source Addresses to forge randomly
  --loop, -l                 Send Router Solicitations periodically
  --sleep, -z                Pause between peiodic Router Solicitations
  --help, -h                 Print help for the rs6 tool
  --verbose, -v              Be verbose

Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>

rd6 – Security assessment tool for attack vectors based on Redirect messages

[email protected]:~# rd6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
rd6: Security assessment tool for attack vectors based on Redirect messages

usage: rd6 -i INTERFACE [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-A HOP_LIMIT] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-r RD_DESTADDR/LEN] [-t RD_TARGETADDR/LEN] [-p PAYLOAD_TYPE] [-P PAYLOAD_SIZE] [-n] [-c HOP_LIMIT] [-x SRC_ADDR] [-a SRC_PORT] [-o DST_PORT] [-X TCP_FLAGS] [-q TCP_SEQ] [-Q TCP_ACK] [-V TCP_URP] [-w TCP_WIN] [-M] [-O] [-N] [-E LINK_ADDR] [-e] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR] [-f] [-R N_DESTS] [-T N_TARGETS] [-F N_SOURCES] [-L | -l] [-z] [-v] [-h]

OPTIONS:
  --interface, -i           Network interface
  --src-address, -s         IPv6 Source Address
  --dst-address, -d         IPv6 Destination Address
  --hop-limit, -A           IPv6 Hop Limit
  --frag-hdr. -y            Fragment Header
  --dst-opt-hdr, -u         Destination Options Header (Fragmentable Part)
  --dst-opt-u-hdr, -U       Destination Options Header (Unfragmentable Part)
  --hbh-opt-hdr, -H         Hop by Hop Options Header
  --link-src-address, -S    Link-layer Destination Address
  --link-dst-address, -D    Link-layer Source Address
  --redir-dest, -r          Redirect Destination Address
  --redir-target, -t        Redirect Target Address
  --payload-type, -p        Redirected Header Payload Type
  --payload-size, -P        Redirected Header Payload Size
  --no-payload, -n          Do not include a Redirected Header Option
  --ipv6-hlim, -c           Redirected Header Payload's Hop Limit
  --peer-addr, -x           Redirected Header Payload's IPv6 Source Address
  --peer-port, -a           Redirected Header Payload's Source Port
  --redir-port, -o          Redirected Header Payload's Destination Port
  --tcp-flags, -X           Redirected Header Payload's TCP Flags
  --tcp-seq, -q             Redirected Header Payload's TCP SEQ Number
  --tcp-ack, -Q             Redirected Header Payload's TCP ACK Number
  --tcp-urg, -V             Redirected Header Payload's TCP URG Pointer
  --tcp-win, -w             Redirected Header Payload's TCP Window
  --resp-mcast, -M          Respond to Multicast Packets
  --make-onlink, O          Make victim on-link
  --learn-router, N         Dynamically learn local router addresses
  --target-lla-opt, -E      Target link-layer address option
  --add-tlla-opt, -e        Add Target link-layer address option
  --block-src, -j           Block IPv6 Source Address prefix
  --block-dst, -k           Block IPv6 Destination Address prefix
  --block-link-src, -J      Block Ethernet Source Address
  --block-link-dst, -K      Block Ethernet Destination Address
  --accept-src, -b          Accept IPv6 Source Addres prefix
  --accept-dst, -g          Accept IPv6 Destination Address prefix
  --accept-link-src, -B     Accept Ethernet Source Address
  --accept-link-dst, -G     Accept Ethernet Destination Address
  --sanity-filters, -f      Add sanity filters
  --flood-dests, -R         Flood with multiple Redirect Destination Addresses
  --flood-targets, -T       Flood with multiple Redirect Target Addresses
  --flood-sources, -F       Flood with multiple IPv6 Source Addresses
  --listen, -L              Listen to incoming packets
  --loop, -l                Send periodic Redirect messages
  --sleep, -z               Pause between sending Redirect messages
  --help, -h                Print help for the rd6 tool
  --verbose, -v             Be verbose

Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
Please send any bug reports to <[email protected]>

ni6 – Securty assessment tool for attack vectors based on ICMPv6 NI messages

[email protected]:~# ni6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
ni6: Securty assessment tool for attack vectors based on ICMPv6 NI messages

usage:
 ni6 -i INTERFACE [-S LINK_SRC_ADDR | -R] [-D LINK-DST-ADDR]
     [-s SRC_ADDR[/LEN] | -r] [-d DST_ADDR] [-c HOP_LIMIT] [-y FRAG_SIZE]
     [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE]
     [-P SIZE | -6 IPV6_ADDR | -4 IPV4_ADDR | -n NAME | -N LEN | -x LEN -o TYPE]
     [-Z SIZE] [-e] [-C ICMP6_CODE] [-q NI_QTYPE] [-X NI_FLAGS]
     [-P SIZE | -w IPV6_ADDR | -W IPV4_ADDR | -a NAME | -A LEN | -Q LEN -O TYPE]
     [-E] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR]
     [-K LINK_ADDR] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR]
     [-G LINK_ADDR] [-L | -l] [-z] [-v] [-h]

OPTIONS:
  --interface, -i            Network interface
  --link-src-address, -S     Link-layer Destination Address
  --link-dst-address, -D     Link-layer Source Address
  --src-address, -s          IPv6 Source Address
  --dst-address, -d          IPv6 Destination Address
  --hop-limit, -c            IPv6 Hop Limit
  --frag-hdr. -y             Fragment Header
  --dst-opt-hdr, -u          Destination Options Header (Fragmentable Part)
  --dst-opt-u-hdr, -U        Destination Options Header (Unfragmentable Part)
  --hbh-opt-hdr, -H          Hop by Hop Options Header
  --payload-size, -P         ICMPv6 NI payload size
  --subject-ipv6. -6         Subject IPv6 Address
  --subject-ipv4, -4         Subject IPv4 address
  --subject-name, -n         Subject Name
  --subject-fname, -N        Forge Subject Name of specific length
  --subject-ename, -x        For (malformed) Subject name of specified length
  --subject-nloop, -o        Subject is a Name with a DNS compression loop
  --max-label-size, -Z       Maximum DNS label size (defaults to 63)
  --sname-slabel, -e         Subject Name is a single-label name
  --code, -C                 ICMPv6 code
  --qtype, -q                ICMPv6 NI Qtype
  --flags, -X                ICMPv6 NI flags
  --data-ipv6, -w            Data IPv6 Address
  --data-ipv4, W             Data IPv4 Address
  --data-name, -a            Data Name
  --data-fname, -A           Forge Data Name of specific length
  --data-ename, -Q           For (malformed) Data Name of specified length
  --data-nloop, -O           Data is a Name with a DNS compression loop
  --dname-slabel, -E         Subject Name is a single-label name
  --block-src, -j            Block IPv6 Source Address prefix
  --block-dst, -k            Block IPv6 Destination Address prefix
  --block-link-src, -J       Block Ethernet Source Address
  --block-link-dst, -K       Block Ethernet Destination Address
  --accept-src, -b           Accept IPv6 Source Addres prefix
  --accept-dst, -g           Accept IPv6 Destination Address prefix
  --accept-link-src, -B      Accept Ethernet Source Address
  --accept-link-dst, -G      Accept Ethernet Destination Address
  --forge-src-addr, -r       Forge IPv6 Source Address
  --forge-link-src-addr, -R  Forge link-layer Source Address
  --loop, -l                 Send periodic ICMPv6 error messages
  --sleep, -z                Pause between sending ICMPv6 messages
  --listen, -L               Listen to incoming traffic
  --help, -h                 Print help for the ni6 tool
  --verbose, -v              Be verbose

 Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
 Please send any bug reports to <[email protected]>

jumbo6 – Security assessment tool for attack vectors based on IPv6 jumbo packets

[email protected]:~# jumbo6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
jumbo6: Security assessment tool for attack vectors based on IPv6 jumbo packets

usage: jumbo6 -i INTERFACE [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR]
       [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-A HOP_LIMIT] [-H HBH_OPT_HDR_SIZE]
       [-U DST_OPT_U_HDR_SIZE] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE]
       [-q IPV6_LENGTH] [-Q JUMBO_LENGTH] [-P PAYLOAD_SIZE] [-j PREFIX[/LEN]]
       [-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] [-b PREFIX[/LEN]]
       [-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR] [-L | -l] [-z SECONDS]
       [-v] [-h]

OPTIONS:
  --interface, -i           Network interface
  --link-src-address, -S    Link-layer Destination Address
  --link-dst-address, -D    Link-layer Source Address
  --src-address, -s         IPv6 Source Address
  --dst-address, -d         IPv6 Destination Address
  --hop-limit, -A           IPv6 Hop Limit
  --frag-hdr. -y            Fragment Header
  --dst-opt-hdr, -u         Destination Options Header (Fragmentable Part)
  --dst-opt-u-hdr, -U       Destination Options Header (Unfragmentable Part)
  --hbh-opt-hdr, -H         Hop by Hop Options Header
  --ipv6-length, -q         IPv6 Payload Length
  --jumbo-length, -Q        Jumbo Payload Length
  --payload-size, -P        ICMPv6 payload size
  --block-src, -j           Block IPv6 Source Address prefix
  --block-dst, -k           Block IPv6 Destination Address prefix
  --block-link-src, -J      Block Ethernet Source Address
  --block-link-dst, -K      Block Ethernet Destination Address
  --accept-src, -b          Accept IPv6 Source Addres prefix
  --accept-dst, -g          Accept IPv6 Destination Address prefix
  --accept-link-src, -B     Accept Ethernet Source Address
  --accept-link-dst, -G     Accept Ethernet Destination Address
  --loop, -l                Send periodic Redirect messages
  --sleep, -z               Pause between sending Redirect messages
  --listen, -L              Listen to incoming packets
  --verbose, -v             Be verbose
  --help, -h                Print help for the jumbo6 tool

Programmed by Fernando Gont on behalf of CPNI (http://www.cpni.gov.uk)
Please send any bug reports to <[email protected]>

addr6 – An IPv6 address analysis tool

[email protected]:~# addr6 -h
SI6 Networks' IPv6 Toolkit v1.4.1
addr6: An IPv6 address analysis tool

usage: addr6 (-i | -a) [-d | -s | -q] [-v] [-h]

OPTIONS:
  --address, -a             IPv6 address to be decoded
  --stdin, -i               Read IPv6 addresses from stdin (standard input)
  --print-decode, -d        Decode IPv6 addresses
  --print-stats, -s         Print statistics about IPv6 addresses
  --print-unique, -q        Discard duplicate IPv6 addresses
  --accept, -j              Accept IPv6 addresses from specified IPv6 prefix
  --accept-type, -b         Accept IPv6 addresses of specified type
  --accept-scope, -k        Accept IPv6 addresses of specified scope
  --accept-utype, -w        Accept IPv6 unicast addresses of specified type
  --accept-iid, -g          Accept IPv6 addresses with IIDs of specified type
  --block, -J               Block IPv6 addresses from specified IPv6 prefix
  --block-type, -B          Block IPv6 addresses of specified type
  --block-scope, -K         Block IPv6 addresses of specified scope
  --block-utype, -W         Block IPv6 unicast addresses of specified type
  --block-iid, -G           Block IPv6 addresses with IIDs of specified type
  --verbose, -v             Be verbose
  --help, -h                Print help for the addr6 tool

 Programmed by Fernando Gont for SI6 Networks <http://www.si6networks.com>
 Please send any bug reports to <[email protected]>

ipv6-toolkit Usage Example

[email protected]:~# coming soon