The SI6 Networks’ IPv6 toolkit is a set of IPv6 security assessment and trouble-shooting tools. It can be leveraged to perform security assessments of IPv6 networks, assess the resiliency of IPv6 devices by performing real-world attacks against them, and to trouble-shoot IPv6 networking problems. The tools comprising the toolkit range from packet-crafting tools to send arbitrary Neighbor Discovery packets to the most comprehensive IPv6 network scanning tool out there (our scan6 tool).

Developers

The SI6 Networks’ IPv6 toolkit is developed by Fernando Gont for SI6 Networks.

Supported platforms

The following platforms are supported: FreeBSD, NetBSD, OpenBSD, Ubuntu, Debian GNU/Linux, Debian GNU/kfreebsd, Solaris, Gentoo Linux, and Mac OS.

GIT repository

The GIT repository for the SI6 Networks’ IPv6 toolkit is: https://github.com/fgont/ipv6toolkit.git

IPv6 Security Training Courses

Development of the ipv6toolkit is partially supported through our IPv6 security training courses. Please consider attending one of our upcoming IPv6 security courses:

List of Tools

  • addr6: An IPv6 address analysis and manipulation tool.
  • blackhole6: A troubleshooting tool which can find IPv6 where in the network topology packets with specific IPv6 Extension Headers are being dropped.
  • flow6: A tool to perform a security asseessment of the IPv6 Flow Label.
  • frag6: A tool to perform IPv6 fragmentation-based attacks and to perform a security assessment of a number of fragmentation-related aspects.
  • icmp6: A tool to perform attacks based on ICMPv6 error messages.
  • jumbo6: A tool to assess potential flaws in the handling of IPv6 Jumbograms.
  • na6: A tool to send arbitrary Neighbor Advertisement messages.
  • ni6: A tool to send arbitrary ICMPv6 Node Information messages, and assess possible flaws in the processing of such packets.
  • ns6: A tool to send arbitrary Neighbor Solicitation messages.
  • path6: A versatile IPv6-based traceroute tool (which supports extension headers, IPv6 fragmentation, and other features not present in existing traceroute implementations).
  • ra6: A tool to send arbitrary Router Advertisement messages.
  • rd6: A tool to send arbitrary ICMPv6 Redirect messages.
  • rs6: A tool to send arbitrary Router Solicitation messages.
  • scan6: An IPv6 address scanning tool.
  • script6: A set of scripts/commands that make rather complex and frequent tasks easy.
  • tcp6: A tool to send arbitrary TCP segments and perform a variety of TCP-based attacks.
  • udp6: A tool for sending arbitrary IPv6-based UDP datagrams.

Related Documents

  • Gont, F. 2012. Security Assessment of IPv6 Neighbor Discovery Implementations[.pdf]
  • A number of IETF RFCs and Internet-Drafts on the the topic of IPv6 security can be a good companion to our IPv6 toolkit.

In the Press

These articles feature or mention the SI6 Networks’ IPv6 Toolkit: