{"id":13475842,"url":"https://github.com/vanhauser-thc/thc-ipv6","last_synced_at":"2025-05-16T13:04:08.723Z","repository":{"id":28578230,"uuid":"32096132","full_name":"vanhauser-thc/thc-ipv6","owner":"vanhauser-thc","description":"IPv6 attack toolkit","archived":false,"fork":false,"pushed_at":"2025-02-10T09:01:41.000Z","size":2365,"stargazers_count":1078,"open_issues_count":0,"forks_count":219,"subscribers_count":73,"default_branch":"master","last_synced_at":"2025-04-12T09:18:37.170Z","etag":null,"topics":["attacklab","attacks","denial-of-service","ipv6","ipv6-research","man-in-the-middle","man-in-the-middle-attack","penetration-testing","thc"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vanhauser-thc.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2015-03-12T19:00:59.000Z","updated_at":"2025-04-06T22:45:31.000Z","dependencies_parsed_at":"2024-01-16T15:40:27.007Z","dependency_job_id":"71047be0-2536-4ed6-981f-4160467360df","html_url":"https://github.com/vanhauser-thc/thc-ipv6","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vanhauser-thc%2Fthc-ipv6","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vanhauser-thc%2Fthc-ipv6/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vanhauser-thc%2Fthc-ipv6/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vanhauser-thc%2Fthc-ipv6/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vanhauser-thc","download_url":"https://codeload.github.com/vanhauser-thc/thc-ipv6/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254535826,"owners_count":22087398,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attacklab","attacks","denial-of-service","ipv6","ipv6-research","man-in-the-middle","man-in-the-middle-attack","penetration-testing","thc"],"created_at":"2024-07-31T16:01:24.019Z","updated_at":"2025-05-16T13:04:08.703Z","avatar_url":"https://github.com/vanhauser-thc.png","language":"C","funding_links":[],"categories":["Uncategorized","\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e新添加的","Tools","\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e工具"],"sub_categories":["Uncategorized","\u003ca id=\"31185b925d5152c7469b963809ceb22d\"\u003e\u003c/a\u003e新添加的"],"readme":"                  \n                      THC-IPV6-ATTACK-TOOLKIT\n  (c) 2005-2022 vh@thc.org https://github.com/vanhauser-thc/thc-ipv6\n\n\n\t\tLicensed under AGPLv3 (see LICENSE file)\n\n\nINTRODUCTION\n============\nThis code was inspired when I got into touch with IPv6, learned more and\nmore about it - and then found no tools to play (read: \"hack\") around with.\nFirst I tried to implement things with libnet, but then found out that\nthe IPv6 implementation is only partial - and sucks. I tried to add the\nmissing code, but well, it was not so easy, hence I saved my time and\nquickly wrote my own library.\n\n\nLIMITATIONS\n===========\nThis code currently only runs on:\n - Linux 2.6.x or newer (because of /proc usage)\n - Ethernet\nBut this means for all linux guys that it will work for 98% of your use cases.\nPatches are welcome! (add \"antispam\" in the subject line to get through my\nanti-spam protection, otherwise the email will bounce)\n\n\nBUILDING\n========\nYou must have libpcap-dev installed to be able to build the tools.\nAdditionally libssl-dev and libnetfilter-queue-dev are recommended as well.\n\nThese can be installed by (Kali, Debian, Ubuntu):\n  sudo apt-get install libpcap-dev libssl-dev libnetfilter-queue-dev\n\nYou can build the tools by running:\n   make all\n\nYou can install the tools and existing manual pages by running:\n   make install\n\n\nTHE TOOLS\n=========\nThe THC IPV6 ATTACK TOOLKIT comes already with lots of effective attacking\ntools:\n - parasite6: ICMPv6 neighbor solitication/advertisement spoofer, puts you\n   as man-in-the-middle, same as ARP mitm (and parasite)\n - alive6: an effective alive scanng, which will detect all systems\n   listening to this address\n - dnsdict6: parallized DNS IPv6 dictionary bruteforcer\n - fake_router6: announce yourself as a router on the network, with the\n   highest priority\n - redir6: redirect traffic to you intelligently (man-in-the-middle) with\n   a clever ICMPv6 redirect spoofer\n - toobig6: mtu decreaser with the same intelligence as redir6\n - detect-new-ip6: detect new IPv6 devices which join the network, you can\n   run a script to automatically scan these systems etc.\n - dos-new-ip6: detect new IPv6 devices and tell them that their chosen IP\n   collides on the network (DOS).\n - trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN\n - flood_router6: flood a target with random router advertisements\n - flood_advertise6: flood a target with random neighbor advertisements\n - fuzz_ip6: fuzzer for IPv6 \n - implementation6: performs various implementation checks on IPv6 \n - implementation6d: listen daemon for implementation6 to check behind a FW\n - fake_mld6: announce yourself in a multicast group of your choice on the net\n - fake_mld26: same but for MLDv2\n - fake_mldrouter6: fake MLD router messages\n - fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication\n - fake_advertiser6: announce yourself on the network\n - smurf6: local smurfer\n - rsmurf6: remote smurfer, known to work only against linux at the moment\n - exploit6: known IPv6 vulnerabilities to test against a target\n - denial6: a collection of denial-of-service tests againsts a target\n - thcping6: sends a hand crafted ping6 packet\n - sendpees6: a tool by willdamn@gmail.com, which generates a neighbor\n   solicitation requests with a lot of CGAs (crypto stuff ;-) to keep the\n   CPU busy. nice.\nand about 25 more tools for you to discover :-)\n\nJust run the tools without options and they will give you help and show the\ncommand line options.\n\n\n\nTHE LIBRARY\n===========\nThe library thc-ipv6-lib.c is the heart and soul of all tools - and those\nyou may want to write.\nImplementation is so simple, its usually just 2-4 lines to create a complete\nIPv6/ICMPv6 packet with the content of your choice.\n\nYour basic structure you use is\n  (thc_ipv6_hdr *)\ne.g. \n  thc_ipv6_hdr *my_ipv6_packet;\n  int my_ipv6_packet_len;\nand you will never have to play with its options/fields.\n\nWhenever you want to build an IPv6 packet, you just write:\n  my_ipv6_packet = thc_create_ipv6_extended(interface, prefer, \u0026my_ipv6_packet_len,\n                          src6, dst6, ttl, length, label, class, version);\nif something fails, it returns NULL (only if my_ipv6_packet_len or dst6 do\nnot exist or malloc fails).\nThe options to thc_create_ipv6_extended are:\n (char*) interface - the interface on which you want to send out the packet\n (int) prefer - either PREFER_LINK (to use the link local address) or\n                PREFER_HOST to use a host IPv6 address, and \n                PREFER_GLOBAL to use a public (internet) IP6 address (default)\n (int *) \u0026my_ipv6_packet_len - the size of the packet which will be created\n (unsigned char*) src6 - the source IP6 (OPTIONAL - will be selected if NULL)\n (unsigned char*) dst6 - the destination IP6 (in network format, 16 bytes long)\n                         usually the result of thc_resolve6(\"ipv6.google.com\");\n (int) ttl - the ttl of the packet (OPTIONAL - 0 will set this to 255)\n (int) length - the length which will be set in the header (OPTIONAL - 0 =\n                real length)\n (int) label - the flow label (0 is fine)\n (int) class - the class of the packet (0 is fine)\n (int) version - the IP6 version (OPTIONAL - 0 will set this to version 6)\nIt returns NULL on errors or a malloc'ed structure on success.\nfree() it once you are done with it.\n\nNow you can set extension headers on top of it:\n  thc_add_hdr_route(my_ipv6_packet, \u0026my_ipv6_packet_len, routers, routerptr);\n  thc_add_hdr_fragment(my_ipv6_packet, \u0026my_ipv6_packet_len, offset, more_frags,\n                       id);\n  thc_add_hdr_dst(my_ipv6_packet, \u0026my_ipv6_packet_len, buf, buflen);\n  thc_add_hdr_hopbyhop(my_ipv6_packet, \u0026my_ipv6_packet_len, buf, buflen);\n  thc_add_hdr_nonxt(my_ipv6_packet, \u0026my_ipv6_packet_len, hdropt);\n  thc_add_hdr_misc(my_ipv6_packet, \u0026my_ipv6_packet_len, type, len, buf, buflen);\nThe functions explained:\n _route: Add a Routing Forwarding Header (like IP Source Routing)\n  (int) routers - the number of routers in routerptr\n  (char**) routerptr - a *char[routers + 1] struct with router destinations\n                       in network format. See alive6.c for an example.\n _fragment: Add a Fragment Header\n  (int) offset - the offset on which to the data should be written (note:\n                 put the offset location in bytes here, not in byte octets)\n  (int) more_frags - set to 0 if it is the fragement, 1 on all others\n  (int) id - an ID for the packet (same for all fragments)\n _dst: Add a Destination Options Header\n  (char*) buf - a char buffer. you have to control this buffer yourself with\n                but you want to write into it.\n  (int) buflen - the length of buf\n _hopbyhop: Add a Hop-By-Hop Header\n  (char*) buf - a char buffer. you have to control this buffer yourself with\n                but you want to write into it.\n  (int) buflen - the length of buf\n _nonxt: Specify that there will be no following headers whatsoever\n  (int) hdropt - this options is currently ignored\n _misc: Specify a miscelleanous header. Use this if you want to design an\n        invalid or non-existing extension header.\n  (int) type - The type ID to specify the header as\n  (int) len - The length to advertise the header as (OPTIONAL - -1 sets this to\n              the correct value)\n  (char*) buf - a char buffer. you have to control this buffer yourself with\n                but you want to write into it.\n  (int) buflen - the length of buf\nThese functions return (int) 0 on success and -1 on error.\n\nFinally you can add the stream or dgram headers.\n  thc_add_icmp6(my_ipv6_packet, \u0026my_ipv6_packet_len, type, code, flags, buf,\n                buflen, checksum);\n  thc_add_tcp(my_ipv6_packet, \u0026my_ipv6_packet_len, source_port,\n              destination_port, sequence_number, ack_number, flags, window_size\n              urgent_pointer, options, optione_length, data, data_length);\n  thc_add_udp(my_ipv6_packet, \u0026my_ipv6_packet_len, source_port, \n              destination_port, checksum, data, data_length);\n  thc_add_data6(my_ipv6_packet, \u0026my_ipv6_packet_len, type, buf, buflen); \n _icmp6: Add an ICMP6 packet header\n  (int) type: the ICMP6 type\n  (int) code: the ICMP6 code\n  (int) flags: the ICMP6 flags\n  (char*) buf - a char buffer. you have to control this buffer yourself with\n                but you want to write into it.\n  (int) buflen - the length of buf\n _tcp|_udp: Add an TCP or UDP header\n  (ushort) source_port: source port\n  (ushort) destination_port: destination port\n  (uint) sequence_number: TCP sequence number\n  (uint) ack_number: TCP acknowledgement number\n  (ushort) checksum: UDP checksum, 0 = generate checksum (for TCP the checksum is always calculated)\n  (uchar) flags: TCP flags: TCP_SYN, TCP_ACK, TCP_FIN, TCP_RST, TCP_PSH, ...\n  (uint) window_size: TCP window size\n  (uint) urgent_pointer: TCP urgent pointer (usually 0)\n  (char*) options: TCP options buffer, can be NULL\n  (uint) options_length: the length of the TCP options buffer\n  (char*) data: the data the protocol carries\n  (uint) data_length: the length of the data buffer\n _data6: Add a miscellaneous header\n  (int) type: the protocol ID\n  (char*) buf - a char buffer. you have to control this buffer yourself with\n                but you want to write into it.\n  (int) buflen - the length of buf\nThese functions return (int) 0 on success and -1 on error.\n\nOnce you are done, you create and send the packet.\n  thc_generate_pkt(interface, srcmac, dstmac, my_ipv6_packet,\n                   \u0026my_ipv6_packet_len);\n  thc_send_pkt(interface, my_ipv6_packet, \u0026my_ipv6_packet_len);\nor combined into one function:\n thc_generate_and_send_pkt(interface, srcmac, dstmac, my_ipv6_packet,\n                            \u0026my_ipv6_packet_len);\n\n thc_generate_and_send_pkt: This generates the real and final IPv6 packet and\n                           then sends it.\n  (char*) interface - the interface to send the packet on\n  (unsigned char*) srcmac - the source mac to use (in network format)\n                            (OPTIONAL, the real mac is used if NULL)\n  (unsigned char*) dstmac - the destination mac to use (in network format)\n                            (OPTIONAL, the real mac is looked up if NULL)\nThe thc_generate_pkt and  thc_send_pkt together provide the same functionality.\nYou usually use these only if you do something like\n  thc_generate_pkt(...);\n  while(1) thc_send_pkt(...);\nThese functions return (int) 0 on success and -1 on error.\n\nWhen you are done, free the memory with:\n  thc_destroy_packet(my_ipv6_packet);\n\nThere are some important helper functions you will need:\n  thc_resolve6(destinationstring);\n    This resolves the IPv6 address or DNS name to an IPv6 network address.\n    Use this for dst6 in thc_create_ipv6_extended(). The result has to be free'd when\n    not needed anymore.\n  thc_inverse_packet(my_ipv6_packet, \u0026my_ipv6_packet_len);\n    This clever functions switches source and destination address, exchanges\n    the ICMP header type (ECHO REQUEST -\u003e ECHO REPLY etc.) and recalculates\n    the checksum. If you dont have an idea what this might be useful for,\n    go and play with your xbox :-)\n\nIf you just want to do it very fast, there are some predefined ICMPv6 creator\nfunctions which sends impc6 packets in just one line of code:\n  thc_ping6(interface, src, dst, size, count);\n  thc_neighboradv6(interface, src, dst, srcmac, dstmac, flags, target);\n  thc_neighborsol6(interface, src, dst, target, srcmac, dstmac);\n  thc_routeradv6(interface, src, dst, srcmac, default_ttl, managed, prefix,\n                 prefixlen, mtu, lifetime);\n  thc_routersol6(interface, src, dst, srcmac, dstmac);\n  thc_toobig6(interface, src, srcmac, dstmac, mtu, my_ipv6_packet,\n              my_ipv6_packet_len);\n  thc_paramprob6(interface, src, srcmac, dstmac, code, pointer,\n                 my_ipv6_packet, my_ipv6_packet_len);\n  thc_unreach6(interface, src, srcmac, dstmac, icmpcode, my_ipv6_packet,\n               my_ipv6_packet_len);\n  thc_redir6(interface, src, srcmac, dstmac, newrouter, newroutermac,\n             my_ipv6_packet, my_ipv6_packet_len);\n  thc_send_as_fragment6(interface, src, dst, type, buf, buflen, frag_len);\nThese do what you expect them to do, so I am too lazy^H^H^H^H^Hbusy to\ndescribe it in more details.\n\nThe following functions allocate memory for the result pointer, so remember\nto free the result pointers from these functions once you do not need them\nanymore:\n  thc_ipv6_dummymac()\n  thc_ipv62notation()\n  thc_ipv62string()\n  thc_string2ipv6()\n  thc_string2notation()\n  thc_resolve6()\n  thc_get_own_ipv6()\n  thc_get_own_mac()\n  thc_get_multicast_mac()\n  thc_get_mac()\n  thc_lookup_ipv6_mac()\n  thc_look_neighborcache()\n  thc_generate_key()\n  thc_generate_cga()\n  thc_generate_rsa()\n\nIt helps a lot if you take a look at example usages. The best ones are\nthe tools from the thc-ipv6 package, especially implementation6.c and\nfake_*6.c - have fun, and send back code, so the community can further\nbuild on it.\n\n\nDETECTION\n=========\nMost tools can easily be detected by an IDS or specialized detection software.\nThis is done on purpose to make rogue usage detection easier.\nThe tools either specify a fixed packet signature, or generically sniff for\npackets (e.g. therefore also answering to ICMPv6 neighbor solitications which\nare sent to a non-existing mac, and are therefore very easy to detect).\nIf you dont want this, change the code.\n\n\nPATCHES, BUGS, HINTS, etc.\n==========================\nSend them to vh (at) thc (dot) org (and add \"antispam\" to the subject line)\nOr submit via github: https://github.com/vanhauser-thc/thc-ipv6\n\nHave fun!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvanhauser-thc%2Fthc-ipv6","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvanhauser-thc%2Fthc-ipv6","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvanhauser-thc%2Fthc-ipv6/lists"}