[ipv6hackers] The state of IPv6 (pen)testing and the future

Merike Kaeo merike at doubleshotsecurity.com
Thu Jan 24 17:09:38 CET 2013

On Jan 24, 2013, at 12:37 AM, Marc Heuse wrote:

> On 24.01.2013 06:21, Fernando Gont wrote:
>> In general, you have two types of tools, which kind of serve different
>> purposes:
>> 1) THC's IPv6 attack toolkit - like
>> 2) SI6 toolkit - like
>> "1)" allows you to exploit specific vectors in a straightforward way. So
>> if you're doing a pentest, and want to try those specific vectors, they
>> are extremely handy.
>> "2)" allows you to try any stuff you *understand*, even if the author of
>> the tools didn't think about those vectors. This extremely flexible, but
>> I guess might be a bit disappointing for folks running some of the tools
>> and finding "nothing happened" (i.e., "wtf!?"-like sort of reactions,
>> together with "what's the magic I should give this tool?"). These tools
>> are a middle-ground between scapy and THCs :-)
>> As with everything, you probably want to have both toolkits handy...
>> each has its uses.
> yes and I am grateful that Fernando took a different approach than mine.
> This way whatever you want to do, one of the toolkits will be more
> suited to solve the deal. so the complement each other perfectly.
> together with scapy for easy packet creation you basically have
> everything you need at hand.
> still - more tools would be better, because different minds think about
> different attacks and tests. and competition also helps to make things
> better.

LOL.  Competition certainly is a motivator for improvement.  I would just
prefer a few (~5) really good and comprehensive (free) tools than 10-20 that all
are a little piece of the puzzle.  So yeah, I do also agree with a few different approaches.

I have tested some of the commercial stuff a year or 2 ago and certainly given my
take to many implementors.  Day job got way different and was all-consuming last year
but I'll dust off some of the still relevant security tutorials I've given.  The fragmentation issues
and option issues and extension headers have been great to enumerate now that deployments
are at a stage where issues can become exploitable and equipment vendors can't just have
half-assed v6 functionality.

Anyone look at SARA or SAINT?  At some point there was rumblings of them having v6 but I haven't
followed to see whether any company 'bought' the tools or whether they are still freely available
and most importantly, updated.  

- merike  

More information about the Ipv6hackers mailing list