sylkie - IPv6 address spoofing with the Neighbor Discovery Protocol

  •        25

A command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol. Note: This project is still in the early phases of development. If you run into any problems, please consider submitting an issue. It currently only runs on Linux.

https://dlrobertson.github.io/sylkie/
https://github.com/dlrobertson/sylkie

Tags
Implementation
License
Platform

   




Related Projects

NDPMon

  •    C

NDPMon - Neighbor Discovery Protocol Monitor

mitm6 - pwning IPv4 via IPv6

  •    Python

mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server. It does this by replying to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attackers host as default DNS server. As DNS server, mitm6 will selectively reply to DNS queries of the attackers choosing and redirect the victims traffic to the attacker machine instead of the legitimate server. For a full explanation of the attack, see our blog about mitm6. Mitm6 is designed to work together with ntlmrelayx from impacket for WPAD spoofing and credential relaying. For python 2.7, it uses the ipaddress backport module. You can install the latest release from PyPI with pip install mitm6, or the latest version from source with python setup.py install after cloning this git repository.

cjdns - An encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing

  •    Assembly

Cjdns implements an encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing. This provides near-zero-configuration networking, and prevents many of the security and scalability issues that plague existing networks. The cjdns developers.

django-ipware - A Django application to retrieve client's IP address

  •    Python

Best attempt to get client's IP address while keeping it DRY. There is not a good out-of-the-box solution against fake IP addresses, aka IP Address Spoofing. You are encouraged to read the (Advanced users) section of this page and use trusted_proxies_ips and/or proxy_count features to match your needs, especially if you are planning to include ipware in any authentication, security or anti-fraud related architecture.

Internet Protocol Address Calculator

  •    Java

The Internet Protocol Address Calculator is an open-source java-based tool. This calculator will assist network administrators to perform calculations over both IPv4 and IPv6 address space. A handy whois search client is also integrated into this tool.


serf - Service orchestration and management tool

  •    Go

Serf is a decentralized solution for service discovery and orchestration that is lightweight, highly available, and fault tolerant.Serf runs on Linux, Mac OS X, and Windows. An efficient and lightweight gossip protocol is used to communicate with other nodes. Serf can detect node failures and notify the rest of the cluster. An event system is built on top of Serf, letting you use Serf's gossip protocol to propagate events such as deploys, configuration changes, etc. Serf is completely masterless with no single point of failure.

VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages

  •    Python

A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 (slidedeck). Dependencies will then be installed and VHostScan will be added to your path. If there is an issue regarding running python3 setup.py build_ext, you will need to reinstall numpy using pip uninstall numpy and pip install numpy==1.12.0. This should resolve the issue as there are sometimes issues with numpy being installed through setup.py.

nield

  •    C

NIELD(Network Interface Events Logging Daemon) is a tool to receive notifications from kernel through netlink socket, and generate logs related to link state, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), route, FIB rules.

ManageIQ - Discover, Optimize, and Control your Hybrid IT

  •    Ruby

ManageIQ is an open-source Management Platform that delivers the insight, control, and automation that enterprises need to address the challenges of managing hybrid IT environments.

subfinder - SubFinder is a subdomain discovery tool that discovers valid subdomains for websites

  •    Go

SubFinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and has been aimed as a successor to sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then it uses a permutation module inspired by altdns to generate permutations and resolve them quickly using a powerful bruteforcing engine. It can also perform plain bruteforce if needed. The tool is highly customizable, and the code is built with a modular approach in mind making it easy to add functionalities and remove errors. We have designed SubFinder to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike.

Network Tracking Database

  •    Perl

The Network Tracking Database (NetDB for short) tracks all changes to the MAC address tables on your switches and the ARP tables on your routers over time. It supports extensive switch, VLAN and vendor code reports from a CLI or Web App. NetDB can generate CSV reports, track the usage of static IP addresses, record neighbor discovery data and much more. There is now a VM quot;appliancequot; with easier upgrades available in the Files section. See the website for more details:

Reconnoitre - A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing

  •    Python

A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags. This tool is based heavily upon the work made public in Mike Czumak's (T_v3rn1x) OSCP review (link) along with considerable influence and code taken from Re4son's mix-recon (link). Virtual host scanning is originally adapted from teknogeek's work which is heavily influenced by jobertabma's virtual host discovery script (link). Further Virtual Host scanning code has been adapted from a project by Tim Kent and I, available here (link).

google-api-python-client - 🐍 The official Python client library for Google's discovery based APIs.

  •    Python

This is the Python client library for Google's discovery based APIs. To get started, please see the full documentation for this library. Additionally, dynamically generated documentation is available for all of the APIs supported by this library. These client libraries are officially supported by Google. However, the libraries are considered complete and are in maintenance mode. This means that we will address critical bugs and security issues but will not add any new features.

lldpd - implementation of IEEE 802.1ab (LLDP)

  •    C

LLDP (Link Layer Discovery Protocol) is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as Extreme's EDP (Extreme Discovery Protocol) and CDP (Cisco Discovery Protocol). The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver Link-Layer notifications to adjacent network devices. lldpd implements both reception and sending. It also implements an SNMP subagent for net-snmp to get local and remote LLDP information. The LLDP-MIB is partially implemented but the most useful tables are here. lldpd also partially implements LLDP-MED.

NSQ - A realtime distributed messaging platform in Go

  •    Go

NSQ is a realtime distributed messaging platform designed to operate at scale, handling billions of messages per day. It promotes distributed and decentralized topologies without single points of failure, enabling fault tolerance and high availability coupled with a reliable message delivery guarantee. It scales horizontally, without any centralized brokers. Built-in discovery simplifies the addition of nodes to the cluster.

SoftEther VPN - Cross-platform Multi-protocol VPN Program

  •    C

SoftEther VPN is a ?Cross-platform Multi-protocol VPN Program. It supports SSL-VPN protocol to penetrate any kinds of firewalls. Ultra-optimized SSL-VPN Protocol of SoftEther VPN has very fast throughput, low latency and firewall resistance. Virtualization of Ethernet devices is the key of the SoftEther VPN architecture. It virtualizes Ethernet devices in order to realize a flexible virtual private network for both remote-access VPN and site-to-site VPN.

scapy - Scapy: the Python-based interactive packet manipulation program & library

  •    Python

Scapy is a powerful Python-based interactive packet manipulation program and library. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It is designed to allow fast packet prototyping by using default values that work.

NFDUMP - Netflow processing tools

  •    C

nfdump is a set of tools to collect and process netflow data. It's fast and has a powerful filter pcap like syntax. It supports netflow versions v1, v5, v7, v9 and IPFIX as well as a limited set of sflow and is IPv6 compatible. For CISCO ASA devices, which export Netflow Security Event Loging (NSEL) records, please use nfdump-1.5.8-2-NSEL.

IPAddressRange - .NET Class Library for range of IP address, both IPv4 and IPv6.

  •    CSharp

This library allows you to parse range of IP address string such as "192.168.0.0/24" and "192.168.0.0 / 255.255.255.0" and "192.168.0.0-192.168.0.255", and can conatins check. This library supports both IPv4 and IPv6.If you have to use signed assembly, you can use IPAddressRange.Signed NuGet package instead of IPAddressRange.