Commit 6bccce79 authored by Jim O'Gorman (Kali Developer)'s avatar Jim O'Gorman (Kali Developer)

Merge tag 'upstream/2.0beta'

Upstream version 2.0beta
parents d2980b1b e0372fd1
SI6 Networks IPv6 Toolkit v2.0beta
* All: Add support Solaris
Solaris is now a supported platform.
* All: Fix bug in next hop determination
A bug caused, in some scenarios, the tools to fail with "cannot find
next hop".
* All: Fix support for loopback interface
The tools failed to set the "virtual" "Ether Proto" for packets sent
on the loopback interface, and hence they were discarded.
* All: Add support for domain names
All tools now support domain names in their "-d" options.
* addr6: Fix bug in address scope filtering
A bug caused address scope filters to behave incorrectly.
* addr6: Fix error in manual page
Some of the long-option names were incorrect.
* scan6: Fixes bug in address range computation
Prefixes that were not multiple of 16 resulted in bogus address ranges.
* scan6: Add support for port scanning
scan6 now implements several techniques for TCP and UDP port scanning.
* scan6: Add support for heuristic host scanning
scan6 can now automatically infer the IID type of a target and reduce
the search space accordingly (just "-d example.com/64" or
"-d IPV6ADDRESS/64".
* path6: New tool
Added a fully-IPv6-capable traceroute tool, named path6.
* script6: New tool
Added a new tool which incorporates new functionality and also provides
a shortcut to other existing tools.
* blackhole6: New tool
Added a new tool which helps find IPv6 blackholes.
SI6 Networks IPv6 Toolkit v1.5.3
* All: Fix packet size issues
......
CONTRIBUTORS
------------
CREDITS
-------
** Contributors **
......@@ -52,7 +52,7 @@ These are the maintainers for each of the different packages:
Spotting bugs in networking tool can be tricky, since at times they only show
up in specific network scenarios.
The following indviduals provided great help in identifying bugs in the the
The following indviduals provided great help in identifying bugs in the
toolkit (thus leading to fixes and improvements):
Stephane Bortzmeyer <stephane@bortzmeyer.org>
......@@ -60,4 +60,5 @@ toolkit (thus leading to fixes and improvements):
Erik Muller <erikm@buh.org>
Declan A Rieb <darieb@sandia.gov>
Tim <tim-security@sentinelchicken.org>
Ray Hunter <Ray.Hunter@globis.net>
......@@ -11,8 +11,8 @@
# variable accordingly. The path of the manual pages can be overriden by setting
# the MANPREFIX variable. Typically, packages will set these variables as follows:
#
# PREFIX=usr/
# MANPREFIX=usr/share
# PREFIX=/usr/
# MANPREFIX=/usr/share
#
# Finally, please note that this makefile supports the DESTDIR variable, as
# typically employed by package developers.
......@@ -22,16 +22,23 @@ CC= gcc
CFLAGS+= -Wall
LDFLAGS+= -lpcap -lm
ifndef PREFIX
PREFIX=/usr/local
ifndef MANPREFIX
MANPREFIX=/usr/local
ifeq ($(shell uname),SunOS)
LDFLAGS+=-lsocket -lnsl
OS=SunOS
endif
ifndef PREFIX
PREFIX=/usr/local
ifndef MANPREFIX
MANPREFIX=/usr/local
endif
else
ifndef MANPREFIX
MANPREFIX=/usr/share
ifndef MANPREFIX
MANPREFIX=/usr/share
endif
endif
endif
ETCPATH= $(DESTDIR)/etc
MANPATH= $(DESTDIR)$(MANPREFIX)/man
......@@ -41,15 +48,18 @@ SBINPATH= $(DESTDIR)$(PREFIX)/sbin
SRCPATH= tools
SBINTOOLS= flow6 frag6 icmp6 jumbo6 na6 ni6 ns6 ra6 rd6 rs6 scan6 tcp6
SBINTOOLS= blackhole6 flow6 frag6 icmp6 jumbo6 na6 ni6 ns6 path6 ra6 rd6 rs6 scan6 script6 tcp6
BINTOOLS= addr6
TOOLS= $(BINTOOLS) $(SBINTOOLS)
LIBS= libipv6.o
all: $(TOOLS) $(LIBS) ipv6toolkit.conf
all: $(TOOLS) data/ipv6toolkit.conf
addr6: $(SRCPATH)/addr6.c $(SRCPATH)/addr6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o addr6 $(SRCPATH)/addr6.c $(LIBS) $(LDFLAGS)
addr6: $(SRCPATH)/addr6.c $(SRCPATH)/addr6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o addr6 $(SRCPATH)/addr6.c $(LDFLAGS)
blackhole6: $(SRCPATH)/blackhole6
cp $(SRCPATH)/blackhole6 ./
flow6: $(SRCPATH)/flow6.c $(SRCPATH)/flow6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o flow6 $(SRCPATH)/flow6.c $(LIBS) $(LDFLAGS)
......@@ -72,6 +82,9 @@ ni6: $(SRCPATH)/ni6.c $(SRCPATH)/ni6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPAT
ns6: $(SRCPATH)/ns6.c $(SRCPATH)/ns6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o ns6 $(SRCPATH)/ns6.c $(LIBS) $(LDFLAGS)
path6: $(SRCPATH)/path6.c $(SRCPATH)/path6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o path6 $(SRCPATH)/path6.c $(LIBS) $(LDFLAGS)
ra6: $(SRCPATH)/ra6.c $(SRCPATH)/ra6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o ra6 $(SRCPATH)/ra6.c $(LIBS) $(LDFLAGS)
......@@ -84,23 +97,29 @@ rs6: $(SRCPATH)/rs6.c $(SRCPATH)/rs6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPAT
scan6: $(SRCPATH)/scan6.c $(SRCPATH)/scan6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o scan6 $(SRCPATH)/scan6.c $(LIBS) $(LDFLAGS)
script6: $(SRCPATH)/script6
cp $(SRCPATH)/script6 ./
tcp6: $(SRCPATH)/tcp6.c $(SRCPATH)/tcp6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o tcp6 $(SRCPATH)/tcp6.c $(LIBS) $(LDFLAGS)
libipv6.o: $(SRCPATH)/libipv6.c $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -c -o libipv6.o $(SRCPATH)/libipv6.c
ipv6toolkit.conf:
data/ipv6toolkit.conf:
echo "# SI6 Networks' IPv6 Toolkit Configuration File" > \
data/ipv6toolkit.conf
echo OUI-Database=$(PREFIX)/share/ipv6toolkit/oui.txt >> \
data/ipv6toolkit.conf
echo Ports-Database=$(PREFIX)/share/ipv6toolkit/service-names-port-numbers.csv >> \
data/ipv6toolkit.conf
clean:
rm -f $(TOOLS) $(LIBS)
rm -f data/ipv6toolkit.conf
install: all
ifneq ($(OS),SunOS)
# Install the binaries
install -m0755 -d $(BINPATH)
install -m0755 -d $(SBINPATH)
......@@ -108,12 +127,16 @@ install: all
install -m0755 $(SBINTOOLS) $(SBINPATH)
# Install the configuration file
install -m0755 -d $(ETCPATH)
install -m0644 data/ipv6toolkit.conf $(ETCPATH)
# Install the IEEE OUI database
install -m0755 -d $(DATAPATH)
install -m0644 data/oui.txt $(DATAPATH)
# Install the port numbers database
install -m0644 data/service-names-port-numbers.csv $(DATAPATH)
# Install the manual pages
install -m0755 -d $(MANPATH)/man1
install -m0644 manuals/*.1 $(MANPATH)/man1
......@@ -121,17 +144,77 @@ install: all
install -m0644 manuals/*.5 $(MANPATH)/man5
install -m0755 -d $(MANPATH)/man7
install -m0644 manuals/*.7 $(MANPATH)/man7
else
# Install the binaries
install -m 0755 -d $(BINPATH)
install -m 0755 -d $(SBINPATH)
install -m 0755 -f $(BINPATH) addr6
install -m 0755 -f $(SBINPATH) blackhole6
install -m 0755 -f $(SBINPATH) flow6
install -m 0755 -f $(SBINPATH) frag6
install -m 0755 -f $(SBINPATH) icmp6
install -m 0755 -f $(SBINPATH) jumbo6
install -m 0755 -f $(SBINPATH) script6
install -m 0755 -f $(SBINPATH) na6
install -m 0755 -f $(SBINPATH) ni6
install -m 0755 -f $(SBINPATH) ns6
install -m 0755 -f $(SBINPATH) path6
install -m 0755 -f $(SBINPATH) ra6
install -m 0755 -f $(SBINPATH) rd6
install -m 0755 -f $(SBINPATH) rs6
install -m 0755 -f $(SBINPATH) scan6
install -m 0755 -f $(SBINPATH) tcp6
# Install the configuration file
install -m 0755 -d $(ETCPATH)
install -m 0644 -f $(ETCPATH) data/ipv6toolkit.conf
# Install the IEEE OUI database
install -m 0755 -d $(DATAPATH)
install -m 0644 -f $(DATAPATH) data/oui.txt
# Install the port numbers database
install -m 0644 -f $(DATAPATH) data/service-names-port-numbers.csv
# Install the manual pages
install -m 0755 -d $(MANPATH)/man1
install -m 0644 -f $(MANPATH)/man1 manuals/addr6.1
install -m 0644 -f $(MANPATH)/man1 manuals/blackhole6.1
install -m 0644 -f $(MANPATH)/man1 manuals/flow6.1
install -m 0644 -f $(MANPATH)/man1 manuals/frag6.1
install -m 0644 -f $(MANPATH)/man1 manuals/icmp6.1
install -m 0644 -f $(MANPATH)/man1 manuals/jumbo6.1
install -m 0644 -f $(MANPATH)/man1 manuals/na6.1
install -m 0644 -f $(MANPATH)/man1 manuals/ni6.1
install -m 0644 -f $(MANPATH)/man1 manuals/ns6.1
install -m 0644 -f $(MANPATH)/man1 manuals/path6.1
install -m 0644 -f $(MANPATH)/man1 manuals/ra6.1
install -m 0644 -f $(MANPATH)/man1 manuals/rd6.1
install -m 0644 -f $(MANPATH)/man1 manuals/rs6.1
install -m 0644 -f $(MANPATH)/man1 manuals/scan6.1
install -m 0644 -f $(MANPATH)/man1 manuals/script6.1
install -m 0644 -f $(MANPATH)/man1 manuals/tcp6.1
install -m 0755 -d $(MANPATH)/man5
install -m 0644 -f $(MANPATH)/man5 manuals/ipv6toolkit.conf.5
install -m 0755 -d $(MANPATH)/man7
install -m 0644 -f $(MANPATH)/man7 manuals/ipv6toolkit.7
endif
uninstall:
# Remove the binaries
rm -f $(BINPATH)/addr6
rm -f $(SBINPATH)/blackhole6
rm -f $(SBINPATH)/flow6
rm -f $(SBINPATH)/frag6
rm -f $(SBINPATH)/icmp6
rm -f $(SBINPATH)/jumbo6
rm -f $(SBINPATH)/script6
rm -f $(SBINPATH)/na6
rm -f $(SBINPATH)/ni6
rm -f $(SBINPATH)/ns6
rm -f $(SBINPATH)/path6
rm -f $(SBINPATH)/ra6
rm -f $(SBINPATH)/rd6
rm -f $(SBINPATH)/rs6
......@@ -141,11 +224,12 @@ uninstall:
# Remove the configuration file
rm -f $(ETCPATH)/ipv6toolkit.conf
# Remove the IEEE OUI database
# Remove the IEEE OUI database and port number database
rm -rf $(DATAPATH)
# Remove the manual pages
rm -f $(MANPATH)/man1/addr6.1
rm -f $(MANPATH)/man1/blackhole6.1
rm -f $(MANPATH)/man1/flow6.1
rm -f $(MANPATH)/man1/frag6.1
rm -f $(MANPATH)/man1/icmp6.1
......@@ -153,10 +237,12 @@ uninstall:
rm -f $(MANPATH)/man1/na6.1
rm -f $(MANPATH)/man1/ni6.1
rm -f $(MANPATH)/man1/ns6.1
rm -f $(MANPATH)/man1/path6.1
rm -f $(MANPATH)/man1/ra6.1
rm -f $(MANPATH)/man1/rd6.1
rm -f $(MANPATH)/man1/rs6.1
rm -f $(MANPATH)/man1/scan6.1
rm -f $(MANPATH)/man1/script6.1
rm -f $(MANPATH)/man1/tcp6.1
rm -f $(MANPATH)/man5/ipv6toolkit.conf.5
rm -f $(MANPATH)/man7/ipv6toolkit.7
......
......@@ -18,7 +18,7 @@
# typically employed by package developers.
CC= gcc
CC?=gcc
CFLAGS+= -Wall
LDFLAGS+= -lpcap -lm
......@@ -41,15 +41,18 @@ SBINPATH= $(DESTDIR)$(PREFIX)/sbin
SRCPATH= tools
SBINTOOLS= flow6 frag6 icmp6 jumbo6 na6 ni6 ns6 ra6 rd6 rs6 scan6 tcp6
SBINTOOLS= blackhole6 flow6 frag6 icmp6 jumbo6 na6 ni6 ns6 path6 ra6 rd6 rs6 scan6 script6 tcp6
BINTOOLS= addr6
TOOLS= $(BINTOOLS) $(SBINTOOLS)
LIBS= libipv6.o
all: $(TOOLS) ipv6toolkit.conf
all: $(TOOLS) data/ipv6toolkit.conf
addr6: $(SRCPATH)/addr6.c $(SRCPATH)/addr6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o addr6 $(SRCPATH)/addr6.c $(LDFLAGS)
addr6: $(SRCPATH)/addr6.c $(SRCPATH)/addr6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o addr6 $(SRCPATH)/addr6.c $(LIBS) $(LDFLAGS)
blackhole6: $(SRCPATH)/blackhole6
cp $(SRCPATH)/blackhole6 ./
flow6: $(SRCPATH)/flow6.c $(SRCPATH)/flow6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o flow6 $(SRCPATH)/flow6.c $(LIBS) $(LDFLAGS)
......@@ -72,6 +75,9 @@ ni6: $(SRCPATH)/ni6.c $(SRCPATH)/ni6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPAT
ns6: $(SRCPATH)/ns6.c $(SRCPATH)/ns6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o ns6 $(SRCPATH)/ns6.c $(LIBS) $(LDFLAGS)
path6: $(SRCPATH)/path6.c $(SRCPATH)/path6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o path6 $(SRCPATH)/path6.c $(LIBS) $(LDFLAGS)
ra6: $(SRCPATH)/ra6.c $(SRCPATH)/ra6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o ra6 $(SRCPATH)/ra6.c $(LIBS) $(LDFLAGS)
......@@ -84,17 +90,22 @@ rs6: $(SRCPATH)/rs6.c $(SRCPATH)/rs6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPAT
scan6: $(SRCPATH)/scan6.c $(SRCPATH)/scan6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o scan6 $(SRCPATH)/scan6.c $(LIBS) $(LDFLAGS)
script6: $(SRCPATH)/script6
cp $(SRCPATH)/script6 ./
tcp6: $(SRCPATH)/tcp6.c $(SRCPATH)/tcp6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o tcp6 $(SRCPATH)/tcp6.c $(LIBS) $(LDFLAGS)
libipv6.o: $(SRCPATH)/libipv6.c $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -c -o libipv6.o $(SRCPATH)/libipv6.c
ipv6toolkit.conf:
data/ipv6toolkit.conf:
echo "# SI6 Networks' IPv6 Toolkit Configuration File" > \
data/ipv6toolkit.conf
echo OUI-Database=$(PREFIX)/share/ipv6toolkit/oui.txt >> \
data/ipv6toolkit.conf
echo Ports-Database=$(PREFIX)/share/ipv6toolkit/service-names-port-numbers.csv >> \
data/ipv6toolkit.conf
clean:
rm -f $(TOOLS) $(LIBS)
......@@ -108,12 +119,16 @@ install: all
install -m0755 $(SBINTOOLS) $(SBINPATH)
# Install the configuration file
install -m0755 -d $(ETCPATH)
install -m0644 data/ipv6toolkit.conf $(ETCPATH)
# Install the IEEE OUI database
install -m0755 -d $(DATAPATH)
install -m0644 data/oui.txt $(DATAPATH)
# Install the port numbers database
install -m0644 data/service-names-port-numbers.csv $(DATAPATH)
# Install the manual pages
install -m0755 -d $(MANPATH)/man1
install -m0644 manuals/*.1 $(MANPATH)/man1
......@@ -125,6 +140,7 @@ install: all
uninstall:
# Remove the binaries
rm -f $(BINPATH)/addr6
rm -f $(SBINPATH)/blackhole6
rm -f $(SBINPATH)/flow6
rm -f $(SBINPATH)/frag6
rm -f $(SBINPATH)/icmp6
......@@ -132,10 +148,12 @@ uninstall:
rm -f $(SBINPATH)/na6
rm -f $(SBINPATH)/ni6
rm -f $(SBINPATH)/ns6
rm -f $(SBINPATH)/path6
rm -f $(SBINPATH)/ra6
rm -f $(SBINPATH)/rd6
rm -f $(SBINPATH)/rs6
rm -f $(SBINPATH)/scan6
rm -f $(SBINPATH)/script6
rm -f $(SBINPATH)/tcp6
# Remove the configuration file
......@@ -146,6 +164,7 @@ uninstall:
# Remove the manual pages
rm -f $(MANPATH)/man1/addr6.1
rm -f $(MANPATH)/man1/blackhole.1
rm -f $(MANPATH)/man1/flow6.1
rm -f $(MANPATH)/man1/frag6.1
rm -f $(MANPATH)/man1/icmp6.1
......@@ -153,10 +172,12 @@ uninstall:
rm -f $(MANPATH)/man1/na6.1
rm -f $(MANPATH)/man1/ni6.1
rm -f $(MANPATH)/man1/ns6.1
rm -f $(MANPATH)/man1/path6.1
rm -f $(MANPATH)/man1/ra6.1
rm -f $(MANPATH)/man1/rd6.1
rm -f $(MANPATH)/man1/rs6.1
rm -f $(MANPATH)/man1/scan6.1
rm -f $(MANPATH)/man1/script6.1
rm -f $(MANPATH)/man1/tcp6.1
rm -f $(MANPATH)/man5/ipv6toolkit.conf.5
rm -f $(MANPATH)/man7/ipv6toolkit.7
......
*******************************************************************************
* SI6 Networks IPv6 Toolkit v1.5.3 *
* SI6 Networks IPv6 Toolkit v2.0 beta *
*******************************************************************************
Description of each of the files and directories:
-------------------------------------------------
data: Contains the configuration files and miscellaneous databases.
manuals: Contains the manual pages for the security assessment tools.
tools: Contains the source code for the security assessment tools.
CHANGES.TXT: Contains the changelog of the toolkit
CONTRIB.TXT: Contains the list of people that have contributed to this
project.
CREDITS.TXT: Contains the credits of this project.
LICENSE.TXT: Contains the license for this software (GPLv3)
README.TXT: This file.
......@@ -26,7 +26,8 @@ pages by running the following command:
make install
Note: The libpcap library must be previously installed on the system.
Note: The libpcap library must be previously installed on the system. The
coresponding package is typically named "libpcap-dev".
All the tools have been tested to build (both with gcc and clang) and run on
Debian GNU/Linux 7.0, Debian GNU/kfreebsd 7.0, FreeBSD 9.0, NetBSD 6.1.1,
......
This diff is collapsed.
This diff is collapsed.
......@@ -6,6 +6,7 @@ addr6 \- An IPv6 address analysis and manipulation tool
.RB [\| \-a
.IR IPV6_ADDR\| \ \-i]
.RB [\| \-d \|]
.RB [\| \-d \|]
.RB [\| \-q \|]
.RB [\| \-s \|]
.RB [\| \-j
......@@ -25,7 +26,7 @@ addr6 \- An IPv6 address analysis and manipulation tool
.RB [\| \-K
.IR SCOPE \|]
.RB [\| \-W
,IR UNICAST_TYPE \|]
.IR UNICAST_TYPE \|]
.RB [\| \-G
.IR IID_TYPE \|]
.RB [\| \-v \|]
......@@ -59,13 +60,13 @@ This option request the tool to read IPv6 addresses from standard input (stdin),
.TP
.BI \-j\ PREFIX ,\ \-\-address\ PREFIX
.BI \-j\ PREFIX ,\ \-\-accept\ PREFIX
Accept IPv6 addresses belonging to the specified IPv6 prefix (PREFIX/LEN).
.TP
.BI \-b\ TYPE ,\ \-\-address\ TYPE
.BI \-b\ TYPE ,\ \-\-accept\-type\ TYPE
Accept IPv6 addresses belonging to the specified address type. Valid address types are:
......@@ -75,7 +76,7 @@ Accept IPv6 addresses belonging to the specified address type. Valid address typ
.TP
.BI \-k\ SCOPE ,\ \-\-address\ SCOPE
.BI \-k\ SCOPE ,\ \-\-accept\-scope\ SCOPE
Accept IPv6 addresses belonging to the specified address scope. Valid address scopes are:
......@@ -91,7 +92,7 @@ Accept IPv6 addresses belonging to the specified address scope. Valid address sc
* unspecified
.TP
.BI \-w\ UNICAST_TYPE ,\ \-\-address\ UNICAST_TYPE
.BI \-w\ UNICAST_TYPE ,\ \-\-accept\-utype\ UNICAST_TYPE
Accept IPv6 addresses belonging to the specified unicast type. Valid unicast address types are:
......@@ -107,7 +108,7 @@ Accept IPv6 addresses belonging to the specified unicast type. Valid unicast add
.TP
.BI \-g\ IID_TYPE ,\ \-\-address\ IID_TYPE
.BI \-g\ IID_TYPE ,\ \-\-accept\-iid\ IID_TYPE
Accept unicast IPv6 addresses with an Interface ID of the specified type. Valid Interface ID types are:
......@@ -125,13 +126,13 @@ Accept unicast IPv6 addresses with an Interface ID of the specified type. Valid
.TP
.BI \-J\ PREFIX ,\ \-\-address\ PREFIX
.BI \-J\ PREFIX ,\ \-\-block\ PREFIX
Block IPv6 addresses belonging to the specified IPv6 prefix (PREFIX/LEN).
.TP
.BI \-B\ TYPE ,\ \-\-address\ TYPE
.BI \-B\ TYPE ,\ \-\-block\-type\ TYPE
Block IPv6 addresses belonging to the specified address type. Valid address types are:
......@@ -141,7 +142,7 @@ Block IPv6 addresses belonging to the specified address type. Valid address type
.TP
.BI \-K\ SCOPE ,\ \-\-address\ SCOPE
.BI \-K\ SCOPE ,\ \-\-block\-scope\ SCOPE
Block IPv6 addresses belonging to the specified address scope. Valid address scopes are:
......@@ -158,7 +159,7 @@ Block IPv6 addresses belonging to the specified address scope. Valid address sco
.TP
.BI \-W\ UNICAST_TYPE ,\ \-\-address\ UNICAST_TYPE
.BI \-W\ UNICAST_TYPE ,\ \-\-block\-utype\ UNICAST_TYPE
Block IPv6 addresses belonging to the specified unicast type. Valid unicast address types are:
......@@ -174,7 +175,7 @@ Block IPv6 addresses belonging to the specified unicast type. Valid unicast addr
.TP
.BI \-G\ IPV6_ADDRESS ,\ \-\-address\ IID_TYPE
.BI \-G\ IPV6_ADDRESS ,\ \-\-block\-iid\ IID_TYPE
Block unicast IPv6 addresses with an Interface ID of the specified type. Valid Interface ID types are:
......@@ -196,6 +197,11 @@ Block unicast IPv6 addresses with an Interface ID of the specified type. Valid I
This option causes the tool to eliminate duplicate addresses from the list of IPv6 addresses read from standard input (stdin). That is, when reading a list of addresses from stdin, only the first "copy" of each address will be processed by the tool (with later ones being simply ignored).
.TP
.BR \-c ,\ \-\-print\-canonic
This option request the tool to print the IPv6 address specfied with the '\-a' option (or a list of addresses read froom stdin if the '\-i' option was set) in its canonic form. This is useful to before comparing textual representations of IPv6 addresses, since the same address can usually be written in multiple different ways.
.TP
.BR \-d ,\ \-\-print\-decode
......@@ -272,7 +278,7 @@ addr6 will read IPv6 addresses from stdin ('\-i' option), and will only print th
$ addr6 \-a fc00::1
Decode the IPv6 address spcified with the '\-a' option. Note that while the '\-d' option was not set, this is the default behavior of the tool (unless overridden y another option).
Decode the IPv6 address specified with the '\-a' option. Note that while the '\-d' option was not set, this is the default behavior of the tool (unless overridden y another option).
\fBExample #3\fR
......
.TH BLACKHOLE6 1
.SH NAME
blackhole6 \- A tool to find IPv6 blackholes
.SH SYNOPSIS
.B blackhole6
.RB DESTINATION\|
.IR [PARAMETERS \|]
.SH DESCRIPTION
.B blackhole6
is a tool to isolate IPv6 blackholes.
\fBSCRIPTS\fR
\fBget\-mx\fR
This script takes no further arguments, and operates as follows:
.sp
.RS 4
.nf
\+ The tool reads domain names from standard-input (oner per line),
\ and obtains the MX for the corresponding domain.
\+ Lines where the first non-blank character is the numeral sign (#)
\ are consdered to contain comments, and hence are ignored.
\+ The format of the resulting output is:
.fi
.RE
.sp
.RS 4
.nf
# DOMAIN_NAME (CANONIC_NAME)
MX_RECORD_1
MX_RECORD_2
.fi
.RE
\fBget\-ns\fR
This script takes no further arguments, and operates as follows:
.sp
.RS 4
.nf
\+ The tool reads domain names from standard-input (oner per line),
\ and obtains the NS records for the corresponding domain.
\+ Lines where the first non-blank character is the numeral sign (#)
\ are consdered to contain comments, and hence are ignored.
\+ The format of the resulting output is:
.fi
.RE
.sp
.RS 4
.nf
# DOMAIN_NAME (CANONIC_NAME)
MX_RECORD_1
MX_RECORD_2
.fi
.RE
\fBtrace-do8-tcp\fR
\fBtrace-do8-icmp\fR
\fBtrace-do256-tcp\fR
\fBtrace-do256-icmp\fR
These scripts are meant to obtain information about where in the network packets employing IPv6 Extension Headers are being dropped. They test the path with IPv6 packets containing TCP or ICMPv6 payloads and a Destination Options Header of 8 or 256 bytes. Based on the obtained results, the tool can infer what is the system causing the packet drops.
\fBtrace-hbh8-tcp\fR
\fBtrace-hbh8-icmp\fR
\fBtrace-hbh256-tcp\fR
\fBtrace-hbh256-icmp\fR
These scripts are meant to obtain information about where in the network packets employing IPv6 Extension Headers are being dropped. They test the path with IPv6 packets containing TCP or ICMPv6 payloads and a Hop-by-Hop Options Header of 8 or 256 bytes. Based on the obtained results, the tool can infer what is the system causing the packet drops.
\fBtrace-fh256-tcp\fR
\fBtrace-fh256-icmp\fR
These scripts are meant to obtain information about where in the network packets employing IPv6 Extension Headers are being dropped. They test the path with IPv6 packets containing TCP or ICMPv6 payloads resulting in IPv6 fragments of around 256 bytes. Based on the obtained results, the tool can infer what is the system causing the packet drops.
\fBtrace-do8-tcp-stdin\fR
\fBtrace-do8-icmp-stdin\fR
\fBtrace-do256-tcp-stdin\fR
\fBtrace-do256-icmp-stdin\fR
These scripts are meant to obtain information about where in the network packets employing IPv6 Extension Headers are being dropped. They test the path with IPv6 packets containing TCP or ICMPv6 payloads and a Destination Options Header of 8 or 256 bytes. Based on the obtained results, the tool can infer what is the system causing the packet drops. These tools read one IPv6 address per line form standard input and, for each of those addresses, information is printed with the following syntax:
\fBtrace-hbh8-tcp-stdin\fR
\fBtrace-hbh8-icmp-stdin\fR
\fBtrace-hbh256-tcp-stdin\fR
\fBtrace-hbh256-icmp-stdin\fR
These scripts are meant to obtain information about where in the network packets employing IPv6 Extension Headers are being dropped. They test the path with IPv6 packets containing TCP or ICMPv6 payloads and a Hop-by-Hop Options Header of 8 or 256 bytes. Based on the obtained results, the tool can infer what is the system causing the packet drops. These tools read one IPv6 address per line form standard input and, for each of those addresses, information is printed with the following syntax:
\fBtrace-fh256-tcp-stdin\fR
\fBtrace-fh256-icmp-stdin\fR
These scripts are meant to obtain information about where in the network packets employing IPv6 Extension Headers are being dropped. They test the path with IPv6 packets containing TCP or ICMPv6 payloads resulting in IPv6 fragments of around 256 bytes. Based on the obtained results, the tool can infer what is the system causing the packet drops. These tools read one IPv6 address per line form standard input and, for each of those addresses, information is printed with the following syntax:
.TP
.BR \-h\| ,\ \-\-help
Print help information for the
.B scan6
tool.
.SH EXAMPLES
The following sections illustrate typical use cases of the
.B script6
tool.
\fBExample #1\fR
# scan6 \-i eth0 \-L \-e \-v
Perform host scanning on the local network ("\-L" option) using interface "eth0" ("\-i" option). Use both ICMPv6 echo requests and unrecognized IPv6 options of type 10xxxxxx (default). Print link-link layer addresses along with IPv6 addresses ("\-e" option). Be verbose ("\-v" option).
\fBExample #2\fR
# scan6 \-d 2001:db8::/64 \-\-tgt\-virtual\-machines all \-\-ipv4\-host 10.10.10.0/24
Scan for virtual machines (both VirtualBox and vmware) in the prefix 2001:db8::/64. The additional information about the IPv4 prefix employed by the host system is leveraged to reduce the search space.
\fBExample #3\fR
# scan6 \-d 2001:db8::/64 \-\-tgt\-ipv4\-embedded ipv4\-32 \-\-ipv4\-host 10.10.10.0/24
Scan for IPv6 addresses of the network 2001:db8::/64 that embed the IPv4 prefix 10.10.10.0/24 (with the 32-bit encoding).
\fBExample #4\fR
# scan6 \-d 2001:db8:0\-500:0\-1000
Scan for IPv6 addresses of the network 2001:db8::/64, varying the two lowest order 16\-bit words of the addresses in the range 0\-500 and 0\-1000, respectively.
\fBExample #5\fR
# scan6 \-d fc00::/64 \-\-tgt\-vendor 'Dell Inc' \-p tcp
Scan for network devices manufactured by 'Dell Inc' in the target prefix fc00::/64. The tool will employ TCP segments as the probe packets (rather than the default ICMPv6 echo requests).
\fBExample #6\fR
# scan6 \-i eth0 \-L \-S 66:55:44:33:22:11 \-p unrec \-P global \-v
Use the "eth0" interface ("\-i" option) to perform host-scanning on the local network ("\-L" option). The Ethernet Source Address is set to "66:55:44:33:22:11" ("\-S" option). The probe packets will be IPv6 packets with unrecognized options of type 10xxxxxx ("\-p" option). The tool will only print IPv6 global addresses ("\-P" option). The tool will be verbose.
\fBExample #7\fR
# scan6 \-d 2001:db8::/64 \-w KNOWN_IIDS
Perform an address scan of a set of known hosts listed in the file KNOWN_IIDS, at remote network 2001:db8::/64. The target addresses are obtaining by concatenating the network prefix 2001:db8::/64 with the interface IDs of each of the addresses fund in the file KNOWN_IIDS.
\fBExample #8\fR
# scan6 \-i eth0 \-L \-P global \-\-print\-unique \-e
Use the "eth0" interface ("\-i" option) to perform host-scanning on the local network ("\-L" option). Print only global unicast addresses ("\-P" option), and at most one IPv6 address per Ethernet address ("\-\-print\-unique" option). Ethernet addresses will be printed along with the corresponiding IPv6 address ("\-e" option).
\fBExample #9\fR
# scan6 \-m knownprefixes.txt \-w knowniids.txt \-l \-z 60 \-t \-v
Build the list of targets from the IPv6 prefixes contained in the file 'knownprefixes.txt' and the Interface IDs (IIDs) contained in the file 'knowniids.txt'. Poll the targets periodically ("\-l" option), and sleep 60 seconds after each iteration ("\-z" option). Print a timestamp along the IPv6 address of each alive node ("\-t" option). Be verbose ("\-v" option).
.SH AUTHOR
The
.B script6
tool and the corresponding manual pages were produced by Fernando Gont
.I <fgont@si6networks.com>
for SI6 Networks
.IR <http://www.si6networks.com> .
.SH COPYRIGHT
Copyright (c) 2014 Fernando Gont.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front\-Cover Texts, and no Back\-Cover Texts. A copy of the license is available at
.IR <http://www.gnu.org/licenses/fdl.html> .
......@@ -5,9 +5,11 @@ ipv6toolkit \- An IPv6 security assessment and trouble\-shooting toolkit
.SH DESCRIPTION