SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for thc-ipv6-3.2-2.1.x86_64.rpm :

* Thu Jan 19 2017 mardnhAATTgmx.de- update to version 3.2
* added toobigsniff6: send ICMPv6 toobig messages for sniffed traffic
* added alive2map.sh script to create a network map (graphviz->jpg) from a list of alive hosts
* alive6: fixed displaying right source of one packet type
* dump_router6: added -S option to specify an IPv6 source address
* fake_router26: new -f option to specify the sending mac address
* thcsyn6: added -f and -d options
* flood_router26: - added -m option to force DHCPv6 managed and other configuration - reduced lifetime for -s option to 1s
* dnssecwalk: added TCP mode (-t)
* dnsrevenum6: added TCP mode (-t)
* fake_advertise6: a second packet always was sent with no flags. fixed.
* flood_rs6 and thcping6: small fixes
* re-enabled raw mode, works now with modern kernels it seems
* small reliability patches by Benjamin Kellermann, thanks!
* added man page auto generator by Benjamin Kellermann, thanks!
* small change to the Makefile to allow installation even if not everything could be compiled (libraries missing)- rebased patches
* thc-ipv6-obey-cflags.diff
* Fri Apr 15 2016 mardnhAATTgmx.de- update to version 3.0 - fragrouter6 (NEW TOOL) - evade IDS easily and use all your favorite IPv6 attack tools - connsplit6 (NEW TOOL) - split up a connection so that replies are sent to a different IPv6 address -
*.sh - added a lot of shell helper scripted for zone transfers, creating maps, etc. - 6to4test.sh, create_network_map.sh, extract_hosts6.sh, six2four.sh, axfr-reverse.sh, axfr.sh, dnsrevenum6.sh, extract_networks6.sh, thc-ipv6-setup.sh, dnssecwalk.sh, trace62list.sh, dos_mld6.sh, local_discovery6.sh - alive26: - -r renew option was accidently always on by default - added -I /mask random source option - restructured the -h help output - fake_router26: - option -X removes router entry from targets on exit (patch from Dan Luedtke, thanks) - flood_router26: - Fix - the source mac was always null bytes without evasion, thank to Christopher Werny for reporting - ndpexaust26: - option -m generates maximum size packets - dump_router6: - fixed route option parsing - support for new RA options - dump_dhcp6 - added vendorid support for request - thcping6: - added -O TCP Fast Open cookie request option - fuzz_dhcps6 - enhancements to the help output - added -w sec wait between packets option - added more options to the solicitate request to fuzz - thcping6: - added -O TCP Fast Open cookie request option - thcsyn6 - added -O TCP Fast Open fake cookie sending option - fixed memory leak - connect6: - will now print the known MTU path to the destination upon succesful connect - Renamed dos_mld.sh to dos_mld6.sh and local_discovery.sh to local_discovery6.sh- ran spec-cleaner- add patches: - thc-ipv6-obey-cflags.diff - thc-ipv6-use-pkgconfig-for-libnetfilter_queue-cflags.diff - thc-ipv6-fix-implicit-pointer-declaration.diff
* Fri Jan 16 2015 svenAATTuebelacker.net- updated to version 2.7- changes from 2.3 to 2.7 - All flood_
* tools: - changed destination so that targets can be remote. Yes this should not work, but sometimes it does :-) - New tool: fuzz_dhcpc6 - DHCPv6 client fuzzer, submitted by Darrell Ambro, thanks a lot! - Added new script: six2four.sh - send an IPv6 packet via a 6to4 gateway - Added new script: grep6.pl - extracts an IPv6 in all possible notations from a file (from Eric Vyncke) - alive6: - setting -C twice increases the common address search space significantly - fixed from-to definition implementation - added \"-y step\" option, to define the step range when performing from-to scans (e.g. 2001:1::0-ff), default step range is of course 1, max is 256 - selects the source IPv6 address for every new target now; waiting, if no fitting IPv6 address is present on the interface until one is - if you use -s for alive scanning, the new \"one packet fingerprinting\" functionality is automatically used, courtesy of warlord AATT nologin from his poison tool - error message if a packet can not be send for >50ms, and waiting for 60 seconds - cleaned up help output and add -hh more help/options output - thcsyn6: - added -m dstmac option (good for DOSing local, esp. hot standby addresses) - added -d dst hdr option - documented -a hbh-ra option - denial6: - added five more test cases with HBH-RA and AH headers - flood_router26 - added -a hopbyhop with router alert option - changed a default so the attacks do not show up in Snort IDS - flood_redir6 - added -a hopbyhop with router alert option - flood_solicitate6 - added query address parameter option - added -a hopbyhop with router alert option - fuzz_ip6: - fixes for HBH and DST EH fuzzing - thcping6: - added -x flood option - added -e ethertype option - added -V IP version option - added -L payload length option - added -N next header option - now prints fragID of fragmented replies - implementation6: - a few more test cases and fixes - dump_dhcp6 - more option decoding, better solicitate packet - added sending information request packet - four2six: - support for source port and ping ID (required for AFTR) - trace6: - support for MTU sizes > 2500 added - implementation6 - fixed to test cases where the wrong fragment nxt header was set (thanks to Gabriel Bertram for reporting) - inverse_lookup6 - fixed to display only the IPv6 addresses (and not interpret other data as such) - thc-ipv6-lib - global addresses are now prefered over unique local if no destination is set - fixed a bug in IPv4 CRC calculation function - cppcheck and Coverity issues checked and fixed - added spelling fixes by Debian maintainers - Moved the license from GPLv3 to AGPLv3 (see LICENSE file) - Support for big endian processors added - Added new tool: fuzz_dhcps6 - DHCPv6 server fuzzer. Submitted by Brandon Hutcheson and Graeme Neilson - great job, thanks! - Added new tool: flood_redir6 - flooding with ICMPv6 redirects - Added new tool: flood_rs6 - flooding with ICMPv6 Router Soliciations - Added new tool: four2six - send an IPv4 packet via a 4to6 gateway - Added new tool: dump_dhcp6 - show all DHCP6 servers and their config - Added new script: six2four.sh - send an IPv6 packet via a 6to4 gateway - All flooding tools: - support now a specific target instead of all local nodes - printing a dot for each 1000 packets sent (before: 100) - alive6: - renamed option -D to -C (common address scan), -D still works too - added -4 IPv6address/range option - added -H option to print the hop count value of received packets - added -L option to only report local alive systems - added -P option to only print addresses that would be scanned, but no scanning - added -R option to not consider TCP-RST packets as alive signals - NDP alives now also get their MAC addresses printed - reworked help output, simple help screen with no option, full help with -h parameter - clarified that ranges (from-to) should not be used together with -D -M or -4 - -W option waited for micro not milliseconds, fixed - flood_router26 - added -S slow start option which makes the flooding a bit more effective - added -G gigantic packet option (64kb, fragmented) - increased number of route/prefix entries in normal (non -G option) packets - rewrote the help screen - thcsyn6: - changed to also allow syn flooding on link local - parasite6: - added ROUTER flag to all packets to prevent being removed from the routing list - trace6: - added -u UDP switch - fixed bug that showed targets sometimes too far away
* Wed Oct 16 2013 svenAATTuebelacker.net- updated to version 2.3 - Added new tool: thcsyn5 - a TCP flooding tool - Added new tool: redirsniff6 - redirects traffic (sniff variant to redir6) - Added new script: thc-ipv6-setup.sh - configuring Linux for thc-ipv6 - Added new script: 6to4test.sh - check an ipv4 address for dynamic 6to4 tunnel setup - flood_router26: added -s option for small lifetime which makes the attack even more devasting - trace6: - added -B option for sending echo reply packets (will not show the destination) - added -E option for sending destination headers with invalid option - thcping6: - -U/-S port options now also set the source port - -U/-S options now also send data if given - -f fragment option can now be used multiple times - implementation6: - fixed bug in test case - added icmp6 type/code printing for error replies - toobig6: added -u option to allow testing for unrelated ICMPv6 packet firewall bypasses - firewall6: added more test cases - thc-ipv6-lib: - fixed address selection bug if global and ULA addresses are present - change NDP to use ff02::1:ffxx:xxx limited multicast addresses - thc_resolve6 ignores now anything after a \"/\" or in before/after \"[]\"
* Fri Dec 28 2012 svenAATTuebelacker.net- updated to version 2.1 - added new tool: dnssecwalk - performs NSEC walking including IPv6+IPv4 resolving - added new tool: firewall6 - various TCP/UDP ACL bypass test cases - added new tool: fake_pim6 - send fake hello and join/prune pim messages - added new tool: ndpexhaust26 - very performant ndp exhauster based on ICMP error toobig messages but can send many types of packets - alive6: ranges are now supported in the input file too - parasite6: enhancements to make it way more effective - fake_router26: added overlap RA guard evasion type (-E o, -E O) - dos-new-ip6: fix that only DAD replies are sent, not full NDP spoofing :-) (thanks to Johannes Weber for reporting) - flood_router26: Added local LAN privacy extension prevention attack by George Kargiotakis - randicmp6: - added function which dumps icmp answers received - added funtionality to send a specific type (and also code) - dnsdict6: added SRV result address resolving - trace6: fix for routers which add padding to the packets - fuzz_ip6: added -X option for not sending a transport layer - inject_alive6: added -a option to allow selective active alive sending - fake_advertise6: when no srcmac was specified, it was sent as all zeroes instead of the real mac (thanks to Jannes Weber for reporting) - fixed various injection issues (mostly too large packets for MTU on interface) - thc-ipv6-lib: added function thc_send_as_overlapping_{first,last}_fragment6 - Added GPL exception clause to license to allow linking to OpenSSL - debian people need this - Makefile: added patch from gentoo maintainers
* Mon Oct 15 2012 svenAATTuebelacker.net- updated to version 2.0 - new tools: alive6, flood_router26 - enhancement of trace6, thcping6, etc.- patch for Makefile added (thcping6 double definition)
* Mon Sep 24 2012 svenAATTuebelacker.net- updated to version 1.9 - new tools: detect_sniffer6, fake_router26, dnsrevenum6, inverse_lookup6, fake_solicitate6, address6, passive_discovery6 - updated tools - code cleanup- detailed Changelog here: /usr/share/doc/packages/thc-ipv6/CHANGES
* Mon Aug 22 2011 svenAATTuebelacker.net- updated to version 1.8: new tools, manpages, and options- detailed Changelog here: /usr/share/doc/packages/thc-ipv6/CHANGES
* Thu May 19 2011 svenAATTuebelacker.net- initial openSUSE port
 
ICM