Tool and Usage
Why this tool?
Chiron is a security assessment framework for IPv6. It provides several modules including an IPv6 scanner, IPv6 Local Link, IPv4-to-IPv6 proxy, IPv6 attack module, and IPv6 proxy. These modules help to perform an assessment, like a penetration test.
The tool uses IPv6 extension headers to create a headers chain. This may allow evading security devices like IDS, IPS, and firewalls. Due to the flexibility of the framework, the tool can also be used to perform fuzzing of the IPv6 stack of a device.
How it works
Chiron is written in Python and using Scapy to create its traffic. The sniffer in Chiron does not use the OS stack, but its own implementation.
Usage and audience
Chiron is commonly used for network analysis, network scanning, or network security monitoring. Target users for this tool are network administrators and pentesters.
- Command line interface
Example usage and output
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + The source code of this software is available
- - No releases on GitHub available
History and highlights
- Demo at Black Hat USA 2018 Arsenal
Supported operating systems
Chiron is known to work on Linux.
Several dependencies are required to use Chiron.
Similar tools to Chiron:
Pysap is a Python library to craft SAP network protocol packets. It can be used for analysis and security assessments.
WarBerryPi is a toolkit to provide a hardware implant during penetration testing or red teaming. Read how it works in this review.
The 0trace.py utility is a rewrite of 0trace (by another author) to perform reconnaissance and bypass network firewalls.
This tool page was updated at . Found an improvement? Help the community by submitting an update.
Related tool information
- IPv6 extension header
- IPv6 extension headers allow providing optional Internet Layer information. These headers are placed between a fixed header and the upper-layer protocol header. By using a Next Header field, a headers chain can be created. It is a flexible method to customize IPv6 packets.