THC IPv6 Attack Toolkit alternatives

Looking for an alternative tool to replace THC IPv6 Attack Toolkit? During the review of THC IPv6 Attack Toolkit we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. Chiron (IPv6 security assessment framework)
  2. addrwatch (monitoring of ARP and IP addresses)
  3. arping (ARP scanner)

These tools are ranked as the best alternatives to THC IPv6 Attack Toolkit.

Alternatives (by score)

60

Chiron

Introduction

Chiron is a security assessment framework for IPv6. It provides several modules including an IPv6 scanner, IPv6 Local Link, IPv4-to-IPv6 proxy, IPv6 attack module, and IPv6 proxy. These modules help to perform an assessment, like a penetration test.

The tool uses IPv6 extension headers to create a headers chain. This may allow evading security devices like IDS, IPS, and firewalls. Due to the flexibility of the framework, the tool can also be used to perform fuzzing of the IPv6 stack of a device.

Project details

Chiron is written in Python.

Strengths and weaknesses

  • + The source code of this software is available
  • - No releases on GitHub available

Typical usage

  • Network analysis
  • Network scanning
  • Network security monitoring

Chiron review

60

addrwatch

Introduction

Similar to arpwatch, this tool addrwatch will monitor the pairing between ethernet and IP addresses.

Main features:

  • IPv4 and IPv6 address monitoring
  • Monitoring multiple network interfaces with one daemon
  • Monitoring of VLAN tagged (802.1Q) packets
  • Output to stdout, plain text files, syslog, sqlite3, MySQL
  • IP address usage history preserving output and logging

Project details

84

arping

Introduction

arping is similar to the 'ping' utility for testing a network and the discovery of systems. Where the 'ping' command typically uses the Internet Control Message Protocol (ICMP), arping uses the Address Resolution Protocol (ARP).

Project details

63

ArpON

Introduction

ArpOn protects a system by running as a daemon and guard against a Man in the Middle (MitM) attack due to ARP spoofing, cache poisoning, or an ARP poison routing attack.

The tool works by using three types of inspection to detect a related attack.

  • SARPI (Static ARP Inspection), statically configured networks (without DHCP)
  • DARPI (Dynamic ARP Inspection), dynamically configured networks (with DHCP)
  • HARPI (Hybrid ARP Inspection), statically and dynamically configured networks (with DHCP)

Project details

ArpON is written in C.

Strengths and weaknesses

  • + The source code of this software is available

    ArpON review

    52

    arp-scan

    Introduction

    The arp-scan utility can be used to detect hosts on the network. As it uses ARP, it only applies to IPv4, as IPv6 uses the neighbour discovery protocol (NDP).

    Project details

    78

    ntopng

    Introduction

    The ntopng replaced the older ntop utility. It now focuses on high-speed traffic analysis and flow collection. Typically this is useful for analysis of network traffic and troubleshooting of overused network links.

    Project details

    ntopng is written in C++.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Network analysis
      • Troubleshooting

      ntopng review

      93

      Scapy

      Introduction

      Scapy can handle tasks like network scanning, tracerouting, probing, unit tests, attacks or network discovery. Due to its manipulation possibilities, Scapy can send invalid frames. It allows you also to inject custom 802.11 frames, or combine other attacking techniques.

      Project details

      Scapy is written in Python.

      Strengths and weaknesses

      • + More than 2000 GitHub stars
      • + The source code of this software is available
      • - Many provided pull requests are still open

      Typical usage

      • Network analysis
      • Security assessment

      Scapy review

      70

      Yersinia

      Introduction

      The Yersinia tool takes advantage of known weaknesses in several network protocols. It helps with trying to abuse the weaknesses to ensure that network protections are implemented where possible.

      Related protocols:

      • Spanning Tree Protocol (STP)
      • Cisco Discovery Protocol (CDP)
      • Dynamic Trunking Protocol (DTP)
      • Dynamic Host Configuration Protocol (DHCP)
      • Hot Standby Router Protocol (HSRP)
      • 802.1q
      • 802.1x
      • Inter-Switch Link Protocol (ISL)
      • VLAN Trunking Protocol (VTP)

      Project details

      64

      Pyersinia

      Introduction

      Pyersinia is a tool like Yersinia and can perform network attacks such as spoofing ARP, DHCP DoS , STP DoS, and more. It is written in Python and uses Scapy.

      Project details

      Pyersinia is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Network analysis
        • Penetration testing
        • Security assessment

        Pyersinia review

        52

        ssldump

        Introduction

        ssldump is protocol analyzer for SSLv3/TLS network traffic. It identifies TCP connections on the chosen network interface and tries to interpret it.

        Project details

        Strengths and weaknesses

        • + The source code of this software is available
        • - No updates for a while

        Typical usage

        • Network analysis

        ssldump review

        Some relevant tool missing as an alternative to THC IPv6 Attack Toolkit? Please contact us with your suggestion.