Sniffing & Spoofingipv6dhcpv6dnsmitmpentestingwindows

mitm6

mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server by replying to DHCPv6 messages and providing victims with a link-local IPv6 address.

Description

mitm6 enables attackers to perform man-in-the-middle attacks on IPv4 networks via IPv6. It targets Windows systems configured to prefer IPv6, allowing the tool to hijack DNS traffic by responding to DHCPv6 requests with fake IPv6 addresses and setting the attacker's host as the default DNS server.

Use cases include network penetration testing, red team engagements, and demonstrating IPv6-related misconfigurations in enterprise environments. The tool is particularly effective against networks where IPv6 is enabled but not properly secured.

It operates non-interactively once launched, continuously monitoring for DHCPv6 solicitations and responding accordingly to maintain control over victim DNS resolution.

How It Works

mitm6 sends Router Advertisements (RAs) to advertise IPv6 presence, prompting Windows clients to send DHCPv6 solicitations. It replies with a DHCPv6 Advertise containing a link-local IPv6 address and designates the attacker's IP as the DNS server. Windows prioritizes this IPv6 DNS server, routing all DNS queries through the attacker. The tool then intercepts and can manipulate these queries for further exploitation like WPAD or NBT-NS poisoning.

Installation

bash

sudo apt install mitm6

Flags

-h, --helpshow this help message and exit

-i, --interface INTERFACEInterface to use (default: autodetect)

-l, --localdomain LOCALDOMAINDomain name to use as DNS search domain (default: use first DNS domain)

-4, --ipv4 ADDRESSIPv4 address to send packets from (default: autodetect)

-d, --domain DOMAINDomain name to filter DNS queries on (Allowlist principle, multiple can be specified.)

-b, --blocklist, --blacklist DOMAINDomain name to filter DNS queries on (Blocklist

-hw, -ha, --host-allowlist, --host-whitelist DOMAINHostname (FQDN) to filter DHCPv6 queries on (Allowlist

-hb, --host-blocklist, --host-blacklist DOMAINHostname (FQDN) to filter DHCPv6 queries on (Blocklist

--ignore-nofqdnIgnore targets without FQDN

Examples

Display help message and usage information

mitm6 -h

Run mitm6 with autodetected interface and default settings to exploit DHCPv6 on the network

mitm6

Run mitm6 on specific interface eth0

mitm6 -i eth0

Run mitm6 using custom DNS search domain

mitm6 -l localdomain.com

Run mitm6 specifying source IPv4 address

mitm6 -4 192.168.1.100

Run mitm6 filtering DNS queries to only target.com (allowlist)

mitm6 -d target.com

Run mitm6 blocking DNS queries to evil.com (blocklist)

mitm6 -b evil.com

Updated 2026-04-16kali.org ↗