THC IPv6 Attack Toolkit

The THC IPv6 Attack Toolkit provides a collection of specialized tools for assessing IPv6 network security by exploiting protocol weaknesses. It enables penetration testers to perform alive scanning, detect new devices, conduct DNS enumeration, and execute various denial-of-service attacks against IPv6 and ICMPv6 implementations. Tools cover neighbor discovery manipulation, router advertisement flooding, DHCPv6 fuzzing, and implementation checks useful for firewall testing.

Use cases include IPv6 network reconnaissance, protocol vulnerability validation, and red team exercises targeting misconfigured IPv6 deployments. The toolkit supports evasion techniques like fragmentation headers and hop-by-hop options to bypass RA guards and firewalls. It works against Windows, Linux, OS/X, and BSD systems, with many tools leveraging link-local and multicast addresses for local network attacks.

Caution is advised as some tools can crash vulnerable systems or cause heavy network load. The suite is particularly valuable for auditing enterprise IPv6 rollouts where default configurations often expose attack surfaces.

Tools craft malformed or spoofed IPv6/ICMPv6 packets exploiting protocol behaviors like Duplicate Address Detection (DAD), Neighbor Discovery (ND), Router Advertisements (RA), and Multicast Listener Discovery (MLD). Scanning uses ping, erroneous packets, and port probes; DoS leverages header flooding (hop-by-hop, destination), fragmentation, and amplification via multicast. Spoofing impersonates routers/DHCP servers via NA/RA/MLD packets; fuzzing mutates packet fields/headers to trigger crashes. Evasion adds extension headers (fragmentation, routing, jumbo) to bypass filters. Many tools sniff network traffic for dynamic targeting and support source randomization.