This is a guest post from Antonios Atlasis.
===
Having just finished the second “Advanced Attack Techniques against IPv6 Networks” workshop (some of the course material can be found here), organised and hosted by ERNW and their partner HM Training Solutions, I would like to take this opportunity to release publicly one of my scripting tools, an IPv6 scanner. This tool is based on Scapy (so you have to install Scapy and its prerequisites before using it). It should not be considered as a replacement or a competitor of nmap against IPv6 or of the scanners incorporated into the great IPv6 toolkits already released by Marc Heuse and Fernando Gont, but, instead, as a tool released mainly for educational purposes. Specifically, this scanner, apart from supporting some of the most well known port scanning techniques, from ping scanning to SYN, RESET, ACK, XMAS, etc., etc., TCP or UDP scanning, it also combines, by using the suitable switches, some IDS/IPS evasion techniques. As I have found out up to now, at least two of them, if used “properly”, can be effective against a very popular IDS/IPS software used by many “Fortune 100” companies out there. This means that you can launch actually any type of the supported network-scanning techniques while flying under the radar of this specific IDS software (and perhaps some other too, who knows…). But first of all, as always please check the corresponding README file.
However, the most important advantage of this scanner is, in my humble opinion, that due to the use of Scapy and Python, it can be pretty easy for everybody, no matter what his previous programming experience is, to dive into the code, understand it, modify it, or even add new features by using just a few lines of code.
If you have any comments, find any bugs (and there should be several of them…), suggestions, willingness or ideas to implement some new features, please, do not hesitate to contact with me at aatlasis@secfu.net.
But, this is just the beginning. My intention is not only to continue developing this scanner by adding more features and more evasion techniques, but to also implement some additional modules which… OK, let’s don’t announce this yet. However, fingers crossed, this new framework will be released during the IPv6 Security Summit at Troopers 14. So, make sure to be there, if interested.
In the meantime, I intend to release several updated versions of this IPv6 scanner. These will take place at least during every new “Advanced Attack Techniques against IPv6 Networks” workshops in the near future and moreover, it will be announced from this blog. So, stay tuned. The current version can be downloaded here.
Up to then, please use it responsibly, try it at …home only and enjoy!
Antonios