def define_source_ipv6_address(vsource, mac_source, vinterface, vrandom_source, vprefix): source_ip = False if vsource: #If spoofed source_ip = vsource if not checkip.is_valid_ipv6(source_ip): print "Source ip", source_ip, "is not a valid IPv6 address" print "Please, fix the errors and come back" exit(0) elif not mac_source: mac_source = auxiliary_functions.find_single_mac( auxiliary_functions.get_my_ip(vinterface), source_ip, vinterface ) #find the MAC of the spoofed source IP performing nsol if not mac_source: #randomise it print "MAC address for IPv6 address", source_ip, "has not been found" mac_source = address_generators.generate_random_mac() print "random mac address to use as source is", mac_source elif vrandom_source: source_ip = address_generators.generate_random_ipv6(vprefix) if not mac_source: #randomise it mac_source = address_generators.generate_random_mac() print "random mac address to use as source is", mac_source elif vinterface: source_ip = auxiliary_functions.get_my_ip(vinterface) if not mac_source: mac_source = scapy.layers.l2.get_if_hwaddr(vinterface) elif not source_ip: #source_ip=addr print "An available source IPv6 address does not exist. Please, define a source IPv6 address and try again." exit(0) print "The MAC address of your sender is:", mac_source print "The IPv6 address of your sender is:", source_ip print "The interface to use is", vinterface return source_ip, mac_source
def main(): #LET'S PARSE THE ARGUMENTS FIRST parser = argparse.ArgumentParser(version='0.9', description='An IPv6 tool.') parser.add_argument('ipv6interface', action="store", help="the IPv6 network interface to use.") parser.add_argument('ipv4interface', action="store", help="the IPv4 network interface to use.") parser.add_argument('ipv4_sender', action="store", help="the ipv4 address of the initial sender") parser.add_argument('ipv4_receiver', action="store", help="the ipv4 address where the proxy listens to") parser.add_argument('-l4_data', '--layer4_payload', action="store", dest="l4_data", default="", help="the payload of layer4") parser.add_argument('-gw', '--gateway', action="store", dest="gateway", help="a gateway to use (only if required).") parser.add_argument( '-s', '--source', action="store", dest="source", default=False, help="the IPv6 address of the sender (if you want to spoof it).") parser.add_argument( '-rs', '--random-source', action="store_true", dest="random_source", default=False, help= "randomise the IPv6 address of the sender (if you want to spoof it randomly)." ) parser.add_argument( '-m', '--mac', action="store", dest="mac_source", default=False, help="the mac address of the sender (if you want to spoof it).") parser.add_argument( '-tm', '--target_mac', action="store", dest="target_mac", default=False, help= "the mac address of the target (if you want to define it to avoid Neighbor Solicitation)." ) parser.add_argument( '-rm', '--random-mac', action="store_true", dest="random_mac", default=False, help= "randomise the MAC address of the sender (if you want to spoof it randomly)." ) parser.add_argument( '-d', '--destination', action="store", dest="destination", help= "the IPv6 address of the target. Just one target, not a list as in the other modules of the framework. " ) parser.add_argument( '-dns-server', '--dns_server', action="store", dest="dns_server", default="2001:470:20::2", help="the DNS server to use to resolve the hostnames to IPv6 address") parser.add_argument( '-lfE', '--list_fragmented_Extension_Headers', action="store", dest="lEf", default=False, help= "Define an arbitrary list of Extension Headers which will be included in the fragmentable part" ) parser.add_argument( '-luE', '--list_unfragmented_Extension_Headers', action="store", dest="lEu", default=False, help= "Define an arbitrary list of Extension Headers which will be included in the unfragmentable part" ) parser.add_argument( '-hoplimit', '--Hop_Limit', action="store", dest="hoplimit", default=255, help="The Hop Limit value of the IPv6 Header. Default: 255.") parser.add_argument('-nf', '--no_of_fragments', action="store", dest="number_of_fragments", default=0, help="the number of fragments to send") parser.add_argument( '-lnh', '--list_of_next_headers', action="store", dest="list_of_next_headers", default=False, help= "the list of next headers to be used in the Fragment Headers, comma_separated" ) parser.add_argument( '-lo', '--list_of_offsets', action="store", dest="list_of_offsets", default=False, help= "the list of offsets to be used in the Fragment Headers when fragmentation takes place, comma_separated (optional)" ) parser.add_argument( '-ll', '--list_of_fragment_lengths', action="store", dest="list_of_fragment_lengths", default=False, help= "the list of fragment lengths to be used in the Fragment Headers when fragmentation takes place, comma_separated (optional)" ) parser.add_argument( '-lm', '--list_of_fragment_m_bits', action="store", dest="list_of_fragment_m_bits", default=False, help= "the list of fragment M (More Fragments to Follow) bits to be used in the Fragment Headers when fragmentation takes place, comma_separated (optional)" ) parser.add_argument( '-id', '--fragment_id', action="store", dest="fragment_id", default=-1, help= "Fragment Identification number to be used in Fragment Extension Headers durign fragmentation." ) parser.add_argument('-delay', '--sending_delay', action="store", dest="delay", default=0, help="sending delay between two consecutive fragments") parser.add_argument( '-seh', '--size_of_extension_header', action="store", dest="size_of_extheaders", default=1, help="the size of the additional Extension Header (in octets of bytes)" ) parser.add_argument( '-stimeout', '--sniffer_timeout', action="store", dest="sniffer_timeout", default=60, help= "The timeout (in seconds) when the integrated sniffer (IF used) will exit automatically." ) parser.add_argument( '-threads', '--number_of_threads', action="store", dest="no_of_threads", default=10, help="The number of threads to use (for multi-threaded operation).") values = parser.parse_args() ###LETS TO SOME CHECKS FIRST TO SEE IF WE CAN WORK### if os.geteuid() != 0: print "You must be root to run this script." exit(1) scapy.config.conf.verb = 0 scapy.config.conf.L3socket = scapy.supersocket.L3RawSocket #GET YOUR SOURCE IPV6 AND MAC ADDRESS mac_source = definitions.define_source_mac_address(values.mac_source, values.random_mac) source_ip, mac_source = definitions.define_source_ipv6_address( values.source, mac_source, values.ipv6interface, values.random_source, False) #DEFINE DESTINATIONS AND GATEWAY MAC ip_list, IPv6_scope_defined = definitions.define_destinations( values.destination, False, False, False, False) gw_mac = auxiliary_functions.get_gw_mac(values.gateway, values.ipv6interface, ip_list, source_ip) #CONFIGURE IPTABLES if platform.system() == "Linux": #output = subprocess.check_output(['ps', '-A']) #if 'firewalld' in output: # print("firewalld is up an running!") subprocess.call([ 'ip6tables', '-I', 'OUTPUT', '1', '-p', 'icmpv6', '--icmpv6-type', 'destination-unreachable', '-s', source_ip, '-d', values.destination, '-j', 'DROP' ]) subprocess.call([ 'iptables', '-I', 'OUTPUT', '1', '--source', '127.0.0.3', '--destination', '127.0.0.1', '-p', 'tcp', '--tcp-flags', 'RST', 'RST', '-j', 'DROP' ]) subprocess.call([ 'ip6tables', '-I', 'OUTPUT', '1', '-p', 'tcp', '-s', source_ip, '-d', values.destination, '-j', 'DROP' ]) else: print "This is not a Linux system. You must configure the firewall on your own" dest = ip_list[ 0] #Use just the 1st address, if more than one is provided. No reason for many targets addresses in the proxy ###CHECK THE VALIDITY OF THE IP DESTINATION ADDRESSES### ###DO THESE CHECKS ONLY FOR THE CASES REQUIRED### resolved_ipv6_address = "" if checkip.is_valid_host(dest): resolved_ipv6_address = dns_resolve_ipv6_addr(dest, values.dns_server) if resolved_ipv6_address: dest = resolved_ipv6_address[ 0] #get and check just the first address, alternative option below if checkip.is_valid_ipv6(dest): if dest == "ff02::1": ether_dst = "33:33:00:00:00:01" elif values.gateway: ether_dst = gw_mac elif values.target_mac: ether_dst = values.target_mac else: ether_dst = auxiliary_functions.find_single_mac( source_ip, dest, values.ipv6interface) if not ether_dst: p = scapy.layers.inet6.conf.route6.route("::/0") ether_dst = auxiliary_functions.find_single_mac(p[1], p[2], p[0]) if not ether_dst: print dest, "not found" exit(0) if checkip.is_valid_host(dest): res_str = dest + " could not be resolved" else: res_str = dest + " is not a valid IPv6 address" list_of_fragment_lengths, list_of_offsets, list_of_fragment_m_bits, list_of_next_headers = checkings.check_fragmentation_parameters( values.list_of_fragment_lengths, values.list_of_offsets, values.list_of_fragment_m_bits, values.list_of_next_headers, values.number_of_fragments) unfragmentable_part, size_of_unfragmentable_part = create_extension_headers_chain.create_unfragmentable_part( source_ip, dest, int(values.hoplimit), values.lEu, int(values.size_of_extheaders), 0) fragmentable_extension_headers, size_of_fragmentable_extension_headers, first_next_header_value = create_extension_headers_chain.create_fragmentable_part( values.lEf, int(values.size_of_extheaders), 0) list_of_fragment_lengths, list_of_offsets, list_of_fragment_m_bits, list_of_next_headers = checkings.check_fragmentation_parameters( values.list_of_fragment_lengths, values.list_of_offsets, values.list_of_fragment_m_bits, values.list_of_next_headers, values.number_of_fragments) myfilter = "ip6 and src " + dest + " and dst " + source_ip #"src " + values.ipv4_sender + " and dst " + values.ipv4_receiver pr = multiprocessing.Process(target=IPv6_to_IPv4_Worker, args=( myfilter, values.ipv4_receiver, values.ipv4_sender, values.ipv6interface, )) pr.daemon = True pr.start() queueIPv4 = multiprocessing.Queue() myfilter = "src " + values.ipv4_sender + " and dst " + values.ipv4_receiver pr2 = multiprocessing.Process(target=IPv4Sniffer, args=( queueIPv4, myfilter, values.ipv4interface, )) pr2.daemon = True pr2.start() IPv6SenderProcesses = [] for i in xrange(1, int(values.no_of_threads) + 1): print "IPv6 Sender Process ", i IPv6SenderProcesses.append( multiprocessing.Process(target=IPv6Sender, args=( values, queueIPv4, i, mac_source, source_ip, dest, ether_dst, values.ipv6interface, list_of_fragment_lengths, list_of_offsets, list_of_fragment_m_bits, list_of_next_headers, fragmentable_extension_headers, size_of_fragmentable_extension_headers, first_next_header_value, unfragmentable_part, size_of_unfragmentable_part, values.number_of_fragments, ))) IPv6SenderProcesses[i - 1].daemon = True IPv6SenderProcesses[i - 1].start() try: pr.join() pr2.join() for i in xrange(1, int(values.no_of_threads) + 1): IPv6SenderProcesses[i - 1].join() print "Worker %d Created!" % i except KeyboardInterrupt: print 'Received Ctrl-C' #RECONFIGURE IPTABLES if platform.system() == "Linux": print "Reconfigure ip(6)tables to the old state" subprocess.call(['ip6tables', '-D', 'OUTPUT', '1']) subprocess.call(['iptables', '-D', 'OUTPUT', '1']) subprocess.call(['ip6tables', '-D', 'OUTPUT', '1']) print "DONE" exit(0)
def main(): #LET'S PARSE THE ARGUMENTS FIRST parser = argparse.ArgumentParser( version='0.8', description= 'An IPv6 neighbor discovery packet tool with enhanced capabilities and flexibility.' ) parser.add_argument('interface', action="store", help="the network interface to use.") parser.add_argument('-gw', '--gateway', action="store", dest="gateway", help="a gateway to use (only if required).") parser.add_argument( '-s', '--source', action="store", dest="source", default=False, help="the IPv6 address of the sender (if you want to spoof it).") parser.add_argument( '-d', '--destination', action="store", dest="destination", help="the IPv6 address(es) of the target(s) - comma separated.") parser.add_argument( '-rs', '--random-source', action="store_true", dest="random_source", default=False, help= "randomise the IPv6 address of the sender (if you want to spoof it randomly)." ) parser.add_argument( '-m', '--mac', action="store", dest="mac_source", default=False, help="the mac address of the sender (if you want to spoof it).") parser.add_argument( '-tm', '--target_mac', action="store", dest="target_mac", default=False, help= "the mac address of the target (if you want to define it to avoid Neighbor Solicitation)." ) parser.add_argument( '-rm', '--random-mac', action="store_true", dest="random_mac", default=False, help= "randomise the MAC address of the sender (if you want to spoof it randomly)." ) parser.add_argument( '-pr', '--prefix', action="store", dest="prefix", default="fe80::", help="the IPv6 network prefix to use. Example: fe80:224:54ff:feba::") parser.add_argument( '-lfE', '--list_fragmented_Extension_Headers', action="store", dest="lEf", default=False, help= "Define an arbitrary list of Extension Headers which will be included in the fragmentable part" ) parser.add_argument( '-luE', '--list_unfragmented_Extension_Headers', action="store", dest="lEu", default=False, help= "Define an arbitrary list of Extension Headers which will be included in the unfragmentable part" ) parser.add_argument( '-hoplimit', '--Hop_Limit', action="store", dest="hoplimit", default=False, help= "The Hop Limit value of the IPv6 Header. Default: 255 (for MLD, default=1)." ) parser.add_argument('-nf', '--no_of_fragments', action="store", dest="number_of_fragments", default=0, help="the number of fragments to send") parser.add_argument( '-lnh', '--list_of_next_headers', action="store", dest="list_of_next_headers", default=False, help= "the list of next headers to be used in the Fragment Headers, comma_separated" ) parser.add_argument( '-lo', '--list_of_offsets', action="store", dest="list_of_offsets", default=False, help= "the list of offsets to be used in the Fragment Headers when fragmentation takes place, comma_separated (optional)" ) parser.add_argument( '-ll', '--list_of_fragment_lengths', action="store", dest="list_of_fragment_lengths", default=False, help= "the list of fragment lengths to be used in the Fragment Headers when fragmentation takes place, comma_separated (optional)" ) parser.add_argument( '-lm', '--list_of_fragment_m_bits', action="store", dest="list_of_fragment_m_bits", default=False, help= "the list of fragment M (More Fragments to Follow) bits to be used in the Fragment Headers when fragmentation takes place, comma_separated (optional)" ) parser.add_argument( '-seh', '--size_of_extension_header', action="store", dest="size_of_extheaders", default=1, help="the size of the additional Extension Header (in octets of bytes)" ) parser.add_argument('-l4', '--layer4', action="store", dest="layer4", default="icmpv6", help="the layer4 protocol") parser.add_argument('-l4_data', '--layer4_payload', action="store", dest="l4_data", default="", help="the payload of layer4") parser.add_argument('-dhcpv6_server', '--dhcpv6-server', action="store_true", dest="dhcpv6_server", default=False, help="DHCPv6 service operation") parser.add_argument('-dhcpv6_preference', '--dhcpv6_preference', action="store", dest="dhcpv6_preference", default=255, help="Preference of the DHCPv6 Server") parser.add_argument('-dhcpv6_prefered_lft', '--dhcpv6_prefered_lft', action="store", dest="dhcpv6_prefered_lft", default=375, help="Prefered lifetime of the DHCPv6 Server") parser.add_argument('-dhcpv6_valid_lft', '--dhcpv6_valid_lft', action="store", dest="dhcpv6_valid_lft", default=600, help="Valid lifetime of the DHCPv6 Server") parser.add_argument('-dhcpv6_DNS_Domain_name', '--dhcpv6_DNS_Domain_name', action="store", dest="dhcpv6_DNS_Domain_name", default="mylab.example", help="DNS Domain name of the DHCPv6 Server") parser.add_argument('-dhcpv6_DNS_Server', '--dhcpv6_DNS_Server', action="store", dest="dhcpv6_DNS_Server", default="2001:db8:1:1::1000", help="DNS Server provided by the DHCPv6 Server") parser.add_argument('-CVE_2012_2744', '--CVE_2012_2744', action="store_true", dest="CVE_2012_2744", default=False, help="CVE 2012-2744 Exploitation") parser.add_argument('-mitm', '--slaac_mitm', action="store_true", dest="mitm", default=False, help="Man in the Middle Attack Using SLAAC Attack") parser.add_argument( '-mitm_pcap', '--mitim_pcap_file', action="store", dest="mitm_pcap", default="/tmp/mitm.pcap", help= "pcap file where the traffic captured using the MITM attack will be stored." ) #print "Usage: program.py <your_ipv6_address> <targets_comma_separated> <iface> <pcap_file_to_write_captured_traffic>" values = parser.parse_args() ###LETS TO SOME CHECKS FIRST TO SEE IF WE CAN WORK### if os.geteuid() != 0: print "You must be root to run this script." exit(1) if (not values.dhcpv6_server and not values.CVE_2012_2744 and not values.mitm): print "Please tell me what you want me to do" exit(0) #scapy.config.conf.verb=0 scapy.layers.inet6.conf.verb = 0 myinterface = values.interface #GET YOUR SOURCE IPV6 AND MAC ADDRESS mac_source = definitions.define_source_mac_address(values.mac_source, values.random_mac) source_ip, mac_source = definitions.define_source_ipv6_address( values.source, mac_source, values.interface, values.random_source, values.prefix) print "Source MAC address", mac_source, "Source IPv6 Address", source_ip if values.dhcpv6_server: #check if fragmentation parameters are OK list_of_fragment_lengths, list_of_offsets, list_of_fragment_m_bits, list_of_next_headers = checkings.check_fragmentation_parameters( values.list_of_fragment_lengths, values.list_of_offsets, values.list_of_fragment_m_bits, values.list_of_next_headers, values.number_of_fragments) list_of_unfragmented_ext_headers = [] list_of_fragmented_ext_headers = [] if values.lEu: list_of_unfrag_ext_headers = create_extension_headers_chain.make_list_of_ext_headers( values.lEu) list_of_unfragmented_ext_headers = create_extension_headers_chain.identify_parameters( list_of_unfrag_ext_headers) if values.lEf: list_of_frag_ext_headers = create_extension_headers_chain.make_list_of_ext_headers( values.lEf) list_of_fragmented_ext_headers = create_extension_headers_chain.identify_parameters( list_of_frag_ext_headers) fragmentable_extension_headers, size_of_fragmentable_extension_headers, first_next_header_value = create_extension_headers_chain.create_fragmentable_part( values.lEf, int(values.size_of_extheaders), 0) print "Starting sniffing..." myfilter = "ip6" print "Sniffer filter is", myfilter s = scapy.config.conf.L2socket(iface=myinterface) # Open Socket Once dhcpv6attack = DHCPv6Attack( myfilter, values.interface, mac_source, source_ip, values.dhcpv6_preference, values.dhcpv6_prefered_lft, values.dhcpv6_valid_lft, values.dhcpv6_DNS_Domain_name, values.dhcpv6_DNS_Server, list_of_unfragmented_ext_headers, list_of_fragmented_ext_headers, values.size_of_extheaders, values.number_of_fragments, list_of_next_headers, list_of_offsets, list_of_fragment_lengths, list_of_fragment_m_bits, values.prefix, int(values.hoplimit), values.lEu, first_next_header_value, fragmentable_extension_headers, size_of_fragmentable_extension_headers, s) dhcpv6attack.run() #sniff(filter=myfilter, iface=values.interface, prn=handler, store=0) elif values.CVE_2012_2744: if not values.destination: print "You must define your target (destination)" exit(0) else: addr6 = ipaddr.IPAddress(values.destination) myaddr = addr6.exploded if myaddr[0:2] == "ff": if int(myaddr[2]) >= 0 and int(myaddr[2]) < 8: ether_dst = "33:33:" + myaddr[30:32] + ":" + myaddr[ 32:37] + ":" + myaddr[37:39] elif values.gateway: ether_dst = auxiliary_functions.find_single_mac( source_ip, values.gateway, values.interface) else: if values.target_mac: ether_dst = values.target_mac else: ether_dst = auxiliary_functions.find_single_mac( source_ip, myaddr, values.interface) if not ether_dst: print "Destination was not found. Please consider defining a gateway, if needed." print "Destination MAC address", ether_dst, "Destination IPv6 Address", values.destination attacks.CVE_2012_2744(values.interface, mac_source, source_ip, values.destination, ether_dst) elif values.mitm: file_to_write = values.mitm_pcap ip_list = values.destination.split(",") victims = attacks.find_mac_using_spoofed_source( source_ip, ip_list, myinterface, mac_source) print "the victims are", victims q = multiprocessing.Queue() pr = multiprocessing.Process(target=SpoofUnNA, args=( victims, myinterface, mac_source, )) pr.daemon = True pr.start() # signal.signal(signal.SIGINT, signal_handler) myfilter = "ip6" mitm = MitmAttack(myfilter, values.interface, source_ip, mac_source, victims, file_to_write) mitm.run()
def __init__(self, values,source_ip,mac_source,list_of_next_headers,list_of_offsets,list_of_fragment_lengths,list_of_fragment_m_bits,gw_mac,queue, IPv6_scope_defined,packets_sent_list,tid) : #print "Worker initalisation" self.queue = queue self.tid = tid self.values = values self.source_ip=source_ip self.mac_source=mac_source self.list_of_next_headers=list_of_next_headers self.list_of_offsets=list_of_offsets self.list_of_fragment_lengths=list_of_fragment_lengths self.list_of_fragment_m_bits=list_of_fragment_m_bits self.gw_mac=gw_mac self.IPv6_scope_defined=IPv6_scope_defined self.packets_sent_list=packets_sent_list while True : dest = 0 try: myworks = self.queue.get(timeout=1) dest = myworks[0] destports = myworks[1] except Queue.Empty : #print "Worker %d exiting." % (self.tid) return targets=[] ###CHECK THE VALIDITY OF THE IP DESTINATION ADDRESSES### #self.lock.acquire() #try: resolved_ipv6_address="" if checkip.is_valid_host(dest): if self.dns_resolution_cache.get(dest): dest=self.dns_resolution_cache.get(dest) else: resolved_ipv6_address=scanners.dns_resolve_ipv6_addr(self.source_ip,dest, self.values.dns_server, self.gw_mac,self.values.interface) if resolved_ipv6_address: resolved=resolved_ipv6_address[0]#get and check just the first address, alternative option below print resolved, "is the IPv6 address of the host",dest self.dns_resolution_cache[dest]=resolved dest=resolved #finally: # #self.lock.release() if self.IPv6_scope_defined==True or checkip.is_valid_ipv6(dest): #No reason to check for the validity of an address if a scope has been defined addr6 = ipaddr.IPAddress(dest) myaddr=addr6.exploded if myaddr[0:2]=="ff": if int(myaddr[2]) >= 0 and int(myaddr[2]) < 8: ether_dst="33:33:"+myaddr[30:32]+":"+myaddr[32:37]+":"+myaddr[37:39] #elif self.gw_mac: # ether_dst=self.gw_mac else: if self.values.target_mac: ether_dst=self.values.target_mac elif self.neighbor_solicitation_cache.get(dest): ether_dst=self.neighbor_solicitation_cache.get(dest) #elif not self.neighbor_solicitation_cache.has_key(dest): else: ether_dst=auxiliary_functions.find_single_mac(self.source_ip, dest, self.values.interface) #USE THE DEFAULT GATEWAY# if not ether_dst: if self.gw_mac: ether_dst=self.gw_mac #else: # print "Destination was not found. Please consider defining a gateway, if needed." self.neighbor_solicitation_cache[dest]=ether_dst if not ether_dst: print dest, "not found" if ether_dst: if self.values.nsol: print "IPv6 address ",dest, " has MAC adddress ", ether_dst s = scapy.config.conf.L2socket(iface=values.interface) # Open Socket Once unfragmentable_part,size_of_unfragmentable_part=create_extension_headers_chain.create_unfragmentable_part(source_ip, dest,int(values.hoplimit),values.lEu,int(values.size_of_extheaders),values.fuzz) fragmentable_extension_headers,size_of_fragmentable_extension_headers,first_next_header_value=create_extension_headers_chain.create_fragmentable_part(values.lEf,int(values.size_of_extheaders),values.fuzz) if self.values.pmtu: if int(self.values.dmtu) > 1500: print "Your MTU value is",self.values.dmtu,"bytes, which is bigger than the Ethernet MTU (1500). Exiting..." else: scanners.path_mtu_discovery(self.source_ip,dest,ether_dst,self.values.interface,self.values.dmtu) elif (self.values.pn or self.values.sS or self.values.sX or self.values.sR or self.values.sF or self.values.sA or self.values.sN or self.values.sU or self.values.rh0): layer4_and_payload=None if self.values.pn: layer4_and_payload=create_layer4.icmpv6(self.values.icmpv6_type,self.values.icmpv6_code,self.values.l4_data) elif self.values.sS: layer4_and_payload=create_layer4.tcp_packet(destports, "S", self.values.l4_data) elif self.values.sX: layer4_and_payload=create_layer4.tcp_packet(destports, "FPU",self.values.l4_data) elif self.values.sR: layer4_and_payload=create_layer4.tcp_packet(destports, "R",self.values.l4_data) elif self.values.sF: layer4_and_payload=create_layer4.tcp_packet(destports, "F",self.values.l4_data) elif self.values.sA: layer4_and_payload=create_layer4.tcp_packet(destports, "A",self.values.l4_data) elif self.values.sN: layer4_and_payload=create_layer4.tcp_packet(destports, "",self.values.l4_data) elif self.values.sU: layer4_and_payload=create_layer4.udp_packet(destports,self.values.l4_data) elif self.values.rh0: layer4_and_payload=create_layer4.type_0_routing_header([self.source_ip],self.values.layer4,self.values.l4_data,destports) packets=create_extension_headers_chain.create_datagram(mac_source,ether_dst,int(values.number_of_fragments),list_of_next_headers,list_of_offsets,list_of_fragment_lengths,list_of_fragment_m_bits,values.fragment_id,unfragmentable_part,size_of_unfragmentable_part,first_next_header_value,fragmentable_extension_headers,size_of_fragmentable_extension_headers,layer4_and_payload) create_extension_headers_chain.send_packets(s,packets,values.flood,values.delay) elif self.values.tr_gen: if destports==-1: if self.values.layer4=="tcp": destports=80 elif self.values.layer4=="udp": destports=53 for hop_limit in range(self.values.minttl,self.values.maxttl+1): if self.values.layer4=="tcp": source_port=random.randrange(1,65535,1) while packets_sent_list.has_key(source_port): source_port=random.randrange(1,65535,1) packets_sent_list[source_port]=(hop_limit,dest) layer4_and_payload=create_layer4.tcp_packet_id(destports,"S",self.values.l4_data,source_port) elif self.values.layer4=="udp": source_port=random.randrange(1,65535,1) while packets_sent_list.has_key(source_port): source_port=random.randrange(1,65535,1) packets_sent_list[source_port]=(hop_limit,dest) layer4_and_payload=create_layer4.udp_packet_id(destports,self.values.l4_data,source_port) else: #default layer4=="icmpv6": icmpid=random.randrange(1,65535,1) #generate a random ICMPv6 id while packets_sent_list.has_key(icmpid): icmpid=random.randrange(1,65535,1) #generate a random ICMPv6 id packets_sent_list[icmpid]=(hop_limit,dest) layer4_and_payload=create_layer4.icmpv6_id(self.values.l4_data,icmpid) packets=create_extension_headers_chain.create_datagram(mac_source,ether_dst,int(values.number_of_fragments),list_of_next_headers,list_of_offsets,list_of_fragment_lengths,list_of_fragment_m_bits,values.fragment_id,unfragmentable_part,size_of_unfragmentable_part,first_next_header_value,fragmentable_extension_headers,size_of_fragmentable_extension_headers,layer4_and_payload) create_extension_headers_chain.send_packets(s,packets,values.flood,values.delay) else: if checkip.is_valid_host(dest): res_str=dest+ " could not be resolved" else: res_str=dest+ " is not a valid IPv6 address" self.results.append(res_str) self.queue.task_done()
def run(self): print self.name, "running" with self.lock: self.no_of_consumers.value += 1 while True: dest = 0 try: myworks = self.queue.get(timeout=1) dest = myworks[0] destports = myworks[1] except Queue.Empty: print self.name, "exiting" with self.lock: self.no_of_consumers.value -= 1 return ###CHECK THE VALIDITY OF THE IP DESTINATION ADDRESSES### resolved_ipv6_address = "" if checkip.is_valid_host(dest): if self.dns_resolution_cache.get(dest): dest = self.dns_resolution_cache.get(dest) else: resolved_ipv6_address = scanners.dns_resolve_ipv6_addr( self.source_ip, dest, self.values.dns_server, self.gw_mac, self.values.interface) if resolved_ipv6_address: resolved = resolved_ipv6_address[ 0] #get and check just the first address, alternative option below print resolved, "is the IPv6 address of the host", dest self.dns_resolution_cache[dest] = resolved dest = resolved if self.IPv6_scope_defined == True or checkip.is_valid_ipv6( dest ): #No reason to check for the validity of an address if a scope has been defined addr6 = ipaddr.IPAddress(dest) myaddr = addr6.exploded if myaddr[0:2] == "ff": if int(myaddr[2]) >= 0 and int(myaddr[2]) < 8: ether_dst = "33:33:" + myaddr[30:32] + ":" + myaddr[ 32:37] + ":" + myaddr[37:39] else: if self.values.target_mac: ether_dst = self.values.target_mac elif self.neighbor_solicitation_cache.get(dest): ether_dst = self.neighbor_solicitation_cache.get(dest) else: ether_dst = auxiliary_functions.find_single_mac( self.source_ip, dest, self.values.interface) if not ether_dst: if self.gw_mac: ether_dst = self.gw_mac self.neighbor_solicitation_cache[dest] = ether_dst if not ether_dst: print dest, "not found" if ether_dst: if not self.values.tr_gen: self.unfragmentable_part, self.size_of_unfragmentable_part = create_extension_headers_chain.create_unfragmentable_part( self.source_ip, dest, int(self.values.hoplimit), self.values.lEu, int(self.values.size_of_extheaders), self.values.fuzz) if self.values.nsol: print "IPv6 address ", dest, " has MAC adddress ", ether_dst if self.values.pmtu: if int(self.values.dmtu) > 1500: print "Your MTU value is", self.values.dmtu, "bytes, which is bigger than the Ethernet MTU (1500). Exiting..." else: scanners.path_mtu_discovery( self.source_ip, dest, ether_dst, self.values.interface, self.values.dmtu) elif (self.values.pn or self.values.sS or self.values.sX or self.values.sR or self.values.sF or self.values.sA or self.values.sN or self.values.sU or self.values.rh0): layer4_and_payload = None if self.values.pn: layer4_and_payload = create_layer4.icmpv6( self.values.icmpv6_type, self.values.icmpv6_code, self.values.l4_data) elif self.values.sS: layer4_and_payload = create_layer4.tcp_packet( destports, "S", self.values.l4_data) elif self.values.sX: layer4_and_payload = create_layer4.tcp_packet( destports, "FPU", self.values.l4_data) elif self.values.sR: layer4_and_payload = create_layer4.tcp_packet( destports, "R", self.values.l4_data) elif self.values.sF: layer4_and_payload = create_layer4.tcp_packet( destports, "F", self.values.l4_data) elif self.values.sA: layer4_and_payload = create_layer4.tcp_packet( destports, "A", self.values.l4_data) elif self.values.sN: layer4_and_payload = create_layer4.tcp_packet( destports, "", self.values.l4_data) elif self.values.sU: layer4_and_payload = create_layer4.udp_packet( destports, self.values.l4_data) elif self.values.rh0: layer4_and_payload = create_layer4.type_0_routing_header( [self.source_ip], self.values.layer4, self.values.l4_data, destports) packets = create_extension_headers_chain.create_datagram( self.mac_source, ether_dst, int(self.values.number_of_fragments), self.list_of_next_headers, self.list_of_offsets, self.list_of_fragment_lengths, self.list_of_fragment_m_bits, self.values.fragment_id, self.unfragmentable_part, self.size_of_unfragmentable_part, self.first_next_header_value, self.fragmentable_extension_headers, self.size_of_fragmentable_extension_headers, layer4_and_payload) create_extension_headers_chain.send_packets( self.s, packets, self.values.flood, self.values.delay) elif self.values.tr_gen: print "TRACEROUTING" packets_list = {} if self.values.layer4 == "tcp": if destports == -1: destports = 80 print "Traceroute using TCP", destports for hop_limit in range(self.values.minttl, self.values.maxttl + 1): source_port = random.randrange(1, 65535, 1) while packets_list.has_key(source_port): source_port = random.randrange(1, 65535, 1) packets_list[source_port] = (hop_limit, dest) layer4_and_payload = create_layer4.tcp_packet_id( destports, "S", self.values.l4_data, source_port) self.unfragmentable_part, self.size_of_unfragmentable_part = create_extension_headers_chain.create_unfragmentable_part( source_ip, dest, hop_limit, self.values.lEu, int(self.values.size_of_extheaders), self.values.fuzz) packets = create_extension_headers_chain.create_datagram( self.mac_source, ether_dst, int(self.values.number_of_fragments), self.list_of_next_headers, self.list_of_offsets, self.list_of_fragment_lengths, self.list_of_fragment_m_bits, self.values.fragment_id, self.unfragmentable_part, self.size_of_unfragmentable_part, self.first_next_header_value, self.fragmentable_extension_headers, self. size_of_fragmentable_extension_headers, layer4_and_payload) create_extension_headers_chain.send_packets( self.s, packets, self.values.flood, self.values.delay) packets_sent_list.put(packets_list) elif self.values.layer4 == "udp": if destports == -1: destports = 53 print "Traceroute using UDP", destports for hop_limit in range(self.values.minttl, self.values.maxttl + 1): source_port = random.randrange(1, 65535, 1) while packets_list.has_key(source_port): source_port = random.randrange(1, 65535, 1) packets_list[source_port] = (hop_limit, dest) layer4_and_payload = create_layer4.udp_packet_id( destports, self.values.l4_data, source_port) self.unfragmentable_part, self.size_of_unfragmentable_part = create_extension_headers_chain.create_unfragmentable_part( source_ip, dest, hop_limit, self.values.lEu, int(self.values.size_of_extheaders), self.values.fuzz) packets = create_extension_headers_chain.create_datagram( self.mac_source, ether_dst, int(self.values.number_of_fragments), self.list_of_next_headers, self.list_of_offsets, self.list_of_fragment_lengths, self.list_of_fragment_m_bits, self.values.fragment_id, self.unfragmentable_part, self.size_of_unfragmentable_part, self.first_next_header_value, self.fragmentable_extension_headers, self. size_of_fragmentable_extension_headers, layer4_and_payload) create_extension_headers_chain.send_packets( self.s, packets, self.values.flood, self.values.delay) packets_sent_list.put(packets_list) else: #default layer4=="icmpv6": print "Traceroute using ICMPv6", dest for hop_limit in range(self.values.minttl, self.values.maxttl + 1): icmpid = random.randrange( 1, 65535, 1) #generate a random ICMPv6 id while packets_list.has_key(icmpid): icmpid = random.randrange( 1, 65535, 1) #generate a random ICMPv6 id packets_list[icmpid] = (hop_limit, dest) layer4_and_payload = create_layer4.icmpv6_id( self.values.l4_data, icmpid) self.unfragmentable_part, self.size_of_unfragmentable_part = create_extension_headers_chain.create_unfragmentable_part( self.source_ip, dest, hop_limit, self.values.lEu, int(self.values.size_of_extheaders), self.values.fuzz) packets = create_extension_headers_chain.create_datagram( self.mac_source, ether_dst, int(self.values.number_of_fragments), self.list_of_next_headers, self.list_of_offsets, self.list_of_fragment_lengths, self.list_of_fragment_m_bits, self.values.fragment_id, self.unfragmentable_part, self.size_of_unfragmentable_part, self.first_next_header_value, self.fragmentable_extension_headers, self. size_of_fragmentable_extension_headers, layer4_and_payload) create_extension_headers_chain.send_packets( self.s, packets, self.values.flood, self.values.delay) self.packets_sent_list.put(packets_list) else: if checkip.is_valid_host(dest): res_str = dest + " could not be resolved" else: res_str = dest + " is not a valid IPv6 address" self.results.append(res_str) self.queue.task_done() return