Topera

IPv6 analysis tool: the other side

Download .zip Download .tar.gz View on GitHub

What's Topera?

Topera is a new security tools for IPv6, with the particularity that their attacks can't be detected by Snort.

Snort is the most known IDS/IPS and is widely used in many different critical environments. Some commercial tools (Juniper or Checkpoint ones) use it as detection engine also.

Mocking snort detection capabilities could suppose a high risk in some cases.

All the community is invited to test it in any environment and we would be thankful if you send us any feedback.

This tool was presented in the second edition of the Security Conference "Navaja Negra" (http://www.navajanegra.com) by Daniel Garcia a.k.a cr0hn (@ggdaniel) and Rafa Sanchez (@r_a_ff_a_e_ll_o ).

What's new?

New version of Topera (0.0.2) include these improvements:

  1. Slow HTTP attacks (Slowloris over IPv6).
  2. Improved TCP port scanner.

Why?

Our intention is to promote awareness of and show the security implications of IPv6.

How to use it?

Help

topera help image

List plugins:

# topera.py -L
topera list modes

Topera loris mode:

Run with default options:

# python topera.py -M topera_loris -t fe80:b100:::c408

Run specifing: destination port, delay between connections, and number os extensions headers:

# python topera.py -M topera_loris -t fe80:b100:::c408 \
--dport 8080 --delay 0 --headers-num 0 -vvv
topera list modes

Topera in TCP port scanner mode:

Run with default options:

# python topera.py -M topera_tcp_scan -t fe80:b100:::c408

Run specifing: ports to scan, delay between connections, and number os extensions headers:

# python topera.py -M topera_tcp_scan -t fe80:b100:::c408 \
-p 21,22,23,80,8080 --scan-delay 0 --headers-num 0 -vvv
topera list modes

Video

Contact

You can contact with us at this mail: