New publications

Chiron – An All-In-One IPv6 Penetration Testing Framework, by Antonios Atlasis, article published on the Insinuator blog

The article presents the Chiron tool, a IPv6 penetration testing framework. It is composed of three modules:

• IPv6 Scanner: module including most common scanning techniques and some techniques specific to IPv6; ;
• IPv6 Link Local Messages Creation Tool: module allowing the creation of "Link-Local" messages (Router Advertisement, Neighbor Solicitation, Router Redirect, etc.); ;
• IPv4-to-IPv6 Proxy: IPv4 – IPv6 proxy allowing the use of an IPv4-only tool, Nikto for example, on an IPv6-only target.

The article also contains numerous examples of how to use the tools.

New tools

Chiron by Antonios Atlasis, version 0.7

Chiron version 0.7 was released at the Brucon 2014 conference.

New vulnerabilities

CVE-2014-3405 (Autonomic Networking Infrastructure Routing Protocol for Low-Power and Lossy Networks Vulnerability)

• Affected product: Cisco IOS XE
• Impact: injecting routes into the PCA (CVSS Base Score = 4.8)