• Stars
    star
    750
  • Rank 60,494 (Top 2 %)
  • Language
    C#
  • License
    GNU General Publi...
  • Created over 9 years ago
  • Updated about 9 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Tool to analyze and test security in IPv4 and IPv6 data networks

Evil FOCA

Requirements

Introduction

Evil Foca is a tool for security pentesters and auditors whose purpose it is to test security in IPv4 and IPv6 data networks. The tool is capable of carrying out various attacks such as:

  • MITM over IPv4 networks with ARP Spoofing and DHCP ACK Injection.
  • MITM on IPv6 networks with Neighbor Advertisement Spoofing, SLAAC attack, fake DHCPv6.
  • DoS (Denial of Service) on IPv4 networks with ARP Spoofing.
  • DoS (Denial of Service) on IPv6 networks with SLAAC DoS.
  • DNS Hijacking.

The software automatically scans the networks and identifies all devices and their respective network interfaces, specifying their IPv4 and IPv6 addresses as well as the physical addresses through a convenient and intuitive interface.

Man In The Middle (MITM) attack

The well-known “Man In The Middle” is an attack in which the wrongdoer creates the possibility of reading, adding, or modifying information that is located in a channel between two terminals with neither of these noticing. Within the MITM attacks in IPv4 and IPv6 Evil Foca considers the following techniques:

  • ARP Spoofing: Consists in sending ARP messages to the Ethernet network. Normally the objective is to associate the MAC address of the attacker with the IP of another device. Any traffic directed to the IP address of the predetermined link gate will be erroneously sent to the attacker instead of its real destination.
  • DHCP ACK Injection: Consists in an attacker monitoring the DHCP exchanges and, at some point during the communication, sending a packet to modify its behavior. Evil Foca converts the machine in a fake DHCP server on the network.
  • Neighbor Advertisement Spoofing: The principle of this attack is identical to that of ARP Spoofing, with the difference being in that IPv6 doesn’t work with the ARP protocol, but that all information is sent through ICMPv6 packets. There are five types of ICMPv6 packets used in the discovery protocol and Evil Foca generates this type of packets, placing itself between the gateway and victim.
  • SLAAC attack: The objective of this type of attack is to be able to execute an MITM when a user connects to Internet and to a server that does not include support for IPv6 and to which it is therefore necessary to connect using IPv4. This attack is possible due to the fact that Evil Foca undertakes domain name resolution once it is in the communication media, and is capable of transforming IPv4 addresses in IPv6.
  • Fake DHCPv6 server: This attack involves the attacker posing as the DCHPv6 server, responding to all network requests, distributing IPv6 addresses and a false DNS to manipulate the user destination or deny the service.
  • Denial of Service (DoS) attack: The DoS attack is an attack to a system of machines or network that results in a service or resource being inaccessible for its users. Normally it provokes the loss of network connectivity due to consumption of the bandwidth of the victim’s network, or overloads the computing resources of the victim’s system.
  • DoS attack in IPv4 with ARP Spoofing: This type of DoS attack consists in associating a nonexistent MAC address in a victim’s ARP table. This results in rendering the machine whose ARP table has been modified incapable of connecting to the IP address associated to the nonexistent MAC.
  • DoS attack in IPv6 with SLAAC attack: In this type of attack a large quantity of “router advertisement” packets are generated, destined to one or several machines, announcing false routers and assigning a different IPv6 address and link gate for each router, collapsing the system and making machines unresponsive.
  • DNS Hijacking: The DNS Hijacking attack or DNS kidnapping consists in altering the resolution of the domain names system (DNS). This can be achieved using malware that invalidates the configuration of a TCP/IP machine so that it points to a pirate DNS server under the attacker’s control, or by way of an MITM attack, with the attacker being the party who receives the DNS requests, and responding himself or herself to a specific DNS request to direct the victim toward a specific destination selected by the attacker.

License

EVil FOCA is developed by ElevenPaths and released under the GNU Public License 3.0. For more information, visit the Evil FOCA's webpage at https://www.elevenpaths.com/labstools/evil-foca/index.html

More Repositories

1

FOCA

Tool to find metadata and hidden information in the documents.
C#
2,950
star
2

thethe

thethe
Shell
116
star
3

neto

Neto | A tool to analyse browser extensions
Python
87
star
4

DirtyTooth-RaspberryPi

Exploit the hack for IOS 11.1.2 and earlier to collect leaked information.
Python
81
star
5

siemframework

Python
41
star
6

PESTO

Python
26
star
7

tacyt-maltego-transforms

Python
19
star
8

iPhoneRestrictionsPasscodeBF

C#
15
star
9

Telefonica-WannaCry-FileRestorer-Desktop

C#
15
star
10

GoogleIndexRetriever

Java
12
star
11

EasyDoH

A Firefox plugin that allows you to choose easily between different DNS over HTTPS servers
Python
12
star
12

Wild-Wild-WiFi

Wild Wild WiFi
C#
10
star
13

AtomShields

Security testing framework for repositories and source code
JavaScript
10
star
14

tacyt-sdk-python

Python
7
star
15

AtomShields-cli

Python
7
star
16

m33tfinder

Python
6
star
17

DevicePairedTool

Objective-C
5
star
18

AMSIext

AMSIext
JavaScript
5
star
19

Gists

PowerShell
5
star
20

tacyt-sdk-java

Java
5
star
21

thethe_server

The-The Server
Python
4
star
22

diario-commandline-tools

Python
4
star
23

PinPatrol-Firefox

JavaScript
3
star
24

pyshell2bin

pyshell2bin
Python
3
star
25

sealsigndss-open-client

Java
2
star
26

PySCTChecker

Python
2
star
27

PinPatrol-Chrome

JavaScript
2
star
28

metashield-clean-up-sdk-python

Python
2
star
29

SealSign-BSSAndroidSDK-Samples

Java
2
star
30

MEC

MEC
C#
2
star
31

SealSignDSSLDAPModule

Once registered in a Web App, the HTTP module will capture all requests and check the authentication header for basic credentials. If present, it will authenticate the credentials against the LDAP configured. If not, a 401 response will be sent back to client. The authenticated account will be added to the IIS security context and WCF context through PrimaryIdentity for further processing.
C#
2
star
32

thethe_frontend

The-The Frontend
Vue
2
star
33

SealSign-DSS-JavaApplet

1
star
34

SealSign-BSSNETSDK-Samples

1
star
35

SealSignRemoteDocumentProvider-NodeJS

1
star
36

latch-plugin-openVPN-AS

1
star
37

SealSign-DSSAndroidSDK-Samples

1
star
38

SealSign-BSSMetroSDK-Samples

1
star
39

SealSign-DSSNETSDK-Samples

1
star
40

SealSign-BSSIOSSDK-Samples

1
star
41

SealSign-DSSJavaSDK-Samples

1
star
42

SealSign-DSSWP8SDK-Samples

1
star
43

SealSign-BSSWP8SDK-Samples

1
star
44

SealSign-BSSWPFSDK-Samples

C#
1
star
45

SealSign-DSSIOSSDK-Samples

1
star
46

ghannel

Java
1
star
47

SealSign-BSSJavaSDK-Samples

1
star
48

SealSignRemoteDocumentProvider-WebAPI

JavaScript
1
star
49

SealSign-DSSMetroSDK-Samples

1
star
50

SealSign-SQS-DotNet

Example application of the SealSign SDK Simple Queue Service (SQS) in windows Form application. Ask for the documents, sign them or delete them. With this example you can take a quick look of how SealSign SQS works.
C#
1
star
51

SealSign-ClickOnceClient

JavaScript
1
star