IPV6 MITM attack tool
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.




Sudden Six is an automation script for conducting the SLAAC attack outlined in Alec Water's blog post.
This attack can be used to build an IPv6 overlay network on an IPv4 infrastructure to perform man-in-the-middle attacks.

The script installs and configures the following packages:

  • sipcalc
  • tayga
  • radvd
  • wide-dhcpv6-server
  • bind9

Requirements This script has been tested on Ubuntu 12.04 LTS and Kali Linux 1.0.x. We suggest using Wireshark to view the intercepted traffic.


Execute the suddensix.sh script as the root user. The script will prompt you for the interface to conduct the attack from as well as ask you to specify a free IP address on the local IPv4 network you are attacking.
After the script is running, run Wireshark to view the intercepted traffic.

Note: The script is not persistent, the attack host will not intercept traffic after a reboot. The script will not work on fully configured IPv6 networks.

For more information check out the Neohapsis Blog


We need help getting the following finished:

  • A way to specify MITM target scope
  • Automate basic network reconnaissance
  • Detect IPv6 countermeasures
  • Configure IPv6 tunneling
  • Leverage THC-IPv6 tools
  • More platforms

If you are intersted in helping, fork the project and submit a pull request with your additions!