Developing OSINT tool for collecting and analyzing IPv6 information

Abstract

Over the past decade, there has been a notable rise in the adoption of the Internet Protocol Version 6 (IPv6) protocol. However, with the global rise of IPv6 devices, there is a growing demand for an Open-Source Intelligence (OSINT) tool capable of conducting comprehensive analyses of IPv6 traffic. This work concentrates on the development of an OSINT tool in Java programming language, specifically designed to capture and analyze IPv6 traffic, whether in real-time or from loaded files. The theoretical part offers a comprehensive analysis of OSINT tools while enhancing the existing knowledge of the IPv6 and its associated protocols. The developed program serves as a unified platform designed to extract IPv6-related information, including details across all layers of the TCP/IP protocol suite, MAC vendor, geographic location as well as node identification. Additionally, it conducts an extensive analysis of captured traffic to detect potential security weakness and threats, systematically mapping identified issues to the Common Attack Pattern Enumerations and Classifications (CAPEC) and Common Weaknesses Enumeration (CWE) databases. This would enhance the efficiency of IPv6 traffic collection and analysis, thereby facilitating the future identification of potential security vulnerabilities.

Over the past decade, there has been a notable rise in the adoption of the Internet Protocol Version 6 (IPv6) protocol. However, with the global rise of IPv6 devices, there is a growing demand for an Open-Source Intelligence (OSINT) tool capable of conducting comprehensive analyses of IPv6 traffic. This work concentrates on the development of an OSINT tool in Java programming language, specifically designed to capture and analyze IPv6 traffic, whether in real-time or from loaded files. The theoretical part offers a comprehensive analysis of OSINT tools while enhancing the existing knowledge of the IPv6 and its associated protocols. The developed program serves as a unified platform designed to extract IPv6-related information, including details across all layers of the TCP/IP protocol suite, MAC vendor, geographic location as well as node identification. Additionally, it conducts an extensive analysis of captured traffic to detect potential security weakness and threats, systematically mapping identified issues to the Common Attack Pattern Enumerations and Classifications (CAPEC) and Common Weaknesses Enumeration (CWE) databases. This would enhance the efficiency of IPv6 traffic collection and analysis, thereby facilitating the future identification of potential security vulnerabilities.