yersinia

yersinia [options]
yersinia -G | -I
yersinia -p <protocol> [protocol_options]

-G
    Starts Yersinia in graphical user interface (GUI) mode.

-I
    Starts Yersinia in interactive text-based console mode.

-p
    Specifies the protocol to attack. Examples: STP, DHCP, HSRP, VTP, DTP, CDP, ISL, 802.1Q.

-i
    Specifies the network interface to use for sending/receiving packets.

-e
    Executes a protocol-specific command or attack option without entering interactive mode.

-D
    Disables daemonization, keeping Yersinia running in the foreground (useful with -e).

-r
    Reads packets from a pcap file for analysis or replay.

-w
    Writes captured or generated packets to a pcap file.

-l
    Logs output and events to the specified file.

-h
    Displays the help message and exits.

-v
    Displays the version information and exits.

Yersinia is a powerful network security tool designed to analyze and exploit vulnerabilities in various network protocols, primarily focusing on Layer 2 (Data Link Layer) and some Layer 3 protocols. It acts as a framework for performing active attacks against networking protocols like Spanning Tree Protocol (STP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), Virtual Trunking Protocol (VTP), and others. Its main purpose is to test the resilience and security posture of network devices and infrastructure against common protocol-based attacks. Yersinia can be used in graphical, interactive text-based, or command-line modes, making it versatile for different testing scenarios. It helps network administrators and security professionals identify weaknesses that could be exploited by malicious actors, such as Man-in-the-Middle (MITM) attacks, denial-of-service (DoS), or unauthorized network access through protocol manipulation.

Yersinia is a powerful tool capable of disrupting network services. It should only be used in controlled environments for authorized testing and educational purposes. Using it improperly or on networks you do not own or have explicit permission to test is illegal and unethical. It typically requires root privileges to operate network interfaces in raw mode.

Yersinia supports three primary modes: a graphical user interface (-G) for visual interaction, an interactive text-based console (-I) which is highly versatile for command-line users, and a pure command-line mode for scripting or executing specific attacks directly without an interactive session (often used with -e and -D).

Yersinia can launch attacks against a variety of network protocols, including: STP (Spanning Tree Protocol), DHCP (Dynamic Host Configuration Protocol), HSRP (Hot Standby Router Protocol), VTP (VLAN Trunking Protocol), DTP (Dynamic Trunking Protocol), CDP (Cisco Discovery Protocol), ISL (Inter-Switch Link), and 802.1Q (VLAN tagging).

Yersinia was developed by the Black Hat community, with its initial public release at Black Hat Europe. It was created to provide a dedicated tool for performing Layer 2 attacks, which were often overlooked by broader security scanners. Its development aimed to highlight the vulnerabilities in common networking protocols that could lead to significant network disruptions or security breaches, thus promoting better network design and configuration practices.

ettercap(8), nmap(1), scapy(1), tcpdump(1)