June 7, 2022

Scanning IPv6 with fi6s

fi6s is a port scanning tool for scanning IPv6 networks. This article features a short guide on setting up and using fi6s’s port scanning capabilities.

Table of Contents

Introduction

Before we begin

Setting up fi6s

Scanning IPv6 networks with fi6s

Conclusion

Other Articles in this Series

Introduction

In our listicle on Tools for Scanning IPv6 networks, you can find some open source tools that can be used for scanning IPv6 networks. In this article, we are back with our next instalment on tools for scanning IPv6. In this article, we will take a look at our second tool in the list - fi6s.

fi6s is a fast, open source port scanner for IPv6 networks written in C. fi6s makes use of a custom TCP/IP stack to scan IPv6 networks with speed, making it ideal for large-scale IPv6 network scanning tasks. This tutorial will guide you through installing fi6s and using the tool to scan an IPv6 network.

Notes:

  1. fi6s has support for most Linux operating systems, however, the tool does not officially support Windows. It may be possible to make use of fi6s on Windows machines through WSL Ubuntu, however, at the time of writing, this method isn’t confirmed or suggested on the project repository as a workaround.
  2. Make sure that the scans are conducted on the networks where you are allowed to do so with appropriate permissions.

Before we begin

Like any other IPv6 scanning tool, your system needs to support IPv6 in order to utilise fi6s’ scanning capabilities. To verify that your system and network are properly configured to have IPv6 access, you can run either of the following commands:

  1. ip -6 addr
command
  1. ifconfig | grep inet6
command

Setting up fi6S

The source code for fi6s can be downloaded from the GitHub project repository. There are no pre-compiled binaries available for fi6s, thus requiring the tool’s binary to be compiled manually. GCC (or the GNU Compiler Collection) is a prerequisite for compiling the tool successfully.

As per the installation instructions provided on the repository, fi6s (and the required dependencies) can be downloaded and compiled by running the following commands:

sudo apt install gcc make git libpcap-dev
git clone https://github.com/sfan5/fi6s.git
cd fi6s
make BUILD_TYPE=release

You can verify whether the tool was successfully compiled by running `./fi6s -h`. Additionally, the following commands can be used to move the compiled binary to `/usr/bin`, allowing for it to be executed regardless of the present working directory of the shell.

chmod +x fi6s
sudo mv fi6s /usr/bin
fi6s -h

Scanning IPv6 networks with fi6s

The syntax for fi6s is fairly simple. It will be intuitive for those who have used other port scanning tools (such as Nmap) before. Let’s consider the sample command provided in the README file for the project.

sudo fi6s -p 80,8000-8100 2001:db8::/120

The above command will scan port 80, as well as every port in the 8000 to 8100 range, for the 256 addresses in the range denoted by the CIDR notation. A useful feature of the tool is the `--print-hosts` option, which, when supplied along with a CIDR notation, will print a list of all IPv6 addresses that would be scanned as a result of the command being executed. Very useful if you want to quickly see a list of IP addresses that are targets in the CIDR you specify.

A tiny drawback of this tool is that it does not support hostname conversion, so you cannot actually scan ipv6.google.com directly but will have to provide its IPv6 address 2404:6800:4007:818::200e, instead.

Here’s an example of fi6s being used to scan for port 443 on Facebook’s famous IPv6 address

sudo fi6s -p 443 2a03:2880:f11c:8183:face:b00c::25de

command

By default, fi6s will only scan addresses for open TCP ports. The author of the tool recommends adding the following ipv6tables rule to ensure scans aren’t slowed down as a result of a flurry of ICMPv6 unreachable responses for UDP scans. Note: Though recommended, this is not required, and the tool should still be able to scan UDP ports without having to add the rule.

ip6tables -A INPUT -p udp -m udp --dport 12345 -j DROP

After adding the rule to ip6tables, scanning UDP ports with fi6s is as easy as prepending the `--udp` option along with other required arguments for a scan. UDP scanning is unreliable in most cases, so the results would need to be verified using service specific tools (for example snmpwalk to confirm if UDP 161 is really open or not).

Note: To get a complete list of options and arguments that can be used with fi6s, run `./fi6s -h`.

Conclusion

In this article, we discussed how to set up and use fi6s to scan IPv6 networks. fi6s is an open source tool designed for speed. The source code for the tool is available under the AGPL-3.0 licence.

This article is part of a series on scanning IPv6 addresses. Come back for our next article in the series in which we will take a look at another IPv6 scanner - RustScan.

Other Articles in this series:

Tools for Scanning IPv6 networks

Scanning IPv6 with Nmap

Scanning IPv6 with RustScan

***

This article is brought to you by Kloudle Academy, a free e-resource compilation, created and curated by Kloudle. Kloudle is a cloud security management platform that uses the power of automation and simplifies human requirements in cloud security. Receive alerts for Academy by subscribing here.

Written by:
Karan Saini

Karan Saini

Cloud Security Specialist

Karan is a technologist and security researcher with an interest in network and application security, open source intelligence, and consumer privacy.

Read more
Riyaz Walikar

Riyaz Walikar

Chief Hacker

Riyaz is a security evangelist, offensive security expert and researcher with over a decade of experience in the cyber security industry. His passion to break into some of the most well defended networks and systems in his career spanning 15 years has earned him a lot respect within the security industry. He has led Security Assessment and Penetration Testing teams at Pricewaterhouse Coopers (PwC) and Appsecco, and the Product Security Team at Citrix before co-founding Kloudle. Riyaz now specializes in cloud native, container and cloud security in general, helping build an easy to use security management platform to help companies enhance their visibility in the cloud, identify security misconfigurations and automate remediation for security gaps enabling compliance and operational security in multi-cloud environments. He is also an avid speaker and trainer and presents his research and findings at security conferences and community meetups around the world including BlackHat USA, BH Europe, BH Asia, nullcon and OWASP AppsecUSA.Specialties: Cloud (AWS, GCP, Azure, IBM, Others) Security, Cloud-Native Security, Kubernetes, Container Security, Web Application Security, Network and System Penetration Testing, Wireless Network Security, Malware Analysis and Reverse Engineering, Threat Modelling, Windows Forensics, Security Code Review, Vulnerability Research, Exploit Development and Reverse Engineering. Certifications: CKA, CKAD, OSCP

Read more