April 18, 2022

Tools for Scanning IPv6 networks

IPv6 networking is increasingly being adopted by businesses and organisations around the world. Though there are many popular scanners for IPv4, here’s a list that covers some of the tools that can be used to scan IPv6 networks.

Table of Contents

Introduction

     Nmap

     fi6s

     RustScan

     Masscan

     v6disc

Conclusion

Other Articles in this Series

Introduction

IPv6 was introduced as a replacement for IPv4 foreseeing the exhaustion of the IPv4  address space at some point in the future. IPv6 provides many security benefits by design. For instance, using some tools (and with the requisite bandwidth), an attacker could scan the entire public IPv4 address space in less than an hour. With IPv6 however, even when taking a very liberal estimate, a scan of all IPv6 addresses would take hundreds, possibly hundreds of thousands of years.

Many popular network scanners are used by sysadmins and SREs for scanning and discovery of IPv4 hosts and services within their network, whether for the purpose of inventorying the network or to spot security issues in the network. Since the adoption of IPv6 has started, sysadmins and SREs who would like to look into their IPv6 networks can take a look at some of the open source IPv6 scanners that we will be listing in this article.

Note: Make sure that the scans are conducted in the networks where you are allowed to do so with appropriate permissions. 

When searching for tools and options for port scanning and host discovery for IPv6, you can definitely take a look at the following 5 tools. All the tools listed here for IP v6 scanning are open source.

Nmap

Nmap is one of the most popular network scanners for discovering hosts and services on the network. Nmap has been used for scanning IPv4 networks for years, but did you know this tool also supports IPv6 scans? Yes! Nmap has support for IPv6 scans. All you need to do is supply ‘-6’ argument to scan an IPv6 network.

nmap

fi6s

fi6s is a fast port scanner for IPv6 networks written in C. fi6s makes use of its own TCP/IP stack to scan IPv6 networks with fast speed. A known limitation of fi6s is that it does not have support for all UDP protocols, and will only produce results when scanning for supported UDP protocols. Also from the github page it appears that this  software is not maintained actively anymore, but if you are just looking to experiment with some tools, you can give it a try.

fi6s

RustScan

RustScan is an extremely fast port scanner written in - as the name suggests - Rust. RustScan boasts the ability to scan all 65535 ports in 3 seconds, though the speed might also depend on the networking equipment available to you. Consumer networking devices might not be equipped for the bandwidth throughput required for achieving the scan speeds mentioned above. 

rustscan

Masscan

Masscan is an Internet-wide port scanner written in C. This tool uses its own TCP/IP stack and is capable of sending 10 million packets per second (as long as the network and the machine does not limit the tool’s ability).

masscan

v6disc

v6disc is different from all of the other tools mentioned so far, as it is used for host discovery and not port scanning. v6disc has dual-stack support which can be useful for mapping an IPv6 and IPv4 address pair to a particular host.

v6disc

Conclusion

Since the adoption of IPv6 has started, it has become an interesting area to learn and understand IPv6 and its implementation. The tools mentioned in this list can be used to perform scans of IPv6 networks. When using  “mass scanning” tools however (such as fi6s, Masscan or rustscan), specific considerations and techniques might need to be used for scans to be effective.

While there are a few addressing techniques and scanning methods that can be used to reduce the estimated scan time of IPv6 networks, widespread adoption of IPv6 still does bring with it certain changes to networking that have to be considered from a security perspective.

Other Articles in this Series

Scanning IPv6 with Nmap

Scanning IPv6 with fi6s

Scanning IPv6 with RustScan

Scanning IPv6 with Masscan

Scanning IPv6 with v6disc

***

This article is brought to you by Kloudle Academy, a free e-resource compilation, created and curated by Kloudle. Kloudle is a cloud security management platform that uses the power of automation and simplifies human requirements in cloud security. Receive alerts for Academy by subscribing here.

Written by:
Riyaz Walikar

Riyaz Walikar

Chief Hacker

Riyaz is a security evangelist, offensive security expert and researcher with over a decade of experience in the cyber security industry. His passion to break into some of the most well defended networks and systems in his career spanning 15 years has earned him a lot respect within the security industry. He has led Security Assessment and Penetration Testing teams at Pricewaterhouse Coopers (PwC) and Appsecco, and the Product Security Team at Citrix before co-founding Kloudle. Riyaz now specializes in cloud native, container and cloud security in general, helping build an easy to use security management platform to help companies enhance their visibility in the cloud, identify security misconfigurations and automate remediation for security gaps enabling compliance and operational security in multi-cloud environments. He is also an avid speaker and trainer and presents his research and findings at security conferences and community meetups around the world including BlackHat USA, BH Europe, BH Asia, nullcon and OWASP AppsecUSA.Specialties: Cloud (AWS, GCP, Azure, IBM, Others) Security, Cloud-Native Security, Kubernetes, Container Security, Web Application Security, Network and System Penetration Testing, Wireless Network Security, Malware Analysis and Reverse Engineering, Threat Modelling, Windows Forensics, Security Code Review, Vulnerability Research, Exploit Development and Reverse Engineering. Certifications: CKA, CKAD, OSCP

Read more