2

When I try to use nmap:

# nmap -sP -6 FE80::1-234
[...] Failed to resolve given IPv6 hostname/IP: FE80::1-234. Note that you can't use '/mask' or '[1-4,7,100-]' style ranges for IPv6.[...]

What other tool can I use?

schroeder
  • 123,438
  • 55
  • 284
  • 319
seymourbirkoff
  • 41
  • 1
  • 1
  • 3

3 Answers3

8

There was an interesting presentation from Metasploit on this recently (blog post is here)

From that there are a number of techniques that nmap can use to identify IPv6 hosts on the local network which could be of use to you

Scanning your local subnet for all IPv6-enabled systems in one shot:

nmap -6 --script=targets-ipv6-multicast-*

Port scanning the top 10000 ports on these assets:

nmap -6 --script=targets-ipv6-multicast-* --script-args=newtargets -PS --top-ports=10000

Rory McCune
  • 60,923
  • 14
  • 136
  • 217
  • 1
    +1 nice catch on the new nmap scripts! The limitation here is that you have to be 'link-local': http://nmap.org/nsedoc/scripts/targets-ipv6-multicast-echo.html – schroeder Apr 10 '12 at 22:21
4

Using nmap

Write a short script to generate the IPv6 range you want to scan, then pass that to nmap using -iL

nmap -Pn -sS -p 80 -6 -iL ipv6.txt

IPv6 Target File

For the script (if you need help with this part) do a for loop:

for i in {1..234}; do echo "FE80::$i" >> ipv6.txt; done

The only limit I see with this setup, is that you will have to calculate the appropriate ip range, which might not be simple, depending on the network design.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • 2
    Do not forget that IPv6 uses hex numbers: ```for i in {1..234}; do printf "2001:5c0:1400:a::%x\n" $i >> ipv6.txt; done``` – Vanuan Mar 01 '13 at 19:23
1

You can use THC-IPv6 as well.

lisa17
  • 1,958
  • 7
  • 21
  • 43