Script dns-ip6-arpa-scan

Script types: prerule
Categories: intrusive, discovery

Script Summary

Performs a quick reverse DNS lookup of an IPv6 network using a technique which analyzes DNS server response codes to dramatically reduce the number of queries needed to enumerate large networks.

The technique essentially works by adding an octet to a given IPv6 prefix and resolving it. If the added octet is correct, the server will return NOERROR, if not a NXDOMAIN result is received.

The technique is described in detail on Peter's blog:

See also:

Script Arguments


the ip6 prefix to scan


the ip6 mask to start scanning from

Example Usage

nmap --script dns-ip6-arpa-scan --script-args='prefix=2001:0DB8::/48'

Script Output

Pre-scan script results:
| dns-ip6-arpa-scan:
| ip                                 ptr
| 2001:0DB8:0:0:0:0:0:2    



  • Patrik Karlsson

License: Same as Nmap--See