Script targets-ipv6-multicast-slaac

Script types: prerule
Categories: discovery, broadcast

Script Summary

Performs IPv6 host discovery by triggering stateless address auto-configuration (SLAAC).

This script works by sending an ICMPv6 Router Advertisement with a random address prefix, which causes hosts to begin SLAAC and send a solicitation for their newly configured address, as part of duplicate address detection. The script then guesses the remote addresses by combining the link-local prefix of the interface with the interface identifier in each of the received solicitations. This should be followed up with ordinary ND host discovery to verify that the guessed addresses are correct.

The router advertisement has a router lifetime of zero and a short prefix lifetime (a few seconds)

See also:

Script Arguments


The interface to use for host discovery.

max-newtargets, newtargets

See the documentation for the target library.

Example Usage

nmap -6 --script targets-ipv6-multicast-slaac --script-args 'newtargets,interface=eth0' -sP

Script Output

Pre-scan script results:
| targets-ipv6-multicast-slaac:
|   IP: fe80:0000:0000:0000:1322:33ff:fe44:5566  MAC: 11:22:33:44:55:66  IFACE: eth0
|_  Use --script-args=newtargets to add the results as targets



  • David Fifield
  • Xu Weilin

License: Same as Nmap--See