Script targets-ipv6-multicast-slaac
Script types:
prerule
Categories:
discovery, broadcast
Download: https://svn.nmap.org/nmap/scripts/targets-ipv6-multicast-slaac.nse
Script Summary
Performs IPv6 host discovery by triggering stateless address auto-configuration (SLAAC).
This script works by sending an ICMPv6 Router Advertisement with a random address prefix, which causes hosts to begin SLAAC and send a solicitation for their newly configured address, as part of duplicate address detection. The script then guesses the remote addresses by combining the link-local prefix of the interface with the interface identifier in each of the received solicitations. This should be followed up with ordinary ND host discovery to verify that the guessed addresses are correct.
The router advertisement has a router lifetime of zero and a short prefix lifetime (a few seconds)
See also:
- RFC 4862, IPv6 Stateless Address Autoconfiguration, especially section 5.5.3.
- https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb
Script Arguments
- targets-ipv6-multicast-slaac.interface
The interface to use for host discovery.
- max-newtargets, newtargets
See the documentation for the target library.
Example Usage
nmap -6 --script targets-ipv6-multicast-slaac --script-args 'newtargets,interface=eth0' -sP
Script Output
Pre-scan script results: | targets-ipv6-multicast-slaac: | IP: fe80:0000:0000:0000:1322:33ff:fe44:5566 MAC: 11:22:33:44:55:66 IFACE: eth0 |_ Use --script-args=newtargets to add the results as targets
Requires
Authors:
License: Same as Nmap--See https://nmap.org/book/man-legal.html