Categories: discovery, broadcast
Performs IPv6 host discovery by triggering stateless address auto-configuration (SLAAC).
This script works by sending an ICMPv6 Router Advertisement with a random address prefix, which causes hosts to begin SLAAC and send a solicitation for their newly configured address, as part of duplicate address detection. The script then guesses the remote addresses by combining the link-local prefix of the interface with the interface identifier in each of the received solicitations. This should be followed up with ordinary ND host discovery to verify that the guessed addresses are correct.
The router advertisement has a router lifetime of zero and a short prefix lifetime (a few seconds)
- RFC 4862, IPv6 Stateless Address Autoconfiguration, especially section 5.5.3.
The interface to use for host discovery.
max-newtargets, newtargetsSee the documentation for the target library.
./nmap -6 --script=slaac_host_discovery.nse --script-args 'newtargets,interface=eth0' -sP
Pre-scan script results: | targets-ipv6-multicast-slaac: | IP: fe80:0000:0000:0000:1322:33ff:fe44:5566 MAC: 11:22:33:44:55:66 IFACE: eth0 |_ Use --script-args=newtargets to add the results as targets
Author: David Fifield, Xu Weilin
License: Same as Nmap--See https://nmap.org/book/man-legal.html