for some explanation.
This tool is quite rudimentary. It takes 2 or 3 arguments.
# find all hosts (/128) in this prefix by asking 192.0.2.1
$ ./ip6-arpa-scan.py 0.8.0.0.8.b.d.0.1.0.0.2.ip6.arpa 192.0.2.1
# find all existing /64 networks in this prefix
$ ./ip6-arpa-scan.py 0.8.0.0.8.b.d.0.1.0.0.2.ip6.arpa 192.0.2.1 64
It does not look at results at all, beyond checking for NOERROR. If you point
it at an auth, and there are delegations, it might drill down into those while
asking the auth (because referrals have rcode NOERROR too), wasting a lot of
bandwidth and time. This can be mitigated by expanding the tool (perhaps
requiring a SOA with every NOERROR), or by pointing the tool at a recursor you
have access to. I have not tested this scenario.
The progress indicator is very rough; many networks have concentrated their
hosts in the lower regions of their ranges, so it's not unlikely to see a
very slow climb from 0 to 1 to 2% and then a sudden sprint towards 100%