IPv6 network scanner designed to be fast
Switch branches/tags
Nothing to show
Clone or download
sfan5 Fix IPv6 parsing bug for addresses in the form 1:2:3:4:5:6:7::
I knew this was going to bite me eventually, but I did not anticipate
spending an hour on this shit. Why does the RFC allow this?
Why did anyone think this was a good idea?
Latest commit f5bfd5d Nov 17, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
obj Forgot the obj/ folder... Sep 9, 2016
src Fix IPv6 parsing bug for addresses in the form 1:2:3:4:5:6:7:: Nov 17, 2018
.gitignore Initial commit Aug 17, 2016
Dockerfile Add dockerfile Apr 26, 2018
LICENSE License Sep 9, 2016
Makefile I hate C Oct 22, 2018
README.md Update README Apr 8, 2018


fi6s: Fast IPv6 scanner

fi6s is a IPv6 port scanner designed to be fast. This is achieved by sending and processing raw packets asynchronously. The design and goal is pretty similar to Masscan, though it is not as full-featured yet.


Building should be fairly easy on up-to-date distros.

On Ubuntu 16.04 (xenial) it looks like this:

# apt install gcc make git libpcap-dev
$ git clone https://github.com/sfan5/fi6s.git
$ cd fi6s
$ make BUILD_TYPE=release

The scanner executable will be ready in at ./fi6s. Note that fi6s is developed solely on Linux, thus it probably won't compile on non-Linux OSs (notably Windows).


Usage is pretty easy, fi6s will try to auto-detect the dirty technical details (source/dest MAC, source IP).

# ./fi6s -p 80,8000-8100 2001:db8::/120

This example will:

  • scan the 2001:db8::/120 subnet (256 addresses in total)
  • scans port 80 and ports 8000 to 8100 (102 ports in total)
  • output scan results to stdout in the "list" format

There are more different ways of specifying an address range to scan, if you aren't sure what's about to happen invoke fi6s with --echo-hosts and it will print every host that would've been scanned.

For advanced features please consult the output of ./fi6s -h.

Grabbing banners

Since fi6s has its own TCP stack, the OS stack needs to disabled to avoid interference with banner grabbing (RST packets). This is most easily done using ip6tables and a constant --source-port.

Banner grabbing is then enabled by passing --banners:

# ip6tables -A INPUT -p tcp -m tcp --dport 12345 -j DROP
# ./fi6s -p 22 --banners --source-port 12345 2001:db8::/120