Scanning for IP-Forwarding Systems / Routers Part 2: IPv6 Networks

Introduction In my last blog post (Scanning for IP-Forwarding Systems / Routers), I explained why it can be useful during pentests to identify IP-forwarding systems (also known as routers or gateways) and showcased a script that can be used to identify such systems. In this post, I’ll show how this can be done in IPv6 networks when your host has a routable IPv6 address configured. Script The script can be found on GitHub: ip6-forwarding-scanner. The usage is quite simple: ...

03.11.2024 Â· 7 min Â· Emanuel Duss

WireGuard VPN Road Warrior Setup

Introduction WireGuard is a relatively new open-source software for creating VPN tunnels on the IP layer using state of the art cryptography. I attended a self-organized session by the creator and developer Jason Donenfeld at the 34c3 who explained how WireGuard works and how it can be used. I was quite impressed by it’s simplicity and gave it a try. It worked more or less out of the box. Now I created a more advanced setup for accessing my home network. ...

29.09.2018 Â· 17 min Â· Emanuel Duss

Script um eigene IP Adressen anzuzeigen (myip)

Einführung Jedes mal, wenn ich meine IP Adresse wissen will, gebe ich bei einer Suchmaschine “my ip address” ein und klicke auf eines der Ergebnisse. Dies ist nicht sehr elegant. Auf einem Server ohne Browser ist dies gar nicht möglich. Deshalb habe ich ein Script geschrieben, welches mir meine IP Adressen (IPv4 und IPv6) anzeigt. Script Das Script sieht folgenermassen aus: #!/usr/bin/env bash #IPURL="https://icanhazip.com/ip" IPURL="https://motd.ch/ip.php" print_usage(){ cat << EOI Displays IP addresses of the current host used for internet connections. Usage: myip [options] Options: -6 Show only IPv6 addresses (public ip address by default). -4 Show only IPv4 addresses (public ip address by default). -h Show usage help. -l Show local insted of public addresses. -g Show geolocation (using geoiplookup). No options produces a more verbose output. EOI } check_dependencies(){ local FAIL=0 for tool in "$@" do if ! hash "$tool" &> /dev/null then echo "The tool $tool does not exist." FAIL=1 fi done if [[ "$FAIL" == 1 ]] then exit 1 fi } print_public_ipv4_address(){ echo "$(curl -s -4 -L $IPURL || echo "")" } print_public_ipv6_address(){ echo "$(curl -s -6 -L $IPURL || echo "")" } print_public_ipv4_geolocation(){ geoiplookup "$PUBLIC_IPV4_ADDRESS" | awk -F": " '{printf($2)}' } print_public_ipv6_geolocation(){ geoiplookup6 "$PUBLIC_IPV6_ADDRESS" | awk -F": " '{printf($2)}' } print_local_ipv4_address(){ echo "$(curl -s -4 -L --write-out %{local_ip} $IPURL -o /dev/null || echo "")" } print_local_ipv6_address(){ echo "$(curl -s -6 -L --write-out %{local_ip} $IPURL -o /dev/null || echo "")" } main(){ while getopts 46ghlv name do case "$name" in 4) flag_4=1 ;; 6) flag_6=1 ;; g) flag_g=1 ;; h) print_usage exit ;; l) flag_l=1 ;; ?) print_usage >&2 exit 2 ;; esac done if [[ -n $flag_l && -n $flag_4 ]] then print_local_ipv4_address fi if [[ -n $flag_l && -n $flag_6 ]] then print_local_ipv6_address fi if [[ -z $flag_l && -n $flag_4 ]] then print_public_ipv4_address fi if [[ -z $flag_l && -n $flag_6 ]] then print_public_ipv6_address fi if [[ -z $flag_l && -z $flag_4 && -z $flag_6 ]] then PUBLIC_IPV4_ADDRESS=$(print_public_ipv4_address) PUBLIC_IPV6_ADDRESS=$(print_public_ipv6_address) echo -e "Public IPv4 address: ${PUBLIC_IPV4_ADDRESS:--}" echo -e "Public IPv6 address: ${PUBLIC_IPV6_ADDRESS:--}" LOCAL_IPV4_ADDRESS=$(print_local_ipv4_address) LOCAL_IPV6_ADDRESS=$(print_local_ipv6_address) echo -e "Local IPv4 address: ${LOCAL_IPV4_ADDRESS:--}" echo -e "Local IPv6 address: ${LOCAL_IPV6_ADDRESS:--}" echo "" if [[ -n "$PUBLIC_IPV4_ADDRESS" && -n "$LOCAL_IPV4_ADDRESS" ]] then if [[ "$PUBLIC_IPV4_ADDRESS" != "$LOCAL_IPV4_ADDRESS" ]] then echo "IPv4: NAT" else echo "IPv4: No NAT" fi fi if [[ -n "$PUBLIC_IPV6_ADDRESS" && -n "$LOCAL_IPV6_ADDRESS" ]] then if [[ "$PUBLIC_IPV6_ADDRESS" != "$LOCAL_IPV6_ADDRESS" ]] then echo "IPv6: NAT" else echo "IPv6: No NAT" fi fi if [[ -n "$flag_g" ]] then check_dependencies geoiplookup geoiplookup6 if [[ -n "$PUBLIC_IPV4_ADDRESS" ]] then PUBLIC_IPV4_GEOLOCATION="$(print_public_ipv4_geolocation)" echo "Geolocation IPv4: $PUBLIC_IPV4_GEOLOCATION" fi if [[ -n "$PUBLIC_IPV6_ADDRESS" ]] then PUBLIC_IPV6_GEOLOCATION="$(print_public_ipv6_geolocation)" echo "Geolocation IPv6: $PUBLIC_IPV4_GEOLOCATION" fi fi fi } main "$@" Die aktuellste Version davon gibt es auf GitHub in meinem Scripts Repository: myip. ...

28.02.2016 Â· 4 min Â· Emanuel Duss
×