Skip to content

IPv6 targets: HTTP/nikto/testssl checks fail — address literal not bracketed in URLs #55

Description

@RamsesRodenburg

When scanning a bare IPv6 target, port discovery works (nmap is correctly given -6), but every HTTP-layer check fails because the IPv6 literal is concatenated into a URL / host:port string without the brackets RFC 3986 requires.

Repro: put an IPv6 literal (2001:db8::1) in the targets file, scan with --http/--nikto/--ssl (container has working IPv6 egress — curl -6 from inside the container succeeds).

Actual:

http://2001:db8::1:80  Could not connect: Failed to parse: http://2001:db8::1:80
http://2001:db8::1:443 Could not connect: Failed to parse: http://2001:db8::1:443

nmap + SSH work; HTTP/nikto produce nothing for IPv6 hosts.

Root cause: f"http://{host}:{port}", f"https://{host}:{port}", and nikto's -host {host}:{port} embed the bare literal → http://2001:db8::1:80, unparseable. Must be http://[2001:db8::1]:80. nmap is fine (bare literal + -6); only the URL/host:port contexts need brackets.


Possible fix: Add a helper (mirrors the existing ":" in host heuristic, so IPv4/hostnames are untouched, and nmap stays bare):

def bracket_ipv6(host):
    """Wrap an IPv6 literal in [] for URL / host:port use (RFC 3986).
    IPv4 and hostnames unchanged. NOT for the nmap target (it takes the bare literal + -6)."""
    return f"[{host}]" if ":" in host else host

Apply:

url = f"http://{bracket_ipv6(host)}:{port}"     # http_checks (and the https line)
"-host", f"{bracket_ipv6(host)}:{port}",        # do_nikto
f"{bracket_ipv6(host)}:{port}"                  # do_testssl target

o7
Ramses.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions