When scanning a bare IPv6 target, port discovery works (nmap is correctly given -6), but every HTTP-layer check fails because the IPv6 literal is concatenated into a URL / host:port string without the brackets RFC 3986 requires.
Repro: put an IPv6 literal (2001:db8::1) in the targets file, scan with --http/--nikto/--ssl (container has working IPv6 egress — curl -6 from inside the container succeeds).
Actual:
http://2001:db8::1:80 Could not connect: Failed to parse: http://2001:db8::1:80
http://2001:db8::1:443 Could not connect: Failed to parse: http://2001:db8::1:443
nmap + SSH work; HTTP/nikto produce nothing for IPv6 hosts.
Root cause: f"http://{host}:{port}", f"https://{host}:{port}", and nikto's -host {host}:{port} embed the bare literal → http://2001:db8::1:80, unparseable. Must be http://[2001:db8::1]:80. nmap is fine (bare literal + -6); only the URL/host:port contexts need brackets.
Possible fix: Add a helper (mirrors the existing ":" in host heuristic, so IPv4/hostnames are untouched, and nmap stays bare):
def bracket_ipv6(host):
"""Wrap an IPv6 literal in [] for URL / host:port use (RFC 3986).
IPv4 and hostnames unchanged. NOT for the nmap target (it takes the bare literal + -6)."""
return f"[{host}]" if ":" in host else host
Apply:
url = f"http://{bracket_ipv6(host)}:{port}" # http_checks (and the https line)
"-host", f"{bracket_ipv6(host)}:{port}", # do_nikto
f"{bracket_ipv6(host)}:{port}" # do_testssl target
o7
Ramses.
When scanning a bare IPv6 target, port discovery works (nmap is correctly given -6), but every HTTP-layer check fails because the IPv6 literal is concatenated into a URL / host:port string without the brackets RFC 3986 requires.
Repro: put an IPv6 literal (
2001:db8::1) in the targets file, scan with--http/--nikto/--ssl(container has working IPv6 egress — curl -6 from inside the container succeeds).Actual:
nmap + SSH work; HTTP/nikto produce nothing for IPv6 hosts.
Root cause:
f"http://{host}:{port}",f"https://{host}:{port}", and nikto's-host {host}:{port}embed the bare literal →http://2001:db8::1:80, unparseable. Must behttp://[2001:db8::1]:80. nmap is fine (bare literal +-6); only the URL/host:port contexts need brackets.Possible fix: Add a helper (mirrors the existing ":" in host heuristic, so IPv4/hostnames are untouched, and nmap stays bare):
Apply:
o7
Ramses.