ipgen is a CLI tool that generates IPv4 addresses in extended and uncommon formats to aid in network security testing and bypass techniques.
Generate list IPv4 addresses using extend and uncommon formats
ipgen is primarily used by offensive and defensive security professionals to generate IPv4 addresses in various uncommon formats that are accepted by common network functions but may bypass naive IP filters. It is especially useful for testing Server Side Request Forgery (SSRF) vulnerabilities by producing alternate IP representations to evade simplistic IP validation checks.
ipgen relies on the acceptance of extended IPv4 formats by network functions like inet_aton and inet_addr, which are not RFC standard but widely supported. Users should be aware that such IP representations may bypass simplistic IP validation filters, making ipgen valuable for security testing but also requiring cautious use to avoid unintended network issues. To mitigate SSRF risks demonstrated by ipgen, enabling AWS IMDSv2 is recommended.
./ipgen 192.0.2.1
Generates various extended IPv4 formats for the IP address 192.0.2.1
ipgen -format hex,oct -pad 2 192.168.0.1
Generates hexadecimal and octal formatted IPv4 addresses with 2-digit zero padding
ipgen -format hex -pad 2 8.8.4.4 | shuf | head -1 | xargs ping -c 1
Pings a randomly selected hexadecimal formatted variant of 8.8.4.4 to verify usability
echo "http://$(ipgen 169.254.169.254 | shuf | head -1)/latest/meta-data"
Generates a random extended format IP URL to test SSRF against AWS instance metadata service
for i in $(ipgen 169.254.169.254); do echo "http://${i}/latest/meta-data"; done
Generates multiple URLs with different IP formats for SSRF testing of AWS IMDS
ipgen -mix 169.254.169.254 | shuf | head -1
Generates a random mixed-format IPv4 address variant