ip_exit_enum: Discovering Public Exit IP Addresses

ip_exit_enum is a command-line tool for discovering and enumerating public exit IP addresses by querying multiple independent STUN and HTTP services. It’s designed to reveal non-deterministic outbound behavior (load-balanced NAT, ISP routing policies, etc.) that single-request “what’s my IP” tools can’t reliably detect.

Origin

While staying at a hotel, I noticed outbound connections didn’t always leave from the same public IP. One site would show one address, another would show a different one, even though I wasn’t changing networks. That usually means something upstream is spreading traffic across multiple egress paths.

Most “what’s my IP” tools tell you the answer for one request. If your egress path is non-deterministic, that’s not enough to understand what’s actually happening. I ended up checking multiple HTTP APIs and STUN servers by hand, then wrapped that workflow into a small tool.

When This Matters

ip_exit_enum is useful when you need to understand all possible outbound IP addresses, not just the one used for a single connection.

Most public IP discovery tools make one request and return one result. If you run a single-request IP checker a few times, you might catch a second address by accident. It’s not a great way to be confident you’ve seen the full set.

ip_exit_enum automates the “check a few independent viewpoints and compare results” approach, using both HTTP and STUN. This is particularly useful for diagnosing:

• Load-balanced or carrier-grade NAT setups
• Inconsistent firewall or IP allowlist behavior
• Complex or opaque network environments (hotels, ISPs, shared networks)

Technical Approach

ip_exit_enum queries a set of independent STUN and HTTP-based services to observe which public IP address is selected for outbound connections. Using multiple protocols and endpoints avoids reliance on any single path or service.

The collected results are analyzed to:

• Identify distinct IPv4 and IPv6 exit addresses
• Detect non-deterministic egress behavior (e.g., multiple outbound NAT IPs)
• Assign a confidence score indicating how likely it is that multiple exit IPs are in use

It supports both IPv4 and IPv6. It’s meant to behave sensibly on dual-stack networks and in places where connectivity (or routing) is a bit unpredictable.

Usage

Requires Go 1.22.5 or newer.

To build locally:

git clone https://github.com/sinnet3000/ip_exit_enum.git
cd ip_exit_enum
make build

The resulting binary can be run from the bin/ directory.

Source code: https://github.com/sinnet3000/ip_exit_enum