ip_exit_enum: Discovering Public Exit IP Addresses

Dec 15, 2025

Introduction

ip_exit_enum is a command-line tool for discovering and enumerating public exit IP addresses by querying multiple independent STUN and HTTP services. It is designed to reveal non-deterministic outbound behavior—such as load-balanced NAT or ISP routing policies—that single-request “what’s my IP” tools cannot reliably detect.

This post introduces the problem that motivated the tool, the niche it fills, and how it works.

Why I Built It

While staying in a hotel, I observed inconsistent external IP behavior across outbound connections. Different services appeared to see different public IP addresses, suggesting that load balancing or ISP-level routing rules were influencing egress traffic.

Most existing tools report only the IP address used for a single request, which makes diagnosing this kind of behavior difficult. To better understand what was happening, I began testing multiple HTTP and STUN endpoints and eventually consolidated this approach into a dedicated tool.

What Niche Does `ip_exit_enum` Fill?

ip_exit_enum is intended for scenarios where understanding all possible outbound IP addresses matters.

Most public IP discovery tools rely on a single request and return only the IP used for that specific connection. Running them repeatedly may occasionally produce different results, but this provides no systematic way to enumerate or reason about all possible exit addresses.

By correlating observations from multiple independent HTTP APIs and STUN servers, ip_exit_enum automates this process. This makes it particularly useful for diagnosing:

Load-balanced or carrier-grade NAT setups
Inconsistent firewall or IP allowlist behavior
Complex or opaque network environments such as hotels, ISPs, and shared networks

How It Works

ip_exit_enum queries a set of independent STUN and HTTP-based services to observe which public IP address is selected for outbound connections. By using multiple protocols and endpoints, the tool avoids reliance on any single path or service.

The collected results are analyzed to:

Identify distinct IPv4 and IPv6 exit addresses
Detect non-deterministic egress behavior (for example, multiple outbound NAT IPs)
Assign a confidence score indicating how likely it is that multiple exit IPs are in use

The tool supports both IPv4 and IPv6 and has been validated on dual-stack networks and environments with unstable or shared connectivity.

How to Use It

The tool requires Go 1.22.5 or newer.

To build it locally:

git clone https://github.com/sinnet3000/ip_exit_enum.git
cd ip_exit_enum
make build

The resulting binary can be run from the bin/ directory.

GitHub Repository

The source code is available on GitHub:
https://github.com/sinnet3000/ip_exit_enum

Conclusion

ip_exit_enum provides visibility into outbound network behavior that is difficult to obtain with traditional IP discovery tools. By aggregating observations across multiple independent services, it enables more accurate diagnosis of complex egress configurations.

Feedback and contributions are welcome.