ip_exit_enum: Discovering Public Exit IP Addresses

ip_exit_enum is a command-line tool for discovering and enumerating public exit IP addresses by querying multiple independent STUN and HTTP services. It’s designed to reveal non-deterministic outbound behavior (load-balanced NAT, ISP routing policies, etc.) that single-request “what’s my IP” tools can’t reliably detect.

Origin

While staying at a hotel, I noticed outbound connections didn’t always leave from the same public IP. One site would show one address, another would show a different one, even though I wasn’t changing networks. That usually means something upstream is spreading traffic across multiple egress paths.

Most “what’s my IP” tools tell you the answer for one request. If your egress path is non-deterministic, that’s not enough to understand what’s actually happening. I ended up checking multiple HTTP APIs and STUN servers by hand, then wrapped that workflow into a small tool.

ip_exit_enum is useful when you need to understand all possible outbound IP addresses, not just the one used for a single connection.

Most public IP discovery tools make one request and return one result. If you run a single-request IP checker a few times, you might catch a second address by accident. That still leaves you guessing whether you found the full set.

The tool automates the “check a few independent viewpoints and compare results” routine with both HTTP and STUN. It helps when you are trying to diagnose:

• Load-balanced or carrier-grade NAT setups
• Inconsistent firewall or IP allowlist behavior
• Complex or opaque network environments (hotels, ISPs, shared networks)

ip_exit_enum queries a set of independent STUN and HTTP-based services to observe which public IP address is selected for outbound connections. Using multiple protocols and endpoints avoids reliance on any single path or service.

The collected results are analyzed to:

• Identify distinct IPv4 and IPv6 exit addresses
• Detect non-deterministic egress behavior (e.g., multiple outbound NAT IPs)
• Assign a confidence score indicating how likely it is that multiple exit IPs are in use

It supports both IPv4 and IPv6. It’s meant to behave sensibly on dual-stack networks and in places where connectivity (or routing) is a bit unpredictable.

Installing It

I added a small installer, so on macOS or Linux the quickest path is now:

curl -fsSL https://raw.githubusercontent.com/sinnet3000/ip_exit_enum/main/scripts/install.sh | bash

That pulls the latest release and installs ip_exit_enum into /usr/local/bin when that directory is writable, or ~/.local/bin otherwise.

If you would rather build it yourself, you need Go 1.26.1 or newer:

git clone https://github.com/sinnet3000/ip_exit_enum.git
cd ip_exit_enum
make install

If ~/.local/bin is not already on your PATH, add it before trying to run the binary. After that:

ip_exit_enum

And if you want the per-service detail instead of the summarized view:

ip_exit_enum -v

Source code: https://github.com/sinnet3000/ip_exit_enum