ike-scan is a command-line IPSec VPN Scanner & Testing Tool for discovering, fingerprinting and testing IPsec VPN systems. It constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received.
IKE is the Internet Key Exchange protocol which is the key exchange and authentication mechanism used by IPsec. Just about all modern VPN systems implement IPsec, and the vast majority of IPsec VPNs use IKE for key exchange. Main Mode is one of the modes defined for phase-1 of the IKE exchange (the other defined mode is aggressive mode). RFC 2409 section 5 specifies that main mode must be implemented, therefore all IKE implementations can be expected to support main mode. Many also support Aggressive Mode.
What does ike-scan do?
ike-scan can perform the following functions:
- Discovery Determine which hosts in a given IP range are running IKE. This is done by displaying those hosts which respond to the IKE requests sent./li>
- Fingerprinting Determine which IKE implementation the hosts are using, and in some cases determine the version of software that they are running. This is done in two ways: firstly by UDP backoff fingerprinting which involves recording the times of the IKE response packets from the target hosts and comparing the observed retransmission backoff pattern against known patterns; and secondly by Vendor ID fingerprinting which compares Vendor ID payloads from the VPN servers against known vendor id patterns.
- Transform Enumeration Find which transform attributes are supported by the VPN server for IKE Phase-1 (e.g. encryption algorithm, hash algorithm etc.).
- User Enumeration For some VPN systems, discover valid VPN usernames.
- Pre-Shared Key Cracking Perform offline dictionary or brute-force password cracking for IKE Aggressive Mode with Pre-Shared Key authentication. This uses the tool to obtain the hash and other parameters, and psk-crack (which is part of the package) to perform the cracking.
The retransmission backoff fingerprinting concept is discussed in more detail in the UDP backoff fingerprinting paper.
How to use ike-scan IPsec VPN Scanner
You can read more in depth about ike-scan and how to use it – in the User Guide.
ike-scan is free software, licensed under the GPL. It runs on Windows, Linux and most Unix systems. If you don’t already have it installed on your system, read the installation guide.
There’s some info here for SSL VPNs and Using OpenVPN.
You can download ike-scan 1.9 here:
Source distribution: ike-scan-1.9.tar.gz
Windows binary: ike-scan-win32-1.9.zip
Or read more here.