Provided by: ike-scan_1.9.5-1build1_amd64 bug

NAME

       ike-scan - Discover and fingerprint IKE hosts (IPsec VPN servers)

SYNOPSIS

       ike-scan [options] [hosts...]

       Target hosts must be specified on the command line unless the --file option is specified.

DESCRIPTION

       ike-scan  discovers  IKE  hosts  and  can  also  fingerprint them using the retransmission
       backoff pattern.

       ike-scan does two things:

       1)     Discovery: Determine which hosts are running IKE.  This is done by displaying those
              hosts which respond to the IKE requests sent by ike-scan.

       2)     Fingerprinting:  Determine which IKE implementation the hosts are using.  There are
              several ways to do this: (a) Backoff fingerprinting - recording the  times  of  the
              IKE   response   packets   from   the  target  hosts  and  comparing  the  observed
              retransmission backoff pattern against known patterns; (b) vendor id fingerprinting
              - matching the vendor-specific vendor IDs against known vendor ID patterns; and (c)
              proprietary notify message codes.

       The retransmission backoff fingerprinting concept is discussed in more detail in  the  UDP
       backoff  fingerprinting paper which should be included in the ike-scan kit as udp-backoff-
       fingerprinting-paper.txt.

       The program sends IKE Phase-1 requests to the specified hosts and displays  any  responses
       that  are  received.  It handles retry and retransmission with backoff to cope with packet
       loss.  It also limits the amount of bandwidth used by the outbound IKE packets.

       IKE is the Internet Key Exchange protocol which is the  key  exchange  and  authentication
       mechanism  used by IPsec.  Just about all modern VPN systems implement IPsec, and the vast
       majority of IPsec VPNs use IKE for key exchange.

       Phase-1 has two modes: Main Mode and Aggressive Mode.  ike-scan  supports  both  Main  and
       Aggressive  mode,  and uses Main Mode by default.  RFC 2409 (IKE) section 5 specifies that
       main mode must be implemented, therefore  all  IKE  implementations  can  be  expected  to
       support main mode.

OPTIONS

       --help or -h
              Display this usage message and exit.

       --file=<fn> or -f <fn>
              Read  hostnames  or  addresses  from the specified file instead of from the command
              line. One name or IP address per line.  Use "-" for standard input.

       --sport=<p> or -s <p>
              Set UDP source port  to  <p>,  default=500,  0=random.   Some  IKE  implementations
              require  the  client  to  use UDP source port 500 and will not talk to other ports.
              Note that superuser privileges are normally required to use non-zero  source  ports
              below  1024.   Also only one process on a system may bind to a given source port at
              any one time. Use of the --nat-t option changes the default source port to 4500

       --dport=<p> or -d <p>
              Set UDP destination port to <p>, default=500.  UDP port 500 is  the  assigned  port
              number for ISAKMP and this is the port used by most if not all IKE implementations.
              Use of the --nat-t option changes the default destination port to 4500

       --retry=<n> or -r <n>
              Set total number of attempts per host to <n>, default=3.

       --timeout=<n> or -t <n>
              Set initial per host timeout to <n> ms, default=500.  This timeout is for the first
              packet sent to each host.  subsequent timeouts are multiplied by the backoff factor
              which is set with --backoff.

       --bandwidth=<n> or -B <n>
              Set desired outbound bandwidth to <n>, default=56000  The  value  is  in  bits  per
              second by default.  If you append "K" to the value, then the units are kilobits per
              second; and if you append "M" to the value, the units are megabits per second.  The
              "K"  and  "M"  suffixes  represent  the  decimal, not binary, multiples.  So 64K is
              64000, not 65536.

       --interval=<n> or -i <n>
              Set minimum packet interval to <n> ms.  The packet interval will be no smaller than
              this  number.   The  interval  specified  is in milliseconds by default.  if "u" is
              appended to the value, then  the  interval  is  in  microseconds,  and  if  "s"  is
              appended,  the interval is in seconds.  If you want to use up to a given bandwidth,
              then it is easier to use the --bandwidth option instead.  You cannot  specify  both
              --interval  and --bandwidth because they are just different ways to change the same
              underlying variable.

       --backoff=<b> or -b <b>
              Set  timeout  backoff  factor  to  <b>,  default=1.50.   The  per-host  timeout  is
              multiplied  by  this factor after each timeout.  So, if the number of retries is 3,
              the initial per-host timeout is 500ms and the backoff factor is 1.5, then the first
              timeout will be 500ms, the second 750ms and the third 1125ms.

       --verbose or -v
              Display verbose progress messages.  Use more than once for greater effect: 1 - Show
              when each pass is completed and when packets with invalid cookies are received.   2
              - Show each packet sent and received and when hosts are removed from the list.  3 -
              Display the host, Vendor ID and backoff lists before scanning starts.

       --quiet or -q
              Don't decode the returned packet.  This prints less  protocol  information  so  the
              output lines are shorter.

       --multiline or -M
              Split  the  payload decode across multiple lines.  With this option, the decode for
              each payload is printed on a separate line starting with a TAB.  This option  makes
              the output easier to read, especially when there are many payloads.

       --lifetime=<s> or -l <s>
              Set  IKE  lifetime  to <s> seconds, default=28800.  RFC 2407 specifies 28800 as the
              default, but some implementations may require different  values.   If  you  specify
              this  as  a  a  decimal  integer, e.g.  86400, then the attribute will use a 4-byte
              value.  If you specify it as a hex number, e.g. 0xFF, then the attribute  will  use
              the  appropriate size value (one byte for this example).  If you specify the string
              "none" then no lifetime attribute will be added at all.  You can  use  this  option
              more  than  once  in  conjunction  with  the  --trans  options  to produce multiple
              transform payloads with different lifetimes.  Each  --trans  option  will  use  the
              previously specified lifetime value.

       --lifesize=<s> or -z <s>
              Set  IKE  lifesize to <s> Kilobytes, default=0.  If you specify this as a a decimal
              integer, e.g.  86400, then the attribute will use a 4-byte value.  If  you  specify
              it  as  a  hex  number, e.g. 0xFF, then the attribute will use the appropriate size
              value (one byte for this example).  You can use  this  option  more  than  once  in
              conjunction  with  the  --trans options to produce multiple transform payloads with
              different lifesizes.   Each  --trans  option  will  use  the  previously  specified
              lifesize value.

       --auth=<n> or -m <n>
              Set  auth. method to <n>, default=1 (PSK).  RFC defined values are 1 to 5.  See RFC
              2409 Appendix A.  Checkpoint hybrid mode is 64221.   GSS  (Windows  "Kerberos")  is
              65001.  XAUTH uses 65001 to 65010.  This is not applicable to IKEv2.

       --version or -V
              Display program version and exit.

       --vendor=<v> or -e <v>
              Set  vendor  id string to hex value <v>.  You can use this option more than once to
              send multiple vendor ID payloads.

       --trans=<t> or -a <t>
              Use custom transform <t> instead of default set.  You can use this option more than
              once  to  send  an  arbitrary  number  of custom transforms.  There are two ways to
              specify the transform: The new way, where you specify  the  attribute/value  pairs,
              and  the  old way where you specify the values for a fixed list of attributes.  For
              the new method, the transform <t> is specified  as  (attr=value,  attr=value,  ...)
              Where  "attr"  is  the attribute number, and "value" is the value to assign to that
              attribute.  You can specify an arbitary number of attribute/value pairs.   See  RFC
              2409  Appendix  A for details of the attributes and values.  Note that brackets are
              special   to   some   shells,   so   you   may   need   to   quote    them,    e.g.
              --trans="(1=1,2=2,3=3,4=4)".    For  example,  --trans=(1=1,2=2,3=1,4=2)  specifies
              Enc=3DES-CBC,     Hash=SHA1,     Auth=shared     key,     DH      Group=2;      and
              --trans=(1=7,14=128,2=1,3=3,4=5)  specifies Enc=AES/128, Hash=MD5, Auth=RSA sig, DH
              Group=5.    For   the   old   method,   the   transform   <t>   is   specified   as
              enc[/len],hash,auth,group.   Where  enc is the encryption algorithm, len is the key
              length for variable length ciphers, hash is the hash algorithm, and group is the DH
              Group.  For example, --trans=5,2,1,2 specifies Enc=3DES-CBC, Hash=SHA1, Auth=shared
              key,  DH  Group=2;  and  --trans=7/256,1,1,5   specifies   Enc=AES-256,   Hash=MD5,
              Auth=shared key, DH Group=5.  This option is not yet supported for IKEv2.

       --showbackoff[=<n>] or -o[<n>]
              Display  the  backoff  fingerprint table.  Display the backoff table to fingerprint
              the IKE implementation on the remote hosts.  The optional argument  specifies  time
              to  wait  in seconds after receiving the last packet, default=60.  If you are using
              the short form of the option (-o) then the value must immediately follow the option
              letter with no spaces, e.g. -o25 not -o 25.

       --fuzz=<n> or -u <n>
              Set pattern matching fuzz to <n> ms, default=500.  This sets the maximum acceptable
              difference between the observed backoff  times  and  the  reference  times  in  the
              backoff  patterns  file.  Larger values allow for higher variance but also increase
              the  risk  of  false  positive   identifications.    Any   per-pattern-entry   fuzz
              specifications in the patterns file will override the value set here.

       --patterns=<f> or -p <f>
              Use  IKE  backoff patterns file <f>, default=/usr/local/share/ike-scan/ike-backoff-
              patterns.  This specifies the name of the file  containing  IKE  backoff  patterns.
              This file is only used when --showbackoff is specified.

       --vidpatterns=<f> or -I <f>
              Use  Vendor ID patterns file <f>, default=/usr/local/share/ike-scan/ike-vendor-ids.
              This specifies the name of the file containing Vendor ID patterns.  These  patterns
              are used for Vendor ID fingerprinting.

       --aggressive or -A
              Use  IKE  Aggressive  Mode  (The default is Main Mode) If you specify --aggressive,
              then you may also  specify  --dhgroup,  --id  and  --idtype.   If  you  use  custom
              transforms  with  aggressive mode with the --trans option, note that all transforms
              should have the same DH Group and  this  should  match  the  group  specified  with
              --dhgroup or the default if --dhgroup is not used.

       --id=<id> or -n <id>
              Use <id> as the identification value.  This option is only applicable to Aggressive
              Mode.  <id> can be specified as a string, e.g. --id=test or as a hex value  with  a
              leading "0x", e.g. --id=0xdeadbeef.

       --idtype=<n> or -y <n>
              Use  identification  type  <n>.   Default  3  (ID_USER_FQDN).   This option is only
              applicable to Aggressive Mode.  See RFC 2407 4.6.2 for  details  of  Identification
              types.

       --dhgroup=<n> or -g <n>
              Use  Diffie  Hellman  Group  <n>.   Default  2.   This option is only applicable to
              Aggressive Mode and IKEv2.  For both of these, it is used to determine the size  of
              the  key exchange payload.  If you use Aggressive Mode with custom transforms, then
              you will normally need to use the --dhgroup option unless you are using the default
              DH group.  Acceptable values are 1,2,5,14,15,16,17,18 (MODP only).

       --gssid=<n> or -G <n>
              Use GSS ID <n> where <n> is a hex string.  This uses transform attribute type 16384
              as specified in draft-ietf-ipsec-isakmp-gss-auth-07.txt, although Windows-2000  has
              been  observed  to  use  32001  as  well.   For  Windows  2000,  you'll need to use
              --auth=65001 to specify Kerberos (GSS) authentication.

       --random or -R
              Randomise the host list.  This option randomises the order of the hosts in the host
              list, so the IKE probes are sent to the hosts in a random order.  It uses the Knuth
              shuffle algorithm.

       --tcp[=<n>] or -T[<n>]
              Use TCP transport instead of UDP.  This allows you to test a host running IKE  over
              TCP.   You  won't  normally  need  this  option  because the vast majority of IPsec
              systems only support IKE over UDP.  The optional value <n> specifies  the  type  of
              IKE  over  TCP.   There  are currently two possible values: 1 = RAW IKE over TCP as
              used by Checkpoint (default); 2 = Encapsulated IKE over TCP as used by  Cisco.   If
              you  are  using  the  short form of the option (-T) then the value must immediately
              follow the option letter with no spaces, e.g. -T2 not -T 2.  You can only specify a
              single target host if you use this option.

       --tcptimeout=<n> or -O <n>
              Set  TCP  connect  timeout to <n> seconds (default=10).  This is only applicable to
              TCP transport mode.

       --pskcrack[=<f>] or -P[<f>]
              Crack aggressive mode pre-shared keys.  This option  outputs  the  aggressive  mode
              pre-shared  key (PSK) parameters for offline cracking using the "psk-crack" program
              that is supplied with ike-scan.  You can optionally specify  a  filename,  <f>,  to
              write  the  PSK  parameters  to.   If  you  do  not specify a filename then the PSK
              parameters are written to standard output.  If you are using the short form of  the
              option  (-P)  then  the  value  must  immediately  follow the option letter with no
              spaces, e.g. -Pfile not -P file.  You can only specify a single target host if  you
              use this option.  This option is only applicable to IKE aggressive mode.

       --nodns or -N
              Do  not  use  DNS to resolve names.  If you use this option, then all hosts must be
              specified as IP addresses.

       --noncelen=<n> or -c <n>
              Set the nonce length to <n> bytes. Default=20 This option controls  the  length  of
              the  nonce  payload  that is sent in an aggressive mode or IKEv2 request.  Normally
              there is no need to use this option unless you want to reduce  the  nonce  size  to
              speed  up  pre-shared  key  cracking, or if you want to see how a particular server
              handles different length nonce payloads.  RFC 2409 states that the length of  nonce
              payload  must  be  between  8  and  256  bytes, but ike-scan does not enforce this.
              Specifying a large nonce length will increase the size of the packet sent  by  ike-
              scan.  A  very large nonce length may cause fragmentation, or exceed the maximum IP
              packet size.  This option is only applicable to IKE aggressive mode.

       --headerlen=<n> or -L <n>
              Set the length in the ISAKMP header to <n> bytes.   You  can  use  this  option  to
              manually  specify  the  value to be used for the ISAKMP header length.  By default,
              ike-scan will fill in the correct value.  Use this option to  manually  specify  an
              incorrect  length.   <n>  can be specified as "+n" which sets the length to n bytes
              more than it should be, "-n" which sets it to n bytes less, or "n" which sets it to
              exactly  bytes.   Changing  the  header  length to an incorrect value can sometimes
              disrupt VPN servers.

       --mbz=<n> or -Z <n>
              Use the value <n> for reserved (MBZ) fields,  default=0.   Specifying  this  option
              makes the outgoing packet non-RFC compliant, and should only be used if you want to
              see how a VPN server will respond to invalid packets.  The value of <n>  should  be
              in the range 0-255.

       --headerver=<n> or -E <n>
              Specify  the  ISAKMP header version.  The default is 0x10 (16) which corresponds to
              v1.0.  Specifying a  non-default  value  will  make  the  outgoing  packet  non-RFC
              compliant,  and should only be used if you want to see how the VPN server reacts to
              strange versions.  The value should be in the range 0-255.

       --certreq=<c> or -C <c>
              Add the CertificateRequest payload <c>.  <c> should be specified as  a  hex  value.
              The  first  byte  of the hex value will be interpreted as the certificate type; the
              remaining bytes as the certificate authority as described in RFC  2408  3.10.   The
              certificate types are listed in RFC 2408 sec 3.9.  RFC 2408 states "The Certificate
              Request payload MUST be accepted at any point during the exchange"

       --doi=<d> or -D <d>
              Set the SA DOI to <d>, default 1 (IPsec).  You will not  normally  want  to  change
              this unless you want to see how the VPN server responds to a non-standard DOI.

       --situation=<s> or -S <s>
              Set  the  SA  Situation to <d>, default 1.  The meaning of the situation depends on
              the DOI, and is detailed in the appropriate DOI document.  For the IPsec  DOI,  the
              default Situation of 1 represents SIT_IDENTITY_ONLY.  You will not normally want to
              change this unless you want to see how the VPN server responds  to  a  non-standard
              situation.

       --protocol=<p> or -j <p>
              Set  the  Proposal  protocol  ID  to  <p>,  default 1.  The meaning of the proposal
              protocol ID depends on the DOI, and is detailed in the  appropriate  DOI  document.
              For  the  IPsec DOI, the default proposal protocol id of 1 represents PROTO_ISAKMP.
              You will not normally want to change this unless you want to see how the VPN server
              responds to a non-standard protocol ID.

       --transid=<t> or -k <t>
              Set the Transform ID to <t>, default 1.  The meaning of the transform ID depends on
              the DOI, and is detailed in the appropriate DOI document.  For the IPsec  DOI,  the
              default transform id of 1 represents KEY_IKE.  You will not normally want to change
              this unless you want to see how the VPN server responds to a non-standard transform
              ID.

       --spisize=<n>
              Set the proposal SPI size to <n>.  Default=0 If this is non-zero, then a random SPI
              of the specified size will be added to the proposal payload.  The default  of  zero
              means no SPI.

       --hdrflags=<n>
              Set  the  ISAKMP header flags to <n>.  Default=0 The flags are detailed in RFC 2408
              section 3.1

       --hdrmsgid=<n>
              Set the ISAKMP header message ID to <n>.  Default=0 This should  be  zero  for  IKE
              Phase-1.

       --cookie=<n>
              Set the ISAKMP initiator cookie to <n> The cookie value should be specified in hex.
              By default, the cookies are automatically generated and have unique values.  If you
              specify  this  option,  then you can only specify a single target, because ike-scan
              requires unique cookie values to match up the response packets.

       --exchange=<n>
              Set the exchange type to <n> This option allows you to change the exchange type  in
              the ISAKMP header to an arbitrary value.  Note that ike-scan only supports Main and
              Aggressive modes (values 2 and  4  respectively).   Specifying  other  values  will
              change  the exchange type value in the ISAKMP header, but will not adjust the other
              payloads.  The exchange types are defined in RFC 2408 sec 3.1.

       --nextpayload=<n>
              Set the next payload in the ISAKMP header to <n>  Normally,  the  next  payload  is
              automatically set to the correct value.

       --randomseed=<n>
              Use  <n>  to  seed  the pseudo random number generator.  This option seeds the PRNG
              with the specified number, which can be useful if  you  want  to  ensure  that  the
              packet  data  is exactly repeatable when it includes payloads with random data such
              as key exchange or nonce.  By default, the PRNG is  seeded  with  an  unpredictable
              value.

       --timestamp
              Display  timestamps  for  received  packets.   This option causes a timestamp to be
              displayed for each received packet.

       --sourceip=<s>
              Set source IP address for outgoing packets to <s>.  This option causes the outgoing
              IKE  packets to have the specified source IP address.  The address can either be an
              IP address in dotted quad format, or the string "random" which will use a different
              random  source  address  for  each packet that is sent.  If this option is used, no
              packets will be received This option requires raw socket support, and you will need
              superuser  privileges  to  use this option, even if you specify a high source port.
              This option does not work on all operating systems.

       --shownum
              Display the host number for received  packets.   This  displays  the  ordinal  host
              number  of the responding host before the IP address. It can be useful when sending
              many packets to the same target IP, to see if any probes are being ignored.

       --nat-t
              Use RFC 3947 NAT-Traversal encapsulation.  This option adds the non-ESP  marker  to
              the beginning of outgoing packets and strips it from received packets, as described
              in RFC 3947. It also changes the default  source  port  to  4500  and  the  default
              destination  port  to  4500, which are the ports for NAT-T IKE.  These port numbers
              can be changed with the --sport and --dport options, providing they are used  after
              the --nat-t option.

       --rcookie=<n>
              Set  the  ISAKMP  responder  cookie  to <n>.  This sets the responder cookie to the
              specified hex value.  By default, the responder cookie is set to zero.

       --ikev2 or -2
              Use IKE version 2 This causes the outgoing packets to use IKEv2 format  as  defined
              in  RFC  4306  instead  of  the  default  IKEv1  format.  Any  packets returned are
              automatically decoded as IKE or IKEv2 depending on their payloads  irrespective  of
              this  option.   The  --ikev2  option  is  currently  experimental.  It has not been
              extensively tested, and it only supports sending the default proposal.

FILES

       /usr/local/share/ike-scan/ike-backoff-patterns
              List of UDP backoff patterns.  Used when the --showbackoff option is specified.

       /usr/local/share/ike-scan/ike-vendor-ids
              List of known Vendor ID patterns.

AUTHOR

       Roy Hills <Roy.Hills@nta-monitor.com>

SEE ALSO

       http://www.royhills.co.uk/wiki/ The ike-scan wiki page.

       http://www.nta-monitor.com/tools/ike-scan/ The ike-scan homepage.

                                           July 5, 2020                               IKE-SCAN(1)