ike-scan is a command-line tool for discovering, fingerprinting and testing IPsec VPN systems. It constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received.

ike-scan does two things:

  1. Discovery: Determine which hosts are running IKE. This is done by displaying those hosts which respond to the IKE requests sent by ike-scan.
  2. Fingerprinting: Determine which IKE implementation the hosts are using. There are several ways to do this: (a) Backoff fingerprinting – recording the times of the IKE response packets from the target hosts and comparing the observed retransmission backoff pattern against known patterns; (b) vendor id fingerprinting – matching the vendor-specific vendor IDs against known vendor ID patterns; and (c) proprietary notify message codes.

Ending ike-scan 1.9: 1 hosts scanned in 0.512 seconds (1.95 hosts/sec). 1 returned handshake; 0 returned notify

Ending ike-scan 1.9: 1 hosts scanned in 0.512 seconds (1.95 hosts/sec). 1 returned handshake; 0 returned notify