Sleeping Sheep Hackers… » Print » A wrapper script for ike-scan

A wrapper script for ike-scan

Dieser Eintrag stammt von matti Am 9.10.2009 @ 13:59 In hacking | Keine Kommentare

#!/usr/local/bin/bash
#script for enumerating vpn devices
#uses ike-scan
# 19th of Nov 2008

# read the ip address from stdin or param

if [ $# -eq 0 ];
then
echo “Who do we scan today?”
echo -n “Ok, let us have the ip then ===> ”
read IP
else IP=$1
fi
echo “”
echo “A valid user is needed?”
echo -n “Ok, let us have the name then ===> ”
read USER

#date and IPs and test for the OS
DATE=`date +%F`
HOST=`host $IP`
FILENAME=${IP}_at_${DATE}
START=`date +%H-%M-%S`
touch logfile_${FILENAME}_${START}
OS=`uname`
OWNIP=`ifconfig`

echo “### Log file ###” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “### IP address of the scanning system ###” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “$OWNIP” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “### Hostname of the scanning system ###” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “`hostname`” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “### IP address of the target ###” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “$IP” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “### Start of the scan ###” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “$START at the $DATE” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “### Scanning OS ###” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “$OS” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}

#perform the scans

ike-scan -v $IP > ike-scan_main_${IP}.txt
ike-scan -v -A $IP > ike-scan_aggressive_${IP}.txt
ike-scan -v -M –showbackoff $IP > ike-scan_backoff_${IP}.txt
ike-scan -v -M -A –id=whocares $IP > ike-scan_Aggressive+ID_${IP}.txt
ike-scan -v -M -A –id=$USER $IP >> ike-scan_Aggressive+ID_${IP}.txt
ike-scan -v –trans=5,2,3,2 –multiline $IP > ike-scan_trans_multiline_${IP}.txt
ike-scan -v –trans=5,2,1,2 –vendor=00 –multiline $IP > ike-scan_trans_vendor_multiline_${IP}.txt
ike-scan -v –aggressive –multiline –id=finance $IP > ike-scan-aggressive-multiline-id_${IP}.txt
ike-scan -v –aggressive –multiline –id=$USER $IP > ike-scan-aggressive-multiline-id_${USER}_${IP}.txt
ike-scan -v –trans=7/256,2,1,2 –aggressive –multiline $IP > ike-scan-trans-aggressive-multiline_${IP}.txt
ike-scan -v -M `perl -e ‘print “–trans=2,3,4,5 ” x 19 . “–trans 5,2,1,2″;’` $IP >> ike-scan-perl-long-trans_${IP}.txt
ike-scan -r 1 –trans=”(4=2,3=3,2=2,1=5)” -M $IP > ike-scan-r1-M_${IP}.txt
ike-scan -r 1 –trans=”(1=5,2=2,3=3,4=2)” -M $IP > ike-scan-r2-M_${IP}.txt
ike-scan –trans=”(1=7,14=256,2=2,3=3,4=2)” -M $IP > ike-scan-r3-M_${IP}.txt
ike-scan –trans=”(1=7,14=256,2=2,3=3,4=2,11=1,12=0×0000007b,11=2,12=0×000001c8)” -M $IP > ike-scan-r3-M_${IP}.txt

#perform the scans with nat

ike-scan -v –nat-t $IP > ike-scan_main_nat_${IP}.txt
ike-scan -v –nat-t -A $IP > ike-scan_aggressive_nat_${IP}.txt
ike-scan -v –nat-t -M –showbackoff $IP > ike-scan_backoff_nat_${IP}.txt
ike-scan -v –nat-t -M -A –id=whocares $IP > ike-scan_Aggressive+ID_${IP}.txt
ike-scan -v –nat-t -M -A –id=$USER $IP >> ike-scan_Aggressive+ID_${IP}.txt
ike-scan -v –nat-t –trans=5,2,3,2 –multiline $IP > ike-scan_trans_multiline_${IP}.txt
ike-scan -v –nat-t –trans=5,2,1,2 –vendor=00 –multiline $IP > ike-scan_trans_vendor_multiline_${IP}.txt
ike-scan -v –nat-t –aggressive –multiline –id=finance $IP > ike-scan-aggressive-multiline-id_${IP}.txt
ike-scan -v –nat-t –aggressive –multiline –id=$USER $IP > ike-scan-aggressive-multiline-id_${USER}_${IP}.txt
ike-scan -v –nat-t –trans=7/256,2,1,2 –aggressive –multiline $IP > ike-scan-trans-aggressive-multiline_${IP}.txt
ike-scan -v –nat-t -M `perl -e ‘print “–trans=2,3,4,5 ” x 19 . “–trans 5,2,1,2″;’` $IP >> ike-scan-perl-long-trans_${IP}.txt
ike-scan -v –nat-t -r 1 –trans=”(4=2,3=3,2=2,1=5)” -M $IP > ike-scan-r1-M_${IP}.txt
ike-scan -v –nat-t -r 1 –trans=”(1=5,2=2,3=3,4=2)” -M $IP > ike-scan-r2-M_${IP}.txt
ike-scan -v –nat-t –trans=”(1=7,14=256,2=2,3=3,4=2)” -M $IP > ike-scan-r3-M_${IP}.txt
ike-scan -v –nat-t –trans=”(1=7,14=256,2=2,3=3,4=2,11=1,12=0×0000007b,11=2,12=0×000001c8)” -M $IP > ike-scan-r3-M_${IP}.txt

#tcp version 1 for checkpoint

ike-scan -v –tcp=1 $IP > ike-scan_main_tcp1_${IP}.txt
ike-scan -v –tcp=1 -A $IP > ike-scan_aggressive_tcp1_${IP}.txt
ike-scan -v –tcp=1 -M –showbackoff $IP > ike-scan_backoff_tcp1_${IP}.txt
ike-scan -v –tcp=1 -M -A –id=whocares $IP > ike-scan_Aggressive+ID_tcp1_${IP}.txt
ike-scan -v –tcp=1 -M -A –id=$USER $IP >> ike-scan_Aggressive+ID_tcp1_${IP}.txt
ike-scan -v –tcp=1 –trans=5,2,3,2 –multiline $IP > ike-scan_trans_multiline_tcp1_${IP}.txt
ike-scan -v –tcp=1 –trans=5,2,1,2 –vendor=00 –multiline $IP > ike-scan_trans_vendor_multiline_tcp1_${IP}.txt
ike-scan -v –tcp=1 –aggressive –multiline –id=finance $IP > ike-scan-aggressive-multiline-id_tcp1_${IP}.txt
ike-scan -v –tcp=1 –aggressive –multiline –id=$USER $IP > ike-scan-aggressive-multiline-id_tcp1_${USER}_${IP}.txt
ike-scan -v –tcp=1 –trans=7/256,2,1,2 –aggressive –multiline $IP > ike-scan-trans-aggressive-multiline_tcp1_${IP}.txt
ike-scan -v –tcp=1 -M `perl -e ‘print “–trans=2,3,4,5 ” x 19 . “–trans 5,2,1,2″;’` $IP >> ike-scan-perl-long-trans_tcp1_${IP}.txt
ike-scan –tcp=1 -r 1 –trans=”(4=2,3=3,2=2,1=5)” -M $IP > ike-scan-r1-M_tcp1_${IP}.txt
ike-scan –tcp=1 -r 1 –trans=”(1=5,2=2,3=3,4=2)” -M $IP > ike-scan-r2-M_tcp1_${IP}.txt
ike-scan –tcp=1 –trans=”(1=7,14=256,2=2,3=3,4=2)” -M $IP > ike-scan-r3-M_tcp1_${IP}.txt
ike-scan –tcp=1 –trans=”(1=7,14=256,2=2,3=3,4=2,11=1,12=0×0000007b,11=2,12=0×000001c8)” -M $IP > ike-scan-r3-M_tcp1_${IP}.txt

#tcp version 2 for cisco

ike-scan -v –tcp=2 $IP > ike-scan_main_tcp2_${IP}.txt
ike-scan -v –tcp=2 -A $IP > ike-scan_aggressive_tcp2_${IP}.txt
ike-scan -v –tcp=2 -M –showbackoff $IP > ike-scan_backoff_tcp2_${IP}.txt
ike-scan -v –tcp=2 -M -A –id=whocares $IP > ike-scan_Aggressive+ID_tcp2_${IP}.txt
ike-scan -v –tcp=2 -M -A –id=$USER $IP >> ike-scan_Aggressive+ID_tcp2_${IP}.txt
ike-scan -v –tcp=2 –trans=5,2,3,2 –multiline $IP > ike-scan_trans_multiline_tcp2_${IP}.txt
ike-scan -v –tcp=2 –trans=5,2,1,2 –vendor=00 –multiline $IP > ike-scan_trans_vendor_multiline_tcp2_${IP}.txt
ike-scan -v –tcp=2 –aggressive –multiline –id=finance $IP > ike-scan-aggressive-multiline-id_tcp2_${IP}.txt
ike-scan -v –tcp=2 –aggressive –multiline –id=$USER $IP > ike-scan-aggressive-multiline-id_tcp2_${USER}_${IP}.txt
ike-scan -v –tcp=2 –trans=7/256,2,1,2 –aggressive –multiline $IP > ike-scan-trans-aggressive-multiline_tcp2_${IP}.txt
ike-scan -v –tcp=2 -M `perl -e ‘print “–trans=2,3,4,5 ” x 19 . “–trans 5,2,1,2″;’` $IP >> ike-scan-perl-long-trans_tcp2_${IP}.txt
ike-scan –tcp=2 -r 1 –trans=”(4=2,3=3,2=2,1=5)” -M $IP > ike-scan-r1-M_tcp2_${IP}.txt
ike-scan –tcp=2 -r 1 –trans=”(1=5,2=2,3=3,4=2)” -M $IP > ike-scan-r2-M_tcp2_${IP}.txt
ike-scan –tcp=2 –trans=”(1=7,14=256,2=2,3=3,4=2)” -M $IP > ike-scan-r3-M_tcp2_${IP}.txt
ike-scan –tcp=2 –trans=”(1=7,14=256,2=2,3=3,4=2,11=1,12=0×0000007b,11=2,12=0×000001c8)” -M $IP > ike-scan-r3-M_tcp2_${IP}.txt

# Encryption algorithms:
# DES, Triple-DES, AES/128, AES/192 and AES/256
ENCLIST=”1 5 7/128 7/192 7/256″
# Hash algorithms: MD5 and SHA1
HASHLIST=”1 2″
# Authentication methods:
# Pre-Shared Key, RSA Signatures, Hybrid Mode and XAUTH
AUTHLIST=”1 3 64221 65001″
# Diffie-Hellman groups: 1, 2 and 5
GROUPLIST=”1 2 5″
for ENC in $ENCLIST
do
for HASH in $HASHLIST
do
for AUTH in $AUTHLIST
do
for GROUP in $GROUPLIST
do
ike-scan –trans=$ENC,$HASH,$AUTH,$GROUP -M $IP >> ike-scan-transform-loop_${IP}.txt
done
done
done
done

cat ike-scan-transform-loop* | grep -B 2 -A 2 “Handshake returned” > ike-scan-transform-loop-success_${IP}.txt

END=`date +%H-%M-%S`
# this will go at the end of the log

echo “### Files produced ###” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “`ls -la ike-scan*`” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “### End of the test ###” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “$END at `date`” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}

echo “done”
echo “Scan took place from $START to $END”
echo “Look at the logfile and at the directory $DIRNAME”
echo “Have a nice day!”
exit;

Dieser Artikel wurde ausgedruckt ab Sleeping Sheep Hackers…: http://sleepingsheephackers.org

URL zum Artikel: http://sleepingsheephackers.org/2009/10/09/some-stuff-about-ike-scan/

Klicken hier zum Drucken.