Welcome to iker!
iker is an ike-scan wrapper to simplify penetration testing of Internet Key Exchange (IKE) services and encourage stronger IKE implementations.
The following features are supported:
- Discovers IKEv1 and v2 services
- Extracts vendor IDs (VID)
- Guesses the vendor implementation (backoff)
- Enumerates supported transforms in main
- Checks for aggressive mode support and enumerates supported transforms
- Enumerates valid group names(IDs) in aggressive mode
- Parses scan results to identify configuration risks based on industry best-practices
- Outputs scan to text and XML file formats
- Supports Python2+ and Python3+
A full list of the supported algorithms and authentication methods can be found here:
iker requires ike-scan which can be obtained through its APT/YUM package manager respository or GitHub project:
sudo apt update
sudo apt install ike-scan -y
OR
- Follow the instructions from https://github.com/royhills/ike-scan
The following steps will describe how to install ike-scan and iker:
git clone https://github.com/zamanry/iker.git
cd ./iker
The following steps will describe how to use iker:
sudo ./iker.py #.#.#.#
sudo ./iker.py -i <hosts.txt> --fullalgs
sudo ./iker.py -i <hosts.txt> -o <output.txt> -x <output.xml>
sudo ./iker.py -i <hosts.txt> --kegroups="1 2 3 4 5"
Risk is dynamic to each system. iker's default scan scans only configurations with enough risk which need to be changed. The criteria to be considered a risk are:
- Weak encryption algorithms are those considered broken by industry standards or key length is less than 128 bits.
- Weak hash algorithms are those considered broken by industry standards.
- Weak key exchange groups are those considered broken by industry standards or modulus is less than 2048 bits.
- Weak authentication methods are those not using multifactor authentication or not requiring mutual authentication.
This project would not exist if it weren't for the following people:
- Wrote by Julio Gomez Ortega ([email protected])
- Edited and archived by IS Audits and Consulting LLC (https://github.com/isaudits/scripts)