#!/usr/bin/perl -w
# ike-scan --trans=5,2,3,2 -o 212.55.202.146
#  for i in 1 2 3 4 5 65001 65002 65003 65004 65005 65006 65007 65008 65009 65010 64221 ; do ./ike-scan --vendor=f4ed19e0c114eb516faaac0ee37daf2807b4381f --auth=$i -M 61.115.200.174; done 
my $debug = 0;
my $fw = "1.2.3.4";
   $fw = @_;
# define encryption alg. (RFC2409 App. A and RFC3602)
my %enc_n = (
 	1 => "DES-CBC",		# DES-CBC
	2 => "IDEA-CBC",	# IDEA-CBC
	3 => "Blowfish-CBC",	# Blowfish-CBC
	4 => "RC5-R16-B64-CBC",	# RC5-R16-B64-CBC
	5 => "3DES-CBC",	# 3DES-CBC
	6 => "CAST-CBC",	# CAST-CBC
	"7/256" => "AES/256",   # AES-256
);
# define hashing alg. (RFC2409 App. A)
my %hash_n = (
	1 => "MD5",		# MD5
	2 => "SHA1",		# SHA1
	3 => "Tiger",		# Tiger
	#4 => "SHA2_256",
	#5 => "SHA2_384",
	#6 => "SHA2_512",
);
# define authentication methods (RFC2409 App. A)
my %auth_n = (
	1 => "PSK",		# pre-shared key
	2 => "DSS",		# DSS signatures
	3 => "RSA_SIG",		# RSA signatures
	4 => "RSA_ENC",		# Encryption with RSA
	5 => "RSA_RevEnc",	# Revised encryption with RSA
    65001 => "GSS",		# GSS (Windows Kerberos).  XAUTH
    65002 => "XAUTH",		# XAUTH
    65003 => "XAUTH",		# XAUTH
    65004 => "XAUTH",		# XAUTH
    65005 => "XAUTH",		# XAUTH
    65006 => "XAUTH",		# XAUTH
    65007 => "XAUTH",		# XAUTH
    65008 => "XAUTH",		# XAUTH
    65009 => "XAUTH",		# XAUTH
    65010 => "XAUTH",		# XAUTH
    64221 => "FW1_AUTH",	# Checkpoint hybrid authentication mode
);
# define diffie hellman groups (RFC209 App. A and RFC3526)
my %group_n = (	
	1 => "DH1[modp768]",	# Group 1 (768 bit)	   
	2 => "DH2[modp1024]",	# Group 2 (1024 bit) 
	3 => "DH3[ec2n155]",
	4 => "DH4[ec2n185]",
	5 => "DH5[modp1536]",	# Group 5 (1536 bit)  
       14 => "DH14[modp2048]",	#
       15 => "DH15[modp3072]",	#
       16 => "DH16[modp4096]",	#
       17 => "DH17[modp6144]",	#
       18 => "DH18[modp8192]",	#
);
	
###############################################################################
# M A I N
foreach my $fw (@ARGV) {
	
	print "Searching for suitable authentication method on $fw...\n";
	foreach $enc (sort keys %enc_n){
	  foreach $hash (sort keys %hash_n){
	    foreach $auth (sort keys %auth_n){
	      foreach $group (sort { $a <=> $b } keys %group_n){
	      	my $s1 = "$enc,$hash,$auth,$group";
	      	# print "--trans=$enc,$hash,$auth,$group $enc_n{$enc},$hash_n{$hash,},$auth_n{$auth},$group_n{$group}";
	        printf "[%5s,%1s,%5s,%2s] %15s %8s %10s %14s",$enc,$hash,$auth,$group,$enc_n{$enc},$hash_n{$hash,},$auth_n{$auth},$group_n{$group};
	        @data=`ike-scan --vendor=f4ed19e0c114eb516faaac0ee37daf2807b4381f -M --trans=$enc,$hash,$auth,$group $fw`;
	        #@data=`ike-scan --vendor=4048b7d56ebce88525e7de7f00d6c2d3c0000000 -t 30 -M --trans=$enc,$hash,$auth,$group $fw`;
	        foreach $d (@data) {
	          if ($debug) {	print "\n$d\n"; }
	          else { print " - $1  \n" if ($d=~m/VID=\w+ (\(.+\))\n/); }
	        }
	        print "\b" x 80;
	        print " " x 80;
	        print "\b" x 80;
	      }
	      
	    }
	  }
	}
}