89 lines
3 KiB
Perl
Executable file
89 lines
3 KiB
Perl
Executable file
#!/usr/bin/perl -w
|
|
# ike-scan --trans=5,2,3,2 -o 212.55.202.146
|
|
# for i in 1 2 3 4 5 65001 65002 65003 65004 65005 65006 65007 65008 65009 65010 64221 ; do ./ike-scan --vendor=f4ed19e0c114eb516faaac0ee37daf2807b4381f --auth=$i -M 61.115.200.174; done
|
|
my $debug = 0;
|
|
my $fw = "1.2.3.4";
|
|
$fw = @_;
|
|
# define encryption alg. (RFC2409 App. A and RFC3602)
|
|
my %enc_n = (
|
|
1 => "DES-CBC", # DES-CBC
|
|
2 => "IDEA-CBC", # IDEA-CBC
|
|
3 => "Blowfish-CBC", # Blowfish-CBC
|
|
4 => "RC5-R16-B64-CBC", # RC5-R16-B64-CBC
|
|
5 => "3DES-CBC", # 3DES-CBC
|
|
6 => "CAST-CBC", # CAST-CBC
|
|
"7/256" => "AES/256", # AES-256
|
|
);
|
|
# define hashing alg. (RFC2409 App. A)
|
|
my %hash_n = (
|
|
1 => "MD5", # MD5
|
|
2 => "SHA1", # SHA1
|
|
3 => "Tiger", # Tiger
|
|
#4 => "SHA2_256",
|
|
#5 => "SHA2_384",
|
|
#6 => "SHA2_512",
|
|
);
|
|
# define authentication methods (RFC2409 App. A)
|
|
my %auth_n = (
|
|
1 => "PSK", # pre-shared key
|
|
2 => "DSS", # DSS signatures
|
|
3 => "RSA_SIG", # RSA signatures
|
|
4 => "RSA_ENC", # Encryption with RSA
|
|
5 => "RSA_RevEnc", # Revised encryption with RSA
|
|
65001 => "GSS", # GSS (Windows Kerberos). XAUTH
|
|
65002 => "XAUTH", # XAUTH
|
|
65003 => "XAUTH", # XAUTH
|
|
65004 => "XAUTH", # XAUTH
|
|
65005 => "XAUTH", # XAUTH
|
|
65006 => "XAUTH", # XAUTH
|
|
65007 => "XAUTH", # XAUTH
|
|
65008 => "XAUTH", # XAUTH
|
|
65009 => "XAUTH", # XAUTH
|
|
65010 => "XAUTH", # XAUTH
|
|
64221 => "FW1_AUTH", # Checkpoint hybrid authentication mode
|
|
);
|
|
# define diffie hellman groups (RFC209 App. A and RFC3526)
|
|
my %group_n = (
|
|
1 => "DH1[modp768]", # Group 1 (768 bit)
|
|
2 => "DH2[modp1024]", # Group 2 (1024 bit)
|
|
3 => "DH3[ec2n155]",
|
|
4 => "DH4[ec2n185]",
|
|
5 => "DH5[modp1536]", # Group 5 (1536 bit)
|
|
14 => "DH14[modp2048]", #
|
|
15 => "DH15[modp3072]", #
|
|
16 => "DH16[modp4096]", #
|
|
17 => "DH17[modp6144]", #
|
|
18 => "DH18[modp8192]", #
|
|
);
|
|
|
|
###############################################################################
|
|
# M A I N
|
|
foreach my $fw (@ARGV) {
|
|
|
|
print "Searching for suitable authentication method on $fw...\n";
|
|
foreach $enc (sort keys %enc_n){
|
|
foreach $hash (sort keys %hash_n){
|
|
foreach $auth (sort keys %auth_n){
|
|
foreach $group (sort { $a <=> $b } keys %group_n){
|
|
my $s1 = "$enc,$hash,$auth,$group";
|
|
# print "--trans=$enc,$hash,$auth,$group $enc_n{$enc},$hash_n{$hash,},$auth_n{$auth},$group_n{$group}";
|
|
printf "[%5s,%1s,%5s,%2s] %15s %8s %10s %14s",$enc,$hash,$auth,$group,$enc_n{$enc},$hash_n{$hash,},$auth_n{$auth},$group_n{$group};
|
|
@data=`ike-scan --vendor=f4ed19e0c114eb516faaac0ee37daf2807b4381f -M --trans=$enc,$hash,$auth,$group $fw`;
|
|
#@data=`ike-scan --vendor=4048b7d56ebce88525e7de7f00d6c2d3c0000000 -t 30 -M --trans=$enc,$hash,$auth,$group $fw`;
|
|
foreach $d (@data) {
|
|
if ($debug) { print "\n$d\n"; }
|
|
else { print " - $1 \n" if ($d=~m/VID=\w+ (\(.+\))\n/); }
|
|
}
|
|
print "\b" x 80;
|
|
print " " x 80;
|
|
print "\b" x 80;
|
|
}
|
|
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|