This repository was archived by the owner on Aug 7, 2020. It is now read-only.

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
README.md		README.md
groupenum.py		groupenum.py
groupenum.sh		groupenum.sh

Repository files navigation

⚠️ NOTE: This tool is no longer under active maintenance.

THESE SCRIPTS HAVE NOW BEEN SUPERSEDED BY IKEFORCE: https://github.com/SpiderLabs/ikeforce

groupenum

This repository hosts some useful scripts for enumerating VPN group names or IDs.

groupenum.sh:

Shell script to enumerate group names from vulnerable Cisco devices by the presence of the Dead Peer Detection payload in the response. See Cisco reference: http://www.cisco.com/en/US/products/csr/cisco-sr-20101124-vpn-grpname.html The script uses ike-scan http://www.nta-monitor.com/tools-resources/security-tools/ike-scan

groupenum.py

This Python POC enumerates group names from Cisco devices by differing responses to IKE negotiations. See https://www.trustwave.com/spiderlabs/advisories/TWSL2013-004.txt.

Further details and a guide can be found here:

http://blog.spiderlabs.com/2013/03/cracking-ike-aggressive-mode-hashes-part-1.html

http://blog.spiderlabs.com/2013/04/cracking-ike-missionimprobable-part-2.html