Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import os
- import sys
- import subprocess
- class bcolors:
- HEADER = '\033[95m'
- OKBLUE = '\033[94m'
- OKGREEN = '\033[92m'
- WARNING = '\033[93m'
- FAIL = '\033[91m'
- ENDC = '\033[0m'
- BOLD = '\033[1m'
- UNDERLINE = '\033[4m'
- def help():
- print " _ _ _ "
- print " | | (_) | "
- print " __ _ _ _| |_ ___ _| | _____ "
- print " / _` | | | | __/ _ \| | |/ / _ \ "
- print " | (_| | |_| | || (_) | | < __/ "
- print " \__,_|\__,_|\__\___/|_|_|\_\___| "
- print bcolors.OKGREEN + "[*] ike aggressive mode scan by kblaedel@deloitte.dk " + bcolors.ENDC
- print ""
- print bcolors.WARNING + "Usage: ./ike.py <company> <IP>" + bcolors.ENDC
- # Create folder(s) if they don't exist.
- def ensure_dir(path):
- try:
- os.makedirs(path)
- except OSError as e:
- pass
- # Log findings in file
- def log_positives(path, results):
- with open("{}.txt".format(path), 'w') as fid:
- for result in results:
- fid.write(result + "\n")
- print "\n" + bcolors.OKBLUE + "[*] Results stored in {}".format(path) + bcolors.ENDC
- fid.close()
- def find_aggressives(company, ip):
- # Encryption algorithms: DES, Tripe-DES, AES/128, AES/192 and AES/256
- encryptions = [1, 5, "7/128", "7/192", "7/256"]
- #Hash algorithms: MD5 and SHA-1
- hashes = [1, 2]
- #Authentication methods: Pre-Shared Key, RSA Signatures, Hybrid Mode and XAUTH
- auths = [1, 3, 64221, 65001]
- #Diffie-Hellman groups: 1, 2 and 5
- groups = [1, 2, 5]
- transformations = []
- aggressive_modes = []
- for enc in encryptions:
- for hash in hashes:
- for auth in auths:
- for group in groups:
- transformations.append("--trans={},{},{},{}".format(enc,hash,auth,group))
- for trans in transformations:
- # XXX: this crashes if retcode is non-zero, so surrounded with try-catch
- # yours, mfaerevaag
- try:
- res = subprocess.check_output(["timeout", "2", "ike-scan", "{}".format(trans), "-A", "--id={}".format(sys.argv[1]), "{}".format(sys.argv[2])])
- if "Aggressive Mode Handshake returned" in res:
- print "[*] Cisco aggressive mode found with {}".format(trans)
- aggressive_modes.append(res)
- except subprocess.CalledProcessError as e:
- print "[!] ike-scan returned non-zero exit code {}".format(e.returncode)
- res = subprocess.check_output(["timeout", "5", "ike-scan", "-M", "-A", "-y", "1", "{}".format(sys.argv[2])])
- if "Aggressive Mode Handshake returned" in res:
- print "[*] Sonic Wall aggressive mode found!"
- aggressive_modes.append(res)
- log_positives("{}/vpn_aggressive_{}".format(sys.argv[1], sys.argv[2]), aggressive_modes)
- if len(sys.argv) != 3:
- help()
- else:
- ensure_dir(sys.argv[1])
- find_aggressives(sys.argv[1], sys.argv[2])
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement