Pentesting VPN's ike-scan

During a pentest, we may encounter VPN endpoints. However, finding vulnerabilities in those endpoints and exploiting them is not a well-known method. VPN endpoints use the Internet Key Exchange (IKE) protocol to set up a security association between multiple clients to establish a VPN tunnel.

IKE has two phases. Phase 1 is responsible for setting up and establishing a secure authenticated communication channel. Phase 2 encrypts and transports data.

Our focus of interest here is Phase 1. It uses two methods of exchanging keys:

• Main mode
• Aggressive mode

We hunt for Aggressive-mode-enabled VPN endpoints using PSK authentication.