ike-scan and ikev2

[Himself132]

Are you aware of any scripts that can enumerate acceptable cipher suites and combinations of the separate attributes for ikev2 similar to what ike-scan does for ikev1? I see that I can see what dhgroups are acceptable but ike-scan responds with a message saying that ikev2 does not accept custom proposals. Does this mean that ikev2 hides what is acceptable until further along the handshake/auth or am I missing something? If the cipher suites can be enumerated how much work would it be to modify the script and do you have any suggestions on how to go about it? I'd like to spend some time on this outside of a test I'm doing and just wondering how much of an investment it'd be or if I should work through scapy.

[mcjon3z]

I have not come across anything to that effect but would be interested to see it if you do. There are not a lot of tools out there dealing with IKE compared to other protocols.

The ike-scan script in this repo is really just a wrapper that automates testing various cypher suites. The main ike-scan dev would probably be the best place to check on getting it to work properly with ikev2 - https://github.com/royhills/ike-scan

iker is another one I have used in the past, however it did not appear to be actively maintained last I checked.