#!/bin/sh

if [ -z "$1" ]; then
   echo "Usage: `basename $0` <Target> [Group ID] [debug]"
else
   if [ -z "$2" ]; then
      GroupID='test'
   else
      GroupID=$2
   fi
   if [ -n "$3" ]; then
      DEBUG=true
   fi
   # Diffie-Hellman groups: MODP 768, MODP 1024, MODP 1536, EC2N 155, EC2N 185, EC2N 163, EC2N 163, EC2N 183, EC2N 183, EC2N 409, EC2N 409, EC2N 571, EC2N 571, MODP 2048, MODP 3072, MODP 4096, MODP 6144, MODP 8192
   GROUPLIST="2 1 5 3 4 6 7 8 9 10 11 12 13 14 15 16 17 18"
   # Encryption algorithms: DES, 3DES, AES/128, AES/192, AES/256, IDEA, Blowfish, RC5, CAST, Camellia
   ENCLIST="5 1 7/128 7/192 7/256 2 3 4 6 8"
   # Authentication methods: PSK, XAUTH, DSS Sig, RSA Sig, RSA Enc, Revised RSA Enc, ElGamel Enc, Revised ElGamel Enc, ECDSA Sig, and Hybrid Mode
   AUTHLIST="1 65001 2 3 4 5 6 7 8 64221"
   # Hash algorithms: MD5, SHA1, Tiger, SHA-256, SHA-384, SHA-512
   HASHLIST="1 2 3 4 5 6"
   #
   for GROUP in $GROUPLIST; do
      for ENC in $ENCLIST; do
         for AUTH in $AUTHLIST; do
            for HASH in $HASHLIST; do
               ikenormalresult=`ike-scan --trans=$ENC,$HASH,$AUTH,$GROUP $1`
               if [ $DEBUG ]; then
                  echo "\n[i] ike-scan --trans=$ENC,$HASH,$AUTH,$GROUP $1"
                  echo $ikenormalresult
               fi
               normalhandshakefound=`echo $ikenormalresult | grep -v "1 returned notify"`
               if [ -n "$normalhandshakefound" ]; then
                  echo "\n[*] Handshake found:"
                  echo "[*] ike-scan --trans=$ENC,$HASH,$AUTH,$GROUP $1"
                  echo "[*] Testing for agressive mode..."
                  ikeagressiveresult=`ike-scan -A -id=$GroupID --trans=$ENC,$HASH,$AUTH,$GROUP $1`
                  if [ $DEBUG ]; then
                     echo "[i] ike-scan -A -P -v -id=$GroupID --trans=$ENC,$HASH,$AUTH,$GROUP $1"
                     echo $ikeagressiveresult
                  fi
                  errorcheck=`echo $ikeagressiveresult | grep "Pass 1 of 3 completed"`
                  if [ -n "$errorcheck" ]; then
                     echo "[i] POTENTIAL NETWORKING ISSUE!!!"
                  fi
                  agressivehandshakefound=`echo $ikeagressiveresult | grep "Aggressive Mode Handshake returned"`
                  if [ -n "$agressivehandshakefound" ]; then
                     echo "[!] Agressive mode handshake found..."
                     echo "[*] ike-scan -A -P -v -id=$GroupID --trans=$ENC,$HASH,$AUTH,$GROUP $1"
                     ikecipher=`echo $ikeagressiveresult | sed "s/ /\n/g" | grep "Enc=" | awk -F "(" {'print $2'}`
                     ikehash=`echo $ikeagressiveresult | sed "s/ /\n/g" | grep "Hash="`
                     ikekeylength=`echo $ikeagressiveresult | sed "s/ /\n/g" | grep "KeyLength="`
                     ikemodulus=`echo $ikeagressiveresult | sed "s/ /\n/g" | grep "Group="`
                     ikeauth=`echo $ikeagressiveresult | sed "s/ /\n/g" | grep "Auth="`
                     echo "[*] "$ikecipher" "$ikehash" "$ikekeylength" "$ikemodulus" "$ikeauth
                  fi
               fi
            done
         done
      done
   done
fi