macOS
brew install ike-scanlocal Homebrew formula metadata
sudo port install ike-scanMacPorts ports tree · security/ike-scan/Portfile · source: api.github.com
brew
Discover and fingerprint IKE hosts. Version 1.9.5 via Homebrew; verified 2026-06-22.
install
brew install ike-scanlocal Homebrew formula metadata
sudo port install ike-scanMacPorts ports tree · security/ike-scan/Portfile · source: api.github.com
sudo apt install ike-scanDebian stable package indexes · ike-scan · source: deb.debian.org
nix profile install nixpkgs#ike-scannixpkgs package indexes · pkgs/by-name/ik/ike-scan/package.nix · source: api.github.com
overview
Discover and fingerprint IKE hosts
history
ike-scan is Roy Hills' command-line scanner for discovering IPsec VPN endpoints that speak IKE and fingerprinting their implementations. The README frames its core jobs as discovery, fingerprinting, transform enumeration, user enumeration for some VPN systems, and offline pre-shared-key cracking through the bundled psk-crack program.
The project grew out of NTA Monitor research into UDP retransmission backoff fingerprinting. Roy Hills' 2003 white paper explains the observation that many UDP services, including IKE, leave retransmission timing decisions to implementers, creating measurable patterns that can identify VPN products.
ike-scan v1.0 was the initial public release in the project's NEWS file. Subsequent releases expanded platform support, added Windows binaries, accumulated vendor ID and backoff fingerprints, and added psk-crack for aggressive-mode pre-shared-key material captured by ike-scan.
Version 1.9 marked a major feature expansion: IKEv2 packet support, NAT traversal, source IP spoofing on raw-socket systems, stdin dictionaries for psk-crack, Vendor ID fingerprinting, and improved pseudo-random packet generation. Version 1.9.4 moved development from an internal SVN repository to GitHub.
ike-scan became a standard package for VPN assessment work because it targets the exposed UDP/500 and UDP/4500 surfaces that often sit at network borders. The input metadata shows packaging in Homebrew, Debian, Ubuntu, MacPorts, and Nix, and the README documents builds on Linux, BSDs, Solaris, macOS, Cygwin, and several older Unix systems.
Operators use ike-scan to send IKE phase-1 probes to one or many targets, list responding hosts, inspect transform support, collect Vendor ID payloads, and optionally measure retransmission backoff with --showbackoff. In aggressive mode, --pskcrack output can feed psk-crack for dictionary or brute-force testing of captured pre-shared-key hashes.
The package is significant because it packages a specific security-research technique, not just a generic network scanner. Its data files, including ike-backoff-patterns and ike-vendor-ids, are part of the value: they turn timing behavior and vendor payloads into repeatable fingerprints that can be updated as products change.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
ike-scan | cli | global executable | |
psk-crack | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/royhills/ike-scan
install metadata
| Package key | brew:ike-scan |
|---|---|
| Version | 1.9.5 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/ike-scan |
| Homepage | https://github.com/royhills/ike-scan |
| Repository | https://github.com/royhills/ike-scan |
| Upstream docs | https://github.com/royhills/ike-scan#readme |
| License | GPL-3.0-or-later WITH openvpn-openssl-exception |
| Source archive | https://github.com/royhills/ike-scan/archive/refs/tags/1.9.5.tar.gz |
| Last updated | 2026-06-22T14:03:45-07:00 |
| Pulse | updated |
| Dependencies | openssl@3 |
| Build dependencies | autoconf, automake, libtool |
| Bottle | available (on arm64_big_sur, arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, big_sur, catalina, monterey, sonoma, ventura, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | ike-scan |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
ike-scan 1.9.5-2
discover and fingerprint IKE hosts (IPsec VPN Servers)
https://github.com/royhills/ike-scan
sudo apt install ike-scanike-scan
nix profile install nixpkgs#ike-scanike-scan 1.9.5-1ubuntu1
discover and fingerprint IKE hosts (IPsec VPN Servers)
https://github.com/royhills/ike-scan
sudo apt install ike-scanike-scan
sudo port install ike-scansource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.