Automic VaultAutomic Vault

brew

Install ike-scan with Homebrew, apt, MacPorts, Nix

Discover and fingerprint IKE hosts. Version 1.9.5 via Homebrew; verified 2026-06-22.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install ike-scan

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install ike-scan

MacPorts ports tree · security/ike-scan/Portfile · source: api.github.com

Linux

Debian aptverified · 92%
sudo apt install ike-scan

Debian stable package indexes · ike-scan · source: deb.debian.org

Nixverified · 92%
nix profile install nixpkgs#ike-scan

nixpkgs package indexes · pkgs/by-name/ik/ike-scan/package.nix · source: api.github.com

overview

Package summary

Discover and fingerprint IKE hosts

Commands and aliases

  • ike-scan
  • psk-crack

history

Project history and usage

ike-scan is Roy Hills' command-line scanner for discovering IPsec VPN endpoints that speak IKE and fingerprinting their implementations. The README frames its core jobs as discovery, fingerprinting, transform enumeration, user enumeration for some VPN systems, and offline pre-shared-key cracking through the bundled psk-crack program.

Project history

The project grew out of NTA Monitor research into UDP retransmission backoff fingerprinting. Roy Hills' 2003 white paper explains the observation that many UDP services, including IKE, leave retransmission timing decisions to implementers, creating measurable patterns that can identify VPN products.

ike-scan v1.0 was the initial public release in the project's NEWS file. Subsequent releases expanded platform support, added Windows binaries, accumulated vendor ID and backoff fingerprints, and added psk-crack for aggressive-mode pre-shared-key material captured by ike-scan.

Version 1.9 marked a major feature expansion: IKEv2 packet support, NAT traversal, source IP spoofing on raw-socket systems, stdin dictionaries for psk-crack, Vendor ID fingerprinting, and improved pseudo-random packet generation. Version 1.9.4 moved development from an internal SVN repository to GitHub.

Adoption history

ike-scan became a standard package for VPN assessment work because it targets the exposed UDP/500 and UDP/4500 surfaces that often sit at network borders. The input metadata shows packaging in Homebrew, Debian, Ubuntu, MacPorts, and Nix, and the README documents builds on Linux, BSDs, Solaris, macOS, Cygwin, and several older Unix systems.

How it is used

Operators use ike-scan to send IKE phase-1 probes to one or many targets, list responding hosts, inspect transform support, collect Vendor ID payloads, and optionally measure retransmission backoff with --showbackoff. In aggressive mode, --pskcrack output can feed psk-crack for dictionary or brute-force testing of captured pre-shared-key hashes.

Why package nerds care

The package is significant because it packages a specific security-research technique, not just a generic network scanner. Its data files, including ike-backoff-patterns and ike-vendor-ids, are part of the value: they turn timing behavior and vendor payloads into repeatable fingerprints that can be updated as products change.

Timeline

  • 2003: UDP backoff fingerprinting white paper describes ike-scan as the example program.
  • v1.0: Initial public release supports Debian, FreeBSD, and OpenBSD builds.
  • v1.7: psk-crack and aggressive-mode PSK capture support are added.
  • v1.8: Vendor ID and UDP backoff pattern databases expand to 135 vendor IDs and 29 backoff patterns.
  • v1.9: IKEv2, NAT traversal, Vendor ID fingerprinting, and stdin dictionaries for psk-crack are added.
  • 2013: v1.9.4 moves development from internal SVN to GitHub.

Related projects

  • ike-scan sits beside packet tools such as tcpdump and broader scanners such as Nmap, but its closest related artifact is its own UDP backoff fingerprinting paper. Its psk-crack companion makes it part scanner and part focused IPsec assessment toolkit.

Sources

  • Project README, NEWS file, UDP backoff fingerprinting paper, vendor ID database, GitHub repository metadata, and Homebrew formula metadata.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 13 platform targets.
  • Installs with 1 runtime dependencies.
  • Build metadata lists 3 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
ike-scancliglobal executable
psk-crackcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.9.5
manager updated2026-06-22
local dataok
upstreamcurrent
latest detected1.9.5

https://github.com/royhills/ike-scan

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:ike-scan
Version1.9.5
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/ike-scan
Homepagehttps://github.com/royhills/ike-scan
Repositoryhttps://github.com/royhills/ike-scan
Upstream docshttps://github.com/royhills/ike-scan#readme
LicenseGPL-3.0-or-later WITH openvpn-openssl-exception
Source archivehttps://github.com/royhills/ike-scan/archive/refs/tags/1.9.5.tar.gz
Last updated2026-06-22T14:03:45-07:00
Pulseupdated
Dependenciesopenssl@3
Build dependenciesautoconf, automake, libtool
Bottleavailable (on arm64_big_sur, arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, big_sur, catalina, monterey, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameike-scan
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

ike-scan 1.9.5-2

discover and fingerprint IKE hosts (IPsec VPN Servers)

https://github.com/royhills/ike-scan

sudo apt install ike-scan
  • Section: net
  • Architecture: amd64
  • 2 dependencies
  • normalized package name match
  • Matched by: Ike Scan
Debian stable package indexes · deb.debian.org · Debian stable package indexes: ike-scan from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

ike-scan

nix profile install nixpkgs#ike-scan
  • normalized package name match
  • Matched by: Ike Scan
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ik/ike-scan/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

ike-scan 1.9.5-1ubuntu1

discover and fingerprint IKE hosts (IPsec VPN Servers)

https://github.com/royhills/ike-scan

sudo apt install ike-scan
  • Section: universe/net
  • Architecture: amd64
  • 2 dependencies
  • normalized package name match
  • Matched by: Ike Scan
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: ike-scan from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
MacPorts95%

ike-scan

sudo port install ike-scan
  • normalized package name match
  • Matched by: Ike Scan
MacPorts ports tree · api.github.com · MacPorts ports tree: security/ike-scan/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment