# Install ike-scan with Homebrew, apt, MacPorts, Nix

Discover and fingerprint IKE hosts. Version 1.9.5 via Homebrew; verified 2026-06-22.

## Install

```sh
sudo av install brew:ike-scan
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install ike-scan
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install ike-scan
```

  Evidence: MacPorts ports tree: security/ike-scan/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- Debian apt (92%):

```sh
sudo apt install ike-scan
```

  Evidence: Debian stable package indexes: ike-scan from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- Nix (92%):

```sh
nix profile install nixpkgs#ike-scan
```

  Evidence: nixpkgs package indexes: pkgs/by-name/ik/ike-scan/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:ike-scan
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/ike-scan>
- **Version:** 1.9.5
- **Source summary:** Discover and fingerprint IKE hosts
- **Homepage:** <https://github.com/royhills/ike-scan>
- **Repository:** <https://github.com/royhills/ike-scan>
- **Upstream docs:** <https://github.com/royhills/ike-scan#readme>
- **License:** GPL-3.0-or-later WITH openvpn-openssl-exception
- **Source archive:** <https://github.com/royhills/ike-scan/archive/refs/tags/1.9.5.tar.gz>
- **Last updated:** 2026-06-22T14:03:45-07:00
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- ike-scan (cli)
- psk-crack (cli)
- ike-scan (alias)
- psk-crack (alias)

## Dependencies

- openssl@3

## Build dependencies

- autoconf
- automake
- libtool

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_big_sur, arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, big_sur, catalina, monterey, sonoma, ventura

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.9.5
- Package-manager updated: 2026-06-22
- Local data: ok
- Upstream repository: https://github.com/royhills/ike-scan
- Upstream latest detected: 1.9.5 (current)
## Project history and usage

ike-scan is Roy Hills' command-line scanner for discovering IPsec VPN endpoints that speak IKE and fingerprinting their implementations. The README frames its core jobs as discovery, fingerprinting, transform enumeration, user enumeration for some VPN systems, and offline pre-shared-key cracking through the bundled psk-crack program.

### Project history

The project grew out of NTA Monitor research into UDP retransmission backoff fingerprinting. Roy Hills' 2003 white paper explains the observation that many UDP services, including IKE, leave retransmission timing decisions to implementers, creating measurable patterns that can identify VPN products.

ike-scan v1.0 was the initial public release in the project's NEWS file. Subsequent releases expanded platform support, added Windows binaries, accumulated vendor ID and backoff fingerprints, and added psk-crack for aggressive-mode pre-shared-key material captured by ike-scan.

Version 1.9 marked a major feature expansion: IKEv2 packet support, NAT traversal, source IP spoofing on raw-socket systems, stdin dictionaries for psk-crack, Vendor ID fingerprinting, and improved pseudo-random packet generation. Version 1.9.4 moved development from an internal SVN repository to GitHub.

### Adoption history

ike-scan became a standard package for VPN assessment work because it targets the exposed UDP/500 and UDP/4500 surfaces that often sit at network borders. The input metadata shows packaging in Homebrew, Debian, Ubuntu, MacPorts, and Nix, and the README documents builds on Linux, BSDs, Solaris, macOS, Cygwin, and several older Unix systems.

### How it is used

Operators use ike-scan to send IKE phase-1 probes to one or many targets, list responding hosts, inspect transform support, collect Vendor ID payloads, and optionally measure retransmission backoff with --showbackoff. In aggressive mode, --pskcrack output can feed psk-crack for dictionary or brute-force testing of captured pre-shared-key hashes.

### Why package nerds care

The package is significant because it packages a specific security-research technique, not just a generic network scanner. Its data files, including ike-backoff-patterns and ike-vendor-ids, are part of the value: they turn timing behavior and vendor payloads into repeatable fingerprints that can be updated as products change.

### Timeline

- 2003: UDP backoff fingerprinting white paper describes ike-scan as the example program.
- v1.0: Initial public release supports Debian, FreeBSD, and OpenBSD builds.
- v1.7: psk-crack and aggressive-mode PSK capture support are added.
- v1.8: Vendor ID and UDP backoff pattern databases expand to 135 vendor IDs and 29 backoff patterns.
- v1.9: IKEv2, NAT traversal, Vendor ID fingerprinting, and stdin dictionaries for psk-crack are added.
- 2013: v1.9.4 moves development from internal SVN to GitHub.

### Related projects

- ike-scan sits beside packet tools such as tcpdump and broader scanners such as Nmap, but its closest related artifact is its own UDP backoff fingerprinting paper. Its psk-crack companion makes it part scanner and part focused IPsec assessment toolkit.

### Sources

- Project README, NEWS file, UDP backoff fingerprinting paper, vendor ID database, GitHub repository metadata, and Homebrew formula metadata.


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** ike-scan
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Debian apt - ike-scan - 1.9.5-2: normalized package name match | Debian stable package indexes: ike-scan from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | discover and fingerprint IKE hosts (IPsec VPN Servers) | https://github.com/royhills/ike-scan
- Nix - ike-scan: normalized package name match | nixpkgs package indexes: pkgs/by-name/ik/ike-scan/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - ike-scan - 1.9.5-1ubuntu1: normalized package name match | Ubuntu 24.04 LTS package indexes: ike-scan from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | discover and fingerprint IKE hosts (IPsec VPN Servers) | https://github.com/royhills/ike-scan
- MacPorts - ike-scan: normalized package name match | MacPorts ports tree: security/ike-scan/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [openssl@3](https://www.automicvault.com/pkg/brew/openssl-3/) - Runtime dependency declared by Homebrew.
- [autoconf](https://www.automicvault.com/pkg/brew/autoconf/) - Build dependency declared by Homebrew.
- [automake](https://www.automicvault.com/pkg/brew/automake/) - Build dependency declared by Homebrew.
- [libtool](https://www.automicvault.com/pkg/brew/libtool/) - Build dependency declared by Homebrew.
- [nmap](https://www.automicvault.com/pkg/brew/nmap/) - Shares av.db curated category or tags: cli, network-scanning, scanner, security.
- [masscan](https://www.automicvault.com/pkg/brew/masscan/) - Shares av.db curated category or tags: cli, network-scanning, security.
- [naabu](https://www.automicvault.com/pkg/brew/naabu/) - Shares av.db curated category or tags: cli, network-scanning, security.
- [strongswan](https://www.automicvault.com/pkg/brew/strongswan/) - Shares av.db curated category or tags: cli, ike, security, vpn.
- [synscan](https://www.automicvault.com/pkg/brew/synscan/) - Shares av.db curated category or tags: cli, network-scanning, security.
- [apkleaks](https://www.automicvault.com/pkg/brew/apkleaks/) - Shares av.db curated category or tags: cli, scanner, security.
- [bbot](https://www.automicvault.com/pkg/brew/bbot/) - Shares av.db curated category or tags: cli, scanner, security.
- [easy-rsa](https://www.automicvault.com/pkg/brew/easy-rsa/) - Shares av.db curated category or tags: cli, security, vpn.
- [sslscan](https://www.automicvault.com/pkg/brew/sslscan/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, discover, openssl, openssl-3, scanner.
- [hydra](https://www.automicvault.com/pkg/brew/hydra/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, network, openssl, openssl-3, security.

## Combined YAML source

View the package source record on GitHub. [combined/ike-scan.yml](https://github.com/automic-vault/db/blob/main/combined/ike-scan.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
