Add ike-version and ike library by Jesper Kückelhahn.

http://seclists.org/nmap-dev/2013/q1/49

scripts/ike-version.nse

@@ -0,0 +1,125 @@
+local nmap = require "nmap"
+local stdnse = require "stdnse"
+local shortport = require "shortport"
+local table = require "table"
+local ike = require "ike"
+
+
+description=[[
+	Get information from an IKE service.
+	Tests the service with both Main and Aggressive Mode. 
+	Sends multiple transforms in a single request, so currently, 
+	only two packets are sent to the host.
+]]
+
+
+---
+-- @output
+-- PORT    STATE SERVICE REASON       VERSION
+-- 500/udp open  isakmp  udp-response Cisco VPN Concentrator 3000 4.0.7
+-- Service Info: OS: pSOS+; Device: VPN; CPE: cpe:/h:cisco:concentrator
+---
+
+
+author = "Jesper Kueckelhahn"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"default", "discovery", "safe", "version"}
+
+portrule = shortport.port_or_service(500, "isakmp", "udp")
+
+
+-- Test different methods for getting version 
+-- 
+local function get_version(host, port)
+	local packet, version, t 
+	local auth			= {"psk", "rsa", "Hybrid", "XAUTH"}
+	local encryption	= {"des", "3des", "aes/128", "aes/192", "aes/256"}
+	local hash			= {"md5", "sha1"}
+	local group			= {"768", "1024", "1536"}
+
+
+	-- generate transforms
+	t = {}
+	for h,a in pairs(auth) do
+		for i,e in pairs(encryption) do
+			for j,h in pairs(hash) do
+				for k,g in pairs(group) do
+					table.insert(t, { ['auth'] = a, ['encryption'] = e, ['hash'] = h, ['group'] = g});
+				end
+			end
+		end
+	end
+
+
+	-- try aggressive mode (diffie hellman group 2)
+	local diffie = 2
+	stdnse.print_debug(1, "Sending Aggressive mode packet ...")
+	packet = ike.request(port.number, port.protocol, 'Aggressive', t, diffie, 'vpngroup')
+	version = ike.send_request(host, port, packet)
+	if version.success then
+		return version
+	end
+	stdnse.print_debug(1, "Aggressive mode (dh 2) failed")
+
+	-- try aggressive mode (diffie hellman group 1)
+	diffie = 1
+	stdnse.print_debug(1, "Sending Aggressive mode packet ...")
+	packet = ike.request(port.number, port.protocol, 'Aggressive', t, diffie, 'vpngroup')
+	version = ike.send_request(host, port, packet)
+	if version.success then
+		return version
+	end
+	stdnse.print_debug(1, "Aggressive mode (dh 1) failed")
+
+	-- try aggressive mode (diffie hellman group 2, no id)
+	-- some checkpoint devices respond to this
+	local diffie = 2
+	stdnse.print_debug(1, "Sending Aggressive mode packet ...")
+	packet = ike.request(port.number, port.protocol, 'Aggressive', t, diffie, '')
+	version = ike.send_request(host, port, packet)
+	if version.success then
+		return version
+	end
+	stdnse.print_debug(1, "Aggressive mode (dh 2, no id) failed")
+
+	-- try main mode
+	stdnse.print_debug(1, "Sending Main mode packet ...")
+	packet = ike.request(port.number, port.protocol, 'Main', t, '')
+	version = ike.send_request(host, port, packet)
+	if version.success then
+		return version
+	end
+	stdnse.print_debug(1, "Main mode failed")
+
+	stdnse.print_debug(1, "Version detection not possible")
+	return false
+end
+
+
+action = function( host, port )
+	local ike_response = get_version(host, port)
+
+	if ike_response then
+
+		-- Extra information found in the response. Kept for future reference.
+		-- local mode = ike_response['mode']
+		-- local vids = ike_response['vids']
+
+		local info = ike_response['info']
+		if info.vendor ~= nil then
+			port.version.product = info.vendor.vendor
+			port.version.version = info.vendor.version
+			port.version.ostype  = info.vendor.ostype
+			port.version.devicetype = info.vendor.devicetype
+			table.insert(port.version.cpe, info.vendor.cpe)
+
+			nmap.set_port_version(host, port, "hardmatched")
+			nmap.set_port_state(host, port, "open")
+		end
+	end
+	stdnse.print_debug(1, "Version: %s", port.version.product )
+	return
+end
+
+
+