{"id":13826342,"url":"https://github.com/dlenski/what-vpn","last_synced_at":"2025-10-12T13:15:14.467Z","repository":{"id":35141802,"uuid":"117638123","full_name":"dlenski/what-vpn","owner":"dlenski","description":"Identify servers running various SSL VPNs based on protocol-specific behaviors","archived":false,"fork":false,"pushed_at":"2024-04-13T19:43:12.000Z","size":98,"stargazers_count":59,"open_issues_count":6,"forks_count":12,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-04-14T09:56:01.254Z","etag":null,"topics":["identify-servers","network-discovery","network-security","ssl-vpns","testing-tools","tls","tls-scan","vpn"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dlenski.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2018-01-16T05:59:10.000Z","updated_at":"2024-04-16T18:03:28.524Z","dependencies_parsed_at":"2024-04-16T18:03:20.599Z","dependency_job_id":null,"html_url":"https://github.com/dlenski/what-vpn","commit_stats":{"total_commits":89,"total_committers":2,"mean_commits":44.5,"dds":0.0786516853932584,"last_synced_commit":"ea6382943a1b7d3ce9c2c3f48425d5891ecf58c2"},"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlenski%2Fwhat-vpn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlenski%2Fwhat-vpn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlenski%2Fwhat-vpn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlenski%2Fwhat-vpn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dlenski","download_url":"https://codeload.github.com/dlenski/what-vpn/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225303898,"owners_count":17453029,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["identify-servers","network-discovery","network-security","ssl-vpns","testing-tools","tls","tls-scan","vpn"],"created_at":"2024-08-04T09:01:35.920Z","updated_at":"2025-10-12T13:15:09.418Z","avatar_url":"https://github.com/dlenski.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"d62a971d37c69db9f3b9187318c3921a\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"8ea8f890cf767c3801b5e7951fca3570\"\u003e\u003c/a\u003e公网访问局域网"],"readme":"[![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)\n[![Build Status](https://github.com/dlenski/what-vpn/workflows/test_and_release/badge.svg)](https://github.com/dlenski/what-vpn/actions?query=workflow%3Atest_and_release)\n[![PyPI](https://img.shields.io/pypi/v/what-vpn.svg)](https://pypi.python.org/pypi/what-vpn)\n\n# what-vpn\n\nIdentifies servers running various SSL VPNs. (They should really be called\n\"TLS-based\" VPNs, but \"SSL VPN\" has become the de facto standard jargon.)\nCurrently it can recognize…\n\n* Cisco AnyConnect and [OpenConnect (ocserv)](https://ocserv.gitlab.io/www)\n* Juniper Network Connect/Pulse\n* PAN GlobalProtect\n* Barracuda Networks\n* Check Point\n* Microsoft SSTP\n* [OpenVPN](https://openvpn.net/)\n* Fortinet\n* Array Networks\n* F5 BigIP\n* SonicWall NX (spin-off from [Dell](https://www.sonicwall.com/news/sonicwall-announces-spin-out-from-dell-software-gr))\n* Aruba VIA\n* Huawei\n* H3C\n\n## Install\n\nRequires Python 3, `pip`, and [`requests`](https://docs.python-requests.org):\n\n```sh\n$ pip3 install https://github.com/dlenski/what-vpn/archive/master.zip\n...\n$ what-vpn\nusage: what-vpn [-h] [-k] [-t SEC] [-v | -c] server [server ...]\nwhat-vpn: error: the following arguments are required: server\n```\n\n## Examples\n\n```sh\n$ what-vpn vpn.colorado.edu vpn.northeastern.edu \\\n    vpn.tnstate.edu vpn.smith.edu vpn.caltech.edu \\\n    vpn.yale.edu vpn.drew.edu vpn.uca.edu vpn.simmons.edu \\\n    vpn.nl.edu cpvpn.its.hawaii.edu ssl-vpn.***.com \\\n    viavpn.luther.edu\nvpn.colorado.edu: AnyConnect/OpenConnect (Cisco)\nvpn.northeastern.edu: PAN GlobalProtect (portal)\nvpn.tnstate.edu: PAN GlobalProtect (portal+gateway)\nvpn.smith.edu: Juniper Network Connect\nvpn.caltech.edu: AnyConnect/OpenConnect (Cisco, ASA (9.1(6)6))\nvpn.yale.edu: AnyConnect/OpenConnect (Cisco, ASA (8.4(5)))\nvpn.uca.edu: Barracuda (2017)\nvpn.simmons.edu: Check Point (2015, 20%)\nvpn.nl.edu: Check Point\ncpvpn.its.hawaii.edu: Check Point\nvpn.***.com: Array Networks (40%)\nssl-vpn.***.com: no match\nviavpn.luther.edu Aruba VIA (80%)\n\n$ what-vpn -kv vpn.***.com\n\nSniffing ***.***.com ...\n  Is it AnyConnect/OpenConnect? ocserv, 0.8.0-0.11.6\n  Is it Juniper Network Connect? no match\n  Is it PAN GlobalProtect? no match\n  Is it Barracuda? no match\n  Is it Check Point? no match\n  Is it SSTP? no match\n  Is it OpenVPN? no match\n  =\u003e AnyConnect/OpenConnect (ocserv, 0.8.0-0.11.6)\n```\n\n# Interesting results\n\nAn interesting question for the open source community, including the indispensable\n[OpenConnect](https://www.infradead.org/openconnect) (which I also contribute to) is…\n\n\u003e What are the most commonly-used SSL VPN protocols in the real world?\n\n### 2019 results\n\nIn April 2019, I took a list of major universities and companies in the USA, and\ngenerated some guesses for the hostnames of their VPN endpoints\n(e.g. `{vpn,ssl-vpn,sslvpn}.*.{edu,com}`). I then used `what-vpn` to probe them all\nand looked at the subset of the results that matched to an identifiable SSL\nVPN protocol:\n\n```\n  1  Check Point\n  1  Citrix (manually inspected, don't know how to reliably autodetect)\n  1  OpenVPN\n  5  Dell or SonicWall (manually inspected, didn't know how to reliably autodetect at the time\n  7  Fortinet\n  7  Barracuda\n  8  F5 (manually inspected, didn't know how to reliably autodetect at this time)\n 14  SSTP\n 53  PAN GlobalProtect (portal and/or gateway)\n 72  Juniper Network Connect (or Junos/Pulse, hard to distinguish)\n243  Cisco AnyConnect (including 1 ocserv)\n```\n\nAssuming these results are roughly representative of “SSL VPN” deployments\n_in general_ (at least in the USA), they show that OpenConnect already supports\nthe top 3 most commonly-encountered SSL VPN protocols, or about 80% of SSL VPNs.\nAdditionally Microsoft SSTP is supported by the open-source\n[`sstp-client`](http://sstp-client.sourceforge.net),\nand of course OpenVPN is well-supported by open-source clients as well.\n\n_(Excerpted from\n[this post on the OpenConnect mailing list](https://lists.infradead.org/pipermail/openconnect-devel/2019-April/005335.html))_\n\n### 2021 results\n\nI repeated this analysis in February 2021 (after having implemented F5, SonicWall NX, and Array Networks sniffers, and\nhaving improved several others). This time, I expanded the pool of names to include\n`{vpn,ssl-vpn,sslvpn,remote,vpn2,new.vpn,access}.*.{edu,com}`. Here are the 2021 results for servers that matched to\nan identifiable SSL VPN protocol:\n\n```\n  1  Array Networks\n  4  Barracuda\n  4  Check Point\n  6  SonicWall NX\n  8  OpenVPN\n 14  SSTP\n 21  F5 BigIP\n 29  Fortinet\n 83  Pulse Secure (most also support the older Juniper protocol)\n103  PAN GlobalProtect (includes 7 servers that behave in a slightly odd way)\n298  Cisco AnyConnect (no ocserv found this time)\n```\n\nWe've recently added support in OpenConnect for [Fortinet and F5\nBigIP](https://gitlab.com/openconnect/openconnect/-/merge_requests/169)\n(with support for SonicWall NX coming soon). Combined with AnyConnect, GlobalProtect,\nand Pulse/Juniper, OpenConnect now supports 5 of the most highly-used SSL VPN protocols.\n\nOnce again assuming that these results are roughly representative of “SSL VPN” deployments\n_in general_ (at least in the USA), it appears that OpenConnect now supports almost\n93% of SSL VPNs in real-world use.\n\n## TODO\n\n* Identify non-SSL/TLS-based VPNs? (e.g. IPSEC, à la [ike-scan](//github.com/royhills/ike-scan))\n* Identify more SSL VPNs: Citrix… any others?\n  * Fix apparent false-negatives for some SonicWall/Dell servers\n* Identify specific versions or flavors of VPN servers?\n* Better confidence levels?\n\n## License\n\nGPLv3 or later\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdlenski%2Fwhat-vpn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdlenski%2Fwhat-vpn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdlenski%2Fwhat-vpn/lists"}