Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/dlenski/what-vpn

Identify servers running various SSL VPNs based on protocol-specific behaviors
https://github.com/dlenski/what-vpn

identify-servers network-discovery network-security ssl-vpns testing-tools tls tls-scan vpn

Last synced: about 1 month ago
JSON representation

Identify servers running various SSL VPNs based on protocol-specific behaviors

Host: GitHub
URL: https://github.com/dlenski/what-vpn
Owner: dlenski
Created: 2018-01-16T05:59:10.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2024-04-13T19:43:12.000Z (5 months ago)
Last Synced: 2024-04-14T09:56:01.254Z (5 months ago)
Topics: identify-servers, network-discovery, network-security, ssl-vpns, testing-tools, tls, tls-scan, vpn
Language: Python
Homepage:
Size: 95.7 KB
Stars: 59
Watchers: 4
Forks: 12
Open Issues: 6
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-network-stuff - **7**星 - specific behaviors (<a id="d62a971d37c69db9f3b9187318c3921a"></a>工具 / <a id="8ea8f890cf767c3801b5e7951fca3570"></a>公网访问局域网)

README

        [![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)

[![Build Status](https://github.com/dlenski/what-vpn/workflows/test_and_release/badge.svg)](https://github.com/dlenski/what-vpn/actions?query=workflow%3Atest_and_release)

[![PyPI](https://img.shields.io/pypi/v/what-vpn.svg)](https://pypi.python.org/pypi/what-vpn)

# what-vpn

Identifies servers running various SSL VPNs. (They should really be called

"TLS-based" VPNs, but "SSL VPN" has become the de facto standard jargon.)

Currently it can recognize…

* Cisco AnyConnect and [OpenConnect (ocserv)](https://ocserv.gitlab.io/www)

* Juniper Network Connect/Pulse

* PAN GlobalProtect

* Barracuda Networks

* Check Point

* Microsoft SSTP

* [OpenVPN](https://openvpn.net/)

* Fortinet

* Array Networks

* F5 BigIP

* SonicWall NX (spin-off from [Dell](https://www.sonicwall.com/news/sonicwall-announces-spin-out-from-dell-software-gr))

* Aruba VIA

* Huawei

* H3C

## Install

Requires Python 3, `pip`, and [`requests`](https://docs.python-requests.org):

```sh

$ pip3 install https://github.com/dlenski/what-vpn/archive/master.zip

...

$ what-vpn

usage: what-vpn [-h] [-k] [-t SEC] [-v | -c] server [server ...]

what-vpn: error: the following arguments are required: server

```

## Examples

```sh

$ what-vpn vpn.colorado.edu vpn.northeastern.edu \

    vpn.tnstate.edu vpn.smith.edu vpn.caltech.edu \

    vpn.yale.edu vpn.drew.edu vpn.uca.edu vpn.simmons.edu \

    vpn.nl.edu cpvpn.its.hawaii.edu ssl-vpn.***.com \

    viavpn.luther.edu

vpn.colorado.edu: AnyConnect/OpenConnect (Cisco)

vpn.northeastern.edu: PAN GlobalProtect (portal)

vpn.tnstate.edu: PAN GlobalProtect (portal+gateway)

vpn.smith.edu: Juniper Network Connect

vpn.caltech.edu: AnyConnect/OpenConnect (Cisco, ASA (9.1(6)6))

vpn.yale.edu: AnyConnect/OpenConnect (Cisco, ASA (8.4(5)))

vpn.uca.edu: Barracuda (2017)

vpn.simmons.edu: Check Point (2015, 20%)

vpn.nl.edu: Check Point

cpvpn.its.hawaii.edu: Check Point

vpn.***.com: Array Networks (40%)

ssl-vpn.***.com: no match

viavpn.luther.edu Aruba VIA (80%)

$ what-vpn -kv vpn.***.com

Sniffing ***.***.com ...

  Is it AnyConnect/OpenConnect? ocserv, 0.8.0-0.11.6

  Is it Juniper Network Connect? no match

  Is it PAN GlobalProtect? no match

  Is it Barracuda? no match

  Is it Check Point? no match

  Is it SSTP? no match

  Is it OpenVPN? no match

  => AnyConnect/OpenConnect (ocserv, 0.8.0-0.11.6)

```

# Interesting results

An interesting question for the open source community, including the indispensable

[OpenConnect](https://www.infradead.org/openconnect) (which I also contribute to) is…

> What are the most commonly-used SSL VPN protocols in the real world?

### 2019 results

In April 2019, I took a list of major universities and companies in the USA, and

generated some guesses for the hostnames of their VPN endpoints

(e.g. `{vpn,ssl-vpn,sslvpn}.*.{edu,com}`). I then used `what-vpn` to probe them all

and looked at the subset of the results that matched to an identifiable SSL

VPN protocol:

```

  1  Check Point

  1  Citrix (manually inspected, don't know how to reliably autodetect)

  1  OpenVPN

  5  Dell or SonicWall (manually inspected, didn't know how to reliably autodetect at the time

  7  Fortinet

  7  Barracuda

  8  F5 (manually inspected, didn't know how to reliably autodetect at this time)

 14  SSTP

 53  PAN GlobalProtect (portal and/or gateway)

 72  Juniper Network Connect (or Junos/Pulse, hard to distinguish)

243  Cisco AnyConnect (including 1 ocserv)

```

Assuming these results are roughly representative of “SSL VPN” deployments

_in general_ (at least in the USA), they show that OpenConnect already supports

the top 3 most commonly-encountered SSL VPN protocols, or about 80% of SSL VPNs.

Additionally Microsoft SSTP is supported by the open-source

[`sstp-client`](http://sstp-client.sourceforge.net),

and of course OpenVPN is well-supported by open-source clients as well.

_(Excerpted from

[this post on the OpenConnect mailing list](https://lists.infradead.org/pipermail/openconnect-devel/2019-April/005335.html))_

### 2021 results

I repeated this analysis in February 2021 (after having implemented F5, SonicWall NX, and Array Networks sniffers, and

having improved several others). This time, I expanded the pool of names to include

`{vpn,ssl-vpn,sslvpn,remote,vpn2,new.vpn,access}.*.{edu,com}`. Here are the 2021 results for servers that matched to

an identifiable SSL VPN protocol:

```

  1  Array Networks

  4  Barracuda

  4  Check Point

  6  SonicWall NX

  8  OpenVPN

 14  SSTP

 21  F5 BigIP

 29  Fortinet

 83  Pulse Secure (most also support the older Juniper protocol)

103  PAN GlobalProtect (includes 7 servers that behave in a slightly odd way)

298  Cisco AnyConnect (no ocserv found this time)

```

We've recently added support in OpenConnect for [Fortinet and F5

BigIP](https://gitlab.com/openconnect/openconnect/-/merge_requests/169)

(with support for SonicWall NX coming soon). Combined with AnyConnect, GlobalProtect,

and Pulse/Juniper, OpenConnect now supports 5 of the most highly-used SSL VPN protocols.

Once again assuming that these results are roughly representative of “SSL VPN” deployments

_in general_ (at least in the USA), it appears that OpenConnect now supports almost

93% of SSL VPNs in real-world use.

## TODO

* Identify non-SSL/TLS-based VPNs? (e.g. IPSEC, à la [ike-scan](//github.com/royhills/ike-scan))

* Identify more SSL VPNs: Citrix… any others?

  * Fix apparent false-negatives for some SonicWall/Dell servers

* Identify specific versions or flavors of VPN servers?

* Better confidence levels?

## License

GPLv3 or later