As discussed in parts 1 and 2 of this series, the most common VPN endpoints (responders) found supporting Aggressive Mode negotiation are Cisco devices. However, they are also almost always supported by a second factor authentication mechanism known as XAUTH. I originally wrote a shell script that leverages VPNC, one of the command line VPN clients discussed in this post, to brute force valid XAUTH credentials. Then I decided to write it all out from scratch in Python, but I lost interest for a few months and put it on the backburner. Anyway I’ve finished the tool now, which also incorporates some additional tricks, so get the IKEForce tool at the SpiderLabs GitHub and read on for more info.