Wednesday, April 30, 2025
Follow us On Linkedin
HomeVulnerability AnalysisCisco-Torch - Mass scanning, Fingerprinting and Exploitation Tool

Cisco-Torch – Mass scanning, Fingerprinting and Exploitation Tool

Vulnerability Analysis

Published on

By Balaji
Cisco-Torch – Mass scanning, Fingerprinting and Exploitation Tool

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the “Hacking Exposed Cisco Networks”, since the tools available on the market could not meet our needs.

The main feature that makes Cisco-torch different from similar tools is the extensive use of forking to launch multiple scanning processes in the background for maximum scanning efficiency. Also, it uses several methods of application layer fingerprinting simultaneously, if needed. We wanted something fast to discover remote Cisco hosts running Telnet, SSH, Web, NTP and SNMP services and launch dictionary attacks against the services discovered.

Also Read: Masscan – World’s Fastest Scanner – Scan the Entire Internet in Under 6 Minutes

- Advertisement - Google News

How Cisco Torch Works…

Syntax

Clone : GitHub

cisco – torch <options> <IP,hostname,network>
COMMANDS:
Using config file torch.conf...
Loading include and plugin ...
 version
usage: cisco-torch  <ip,hostname,network>

or: cisco-torch  -F

Available options:
-O 
-A		All fingerprint scan types combined
-t		Cisco Telnetd scan
-s		Cisco SSHd scan
-u		Cisco SNMP scan
-g		Cisco config or tftp file download
-n		NTP fingerprinting scan
-j		TFTP fingerprinting scan
-l 	loglevel
		c  critical (default)
		v  verbose
		d  debug
-w		Cisco Webserver scan
-z		Cisco IOS HTTP Authorization Vulnerability Scan
-c		Cisco Webserver with SSL support scan
-b		Password dictionary attack (use with -s, -u, -c, -w , -j or -t only)
-V		Print tool version and exit
examples:	cisco-torch -A 10.10.0.0/16
		cisco-torch -s -b -F sshtocheck.txt
		cisco-torch -w -z 10.10.0.0/16
		cisco-torch -j -b -g -F tftptocheck.txt
 cisco-torch-1
gbhackers@root:~$ cisco-torch -A 192.168.1.1
Using config file torch.conf...
Loading include and plugin ...

###############################################################
#   Cisco Torch Mass Scanner                                  #
#   Becase we need it...                                      #
#   http://www.arhont.com/cisco-torch.pl                      #
###############################################################

List of targets contains 1 host(s)
4724:	Checking 192.168.1.1 ...
HUH db not found, it should be in fingerprint.db
Skipping Telnet fingerprint
* Cisco by SNMP found ***
*System Description: Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C5640-IK9O3S-M), Version 14.3(22), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by cisco Systems, Inc.
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

CVE/vulnerability

PowerDNS DNSdist Vulnerability Let Attackers Trigger Denial-of-Service

PowerDNS has issued an urgent security advisory for its DNSdist software, warning users of...
CVE/vulnerability

WhatsApp Unveils New AI Features While Ensuring Full Message Secrecy

WhatsApp, the world’s most popular messaging platform, has announced a major expansion of artificial...
CVE/vulnerability

Wormable AirPlay Zero-Click RCE Flaw Allows Remote Device Hijack via Wi-Fi

A major set of vulnerabilities-collectively named “AirBorne”-in Apple’s AirPlay protocol and SDK have been...
Chrome

Chrome 136 Fixes 20-Year-Old Privacy Bug in Latest Update

Google has begun rolling out Chrome 136 to the stable channel for Windows, Mac,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

Cyber Security News

Google Launches Open-Source OSV-Scanner for Detecting Security Vulnerabilities

Google has announced the launch of OSV-Scanner V2, an open-source tool designed to enhance vulnerability...
CVE/vulnerability

New Microsoft Windows GUI 0-Day Vulnerability Actively Exploited in the Wild

A newly discovered vulnerability in Microsoft Windows, identified by ClearSky Cyber Security, is reportedly...
CVE/vulnerability

Fortinet FortiOS & FortiProxy Zero-Day Exploited to Hijack Firewall & Gain Super Admin Access

Cybersecurity firm Fortinet has issued an urgent warning regarding a newly discovered zero-day authentication...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved