Thursday, January 30, 2025
Follow us On Linkedin
HomeVulnerability AnalysisCisco-Torch - Mass scanning, Fingerprinting and Exploitation Tool

Cisco-Torch – Mass scanning, Fingerprinting and Exploitation Tool

Vulnerability Analysis

Published on

By Balaji
Cisco-Torch – Mass scanning, Fingerprinting and Exploitation Tool

Free Webinar DevSecOps Hacks

SIEM as a Service

Follow Us on Google News

Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the “Hacking Exposed Cisco Networks”, since the tools available on the market could not meet our needs.

The main feature that makes Cisco-torch different from similar tools is the extensive use of forking to launch multiple scanning processes in the background for maximum scanning efficiency. Also, it uses several methods of application layer fingerprinting simultaneously, if needed. We wanted something fast to discover remote Cisco hosts running Telnet, SSH, Web, NTP and SNMP services and launch dictionary attacks against the services discovered.

Also Read: Masscan – World’s Fastest Scanner – Scan the Entire Internet in Under 6 Minutes

How Cisco Torch Works…

Syntax

Clone : GitHub

cisco – torch <options> <IP,hostname,network>
COMMANDS:
Using config file torch.conf...
Loading include and plugin ...
 version
usage: cisco-torch  <ip,hostname,network>

or: cisco-torch  -F

Available options:
-O 
-A		All fingerprint scan types combined
-t		Cisco Telnetd scan
-s		Cisco SSHd scan
-u		Cisco SNMP scan
-g		Cisco config or tftp file download
-n		NTP fingerprinting scan
-j		TFTP fingerprinting scan
-l 	loglevel
		c  critical (default)
		v  verbose
		d  debug
-w		Cisco Webserver scan
-z		Cisco IOS HTTP Authorization Vulnerability Scan
-c		Cisco Webserver with SSL support scan
-b		Password dictionary attack (use with -s, -u, -c, -w , -j or -t only)
-V		Print tool version and exit
examples:	cisco-torch -A 10.10.0.0/16
		cisco-torch -s -b -F sshtocheck.txt
		cisco-torch -w -z 10.10.0.0/16
		cisco-torch -j -b -g -F tftptocheck.txt
 cisco-torch-1
gbhackers@root:~$ cisco-torch -A 192.168.1.1
Using config file torch.conf...
Loading include and plugin ...

###############################################################
#   Cisco Torch Mass Scanner                                  #
#   Becase we need it...                                      #
#   http://www.arhont.com/cisco-torch.pl                      #
###############################################################

List of targets contains 1 host(s)
4724:	Checking 192.168.1.1 ...
HUH db not found, it should be in fingerprint.db
Skipping Telnet fingerprint
* Cisco by SNMP found ***
*System Description: Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C5640-IK9O3S-M), Version 14.3(22), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by cisco Systems, Inc.
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

cyber security

Hackers Exploiting DNS Poisoning to Compromise Active Directory Environments

A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently...
Android

New Android Malware Exploiting Wedding Invitations to Steal Victims WhatsApp Messages

Since mid-2024, cybersecurity researchers have been monitoring a sophisticated Android malware campaign dubbed "Tria...
cyber security

500 Million Proton VPN & Pass Users at Risk Due to Memory Protection Vulnerability

Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton...
cyber security

Arcus Media Ransomware Strikes: Files Locked, Backups Erased, and Remote Access Disabled

The cybersecurity landscape faces increasing challenges as Arcus Media ransomware emerges as a highly...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

Register Now

More like this

CVE/vulnerability

Security Researchers Discover Critical RCE Vulnerability, Earned $40,000 Bounty

Cybersecurity researchers Abdullah Nawaf and Orwa Atyat, successfully escalated a limited path traversal vulnerability...
Cyber Security News

New Botnet Exploiting DNS Records Misconfiguration To Deliver Malware

Botnets are the networks of compromised devices that have evolved significantly since the internet's...
Botnet

New Botnet Exploiting D-Link Routers To Gain Control Remotely

Researchers observed a recent surge in activity from the "FICORA" and "CAPSAICIN," both variants...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved