The Web Local



Cisco torch

Cisco Torch was designed as a mass scanning, fingerprinting, and exploitation tool. Cisco-torch is unlike other tools in that it utilises multiple threads, (forking techniques), to launch scanning processes. It also uses several methods to  simultaneously carry out application layer fingerprinting. Cisco torch can be used for launching dictionary based password attacks against the services and discovering hosts running the following services:


  • Telnet,

  • SSH,

  • Web,

  • NTP

  • SNMP.




It requires various Perl modules to be installed before it is able to be utilised.  These can be obtained by searching CPAN and installed manually as directed below or by direct interaction with CPAN via a prompt:


cpan> install Net::SSH etc.


Net::SSH  - A search comes up with Net-SSH-0.0.8.tar.gz

tar -zxvf Net-SSH-0.0.8.tar.gz

make install

Net::SNMP  - A search comes up with Net-SNMP-5.1.0.tar.gz

tar -zxvf Net-SNMP-5.1.0.tar.gz
make install

Net::SSLeay - A search comes up with Net-SSLeay-1.25.tar.gz

tar -zxvf Net-SSLeay-1.25.tar.gz
make install

Net::SSH::Perl - A search comes up with Net-SSH-Perl.1.28.tar.gz

tar -zxvf Net-SSH-Perl.1.28.tar.gz

Accept the following at the prompts:


SSH Version [3] Both SSH1 & 2

Perl schiphers [1] IDEA

BubbleBabble [Y]

Crypto::RSA [Y]



make install


Net::Telnet - A search comes up with Net-Telnet-3.0.3.tar.gz

tar -zxvf Net-Telnet-3.0.3.tar.gz



make install


& finally once these are all installed:


tar -zxvf cisco-torch-0.4b.tar.gz

Modify the variables in the configuration file (torch.conf) to suit your environment:

$passfile= "password.txt";
$fingerprintdb = "fingerprint.db";





./ <options> <IP,hostname,network> or

./ <options> -F <hostlist>


Available options:


    -O <output file>

    -A All fingerprint scan types combined

    -t Cisco Telnetd scan

    -s Cisco SSHd scan

    -u Cisco SNMP scan

    -g Cisco config or tftp file download

    -n NTP fingerprinting scan

    -j TFTP fingerprinting scan

    -l <type> loglevel

    -c critical (default)

    -v verbose

    -d debug

    -w Cisco Webserver scan

    -z Cisco IOS HTTP Authorization Vulnerability Scan

    -c Cisco Webserver with SSL support scan

    -b Password dictionary attack (use with -s, -u, -c, -w , -j or -t only)

    -V Print tool version and exit



./ -A

./ -s -b -F sshtocheck.txt

./ -w -z

./ -j -b -g -F tftptocheck.txt



IT Security News:


Pen Testing Framework:


Latest Tool Reviews: