Cisco torch

Cisco Torch was designed as a mass scanning, fingerprinting, and exploitation tool. Cisco-torch is unlike other tools in that it utilises multiple threads, (forking techniques), to launch scanning processes. It also uses several methods to  simultaneously carry out application layer fingerprinting. Cisco torch can be used for launching dictionary based password attacks against the services and discovering hosts running the following services:

• Telnet,

• SSH,

• Web,

• NTP

• SNMP.

Installation

It requires various Perl modules to be installed before it is able to be utilised.  These can be obtained by searching CPAN and installed manually as directed below or by direct interaction with CPAN via a prompt:

cpan> install Net::SSH etc.

Net::SSH  - A search comes up with Net-SSH-0.0.8.tar.gz
 

tar -zxvf Net-SSH-0.0.8.tar.gz

perl Makefile.pl
make
make install

Net::SNMP  - A search comes up with Net-SNMP-5.1.0.tar.gz
 

tar -zxvf Net-SNMP-5.1.0.tar.gz
perl Makefile.pl
make
make install

Net::SSLeay - A search comes up with Net-SSLeay-1.25.tar.gz
 

tar -zxvf Net-SSLeay-1.25.tar.gz
perl Makefile.pl
make
make install

Net::SSH::Perl - A search comes up with Net-SSH-Perl.1.28.tar.gz
 

tar -zxvf Net-SSH-Perl.1.28.tar.gz
perl Makefile.pl
 

Accept the following at the prompts:

SSH Version [3] Both SSH1 & 2

Perl schiphers [1] IDEA

BubbleBabble [Y]

Crypto::RSA [Y]

make

make install

Net::Telnet - A search comes up with Net-Telnet-3.0.3.tar.gz
 

tar -zxvf Net-Telnet-3.0.3.tar.gz

perl Makefile.pl

make

make install

& finally once these are all installed:

tar -zxvf cisco-torch-0.4b.tar.gz

Modify the variables in the configuration file (torch.conf) to suit your environment:

$max_processes=20;
$hosts_per_process=10;
$passfile= "password.txt";
$communityfile="community.txt";
$usersfile="users.txt";
$fingerprintdb = "fingerprint.db";
$tmplogprefix="/tmp/tmplog";
$logfile="scan.log";
$llevel="c";

Execution

usage:

./cisco-torch.pl <options> <IP,hostname,network> or

./cisco-torch.pl <options> -F <hostlist>

Available options:

    -O <output file>

    -A All fingerprint scan types combined

    -t Cisco Telnetd scan

    -s Cisco SSHd scan

    -u Cisco SNMP scan

    -g Cisco config or tftp file download

    -n NTP fingerprinting scan

    -j TFTP fingerprinting scan

    -l <type> loglevel

    -c critical (default)

    -v verbose

    -d debug

    -w Cisco Webserver scan

    -z Cisco IOS HTTP Authorization Vulnerability Scan

    -c Cisco Webserver with SSL support scan

    -b Password dictionary attack (use with -s, -u, -c, -w , -j or -t only)

    -V Print tool version and exit

examples:

./cisco-torch.pl -A 10.10.0.0/16

./cisco-torch.pl -s -b -F sshtocheck.txt

./cisco-torch.pl -w -z 10.10.0.0/16

./cisco-torch.pl -j -b -g -F tftptocheck.txt