CISCO SPECIFIC

PACKETSTORM’S LISTING OF CISCO ANALYSIS TOOLS

http://packetstormsecurity.org/cisco/

BENCHMARK & AUDIT TOOL FOR CISCO IOS ROUTERS AND PIX FIREWALLS

http://www.cisecurity.org/bench_cisco.html

CIS LEVEL-1 / LEVEL-2 BENCHMARKS AND AUDIT TOOL FOR CISCO IOS ROUTERS AND PIX FIREWALLS.

  • ABILITY TO SCORE CISCO ROUTER IOS.
  • ABILITY TO SCORE CISCO PIX FIREWALLS.
  • INCLUDES BENCHMARK DOCUMENTS(PDF) FOR BOTH CISCO IOS AND CISCO PIX SECURITY SETTINGS

CISCO TORCH

http://www.arhont.com/ViewPage7422.html?siteNodeId=3&languageId=1&contentId=-1

CISCO TORCH MASS SCANNING, FINGERPRINTING, AND EXPLOITATION TOOL WAS WRITTEN WHILE WORKING ON THE NEXT EDITION OF THE "HACKING EXPOSED CISCO NETWORKS", SINCE THE TOOLS AVAILABLE ON THE MARKET COULD NOT MEET OUR NEEDS. THE MAIN FEATURE THAT MAKES CISCO-TORCH DIFFERENT FROM SIMILAR TOOLS IS THE EXTENSIVE USE OF FORKING TO LAUNCH MULTIPLE SCANNING PROCESSES ON THE BACKGROUND FOR MAXIMUM SCANNING EFFICIENCY. ALSO, IT USES SEVERAL METHODS OF APPLICATION LAYER FINGERPRINTING SIMULTANEOUSLY, IF NEEDED. WE WANTED SOMETHING FAST TO DISCOVER REMOTE CISCO HOSTS RUNNING TELNET, SSH, WEB, NTP AND SNMP SERVICES AND LAUNCH DICTIONARY ATTACKS AGAINST THE SERVICES DISCOVERED.

EIGRP TOOLS

http://www.arhont.com/ViewPage7422.html?siteNodeId=3&languageId=1&contentId=-1

THIS IS A CUSTOM EIGRP PACKET GENERATOR AND SNIFFER DEVELOPED TO TEST THE SECURITY AND OVERALL OPERATION QUALITY OF THIS BRILLIANT CISCO ROUTING PROTOCOL. USING THIS TOOL REQUIRES A DECENT LEVEL OF KNOWLEDGE OF EIGRP OPERATIONS, PACKETS STRUCTURE AND TYPES, AS WELL AS THE LAYER 3 TOPOLOGY OF AN AUDITED NETWORK.

CISCOPACK

http://www.arhont.com/ViewPage7422.html?siteNodeId=3&languageId=1&contentId=-1

THIS IS THE IOS BINARY IMAGE PACKING AND UNPACKING PROGRAM CAPABLE OF CALCULATING A CORRECT CHECKSUM FOR THESE IMAGES.

PIX CHECKSUM DOS

http://www.arhont.com/ViewPage7422.html?siteNodeId=3&languageId=1&contentId=-1

THIS IS A PROOF OF CONCEPT PROGRAM THAT DEMONSTRATES THE VULNERABILITY OF CISCO PIX DEVICES TO A DENIAL OF SERVICE ATTACK USING A SPOOFED BAD CHECKSUM PACKET.

CPFPC

http://www.oxid.it/cpfpc.html

CISCO PIX FIREWALL PASSWORD CALCULATOR) PRODUCES THE ENCRYPTED FORM OF CISCO PIX ENABLE MODE PASSWORDS WITHOUT THE NEED TO ACCESS THE DEVICE.

ULTIMA RATIO

http://www.phenoelit.de/ultimaratio/index.html

A REMOTE CISCO IOS EXPLOIT

NIPPER

http://sourceforge.net/projects/nipper

NIPPER IS A NETWORK INFRASTRUCTURE CONFIGURATION PARSER. NIPPER TAKES A NETWORK INFRASTRUCTURE DEVICE CONFIGURATION, PROCESSES THE FILE AND DETAILS SECURITY-RELATED ISSUES WITH THE CONFIGURATION TOGETHER WITH DETAILED RECOMMENDATIONS. NIPPER WAS PREVIOUS KNOWN AS CISCOPARSE. NIPPER CURRENTLY SUPPORTS CISCO SWITCHES (IOS), CISCO ROUTERS (IOS), CISCO FIREWALLS (PIX/ASA/FWSM) AND JUNIPER NETSCREEN (SCREENOS). OUTPUT IS IN HTML, LATEX, XML AND TEXT. ENCRYPTED PASSWORDS CAN BE OUTPUT TO A JOHN-THE-RIPPER FILE FOR STRENGTH TESTING.

VOMIT

http://vomit.xtdnet.nl/

THE VOMIT UTILITY CONVERTS A CISCO IP PHONE CONVERSATION INTO A WAVE FILE THAT CAN BE PLAYED WITH ORDINARY SOUND PLAYERS. VOMIT REQUIRES A TCPDUMP OUTPUT FILE.

CISCO GLOBAL EXPLOITER

http://packetstormsecurity.org/0405-exploits/cge-13.tar.gz

CISCO GLOBAL EXPLOITER IS A TOOL THAT DEMONSTRATES EXPLOITATION OF THE CISCO 677/678 TELNET BUFFER OVERFLOW VULNERABILITY, IOS ROUTER DENIAL OF SERVICE VULNERABILITY, IOS HTTP AUTH VULNERABILITY AND CISCO IOS HTTP CONFIGURATION ARBITRARY ADMINISTRATIVE ACCESS VULNERABILITY, CISCO CATALYST SSH PROTOCOL MISMATCH DENIAL OF SERVICE VULNERABILITY, CISCO 675 WEB ADMINISTRATION DENIAL OF SERVICE VULNERABILITY, CISCO CATALYST 3500 XL REMOTE ARBITRARY COMMAND VULNERABILITY, CISCO IOS SOFTWARE HTTP REQUEST DENIAL OF SERVICE VULNERABILITY, CISCOSECURE ACS FOR WINDOWS NT SERVER DENIAL OF SERVICE VULNERABILITY, CISCO CATALYST MEMORY LEAK VULNERABILITY, CISCO CATOS CISCOVIEW HTTP SERVER BUFFER OVERFLOW VULNERABILITY, %U ENCODING IDS BYPASS VULNERABILITY (UTF), AND CISCO IOS HTTP DENIAL OF SERVICE VULNERABILITY.

CISTO

http://sourceforge.net/projects/cisto/

CISTO (CISCO SCRIPT TOOL) TOOL FOR MANAGING CISCO DEVICES (IOS, CATOS). ALLOWS TO GET CONFIGS, DO CONFIGURATION, INSTALL NEW IMAGES, CHANGE PASSWORDS, DO SINGLE OR LIST OF SHOW COMMANDS AND LOTS MORE FOR A GIVEN LIST OF DEVICES (RUNNING PARALLEL PROZ.)

SWITCHMAP

http://sourceforge.net/projects/switchmap/

EXAMPLE CAPTURES ARE LOCATED HERE:
http://switchmap.sourceforge.net/portlists/

SWITCHMAP IS A PERL PROGRAM THAT CREATES HTML PAGES THAT SHOW INFORMATION ABOUT A SET OF CISCO ETHERNET SWITCHES. THIS PROGRAM USES SNMP TO GATHER DATA FROM THE SWITCHES.

RANCID

http://www.shrubbery.net/rancid/

RANCID MONITORS A ROUTER'S (OR MORE GENERALLY A DEVICE'S) CONFIGURATION, INCLUDING SOFTWARE AND HARDWARE (CARDS, SERIAL NUMBERS, ETC) AND USES CVS (CONCURRENT VERSION SYSTEM) OR SUBVERSION TO MAINTAIN HISTORY OF CHANGES.

RANCID DOES THIS BY THE VERY SIMPLE PROCESS SUMMARIZED HERE:

  • LOGIN TO EACH DEVICE IN THE ROUTER TABLE (ROUTER.DB),
  • RUN VARIOUS COMMANDS TO GET THE INFORMATION THAT WILL BE SAVED,
  • COOK THE OUTPUT; RE-FORMAT, REMOVE OSCILLATING OR INCREMENTING DATA,
  • EMAIL ANY DIFFERENCES (SAMPLE) FROM THE PREVIOUS COLLECTION TO A MAIL LIST,
  • AND FINALLY COMMIT THOSE CHANGES TO THE REVISION CONTROL SYSTEM

RANCID ALSO INCLUDES LOOKING GLASS SOFTWARE. IT IS BASED ON ED KERN'S LOOKING GLASS WHICH WAS ONCE USED FOR HTTP://NITROUS.DIGEX.NET/, FOR THE OLD-SCHOOL FOLKS WHO REMEMBER IT. OUR VERSION HAS ADDED FUNCTIONS, SUPPORTS CISCO, JUNIPER, AND FOUNDRY AND USES THE LOGIN SCRIPTS THAT COME WITH RANCID; SO IT CAN USE TELNET OR SSH TO CONNECT TO YOUR DEVICES(S).

RANCID CURRENTLY SUPPORTS CISCO ROUTERS, JUNIPER ROUTERS, CATALYST SWITCHES, FOUNDRY SWITCHES, REDBACK NASS, ADC EZT3 MUXES, MRTD (AND THUS LIKELY IRRD), ALTEON SWITCHES, AND HP PROCURVE SWITCHES AND A HOST OF OTHERS.
RANCID IS KNOWN TO BE USED AT: AOL, GLOBAL CROSSING, MFN, NTT AMERICA, CERTAINTY SOLUTIONS INC.

SIPTIGER

http://www.vovida.org/applications/downloads/siptiger/

SIPTIGER IS A WEB-BASED PROVISIONING UTILITY FOR CISCO'S LINE OF 7960 AND 7940 SESSION INITIATION PROTOCOL (SIP) IP PHONES AND CISCO SIP PROXY SERVERS (CSPS). THIS UTILITY IS USEFUL FOR ANYONE DEPLOYING CISCO 7960/7940 SIP IP PHONES.

IOSTACK.PL

http://www.phenoelit-us.org/ultimaratio/IOStack2.tgz

IOSTACK.PL IS A SCRIPT TO READ OUT IOS STACK RETURN ADDRESS LOCATIONS.

CISCO ROUTER PASSWORD DECODER

http://www.loud-fat-bloke.co.uk/tools/ciscopass.txt

Simple little perl script to decode router passwords.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License