/ciscorouter

Tool for scanning Cisco router products over SSH

Primary LanguageJavaMIT LicenseMIT

CiscoRouter

CiscoRouter is a tool for scanning Cisco-based routers over SSH. Rules can be created using accompanying CiscoRule application (see this repo) and stored in the "rules" directory.

Features:

  • Automatically ignores interfaces that are not currently active, so there should be no "false alarms" generated by bad practices that don't affect the actual security of the device
  • Multithreaded scanning engine that will scan up to five devices concurrently to speed up output
  • Allows for the saving of configuration files, so frequently tested groups of routers can be stored
  • Rules are created with a simple GUI-based application, and are easily managed.
  • View and edit output before saving to remove any false positives or unwanted items
  • Output in a variety of formats
  • Allows users to define username/password combination for logging in to the application

Using CiscoRouter

  1. Create any rules necessary for your scan and place in the rules directory (under the dist/ directory for the application)
  2. Run the application and enter in the router details. If the username provided for a router lacks superuser permissions, select the appropriate radio box and enter the superuser password
  3. (Optional) Save the configuration for future use by choosing File -> Save. In the future, you can just open the configuration file and run the scan.
  4. Run the scan by pressing "Run Scan".
  5. The application will show you the result of your scan in tree form. Remove any hosts or rules detected (if desired), and output to your selected file type.

##Future Features##

  • Custom number of concurrent threads
  • Built-in rule creation/editing tool
  • More Output formats
  • Scan Profiles that allow you to scan a router will a specific subset of rules
  • More native-appearing GUI

This code is licensed under the MIT license.