Torque HTTP Vulnerability Scanner

by Coding, Cyberthreats, Downloads, Hacker News, Hacking, Security, Utilities

Torque Scanner

Torque Scanner is a cross‑platform network reconnaissance and audit tool designed to perform repeated HTTP requests with randomized user agent rotation, timing jitter, and optional Tor routing. It provides real‑time feedback through a web‑based control panel which automatically launches in your default browser.

Download Bundle

1. Launching the Application

Run the binary appropriate for your system:

./torque-scanner      (Linux / macOS)
torque-scanner.exe    (Windows)

On launch, Torque Scanner starts a small local web server and attempts to open your browser automatically. If it does not open, the terminal will display the URL:

http://127.0.0.1:xxxxx/

Copy this into your browser manually.

2. The Control Panel Interface

Once opened, you will see the main interface containing:

  • Target URL – The website or endpoint to be scanned.
  • Request Count – Total number of HTTP GET requests to send.
  • Concurrency – Number of workers (threads).
  • Jitter Settings – Random timing delays between requests.
  • Retry & Backoff Settings – Controls how failed requests are repeated.
  • Tor Settings:
    • Use Tor – Routes traffic through a SOCKS5 Tor proxy at 127.0.0.1:9050.
    • Tor NEWNYM – Requests a new Tor identity between requests (requires the Tor control port at 127.0.0.1:9051).
  • Real‑time Output Panel – Displays live request logs via SSE.

3. Starting a Scan

Enter your target URL (e.g., http://example.com). Set your preferred options and click:

INITIATE ATTACK PROBE

You will see each request logged in real time, including:

  • Worker ID
  • HTTP status codes
  • User‑Agent string selected
  • Tor routing notes
  • Retry attempts and backoff delays

4. Stopping a Scan

CEASE ATTACK PROBE

Workers will complete any in‑progress request and halt gracefully.

5. Tor Status Indicator

At the top of the UI, Torque Scanner displays:

  • SOCKS5 availability (port 9050)
  • Control port availability (port 9051)

These indicators update every 3 seconds.

6. Log Files

All scans are logged into:

./logs/tor_scanner_YYYYMMDD_HHMMSS.log

These logs can be used for security audits, debugging, and evidence collection.

Technical Overview & Internal Architecture

1. Overview

Torque Scanner is a concurrency‑driven network interrogation tool designed to evaluate:

  • Endpoint rate limiting
  • User‑agent filtering behavior
  • Load balancing characteristics
  • Tor behavior (through different identities)
  • Error handling and response reliability
  • Infrastructure resiliency under controlled request bursts

It is not a stress‑testing tool. Its purpose is security auditing and behavioral analysis, not overwhelming a service.

2. Architecture Summary

The software is built as a single Go program embedding both an HTTP server and a full web interface.

A. Web UI Server

  • Serves the embedded HTML GUI.
  • Provides:
    • /start – Begins a scan.
    • /stop – Halts a scan.
    • /events – SSE endpoint for live logs.

B. Worker Engine

  • A configurable number of goroutines pull jobs from a channel.
  • Each job represents a single HTTP GET request.
  • Workers:
    • Randomize a user agent
    • Sleep for jitter delay
    • Attempt request with retry & exponential backoff
    • Broadcast results via SSE

C. User Agent Management

  • Loads user-agents.txt if found.
  • Otherwise uses a compact built‑in list.
  • Random selection per request.

D. Tor Integration

Torque Scanner can direct all traffic through:

socks5://127.0.0.1:9050

Workers may optionally trigger a NEWNYM request on the control port, forcing a new Tor exit node identity.

E. Real‑Time Logs (SSE)

All activity is broadcast through Server‑Sent Events:

  • Low latency
  • Auto‑reconnecting
  • Live streaming to all connected browsers

F. Logging Subsystem

Every request is logged to file with:

  • Timestamp
  • Target
  • Worker ID
  • Status code
  • User agent
  • Retry attempts
  • Tor usage notes

3. Why Torque Scanner Is Useful

  • Web Security Testing
  • Tor privacy analysis
  • Endpoint reliability testing
  • Infrastructure diagnostics
  • Educational & research purposes

4. Cross‑Platform Support

  • Linux (x86_64, ARM, ARM64)
  • Windows
  • macOS
  • Raspberry Pi (ARM)

5. Ethical Usage

Torque Scanner is intended for:

  • Your own systems
  • Systems you have permission to test
  • Security auditing and research

Do not use it on systems where you lack authorization.

K0NxT3D

"The big lesson in life, baby, is never be scared of anyone or anything."
Frank Sinatra