logo

Port 9091 – TRANSMISSION (Transmission BitTorrent)

Service:

transmission

Protocol:

TCP

Port:

9091

Used for:

Transmission BitTorrent client web interface

Why It’s Open

Port 9091 is commonly used by the Transmission BitTorrent client web interface, Prometheus monitoring systems, and various web-based management tools. The Transmission daemon uses this port to provide remote control capabilities for managing torrent downloads through a web browser interface.

Common Risks

  • Unauthorized torrent control
    Attackers may manipulate or monitor BitTorrent activities
  • Legal compliance issues
    Uncontrolled torrenting may violate copyright laws
  • Information disclosure
    Download history and file lists may be exposed
  • Bandwidth abuse
    Attackers may consume network resources for malicious downloads
  • Prometheus data exposure
    Monitoring metrics may reveal sensitive system information
  • Default credentials
    Transmission often lacks authentication by default
  • Cross-site request forgery
    Web interfaces may be vulnerable to CSRF attacks

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Service Detection:

Terminal window
nmap -sV -p 9091

Transmission Web Interface Testing:

Terminal window
curl http://:9091/transmission/web/

Prometheus Metrics Testing:

Terminal window
curl http://:9091/metrics

What to Look For

CheckpointWhat it means
Service versionIdentify software version and patch level
AuthenticationCheck for default or weak credentials
SSL/TLS configVerify encryption settings if applicable
Access controlsTest for proper authorization mechanisms

Mitigation

  • Keep software updated
    Apply latest security patches
  • Strong authentication
    Use complex passwords and 2FA
  • Access restrictions
    Limit service to trusted networks
  • Monitor activity
    Log and review service usage
  • Disable if unused
    Remove unnecessary services

TL;DR

  • Port 9091 = Transmission BitTorrent/Prometheus with torrent control risks
  • Protocol: TCP
  • Used for: BitTorrent client management and Prometheus monitoring
  • Security focus: Unauthorized torrent control and metrics exposure

Known CVEs and Exploits

  • CVE-2020-15157 - Transmission Web UI CSRF vulnerability allowing unauthorized torrent control.
  • CVE-2023-2721 - Grafana information disclosure vulnerability potentially exposing Prometheus metrics data.
  • CVE-2018-5703 - Transmission RPC vulnerability enabling remote attackers to bypass authentication.