{"id":13845157,"url":"https://github.com/jorhelp/Ingram","last_synced_at":"2025-07-12T01:31:46.645Z","repository":{"id":38279917,"uuid":"493223553","full_name":"jorhelp/Ingram","owner":"jorhelp","description":"网络摄像头漏洞扫描工具 | Webcam vulnerability scanning tool","archived":false,"fork":false,"pushed_at":"2024-11-19T16:26:13.000Z","size":306,"stargazers_count":1954,"open_issues_count":71,"forks_count":309,"subscribers_count":44,"default_branch":"master","last_synced_at":"2025-05-22T23:04:25.578Z","etag":null,"topics":["camera","cctv","cve-2017-7921","cve-2020-25078","cve-2021-33044","cve-2021-36260","dahua","dlink","hack","hikvision"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jorhelp.png","metadata":{"files":{"readme":"README.en.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-17T11:35:15.000Z","updated_at":"2025-05-21T08:10:42.000Z","dependencies_parsed_at":"2024-03-17T08:29:55.780Z","dependency_job_id":"74e7dbf6-88b0-4311-97a8-de806f12c0de","html_url":"https://github.com/jorhelp/Ingram","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/jorhelp/Ingram","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorhelp%2FIngram","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorhelp%2FIngram/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorhelp%2FIngram/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorhelp%2FIngram/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jorhelp","download_url":"https://codeload.github.com/jorhelp/Ingram/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorhelp%2FIngram/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264923080,"owners_count":23683716,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["camera","cctv","cve-2017-7921","cve-2020-25078","cve-2021-33044","cve-2021-36260","dahua","dlink","hack","hikvision"],"created_at":"2024-08-04T17:03:14.661Z","updated_at":"2025-07-12T01:31:46.079Z","avatar_url":"https://github.com/jorhelp.png","language":"Python","readme":"\u003cdiv align=center\u003e\n    \u003cimg alt=\"Ingram\" src=\"https://github.com/jorhelp/imgs/blob/master/Ingram/logo.png\"\u003e\n\u003c/div\u003e\n\n\n\u003c!-- icons --\u003e\n\u003cdiv align=center\u003e\n    \u003cimg alt=\"Platform\" src=\"https://img.shields.io/badge/platform-Linux%20|%20Mac-blue.svg\"\u003e\n    \u003cimg alt=\"Python Version\" src=\"https://img.shields.io/badge/python-3.8-yellow.svg\"\u003e\n    \u003cimg alt=\"GitHub\" src=\"https://img.shields.io/github/license/jorhelp/Ingram\"\u003e\n    \u003cimg alt=\"Github Checks\" src=\"https://img.shields.io/github/checks-status/jorhelp/Ingram/master\"\u003e\n    \u003cimg alt=\"GitHub Last Commit (master)\" src=\"https://img.shields.io/github/last-commit/jorhelp/Ingram/master\"\u003e\n    \u003cimg alt=\"Languages Count\" src=\"https://img.shields.io/github/languages/count/jorhelp/Ingram?style=social\"\u003e\n\u003c/div\u003e\n\nEnglish | [简体中文](https://github.com/jorhelp/Ingram/blob/master/README.md)\n\n## Intro\n\nThis is a web camera device vulnerability scanning tool, which already supports Hikvision, Dahua and other devices\n\n\u003cdiv align=center\u003e\n    \u003cimg alt=\"run\" src=\"https://github.com/jorhelp/imgs/blob/master/Ingram/run_time.gif\"\u003e\n\u003c/div\u003e\n\n\n## Installation\n\n**Please run it under Linux or Mac. Please make sure you have installed Python \u003e= 3.8, but 3.11 is not recommended.**\n\n+ Firstly, clone this repo:\n```bash\ngit clone https://github.com/jorhelp/Ingram.git\n```\n\n+ Then, go to the repo dir, create a virtual environment and activate it:\n```bash\ncd Ingram\npip3 install virtualenv\npython3 -m virtualenv venv\nsource venv/bin/activate\n```\n\n+ After that, install dependencies:\n```bash\npip3 install -r requirements.txt\n```\n\nSo far, it has been installed!\n\n\n## Run\n\n+ Since it is configured in a virtual environment, pls activate the virtual environment before each running\n\n+ You need to prepare an target file, let's name it `input`, which contains the targets that will be scanned. The content of `input` file can be:\n```\n# use '#' to comment\n\n# single ip\n192.168.0.1\n\n# ip with a port\n192.168.0.2:80\n\n# ip segment ('/')\n192.168.0.0/16\n\n# ip segment ('-')\n192.168.0.0-192.168.255.255\n```\n\n+ With the `input` file, let's start scanning:\n```bash\npython3 run_ingram.py -i input -o output\n```\n\n+ If you specified the port like: `x.x.x.x:80`, then the port 80 will be scanned, otherwise common ports will be scanned(defined in `Ingram/config.py`). And you can also override it with the `-p` argument such as:\n```bash\npython3 run_ingram.py -i input -o output -p 80 81 8000\n```\n\n+ The number of coroutines can be controlled by the `-t` argument:\n```bash\npython3 run_ingram.py -i input -o output -t 500\n```\n\n+ all arguments：\n```\noptional arguments:\n  -h, --help            show this help message and exit\n  -i IN_FILE, --in_file IN_FILE\n                        the targets will be scan\n  -o OUT_DIR, --out_dir OUT_DIR\n                        the dir where results will be saved\n  -p PORTS [PORTS ...], --ports PORTS [PORTS ...]\n                        the port(s) to detect\n  -t TH_NUM, --th_num TH_NUM\n                        the processes num\n  -T TIMEOUT, --timeout TIMEOUT\n                        requests timeout\n  -D, --disable_snapshot\n                        disable snapshot\n  --debug\n```\n\n\n## Port scanner\n\n+ We can use powerful port scanner to obtain active hosts, thereby reducing the scanning range of Ingram and improving the running speed. The specific method is to organize the result file of the port scanner into the format of `ip:port` and use it as the input file of Ingram\n\n+ Here is a brief demonstration of masscan as an example (the detailed usage of masscan will not be repeated here).\n\n+ First, use masscan to scan the surviving host on port 80 or 8000-8008 (you sure can change the port anything else if you want): `masscan -p80,8000-8008 -iL INPUT -oL OUTPUT --rate 8000`\n\n+ After masscan is done, sort out the result file: `grep 'open' OUTPUT | awk '{printf\"%s:%s\\n\", $4, $3}' \u003e input`\n\n+ Then: `python run_ingram.py -i input -o output`\n\n\n## Output\n\n```bash\n.\n├── not_vulnerable.csv\n├── results.csv\n├── snapshots\n└── log.txt\n```\n\n+ `results.csv` contains the vulnerable devices: `ip,port,device-type,user,password,vul`: \n\n\u003cdiv align=center\u003e\n    \u003cimg alt=\"Ingram\" src=\"https://github.com/jorhelp/imgs/blob/master/Ingram/results.png\"\u003e\n\u003c/div\u003e\n\n+ `not_vulnerable.csv` contains the not vulnerable devices\n\n+ `snapshots` contains some snapshots of a part of devices (not all device can have a snapshot!!!):  \n\n\u003cdiv align=center\u003e\n    \u003cimg alt=\"Ingram\" src=\"https://github.com/jorhelp/imgs/blob/master/Ingram/snapshots.png\"\u003e\n\u003c/div\u003e\n\n\n## Warning\n\nThis tool is for security testing only, it is strictly prohibited to use it for illegal purposes, and the consequences have nothing to do with this team.\n\n\n## Thanks \u0026 Reference\n\nThanks to [Aiminsun](https://github.com/Aiminsun/CVE-2021-36260) for CVE-2021-36260  \nThanks to [chrisjd20](https://github.com/chrisjd20/hikvision_CVE-2017-7921_auth_bypass_config_decryptor) for hidvision config file decryptor  \nThanks to [mcw0](https://github.com/mcw0/DahuaConsole) for DahuaConsole\n","funding_links":[],"categories":["漏洞扫描","LLM分析过程","Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjorhelp%2FIngram","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjorhelp%2FIngram","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjorhelp%2FIngram/lists"}