Skip to content
/ HikvisionExploiter Public

HikvisionExploiter is a Python-based utility designed to automate exploitation and directory accessibility checks on Hikvision network cameras exploiting the Web interface Version 3.1.3.150324.

License

GPL-3.0 license
48 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

HexBuddy/HikvisionExploiter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
checker.py
checker.py
 
 
decrypt_configurationFile.py
decrypt_configurationFile.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

HikvisionExploiter

License

HikvisionExploiter is a Python-based utility designed to automate exploitation and directory accessibility checks on Hikvision network cameras exploiting the Web interface Version 3.1.3.150324. It downloads snapshots and compiles them into videos for efficient surveillance monitoring, Then retrieves the camera device info and downloads the "configurationFile" to all the registered Users Creds.

Demo.mp4

Table of Contents

Features

  1. Automated Directory Accessibility Checks for Hikvision Cameras
  2. Snapshot Downloading and Storage
  3. Device Information Retrieval and Logging
  4. User Information Retrieval and Logging
  5. Encrypted Configuration File Downloading and Decryption
  6. Comprehensive CVE Vulnerability Checks
    • CVE-2021-36260 Detection
    • CVE-2017-7921 Detection
    • CVE-2022-28171 Detection
  7. Multi-Target Support with targets.txt
  8. Detailed Logging for Each Target
  9. Real-Time Feedback with Colored Output
  10. Interrupt Handling with SIGQUIT
  11. Customizable Configuration Options
  12. Organized Output for Snapshots, Logs, and Decrypted Files

Requirements

  • Python 3.6 or higher
  • FFmpeg
  • requests library
  • PyCrypto library (for decrypt_configurationFile.py, install using pip install pycrypto)

Installation

Clone the repository

git clone https://github.com/HexBuddy/HikvisionExploiter.git
cd HikvisionExploiter

Install required packages

pip3 install -r requirements.txt

Install FFmpeg

Download and install FFmpeg from FFmpeg's official website.

Usage

Create a targets.txt file

Create a targets.txt file in the root directory of the project with the following format:

IP:PORT

Each line should contain an IP address and port of a Hikvision camera.

Run the script

python3 checker.py

The script will check the accessibility of the directories on the specified cameras, download snapshots, and compile them into videos.

Configuration

  • directory_path: The directory path to check for accessibility (default: /onvif-http/snapshot?auth=YWRtaW46MTEK).
  • targets.txt: The file containing the IP addresses and ports of the target Hikvision cameras.

Finding Targets

You can find potential targets using Shodan with the following Shodan dork:

3.1.3.150324

This dork searches for Hikvision cameras with the specific firmware version.

License

This project is licensed under the MIT License. See the LICENSE file for details.

Connect With me! :

About

HikvisionExploiter is a Python-based utility designed to automate exploitation and directory accessibility checks on Hikvision network cameras exploiting the Web interface Version 3.1.3.150324.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

48 stars

Watchers

1 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages