Kali Linux

HikPwn : Simple Scanner For Hikvision Devices With Basic Vulnerability Scanning

HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities

If you’re searching for an efficient way to discover and test Hikvision network devices for vulnerabilities, HikPwn is a standout tool for both security researchers and network administrators. This guide provides a detailed walkthrough of HikPwn > its core features, installation, setup, and utilization.

What is HikPwn?

HikPwn is a Python-based scanner specifically designed for Hikvision devices, offering both passive and active network enumeration. Written in Python 3.8, it provides basic vulnerability scanning capabilities, notably for the widely-known ICSA-17-124-01 vulnerability, which may grant admin-level access if exploited successfully. HikPwn is an open-source project intended for educational and security testing purposes only.

Key Features of HikPwn

  • Passive Discovery: Detects Hikvision devices by monitoring network traffic unobtrusively.
  • Active Enumeration: Uses UDP UPNP probing to actively locate and enumerate device details.
  • Vulnerability Detection: Identifies and can exploit ICSA-17-124-01 (admin access) with options for post-exploitation, like password changes.
  • Data Logging: Automatically saves all enumerated information to a log file for easy review.
  • Efficient and Lightweight: Tested on Python 3.8 under Linux 4.19 x86_64.

Note: Upcoming features include support for direct target scanning and detection of CVE-2021-36260.

Complete Installation & Setup Instructions

1. Prerequisites

  • Python 3.8 (recommended environment)
  • Linux system (tested on Linux 4.19 x86_64)
  • Git and pip installed

2. Clone the GitHub Repository

git clone https://github.com/4n4nk3/HikPwn.git
 cd HikPwn

3. Install Dependencies

Install all required Python packages using pip:

pip install -r requirements.txt

If you encounter permissions issues, run the command with sudo.

Using HikPwn: Step-By-Step

HikPwn offers both passive and active scanning with simple command-line options:

General Usage

 python3 hikpwn.py --interface <INTERFACE> --address <IP_ADDRESS> [--active] [--ICSA_17_124_01]

Optional Arguments Breakdown

ArgumentDescription
--interface INTERFACENetwork interface to use (e.g., eth0)
--address ADDRESSIP address of selected interface
--activeEnable active device discovery
--ICSA_17_124_01Enable ICSA-17-124-01 vulnerability detection
-h, --helpShow help message and exit

Typical Workflow Example

  1. Start Passive & Active Discovery python3 hikpwn.py --interface eth0 --address 192.168.1.10 --active
  2. Scan for Vulnerabilities (ICSA-17-124-01) python3 hikpwn.py --interface eth0 --address 192.168.1.10 --ICSA_17_124_01

Results are automatically saved to ./log.txt for later review.

Sample Output Preview

Using eth0 as network interface and 192.168.1.10 as its IP address...
[*] Started 30 seconds of both passive and active discovery...
================================================================================
[*] Total detected devices: 1
192.168.1.20
================================================================================
[*] Active discovery's results:
DEVICE #1:
----------------------------------------------
Serial Number: xxxxxxxxxxxxxxxxxxxxx
Description: DS-2DE4220IW-D
MAC: XX:XX:XX:XX:XX:XX
IP: 192.168.1.20
DHCP in use: false
Software Version: V5.4.3 build 160810
DSP Version: V7.3 build 160801
Boot Time: 2019-03-01 00:05:33
Activation Status: true
Password Reset Ability: true
================================================================================
[*] Passive discovery's results:
DEVICE #1: Detected device with IP address 192.168.1.20 and MAC address XX:XX:XX:XX:XX:XX.
================================================================================
[*] Starting scan for ICSA-17-124-01...
192.168.1.20 is vulnerable to ICSA_17_124_01. Recovered user list:
user_id: 1, user_name: admin, priority: high, user_level: Administrator
Do you want to exploit the vulnerability and try to change admin's password? (y/n)
>>> y
Enter a password composed of numbers and letters (8-12 characters):
>>>
Password change successful.

Important Security Disclaimer

HikPwn is for educational and authorized security testing only. Do not use this tool for unauthorized scanning or exploitation of networks and devices. Misuse may be illegal and unethical.

R K

Share
Published by
R K
Tags: HikPwnHikvisionScannervulnerability
7 months ago

Recent Posts

Modrinth – A Comprehensive Overview of Tools and Functions

Modrinth is a modern platform that’s rapidly changing the landscape of Minecraft modding, providing an…

43 minutes ago

BlackSanta Malware A Stealthy Threat Targeting Recruiters and HR Teams

A new, highly sophisticated malware campaign named BlackSanta has emerged, primarily targeting HR and recruitment…

2 hours ago

Perplexity Launches Personal Computer Features

Perplexity has unveiled an exciting new feature, Personal Computer, which allows AI agents to seamlessly…

9 hours ago

Cyberattack or Smoke and Mirrors? The Truth Behind the Alleged Dimona Nuclear Breach

In a recent cyber incident, a group named CARDINAL, associated with the label Russian Legion,…

19 hours ago

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

5 days ago

Best Linux Distros in 2026

Linux is renowned for its versatility, open-source nature, and security. Whether you're a beginner, developer,…

5 days ago