Exploitation Tools

HikvisionExploiter – Automated Exploitation And Surveillance Utility For Hikvision Cameras

HikvisionExploiter is a Python-based utility designed to automate exploitation and directory accessibility checks on Hikvision network cameras exploiting the Web interface Version 3.1.3.150324.

It downloads snapshots and compiles them into videos for efficient surveillance monitoring, Then retrieves the camera device info and downloads the “configurationFile” to all the registered Users Creds.

Table Of Contents

  • Features
  • Requirements
  • Installation
  • Usage
  • Configuration
  • Finding Targets
  • License

Features

  1. Automated Directory Accessibility Checks for Hikvision Cameras
  2. Snapshot Downloading and Storage
  3. Device Information Retrieval and Logging
  4. User Information Retrieval and Logging
  5. Encrypted Configuration File Downloading and Decryption
  6. Comprehensive CVE Vulnerability Checks
    • CVE-2021-36260 Detection
    • CVE-2017-7921 Detection
    • CVE-2022-28171 Detection
  7. Multi-Target Support with targets.txt
  8. Detailed Logging for Each Target
  9. Real-Time Feedback with Colored Output
  10. Interrupt Handling with SIGQUIT
  11. Customizable Configuration Options
  12. Organized Output for Snapshots, Logs, and Decrypted Files

Requirements

  • Python 3.6 or higher
  • FFmpeg
  • requests library
  • PyCrypto library (for decrypt_configurationFile.py, install using pip install pycrypto)

Installation

Clone The Repository

git clone https://github.com/HexBuddy/HikvisionExploiter.git
cd HikvisionExploiter

Install required packages

pip3 install -r requirements.txt

Install FFmpeg

Download and install FFmpeg from FFmpeg’s official website.

Usage

Create a targets.txt file

Create a targets.txt file in the root directory of the project with the following format:

IP:PORT

Each line should contain an IP address and port of a Hikvision camera.

Run The Script

python3 checker.py

The script will check the accessibility of the directories on the specified cameras, download snapshots, and compile them into videos.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

17 minutes ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

21 hours ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

23 hours ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

1 day ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

1 day ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

1 day ago