Ingram : A Network Camera Vulnerability Scanning Tool

Ingram is a powerful tool designed to scan for vulnerabilities in network cameras, supporting devices from major brands like Hikvision, Dahua, Uniview, and Dlink.

It operates on Linux and Mac systems, requiring Python 3.8 or higher, though Python 3.11 is not recommended due to compatibility issues.

To install Ingram, follow these steps:

1. Clone the Repository: Use git clone https://github.com/jorhelp/Ingram.git to download the tool.
2. Create and Activate a Virtual Environment: bashcd Ingram pip3 install virtualenv python3 -m virtualenv venv source venv/bin/activate
3. Install Dependencies: Run pip3 install -r requirements.txt.

Running Ingram

1. Prepare a Target File: Create a file (e.g., targets.txt) with IP addresses or IP segments you want to scan. Each line should contain a single target, optionally specifying a port (e.g., 192.168.0.1:80).
2. Run the Scan: Use the command python3 run_ingram.py -i targets.txt -o output_folder. You can specify ports with -p and concurrency with -t.

Features

• Port Scanning: Ingram can use port scanning tools like Masscan to narrow down active hosts, improving efficiency.
• Concurrency Control: Adjust the number of concurrent processes based on network conditions.
• Output: Results are saved in CSV files (results.csv, not_vulnerable.csv) and snapshots of some devices.
• Interruption Recovery: Supports resuming scans, though it may not restore to the exact previous state.

Ingram is strictly for security testing purposes and should not be used for illegal activities. The tool’s developers disclaim any responsibility for misuse.

Thanks to contributors like Aiminsun for CVE-2021-36260, chrisjd20 for Hikvision config file decryption, and mcw0 for DahuaConsole.