Cyber security

Kamerka GUI – Advanced Reconnaissance For IoT And ICS

Kamerka GUI stands as the ultimate reconnaissance tool for the Internet of Things (IoT) and Industrial Control Systems (ICS).

Developed with support from powerful platforms like Shodan and enhanced by resources from Binary Edge and WhoisXMLAPI, this tool offers an unparalleled view into the security posture of critical infrastructures worldwide.

Explore how Kamerka GUI leverages open-source information and exploits to pinpoint and analyze vulnerable connected devices across various sectors.

NSA And CISA Recommend Immediate Actions To Reduce Exposure Across Operational Technologies And Control Systems

Shodan, Kamerka, are creating a “perfect storm” of

  1. easy access to unsecured assets,
  2. use of common, open-source information about devices, and
  3. an extensive list of exploits deployable via common exploit frameworks (e.g., Metasploit, Core Impact, and Immunity Canvas).

Usage

1. Scan for Internet facing Industrial Control Systems, Medical and Internet of Things devices based on country or coordinates.

2. Gather passive intelligence from WHOISXML, BinaryEdge and Shodan or active by scanning target directly.

3. Thanks to indicators from devices and google maps, pinpoit device to specific place or facility (hospital, wastewater treatment plant, gas station, university, etc.)

4. (Optional, not recommended) 4. Guess/Bruteforce or use default password to gain access to the device. Some exploits are implemented for couple specific IoTs.

5. Report devices in critical infrastructure to your local CERT.

Features

  • More than 100 ICS devices
  • Gallery section shows every gathered screenshot in one place
  • Interactive Google maps
  • Google street view support
  • Possibility to implement own exploits or scanning techiques
  • Support for NMAP scan in xml format as an input
  • Find the route and change location of device
  • Statistics for each search
  • Search Flick photos nearby your device
  • Position for vessels is scraped from device directly, rather than IP based
  • Some devices return hints or location in the response. It’s parsed and displayed as an indicator that helps to geolocate device.

Installation

Requirements

  • beautiful soup
  • python3
  • django
  • pynmea2
  • celery
  • redis
  • Shodan paid account
  • BinaryEdge (Optional)
  • WHOISXMLAPI (Optional)
  • Flickr (Optional)
  • Google Maps API
  • Pastebin PRO (Optional)
  • xmltodict
  • python-libnmap

Make sure your API keys are correct and put them in keys.json in main directory.

Run

git clone https://github.com/woj-ciech/Kamerka-GUI/
pip3 install -r requirements.txt
python3 manage.py makemigrations
python3 manage.py migrate
python3 manage.py runserver

In a new window (in main directory) run celery worker celery worker -A kamerka --loglevel=info

For new version of Celery celery --app kamerka worker

In a new window fire up redis apt-get install redis redis-server

And server should be available on http://localhost:8000/

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

1 week ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

1 week ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

1 week ago