Giter Site home page Giter Site logo

hikxploit's Introduction

Hikxploit

hixploit is a python tool that will give you the opportunity to gather all hikvision cctv that are vulnerable to a specific exploit and then change its password

Disclaimer

The tool can work even on windows with the specific version of the too

Photo

Alt text

Install

get

git clone https://github.com/M0tHs3C/Hikxploit.git

pip

pip install shodan
pip install censys
pip install blessings

Usage

  • 1 . Gather host with shodan (api needed)
  • 2 . Gather host with censys.io (api needed)
  • 3 . scan for up host
  • 4 . scan for vuln host
  • 5 . mass exploit all vuln CCTV
  • 6 . select a CCTV'S ip to exploit
  • 7 . random exploit CCTV from the vuln list
  • 8 . install dependency

Suggested query's

for shodan and censys the best query's for now is

App-webs 200 OK
App-webs 200 OK location.country_code: IT (works great by selecting where you wish to test)

Tutorial

Hikxploit is a very simple tool, it may have some bugs but i'm working on to fix most of them
---1---
First you have to gather some host with censys or shodan in order to use this search engine you will need a key or two the tool will probably ask you a key if it can't read from the file due to some permission failure you can just copy paste the key on the tool or you can open up the api file in the tool folder and copy paste it on the first line of the tool
If you use shodan you will need only one line If you use censys you will need two so you have to save it one line at a time.
--2--
After gathering some hosts you will need se if the hosts you gathered are really up This function will test if the hosts can be pinged proving that is really up
--3--
After that we will need to test if all the host that we gathered are really vulnerable at the exploit Some of them will not be vulnerable but no worries remember, shodan like censys offer a basic free plan wich limit your search there are really a lot of cameras still vulnerable to this exploit and this is bad
--After this step we are ready to exploit--
the other options are really self-explanatory

Future update

im working on another exploit in order to amplify my tool by adding other exploit for other cameras from other companies

legal disclaimer: Usage of hikxploit for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

hikxploit's People

Contributors

m0ths3c avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.