Skip to content
forked from jorhelp/Ingram

网络摄像头漏洞扫描工具 | Webcam vulnerability scanning tool

License

Notifications You must be signed in to change notification settings

BlackPeter13/Ingram

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

74 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Ingram
Platform Python Version GitHub Github Checks GitHub Last Commit (master) Languages Count

Introduction

Mainly for the vulnerability scanning framework of network cameras, it has integrated common equipment such as Hikvision, Dahua, and Uniview. More camera devices and router devices will be added later.

run

Install

Windows still has some bugs, Linux and Mac can be used normally. Please make sure to install Python 3.7 and above, 3.8 is recommended

  • clone the repository:
git clone https://github.com/avikowy/Ingram.git
  • Enter the project directory to install dependencies:
cd Ingram
pip3 install git+https://github.com/arthaud/python3-pwntools.git
pip3 install -r requirements.txt

So far the installation is complete!

run

  • You need to prepare a target file, such as target.txt, which stores the IP addresses you want to scan, one target per line, the specific format is as follows:
# You can use the pound sign (#) to comment
# single IP address
192.168.0.1
# IP address and port to scan
192.168.0.2:80
# IP segment with '/'
192.168.0.0/16
# IP segment with '-'
192.168.0.0-192.168.255.255
  • run after:
python run_ingram.py -i files you want to scan -o output folder
  • port: If the target port is specified in the target.txt file, for example: 192.168.6.6:8000, then the target port 8000 will be scanned

Otherwise, only common ports are scanned by default. If you want to scan other ports in batches, you need to specify them yourself, for example:

python run_ingram.py -i files you want to scan -o output folder -p 80 81 8000
  • The default number of concurrency may be so easy for your broadband, you can increase it appropriately according to the network conditions, for example, increasing the number of concurrency to 800 on my test machine still works well, and the speed is extremely fast:
python run_ingram.py -i files you want to scan -o output folder -t 800
  • other parameters:
optional arguments:
  -h, --help print parameter information
  -i IN_FILE, --in_file IN_FILE
                        file to scan
  -o OUT_DIR, --out_dir OUT_DIR
                        Scan result output path
  -p PORT [PORT ...], --port PORT [PORT ...]
                        The port to scan, you can specify multiple ports, such as -p 80 81 82
  -t TH_NUM, --th_num TH_NUM
                        The number of concurrent, adjusted according to the network conditions
  -T TIME_OUT, --time_out TIME_OUT
                        time out
  --debug debug mode
  • (Optional) The scan time may be very long, if you want to send a reminder via WeChat when the program scan is over, you need to follow [wxpusher](https://wxpusher.zjiecode.com/docs /) to get your own UID and APP_TOKEN and write them into run_ingram.py:
#wechat
config.set_val('WXUID', 'write uid here')
config.set_val('WXTOKEN', 'write token here')
  • Support interruption recovery, but because the running status is recorded every 5 minutes, it cannot accurately restore to the last running status. (It's rough here, it will be adjusted in the next version)

result

.
├── not_vulnerable.csv
├── results.csv
├── snapshots
└── log.txt
  • results.csv saves the complete results in the format: ip,port,devicetype,username,password,vulnerability entry:
Ingram
  • not_vulnerable.csv stores unexposed devices

  • snapshots stores snapshots of some devices:

Ingram

Live Preview (removed for some reasons)

  • You can log in directly through the browser to preview

  • If you want to view batches, we provide a script show/show_rtsp/show_all.py, but it still has some problems :

Ingram

Changelog

  • [2022-06-11] Optimize running speed, support storage of non-exposed devices, support interrupt recovery

  • [2022-07-23] Username and password can be obtained through CVE-2021-33044(Dahua)! Modify the camera snapshot logic (replace rtsp with http), optimize the running speed

    • Because the new version has added some dependency packages, the environment needs to be reconfigured!!!
  • [2022-08-05] Added CVE-2021-33045 (Dahua NVR), but because the account password of the NVR device may not be the same as that of the real camera, the snapshot function does not always work

  • [2022-08-06] Added a password exposure module for Uniview devices, but snapshots are not currently supported

  • [2022-08-17] A relatively large update, we refactored all the code (need to reconfigure the environment), as follows:

    • Refactored the code structure to facilitate the integration of more vulnerabilities in the future, removed some dependent packages, and reduced hyperparameters
    • Replaced multi-threading with coroutines, the speed is significantly improved than before
    • Solved the bug that the child process could not be closed automatically
    • Removed support for masscan, because the new version will automatically detect the port, of course, you can also extract the result ip of masscan as the input of Ingram
    • Removed several device-related hyperparameters, the new version will automatically detect the device
    • No built-in iplist, because it takes up too much space and is inconvenient to maintain, you can find it online yourself if you need it
    • Solved the problem of memory explosion when reading large files

Disclaimer

This tool is for security testing only, and is strictly prohibited for illegal use, and the consequences have nothing to do with the team

Acknowledgments & Quotes

Thanks to Aiminsun for CVE-2021-36260
Thanks to chrisjd20 for hidvision config file decryptor
Thanks to mcw0 for DahuaConsole

About

网络摄像头漏洞扫描工具 | Webcam vulnerability scanning tool

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 100.0%