In the age of security a lot of device are still vulnerable, this because a lot of them are not updated to the last version of the software.
A lot of hikvision's cameras are still vulnerable with some kind of exploit that allow access from an hidden backdoor in the software, allowing an attacker to change all user's password with one of your choice
So with this python script we will be able to scan, using shodan or censys.io, all of the cameras running that version of the software.
Step 1: Download Hikxploit
first you wanna download the tool from the official repository on github by doing
git clone github.com/M0tHs3C/Hikxploit.git
then you wanna go in the directory
cd Hikxploit
and then install the requirements
pip install -r requirements.txt
after that you are ready to go.
Step 2: Starting Hikxploit
you can then start the tool by doing
python hikxploit_win.py
you will need to be registered on shodan and censys.io to use their api to get the list of device
when you have choose the site to research with just type the number and then give a query to scan the internet
i highly suggest using "App-webs 200 OK" as its always worked for me
after that you will only need to
- first
scan for up host from the list that you have downloaded
- second
scan for effective vulnerable device
and then you have the ability to choose different options such as mass-exploiting all the device on the vuln file or picking one or one random
8 Responses
hi. tnank you for this. but i cant excute it in my ssh server. what should i use as commands? thnks
hi i have an api error -"
invalid api key "while executing app-webs 200 ok using shodan .. what should i do?
You could get a new Shodan API key and add it to the code.
how to add it to the code .. plss explain
Open hikxploit_win.py with a python IDE like pycharm.
Actually it looks like you could just open api.txt and paste it there.
i pasted a new shodan api key but then it still didnt work.. it says - unable to connect to shodan
alright ... thanks alot for prompt reply ... ill try it
Share Your Thoughts