Forum Thread: Use Hikxploit to Hack Hikvision Security Cameras

In the age of security a lot of device are still vulnerable, this because a lot of them are not updated to the last version of the software.

A lot of hikvision's cameras are still vulnerable with some kind of exploit that allow access from an hidden backdoor in the software, allowing an attacker to change all user's password with one of your choice

So with this python script we will be able to scan, using shodan or, all of the cameras running that version of the software.

Step 1: Download Hikxploit

first you wanna download the tool from the official repository on github by doing
git clone
then you wanna go in the directory
cd Hikxploit
and then install the requirements
pip install -r requirements.txt
after that you are ready to go.

Step 2: Starting Hikxploit

you can then start the tool by doing
you will need to be registered on shodan and to use their api to get the list of device
when you have choose the site to research with just type the number and then give a query to scan the internet
i highly suggest using "App-webs 200 OK" as its always worked for me
after that you will only need to

  • first

scan for up host from the list that you have downloaded

  • second

scan for effective vulnerable device

and then you have the ability to choose different options such as mass-exploiting all the device on the vuln file or picking one or one random

8 Responses

hi. tnank you for this. but i cant excute it in my ssh server. what should i use as commands? thnks

hi i have an api error -"

invalid api key "while executing app-webs 200 ok using shodan .. what should i do?

You could get a new Shodan API key and add it to the code.

how to add it to the code .. plss explain

Open with a python IDE like pycharm.

Actually it looks like you could just open api.txt and paste it there.

i pasted a new shodan api key but then it still didnt work.. it says - unable to connect to shodan

alright ... thanks alot for prompt reply ... ill try it

Share Your Thoughts

  • Hot
  • Active