In the age of security a lot of device are still vulnerable, this because a lot of them are not updated to the last version of the software.
A lot of hikvision's cameras are still vulnerable with some kind of exploit that allow access from an hidden backdoor in the software, allowing an attacker to change all user's password with one of your choice
So with this python script we will be able to scan, using shodan or censys.io, all of the cameras running that version of the software.
first you wanna download the tool from the official repository on github by doing
git clone github.com/M0tHs3C/Hikxploit.git
then you wanna go in the directory
and then install the requirements
pip install -r requirements.txt
after that you are ready to go.
you can then start the tool by doing
you will need to be registered on shodan and censys.io to use their api to get the list of device
when you have choose the site to research with just type the number and then give a query to scan the internet
i highly suggest using "App-webs 200 OK" as its always worked for me
after that you will only need to
scan for up host from the list that you have downloaded
scan for effective vulnerable device
and then you have the ability to choose different options such as mass-exploiting all the device on the vuln file or picking one or one random