Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities

Stars: ✭ 48 (-73.77%)

Mutual labels: exploit, vulnerability-scanners

H4cker

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Stars: ✭ 10,451 (+5610.93%)

Mutual labels: exploit, vulnerability-scanners

browserrecon-php

Advanced Web Browser Fingerprinting

Stars: ✭ 29 (-84.15%)

Mutual labels: exploit, vulnerability-scanners

CamRaptor

CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials.

Stars: ✭ 106 (-42.08%)

Mutual labels: camera, exploit

SQL Injection Payload

SQL Injection Payload List

Stars: ✭ 62 (-66.12%)

Mutual labels: exploit, vulnerability-scanners

CamOver

CamOver is a camera exploitation tool that allows to disclosure network camera admin password.

Stars: ✭ 217 (+18.58%)

Mutual labels: camera, exploit

Iblessing

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

Stars: ✭ 326 (+78.14%)

Mutual labels: exploit, vulnerability-scanners

Saucerframe

python3批量poc检测工具

Stars: ✭ 242 (+32.24%)

Mutual labels: exploit, vulnerability-scanners

Entropy

Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.

Stars: ✭ 126 (-31.15%)

Mutual labels: exploit, shodan

Joomscan

OWASP Joomla Vulnerability Scanner Project

Stars: ✭ 640 (+249.73%)

Mutual labels: exploit, vulnerability-scanners

Hisilicon Dvr Telnet

PoC materials for article https://habr.com/en/post/486856/

Stars: ✭ 101 (-44.81%)

Mutual labels: camera, exploit

View All Similar Projects ➔

Shodanwave

Shodanwave is a tool for exploring and obtaining information from cameras specifically Netwave IP Camera. The tool uses a search engine called shodan that makes it easy to search for cameras online.

What does the tool to? Look, a list!

Search
Brute force
SSID and WPAPSK Password Disclosure
E-mail, FTP, DNS, MSN Password Disclosure
Exploit

This is an example of shodan wave running, the password was not found through raw force so the tool tries to leak the camera's memory. If the tool finds the password it does not try to leak the memory.

How to use?

To use shodanwave you need an api key which you can get for free at https://www.shodan.io/, then you need to follow the next steps.

Installation

$ cd /opt/
$ git clone https://github.com/fbctf/shodanwave.git
$ cd shodanwave
$ pip install -r requirements.txt

Usage

Usage: python shodanwave.py -u usernames.txt -w passwords.txt  -k Shodan API key --t OUTPUT
       python shodanwave.py --help 
         __              __                                   
   _____/ /_  ____  ____/ /___ _____ _      ______ __   _____ 
  / ___/ __ \/ __ \/ __  / __ `/ __ \ | /| / / __ `/ | / / _ \
 (__  ) / / / /_/ / /_/ / /_/ / / / / |/ |/ / /_/ /| |/ /  __/
/____/_/ /_/\____/\__,_/\__,_/_/ /_/|__/|__/\__,_/ |___/\___/ 
                                                              

This tool is successfully connected to shodan service
Information the use of this tool is illegal, not bad.

usage: shodanwave.py [-h] [-s SEARCH] [-u USERNAME] [-w PASSWORD] [-k ADDRESS]

optional arguments:
  -h, --help            show this help message and exit
  -s SEARCH, --search SEARCH
                        Default Netwave IP Camera
  -u USERNAME, --username USERNAME
                        Select your usernames wordlist
  -w PASSWORD, --wordlist PASSWORD
                        Select your passwords wordlist
  -k ADDRESS, --shodan ADDRESS
                        Shodan API key
  -l LIMIT, --limit LIMIT
                        Limit the number of registers responsed by Shodan
  -o OFFSET, --offset OFFSET
                        Shodan skips this number of registers from response
  -t OUTPUT, --output OUTPUT
                        Save the results
  -p, --tor
		        All Requests/Wgets go through Tor

Attention

Use this tool wisely and not for evil. To get the best performece of this tool you need to pay for shodan to get full API access Options --limit and --offset may need a paying API key and consume query credits from your Shodan account.

Disclaimer

Code samples are provided for educational purposes. Adequate defenses can only be built by researching attack techniques available to malicious actors. Using this code against target systems without prior permission is illegal in most jurisdictions. The authors are not liable for any damages from misuse of this information or code.

Required if using Proxy!!!

Modify your Tsocks config!!

Add/Modify the following at the bottom:
server =
server_type = <4 or 5>
server_port =
default_pass = (Might be required for proxy)

Donations

XMR: 49m12JEEC6HPCHkLMX5QL4SrDQdKwh6eb4Muu8Z9CwA9MwemhzFQ3VcgHwyuR73rC22WCymTUyep7DVrfN3GPt5JBCekPrR

References:

Shodan API search engine for Internet-connected devices.
Requests Requests: HTTP for Humans
Netwave Exploit Netwave IP Camera - Password Disclosure

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 183

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (3) 🔗