某CCTV摄像头(其实是DVR,其中一个牌子为MVPower)具有多种漏洞,现已加入metasploit
漏洞详情
ExploitDB
该摄像头的特征是get请求的响应包含‘JAWS’,如下所示:
HTTP/1.1 200 OK
Server: JAWS/1.0 Mar 26 2016
Content-Type: text/html
Date: Sat, 11 Mar 2017 02:03:22 GMT
Last-Modified: Tue, 8 Sep 2015 07:18:51 GMT
Content-Length: 2971
因此,就针对这个JAWS字段,写了该脚本
'''
JAWS IP Camera Scanner
2017/3/11
'''
# coding = utf-8
import requests
import threading
import Queue
import sys
import timeclass Scan(threading.Thread):def __init__(self, que):threading.Thread.__init__(self)self._que = quedef run(self):while not self._que.empty():url = self._que.get()try:print '[%s]Now Testing: %s' % (time.strftime('%H:%M:%S'), url)r = requests.get(url, headers=headers, timeout = int(sys.argv[4]))# print r.headersif 'JAWS' in str(r.headers):print '[%s]Get JAWS: %s' % (time.strftime('%H:%M:%S'), url)result = open(sys.argv[2], 'a')result.write(url + '\n')except :passdef main():thread = []thread_count = int(sys.argv[3])que = Queue.Queue()address = open(sys.argv[1], 'r')lines = address.readlines()for line in lines:ip = line.strip()url = 'http://' + ip# print urlque.put(url)for i in range(thread_count):thread.append(Scan(que))for i in thread:i.start()for i in thread:i.join()if __name__ == '__main__':if len(sys.argv) == 5:user_agent = 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36'headers = {'User-Agent': user_agent}main()else:print 'Wrong Input Parameters'print "Usage: python scan.py iplist.txt result.txt threads timeout"
具体用法是:
python scan.py iplist.txt result.txt threads timeout
scan.py为该脚本名字
iplist.txt为IP列表,每一行为一个IP
result.txt为输出结果文件
threads为线程数
timeout为超时时间
例如:python scan.py iplist.txt result.txt 100 5