search

RedSiege / EyeWitness

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
https://www.christophertruncer.com/eyewitness-usage-guide/
GNU General Public License v3.0
5.01k stars 848 forks source link

add camera sigs ✨ #678

Closed mr-pmillz closed 3 months ago

mr-pmillz commented 3 months ago

Here's a nuclei template to go with it

id: acti-web-configurator-default-login

info:
  name: ACTi Web Configurator Default Login
  author: mr-pmillz
  severity: high
  description: ACTi Web Configurator Default Login
  reference:
    - https://customvideosecurity.com/blog/blog-tag/default-acti-password/#:~:text=Please%20add%20this%20link%20to,Avigilon%3A%20admin%2C
  tags: default-credentials,network-camera,camera

http:
  - raw:
      - |+
        GET /cgi-bin/system?USER={{username}}&PWD={{password}}&LOGIN&CHANNEL=1&SYSTEM_INFO HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
        Accept: */*
        Content-Type: application/x-www-form-urlencoded
        Cookie: User=; Pwd=
        Connection: close
    payloads:
      username:
        - admin
        - Admin
      password:
        - 123456
    attack: clusterbomb
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "LOGIN='1'"
      - type: status
        status:
        - 200