search

jorhelp / Ingram

网络摄像头漏洞扫描工具 | Webcam vulnerability scanning tool
GNU General Public License v3.0
1.56k stars 261 forks source link

Existential doubts u.u #72

Open kalicams opened 7 months ago

kalicams commented 7 months ago

Hi I have used the script for hundreds of hours for fun. You are the best. i have a question. is it possible to do a search with masscan but using the rules.csv?.since it is a lot of work for the script to process 500.000 ips:ports and only find 0.5% of cameras in 96 or more hours (masscan alone is not enough). is there any possibility to apply a filter or speed that up?. I ask all this because when I search for rare ports the success rate is too low and I would like to be able to apply masscan and a filter before passing it through the script.Thanksss

jorhelp commented 7 months ago

We can use powerful port scanner to obtain active hosts, thereby reducing the scanning range of Ingram and improving the running speed. The specific method is to organize the result file of the port scanner into the format of ip:port and use it as the input file of Ingram

Here is a brief demonstration of masscan as an example (the detailed usage of masscan will not be repeated here).

First, use masscan to scan the surviving host on port 80 or 8000-8008 (you sure can change the port anything else if you want): masscan -p80,8000-8008 -iL INPUT -oL OUTPUT --rate 8000

After masscan is done, sort out the result file: grep 'open' OUTPUT | awk '{printf"%s:%s\n", $4, $3}' > input

Then: python run_ingram.py -i input -o output

kalicams commented 7 months ago

We can use powerful port scanner to obtain active hosts, thereby reducing the scanning range of Ingram and improving the running speed. The specific method is to organize the result file of the port scanner into the format of ip:port and use it as the input file of Ingram

Here is a brief demonstration of masscan as an example (the detailed usage of masscan will not be repeated here).

First, use masscan to scan the surviving host on port 80 or 8000-8008 (you sure can change the port anything else if you want): masscan -p80,8000-8008 -iL INPUT -oL OUTPUT --rate 8000

After masscan is done, sort out the result file: grep 'open' OUTPUT | awk '{printf"%s:%s\n", $4, $3}' > input

Then: python run_ingram.py -i input -o output

Thank you very much for the answer, yes I use masscan before using ingram but I want to use another additional filter. sometimes example. I get 500.000 ip from port 15000 with masscan and from those 500.000, only 250 belong to cameras. So even using masscan ingram is trying very hard to analyze all that being that the conversion is very low. My question was if there is the possibility with some other software or script to filter the result that is obtained with masscan.

Example

  1. Scanning 141.0.0.0.0 to 141.255.255.255 (port 14000) in masscan
  2. Filter the result obtained in masscan in some other script or software (with hikvision rules).
  3. Then finally place the filtered result in ingram.
InvisibleRagman commented 7 months ago

Hi I have used the script for hundreds of hours for fun. You are the best. i have a question. is it possible to do a search with masscan but using the rules.csv?.since it is a lot of work for the script to process 500.000 ips:ports and only find 0.5% of cameras in 96 or more hours (masscan alone is not enough). is there any possibility to apply a filter or speed that up?. I ask all this because when I search for rare ports the success rate is too low and I would like to be able to apply masscan and a filter before passing it through the script.Thanksss

I would retrieve rare ports using a Shodan results list.

kalicams commented 6 months ago

Hi I have used the script for hundreds of hours for fun. You are the best. i have a question. is it possible to do a search with masscan but using the rules.csv?.since it is a lot of work for the script to process 500.000 ips:ports and only find 0.5% of cameras in 96 or more hours (masscan alone is not enough). is there any possibility to apply a filter or speed that up?. I ask all this because when I search for rare ports the success rate is too low and I would like to be able to apply masscan and a filter before passing it through the script.Thanksss

I would retrieve rare ports using a Shodan results list.

you say to search for rare ports there? and then do my search in masscan right?