Archive | January, 2020

Cameradar – Hack RTSP Video Surveillance CCTV Cameras


Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.

Cameradar - Hack RTSP Video Surveillance CCTV Cameras


The main features of Cameradar are:

  • Detect open RTSP hosts on any accessible target host
  • Detect which device model is streaming
  • Launch automated dictionary attacks to get their stream route (e.g.: /live.sdp)
  • Launch automated dictionary attacks to get the username and password of the cameras
  • Retrieve a complete and user-friendly report of the results

Using Cameradar to Hack RTSP Video Cameras

Examples to Hack RTSP Camera

Running cameradar on your own machine to scan for default ports

Running cameradar with an input file, logs enabled on port 8554

Running cameradar on a subnetwork with custom dictionaries, on ports 554, 5554 and 8554

You can download Cameradar here:

cameradar-v4.1.3.zip

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools


Latest Posts:


Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.


dSploit APK Download – Hacking & Security Toolkit For Android


dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities. It aims to offer to IT security experts the most complete and advanced professional toolkit to perform network security assessments on a mobile device.

dSploit APK Download - Hacking & Security Toolkit For Android


Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many TCP protocols, perform man in the middle (MiTM) attacks such as password sniffing (with common protocols dissection), real-time traffic manipulation and more.

Features from dSploit APK Download Hacking Toolkit for Android

Features available on dSploit to hack using an Android phone:

  • WiFi Cracking – The WiFi scanner will show in green access points with known default key generation algorithms, clicking on them allows you to easily crack the key
  • RouterPWN – Launch the http://routerpwn.com/ service to pwn your router.
  • Trace – Perform a traceroute on the target.
  • Port Scanner – A syn port scanner to find quickly open ports on a single target.
  • Inspector – Performs target operating system and services deep detection, slower than syn port scanner but more accurate.
  • Vulnerability Finder – Search for known vulnerabilities for target running services upon the National Vulnerability Database.
  • Login Cracker – A very fast network logon cracker which supports many different services.
  • Packet Forger – Craft and send a custom TCP or UDP packet to the target, such as Wake On LAN packets.
  • MITM – A set of Man-in-the-Middle (MitM) tools to command & conquer the whole network.
  • Simple Sniff – Redirect target’s traffic through this device and show some stats while dumping it to a pcap file.
  • Password Sniffer – Sniff passwords of many protocols such as HTTP, FTP, IMAP, IMAPS, IRC, MSN, etc from the target.
  • Session Hijacker – Listen for cookies on the network and hijack sessions.
  • Kill Connections – Kills connections preventing the target to reach any website or server.
  • Redirect – Redirect all the HTTP traffic to another address.
  • Replace Images – Replace all images on webpages with the specified one.
  • Replace Videos – Replace all youtube videos on webpages with the specified one.
  • Script Injection – Inject a javascript in every visited webpage.
  • Custom Filter – Replace custom text on webpages with the specified one.

Requirements for dSploit APK Download To Work

For dSploit to work correctly you need:

– An ARM CPU
– Gingerbread Android (at least Android 2.3)
– Root
– A full install of BusyBox (every utility, not a partial install)

You can download dSploit here:

Source: dsploit-master.zip
APK: dsploit_1.0.31b.zip

Password for the APK .zip file is darknet123.

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools


Latest Posts:


Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.


Scallion – GPU Based Onion Hash Generator


Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor’s hidden services) using OpenCL.

Scallion - GPU Based Onion Hash Generator


Scallion runs on Mono (tested in Arch Linux) and .NET 3.5+ (tested on Windows 7 and Server 2008)

Scallion was used to find collisions for every 32bit key id in the Web of Trust’s strong set demonstrating how insecure 32bit key ids are.

At a high level Scallion works as follows:

  1. Generate RSA key using OpenSSL on the CPU
  2. Send the key to the GPU
  3. Increase the key’s public exponent
  4. Hash the key
  5. If the hashed key is not a partial collision go to step 3
  6. If the key does not pass the sanity checks recommended by PKCS #1 v2.1 (checked on the CPU) go to step 3
  7. Brand new key with partial collision!

The basic algorithm is described above. Speed/performance is the result of massive parallelization, both on the GPU and the CPU.

Dependencies for Onion Hash Generator

To run Scallion successfully you need:

  • OpenCL and relevant drivers installed and configured. Refer to your distribution’s documentation.
  • OpenSSL. For Windows, the prebuilt x86 DLLs are included
  • On windows only, VC++ Redistributable 2008

Scallion runs on Mono (tested in Arch Linux) and .NET 3.5+ (tested on Windows 7 and Server 2008).

Scallion Usage Onion Hash Generator

You can download Scallion here:

scallion-gpg.zip

Or read more here.

Posted in: Cryptography

Topic: Cryptography


Latest Posts:


Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.