## https://sploitus.com/exploit?id=F4D7B218-0C6E-5ABA-94DF-4BD510958521
# HIKRAVEN π‘οΈ
Advanced Hikvision Security Assessment Platform - Professional Edition
Features β’ Quick Start β’ Installation β’ Usage β’ Documentation β’ Disclaimer
---
β οΈ IMPORTANT LEGAL NOTICE
[!] THIS TOOL IS FOR AUTHORIZED SECURITY TESTING ONLY [!]
Unauthorized access to computer systems is illegal and unethical.
By using this tool, you agree to:
Β· Only test systems you own or have explicit written permission to test
Β· Comply with all applicable laws and regulations
Β· Use findings responsibly and report vulnerabilities ethically
Β· Accept full legal responsibility for your actions
---
π Table of Contents
Β· Overview
Β· Features
Β· Installation
Β· Quick Start
Β· Usage Guide
Β· Commands Reference
Β· Reporting
Β· Vulnerabilities Detected
Β· Architecture
Β· Configuration
Β· Contributing
Β· Disclaimer
Β· License
---
π Overview
HIKRAVEN is a professional-grade security assessment platform specifically designed for identifying and analyzing vulnerabilities in Hikvision devices. Built for security researchers, penetration testers, and IT security professionals, it provides comprehensive network discovery, vulnerability scanning, and reporting capabilities.
Key Capabilities
Capability Description
π Discovery Passive and active network discovery with ARP sniffing, multicast probing, and port scanning
π― Fingerprinting Detailed device identification including model, firmware, serial numbers, and cloud status
π‘οΈ Vulnerability Scan Detection of 12+ known CVEs including critical command injection vulnerabilities
π Credential Testing Automated testing of 40+ default username/password combinations
π₯ Exploitation Safe and controlled exploitation testing for authorized penetration testing
π Reporting Professional reports in JSON, HTML, CSV, and Markdown formats
ποΈ Database Persistent storage with encryption for credentials and scan history
---
β¨ Features
π Discovery & Reconnaissance
Β· Passive ARP Sniffing - Detect Hikvision devices without active scanning
Β· Multicast Probing - Discover devices via UDP multicast (239.255.255.250:37020)
Β· Subnet Scanning - Ping sweeps and port scanning across entire subnets
Β· MAC OUI Detection - Identify Hikvision devices by MAC address prefixes
Β· Interface Management - Multi-interface support with cross-platform compatibility
Β· Reverse DNS - Automatic hostname resolution
π‘οΈ Vulnerability Assessment
Β· 12+ CVE Signatures - Comprehensive vulnerability database including:
Β· CVE-2021-36260 (Command Injection - CRITICAL)
Β· CVE-2017-7923 (Authentication Bypass - HIGH)
Β· CVE-2019-11376 (Information Disclosure - HIGH)
Β· And more...
Β· Default Credential Testing - 40+ common username/password combinations
Β· Web Interface Analysis - Extract device information from web interfaces
Β· Cloud Management Detection - Identify Hik-Connect enabled devices
Β· Risk Scoring - Automatic threat level calculation (INFO β CRITICAL)
π£ Exploitation (Authorized Use Only)
Β· CVE-2021-36260 - Command injection exploitation with safe mode
Β· CVE-2017-7923 - Authentication bypass and password reset
Β· Safe Mode - Non-destructive testing options
Β· Evidence Collection - Proof of concept capture
π Professional Reporting
Format Use Case Features
HTML Executive Reports Interactive, styled, device cards, severity coloring
JSON API Integration Machine-readable, structured, complete dataset
CSV Spreadsheet Analysis Excel-compatible, pivot table ready
Markdown Documentation Readable, version control friendly
ποΈ Database & Management
Β· SQLite Storage - Lightweight, portable database
Β· Encrypted Credentials - AES-256 encryption for sensitive data
Β· Scan History - Complete audit trail of all scans
Β· Automatic Backups - Database rotation and compression
Β· Device Fingerprinting - Unique identifiers to prevent duplicates
---
π¦ Installation
Prerequisites
```bash
Python 3.8 or higher
pip (Python package manager)
```
Quick Install
```bash
# Clone the repository
git clone https://github.com/SYLHETYHACKVENGER/HIKRAVEN
cd HIKRAVEN
# Install dependencies
pip install -r requirements.txt
# Verify installation
python hikraven.py --version
```
Dependencies
```txt
requests>=2.31.0
scapy>=2.5.0
lxml>=4.9.0
cryptography>=41.0.0
colorama>=0.4.6
pyyaml>=6.0
tqdm>=4.66.0
packaging>=23.1
rich>=13.5.0
netifaces>=0.11.0
psutil>=5.9.5
```
Platform-Specific Notes
Linux/Unix:
```bash
# May require root privileges for packet capture
sudo python hikraven.py --interface eth0
# Install additional dependencies
sudo apt-get install python3-scapy
```
Windows:
```powershell
# Run as Administrator for packet capture
python hikraven.py --interface "Ethernet"
# Install Npcap for packet capture
# Download from: https://npcap.com/
```
macOS:
```bash
# May require sudo for packet capture
sudo python hikraven.py --interface en0
```
---
π Quick Start
1. Basic Discovery
```bash
# Auto-detect interface and scan local network
python hikraven.py --auto-detect
# Scan specific subnet
python hikraven.py --subnet 192.168.1.0/24
```
2. Full Security Assessment
```bash
# Complete vulnerability scan with reporting
python hikraven.py --interface eth0 --subnet 192.168.1.0/24 --vuln-scan --report html
```
3. Stealth Mode
```bash
# Low-profile scanning with rate limiting
python hikraven.py --interface eth0 --stealth --passive
```
4. Exploitation Testing (Authorized Only)
```bash
# Safe exploitation testing
python hikraven.py --subnet 192.168.1.0/24 --vuln-scan --exploit
```
---
π Usage Guide
Command Line Options
Option Short Description
--interface -i Network interface (e.g., eth0, wlan0)
--address -a IP address of the interface
--auto-detect -D Auto-detect network interface
--list-interfaces -L List available network interfaces
--passive -p Passive discovery only (ARP sniffing)
--active -A Active discovery (ping scan, port scan)
--subnet -s Subnet to scan (e.g., 192.168.1.0/24)
--vuln-scan -v Perform vulnerability scanning
--exploit -e Attempt exploitation (DANGEROUS!)
--report -r Generate report format(s)
--output -o Output directory for reports
--stealth Enable stealth mode
--threads -t Number of threads (default: 100)
--timeout Network timeout in seconds (default: 10)
--config -c Configuration file path
--verbose -V Verbose output
--quiet -q Quiet mode
--version Show version
Examples
1. List Available Interfaces
```bash
python hikraven.py --list-interfaces
```
2. Passive Discovery
```bash
# Discover devices without active scanning
python hikraven.py --interface wlan0 --passive --verbose
```
3. Full Network Scan
```bash
# Complete scan with all features
python hikraven.py --interface eth0 --subnet 10.0.0.0/24 --vuln-scan --report all
```
4. Custom Output Directory
```bash
# Save reports to custom location
python hikraven.py --subnet 192.168.1.0/24 --vuln-scan --output /home/user/security-reports
```
5. Performance Tuning
```bash
# High-performance scan
python hikraven.py --subnet 192.168.1.0/24 --threads 200 --timeout 5
# Conservative scan
python hikraven.py --subnet 192.168.1.0/24 --threads 20 --timeout 20 --stealth
```
---
π Reporting
Report Generation
```bash
# Generate all report formats
python hikraven.py --subnet 192.168.1.0/24 --vuln-scan --report all
# Generate specific format
python hikraven.py --subnet 192.168.1.0/24 --vuln-scan --report html
python hikraven.py --subnet 192.168.1.0/24 --vuln-scan --report json
```
Report Contents
Executive Summary
Β· Total devices discovered
Β· Vulnerable devices count
Β· Total vulnerabilities found
Β· Severity distribution
Β· Risk score overview
Device Inventory
Β· IP and MAC addresses
Β· Device model and manufacturer
Β· Firmware and software versions
Β· Serial numbers
Β· Open ports and services
Β· Cloud management status
Β· Threat level assessment
Vulnerability Details
Β· CVE identifiers
Β· CVSS scores
Β· Severity ratings
Β· Descriptions
Β· Affected devices
Β· Proof of concept
Β· Remediation recommendations
---
π‘οΈ Vulnerabilities Detected
CVE ID Severity CVSS Description Category
CVE-2021-36260 CRITICAL 9.8 Command injection in web interface RCE
CVE-2017-2824 CRITICAL 9.8 Remote code execution vulnerability RCE
CVE-2017-7923 HIGH 7.5 Authentication bypass vulnerability Auth Bypass
CVE-2019-11376 HIGH 7.8 Information disclosure vulnerability Info Disclosure
CVE-2017-7925 HIGH 7.5 Authentication bypass via improper auth Auth Bypass
CVE-2021-36261 HIGH 7.8 Information disclosure vulnerability Info Disclosure
CVE-2023-28807 HIGH 7.5 Security configuration disclosure Info Disclosure
CVE-2014-4880 HIGH 7.5 Backdoor account vulnerability Backdoor
CVE-2022-28179 HIGH 7.5 Buffer overflow vulnerability Memory Corruption
CVE-2018-10321 MEDIUM 6.5 Information disclosure vulnerability Info Disclosure
CVE-2020-36208 MEDIUM 6.5 Command injection vulnerability RCE
CVE-2022-28174 MEDIUM 6.1 Information disclosure vulnerability Info Disclosure
Default Credentials Tested
The tool automatically tests 40+ common credential combinations including:
Β· admin:12345, admin:123456, admin:hikvision
Β· admin:password, admin:admin, admin:hik12345
Β· root:12345, root:password, root:admin
Β· user:12345, user:password, guest:guest
Β· And many more...
---
ποΈ Architecture
```
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β HIKRAVEN Architecture β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β Interface β β Discovery β βVulnerabilityβ β
β β Manager βββββΆβ Engine βββββΆβ Scanner β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β β β β
β βΌ βΌ βΌ β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β ARP β β Passive β β CVE β β
β β Sniffing β β Discovery β β Detection β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β βExploitation β β Report β β Database β β
β β Engine βββββΆβ Generator βββββΆβ Manager β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Plugin System β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
```
Core Components
1. Interface Manager
Β· Cross-platform interface detection
Β· MAC OUI identification
Β· Interface statistics collection
2. Discovery Engine
Β· Passive ARP sniffing
Β· Active subnet scanning
Β· Multicast probing
Β· Device fingerprinting
3. Vulnerability Scanner
Β· CVE signature matching
Β· Default credential testing
Β· Web interface analysis
Β· Risk scoring
4. Exploitation Engine
Β· Safe exploitation mode
Β· CVE-2021-36260 exploitation
Β· CVE-2017-7923 exploitation
Β· Evidence collection
5. Report Generator
Β· Multiple format support
Β· Professional styling
Β· Detailed vulnerability reporting
6. Database Manager
Β· SQLite storage
Β· Encryption support
Β· Automatic backups
Β· Scan history
---
βοΈ Configuration
Configuration File (config.yaml)
```yaml
version: 5.1.0
general:
name: HIKRAVEN
company: Security Research Team
interface:
auto_detect: true
preferred_interface: null
scan_timeout: 5
promiscuous: false
scan:
max_threads: 100
timeout: 10
rate_limit: 20
stealth_mode: false
max_retries: 3
discovery:
passive_timeout: 30
use_arp: true
use_multicast: true
use_port_scan: true
use_ping_scan: true
ports:
- 80
- 443
- 554
- 8000
- 37020
- 8443
- 37777
- 37778
vulnerability:
enabled: true
check_default_creds: true
timeout_per_check: 5
max_checks_per_device: 20
reporting:
formats:
- json
- html
- csv
output_dir: reports
compress: false
database:
path: hikraven.db
encrypt_credentials: true
max_size_mb: 100
logging:
level: INFO
file: hikraven.log
console_output: true
```
---
π§ Advanced Usage
Plugin Development
Create custom plugins in the plugins/ directory:
```python
# plugins/example_plugin.py
class Plugin:
def pre_scan(self, scan_type, subnet):
"""Execute before scan starts"""
pass
def post_scan(self, results):
"""Execute after scan completes"""
pass
def on_device_discovered(self, device):
"""Called when a device is discovered"""
pass
```
API Integration
```python
# Example of programmatic usage
import asyncio
from hikraven import HikRaven
async def custom_scan():
app = HikRaven()
app.initialize(interface='eth0')
results = await app.run_scan(
scan_type='active',
subnet='192.168.1.0/24',
vuln_scan=True
)
for device in results.devices:
print(f"{device.ip_address}: {device.get_vulnerability_count()} vulns")
app.generate_reports(['json', 'html'])
asyncio.run(custom_scan())
```
CI/CD Integration
```yaml
# .github/workflows/security-scan.yml
name: Security Scan
on: [push]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run HIKRAVEN
run: |
python hikraven.py --subnet 192.168.1.0/24 --vuln-scan --report json
- name: Upload Reports
uses: actions/upload-artifact@v3
with:
name: security-reports
path: reports/
```
---
π Performance
Benchmark Results
Configuration Discovery Time Scan Time Memory Usage
/24 subnet, 100 threads 45s 2m 30s ~150MB
/24 subnet, 200 threads 25s 1m 20s ~250MB
Passive only 30s 30s ~50MB
Stealth mode 5m 8m ~100MB
Optimization Tips
1. Network Speed:
Β· Increase threads for faster scanning
Β· Reduce timeout for responsive networks
Β· Use active scanning for comprehensive results
2. Memory Usage:
Β· Limit database size in config
Β· Use compression for reports
Β· Enable database rotation
3. Stealth Requirements:
Β· Enable stealth mode
Β· Reduce rate limit
Β· Use passive discovery first
---
π€ Contributing
How to Contribute
1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Submit a pull request
Development Setup
```bash
# Clone repository
git clone https://github.com/SYLHETYHACKVENGER/HIKRAVEN
cd HIKRAVEN
# Create virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dev dependencies
pip install -r requirements-dev.txt
# Run tests
pytest
# Run linter
flake8 hikraven.py
```
Guidelines
Β· Follow PEP 8 style guide
Β· Write comprehensive docstrings
Β· Add unit tests for new features
Β· Update documentation
Β· Keep performance in mind
---
π Disclaimer
[!] IMPORTANT LEGAL DISCLAIMER [!]
THIS SOFTWARE IS PROVIDED FOR EDUCATIONAL AND RESEARCH PURPOSES ONLY.
Terms of Use
1. Authorization Required: You must have explicit written permission from the owner of any system you test with this tool.
2. Legal Compliance: You are solely responsible for ensuring your use of this tool complies with all applicable local, state, national, and international laws.
3. No Warranty: This software is provided "AS IS" without warranty of any kind. The authors make no representations regarding the safety or suitability of this software for any purpose.
4. Liability: The authors and contributors are not liable for any damages or legal consequences arising from the use or misuse of this software.
5. Ethical Use: This tool must be used ethically and responsibly. Any malicious use is strictly prohibited.
6. Attribution: You must give appropriate credit to the authors when using or referencing this software.
Prohibited Uses
Β· β Unauthorized access to computer systems
Β· β Malicious hacking or cyber attacks
Β· β Data theft or unauthorized data access
Β· β Disruption of services
Β· β Any illegal or unethical activity
Responsible Disclosure
If you discover vulnerabilities using this tool:
1. Document your findings
2. Report them responsibly to the affected parties
3. Do not exploit vulnerabilities maliciously
4. Follow responsible disclosure guidelines
---
π License
```
HIKRAVEN - Advanced Hikvision Security Assessment Framework
Copyright (c) 2024
This software is licensed for EDUCATIONAL and RESEARCH use only.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software for educational and research purposes, subject to the following
conditions:
1. The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
2. Any use of the Software must be for educational or research purposes only.
3. Commercial use of the Software is strictly prohibited without prior
written permission from the authors.
4. The authors assume no responsibility for any use of the Software, legal
or otherwise.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
```
---
π Contact & Support
Author
Β· SYLHETYHACKVENGER (THE-ERROR808)
Β· GitHub: @THE-ERROR808
Reporting Issues
Β· GitHub Issues: Create Issue
Β· Security Issues: Please report responsibly
---
π Acknowledgments
Β· Security research community
Β· CVE database contributors
Β· Open-source library developers
Β· Penetration testing community
---
π Project Statistics
---
Built with β€οΈ for the Security Research Community
β¬ Back to Top