• Stars
    star
    705
  • Rank 64,230 (Top 2 %)
  • Language
    HTML
  • License
    MIT License
  • Created about 5 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.

ꓘamerka GUI

Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.

logo

Powered by Shodan - Supported by Binary Edge & WhoisXMLAPI

NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

Shodan, Kamerka, are creating a “perfect storm” of

  1. easy access to unsecured assets,

  2. use of common, open-source information about devices, and

  3. an extensive list of exploits deployable via common exploit frameworks (e.g., Metasploit, Core Impact, and Immunity Canvas).

https://us-cert.cisa.gov/ncas/alerts/aa20-205a

Usage

1. Scan for Internet facing Industrial Control Systems, Medical and Internet of Things devices based on country or coordinates.

2. Gather passive intelligence from WHOISXML, BinaryEdge and Shodan or active by scanning target directly.

3. Thanks to indicators from devices and google maps, pinpoit device to specific place or facility (hospital, wastewater treatment plant, gas station, university, etc.)

4. (Optional, not recommended) 4. Guess/Bruteforce or use default password to gain access to the device. Some exploits are implemented for couple specific IoTs.

5. Report devices in critical infrastructure to your local CERT.

Features

  • More than 100 ICS devices
  • Gallery section shows every gathered screenshot in one place
  • Interactive Google maps
  • Google street view support
  • Possibility to implement own exploits or scanning techiques
  • Support for NMAP scan in xml format as an input
  • Find the route and change location of device
  • Statistics for each search
  • Search Flick photos nearby your device
  • Position for vessels is scraped from device directly, rather than IP based
  • Some devices return hints or location in the response. It's parsed and displayed as an indicator that helps to geolocate device.

Articles

https://www.offensiveosint.io/hack-the-planet-with-amerka-gui-ultimate-internet-of-things-industrial-control-systems-reconnaissance-tool/

https://www.offensiveosint.io/offensive-osint-s01e03-intelligence-gathering-on-critical-infrastructure-in-southeast-asia/

https://www.offensiveosint.io/hack-like-its-2077-presenting-amerka-mobile/

https://www.zdnet.com/article/kamerka-osint-tool-shows-your-countrys-internet-connected-critical-infrastructure/

https://www.icscybersecurityconference.com/intelligence-gathering-on-u-s-critical-infrastructure/

Installation

Requirements

  • beautiful soup
  • python3
  • django
  • pynmea2
  • celery
  • redis
  • Shodan paid account
  • BinaryEdge (Optional)
  • WHOISXMLAPI (Optional)
  • Flickr (Optional)
  • Google Maps API
  • Pastebin PRO (Optional)
  • xmltodict
  • python-libnmap

Make sure your API keys are correct and put them in keys.json in main directory.

Run

git clone https://github.com/woj-ciech/Kamerka-GUI/
pip3 install -r requirements.txt
python3 manage.py makemigrations
python3 manage.py migrate
python3 manage.py runserver

In a new window (in main directory) run celery worker celery worker -A kamerka --loglevel=info

For new version of Celery celery --app kamerka worker

In a new window fire up redis apt-get install redis redis-server

And server should be available on http://localhost:8000/

Search

Search for Industrial Control Devices in specific country

  • "All results" checkbox means get all results from Shodan, if it's turned off - only first page (100) results will be downloaded.
  • "Own database" checkbox does not work but shows that is possible to integrate your own geolocation database.

Search for Internet of things in specific coordinates

Type your coordinates in format "lat,lon", hardcoded radius is 20km.

Dashboard

Gallery

Maps

City map

Industrial Control Systems in Poland - ~2.5k different devices

Statistics

Device map

Intel

Geolocate

Scan & Exploit & Information

Full list of supported devices with corresponding queries

https://github.com/woj-ciech/Kamerka-GUI/blob/master/queries.md

NMAP Scripts

  • atg-info
  • codesys
  • cspv4-info
  • dnp3-info
  • enip-info
  • fox-info
  • modbus-discover
  • modicon-info
  • omron-info
  • pcworx-info
  • s7-enumerate
  • s7-info

Exploits

  • CirCarLife SCADA 4.3.0 - Credential Disclosure
  • VideoIQ - Remote file disclosure
  • Grandstream UCM6202 1.0.18.13 - Remote Command Injection
  • Contec Smart Home 4.15 - Unauthorized Password Reset
  • Netwave IP Camera - Password Disclosure
  • Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
  • Lutron Quantum 2.0 - 3.2.243 - Information Disclosure
  • Bosch Security Systems DVR 630/650/670 Series - Multiple Vulnerabilities

Used components

Additional

  • I'm not responsible for any damage caused by using this tool.

More Repositories

1

LeakLooker

Find open databases - Powered by Binaryedge.io
1,291
star
2

kamerka

Build interactive map of cameras from Shodan
1,238
star
3

Danger-zone

Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files.
Python
669
star
4

LeakLooker-X

LeakLooker GUI - Discover, browse and monitor database/source code leaks
JavaScript
277
star
5

OSINT

CSS
264
star
6

SocialPath

Track users across social media platform
CSS
154
star
7

Shomap

Create visualization from Shodan query
HTML
70
star
8

Daily-dose-of-malware

Script lets you gather malicious software and c&c servers from open source platforms like Malshare, Malcode, Google, Cymon - vxvault, cybercrime tracker and c2 for Pony.
Python
36
star
9

pepe

Collect information about email addresses from Pastebin
Python
35
star
10

intelx_viz

Collect information about leaks for particular domain in IntelX and present it on a tree view graph.
HTML
26
star
11

offensive-osint

Scripts related to offensiveosint.io
HTML
19
star
12

woj-ciech

Offensive OSINT
17
star
13

Social-media-c2

Script is a proof of concept how to control your machine by using social media sites.
Python
17
star
14

kupa3

Tracking the trackers. Draw connections between scripts and domains on website.
Python
14
star
15

nadesrau

Detect firearm and nudity on Twitter and Instagram
Python
12
star
16

Wallet-watcher

Small script for retrieving incoming transactions based on provided hour period.
Python
12
star
17

Awake

Bug Bounty Monitor
Python
11
star
18

Bad-Ads

Monitor ads on Bedpage
CSS
9
star
19

other

Small scripts
Python
6
star
20

kamerka-demo

Demo for ꓘamerka GUI
3
star
21

stock_viz

HTML
2
star