How to find the Vulnerable Webcams With Shodan Using Metasploit Framework?
Step 1: To initialize the Metasploit penetration testing framework, we first need to launch the msfconsole command line interface using root privileges on our attacking machine:
sudo msfconsole
Step 2: Now that we have the Metasploit framework loaded through the msfconsole, our next step is to identify useful Shodan scripts contained within Metasploit that can integrate with the Shodan computer/device search engine.
search shodan
Step 3: Then we’ve to set the handler with this command you can set the Handler we need for searching the webcam and other databases.
use auxiliary/gather/shodan_search
This will execute a search across all existing Metasploit modules and scripts specifically looking for those tagged or related to “Shodan“.
Step 4: To execute Shodan search queries through Metasploit, we need to configure our private Shodan API key to authenticate and connect to the Shodan database. The set command in Metasploit allows us to set the global variables that scripts can use, such as our unique API key for accessing the Shodan platform.
set SHODAN_APIKEY ( Your_Api_key )
Step 5: Now that our Shodan API key is configured in Metasploit, we can define a search query to scan for specific targets. In this case, we are looking to identify open webcams that Shodan has indexed we may want to access. To set our search criteria, we will run the command :
set QUERY webcams
Step 6: Now that our groundwork is completed with our Shodan API key set and webcam search query configured, we are ready to execute the search itself to reveal vulnerable targets.
exploit
The exploit command we ran has surfaced a list of publicly accessible webcams that Shodan has indexed across the internet. What we see in the terminal output is metadata and access details on various vulnerable webcams ripe for unauthorized access.
To access any webcam stream, we first need to copy the IP address with the Port Number.
Next, we paste that copied IP: port combo into any web browser URL bar.
After Hitting enter should now display the live video stream from the targeted webcam. And just like that, we’re viewing the footage of security cameras, office webcams, or other unintentionally exposed devices.
Find Vulnerable Webcams with Shodan [Metasploit Framework]
Finding vulnerable webcams with Shodan and Metasploit can sound intimidating for beginners, but let me try to explain the key ideas simply. Think of Shodan as a search engine for connected devices and servers instead of websites. We can use it to find webcams and other systems that are publicly accessible over the internet. Sometimes these devices are not properly secured by their owners. Their login page or video feed may be accessible without a password. That is what we call a vulnerable webcam. Metasploit is a popular tool for testing vulnerabilities. Once we find an open webcam with Shodan. Metasploit helps us connect to that device and view the video feed.
Contact Us