Kamerka-GUI: Ultimate IoT/Industrial Control Systems reconnaissance tool

by do son · Published November 9, 2019 · Updated November 9, 2019

Kamerka-GUI

Ultimate Internet of Things/Industrial Control Systems reconnaissance tool

The main purpose of the ICS module of ꓘamerka is to map attack surfaces, in terms of Industrial Control Devices, for any country. Most used products, ports, protocols or cities with the biggest amount of exposed devices are part of the attack surface. It’s really important to understand what the device is used for and where it is located. (I will show how to geolocate some devices a bit later)

Full list of supported devices with corresponding queries

"webcam": "device:webcam",

'printer': "device:printer",

'mqtt': 'product:mqtt',

'rtsp': "port:'554'",

'dicom': "dicom",

"ipcamera": "IPCamera_Logo",

"yawcam": "yawcam",

"blueiris": "http.favicon.hash:-520888198",

'ubnt': "UBNT Streaming Server",

"go1984": "go1984",

"dlink": "Server: Camera Web Server",

"avtech": "linux upnp avtech",

"adh": "ADH-web",



"niagara": "port:1911,4911 product:Niagara",

'bacnet': "port:47808",

'modbus': "port:502",

'siemens': 'Original Siemens Equipment Basic Firmware:',

'dnp3': "port:20000 source address",

"ethernetip": "port:44818",

"gestrip": 'port:18245,18246 product:"general electric"',

'hart': "port:5094 hart-ip",

'pcworx': "port:1962 PLC",

"mitsubishi": "port:5006,5007 product:mitsubishi",

"omron": "port:9600 response code",

"redlion": 'port:789 product:"Red Lion Controls"',

'codesys': "port:2455 operating system",

"iec": "port:2404 asdu address",

'proconos': "port:20547 PLC",



"plantvisor": "Server: CarelDataServer",

"iologik": "iologik",

"moxa": "Moxa",

"akcp": "Server: AKCP Embedded Web Server",

"spidercontrol": "powered by SpiderControl TM",

"tank": "port:10001 tank",

"iq3": "Server: IQ3",

"is2": "IS2 Web Server",

"vtscada": "Server: VTScada",

'zworld': "Z-World Rabbit 200 OK",

"nordex": "Jetty 3.1.8 (Windows 2000 5.0 x86) \"200 OK\" "

Install

git clone https://github.com/woj-ciech/Kamerka-GUI.git
cd Kamerka-GUI
pip3 install -r requirements.txt

Run

python3 manage.py makemigrations
python3 manage.py migrate
python3 manage.py runserver

In a new window (in the main directory) run celery worker celery -A kamerka –loglevel=info

In a new window fire up redis redis-server

And the server should be available on https://localhost:8000/

Search

Search for Industrial Control Devices in a specific country

“All results” checkbox means to get all results from Shodan if it’s turned off – only first page (100) results will be downloaded.
“Own database” checkbox does not work but shows that is possible to integrate your own geolocation database. Let me know if you have access to better than Shodan’s default one.