I'm considering using the HikvisionExploiter tool to evaluate some cameras I have, but I'm unsure about the safety of the code it runs. How can I verify if it's secure? Has anyone here tried it with positive outcomes? Also, what general methods do you use to assess the safety of code hosted on GitHub? Thanks for any insights!
3 Answers
Your initial issue is that you even have Hikvision cameras! Seriously, they raise many security concerns. It’s better to just ditch them altogether. Honestly, looking at stuff like this tool could lead to serious risks. Just keep in mind that some developers might upload questionable tools to GitHub with harmful intentions.
I actually think the emojis in the readme really add a fun touch! Makes the whole thing feel less dull compared to the typical black and white texts.
You might want to take a look at the code itself; it’s only about 200 lines long. Search for anything suspicious, like data being sent to unknown URLs or odd IP addresses. From what I saw, the code mainly checks for open ports and possible exploit URLs, and it doesn't seem to do anything malicious. But still, always best to verify for yourself!
One thing to avoid is downloading anything from untrusted sources, like the psexec download—I made that mistake and lost a machine. So definitely be careful!
That’s true, but if the cameras are isolated on an Ethernet network, then the risks are lower. It’s all about keeping it secure, no matter the brand.