From fa760dd40bbc8d9effc9b1deec5ed3b4968dae31 Mon Sep 17 00:00:00 2001
From: zveriu <zveriu@gmail.com>
Date: Thu, 29 Sep 2016 10:25:41 +0200
Subject: [PATCH] Initial commit.

Initial commit.
Added Shodan queries, specific DDNS services and docs, generic DDNS services.
---
 README                               |  86 ++++++++++++
 cctv_ddns_IP_to_hostname_example.txt |  34 +++++
 cctv_ddns_docs.txt                   |  22 +++
 cctv_ddns_services.txt               |  24 ++++
 cctv_online_censys.txt               |   5 +
 cctv_online_shodan.txt               | 193 +++++++++++++++++++++++++++
 generic_ddns_services.txt            |  10 ++
 7 files changed, 374 insertions(+)
 create mode 100644 README
 create mode 100644 cctv_ddns_IP_to_hostname_example.txt
 create mode 100644 cctv_ddns_docs.txt
 create mode 100644 cctv_ddns_services.txt
 create mode 100644 cctv_online_censys.txt
 create mode 100644 cctv_online_shodan.txt
 create mode 100644 generic_ddns_services.txt

diff --git a/README b/README
new file mode 100644
index 0000000..f03dd96
--- /dev/null
+++ b/README
@@ -0,0 +1,86 @@
+*** Intro ***
+
+Compiled by Andrei Costin ( andrei [at] firmware [dor] re )
+Shodan queries for finding camera/IPcam/CCTV/DVR/NVR/VSS systems
+http://firmware.re/vulns
+https://github.com/zveriu/cctv-ddns-shodan-censys
+
+My latest estimates are 1M+ systems/IP being returned by these queries. 
+
+The systems found using these queries are most likely used in projects like:
+http://insecam.org/
+http://www.forbes.com/sites/thomasbrewster/2016/09/25/brian-krebs-overwatch-ovh-smashed-by-largest-ddos-attacks-ever/#71fa21af6fb6
+
+
+*** License/Credits ***
+
+You are free to use this data in whatever way you want.
+I would greatly appreciate if you do cite the following works when using 
+this data or results obtained using this data (in part or in whole):
+
+@inproceedings{costin2016security,
+  title={Security of CCTV and Video Surveillance Systems: Threats, Vulnerabilities, Attacks, and Mitigations},
+  author={Costin, Andrei},
+  booktitle={TrustED'16: International Workshop on Trustworthy Embedded Devices Proceedings},
+  year={2016}
+}
+
+@inproceedings{costin2014large,
+  title={A Large Scale Analysis of the Security of Embedded Firmwares},
+  author={Costin, Andrei and Zaddach, Jonas and Francillon, Aur{\'e}lien and Balzarotti, Davide and Antipolis, Sophia},
+  booktitle={USENIX Security Symposium},
+  year={2014},
+  organization={USENIX}
+}
+
+@article{con-poc2013,
+  year={2013},
+  author={Costin, Andrei},
+  title={{Poor Man's Panopticon -- Mass CCTV Surveillance for the Masses}},
+  booktitle={{PowerOfCommunity}}
+  howpublished="\url{http://www.powerofcommunity.net/poc2013/slide/andrei.pdf‎}"
+}
+
+
+
+*** Description ***
+
+cctv_online_shodan.txt
+    List of queries to be used with Shodan to locate online 
+    camera/IPcam/CCTV/DVR/NVR/VSS systems.
+    My latest estimates are 1M+ systems/IP being returned by these queries. 
+    Preferably to be used via API, e.g.,:
+    https://github.com/achillean/shodan-python
+    
+cctv_online_censys.txt
+    List of queries to be used with Censys to locate online 
+    camera/IPcam/CCTV/DVR/NVR/VSS systems.
+
+
+cctv_ddns_docs.txt
+    List of PDF guides documenting the use and configuration of DDNS for 
+    CCTV systems.
+
+
+cctv_ddns_services.txt
+    List of DDNS services that are intended/advertised particularly for 
+    CCTV systems. NOTE: this does not prevent these DDNS to host systems/pages 
+    that are totally unrelated to CCTV.
+
+    This list ideally would be used as input for TLDR (TLD records) project:
+    https://github.com/mandatoryprogrammer/TLDR
+
+
+generic_ddns_services.txt
+    List of DDNS services that are generic, and can host CCTV systems as well.
+
+    This list ideally would be used as input for TLDR (TLD records) project:
+    https://github.com/mandatoryprogrammer/TLDR
+
+
+*** Notes ***
+Patches and more data or insights are more than welcome :)!
+
+Author is disclaimed for any use, abuse, misuse, whatever-use of the data 
+herein.
+
diff --git a/cctv_ddns_IP_to_hostname_example.txt b/cctv_ddns_IP_to_hostname_example.txt
new file mode 100644
index 0000000..9a9287a
--- /dev/null
+++ b/cctv_ddns_IP_to_hostname_example.txt
@@ -0,0 +1,34 @@
+http://www.accessify.com/s/samsungipolis.com
+http://www.samsungipolis.com/HOMEDVR
+http://216.114.231.63/
+http://mn-10k-dhcp6-1856.dsl.hickorytech.net/
+
+################################################################################
+
+nslookup 216.114.231.63 bserver.hanwha.co.kr
+Server:		bserver.hanwha.co.kr
+Address:	218.146.34.200#53
+
+Non-authoritative answer:
+63.231.114.216.in-addr.arpa	name = mn-10k-dhcp6-1856.dsl.hickorytech.net.
+
+Authoritative answers can be found from:
+231.114.216.in-addr.arpa	nameserver = ns1.hickorytech.net.
+231.114.216.in-addr.arpa	nameserver = ns2.hickorytech.net.
+ns1.hickorytech.net	internet address = 216.114.192.111
+ns2.hickorytech.net	internet address = 74.115.181.152
+
+################################################################################
+
+nslookup 216.114.231.63 ns1.hickorytech.net
+Server:		ns1.hickorytech.net
+Address:	2605:9400:a::111#53
+
+63.231.114.216.in-addr.arpa	name = mn-10k-dhcp6-1856.dsl.hickorytech.net.
+
+################################################################################
+
+http://ping.eu/rev-lookup/
+
+################################################################################
+
diff --git a/cctv_ddns_docs.txt b/cctv_ddns_docs.txt
new file mode 100644
index 0000000..fae18f0
--- /dev/null
+++ b/cctv_ddns_docs.txt
@@ -0,0 +1,22 @@
+# Compiled by Andrei Costin ( andrei [at] firmware [dor] re )
+# PDF guides documenting the use and configuration of DDNS services 
+# specifically designed for camera/IPcam/CCTV/DVR/NVR/VSS systems
+# http://firmware.re/vulns
+# https://github.com/zveriu/cctv-ddns-shodan-censys
+
+https://www.google.fr/search?q=dvr+ddns+filetype%3Apdf
+http://www.everfocus.com/uploaded_files/DDNSsetup.pdf
+http://www.wboxtech.com/docs/Configure-DDNS-Settings.pdf
+http://www2.ltsecurityinc.com/upload/editorSource/ed91295a044cada6dcfbb8b63b101549.pdf
+http://www.hikvision.com/UploadFile/File/2014331153349607.pdf
+https://www.honeywellvideo.com/documents/800-12650_hrgDDNS_Support_Application_Note.pdf
+https://www.honeywellvideo.com/documents/HREP_Series_DVR_DDNS_Configuration_Application-Note.pdf
+http://www.iviewtech.com/ivt6/iViewDVRdyndns.pdf
+http://www.idview.com/idview/supports/faqs/dvrs/i-dvr_ddns_setup.pdf
+https://system.netsuite.com/core/media/media.nl%3Fid%3D657%26c%3D405831%26h%3Dea1ac6f9da0e5438f0a6%26_xt%3D.pdf%26ext%3DF
+http://qsee.custhelp.com/ci/fattach/get/61/1307978063/redirect/1/session/L2F2LzEvdGltZS8xNDc1MDA5Mzk2L3NpZC85VjR1c0lfbQ==/filename/S-How%20to%20setup%20MYQ-SEE%20DDNS.pdf
+https://www.security.honeywell.com/me/documents/800-02572_RevA.pdf
+ftp://ftp.loks.lv/IP%20solution/%23%20Provision-ISR/DVD%20RW%20Drive/DDNS%20setting%20instructions/DDNS_Provision_ISR_EN.pdf
+http://users.eagleeyedvr.com/EzDNS-userguide.pdf
+https://www.samsungsv.com/Download/SDE-5003-Network-Setup-Guide.pdf
+
diff --git a/cctv_ddns_services.txt b/cctv_ddns_services.txt
new file mode 100644
index 0000000..ec6f889
--- /dev/null
+++ b/cctv_ddns_services.txt
@@ -0,0 +1,24 @@
+# Compiled by Andrei Costin ( andrei [at] firmware [dor] re )
+# DDNS services specifically designed for camera/IPcam/CCTV/DVR/NVR/VSS systems
+# http://firmware.re/vulns
+# https://github.com/zveriu/cctv-ddns-shodan-censys
+
+http://everfocusddns.com
+http://hostname.everfocusddns.com
+http://simpleddns.com
+http://www.simpleddns.com/test12345
+http://dvrlists.com/
+http://www.hik-online.com
+http://www.hrgdvr-ddns.com
+http://dvrlink.net/
+http://dvrlink.net/webdvr/viewer.htm
+http://i-dvr.net
+http://www.g4ip.com
+https://myq-see.com/reg.aspx
+http://hwddns.com
+http://provision-isr-dns.com/
+http://www.eagleeyedvr.com/users/
+http://www.eedvr.com
+http://www.samsungioplis.com
+http://www.samsungipolis.com/HOMEDVR
+
diff --git a/cctv_online_censys.txt b/cctv_online_censys.txt
new file mode 100644
index 0000000..abd2d0b
--- /dev/null
+++ b/cctv_online_censys.txt
@@ -0,0 +1,5 @@
+# Compiled by Andrei Costin ( andrei [at] firmware [dor] re )
+# Censys queries for finding camera/IPcam/CCTV/DVR/NVR/VSS systems
+# http://firmware.re/vulns
+# https://github.com/zveriu/cctv-ddns-shodan-censys
+
diff --git a/cctv_online_shodan.txt b/cctv_online_shodan.txt
new file mode 100644
index 0000000..f4649e3
--- /dev/null
+++ b/cctv_online_shodan.txt
@@ -0,0 +1,193 @@
+# Compiled by Andrei Costin ( andrei [at] firmware [dor] re )
+# Shodan queries for finding camera/IPcam/CCTV/DVR/NVR/VSS systems
+# http://firmware.re/vulns
+# https://github.com/zveriu/cctv-ddns-shodan-censys
+
+/axis-cgi/jpg/image.cgi
+/cgi-bin/guestimage.html
+"/control/userimage.html"
+"MOBOTIX Camera User"
+title:"Robin SmartView"
+Server: Viavideo-Web
+title:"Camera 1"
+"You need ID"
+title:"Sanyo"
+title:"SANYO NETWORK CAMERA"
+title:"SANYO NETWORK OPTION BOARD"
+title:"SANYO NETWORK VIDEO SERVER"
+title:"CSP NETWORK CAMERA"
+title:"DIGITAL VIDEO RECORDER CONTROL"
+title:"DIGITAL VIDEO RECORDER"
+title:"NETSuveillance WEB"
+Server: alphapd
+realm DCS -alphapd
+dcs -alphapd -dcs-lig-httpd
+dcs-lig-httpd
+realm WCS
+realm +DVR
+DVR Streamer
+SECOM DVR
+DVRWebServer
+DVR WebServer
+dvr web
+WebServer +DVR
+NVR
+server: network camera
+dome camera
+cube camera
+security camera
+Vision security system
+axis
+realm streaming_server
+realm netcam
+netcam -realm
+flexwatch
+IPCamera-Web
+realm IPCamera
+IPCamera UPnP
+ADH-web
+Steven+Wu
+Camera Web Server -Steven
+TVIP
+TV-IP
+PoE Camera
+Boa ipcam
+Boa cam
+Boa camera
+PLANET IP CAM
+PLANET IP CAMERA
+IPCamera_Logo
+go1984
+Vivotek
+Wireless Camera
+realm fcs
+D-Link Camera
+Internet Camera
+Internet Camera -D-Link
+brickcom
+iPolis
+Surveillance Camera
+TeleEye
+SQ-WEBCAM
+samsung DVR
+imagiatek
+maygion
+avigilon
+onvif
+MegapixelIPCamera
+MiniAVServer
+www-Authenticate: webcam
+VideoJet
+Catcher Console
+IQinVision
+BBVS -SecuritySpy
+SecuritySpy
+Powered by Nodinfo
+mjpg streamer
+VIDIO-STREAMER
+BackStage Streamer
+Android Webcam
+Android dvr
+DVR-Login
+DVR Remote System
+arecont
+realm vision -arecont
+yawcam
+"server: jvc"
+PelcoNet
+VB100
+server VB100
+motion
+logitec camera
+divar
+verint-webs
+AccDVR
+EvoCam
+promelit
+linux camera
+linux ipcamera
+linux dvr
+server SafeCam
+server: Milestone
+title:flexwatch
+title:webdvr
+title:live
+title:"live view"
+title:"liveview"
+title:"video system"
+title:"camera"
+title:"Axis"
+title:"Video Recorder"
+title:"Video Record"
+title:"NVR"
+#title:"DVR"
+title:"DVR WebViewer"
+title:"DVR Viewer"
+title:"DVR Web " -title:"WEB Client"
+title:"DVR WEB Client"
+title:"DVR LOGIN"
+title:"DVR Components Download"
+title:"Web Viewer for Samsung DVR"
+title:"DVR Netview"
+title:"Web Client for DVR"
+title:"Inspire DVR"
+title:"dvr client"
+title:"DVR System"
+"Server: OwnServer1.0" -title:"DVR system"
+title:"DVR REMOTE VIEWER"
+"Server: MWS" -title:"DVR REMOTE VIEWER"
+title:"DVR WebClient"
+title:"DVR -- Detect Java Runtime"
+title:"EverFocus"
+"Server: HyNetOS" -title:"Bosch" -title:"EverFocus"
+title:"DVR Applet"
+title:"TOA Web DVR"
+title:"Web CMS for DVR"
+title:"STANDALONE DVR"
+title:"Access Remote DVR"
+"Server: Baby Web Server" -title:"Access Remote DVR PCBased"
+title:"Video Server"
+title:"DVR" -title:"DVR WebViewer" -title:"DVR Viewer" -title:"DVR Web " -title:"DVR WEB Client" -title:"DVR IE" -title:"DVR LOGIN" -title:"DVR Components Download" -title:"Web Viewer for Samsung DVR" -title:"DVR Netview" -title:"Web Client for DVR" -title:"Inspire DVR" -title:"dvr client" -title:"DVR System" -title:"DVR REMOTE VIEWER" -title:"DVR WebClient" -title:"DVR -- Detect Java Runtime" -title:"DVR Applet" -title:"TOA Web DVR" -title:"Web CMS for DVR" -title:"STANDALONE DVR" -title:"Access Remote DVR" -title:"Video Server"
+#"Server: NetBox"
+title:"+tm01+"
+Itron
+FlexiDome
+starlight
+Use 'live' as User Name
+title:"bosch security systems"
+title:"PTZ Internet Camera"
+title:"WVC210"
+title:"Network Video Recorder"
+title:"Vilar"
+title:"DCS"
+title:"CAMERA Viewer"
+title:"IP Camera" -title:"Viewer"
+title:"Network Cube Camera"
+title:"Video Surveillance System"
+Lilin
+ReeCam
+iqhttpd
+title:"Live Image"
+#title:"NetCamXL Live Image"
+title:"Live Images"
+title:"IqEye"
+title:"IqEye3"
+box camera
+title:"Login cgicc form"
+title:"Weather Wing"
+U S Software Web Server
+NetBotz Appliance
+"WEB Remote Viewer"
+title:"Web Remote Client"
+title:"Remote Monitoring System"
+title:"Q-SEE"
+server: Indy
+title:"TOSHIBA Network Camera"
+Server: NVS port:"80"
+webcamXP
+"Dahua Technology"
+Avtech
+Hikvision
+GeoHttpServer
+title:"DVR IE"
+netwave camera
diff --git a/generic_ddns_services.txt b/generic_ddns_services.txt
new file mode 100644
index 0000000..dc7f76a
--- /dev/null
+++ b/generic_ddns_services.txt
@@ -0,0 +1,10 @@
+# Compiled by Andrei Costin ( andrei [at] firmware [dor] re )
+# Generic DDNS services, sometimes used for camera/IPcam/CCTV/DVR/NVR/VSS systems
+# http://firmware.re/vulns
+# https://github.com/zveriu/cctv-ddns-shodan-censys
+
+http://ez-dns.com
+http://dyndns.com
+http://dyndns.org
+http://no-ip.org
+