GV-ASManager Exploit Tool | Shodan Automation | Credential Extraction | Red Team Project A Python-based automated tool for exploiting the GeoVision GV-ASManager information disclosure vulnerability. Includes Shodan target discovery, credential harvesting, admin login, camera and network data extraction, and full report generation.
This project automates the exploitation of an information disclosure vulnerability found in GeoVision GV-ASManager systems (v6.1.0.0 and below).
It extracts usernames and passwords, logs in as admin (if found), and retrieves camera lists, card data, and network settings.
- 🔎 Automated Target Discovery using Shodan API (or manually via targets.txt)
- 🔥 Guest Login Vulnerability Exploitation
- 🔐 Admin Account Extraction and Login
- 📷 Retrieve Camera Lists
- 🎫 Retrieve Access Card Lists
- 🌐 Extract Network Settings
- 📄 Auto-generated Full Exploit Reports
- ⚡ Interactive Menu for Easy Operation
- Install required Python modules:
pip install requests shodan-
Get a Shodan API Key:
https://account.shodan.io/ -
Insert your API Key inside the script (
SHODAN_API_KEYvariable).
- Run the script:
python exploit_tool.py- Choose an option from the menu:
[1] Search targets automatically using Shodan API
[2] Load targets manually from targets.txt
- The tool will then:
- Perform guest login,
- Extract user accounts and passwords,
- Attempt admin login,
- Pull camera list, card data, and network settings,
- Save everything to a full report (
full_pwned_report_xxx.txt).
- The script uses the Guest account vulnerability to enumerate user data.
- If an admin account is found, it automatically logs in and escalates access.
- Extracted information includes:
- 📷 Camera List
- 🎫 Access Card List
- 🌐 Network Configuration
- Reports are saved inside the working directory.
- Designed for Python 3.8+.
- Shodan API free tier might have request limitations; alternatively, use
targets.txt. - Delay is added between target scans to avoid rate limits and detection.
This project is licensed under the MIT License.
The MIT License allows you to freely use, modify, and distribute this software,
without warranty of any kind.
Below is a successful example of using the GV-ASManager Exploit Tool:
✍️ This project is intended for educational and authorized security testing purposes only.
Unauthorized use of this tool against systems without explicit permission may violate laws and could lead to criminal charges.
The user assumes all responsibility for any consequences arising from the use of this tool.