| import os |
| import re |
| import requests |
| import gradio as gr |
| import logging |
| import random |
| import time |
|
|
| |
| logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s') |
| logger = logging.getLogger(__name__) |
|
|
| |
| HEADER_IMG = "2.png" |
| INDOOR_IMG = "in.jpg" |
|
|
| country_data = { |
| "US": "United States", "JP": "Japan", "IT": "Italy", "KR": "Korea", "FR": "France", |
| "DE": "Germany", "TW": "Taiwan", "RU": "Russian Federation", "GB": "United Kingdom", "NL": "Netherlands", |
| "CZ": "Czech Republic", "TR": "Turkey", "AT": "Austria", "CH": "Switzerland", "ES": "Spain", |
| "CA": "Canada", "SE": "Sweden", "IL": "Israel", "PL": "Poland", "IR": "Iran", |
| "NO": "Norway", "RO": "Romania", "IN": "India", "VN": "Vietnam", "BE": "Belgium", |
| "BR": "Brazil", "BG": "Bulgaria", "ID": "Indonesia", "DK": "Denmark", "AR": "Argentina", |
| "MX": "Mexico", "FI": "Finland", "CN": "China", "CL": "Chile", "ZA": "South Africa", |
| "SK": "Slovakia", "HU": "Hungary", "IE": "Ireland", "EG": "Egypt", "TH": "Thailand", |
| "UA": "Ukraine", "RS": "Serbia", "HK": "Hong Kong", "GR": "Greece", "PT": "Portugal", |
| "LV": "Latvia", "SG": "Singapore", "IS": "Iceland", "MY": "Malaysia", "CO": "Colombia", |
| "TN": "Tunisia", "EE": "Estonia", "DO": "Dominican Republic", "SI": "Slovenia", "EC": "Ecuador", |
| "LT": "Lithuania", "PS": "Palestinian", "NZ": "New Zealand", "BD": "Bangladesh", "PA": "Panama", |
| "MD": "Moldova", "NI": "Nicaragua", "MT": "Malta", "TT": "Trinidad And Tobago", "SA": "Saudi Arabia", |
| "HR": "Croatia", "CY": "Cyprus", "PK": "Pakistan", "AE": "United Arab Emirates", "KZ": "Kazakhstan", |
| "KW": "Kuwait", "VE": "Venezuela", "GE": "Georgia", "ME": "Montenegro", "SV": "El Salvador", |
| "LU": "Luxembourg", "CW": "Curacao", "PR": "Puerto Rico", "CR": "Costa Rica", "BY": "Belarus", |
| "AL": "Albania", "LI": "Liechtenstein", "BA": "Bosnia And Herzegovia", "PY": "Paraguay", "PH": "Philippines", |
| "FO": "Faroe Islands", "GT": "Guatemala", "NP": "Nepal", "PE": "Peru", "UY": "Uruguay", |
| "AD": "Andorra", "AG": "Antigua And Barbuda", "AM": "Armenia", "AO": "Angola", "AU": "Australia", |
| "AW": "Aruba", "AZ": "Azerbaijan", "BB": "Barbados" |
| } |
|
|
| USER_AGENTS = [ |
| "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36", |
| "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" |
| ] |
|
|
| |
| def crack_cctv(selected_country_name): |
| if not selected_country_name: |
| yield "β Pilih Negara dulu!", "" |
| return |
| country_code = next((code for code, name in country_data.items() if name == selected_country_name), None) |
| all_ips = [] |
| |
| for page in range(2): |
| headers = {"User-Agent": random.choice(USER_AGENTS)} |
| url = f"http://www.insecam.org/en/bycountry/{country_code}/?page={page}" |
| yield f"π‘ Scanning {selected_country_name} (Page {page+1})...", "\n".join(all_ips) |
| try: |
| time.sleep(1.0) |
| res = requests.get(url, headers=headers, timeout=10) |
| if res.status_code == 200: |
| find_ip = re.findall(r"http://\d+.\d+.\d+.\d+:\d+", res.text) |
| if not find_ip: break |
| for ip in find_ip: |
| if ip not in all_ips: |
| all_ips.append(ip) |
| yield f"β
Ditemukan {len(all_ips)} IP Target", "\n".join(all_ips) |
| else: break |
| except: break |
| |
| if not all_ips: |
| yield "β οΈ Insecam memblokir akses server Cloud (Hugging Face).", "" |
|
|
| |
| css = """ |
| :root { |
| --primary-600: #ff1212 !important; |
| --loader-color: #ff1212 !important; |
| } |
| .main-header { border: 2px solid #ff1212; border-radius: 12px; padding: 15px; background: white; text-align: center; margin-bottom: 15px; } |
| .main-header h1 { color: #ff1212 !important; font-weight: 900 !important; font-size: 24px !important; margin: 0; } |
| .badge-row { display: flex; justify-content: center; gap: 8px; margin-top: 10px; } |
| .section-tag { background: #ff1212; color: white; padding: 3px 12px; border-radius: 5px; font-size: 11px; font-weight: 700; display: inline-block; margin: 12px 0; } |
| .scroll-box { height: 180px; overflow-y: auto; border: 1px solid #f0f4f8; border-radius: 10px; padding: 8px; background: #fafbfc; } |
| .char-btn { background: white !important; border-left: 5px solid #ff1212 !important; text-align: left !important; font-size: 12px !important; margin-bottom: 3px !important; width: 100%; color: #4a5568 !important; } |
| .action-btn { background: #ff1212 !important; color: white !important; font-weight: 700 !important; border-radius: 10px !important; height: 45px !important; width: 100%; border: none !important; margin-top: 10px; cursor: pointer; } |
| .result-box textarea { background: #0a0a0a !important; color: #ff1212 !important; font-family: 'Courier New', monospace !important; font-weight: bold !important; border: 1px solid #ff1212 !important; border-radius: 8px !important; } |
| .note-card { background: #fffcf0; border: 1px solid #f5e6a3; border-radius: 10px; padding: 12px; margin-top: 20px; text-align: left; } |
| .note-header { color: #b58900; font-weight: 800; font-size: 13px; margin-bottom: 4px; } |
| .note-body { color: #7d6a2a; font-size: 11px; line-height: 1.4; font-style: italic; } |
| .credit-footer { margin-top: 20px; padding: 10px; text-align: center; border-bottom: 4px solid #ff1212; color: #94a3b8; font-weight: 700; font-size: 12px; letter-spacing: 2px; } |
| """ |
|
|
| |
| with gr.Blocks(css=css) as app: |
| with gr.Column(scale=1): |
| |
| gr.HTML(""" |
| <div class="main-header"> |
| <h1>DVR LOGIN BYPASS (CCTV-HACK)</h1> |
| <p style="color:#555;font-size:13px;font-weight:600;">An exploit for a DVR authentication bypass vulnerability</p> |
| <div class="badge-row"> |
| <img src="https://img.shields.io/github/stars/tausifzaman/cctv-hack?color=%23DF0067&style=for-the-badge"/> |
| <img src="https://img.shields.io/github/forks/tausifzaman/cctv-hack?color=%239999FF&style=for-the-badge"/> |
| </div> |
| </div> |
| """) |
|
|
| if os.path.exists(HEADER_IMG): |
| gr.Image(HEADER_IMG, show_label=False, interactive=False, height=160) |
|
|
| gr.HTML('<div class="section-tag">Door / Possible Banners frontend (web)</div>') |
| sel_country = gr.State("") |
| country_display = gr.Markdown("π *Status: Menunggu pilihan target...*") |
| |
| with gr.Column(elem_classes="scroll-box"): |
| sorted_countries = sorted(country_data.items(), key=lambda x: x[1]) |
| for code, name in sorted_countries: |
| btn = gr.Button(f"π {name}", elem_classes="char-btn") |
| btn.click(fn=lambda n=name: (n, f"π Target: **{n}**"), outputs=[sel_country, country_display]) |
|
|
| btn_crack = gr.Button("π₯ START EXPLOIT", elem_classes="action-btn") |
| |
| gr.HTML('<div class="section-tag">Indoor / IP Scan Results</div>') |
| status_out = gr.Textbox(label="System Log", interactive=False) |
| ip_output = gr.TextArea(label="Exposed Credentials", interactive=False, lines=10, elem_classes="result-box") |
|
|
| |
| if os.path.exists(INDOOR_IMG): |
| gr.Image(INDOOR_IMG, show_label=False, interactive=False, height=180) |
|
|
| btn_crack.click(fn=crack_cctv, inputs=[sel_country], outputs=[status_out, ip_output]) |
|
|
| |
| gr.HTML(""" |
| <div class="note-card"> |
| <div class="note-header">β οΈ TECHNICAL ADVISORY</div> |
| <div class="note-body"> |
| "Tools ini berjalan di lingkungan Cloud Public (Hugging Face). Perlu diperhatikan bahwa banyak target server melakukan blokir otomatis terhadap IP Cloud. Jika data tidak muncul, itu karena firewall target. Untuk hasil bypass yang maksimal dan tanpa batasan firewall, gunakanlah <b>Termux</b> atau <b>Linux Environment</b> dengan koneksi internet pribadi." |
| </div> |
| </div> |
| """) |
|
|
| |
| gr.HTML("""<div class="credit-footer">π₯ CREATED BY MUTSUMI π₯</div>""") |
|
|
| if __name__ == "__main__": |
| app.launch(server_name="0.0.0.0", server_port=7860, ssr_mode=False) |