2 June 2023
BEHOLDERISHERE cheat sheets are an indispensable tool for cybersecurity and digital incident investigation professionals. These cheat sheets provide detailed instructions and techniques for extracting data from video surveillance systems (CCTV), allowing you to obtain valuable evidence and information for conducting investigations and analyzing events. With BEHOLDERISHERE’s cheat sheets, cyber security professionals can quickly and efficiently access surveillance footage using various techniques and methods. The cheat sheets contain practical tips and steps to ensure safe and residue-free data extraction, ensuring the integrity of evidence. In addition, BEHOLDERISHERE cheat sheets contain instructions for analyzing the received data, using special programs for converting and processing video files, as well as information visualization techniques.
This allows cyber security specialists to conduct detailed analysis of events and criminal acts using video evidence. BEHOLDERISHERE Cheat Sheets are designed to meet the needs of cyber security professionals involved in surveillance investigations and data extraction. These cheat sheets are a valuable resource for security, event analysis, and crime solving using video evidence. Using BEHOLDERISHERE cheat sheets allows cyber security professionals to access valuable video surveillance data and conduct detailed event analysis. These cheat sheets provide instructions and techniques for extracting data safely and efficiently, ensuring the integrity of the evidence. They also contain practical advice on analyzing the received data, using special programs and information visualization techniques. BEHOLDERISHERE cheat sheets are an indispensable tool for cyber incident investigation and response professionals, helping them perform effective analysis and ensure security in the digital environment.
Default ports and protocols used:
HTTP (Hypertext Transfer Protocol): Port: 80 (usually used for insecure HTTP) or 8080.
HTTPS (Hypertext Transfer Protocol Secure): Port: 443 (usually used for secure HTTPS).
RTSP (Real-Time Streaming Protocol): Port: 554 (usually used for real-time streaming).
RTMP (Real-Time Messaging Protocol): Port: 1935 (Typically used for real-time video streaming).
ONVIF (Open Network Video Interface Forum): Port: 8000, 8899, 6688 (usually used to communicate with ONVIF-enabled devices).
FTP (File Transfer Protocol): Port: 21 or 20 (21 is used for connection, 20 for data transfer).
SSH (Secure Shell): Port: 22 (usually used for remote access to an encrypted connection device).
Telnet: Port: 23 (usually used for remote device management).
DVR-IP, NetSurveillance, Sofia Port: TCP 34567 and UDP 34568 (used by the NETSurveillance ActiveX component).
Complete list of standard settings: https://www.ispyconnect.com/userguide-default-passwords.aspx
Example of a search query: product:
“IP Camera” city:”New York” has_screenshot:true -“admin login” port:554 os:”Linux” org:”Hikvision” country:”USA”
In this example, we use several operators to refine our search:
product:” IP Camera” – a filter that indicates a specific product or device. In this case, we are looking for devices with the “IP Camera” product.
city:”New York” is a filter used to limit the search by city. In this case, we are looking for devices located in the city of “Moscow”.
has_screenshot:true is a filter that indicates that we are looking for devices for which screenshots are available.
-“admin login” – operator “-“ is used to exclude certain words or phrases from search results. In this case, we exclude devices in which the phrase “admin login” occurs.
Port: 554 – a filter indicating a specific port. In this case, we’re looking for devices that use port 554, which is often associated with RTSP for video streaming.
os:”Linux” is a filter that indicates the device’s operating system. In this case, we are looking for devices that run on the Linux operating system.
org:”Hikvision” is a filter used to search for devices belonging to a specific organization. In this case, we are looking for devices from the manufacturer “Hikvision”.
country:”US” is a filter used to limit the search by country. In this case, we’re looking for devices located in the US.
intext:” Powered by IP Camera Viewer” – searches web pages containing the text “Powered by IP Camera Viewer”.
intitle:”Network Camera” inurl:top.htm – Searches for web pages with the title “Network Camera” and a URL containing “top.htm”.
intitle:”Live View / – AXIS” – search for web pages with the title “Live View / – AXIS”.
intitle:”D-Link” inurl:top.htm – Search for web pages with the title “D-Link” and a URL containing “top.htm”.
intitle:”Network Camera” intext:”Video Web Server” – searches for web pages with the name “Network Camera” and containing the text “Video Web Server”.
inurl:view/view.shtml – searches for web pages with the URL “view/view.shtml”.
intitle:”Hikvision” inurl:”/login.html” – Search web pages with the title “Hikvision” and the URL contains “/login.html”.
site:axis.com intitle:” Live View / – AXIS” – searches for web pages on the axis.com site with the title “Live View / – AXIS”.
inurl:”/nphMotionJpeg? Resolution=” – searches web pages that contain “/nphMotionJpeg? Resolution=”.
inurl:/cgi-bin/guestimage.html – searches for web pages with “/cgi-bin/guestimage.html” in the URL.
Shodan: https://www.shodan.io
Censys: https://censys.io
ZoomEye: https://www.zoomeye.org
Thingful: https://www.thingful.net
http://username:password@ip_address:port/path/to/mjpeg/stream
username – username for authentication, if required.
password – password for authentication, if required.
ip_address – IP address of the device or source of the MJPEG stream.
port – the port to connect to the device or source of the MJPEG stream (usually 80).
path/to/mjpeg/stream – the path or location of the MJPEG stream on the device.
rtsp://username:password@ip_address:port/onvif/profile/profile_token
username – username for ONVIF authentication.
password – password for ONVIF authentication.
ip_address – IP address of the ONVIF device.
port – the port to connect to the ONVIF device (usually 80 or 554).
profile_token is the ONVIF media service profile token.
rtsp://username:password@ip_address:port/video_stream
username – username for authentication.
password – password for authentication.
ip_address – IP address of the device or video stream source.
port – the port to connect to the device or stream source (usually 554 for RTSP).
video_stream – The path or stream ID for the video stream.
The specific stream path can be determined using Fiddler or Wireshark
IoPT Network scanner with Android security audit function.
Application for network monitoring
video cameras, NVR and DVR with search function.
Find and configure video cameras on the Windows network.
