Automated Vulnerability Assessment and Penetration Testing Tool for CCTV Cameras and DVR

Authors

  • Vibhawari Mangesh Auti Department of Artificial Intelligence & Data Science, Sahyadri Valley College of Engineering & Technology, Rajuri, Pune, Maharashtra, India Author
  • Onkar Balasaheb Desale Department of Artificial Intelligence & Data Science, Sahyadri Valley College of Engineering & Technology, Rajuri, Pune, Maharashtra, India Author
  • Gayatri Subhas Pate Department of Artificial Intelligence & Data Science, Sahyadri Valley College of Engineering & Technology, Rajuri, Pune, Maharashtra, India Author
  • Prof. Rahane D.A Assistant Professor, Department of Artificial Intelligence & Data Science, Sahyadri Valley College of Engineering & Technology, Rajuri, Pune, Maharashtra, India Author

Keywords:

Vulnerability Assessment, Penetration Testing, CCTV Security, DVR Exploitation, Network Scanning, Cybersecurity Automation, Python Security Framework

Abstract

Each CCTV camera and DVR is an ideal target for cyber attacks due to a growing concern regarding insecure configuration, firmware, and network services offered by the deployment of IP-based surveillance systems. Manual VAPT is time-consuming and requires specialized skills. This paper describes the development of an automated VAPT framework that can identify, analyze, and report security vulnerabilities in CCTV and DVR systems. The automated framework integrates network scanning, service fingerprinting, and vulnerability mapping with exploit test validation via automated modules using Python scripting and open source security engines such as Nmap, Nikto, or Metasploit. The system has the ability to perform end-toend security testing, credential testing, open port enumeration, default password tests, and examine firmware for vulnerabilities. Real-time test results can be visualized in a central web-based dashboard indicating severity and remediation recommendations. The framework was experimentally validated across multiple CCTV brands reporting an 87% efficacy rate identifying critical risks, and a 65% reduction in manual testing time. This enhances operational efficiency, scalability, and reliability of VAPT practices; thus providing an effective security solution to public and private surveillance infrastructures threatened by modern cyber attacks.

Downloads

Download data is not yet available.

References

A. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS in the IoT: Mirai and other botnets,” Computer, vol. 50, no. 7, pp. 80–84, 2017.

M. Antonakakis, T. April, M. Bailey, et al., “Understanding the Mirai Botnet,” in Proc. of the 26th USENIX Security Symposium, Vancouver, Canada, 2019, pp. 1093–1110.

H. Zhang, J. Chen, and P. Wang, “An automated vulnerability scanning system for IoT devices using Nmap and Shodan,” International Journal of Network Security, vol. 22, no. 5, pp. 850–860, 2020.

A. Miettinen, M. Marchal, I. Hafeez, et al., “IoT Sentinel: Automated device-type identification for security enforcement in IoT,” IEEE Internet of Things Journal, vol. 5, no. 2, pp. 1093–1104, 2021.

S. Kumar and D. Ghosh, “A semi-automated penetration testing framework for IoT devices,” Journal of Information Security and Applications, vol. 67, pp. 103–112, 2022.

A. Rahman, R. Gupta, and M. Yadav, “Security analysis of IP-based surveillance systems: Vulnerabilities and countermeasures,” IEEE Access, vol. 11, pp. 54123–54134, 2023.

R. Sharma and P. Bansal, “A comprehensive IoT security auditing framework using firmware analysis,” Journal of Network and Computer Applications, vol. 216, pp. 103562, 2024.

N. Qureshi, A. Javed, and H. R. Khan, “Dynamic vulnerability analysis of embedded IoT systems through packet inspection and service fingerprinting,” ACM Transactions on Internet Technology, vol. 24, no. 3, pp. 1–22, 2023.

L. Chen, Y. Hu, and K. Zhang, “Integration of automated scanning with human-guided exploitation in IoT penetration testing,” IEEE Transactions on Dependable and Secure Computing, vol. 21, no. 1, pp. 56–67, 2023.

S. Das and A. Pandey, “A visualization-based vulnerability management framework for IoT environments,” Procedia Computer Science, vol. 227, pp. 902–911, 2024.

C. Mahmoud, M. El-Sayed, and F. Adnan, “Security posture assessment of digital video recorders using automated firmware validation,” International Journal of Cybersecurity Intelligence and Cybercrime, vol. 3, no. 2, pp. 45–58, 2020.

R. Verma and S. Bhattacharya, “Hybrid static-dynamic vulnerability detection in IP camera firmware,” Sensors and Systems Journal, vol. 18, no. 6, pp. 150–162, 2022.

K. Rao and A. Singh, “Analysis of DVR vulnerabilities in small and medium enterprises,” Journal of Information Assurance and Security, vol. 17, no. 4, pp. 250–260, 2021.

D. Patel, R. Mehta, and A. Trivedi, “Design of an automated penetration testing framework for IoT devices,” International Journal of Advanced Computer Science and Applications, vol. 13, no. 11, pp. 12–21, 2022.

National Institute of Standards and Technology (NIST), “National Vulnerability Database,” [Online]. Available: https://nvd.nist.gov. [Accessed: Oct. 2025].

Offensive Security, “Exploit Database,” [Online]. Available: https://www.exploit-db.com. [Accessed: Oct. 2025].

Downloads

Published

05-11-2025

Issue

Vol. 11 No. 6 (2025): November-December

Section

Research Articles

License

Copyright (c) 2025 International Journal of Scientific Research in Computer Science, Engineering and Information Technology

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Vibhawari Mangesh Auti, Onkar Balasaheb Desale, Gayatri Subhas Pate, and Prof. Rahane D.A, “Automated Vulnerability Assessment and Penetration Testing Tool for CCTV Cameras and DVR”, Int. J. Sci. Res. Comput. Sci. Eng. Inf. Technol, vol. 11, no. 6, pp. 38–48, Nov. 2025, Accessed: Dec. 06, 2025. [Online]. Available: https://mail.ijsrcseit.com/index.php/home/article/view/CSEIT2511617