NiriKshan

Automated VAPT Suite

Blackbox vulnerability assessment for CCTV and DVR infrastructure.

Automated reconnaissance, protocol enumeration, and evidence-backed reporting streamed live to operator dashboards.

FastAPI

Next.js

Socket.IO

Masscan

Nmap

Network Reconnaissance

Protocol Enumeration

RTSP & ONVIF Validation

Live Operator Dashboard

Evidence-backed Reporting

February 11, 2025

Overview

NiriKshan is a SIH 2025 team project built for authorized internal assessments of CCTV and DVR networks. Surveillance environments often expose dozens or hundreds of devices across inconsistent ports, weak service configurations, and outdated firmware, while assessments are usually performed with disconnected tools and manual correlation. We built NiriKshan to turn that into a single automated workflow.

What It Does

Given approved network access, NiriKshan discovers live hosts, isolates CCTV and DVR candidates, enumerates exposed services, validates RTSP and ONVIF surfaces, correlates vulnerability indicators, and turns the output into a reportable evidence trail. The goal was not just device discovery, but a practical automated VAPT pipeline for surveillance infrastructure.

Technical Details

Under the hood, the platform runs as an event-driven FastAPI + Socket.IO system with a Next.js + React dashboard for live operator feedback. Discovery uses a high-rate Masscan profile tuned to 8 surveillance-relevant ports (81, 88, 554, 8000, 8001, 8888, 37777, 34567) at 50,000 packets per second, then escalates shortlisted hosts into deeper Nmap service and banner enumeration. For extended validation, the workflow can expand into a 31-port fallback scan path, extract CVE indicators from enumeration output, and perform protocol-aware checks against RTSP and ONVIF endpoints to identify exposed cameras, DVRs, and management interfaces. Findings are normalized into structured records, streamed in real time to the dashboard, and persisted in SQLite for filtering, evidence review, and final reporting. The backend also supports deeper offensive-validation paths for controlled VAPT scenarios, which makes the project much closer to a specialized surveillance-security assessment platform than a generic network scanner.

Outcome

The result is a more rigorous and repeatable way to assess surveillance networks: faster asset discovery, better visibility during execution, and a cleaner path from reconnaissance to evidence-backed security reporting.

Tech Stack

Python: FastAPI, python-socketio, asyncio, sqlite3
Security tooling: nmap, masscan, Metasploit, ONVIF/RTSP probing
Frontend: Next.js, Socket.IO client, React, TypeScript, Zustand, Recharts
Automation layer: AI tool router + structured APIs and event handlers