npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

camjacking

v2.0.1

Published

CamJacking is an open-source ethical hacking and social engineering simulation tool for security awareness and penetration testing. It helps organizations test human negligence, webcam permission abuse, and security posture in real-world scenarios.

Downloads

1,689

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

karthithehackerkarthithehacker

Keywords

camjackingwebcam hackingwebcam securitysocial engineeringethical hackingpenetration testingred teamblue teamcybersecuritysecurity awarenesssecurity auditcli toolhacking toolsinfosecbug bountyosintkali linux toolspentest toolkitsecurity testingcappricio securitieskarthithehacker

Readme

Camjacking

CamJacking is an enterprise-grade security awareness training framework designed to simulate realistic phishing attacks targeting camera permissions and user awareness

Logo GitHub Stars MIT License npm version Node Version

🎯 What is CamJacking?

CamJacking is an enterprise-grade security awareness training framework designed to simulate realistic phishing attacks targeting camera permissions and user awareness. Built for ethical hackers, penetration testers, and security professionals, CamJacking enables organizations to:

Assess employee awareness and susceptibility to social engineering
Train teams on camera security risks and best practices
Simulate realistic attack scenarios in controlled lab environments
Measure security posture with detailed analytics and reporting
Educate through hands-on, practical cybersecurity training

🚨 DISCLAIMER: This tool is strictly for authorized security training, educational purposes, and lab environments only. Unauthorized use is illegal and unethical. Always obtain proper authorization before testing.

📌 Features

  • 📸 Camera Phishing Create realistic camera capture pages for security awareness and testing.
  • 🖥️ Admin Dashboard (GUI Panel) Manage campaigns, view logs, and monitor activity through a web-based interface.
  • 🤖 Telegram Bot Integration Receive real-time alerts and captured data directly on Telegram.
  • 🔄 Template Auto-Updating Automatically fetch and update phishing templates with the latest designs.
  • 🗂️ Campaign History & Logs View and manage previous campaigns with detailed activity records.
  • 🌐 Automatic Port Forwarding (Local → Internet) Expose local services to the internet automatically for testing and demos.

⚠️ Requirements

  • GIT CLI
  • Node JS
  • npm
  • cloudflared (CLI)

✅ Supported Platforms

| Platform | Supported | Notes | |-----------------|-----------|-------| | Debian / Kali / Ubuntu | ✅ | Recommended for best compatibility | | macOS | ✅ | Works well with Homebrew setup | | Windows | ⚠️ Partial | Use WSL for best experience |

📦 Libraries Used

The project relies on the following Node.js packages:

  • axios – HTTP client for API requests
  • bcrypt – Secure password hashing
  • body-parser – Parse incoming request bodies
  • cors – Cross-origin request handling
  • crypto – Cryptographic utilities
  • dotenv – Environment variable management
  • express – Web server framework
  • form-data – Multipart form handling
  • jsonwebtoken – JWT-based authentication
  • lowdb – Lightweight JSON database
  • md5 – Legacy hashing (for compatibility)
  • multer – File upload handling
  • uuid – Unique ID generation

💡 Tip: Make sure you’re running a recent Node.js LTS version (v18 or later) for best stability and security.

⚡Installation and Config

# Install globally
npm install camjacking -g
# Start the Camjacking tool
camjacking
  • Open the Admin page: https://cappriciosec.com/camjacking 👉 Click here to open and log in.

| Parameter | Type | Default Credentials | | :--------- | :------- | :-------------------- | | username | string | cappriciosec | | password | string | cappriciosec@hacker |

🚨 Note: Before opening the webpage, make sure the Camjacking tool is running locally. This URL internally checks http://localhost:5000 to verify whether the service is running.

  • If the local service is running, the login page will be displayed.
  • If it is not running, you will be redirected to the landing page.

After logging in with the default credentials, you can update your username and password from the Admin Dashboard.

🤖 Configure Telegram Bot

  • Open Telegram and search for 👉 @CappricioSecuritiesTools_bot

  • Click Start or send /start, then tap the Get Chat ID button.

  • Copy the Chat ID shown by the bot.

  • Go back to the Admin Dashboard → Profile / Settings → Paste the Chat ID and save your profile.

💡 Tip: Once configured, you’ll receive real-time notifications and alerts from Camjacking directly in Telegram.

📝 Adding Custom Templates

When the Camjacking tool starts, it automatically clones the template repository from:
https://github.com/Cappricio-Securities/camjacking-templates
into the local directory: ~/camjacking-templates/

If you already have custom templates in this folder, they will not be deleted.
Your existing templates will be preserved, and newly updated templates from the repository will be added automatically.

📂 Template Structure

You can add your own custom templates by creating a new folder inside:

~/camjacking-templates/

Example structure:

camjacking-templates/
├── your-template-name/
│   ├── index.html
│   └── index.css

You can find the complete setup instructions in this repository: https://github.com/Cappricio-Securities/camjacking-templates 👉 Clickme

⚠️ Naming Rules

  • Template folder names must not contain spaces or special characters.
  • Only the following characters are supported:
    A–Z, a–z, 0–9, _ (underscore), - (hyphen)
  • Do not use the same name for multiple templates.

⚙️ How Templates Work

  • The server automatically loads the correct template based on user input or the default configuration.
  • You do not need to write any extra code to access the camera or collect data.
  • Camjacking dynamically injects the required camera access logic into your templates and automatically handles routing to receive captured images.

💡 Tip: Focus only on the HTML/CSS design of your template. The tool handles camera access and data collection for you.

⚡ Quick Start

To start a new campaign, simply run:

camjacking

You will be greeted with the main menu:

┌──(Hacker@linux)-[~]
└─$ camjacking
                                                                         v2.0

 ██████╗ █████╗ ███╗   ███╗     ██╗ █████╗  ██████╗██╗  ██╗██╗███╗   ██╗ ██████╗
██╔════╝██╔══██╗████╗ ████║     ██║██╔══██╗██╔════╝██║ ██╔╝██║████╗  ██║██╔════╝
██║     ███████║██╔████╔██║     ██║███████║██║     █████╔╝ ██║██╔██╗ ██║██║  ███╗
██║     ██╔══██║██║╚██╔╝██║██   ██║██╔══██║██║     ██╔═██╗ ██║██║╚██╗██║██║   ██║
╚██████╗██║  ██║██║ ╚═╝ ██║╚█████╔╝██║  ██║╚██████╗██║  ██╗██║██║ ╚████║╚██████╔╝
 ╚═════╝╚═╝  ╚═╝╚═╝     ╚═╝ ╚════╝ ╚═╝  ╚═╝ ╚═════╝╚═╝  ╚═╝╚═╝╚═╝  ╚═══╝ ╚═════╝
                                                         Author: @karthithehacker
                                                         Website: karthithehacker.com

            Main Menu
┏━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ No. ┃ Option                   ┃
┡━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ 1   │🎯 Create new Target      │
│ 2   │📂 Select Existing Target │
│ 0   │❌ Quit                   │
└─────┴──────────────────────────┘

👉 Select an option: 1
👉 Enter target name: Bob

🧭 Step 1: Create a New Target

  • Choose option 1 – Create New Target
  • Enter a name for your target (e.g., Bob)

🎨 Step 2: Select a Template

After creating a target, you will be prompted to choose a phishing template:

                                                                         v2.0

 ██████╗ █████╗ ███╗   ███╗     ██╗ █████╗  ██████╗██╗  ██╗██╗███╗   ██╗ ██████╗
██╔════╝██╔══██╗████╗ ████║     ██║██╔══██╗██╔════╝██║ ██╔╝██║████╗  ██║██╔════╝
██║     ███████║██╔████╔██║     ██║███████║██║     █████╔╝ ██║██╔██╗ ██║██║  ███╗
██║     ██╔══██║██║╚██╔╝██║██   ██║██╔══██║██║     ██╔═██╗ ██║██║╚██╗██║██║   ██║
╚██████╗██║  ██║██║ ╚═╝ ██║╚█████╔╝██║  ██║╚██████╗██║  ██╗██║██║ ╚████║╚██████╔╝
 ╚═════╝╚═╝  ╚═╝╚═╝     ╚═╝ ╚════╝ ╚═╝  ╚═╝ ╚═════╝╚═╝  ╚═╝╚═╝╚═╝  ╚═══╝ ╚═════╝
                                                         Author: @karthithehacker
                                                         Website: karthithehacker.com


       Select Template
┏━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━┓
┃ No. ┃ Templates             ┃
┡━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━┩
│ 1   │ GoogleMeet            │
│ 2   │ TikTok                │
│ 3   │ instagram             │
│ 4   │ instagramCamera       │
│ 5   │ instagram_videocall   │
│ 6   │ telegramCamera        │
│ x   │ Previous Menu         │
│ 0   │ ❌ Quit               │
└─────┴───────────────────────┘

👉 Select a template: 3
Starting server ⠸
  • Select the template number you want to use (e.g., 3 for Instagram).
  • Once selected, the phishing server will start automatically.

🚀 Step 3: Server Started

After the server starts, you will see output similar to the following:

                                                                         v2.0

 ██████╗ █████╗ ███╗   ███╗     ██╗ █████╗  ██████╗██╗  ██╗██╗███╗   ██╗ ██████╗
██╔════╝██╔══██╗████╗ ████║     ██║██╔══██╗██╔════╝██║ ██╔╝██║████╗  ██║██╔════╝
██║     ███████║██╔████╔██║     ██║███████║██║     █████╔╝ ██║██╔██╗ ██║██║  ███╗
██║     ██╔══██║██║╚██╔╝██║██   ██║██╔══██║██║     ██╔═██╗ ██║██║╚██╗██║██║   ██║
╚██████╗██║  ██║██║ ╚═╝ ██║╚█████╔╝██║  ██║╚██████╗██║  ██╗██║██║ ╚████║╚██████╔╝
 ╚═════╝╚═╝  ╚═╝╚═╝     ╚═╝ ╚════╝ ╚═╝  ╚═╝ ╚═════╝╚═╝  ╚═╝╚═╝╚═╝  ╚═══╝ ╚═════╝
                                                         Author: @karthithehacker
                                                         Website: karthithehacker.com

[+] New Target Created: Bob
[+] Bob UUID: 8ad78792-827e-43c0-b36e-4397c0b96e88
[+] Template selected: instagram
[+] Admin page URL: https://cappriciosec.com/camjacking/
[+] Camjacking server running at: http://localhost:8080/?uuid=8ad78792-827e-43c0-b36e-4397c0b96e88
[+] Camjacking server Target URL: https://convert-findings-founder-abroad.trycloudflare.com?uuid=8ad78792-827e-43c0-b36e-4397c0b96e88
[+] Serving files from: /home/Hacker/camjacking-templates/instagram
[+] Created At: 2026-02-25 01:11:11

[+] Enter x to stop the server
[✓] Server running on port 8080
  • Local URL: Used for local testing
  • Public URL: Share this link with the target
  • Admin Panel: Monitor logs and captured data from the web dashboard

📸 Step 4: Capture Logs & Media

When a user opens the target URL, activity will be logged automatically:

[+] User opened url /?uuid=03ed244c-c5d3-496d-becd-99ad13c00778
[+] IP Address: ███████████████████
[+] User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
[+] Log Timestamp: 2026-02-24T19:44:21.751Z
[+] Saved file: /home/Hacker/camjacking-photos/8ad78792-827e-43c0-b36e-4397c0b96e88/1771962261751.jpg
  • Captured images are saved under:
~/camjacking-photos/<TARGET-UUID>/
  • All logs and media can also be viewed in the Admin Dashboard.

⛔ Stopping the Server

To stop the running server at any time: x

🔮 Planned Features

Coming Soon:

  • AI integration for webcloing and prompt to template designing

🎯 Our Mission

Our mission is to make cybersecurity simple, accessible, and easy for everyone.

We believe that while experienced hackers and security professionals may love the command line, powerful tools shouldn’t be limited to complex commands and scripts. Our goal is to build cybersecurity tools that are:

  • ✅ Easy to install
  • 🧭 Simple to navigate
  • 🔢 Menu-driven (numeric options instead of hard commands)
  • 🖥️ Friendly for beginners with a clean GUI
  • 🎓 Designed to help learners understand cybersecurity concepts easily

We aim to bridge the gap between beginners and professionals by creating tools that combine the power of CLI with the simplicity of modern user interfaces, making cybersecurity learning and practice more approachable for everyone.

💡 “Cybersecurity should be powerful, but it should also be simple.”

👨‍💻 Authors

KarthiTheHacker

Akash K

  • 🐙 GitHub: @Ak4sh2523
  • 💼 LinkedIn: Akash K
  • 🎨 Contributions: GUI/UI design, phishing templates, and Admin Dashboard frontend