Log license plates, vehicle make, vehicle color, and vehicle model to a CSV along with a JPEG image of the vehicle from Motorola ALPRs exposed to the public internet.
This script is preloaded with 3 IP addresses from Chicago, but more can be added. See motorola-ip-addresses.json for a list of over 100 IP addresses found through Shodan.
Research credit to Matt Brown. For more info, watch his YouTube video reporting this vulnerability, or read the 404 Media article.
1/9/2025 - Following media reports and action from Motorola, it looks like most Motorla ALPRs have been taken offline, so this script is unlikely to work anymore.
This script is for educational purposes only. Do not use this script in any way that violates the law. Only use this script on devices you own or have permission to use it on.
This script was thrown together in a short period of time with a lot of assistance from GitHub Copilot. It is not perfect and may not work as expected. Feel free to fix and bugs you find and open a pull request.
To run this project locally, follow these steps:
Make sure you have the following installed on your machine:
- Clone the repository:
git clone https://github.com/frillweeman/alprleaks.git- Navigate to the project directory:
cd alprleaks- Install the dependencies:
npm install- Change the list of IP addresses in index.ts to the IP addresses you want to monitor. Use motorola-ip-addresses.json for a list of over 100 IP addresses found through Shodan.
- Compile the TypeScript files:
npm run build- Start the application:
npm start