brownfinesecurity/iothackbot
Overview
This skill is an ONVIF device security scanner for testing authentication and brute-forcing credentials on IP cameras and ONVIF-enabled devices. It helps determine whether endpoints require authentication, and it can perform controlled credential guessing with configurable wordlists and output formats. Use it to quickly assess access controls before deeper testing.
How this skill works
The skill runs two main scan types: an auth scan to probe ONVIF endpoints for authentication requirements and a brute scan to attempt credential guesses against protected services. Auth scans enumerate available endpoints and can show full XML responses when requested. Brute scans iterate usernames and passwords from built-in or custom wordlists with rate limits to avoid overloading devices.
When to use it
- Verify whether an IP camera or ONVIF device requires authentication
- Perform an initial non-destructive security assessment of ONVIF endpoints
- Test resilience against weak or default credentials
- Validate custom wordlists against a target during a pentest
- Safely enumerate endpoints before manual exploitation
Best practices
- Start with an auth scan to map endpoints and avoid unnecessary brute-forcing
- Use the verbose option only when you need detailed XML responses
- Supply custom wordlists for targeted tests instead of broad lists to reduce noise
- Avoid the -a/all flag unless you understand potential destructive endpoints
- Respect rate limits and get authorization before testing any third-party or production devices
Example use cases
- Quickly check an internal camera: onvifscan auth 192.168.1.100
- Verbose endpoint inspection for troubleshooting: onvifscan auth http://10.0.0.50:8080 -v
- Controlled credential testing with defaults: onvifscan brute 192.168.1.101
- Brute force with targeted lists: onvifscan brute 10.0.0.20 --usernames custom-users.txt --passwords custom-pass.txt
- Full enumeration including risky endpoints (use caution): onvifscan auth 10.0.0.30 -a
FAQ
No. The auth scan is designed to be non-destructive by default. Use the -a/all flag only when you understand the risks.
Can I use my own username/password lists?
Yes. Provide files with --usernames and --passwords to run targeted brute-force tests instead of the built-in lists.
6 skills
This skill helps assess ONVIF device security by performing auth and brute-force scans to identify weak access controls.
This skill helps you analyze firmware and extract embedded filesystems using ffind, identifying artifact types and enabling deep filesystem inspection.
This skill helps you discover and enumerate WS-Discovery devices like ONVIF cameras on your network, returning endpoints, device details, and service locations.
This skill analyzes IoT network traffic to detect protocols and vulnerabilities, helping you secure devices and identify unencrypted communications.
This skill enables secure IoT UART interactions using picocom to enumerate devices, access shells, and discover vulnerabilities for pentesting.
This skill guides professional network reconnaissance with nmap, enabling quick port discovery, service detection, and structured results for IoT assessments.