onvifscan_skill
- Python
520
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill brownfinesecurity/iothackbot --skill onvifscan- SKILL.md2.4 KB
Overview
This skill is an ONVIF device security scanner for testing authentication and brute-forcing credentials on IP cameras and ONVIF-enabled devices. It helps determine whether endpoints require authentication, and it can perform controlled credential guessing with configurable wordlists and output formats. Use it to quickly assess access controls before deeper testing.
How this skill works
The skill runs two main scan types: an auth scan to probe ONVIF endpoints for authentication requirements and a brute scan to attempt credential guesses against protected services. Auth scans enumerate available endpoints and can show full XML responses when requested. Brute scans iterate usernames and passwords from built-in or custom wordlists with rate limits to avoid overloading devices.
When to use it
- Verify whether an IP camera or ONVIF device requires authentication
- Perform an initial non-destructive security assessment of ONVIF endpoints
- Test resilience against weak or default credentials
- Validate custom wordlists against a target during a pentest
- Safely enumerate endpoints before manual exploitation
Best practices
- Start with an auth scan to map endpoints and avoid unnecessary brute-forcing
- Use the verbose option only when you need detailed XML responses
- Supply custom wordlists for targeted tests instead of broad lists to reduce noise
- Avoid the -a/all flag unless you understand potential destructive endpoints
- Respect rate limits and get authorization before testing any third-party or production devices
Example use cases
- Quickly check an internal camera: onvifscan auth 192.168.1.100
- Verbose endpoint inspection for troubleshooting: onvifscan auth http://10.0.0.50:8080 -v
- Controlled credential testing with defaults: onvifscan brute 192.168.1.101
- Brute force with targeted lists: onvifscan brute 10.0.0.20 --usernames custom-users.txt --passwords custom-pass.txt
- Full enumeration including risky endpoints (use caution): onvifscan auth 10.0.0.30 -a
FAQ
No. The auth scan is designed to be non-destructive by default. Use the -a/all flag only when you understand the risks.
Can I use my own username/password lists?
Yes. Provide files with --usernames and --passwords to run targeted brute-force tests instead of the built-in lists.