EyeSpy is a tool designed to enumerate and gain access to IP cameras via RTSP. It provides a flexible and efficient way to scan for open RTSP ports, check if authentication is required, and attempt common credential spraying attacks.
EyeSpy is developed by Miiden and utilises PowerShell to help with penetration tests and research in a Windows environment. EyeSpy is designed to enumerate and gain access to IP cameras via RTSP. It provides a flexible and efficient way to scan for open RTSP ports, check if authentication is required, and attempt common credential spraying attacks.
EyeSpyAuto.mp4
There is no specific installation required for EyeSpy. Simply download the script and run it using PowerShell. You may need to be in Bypass mode to run scripts.
powershell -ep bypassIEX(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/Miiden/EyeSpy/main/EyeSpy.ps1');EyeSpy -Auto 10.10.10.0/24EyeSpy provides several command-line options to customise its behaviour:
-
-Search <IP/CIDR>: Scan a single IP or CIDR range for open RTSP ports. -
-NoAuth <IP/CIDR>: Scan for open RTSP ports and spray for common paths. Returns any camera with no authentication required by checking common camera paths with no authentication header. -
-AuthAttack <IP:PORT>: Perform a password spray attack on the specified IP:PORT. -
-AuthAttack <IP:PORT> -Path 'KnownPath': Perform a password spray attack on the specified IP:PORT/PATH. Assume the path is correct and does not test for "NoAuth". -
-Auto <IP/CIDR>: Perform a fully automatic scan within a specified IP range (CIDR notation). This scan will find open ports and spray each path with combinations of common and default credentials. -
-Timeout (10-2000): (Default: 200) Change the global timeout value for receiving, Increase value for things that might take a while to respond. -
-Help: Display the help menu, showing usage instructions and examples.
EyeSpy -Search 192.168.0.1/24EyeSpy -NoAuth 192.168.0.123EyeSpy -AuthAttack 192.168.0.66:8554EyeSpy -AuthAttack 192.168.0.123:554 -Path 'MyStream'Eyespy -Auto 192.168.0.1/24Eyespy -HelpAsync the search function- Allow for custom username(s) and password(s)
- Output results to file
Contributions to EyeSpy are welcome. Feel free to fork the repository, make improvements, and submit pull requests.
EyeSpy is designed for research, educational, and authorised testing scenarios. The purpose of developing and distributing EyeSpy is to provide professionals and researchers with a tool to understand and identify vulnerabilities and to bolster the security of systems. It is fundamentally imperative that users ensure they have obtained explicit, mutual consent from all involved parties before applying this tool on any system, network, or digital environment.
Engaging in unauthorised activities, including, but not limited to, accessing systems without permission, can lead to severe legal consequences. Users must be fully aware of, and adhere to, all their jurisdictional, local, state, and federal laws and regulations concerning cybersecurity and digital access.
The developers and contributors of EyeSpy expressly disclaim all liabilities and responsibilities for any unauthorised or illicit use of the tool. Additionally, they are not responsible for any consequent damages, losses, or repercussions stemming from the misuse or misapplication of EyeSpy.
EyeSpy is licenced under the MIT Licence.