How do I handle devices on non-standard ports?

You can specify the target by providing the full URL including the port number, such as http://192.168.1.100:8080.

Is there a limit on brute-force attempts?

Yes, the tool includes a default rate limit of 20 attempts to prevent device overload or lockout, though this can be configured via command options.

Does this skill work with all IP cameras?

This skill is specifically designed for devices that support the ONVIF (Open Network Video Interface Forum) protocol, which is the industry standard for IP-based physical security products.

Is onvifscan safe to run on production devices?

The default 'auth' scan is non-destructive and safe for testing access controls. However, the '-a' flag and 'brute' command should be used with caution as they interact more aggressively with device services.

Can I use my own password lists with this skill?

Yes, the skill supports the --usernames and --passwords flags, allowing you to provide paths to custom wordlists for brute-force attempts.

ONVIF Security Scanner

Name: ONVIF Security Scanner
Author: BrownFineSecurity

byBrownFineSecurity

•

494

•

보안 및 테스팅

Scans ONVIF-enabled IP cameras and IoT devices for authentication vulnerabilities and weak credentials.

This skill empowers Claude to perform security assessments on ONVIF-compliant devices, such as IP cameras and network video recorders. It automates the process of identifying unauthenticated endpoints and testing for common credential vulnerabilities through brute-force attacks. By integrating with the onvifscan tool from the iothackbot suite, it helps security professionals and IoT developers identify misconfigurations and strengthen the security posture of surveillance equipment and other smart hardware during penetration testing or security audits.

주요 기능

01Tests ONVIF endpoints for unauthenticated access requirements

02Supports verbose XML response analysis for deep security auditing

03Conducts automated credential brute-forcing with built-in or custom wordlists

04Provides flexible output formats including text, JSON, and quiet modes

05Automatically handles URL formatting and protocol detection

06494 GitHub stars

사용 사례

01Verifying the effectiveness of authentication controls on new IoT hardware deployments

02Identifying exposed ONVIF services on a local network during a penetration test

03Auditing IP cameras for default or weak administrative credentials

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add brownfinesecurity/iothackbot onvifscan

For use in Claude.ai and ChatGPT

Download Skill