Is scanning with Onvifscan safe for my devices?

The standard authentication scan is non-destructive and safe. However, use the brute-force and '--all' options with caution as they involve more intensive interaction with the device.

Does it require a full URL to scan a device?

You can provide either a full URL or a simple IP address; the tool will automatically prepend 'http://' if it is missing.

What is Onvifscan used for?

It is used to scan and test the security of ONVIF-enabled devices, specifically looking for authentication vulnerabilities and weak login credentials on IP cameras.

Can I use custom password lists with this skill?

Yes, the skill supports custom username and password wordlists through the --usernames and --passwords options for targeted brute-forcing.

How do I view the raw XML data from the camera?

By using the -v or --verbose flag during an auth scan, the tool will output the full XML responses for manual inspection.

Onvifscan Security Scanner

Name: Onvifscan Security Scanner
Author: consigcody94

byconsigcody94

0•

Security & Testing

Audits ONVIF-enabled IP cameras and IoT devices for authentication vulnerabilities and weak credentials.

Onvifscan is a specialized security auditing tool designed for assessing the security posture of ONVIF-compliant hardware, such as IP surveillance cameras. It enables security researchers and system administrators to identify exposed endpoints that lack proper authentication and perform targeted credential brute-forcing to uncover weak passwords. By integrating with Claude Code, this skill streamlines the process of IoT device discovery and hardening, providing actionable insights into network security risks associated with physical security hardware.

Key Features

01Automated ONVIF endpoint discovery and authentication auditing

02Support for custom username and password wordlists

03Non-destructive scanning modes for safe environmental testing

040 GitHub stars

05Verbose XML response analysis for deep device inspection

06Targeted credential brute-forcing using built-in or custom wordlists

Use Cases

01Testing IP cameras for default or weak credentials during security audits

02Identifying unauthenticated ONVIF service endpoints in local networks

03Validating device hardening configurations for IoT surveillance systems

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add consigcody94/bounty-buddy onvifscan

For use in Claude.ai and ChatGPT

Download Skill