Is the authentication scan safe for my devices?

Yes, the 'auth' scan is non-destructive and safe to run, as it simply checks which endpoints require authentication without attempting to exploit them.

Can I use my own wordlists for brute-force attacks?

Yes, the skill supports custom username and password files, allowing you to tailor your security testing to specific environments.

What is the primary purpose of the ONVIF Security Scanner skill?

It is designed to help security professionals scan ONVIF-compliant devices, such as IP cameras, to identify authentication bypasses and weak login credentials.

Does this tool support JSON output for automation?

Yes, the onvifscan tool can output results in JSON format, making it easy to pipe data into other security tools or documentation scripts.

What kind of devices does this skill work with?

It works with any IoT device that implements the ONVIF (Open Network Video Interface Forum) standard, which most modern IP cameras use.

ONVIF Security Scanner

Name: ONVIF Security Scanner
Author: BrownFineSecurity

byBrownFineSecurity

•

438

•

安全与测试

Scans ONVIF-enabled IP cameras and IoT devices for authentication vulnerabilities and weak credentials.

The ONVIF Security Scanner is a specialized tool designed for IoT penetration testing and security assessments of network video devices. It enables Claude to identify unauthenticated access points, test authorization requirements across various endpoints, and perform credential brute-forcing using built-in or custom wordlists. This skill is essential for security researchers and system administrators looking to audit and harden their IoT infrastructure against unauthorized access by identifying common misconfigurations in ONVIF implementations.

主要功能

01Performs automated credential brute-forcing on protected devices

02Provides verbose XML response analysis for deep security auditing

03438 GitHub stars

04Tests ONVIF endpoints for unauthenticated access vulnerabilities

05Offers flexible output formats including text and JSON for reporting

06Supports custom username and password wordlists for targeted testing

使用场景

01Auditing IP camera networks for default or weak credentials

02Identifying unauthenticated ONVIF service endpoints in IoT environments

03Automating security posture assessments for ONVIF-compliant hardware

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add brownfinesecurity/iothackbot onvifscan

For use in Claude.ai and ChatGPT

Download Skill