EyeSpy: enumerate and gain access to IP cameras via RTSP

by ddos · June 8, 2024

EyeSpy

EyeSpy was developed by Miiden and utilizes PowerShell to help with penetration tests and research in a Windows environment. EyeSpy is designed to enumerate and gain access to IP cameras via RTSP. It provides a flexible and efficient way to scan for open RTSP ports, check if authentication is required, and attempt common credential spraying attacks.

Usage

EyeSpy provides several command-line options to customize its behavior:

-Search <IP/CIDR>: Scan a single IP or CIDR range for open RTSP ports.
-NoAuth <IP/CIDR>: Scan for open RTSP ports and spray for common paths. Returns any camera with no authentication required by checking common camera paths with no authentication header.
-AuthAttack <IP:PORT>: Perform a password spray attack on the specified IP:PORT.
-AuthAttack <IP:PORT> -Path 'KnownPath': Perform a password spray attack on the specified IP:PORT/PATH. Assume the path is correct and does not test for “NoAuth”.
-Auto <IP/CIDR>: Perform a fully automatic scan within a specified IP range (CIDR notation). This scan will find open ports and spray each path with combinations of common and default credentials.
-Timeout (10-2000): (Default: 200) Change the global timeout value for receiving, Increase value for things that might take a while to respond.
-Help: Display the help menu, showing usage instructions and examples.