GitHub Repository

Your ONVIF and RTSP camera companion for discovering and hacking real-world security cameras 🎥

37 starsPython

Pwneye – discovering and accessing IP cameras (ONVIF/RTSP)

Name: Pwneye – discovering and accessing IP cameras (ONVIF/RTSP)
Availability: InStock
Author: mcisternino

by mcisternino·Apr 20, 2026·4 points·0 comments

Visit Project View on HN

AI Analysis

●●SolidNiche GemSolve My Problem

End-to-end ONVIF camera workflow when researchers juggle multiple disconnected scripts.

Strengths

•Consolidates discovery, auth testing, enumeration, and stream validation in single CLI
•Vendor-aware RTSP bruteforce with exhaustive fallback for broader coverage
•Per-target caching under ~/.pwneye preserves findings across sessions

Weaknesses

•No Windows support limits adoption for some security teams
•Early stage with only 1 GitHub star suggests limited community validation

Post Description

Hi HN,

I’ve been working on pwneye, a CLI tool for interacting with IP cameras exposing ONVIF and RTSP services.

During penetration tests and red team engagements, I kept running into the same friction, with discovery, authentication testing, enumeration and stream validation spread across different tools or quick one-off scripts.

pwneye was built to handle that workflow end-to-end, from discovery to actually accessing and validating streams.

Current features include:

- ONVIF discovery and authentication testing (wordlists, multithreading)

- Post-auth enumeration (device info, users, network config, media profiles)

- RTSP extraction via ONVIF

- RTSP port detection and basic vendor identification

- Vendor-aware RTSP bruteforce

- Stream validation, preview and recording

- ONVIF reboot support

It’s still early, but already usable in real-world engagements.

Would be interested in feedback, especially from people who have dealt with ONVIF/RTSP cameras or IoT security in general.

Repo: https://github.com/hackerest/pwneye