I’ve been working on pwneye, a CLI tool for interacting with IP cameras exposing ONVIF and RTSP services.
During penetration tests and red team engagements, I kept running into the same friction, with discovery, authentication testing, enumeration and stream validation spread across different tools or quick one-off scripts.
pwneye was built to handle that workflow end-to-end, from discovery to actually accessing and validating streams.
Current features include:
- ONVIF discovery and authentication testing (wordlists, multithreading)
- Post-auth enumeration (device info, users, network config, media profiles)
- RTSP extraction via ONVIF
- RTSP port detection and basic vendor identification
- Vendor-aware RTSP bruteforce
- Stream validation, preview and recording
- ONVIF reboot support
It’s still early, but already usable in real-world engagements.
Would be interested in feedback, especially from people who have dealt with ONVIF/RTSP cameras or IoT security in general.