Show HN: Pwneye – discovering and accessing IP cameras (ONVIF/RTSP) https://ift.tt/hojKN1T

Show HN: Pwneye – discovering and accessing IP cameras (ONVIF/RTSP) Hi HN, I’ve been working on pwneye, a CLI tool for interacting with IP cameras exposing ONVIF and RTSP services. During penetration tests and red team engagements, I kept running into the same friction, with discovery, authentication testing, enumeration and stream validation spread across different tools or quick one-off scripts. pwneye was built to handle that workflow end-to-end, from discovery to actually accessing and validating streams. Current features include: - ONVIF discovery and authentication testing (wordlists, multithreading) - Post-auth enumeration (device info, users, network config, media profiles) - RTSP extraction via ONVIF - RTSP port detection and basic vendor identification - Vendor-aware RTSP bruteforce - Stream validation, preview and recording - ONVIF reboot support It’s still early, but already usable in real-world engagements. Would be interested in feedback, especially from people who have dealt with ONVIF/RTSP cameras or IoT security in general. Repo: https://ift.tt/M2AUod0 https://ift.tt/GLwxN3O April 20, 2026 at 10:54PM