# Audit ONVIF Camera Security

Exposed ONVIF services can leave cameras open to unauthorized access or weak credential attacks. This skill helps authorized testers plan focused authentication checks and review results responsibly.

## Install

```bash
npx skillstore add brownfinesecurity/onvifscan
```

## Metadata

- - Slug: brownfinesecurity-onvifscan
- - Version: 1.0.0
- - Author: BrownFineSecurity
- - GitHub username: BrownFineSecurity
- - License: MIT
- - Repository: https://github.com/BrownFineSecurity/iothackbot/tree/master/skills/onvifscan
- - Ref: master
- - Supported tools: Claude, Codex, Claude Code
- - Risk level: high
- - Risk factors: external\_commands, network
- - Quality score: 38
- - Quality tier: warning
- - Public page: https://skillstore.pages.dev/skills/brownfinesecurity-onvifscan
- - Manifest: https://skillstore.pages.dev/api/skills/brownfinesecurity-onvifscan/manifest

## Capabilities

- Explains when to run ONVIF authentication checks against authorized devices.
- Shows command patterns for auth scans and verbose endpoint review.
- Documents credential audit options using username and password wordlists.
- Highlights output format choices for text, JSON, or quiet results.
- Warns that all-endpoints testing may include destructive checks.

## Use Cases

- Internal Camera Exposure Review: Check whether approved cameras expose ONVIF endpoints without authentication.
- IoT Assessment Preparation: Plan authorized ONVIF tests and choose safe output formats before field work.
- Weak Credential Audit: Run limited credential checks with approved wordlists and documented scope.

## Prompt Templates

### Plan a Safe Auth Check

```
I have approval to test one ONVIF camera at <target>. Help me plan a non-destructive auth scan and list the checks to confirm first.
```

### Review Auth Scan Results

```
I ran an authorized ONVIF auth scan and have the text output. Help me identify exposed endpoints and recommended next steps.
```

### Prepare a Credential Audit

```
I need to test approved ONVIF devices for weak credentials. Help me define scope, wordlist rules, rate limits, and reporting fields.
```

### Build an Assessment Report

```
Using these authorized ONVIF scan findings, create a concise risk report with evidence, business impact, and remediation priorities.
```

## Limitations

- Does not include the onvifscan binary or validate that it is installed.
- Does not prove that the user owns or is allowed to test a target.
- Does not provide remediation steps for every camera vendor or firmware.
- May be unsafe on production devices without strict scope and approval.

## Best Practices

- Confirm written authorization and exact target scope before running any scan.
- Start with non-destructive authentication checks before any credential audit.
- Record device owner, target, time window, command options, and observed impact.

## Anti Patterns

- Do not scan public IP addresses or third-party cameras without permission.
- Do not use all-endpoints testing on production devices without explicit approval.
- Do not run broad credential guessing with unapproved wordlists or no stop condition.

## Security Audit

- - Safe to publish: false
- - Audited at: 2026-06-28T17:08:03.344\+00:00
- - Summary: Static backtick, hardcoded IP, hardcoded URL, and weak-cryptography findings are mostly false positives from Markdown examples and prose. However, the skill explicitly instructs network scanning, credential brute forcing, and use of an option that may test destructive endpoints. This is a high-risk dual-use security skill and should not be published without authorization safeguards and abuse controls.

## Stats

- - Views: 228
- - Downloads: 4
- - Favorites: 0
- - Popularity score: 0
