Skip to content

Configuration

Miiden edited this page Jan 9, 2026 · 3 revisions

EyeSpy Configuration

🧩 Runtime Configuration

This page documents the configurable options and runtime behavior of EyeSpy. EyeSpy does not rely on external config files by default. All configuration is passed as parameters when running the script, allowing you to adapt the tool for different network sizes, targets, and testing scenarios.

⏱ Timeout Settings

-Timeout

Controls how long EyeSpy waits (in milliseconds) for a response from a target before moving on.

EyeSpy -Search 192.168.1.0/24 -Timeout 3000

Recommended Values:

Environment Timeout
Local LAN Default (200)
VPN / WAN 500–2000 ms
High latency 2000-3000(max) ms

πŸ“‘ RTSP Port Handling

EyeSpy targets RTSP default ports, including:

  • 554 (standard RTSP)
  • 8554 (Alternative Port)
  • 5554 (Alternative Port)

Additional ports may be tested manually using the -AuthAttack mode and specifying the port 10.10.10.10:1337

πŸ“ RTSP Path Enumeration

-Path

The path changes depending on the configuration of the device. Unfortunately, most vendors do not share the same path, only those devices that are rebranded share the same paths.

By default EyeSpy scans a large list of well known paths for lots of devices and multiple streams of said devices, though slower there is more chance you will find a valid path. It is recommended where possible to specify the path if known to drastically reduce the amount of brute forcing needed.

Specify a known RTSP path manually:

EyeSpy -AuthAttack 192.168.1.100:554 -Path 'live.sdp'

-Common

Restricts enumeration to a built-in list of common main channel RTSP paths, reducing scan noise.

EyeSpy -Auto 192.168.1.0/24 -Common

Use these options when testing production networks or minimizing connection attempts.

πŸ” Credential Configuration

Default Credentials

When no credential file is provided, EyeSpy uses a built-in list of common/default camera credentials.

Custom Credential File

Use -Creds to specify a custom credential list:

EyeSpy -AuthAttack 192.168.1.50:554 -Creds C:\lists\rtsp_creds.txt

Custom Credentials File Format

The custom credentials file requires one line per credential pair in a colon separated format:

admin:admin
admin:password
root:12345

πŸ‘€ Single Credential Testing

You can test a single username/password combination:

EyeSpy -AuthAttack 192.168.1.50:554 -Username 'admin' -Password 'admin'

This is useful for validation or known-credential checks.

πŸ‘€ Partially Known Spraying

It is also possible to use EyeSpy's common/default credentials to spray if only the username or password is known

EyeSpy -Auto 192.168.3.120 -Username 'admin' -Timeout 350
EyeSpy -Auto 192.168.1.50 -Password 'service' 

Helpful to reduce spraying with partially known credentials.

🧠 Scan Modes Summary

Mode Description
-Search Port scan only
-NoAuth Detect RTSP without authentication
-Auto Full scan + enumeration
-AuthAttack Credential testing

Clone this wiki locally