-
Notifications
You must be signed in to change notification settings - Fork 12
Configuration
This page documents the configurable options and runtime behavior of EyeSpy. EyeSpy does not rely on external config files by default. All configuration is passed as parameters when running the script, allowing you to adapt the tool for different network sizes, targets, and testing scenarios.
| Mode | Description |
|---|---|
| -Search | Port scan only |
| -NoAuth | Detect RTSP without authentication |
| -Auto | Full scan + enumeration |
| -AuthAttack | Credential testing |
Controls how long EyeSpy waits (in milliseconds) for a response from a target before moving on.
EyeSpy -Search 192.168.1.0/24 -Timeout 3000| Environment | Timeout |
|---|---|
| Local LAN | Default (200) |
| VPN / WAN | 500β2000 ms |
| High latency | 2000-3000(max) ms |
EyeSpy targets RTSP default ports, including:
- 554 (standard RTSP)
- 8554 (Alternative Port)
- 5554 (Alternative Port)
Additional ports may be tested manually using the -AuthAttack mode and specifying the port 10.10.10.10:1337
The path changes depending on the configuration of the device. Unfortunately, most vendors do not share the same path, only those devices that are rebranded share the same paths.
By default EyeSpy scans a large list of well known paths for lots of devices and multiple streams of said devices, though slower there is more chance you will find a valid path. It is recommended where possible to specify the path if known to drastically reduce the amount of brute forcing needed.
Specify a known RTSP path manually:
EyeSpy -AuthAttack 192.168.1.100:554 -Path 'live.sdp'Restricts enumeration to a built-in list of common main channel RTSP paths, reducing scan noise.
EyeSpy -Auto 192.168.1.0/24 -CommonUse these options when testing production networks or minimizing connection attempts.
When no credential file is provided, EyeSpy uses a built-in list of common/default camera credentials.
Use -Creds to specify a custom credential list:
EyeSpy -AuthAttack 192.168.1.50:554 -Creds C:\lists\rtsp_creds.txtThe custom credentials file requires one line per credential pair in a colon separated format:
admin:admin
admin:password
root:12345
You can test a single username/password combination:
EyeSpy -AuthAttack 192.168.1.50:554 -Username 'admin' -Password 'admin'This is useful for validation or known-credential checks.
It is also possible to use EyeSpy's common/default credentials to spray if only the username or password is known
EyeSpy -Auto 192.168.3.120 -Username 'admin' -Timeout 350EyeSpy -Auto 192.168.1.50 -Password 'service' Helpful to reduce spraying with partially known credentials.
As always there is a handy inline help
EyeSpy -Help (-h)