The ChromeCast Exploitation Kit
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

ChromeCast Exploitation Kit

Controlling ChromeCasts though the command line. Made by Brussec Security with ❤️


  • Python
  • Curl


All you really need to do is install python and curl and clone this repository. But just because I can, here are the commands:

sudo apt-get install python curl
git clone

Usage -t <target> -a <action> -v <value>

Supported actions/commands

  • play : Play a Youtube video with ID specified in the value parameter
  • setName : Set the device name to the value specified in the value parameter
  • scanWifi : Scan nearby Wifi networks
  • reboot : Reboot the device
  • factoryReset : Resets the device to Factory Settings (USE WITH CARE)


Change the device name of a ChromeCast -t -a setName -v "Pablo is my hero"

Play a video (Rick Roll) -t -a play -v dQw4w9WgXcQ

Reboot the ChromeCast -t -a reboot



The idea for this tool came after some guy sent curl requests to publicly-exposed ChromeCasts on the internet to spread PewDiePie propaganda. As this is documented functionality, you can't actually call this an exploit. Although one could wonder why this is possible without a single form of authentication.