The ChromeCast Exploitation Kit
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information. Added "update" + small usability fixes Jan 8, 2019
LICENSE Initial commit Jan 8, 2019 Updated (again) Jan 8, 2019

ChromeCast Exploitation Kit

Controlling ChromeCasts though the command line. Made by Brussec Security with ❤️


  • Python
  • Curl


All you really need to do is install python and curl and clone this repository. But just because I can, here are the commands:

sudo apt-get install python curl
git clone

Usage -t <target> -a <action> -v <value>

Supported actions/commands

  • play : Play a Youtube video with ID specified in the value parameter
  • setName : Set the device name to the value specified in the value parameter
  • scanWifi : Scan nearby Wifi networks
  • reboot : Reboot the device
  • factoryReset : Resets the device to Factory Settings (USE WITH CARE)


Change the device name of a ChromeCast -t -a setName -v "Pablo is my hero"

Play a video (Rick Roll) -t -a play -v dQw4w9WgXcQ

Reboot the ChromeCast -t -a reboot



The idea for this tool came after some guy sent curl requests to publicly-exposed ChromeCasts on the internet to spread PewDiePie propaganda. As this is documented functionality, you can't actually call this an exploit. Although one could wonder why this is possible without a single form of authentication.