Watching the Watchers -- Detecting WebCams with Nessus
Nessus plugin #33523 "Network Camera Detection" will alert if it encounters a web page that belongs to a WebCam.
Typically, these web pages are not password protected and on ports other than port 80. If it is not password protected and not behind a firewall, it may be allowing unauthorized users from your organization, or even users from the Internet to view and/or listen to activity and conversations in the viewing area of the cameras.
Below is an example screen shot of this plugin being active during a Nessus scan.
The plugin does not require credentials, but is dependent on having its scan target the web server port if it is running on something non-standard, such as 8000.
The plugin is currently available to Direct Feed users.
Related Articles
- Nessus