Layer · Exposed Devices

Vulnerable cameras & exposed devices

A live roster of internet-exposed cameras, DVRs and IoT endpoints — geolocated, fingerprinted, scored, and pivot-ready. Built for defenders, not voyeurs.

What the layer is
Cameras and recording devices reachable from the public internet — usually because the owner kept default credentials, exposed an admin port, or skipped firmware updates. Plotted on the globe with a snapshot thumbnail in the inspector.
What it is not
Not a directory for browsing into private homes. We surface what is already indexed by public scanners, do not bypass authentication, and never store snapshots beyond a short-lived proxy cache.

Pipeline

         ┌──────────────────────────────────────────────────────┐
         │  /api/public/exposed-real     (60s cache, SWR)       │
         └─┬────────────────────────────────────────────────────┘
           │  ① Roster build                                    
           │     Insecam / vendor directories  →  IP:port list  
           │  ② Vendor fingerprint                              
           │     Default paths (/mjpg/video.mjpg, /cgi-bin/…)   
           │     → Hikvision · Dahua · Axis · Foscam · GeoVision
           │  ③ Geolocation                                     
           │     ip-api.com  →  lat/lon, city, country, ISP, AS 
           │  ④ Risk scoring                                    
           │     CAMERA_PORTS + RISK_PORTS + CVE count          
           │  ⑤ Snapshot proxy                                  
           │     /api/public/camproxy?url=…   (no-store, 6s)    
           ▼
       Globe entity { id, lat, lon, name, category, meta:{…} }

Risk model

Each device gets a numeric score and a categorical band so the operator can sort by severity at a glance. The score is intentionally simple — it's a triage signal, not a CVSS replacement.

SignalWeightWhy it matters
Camera port hit+25 eachRTSP/MJPEG/ONVIF reachable from the public net.
Vendor fingerprint+20Hikvision/Dahua/etc. detected via CPE or tag.
Risky service port+12 eachTelnet, SMB, RDP, Redis, Mongo, Docker API…
Known CVE+8 eachFrom Shodan InternetDB.
≥ 80 CRITICAL · ≥ 50 HIGH · ≥ 25 MEDIUM · > 0 LOW · 0 NONE

Camera ports we look for

80 HTTP UI81 Foscam88 Hikvision443 HTTPS554 RTSP1935 RTMP3702 ONVIF8000 Hikvision SDK8080 alt-HTTP8081 MJPEG8443 alt-HTTPS8554 RTSP7001 Dahua34567 Xiongmai37777 Dahua proprietary

Inspector readout

VendorHikvision DS-2CD2032
Endpoint203.0.113.42:8080
GeoBangkok · TH · 13.75, 100.50
ISP / ASNAS4761 INDOSAT
Ports80 · 554 · 8080 · 8443
CVEs3 known
RiskCRITICAL · 92
Snapshotproxied through /api/public/camproxy (no-store)

Pivots

Every exposed device opens with one click into the wider OSINT graph — same IP, deeper context, no scraping.

Shodan / InternetDB
Full host history, banners, raw service detection.
Censys
Cross-source certificate and protocol view.
GreyNoise
Background-noise scanner reputation.
AbuseIPDB
Community abuse reports tied to the IP.

Self-check tool

The IP Lookup panel runs the same pipeline against a single IP — paste your own, or one a tenant asks about, and you get the camera-port map, vendor fingerprint, CVE list and risk band in under a second.

GET /api/public/ip-check                → caller's public IP
GET /api/public/ip-check?ip=1.2.3.4    → arbitrary IPv4

← { ip, geo, internetdb:{ports, cpes, vulns, tags},
    camera:{likely, matched_ports, vendor_hints},
    risk:{level, score, exposed_risky_ports, known_cves},
    pivots:{shodan, censys, zoomeye, greynoise, abuseipdb} }

Refresh & caching

Roster
60s server cache, SWR on the client.
Snapshot
6s client refresh while a preview is open; no persistence.
InternetDB
8s timeout, treated as best-effort enrichment.

Boundaries

  • Only data already published by third-party scanners (Insecam, Shodan InternetDB, ip-api).
  • No credentials submitted. No authentication bypassed. No private VPN/LAN devices probed.
  • Snapshots stream through a no-store proxy and are never archived server-side.
  • The layer is built so defenders can find their own exposure before someone else does.