Tool for exposing Brickcom camera usernames and passwords.
Go to file
M00seMan caf8b4348f
2018-07-11 02:34:00 +02:00
.gitattributes Initial commit 2018-07-06 20:49:24 +02:00 init 2018-07-06 22:12:55 +02:00 Update 2018-07-11 02:34:00 +02:00
LICENSE Initial commit 2018-07-06 20:49:24 +02:00 init 2018-07-06 22:12:55 +02:00


by EMLGaming and M00SE

This is a script that utilizes an exploit in the Brickcom cameras that reveal the admin username and password. We automated it to harvest IPs from shodan and get all the usernames and passwords automaticly.

Clone the source code: git clone

Change directory into Brixsploit: cd Brixsploit

Give permissions to execute the bash files: sudo chmod +x *.sh

Run ./

Arguments: -h for help -o for output to file (example: ./ -o test.txt) -r for read ip adresses from list (example: ./ -r iplist.txt -o output.txt)

If you want to harvest a file with ip cameras from shodan we added a script for that aswell. All you need to do is install the Shodan commandline tool. Then run

Install shodan commandline tool:

Install python-setuptools: (on debain (kali) and ubuntu type this) sudo apt-get install python-setuptools

Install shodan: sudo easy_install shodan

Run ./

Have fun!

The easiest way to get around this particular exploit is to change all the default credentials including the viewer.

Thanks to Emiliano Ipar twitter for finding and exposing this vulnerability!

We do not take responsibility for what to do with the script and do not condone any illegal practises with it. Only use on cameras that you own or have permission to test it on. For educational purposes only.