Tells the search engine to look for specific text within the URL of a website.
While Google dorking for open cameras has existed for decades, several factors caused a spike in searches around 2021:
Manufacturers release patches to close security holes. Check for updates at least once a quarter.
: Devices appearing in these results are often unintentionally public because their owners did not set a password or change the factory default settings. Privacy Concerns
The Google Dork inurl:viewerframe? mode=motion is used to locate publicly accessible IP cameras, often targeting Panasonic models, by searching for specific URL structures associated with their live video feeds. Security researchers frequently cite this method to highlight risks associated with improperly secured cameras, which can be indexed by search engines. Read the full discussion on Reddit at inurl viewerframe mode motion 2021
inurl:"ViewerFrame? Mode= intitle:Axis 2400 video server. inurl:/view.shtml. intitle:"Live View / — AXIS" | inurl:view/view.shtml^
Devices that use viewerframe pages are often older models or low-cost units. By 2021, many of these were known to have:
Let me know which camera brand you are using, and I can provide specific steps. Share public link
Bad actors using feeds to monitor foot traffic or security routines. Tells the search engine to look for specific
If you own a network camera and want to ensure it doesn't end up in these search results: Set a Strong Password
+-------------------------------------------------------------+ | VULNERABILITY LIFECYCLE | +-------------------------------------------------------------+ | 1. Out-of-the-Box Configuration: | | Camera deployed with Default Passwords / Anonymous View. | +-------------------------------------------------------------+ | v +-------------------------------------------------------------+ | 2. Network Exposure: | | Universal Plug and Play (UPnP) maps port to Public IP. | +-------------------------------------------------------------+ | v +-------------------------------------------------------------+ | 3. Search Engine Indexing: | | Web crawlers index the URL structure "Mode=Motion". | +-------------------------------------------------------------+ | v +-------------------------------------------------------------+ | 4. Unauthorized Access: | | Threat actors exploit query via Google Dorking. | +-------------------------------------------------------------+ 1. Default Open Permissions
The string inurl:viewerframe?mode=motion is a "Google Dork"—a specialized search query designed to find specific patterns in website URLs. In this case, it targets the web interfaces of older network cameras (IP cameras), specifically those manufactured by Panasonic.
This operator forces Google to return web pages that contain specific text strings within their uniform resource locator (URL) structure. : Devices appearing in these results are often
Most cameras exposed via this query lack basic password protection. Anyone clicking the link is automatically granted access to the live feed without prompting for a username or password. 2. Device Control Exposure
For businesses, an exposed camera feed can reveal operational hours, security guard rotations, the location of safes, and proprietary logistics processes. Cybercriminals or physical thieves can use this data to plan heists or social engineering attacks. 3. Botanical and Environmental Data Mining
The exposure of these camera feeds usually boils down to three main factors: