Inurl+viewerframe+mode+motion

The GHDB categorizes dorks into specific security risks, including: Exposed files containing usernames and passwords. Vulnerable online servers and web portals.

A parameter passed to the camera's internal web server, requesting a live, real-time video stream instead of static image snapshots.

So, what exactly is being searched for with a query like inurl:"viewerframe?mode=motion" ? The dork is a direct result of how some network camera manufacturers, most notably , designed the web interface for their security cameras. The string viewerframe is a part of the filename of a webpage on the camera's internal server. The term mode=motion is a parameter passed to that webpage, instructing it to display a live, motion-tracking video stream. inurl+viewerframe+mode+motion

Sometimes, the search doesn’t just find the viewer frame; it finds directories containing JPEG snapshots or video clips. You might see a listing of files like motion_001.jpg , motion_002.jpg , etc., timestamped to the minute.

The search string inurl:viewerframe?mode=motion is a famous used by cybersecurity professionals, penetration testers, and OSINT (Open Source Intelligence) researchers to identify exposed, internet-connected CCTV and IP surveillance cameras. The GHDB categorizes dorks into specific security risks,

When a security camera is installed and connected to the internet without a password or behind a misconfigured firewall, Google's "crawlers" can find the camera's login-less viewing page.

The risks are exacerbated by additional vulnerabilities present on these devices. In August 2025, researchers at Claroty disclosed multiple security flaws in Axis Communications products. These flaws, tracked as CVE-2025-30023, CVE-2025-30024, and others, allowed attackers to perform on Axis Device Manager and Camera Station software. The researchers found over 6,500 servers exposing the proprietary Axis.Remoting protocol, with 4,000 located in the U.S. alone. These vulnerabilities effectively allowed attackers to bypass authentication, hijack video feeds, shut down cameras, and move laterally within a corporate network. So, what exactly is being searched for with

Finding these feeds might feel like a "life hack" or a curious exploration, but it highlights a massive privacy failure.

Manufacturers release patches to close security loopholes. If your camera is 10 years old and hasn't had an update since 2018, it’s a liability.

What is Google Dorking/Hacking | Techniques & Examples - Imperva