Skip to content

SafeStay Scanner

Detect hidden cameras and suspicious devices at Airbnbs, hotels, and rentals.

Install

SafeStay scans your local WiFi network, identifies devices by manufacturer, probes camera-specific ports (RTSP, ONVIF, Tuya P2P, MQTT-TLS, debug backdoors), and flags suspicious devices with risk levels. It also ships an in-app physical-check guide for the cameras a network scan cannot see (4G/SIM, SD-card-only, separate VLAN). Runs entirely on your machine.

Hobby project. MIT-licensed, AS IS, no warranty, no liability. Not legal advice. Network scanning may be illegal where you are — that's on you to check before running it.

One-liner (macOS & Linux)

curl -fsSL https://raw.githubusercontent.com/Cuzeth/airbnb-safety-tools/main/install.sh | bash

Installs to ~/.local/binand verifies the binary against the release's SHA-256 checksums before installing. Never asks for sudo. Inspect the script before running it.

Or download a prebuilt binary

macOS (Apple Silicon)macOS (Intel)Linux (x86_64)Linux (ARM64)

After install

sudo safestay  # best results (raw ICMP fills the ARP cache)
safestay       # unprivileged fallback (TCP/UDP probes only)

Press ? inside the app at any time for the physical-check guide and the limits of what a network scan can see.

View source on GitHub →

MAC Address Lookup

Quick check against 150+ camera manufacturer OUI prefixes from the SafeStay OUI database (derived from the IEEE MA-L public registry). Vendor labels are technical references, not confirmed identifications — MAC addresses can be spoofed and OUI assignments can be reused. For full detection with port scanning, risk assessment, and the physical-check guide, install the scanner above.

Physical Check

Network scanning misses an entire class of threats: cameras on a separate VLAN, cameras with a 4G/LTE SIM, SD-card-only recorders, and anything an AP-isolated network hides from a scanner. Do this 60-second sweep in addition to the scan — you can do it from your phone if you can't install the tool right now.

Look at the obvious spots first

  • Smoke detectors, especially ones placed unusually low or aimed at a bed
  • Air purifiers, alarm clocks, picture frames, mirrors, decorative plants
  • USB chargers and power adapters plugged in near the bed or shower
  • Vents, speakers, and any object with a small dark dot the size of a pencil tip

Sweep the room with a flashlight in the dark

  • Turn off all lights and close the curtains
  • Use a flashlight (phone torch works) and slowly sweep across surfaces from eye level
  • A camera lens reflects a sharp, repeatable glint — different from glass or metal
  • Inspect any glint up close: lift, twist, or unscrew the object if you can

Use your phone's front camera to find IR LEDs

  • Open your phone's front-facing camera (not the rear — most rear cameras filter IR)
  • Turn off the room lights. Point it at smoke detectors, vents, clocks, frames
  • Night-vision cameras emit faint purple/white dots that are invisible to the eye but visible to your phone sensor
  • If you see steady IR dots from an object that should not have a camera, treat it as a finding

Check for cameras that don't use the WiFi

  • 4G/LTE cameras have a SIM card and bypass the host network entirely — SafeStay cannot see them
  • Look for objects with an unusual second power cable, or a small antenna nub
  • SD-card recorders need no network at all — they just store video locally
  • If you find a device you cannot explain, document it before touching it further

What This Tool Cannot See

A clean network scan is not a guarantee. SafeStay covers one slice of the threat surface — these are the parts it doesn't.

  • Cameras on a 4G/LTE SIM card are invisible to any WiFi scan
  • AP / client isolation hides every other device on the network from this tool
  • Cameras that only write to an SD card and never go online cannot be detected
  • Modern hidden cameras often run unbranded firmware on commodity chips (Tuya, ESP32, Anyka, Ingenic) — they may not match any known vendor
  • This tool is a starting point, not a guarantee. Always pair it with a physical sweep

Hobby project. MIT-licensed, AS IS, no warranty, no liability. Not legal advice. Detection is heuristic — false positives and false negatives are expected. Network scanning may be illegal where you are; confirming you have authorization is on you.

LicenseSource