{"id":13413770,"url":"https://github.com/Ullaakut/cameradar","last_synced_at":"2025-03-14T20:30:38.134Z","repository":{"id":40298726,"uuid":"59289480","full_name":"Ullaakut/cameradar","owner":"Ullaakut","description":"Cameradar hacks its way into RTSP videosurveillance cameras","archived":false,"fork":false,"pushed_at":"2024-10-11T15:01:04.000Z","size":37223,"stargazers_count":4085,"open_issues_count":28,"forks_count":517,"subscribers_count":139,"default_branch":"master","last_synced_at":"2024-10-29T20:52:08.399Z","etag":null,"topics":["cameras","cctv","hacking","hacking-tool","infosec","netsec","penetration-testing","pentesting","rtsp","security","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Ullaakut.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["ullaakut"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2016-05-20T11:35:41.000Z","updated_at":"2024-10-29T06:01:02.000Z","dependencies_parsed_at":"2024-11-26T15:15:12.988Z","dependency_job_id":null,"html_url":"https://github.com/Ullaakut/cameradar","commit_stats":{"total_commits":200,"total_committers":17,"mean_commits":"11.764705882352942","dds":0.38,"last_synced_commit":"f586940b6caf9b9b4e189956f94b6526d6724c5b"},"previous_names":["etixlabs/cameradar"],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ullaakut%2Fcameradar","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ullaakut%2Fcameradar/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ullaakut%2Fcameradar/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ullaakut%2Fcameradar/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Ullaakut","download_url":"https://codeload.github.com/Ullaakut/cameradar/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243641954,"owners_count":20323940,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cameras","cctv","hacking","hacking-tool","infosec","netsec","penetration-testing","pentesting","rtsp","security","security-tools"],"created_at":"2024-07-30T20:01:48.752Z","updated_at":"2025-03-14T20:30:37.459Z","avatar_url":"https://github.com/Ullaakut.png","language":"Go","funding_links":["https://github.com/sponsors/ullaakut"],"categories":["Go","\u003ca id=\"04102345243a4bcaec83f703afff6cb3\"\u003e\u003c/a\u003e硬件设备\u0026\u0026USB\u0026树莓派","Security","Relational Databases","security-tools","其他_安全与渗透","Red Team","安全","安全领域相关库","Network Scanners","安全性","Uncategorized"],"sub_categories":["\u003ca id=\"ff462a6d508ef20aa41052b1cc8ad044\"\u003e\u003c/a\u003e未分类-Hardware","HTTP Clients","Advanced Console UIs","资源传输下载","Reconaissance","HTTP客户端","查询语","交流","Uncategorized"],"readme":"# Cameradar\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"images/Cameradar.gif\" width=\"100%\"/\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n    \u003ca href=\"#license\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/license-Apache-blue.svg?style=flat\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://hub.docker.com/r/ullaakut/cameradar/\"\u003e\n        \u003cimg src=\"https://img.shields.io/docker/pulls/ullaakut/cameradar.svg?style=flat\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://travis-ci.org/Ullaakut/cameradar\"\u003e\n        \u003cimg src=\"https://travis-ci.org/Ullaakut/cameradar.svg?branch=master\" /\u003e\n    \u003c/a\u003e\n    \u003ca href='https://coveralls.io/github/Ullaakut/cameradar?branch=master'\u003e\n        \u003cimg src='https://coveralls.io/repos/github/Ullaakut/cameradar/badge.svg?branch=master' alt='Coverage Status' /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://golangci.com/r/github.com/ullaakut/cameradar\"\u003e\n        \u003cimg src=\"https://golangci.com/badges/github.com/ullaakut/cameradar.svg\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://goreportcard.com/report/github.com/ullaakut/cameradar\"\u003e\n        \u003cimg src=\"https://goreportcard.com/badge/github.com/ullaakut/cameradar\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/ullaakut/cameradar/releases/latest\"\u003e\n        \u003cimg src=\"https://img.shields.io/github/release/Ullaakut/cameradar.svg?style=flat\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://godoc.org/github.com/ullaakut/cameradar\"\u003e\n        \u003cimg src=\"https://godoc.org/github.com/ullaakut/cameradar?status.svg\" /\u003e\n    \u003c/a\u003e\n\u003c/p\u003e\n\n## An RTSP stream access tool that comes with its library\n\n### Cameradar allows you to\n\n* **Detect open RTSP hosts** on any accessible target host\n* Detect which device model is streaming\n* Launch automated dictionary attacks to get their **stream route** (e.g.: `/live.sdp`)\n* Launch automated dictionary attacks to get the **username and password** of the cameras\n* Retrieve a complete and user-friendly report of the results\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"images/Cameradar.png\" width=\"250\"/\u003e\u003c/p\u003e\n\n## Table of content\n\n* [Docker Image](#docker-image)\n* [Configuration](#configuration)\n* [Output](#output)\n* [Check camera access](#check-camera-access)\n* [Command-line options](#command-line-options)\n* [Contribution](#contribution)\n* [Frequently Asked Questions](#frequently-asked-questions)\n* [License](#license)\n\n## Docker Image for Cameradar\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"images/CameradarV4.png\" width=\"70%\"/\u003e\u003c/p\u003e\n\nInstall [docker](https://docs.docker.com/engine/installation/) on your machine, and run the following command:\n\n```bash\ndocker run -t ullaakut/cameradar -t \u003ctarget\u003e \u003cother command-line options\u003e\n```\n\n[See command-line options](#command-line-options).\n\ne.g.: `docker run -t ullaakut/cameradar -t 192.168.100.0/24` will scan the ports 554, 5554 and 8554 of hosts on the 192.168.100.0/24 subnetwork and attack the discovered RTSP streams and will output debug logs.\n\n* `YOUR_TARGET` can be a subnet (e.g.: `172.16.100.0/24`), an IP (e.g.: `172.16.100.10`), or a range of IPs (e.g.: `172.16.100.10-20`).\n* If you want to get the precise results of the nmap scan in the form of an XML file, you can add `-v /your/path:/tmp/cameradar_scan.xml` to the docker run command, before `ullaakut/cameradar`.\n* If you use the `-r` and `-c` options to specify your custom dictionaries, make sure to also use a volume to add them to the docker container. Example: `docker run -t -v /path/to/dictionaries/:/tmp/ ullaakut/cameradar -r /tmp/myroutes -c /tmp/mycredentials.json -t mytarget`\n\n## Installing the binary on your machine\n\nOnly use this solution if for some reason using docker is not an option for you or if you want to locally build Cameradar on your machine.\n\n**WARNING**: Manually building the binary will **NOT WORK** for any camera that uses **DIGEST AUTHENTICATION** [if your version of `curl` is over `7.64.0`](https://github.com/Ullaakut/cameradar/pull/252), which is most likely the case. For more information, see [this response on the subject from the author of curl](https://stackoverflow.com/a/59778142/4145098).\n\n### Dependencies\n\n* `go` (\u003e `1.10`)\n* `libcurl` development library (**[version has to be \u003c7.66.0](https://github.com/Ullaakut/cameradar/issues/247)**)\n    * For apt users: `apt install libcurl4-openssl-dev`\n\n### Steps to install\n\n1. `go install github.com/Ullaakut/cameradar/v5/cmd/cameradar@latest`\n\nThe `cameradar` binary is now in your `$GOPATH/bin` ready to be used. See command line options [here](#command-line-options).\n\n## Configuration\n\nThe **RTSP port used for most cameras is 554**, so you should probably specify 554 as one of the ports you scan. Not specifying any ports to the cameradar application will scan the 554, 5554 and 8554 ports.\n\n`docker run -t --net=host ullaakut/cameradar -p \"18554,19000-19010\" -t localhost` will scan the ports `18554`, and the range of ports between `19000` and `19010` on `localhost`.\n\nYou **can use your own files for the credentials and routes dictionaries** used to attack the cameras, but the Cameradar repository already gives you a good base that works with most cameras, in the `/dictionaries` folder.\n\n```bash\ndocker run -t -v /my/folder/with/dictionaries:/tmp/dictionaries \\\n           ullaakut/cameradar \\\n           -r \"/tmp/dictionaries/my_routes\" \\\n           -c \"/tmp/dictionaries/my_credentials.json\" \\\n           -t 172.19.124.0/24\n```\n\nThis will put the contents of your folder containing dictionaries in the docker image and will use it for the dictionary attack instead of the default dictionaries provided in the cameradar repo.\n\n## Check camera access\n\nIf you have [VLC Media Player](http://www.videolan.org/vlc/), you should be able to use the GUI or the command-line to connect to the RTSP stream using this format: `rtsp://username:password@address:port/route`\n\n## Command-line options\n\n* **\"-t, --targets\"**: Set target. Required. Target can be a file (see [instructions on how to format the file](#format-input-file)), an IP, an IP range, a subnetwork, or a combination of those. Example: `--targets=\"192.168.1.72,192.168.1.74\"`\n* **\"-p, --ports\"**: (Default: `554,5554,8554`) Set custom ports.\n* **\"-s, --scan-speed\"**: (Default: `4`) Set custom nmap discovery presets to improve speed or accuracy. It's recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a very performant and reliable network. You might also want to keep it low to keep your discovery stealthy. See [this for more info on the nmap timing templates](https://nmap.org/book/man-performance.html).\n* **\"-I, --attack-interval\"**: (Default: `0ms`) Set custom interval after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on fast and reliable networks.\n* **\"-T, --timeout\"**: (Default: `2000ms`) Set custom timeout value after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on fast and reliable networks.\n* **\"-r, --custom-routes\"**: (Default: `\u003cCAMERADAR_GOPATH\u003e/dictionaries/routes`) Set custom dictionary path for routes\n* **\"-c, --custom-credentials\"**: (Default: `\u003cCAMERADAR_GOPATH\u003e/dictionaries/credentials.json`) Set custom dictionary path for credentials\n* **\"-o, --nmap-output\"**: (Default: `/tmp/cameradar_scan.xml`) Set custom nmap output path\n* **\"-d, --debug\"**: Enable debug logs\n* **\"-v, --verbose\"**: Enable verbose curl logs (not recommended for most use)\n* **\"-h\"**: Display the usage information\n\n## Format input file\n\nThe file can contain IPs, hostnames, IP ranges and subnetwork, separated by newlines. Example:\n\n```text\n0.0.0.0\nlocalhost\n192.17.0.0/16\n192.168.1.140-255\n192.168.2-3.0-255\n```\n\n## Environment Variables\n\n### `CAMERADAR_TARGET`\n\nThis variable is mandatory and specifies the target that cameradar should scan and attempt to access RTSP streams on.\n\nExamples:\n\n* `172.16.100.0/24`\n* `192.168.1.1`\n* `localhost`\n* `192.168.1.140-255`\n* `192.168.2-3.0-255`\n\n### `CAMERADAR_PORTS`\n\nThis variable is optional and allows you to specify the ports on which to run the scans.\n\nDefault value: `554,5554,8554`\n\nIt is recommended not to change these except if you are certain that cameras have been configured to stream RTSP over a different port. 99.9% of cameras are streaming on these ports.\n\n### `CAMERADAR_NMAP_OUTPUT_FILE`\n\nThis variable is optional and allows you to specify on which file nmap will write its output.\n\nDefault value: `/tmp/cameradar_scan.xml`\n\nThis can be useful only if you want to read the files yourself, if you don't want it to write in your `/tmp` folder, or if you want to use only the RunNmap function in cameradar, and do its parsing manually.\n\n### `CAMERADAR_CUSTOM_ROUTES`, `CAMERADAR_CUSTOM_CREDENTIALS`\n\nThese variables are optional, allowing to replace the default dictionaries with custom ones, for the dictionary attack.\n\nDefault values: `\u003cCAMERADAR_GOPATH\u003e/dictionaries/routes` and `\u003cCAMERADAR_GOPATH\u003e/dictionaries/credentials.json`\n\n### `CAMERADAR_SCAN_SPEED`\n\nThis optional variable allows you to set custom nmap discovery presets to improve speed or accuracy. It's recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a fast and reliable network. See [this for more info on the nmap timing templates](https://nmap.org/book/man-performance.html).\n\nDefault value: `4`\n\n### `CAMERADAR_ATTACK_INTERVAL`\n\nThis optional variable allows you to set `custom interval` to wait between each attack in order to stay stealthy. It's recommended to increase it when attempting to scan a network that might be protected against bruteforce attacks. By default, there is no interval, in order to make attacks as fast as possible\n\nDefault value: `0ms`\n\n### `CAMERADAR_TIMEOUT`\n\nThis optional variable allows you to set custom timeout value after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on fast and reliable networks.\n\nDefault value: `2000ms`\n\n### `CAMERADAR_LOGGING`\n\nThis optional variable allows you to enable a more verbose output to have more information about what is going on.\n\nIt will output nmap results, cURL requests, etc.\n\nDefault: `false`\n\n## Contribution\n\n### Build\n\n#### Docker build\n\nTo build the docker image, simply run `docker build . -t cameradar` in the root of the project.\n\nYour image will be called `cameradar` and NOT `ullaakut/cameradar`.\n\n#### Go build\n\n1. `go get github.com/Ullaakut/cameradar`\n2. `cd $GOPATH/src/github.com/Ullaakut/cameradar`\n3. `cd cmd/cameradar`\n4. `go install`\n\nThe cameradar binary is now in `$GOPATH/bin/cameradar`.\n\n## Frequently Asked Questions\n\n\u003e Cameradar does not detect any camera!\n\nThat means that either your cameras are not streaming in RTSP or that they are not on the target you are scanning. In most cases, CCTV cameras will be on a private subnetwork, isolated from the internet. Use the `-t` option to specify your target. If you are sure you did everything right but it still does not work, please open an issue with details on the device you are trying to access 🙏\n\n\u003e Cameradar detects my cameras, but does not manage to access them at all!\n\nMaybe your cameras have been configured, and the credentials / URL have been changed. Cameradar only guesses using default constructor values if a custom dictionary is not provided. You can use your own dictionaries in which you just have to add your credentials and RTSP routes. To do that, see how the [configuration](#configuration) works. Also, maybe your camera's credentials are not yet known, in which case if you find them it would be very nice to add them to the Cameradar dictionaries to help other people in the future.\n\n\u003e What happened to the C++ version?\n\nYou can still find it under the 1.1.4 tag on this repo, however it was slower and less stable than the current version written in Golang. It is not recommended using it.\n\n\u003e How to use the Cameradar library for my own project?\n\nSee the example in `/cmd/cameradar`. You just need to run `go get github.com/Ullaakut/cameradar` and to use the `cameradar` package in your code. You can find the documentation on [godoc](https://godoc.org/github.com/ullaakut/cameradar).\n\n\u003e I want to scan my own localhost for some reason, and it does not work! What's going on?\n\nUse the `--net=host` flag when launching the cameradar image, or use the binary by running `go run cameradar/cameradar.go` or [installing it](#go-build).\n\n\u003e I don't see a colored output:(\n\nYou forgot the `-t` flag before `ullaakut/cameradar` in your command-line. This tells docker to allocate a pseudo-tty for cameradar, which makes it able to use colors.\n\n\u003e I don't have a camera, but I'd like to try Cameradar!\n\nSimply run `docker run -p 8554:8554 -e RTSP_USERNAME=admin -e RTSP_PASSWORD=12345 -e RTSP_PORT=8554 ullaakut/rtspatt` and then run cameradar, and it should guess that the username is admin and that the password is 12345. You can try this with any default constructor credentials (they can be found [here](dictionaries/credentials.json)).\n\n\u003e What authentication types does Cameradar support?\n\nCameradar supports both basic and digest authentication.\n\n## Examples\n\n\u003e Running cameradar on your own machine to scan for default ports\n\n`docker run --net=host -t ullaakut/cameradar -t localhost`\n\n\u003e Running cameradar with an input file, logs enabled on port 8554\n\n`docker run -v /tmp:/tmp --net=host -t ullaakut/cameradar -t /tmp/test.txt -p 8554`\n\n\u003e Running cameradar on a subnetwork with custom dictionaries, on ports 554, 5554 and 8554\n\n`docker run -v /tmp:/tmp --net=host -t ullaakut/cameradar -t 192.168.0.0/24 --custom-credentials=\"/tmp/dictionaries/credentials.json\" --custom-routes=\"/tmp/dictionaries/routes\" -p 554,5554,8554`\n\n## License\n\nCopyright 2023 Ullaakut\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\nFROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER\nDEALINGS IN THE SOFTWARE.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FUllaakut%2Fcameradar","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FUllaakut%2Fcameradar","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FUllaakut%2Fcameradar/lists"}