{"id":17617885,"url":"https://github.com/ullaakut/cameradar","last_synced_at":"2026-02-28T21:04:00.271Z","repository":{"id":40298726,"uuid":"59289480","full_name":"Ullaakut/cameradar","owner":"Ullaakut","description":"Cameradar hacks its way into RTSP videosurveillance cameras","archived":false,"fork":false,"pushed_at":"2024-10-11T15:01:04.000Z","size":37223,"stargazers_count":4282,"open_issues_count":28,"forks_count":528,"subscribers_count":140,"default_branch":"master","last_synced_at":"2025-04-09T22:07:41.726Z","etag":null,"topics":["cameras","cctv","hacking","hacking-tool","infosec","netsec","penetration-testing","pentesting","rtsp","security","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Ullaakut.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["ullaakut"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2016-05-20T11:35:41.000Z","updated_at":"2025-04-09T13:32:55.000Z","dependencies_parsed_at":"2024-11-26T15:15:12.988Z","dependency_job_id":null,"html_url":"https://github.com/Ullaakut/cameradar","commit_stats":{"total_commits":200,"total_committers":17,"mean_commits":"11.764705882352942","dds":0.38,"last_synced_commit":"f586940b6caf9b9b4e189956f94b6526d6724c5b"},"previous_names":["etixlabs/cameradar"],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ullaakut%2Fcameradar","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ullaakut%2Fcameradar/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ullaakut%2Fcameradar/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ullaakut%2Fcameradar/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Ullaakut","download_url":"https://codeload.github.com/Ullaakut/cameradar/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254092798,"owners_count":22013292,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cameras","cctv","hacking","hacking-tool","infosec","netsec","penetration-testing","pentesting","rtsp","security","security-tools"],"created_at":"2024-10-22T19:16:44.643Z","updated_at":"2026-02-01T23:04:15.891Z","avatar_url":"https://github.com/Ullaakut.png","language":"Go","readme":"## Cameradar\n\n\u003cp align=\"center\"\u003e\n    \u003ca href=\"#license\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/license-Apache-blue.svg?style=flat\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://hub.docker.com/r/ullaakut/cameradar/\"\u003e\n        \u003cimg src=\"https://img.shields.io/docker/pulls/ullaakut/cameradar.svg?style=flat\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/Ullaakut/cameradar/actions\"\u003e\n        \u003cimg src=\"https://img.shields.io/github/actions/workflow/status/Ullaakut/cameradar/build.yaml\" /\u003e\n    \u003c/a\u003e\n    \u003ca href='https://coveralls.io/github/Ullaakut/cameradar?branch=master'\u003e\n        \u003cimg src='https://coveralls.io/repos/github/Ullaakut/cameradar/badge.svg?branch=master' alt='Coverage Status' /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://goreportcard.com/report/github.com/ullaakut/cameradar\"\u003e\n        \u003cimg src=\"https://goreportcard.com/badge/github.com/ullaakut/cameradar\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/ullaakut/cameradar/releases/latest\"\u003e\n        \u003cimg src=\"https://img.shields.io/github/release/Ullaakut/cameradar.svg?style=flat\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://pkg.go.dev/github.com/ullaakut/cameradar\"\u003e\n        \u003cimg src=\"https://godoc.org/github.com/ullaakut/cameradar?status.svg\" /\u003e\n    \u003c/a\u003e\n\u003c/p\u003e\n\n## RTSP stream access tool\n\nCameradar scans RTSP endpoints on authorized targets, and uses dictionary attacks to bruteforce their credentials and routes.\n\n### What Cameradar does\n\n- Detects open RTSP hosts on accessible targets.\n- Detects the device model that streams the RTSP feed.\n- Attempts dictionary-based discovery of stream routes (for example, `/live.sdp`).\n- Attempts dictionary-based discovery of camera credentials.\n- Produces a report of findings.\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"images/Cameradar.png\" width=\"250\"/\u003e\u003c/p\u003e\n\n## Table of contents\n\n- [Quick start with Docker](#quick-start-with-docker)\n- [Install the binary](#install-the-binary)\n- [Install on Android (Termux)](#install-on-android-termux)\n- [Configuration](#configuration)\n- [Security and responsible use](#security-and-responsible-use)\n- [Output](#output)\n- [Check camera access](#check-camera-access)\n- [Command-line options](#command-line-options)\n- [Input file format](#input-file-format)\n- [Environment variables](#environment-variables)\n- [Build and contribute](#build-and-contribute)\n- [Frequently asked questions](#frequently-asked-questions)\n- [Examples](#examples)\n- [License](#license)\n\n---\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"images/example.gif\"/\u003e\u003c/p\u003e\n\n## Quick start with Docker\n\nInstall [Docker](https://docs.docker.com/engine/installation/) and run:\n\n```bash\ndocker run --rm -t --net=host ullaakut/cameradar --targets \u003ctarget\u003e\n```\n\nExample:\n\n```bash\ndocker run --rm -t --net=host ullaakut/cameradar --targets 192.168.100.0/24\n```\n\nThis scans ports 554, 5554, and 8554 on the target subnet.\nIt attempts to enumerate RTSP streams.\nFor all options, see [command-line options](#command-line-options).\n\n- Targets can be CIDRs, IPs, IP ranges or a hostname.\n    - Subnet: `172.16.100.0/24`\n    - IP: `172.16.100.10`\n    - Host: `localhost`\n    - Range: `172.16.100.10-20`\n\n- To use custom dictionaries, mount them and pass both flags:\n\n    ```bash\n    docker run --rm -t --net=host \\\n        -v /path/to/dictionaries:/tmp/dictionaries \\\n        ullaakut/cameradar \\\n        --custom-routes /tmp/dictionaries/my_routes \\\n        --custom-credentials /tmp/dictionaries/my_credentials.json \\\n        --targets 192.168.100.0/24\n    ```\n\n## Install the binary\n\nUse this option if Docker is not available or if you want a local build.\n\n### Dependencies\n\n- Go 1.25 or later\n\n### Steps\n\n1. `go install github.com/Ullaakut/cameradar/v6/cmd/cameradar@latest`\n\nThe `cameradar` binary is now in your `$GOPATH/bin`.\nFor available flags, see [command-line options](#command-line-options).\n\n## Install on Android (Termux)\n\nThese steps summarize a working Termux setup for Android.\nUse Termux 117 from F-Droid or the official Termux site, not Google Play.\n\n### 1) Set up Termux and Alpine\n\nInstall the required packages in Termux:\n\n```bash\npkg update\npkg install mc wget git nmap proot-distro\n```\n\nInstall Alpine and log in:\n\n```bash\nproot-distro install alpine\nproot-distro login alpine\n```\n\n### 2) Install build tools in Alpine\n\n```bash\napk add wget git go gcc clang musl-dev make\n```\n\n### 3) Build Cameradar\n\nCreate a module path and clone the repo:\n\n```bash\nmkdir -p go/pkg/mod/github.com/Ullaakut\ncd go/pkg/mod/github.com/Ullaakut\ngit clone https://github.com/Ullaakut/cameradar.git\ncd cameradar/cmd/cameradar\ngo install\n```\n\n### 4) Run Cameradar\n\nCopy dictionaries and run the binary:\n\n```bash\nmkdir -p /tmp\ncp -r ../../dictionaries /tmp/dictionaries\n/go/bin/cameradar --targets=\u003ctarget\u003e --custom-credentials=/tmp/dictionaries/credentials.json --custom-routes=/tmp/dictionaries/routes --ui=plain --debug \n```\n\nReplace `\u003ctarget\u003e` with an IP, range, host or subnet you are authorized to test.\n\n## Configuration\n\nThe default RTSP ports are `554`, `5554`, `8554`.\nIf you do not specify ports, Cameradar uses those.\n\nExample of scanning custom ports:\n\n```bash\ndocker run --rm -t --net=host \\\n    ullaakut/cameradar \\\n    --ports \"18554,19000-19010\" \\\n    --targets localhost\n```\n\nYou can replace the default dictionaries with your own routes and credentials files.\nThe repository provides baseline dictionaries in the `dictionaries` folder.\n\n```bash\ndocker run --rm -t --net=host \\\n    -v /my/folder/with/dictionaries:/tmp/dictionaries \\\n    ullaakut/cameradar \\\n    --custom-routes /tmp/dictionaries/my_routes \\\n    --custom-credentials /tmp/dictionaries/my_credentials.json \\\n    --targets 172.19.124.0/24\n```\n\n### Skip discovery with `--skip-scan`\n\nIf you already know the RTSP endpoints, you can skip discovery and treat each\ntarget and port as a stream candidate. This mode does not run nmap and can be\nuseful on restricted networks or when you want to attack a known inventory.\n\nSkipping discovery means:\n\n- Cameradar does not run nmap and does not detect device models.\n- Targets resolve to IP addresses. Hostnames resolve via DNS.\n- CIDR blocks and IPv4 ranges expand to every address in the range.\n- Large ranges create many targets, so use them carefully.\n\nExample:\n\n```bash\ndocker run --rm -t --net=host \\\n    ullaakut/cameradar \\\n    --skip-scan \\\n    --ports \"554,8554\" \\\n    --targets 192.168.1.10\n```\n\nIn this example, Cameradar attempts dictionary attacks against\nports 554 and 8554 of `192.168.1.10`.\n\n## Security and responsible use\n\nCameradar is a penetration testing tool.\nOnly scan networks and devices you own or have explicit permission to test.\nDo not use this tool to access unauthorized systems or streams.\nIf you are unsure, stop and get written approval before scanning.\n\n## Output\n\nCameradar presents results in a readable terminal UI.\nIt logs findings to the console.\nThe report includes discovered hosts, identified device models, and valid routes or credentials.\nIf you specify a path for the `--output` flag, Cameradar also writes an M3U playlist with the discovered streams.\n\n## Check camera access\n\nUse [VLC Media Player](http://www.videolan.org/vlc/) to connect to a stream:\n\n`rtsp://username:password@address:port/route`\n\n## Input file format\n\nThe file can contain IPs, hostnames, IP ranges, and subnets.\nSeparate entries with newlines.\nExample:\n\n```text\n0.0.0.0\nlocalhost\n192.17.0.0/16\n192.168.1.140-255\n192.168.2-3.0-255\n```\n\nWhen you use `--skip-scan`, Cameradar expands each entry into explicit IP\naddresses before building the target list.\n\n## Options\n\n### `TARGETS` / `--targets` / `-t`\n\nThis variable is required.\nIt specifies the target that Cameradar scans and attempts to access.\n\nExamples:\n\n* `172.16.100.0/24`\n* `192.168.1.1`\n* `localhost`\n* `192.168.1.140-255`\n* `192.168.2-3.0-255`\n\n### `PORTS` / `--ports` / `-p`\n\nThis variable is optional and allows you to specify the ports to scan.\n\nDefault value: `554,5554,8554`\n\nChange these only if you are sure cameras stream over different ports.\nMost cameras use these defaults.\n\n### `CUSTOM_ROUTES` / `--custom-routes` / `-r`\n\nThis option is optional.\nIt replaces the default routes dictionary used for the dictionary attack.\n\nIf unset, Cameradar uses the built-in routes dictionary.\n\n### `CUSTOM_CREDENTIALS` / `--custom-credentials` / `-c`\n\nThis option is optional.\nIt replaces the default credentials dictionary used for the dictionary attack.\n\nIf unset, Cameradar uses the built-in credentials dictionary.\n\n### `SCAN_SPEED` / `--scan-speed` / `-s`\n\nThis optional variable sets nmap discovery presets for speed or accuracy.\nLower it on slow networks and raise it on fast networks.\nSee [nmap timing templates](https://nmap.org/book/man-performance.html).\n\nDefault value: `4`\n\n### `SKIP_SCAN` / `--skip-scan`\n\nThis optional flag skips network discovery and assumes every target and port\npair is an RTSP stream.\n\nUse it when you already know the RTSP endpoints or when discovery is blocked.\nFor best results, specify only RTSP ports.\n\nDefault value: `false`\n\n### `ATTACK_INTERVAL` / `--attack-interval` / `-I`\n\nThis optional variable sets a delay between attacks.\nIncrease it for networks that may block brute-force attempts.\nDefault: no delay.\n\nDefault value: `0ms`\n\n### `TIMEOUT` / `--timeout` / `-T`\n\nThis optional variable sets the timeout for requests sent to the cameras.\nIncrease it for slow networks and decrease it for fast networks.\n\nDefault value: `2000ms`\n\n### `DEBUG` / `--debug` / `-d`\n\nThis optional variable enables more verbose output.\n\nIt outputs nmap results, cURL requests, and more.\n\nDefault: `false`\n\n### `UI` / `--ui`\n\nThis option selects the UI mode.\n\n* `auto` selects `tui` if your terminal is interactive, `plain` otherwise\n* `tui` shows a fullscreen interface with a progress bar and shows the results in a table\n* `plain` logs the steps taken by cameradar as plain text and is meant to be used by non-interactive terminals\n\nSupported values: `auto`, `tui`, `plain`\n\nDefault: `auto`\n\n### `OUTPUT` / `--output`\n\nThis optional variable writes an M3U playlist of the discovered streams to the given file path.\n\nExample: `/tmp/cameradar.m3u`\n\n## Build and contribute\n\n### Docker build\n\nRun the following command in the repository root:\n\n`docker build . -t cameradar`\n\nThe resulting image is named `cameradar`.\n\n### Go build\n\n1. `go install github.com/Ullaakut/cameradar/v6/cmd/cameradar@latest`\n\nThe `cameradar` binary is now in `$GOPATH/bin/cameradar`.\n\n## Frequently asked questions\n\n\u003e Cameradar does not detect any camera!\n\nThis usually means the cameras are not streaming over RTSP.\nIt can also mean the targets are not in your scan range.\nCCTV cameras are often on private subnets.\nUse `-t` to set the correct targets.\nIf you still see no results, open an issue with device details.\n\n\u003e Cameradar detects my cameras, but does not manage to access them!\n\nThe camera configuration may have changed, so defaults do not match.\nCameradar uses defaults unless you provide custom dictionaries.\nAdd your credentials and routes, then follow the [configuration](#configuration) section.\n\n\u003e What happened to the C++ version?\n\nThe 1.1.4 tag contains the legacy C++ implementation.\nIt is slower and less stable than the Go version, so it is not recommended to use.\n\n\u003e I want to scan my local network or my own machine, and it does not work! What's going on?\n\nUse `--net=host` when running the Docker image, or use the installed binary.\n\n\u003e I don't have a camera, but I'd like to try Cameradar!\n\nRun the following container, then run Cameradar against it:\n\n`docker run -p 8554:8554 -e RTSP_USERNAME=admin -e RTSP_PASSWORD=12345 -e RTSP_PORT=8554 ullaakut/rtspatt`\n\nCameradar should discover the `admin` / `12345` credentials.\nYou can try other default credentials listed in the dictionaries.\n\n\u003e What authentication types does Cameradar support?\n\nCameradar supports both basic and digest authentication.\n\n## Examples\n\n\u003e Running cameradar on your own machine to scan for default ports\n\n`docker run --rm -t --net=host ullaakut/cameradar --targets localhost`\n\n\u003e Running cameradar with an input file, logs enabled on port 8554\n\n`docker run --rm -t --net=host -v /tmp:/tmp ullaakut/cameradar --targets /tmp/test.txt --ports 8554`\n\n\u003e Running cameradar on a subnetwork with custom dictionaries, on ports 554, 5554 and 8554\n\n`docker run --rm -t --net=host -v /tmp:/tmp ullaakut/cameradar --targets 192.168.0.0/24 --custom-credentials \"/tmp/dictionaries/credentials.json\" --custom-routes \"/tmp/dictionaries/routes\" --ports 554,5554,8554`\n\n## License\n\nCopyright 2026 Ullaakut\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n","funding_links":["https://github.com/sponsors/ullaakut"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fullaakut%2Fcameradar","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fullaakut%2Fcameradar","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fullaakut%2Fcameradar/lists"}