Cameradar: Camera hacking tool
Cameradar hacks its way into RTSP videosurveillance cameras
Cameradar allows you to:
- Detect open RTSP hosts on any accessible target
- Get their public info (hostname, port, camera model, etc.)
- Launch automated dictionary attacks to get their stream route (for example /live.sdp)
- Launch automated dictionary attacks to get the username and password of the cameras
- Generate thumbnails from them to check if the streams are valid and to have a quick preview of their content
- Try to create a Gstreamer pipeline to check if they are properly encoded
- Print a summary of all the informations Cameradar could get
Quick install
The quick install uses docker to build Cameradar without polluting your machine with dependencies and makes it easy to deploy Cameradar in a few commands. However, it may require networking knowledge, as your docker containers will need access to the cameras subnetwork.
Steps to install
go get github.com/Ullaakut/cameradar
cd $GOPATH/src/github.com/Ullaakut/cameradar
cd cmd/cameradar
go install
The cameradar
binary is now in your $GOPATH/bin
ready to be used. See command line options here.
Commend / code of Camerader
Commend Line which help you to run camerader tool
- -t, --targets": Set target. Required. Target can be a file (see instructions on how to format the file), an IP, an IP range, a subnetwork, or a combination of those. Example:
--targets="192.168.1.72,192.168.1.74"
- "-p, --ports": (Default:
554,5554,8554
) Set custom ports. - "-s, --scan-speed": (Default:
4
) Set custom nmap discovery presets to improve speed or accuracy. It's recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a very performant and reliable network. You might also want to keep it low to keep your discovery stealthy. See this for more info on the nmap timing templates. - "-I, --attack-interval": (Default:
0ms
) Set custom interval after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on fast and reliable networks. - "-T, --timeout": (Default:
2000ms
) Set custom timeout value after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on fast and reliable networks. - "-r, --custom-routes": (Default:
<CAMERADAR_GOPATH>/dictionaries/routes
) Set custom dictionary path for routes - "-c, --custom-credentials": (Default:
<CAMERADAR_GOPATH>/dictionaries/credentials.json
) Set custom dictionary path for credentials - "-o, --nmap-output": (Default:
/tmp/cameradar_scan.xml
) Set custom nmap output path - "-d, --debug": Enable debug logs
- "-v, --verbose": Enable verbose curl logs (not recommended for most use)
- "-h": Display the usage information