RTSP Surveillance Camera Access Multitool
Cameradar hacks its way into RTSP CCTV cameras
Cameradar allows you to:
Detect open RTSP hosts on any accessible target
Get their public info (hostname, port, camera model, etc.)
Bruteforce your way into them to get their stream route (for example /live.sdp)
Bruteforce your way into them to get the username and password of the cameras
Generate thumbnails from them to check if the streams are valid and to have a quick preview of their content
Try to create a Gstreamer pipeline to check if they are properly encoded
Print a summary of all the informations Cameradar could get
Installation
The manual installation is recommended if you want to tweak Cameradar and quickly test them using CMake and running Cameradar in command-line. If you just want to use Cameradar, it is recommended to use the quick install instead.
Dependencies
To install Cameradar you will need these packages
cmake (cmake)
git (git)
gstreamer1.x (libgstreamer1.0-dev)
ffmpeg (ffmpeg)
boost (libboost-all-dev)
libcurl (libcurl4-openssl-dev)
Steps
The simplest way would be to follow these steps :
git clone https://github.com/EtixLabs/cameradar.git
cd cameradar
mkdir build
cd build
cmake ..
make
cd cameradar_standalone
./cameradar -s the_target_you_want_to_scan
Command line options
“-c” : Set a custom path to the configuration file (-c /path/to/conf) <<<<<<< HEAD
“-s” : Set custom subnets (overrides configuration) : You can use this argument in many ways, using a subnet (e.g.: 172.16.100.0/24) or even an IP (e.g.: 172.16.100.10), a range of IPs (e.g.: 172.16.100.10-172.16.100.20) or a mix of all those (e.g.: 172.17.100.0/24,172.16.100.10-172.16.100.20,0.0.0.0). =======
“-s” : Set custom target (overrides configuration)
“-p” : Set custom ports (overrides configuration)
“-m” : Set number of threads (Default value : 1)
“-l” : Set log level
“-l 1” : Log level DEBUG
Will print everything including debugging logs
“-l 2” : Log level INFO
Prints every normal information
“-l 4” : Log level WARNING
Only prints warning and errors
“-l 5” : Log level ERROR
Only prints errors
“-l 6” : Log level CRITICAL
Doesn’t print anything since Cameradar can’t have critical failures right now, however you can use this level to debug your own code easily or if you add new critical layers
“-d” : Launch the discovery tool
“-b” : Launch the bruteforce tool on all discovered devices
Needs either to be launched with the -d option or to use an advanced cache manager (DB, file, …) with data already present
“-t” : Generate thumbnails from detected cameras
Needs either to be launched with the -d option or to use an advanced cache manager (DB, file, …) with data already present
“-g” : Check if the stream can be opened with GStreamer
Needs either to be launched with the -d option or to use an advanced cache manager (DB, file, …) with data already present
“-v” : Display Cameradar’s version
“-h” : Display this help
“–gst-rtsp-server” : Use this option if the bruteforce does not seem to work (only detects the username but not the path, or the opposite). This option will switch the order of the bruteforce to prioritize path over credentials, which is the way priority is handled for cameras that use GStreamer’s RTSP server.
Download
