gilles/cameradar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix bug for some cameras running gst rtsp server

Browse Source
This commit is contained in:
Brendan LE GLAUNEC
2017-09-19 11:02:20 +02:00
committed by Brendan Le Glaunec
parent bf3a967fad
commit a2af1329d7
4 changed files with 32 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+8 -4
View File
@@ -34,12 +34,12 @@
Install [docker](https://docs.docker.com/engine/installation/) on your machine, and run the following command:
```bash
docker run ullaakut/cameradar <command-line options>
docker run -t ullaakut/cameradar -t <target> <other command-line options>
```
[See command-line options](#command-line-options).
e.g.: `docker run ullaakut/cameradar -t 192.168.100.0/24 -l` will scan the ports 554 and 8554 of hosts on the 192.168.100.0/24 subnetwork and attack the discovered RTSP streams and will output lots of logs.
e.g.: `docker run -t ullaakut/cameradar -t 192.168.100.0/24 -l` will scan the ports 554 and 8554 of hosts on the 192.168.100.0/24 subnetwork and attack the discovered RTSP streams and will output lots of logs.
* `YOUR_TARGET` can be a subnet (e.g.: `172.16.100.0/24`) or even an IP (e.g.: `172.16.100.10`), a range of IPs (e.g.: `172.16.100.10-172.16.100.20`) or a mix of all those separated by commas (e.g.: `172.17.100.0/24,172.16.100.10-172.16.100.20,0.0.0.0`).
* If you want to get the precise results of the nmap scan in the form of an XML file, you can add `-v /your/path:/tmp/cameradar_scan.xml` to the docker run command, before `ullaakut/cameradar`.
@@ -122,14 +122,14 @@ RTSPURL allows you to generate the full URL of a stream.
The **RTSP port used for most cameras is 554**, so you should probably specify 554 as one of the ports you scan. Not specifying any ports to the cameraccess application will scan the 554 and 8554 ports.
e.g.: `docker run ullaakut/cameradar -p "18554,19000-19010" -t localhost` will scan the ports 18554, and the range of ports between 19000 and 19010 on localhost.
e.g.: `docker run -t ullaakut/cameradar -p "18554,19000-19010" -t localhost` will scan the ports 18554, and the range of ports between 19000 and 19010 on localhost.
You **can use your own files for the ids and routes dictionaries** used to attack the cameras, but the Cameradar repository already gives you a good base that works with most cameras, in the `/dictionaries` folder.
e.g.:
```bash
docker run -v /my/folder/with/dictionaries:/tmp/dictionaries \
docker run -t -v /my/folder/with/dictionaries:/tmp/dictionaries \
ullaakut/cameradar \
-r "/tmp/dictionaries/my_routes" \
-c "/tmp/dictionaries/my_credentials.json" \
@@ -193,6 +193,10 @@ See the cameraccess example. You just need to run `go get github.com/EtixLabs/ca
Use the `--net=host` flag when launching the cameradar image, or use the binary by running `go run cameraccess/main.go`.
> I don't see a colored output :(
You forgot the `-t` flag before `ullaakut/cameradar` in your command-line. This tells docker to allocate a pseudo-tty for cameradar, which makes it able to use colors.
## License
Copyright 2017 Etix Labs
cameraccess/cameradar
Executable
BIN
View File
Binary file not shown.
cameraccess/main.go
+13
View File
@@ -53,9 +53,22 @@ func main() {
}
streams, _ := cmrdr.Discover(options.Target, options.Ports, options.OutputFile, options.Speed, options.EnableLogs)
// Most cameras will be accessed successfully with these two attacks
streams, _ = cmrdr.AttackRoute(streams, routes, time.Duration(options.Timeout)*time.Millisecond, options.EnableLogs)
streams, _ = cmrdr.AttackCredentials(streams, credentials, time.Duration(options.Timeout)*time.Millisecond, options.EnableLogs)
// But some cameras run GST RTSP Server which prioritizes 401 over 404 contrary to most cameras.
// For these cameras, running another route attack will solve the problem.
for _, stream := range streams {
if stream.RouteFound == false || stream.CredentialsFound == false {
streams, _ = cmrdr.AttackRoute(streams, routes, time.Duration(options.Timeout)*time.Millisecond, options.EnableLogs)
break
}
}
streams, _ = cmrdr.AttackRoute(streams, routes, time.Duration(options.Timeout)*time.Millisecond, options.EnableLogs)
prettyPrint(streams)
}
cameradar/discover.go
+11 -1
View File
@@ -48,13 +48,23 @@ func RunNmap(targets, ports string, resultFilePath string, nmapSpeed int, enable
"nmap",
fmt.Sprintf("-T%d", nmapSpeed),
"-A",
targets,
"-p",
ports,
"-oX",
resultFilePath,
targets,
)
fmt.Println(
"nmap",
fmt.Sprintf("-T%d", nmapSpeed),
"-A",
"-p",
ports,
"-oX",
resultFilePath,
targets)
// Pipe stdout to be able to write the logs in realtime
stdout, err := cmd.StdoutPipe()
if err != nil {