diff --git a/README.md b/README.md index 37f32df..3f1f1ed 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,10 @@ [![Docker Pulls](https://img.shields.io/docker/pulls/ullaakut/cameradar.svg?style=flat)](https://hub.docker.com/r/ullaakut/cameradar/) [![Build](https://img.shields.io/travis/EtixLabs/cameradar/master.svg?style=flat)](https://travis-ci.org/EtixLabs/cameradar) [![Go Report Card](https://goreportcard.com/badge/github.com/EtixLabs/cameradar)](https://goreportcard.com/report/github.com/EtixLabs/cameradar) +[![GoDoc](https://godoc.org/github.com/EtixLabs/cameradar?status.svg)](https://godoc.org/github.com/EtixLabs/cameradar) [![Latest release](https://img.shields.io/github/release/EtixLabs/cameradar.svg?style=flat)](https://github.com/EtixLabs/cameradar/releases/latest) -#### Cameradar allows you to: +### Cameradar allows you to * **Detect open RTSP hosts** on any accessible target host * Detect which device model is streaming @@ -20,14 +21,14 @@ ## Table of content -- [Docker Image](#docker-image) -- [Configuration](#configuration) -- [Output](#output) -- [Check camera access](#check-camera-access) -- [Command line options](#command-line-options) -- [Contribution](#contribution) -- [Frequently Asked Questions](#frequently-asked-questions) -- [License](#license) +* [Docker Image](#docker-image) +* [Configuration](#configuration) +* [Output](#output) +* [Check camera access](#check-camera-access) +* [Command line options](#command-line-options) +* [Contribution](#contribution) +* [Frequently Asked Questions](#frequently-asked-questions) +* [License](#license) ## Docker Image for Cameraccess @@ -39,21 +40,21 @@ docker run -t ullaakut/cameradar -t [See command-line options](#command-line-options). -e.g.: `docker run -t ullaakut/cameradar -t 192.168.100.0/24 -l` will scan the ports 554 and 8554 of hosts on the 192.168.100.0/24 subnetwork and attack the discovered RTSP streams and will output lots of logs. +e.g.: `docker run -t ullaakut/cameradar -t 192.168.100.0/24 -l` will scan the ports 554 and 8554 of hosts on the 192.168.100.0/24 subnetwork and attack the discovered RTSP streams and will output debug logs. * `YOUR_TARGET` can be a subnet (e.g.: `172.16.100.0/24`), an IP (e.g.: `172.16.100.10`), or a range of IPs (e.g.: `172.16.100.10-20`). * If you want to get the precise results of the nmap scan in the form of an XML file, you can add `-v /your/path:/tmp/cameradar_scan.xml` to the docker run command, before `ullaakut/cameradar`. * If you use the `-r` and `-c` options to specify your -### Library +## Library ### Dependencies of the library -- `curl-dev` / `libcurl` (depending on your OS) -- `nmap` -- `github.com/pkg/errors` -- `gopkg.in/go-playground/validator.v9` -- `github.com/andelf/go-curl` +* `curl-dev` / `libcurl` (depending on your OS) +* `nmap` +* `github.com/pkg/errors` +* `gopkg.in/go-playground/validator.v9` +* `github.com/andelf/go-curl` #### Installing the library @@ -71,63 +72,31 @@ Here is an overview of the exposed functions of this library: You can use the cameradar library for simple discovery purposes if you don't need to access the cameras but just to be aware of their existence. -

-The Discover function calls the RunNmap function as well as the ParseNmapResults function and returns the discovered streams without attempting any attack. -It will use default values for its calls to RunNmap: - -

-This describes the nmap time presets. You can pass a value between 1 and 5 as described in this table, to the RunNmap function. - -

-The RunNmap function will execute nmap and generate an XML file containing the results of the scan. - -

-The ParseNmapResult function will open the specified XML file and return all open RTSP streams found within it. +

+This describes the nmap time presets. You can pass a value between 1 and 5 as described in this table, to the NmapRun function. #### Attack If you already know which hosts and ports you want to attack, you can also skip the discovery part and use directly the attack functions. The attack functions also take a timeout value as a parameter. -

-The AttackCredentials function takes valid streams as an input (with IP addresses and ports) and will attempt to guess their credentials using the provided dictionary. - -

-The AttackRoute function takes valid streams as an input (with IP addresses and ports) and will attempt to guess their routes using the provided dictionary. - #### Data models Here are the different data models useful to use the exposed functions of the cameradar library. -

+

#### Dictionary loaders The cameradar library also provides two functions that take file paths as inputs and return the appropriate data models filled. -

- -LoadCredentials takes a JSON file that has the same format as [this one](dictionary/credentials.json). - -

- -LoadRoutes takes a file that has the same format as [this one](dictionary/routes). Warning: This file is not JSON. - -#### Miscellaneous - -

- -RTSPURL allows you to generate the full URL of a stream. - -### Configuration +## Configuration The **RTSP port used for most cameras is 554**, so you should probably specify 554 as one of the ports you scan. Not specifying any ports to the cameraccess application will scan the 554 and 8554 ports. -e.g.: `docker run -t ullaakut/cameradar -p "18554,19000-19010" -t localhost` will scan the ports 18554, and the range of ports between 19000 and 19010 on localhost. +`docker run -t ullaakut/cameradar -p "18554,19000-19010" -t localhost` will scan the ports 18554, and the range of ports between 19000 and 19010 on localhost. You **can use your own files for the ids and routes dictionaries** used to attack the cameras, but the Cameradar repository already gives you a good base that works with most cameras, in the `/dictionaries` folder. -e.g.: - ```bash docker run -t -v /my/folder/with/dictionaries:/tmp/dictionaries \ ullaakut/cameradar \ @@ -142,8 +111,7 @@ This will put the contents of your folder containing dictionaries in the docker For each camera, Cameraccess will output this: -

- +

## Check camera access diff --git a/images/AttackCredentials.png b/images/AttackCredentials.png deleted file mode 100644 index 4dc6285..0000000 Binary files a/images/AttackCredentials.png and /dev/null differ diff --git a/images/AttackRoute.png b/images/AttackRoute.png deleted file mode 100644 index 49d9a58..0000000 Binary files a/images/AttackRoute.png and /dev/null differ diff --git a/images/Discover.png b/images/Discover.png deleted file mode 100644 index e1f811f..0000000 Binary files a/images/Discover.png and /dev/null differ diff --git a/images/LoadCredentials.png b/images/LoadCredentials.png deleted file mode 100644 index a2d4672..0000000 Binary files a/images/LoadCredentials.png and /dev/null differ diff --git a/images/LoadRoutes.png b/images/LoadRoutes.png deleted file mode 100644 index 25e9d9e..0000000 Binary files a/images/LoadRoutes.png and /dev/null differ diff --git a/images/Output.png b/images/Output.png deleted file mode 100644 index 77f7f7a..0000000 Binary files a/images/Output.png and /dev/null differ diff --git a/images/ParseNmapResults.png b/images/ParseNmapResults.png deleted file mode 100644 index f7842b2..0000000 Binary files a/images/ParseNmapResults.png and /dev/null differ diff --git a/images/RTSPURL.png b/images/RTSPURL.png deleted file mode 100644 index 4fa083f..0000000 Binary files a/images/RTSPURL.png and /dev/null differ diff --git a/images/RunNmap.png b/images/RunNmap.png deleted file mode 100644 index a9d0bc5..0000000 Binary files a/images/RunNmap.png and /dev/null differ