Cameradar v4 (#212 )

* Refactor of cameradar library * Old unit tests updated & improved. New unit tests inc * Update documentation & issue template * Update dependencies * Update TravisCI build script to reflect argument change * Remove outdated contributing guide * Update README with more examples and remove part on library * Add second camera to Travis build script & improve error detection * Fix typo in travis script & add missing image to readme * Remember that travis uses bash syntax not fish * Use relative paths for images in the README
Remove erroneous route and update dictionary updater (#207 )
2019-05-26 08:33:08 +02:00 · 2019-05-23 09:19:04 +02:00 · 2019-05-23 01:42:04 +02:00 · 2019-05-22 22:25:32 +02:00 · 2019-05-22 22:14:36 +02:00 · 2019-05-22 22:14:36 +02:00
35 changed files with 4045 additions and 226 deletions
@@ -1,28 +1,7 @@
-# Compiled Object files
+# IDE config
-*.slo
+.idea/
-*.lo
+.vscode/
 *.o
 *.obj
-# Precompiled Headers
+# Golang
-*.gch
+/bin/*
-*.pch
+/pkg/*
 # Compiled Dynamic libraries
 *.so
 *.dylib
 *.dll
 # Fortran module files
 *.mod
 # Compiled Static libraries
 *.lai
 *.la
 *.a
 *.lib
 # Executables
 *.exe
 *.out
 *.app
@@ -0,0 +1,7 @@
 # https://github.com/golangci/golangci/wiki/Configuration
 service:
  project-path: github.com/ullaakut/cameradar
  prepare:
    - apt-get update && apt-get install -y libcurl4-gnutls-dev
    - dep ensure
@@ -0,0 +1,54 @@
 dist: trusty
 sudo: required
 language: go
 env:
  - GO111MODULE=on
 services:
  - docker
 before_install:
 - echo "Testing Docker Hub credentials"
 - if [[ "$DOCKER_PASSOWRD" != "" ]]; then docker login -u=$DOCKER_USERNAME -p=$DOCKER_PASSWORD; fi
 - echo "Docker Hub credentials are working"
 # If I see one day that Travis CI updates their default docker version
 # I can remove the lines below. That's why I leave this here :-)
 - docker version
 - sudo apt-get remove docker docker-engine docker.io
 - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
 - sudo apt-get update
 - sudo apt-get install -y docker-ce nmap
 - go get github.com/mattn/goveralls
 - docker version
 install:
 - docker build -t cameradar .
 script:
 # Run unit tests
 - go test -v -covermode=count -coverprofile=coverage.out
 - $HOME/gopath/bin/goveralls -coverprofile=coverage.out -service=travis-ci -repotoken=$COVERALLS_TOKEN
 # Launch fake cameras to check if cameradar is able to access them
 - docker run -d --name="fake_camera_digest" -e RTSP_ROUTE="/live.sdp" -e RTSP_USERNAME="admin" -e RTSP_PASSWORD="12345" -e RTSP_AUTHENTICATION_METHOD="digest" -p 8554:8554 ullaakut/rtspatt
 - docker run -d --name="fake_camera_basic" -e RTSP_ROUTE="/live.sdp" -e RTSP_USERNAME="root" -e RTSP_PASSWORD="root" -e RTSP_AUTHENTICATION_METHOD="digest" -p 5554:5554 ullaakut/rtspatt
 # Launch cameradar on the local machine
 - docker run --net=host -t cameradar -t 0.0.0.0 -p 8554,5554 -v > logs.txt
 # Gather the logs from the cameras
 - docker logs fake_camera_digest > camera_digest_logs.txt
 - docker logs fake_camera_basic > camera_basic_logs.txt
 # Stop the fake cameras
 - docker stop fake_camera_basic
 - docker stop fake_camera_digest
 # Print logs
 - cat camera_digest_logs.txt
 - cat camera_basic_logs.txt
 - cat logs.txt
 - grep "Successful attack" logs.txt || exit 1
 notifications:
  email:
    recipients:
      - brendan.le-glaunec@epitech.eu
    on_success: never
    on_failure: always
@@ -0,0 +1,222 @@
 # Cameradar Changelog
 This file lists all versions of the repository and precises all changes.
 ## v2.0.0
 #### Major changes:
 * Cameradar is no longer a C++ application but a Golang library
 * It is also a Golang application replacing the former C++ one (the C++ Cameradar image can still be used with the tag `1.1.4`)
 * The new docker image is twice lighter (14MB vs 379MB before)
 * The Cameradar golang library enables users to build their own application around camera discovery and attack. Example of applications could be an automatic camera discovery daemon with scheduled scans, a security audit tool to check if CCTV cameras are protected from attacks by being isolated and having strong passwords, etc.
 ## v1.1.4
 #### Minor changes:
 * Simplified use of Docker image
 * Renamed MySQL table name to be more explicit
 * Refactoring of the Golang functional tester done
 * The output was made more human readable
 * Added automatic code quality checks for pull requests
 * Added contribution documentation
 * Updated dictionaries to add user suggestions for Chinese cameras
 * Enhanced `result.json` file's format
 #### Bugfixes:
 * Fixed a bug in the functional testing in which if the `result.json` file was not formatted correctly, the test failed but was still considered a success.
 ## v1.1.3
 #### Minor changes:
 * Added automatic pushes to DockerHub to the travis integration
 * Made travis configuration file better
 * Changed the package generation scripts to make them report errors
 * Removed old etix_rtsp_server binary from the test folder
 #### Bugfixes:
 * Fixed an issue that made it mandatory to launch tests at least once so that they can work the second time
 * Fixed an issue that made the golang testing tool not compile in the testing script
 * Fixed an issue that made the golang testing tool sometimes ignore some tests
 * The previous known issue has been investigated and we don't know where it came from. However after a night of testing I have been unable to reproduce it, so I will consider it closed
 ## v1.1.2
 #### Minor changes:
 * Added travis integration
 * Added default environment value for Docker deployment
 * Updated docker image description with new easy usage
 * Updated README badges style (replaced flat with square-flat)
 * Build last package can now also generate a debug package if given the `Debug` command-line argument
 #### Known issues
 * There is still the issue with Camera Emulation Server, see the [previous version's patchnote](#v1.1.1) for more information.
 ## v1.1.1
 #### Minor changes:
 * Removed unnecessary null pointer checks (thanks to https://github.com/elfring)
 * Updated package description
 * Removed debug message in CMake build
 * Added `/ch01.264` to the URL dictionary in the deployment (Comelit default RTSP URL)
 * Updated tests partially (still needs work to make the code cleaner)
  * Variable names are now compliant with Golang best practices
  * JSON variable names are back to normal
  * Functions have been moved in more appropriate source files
  * Structure definitions have been moved in more appropriate source files
  * Source files have been renamed to be more relevant
  * JUnit output now considers each camera as a test case
  * JUnit output now contains errors which makes debugging much easier
 * Added header files where it was forgotten
 #### Bugfixes:
 * Fixed an issue where if you loose your internet connection during thumbnail generation, FFMpeg would get stuck forever and thus Cameradar would never finish
 * Fixed an issue where multithreading could cause crashes
 * Fixed an issue where the routes dictionary was mistaken for the credentials dictionary
 * Fixed issues with the golang testing tool
  * Fixed automated camera generation
  * Fixed docker IP address resolution
 #### Known issues:
 * There is an issue with Camera Emulation Server that makes it impossible for Cameradar to generate thumbnails, which is why right now the verification of the thumbnails presence is commented and it is assumed correct. It is probably an issue with GST-RTSP-Server but requires investigation.
 ## v1.1.0
 #### Major changes:
 * There are more command line options
  * Port can now be overridden in the command line
  * Target can now be overridden in the command line
 * Bruteforce is now multithreaded and will use as many threads as there are discovered cameras
 * Thumbnail generation is now multithreaded and will use as many threads as there are discovered cameras
 * There are now default configuration values in order to make cameradar easier to use
 #### Minor changes:
 * The algorithms take external input into account (so that a 3rd party can change the DB to help Cameradar in real-time) and thus check the persistent data at each iteration
 * The default log level is now DEBUG instead of INFO
 * The attack logs are now INFO instead of DEBUG
 * The thumbnail generation logs are now INFO instead of DEBUG
 #### Bugs fixed
 * Fixed a bug in which the MySQL cache manager would consider a camera with known ids as having a valid path even if it weren't
 * Fixed a bug in which TCP RTSP streams would not generate thumbnails
 ## v1.0.5
 * Fixed error in MySQL Cache Manager in which thumbnail generation on valid streams could not be done
 * Fixed potential crash in the case the machine running cameradar has no memory left to allocate space for the dynamic cache manager
 ## v1.0.4
 #### Bugs fixed:
 * Fixed nmap package detection
 ## v1.0.3
 #### Bugs fixed:
 * Corrected GStreamer check
 ## v1.0.2
 #### Bugs fixed:
 * Fixed issues in MySQL Cache Manager
 #### Minor changes:
 * Added useful debug logs
 ## v1.0.1
 ### Ubuntu 16.04 Release
 #### Major changes:
 * The Docker deployment is now done using Ubuntu 16.04 instead of Ubuntu 15.10, so that it uses more recent packages.
 #### Minor changes:
 * Removed useless dependencies
 ## v1.0.0
 ### First production-ready release
 #### Major changes:
 * Added functional testing
 ## v0.2.2
 After doing some testing on a weirdly configured camera network in a far away Datacenter, I discovered that some Cameras needed a few tweaks to the Cameradar attack method in order to be accessed.
 #### Major changes:
 * Cameradar can access Cameras that are configured to always send 400 Bad Requests responses
 #### Minor changes:
 * Changed iterator name from `it` to `stream` in dumb cache manager to improve code readability
 #### Bugfixes:
 * Cameradar no longer considers a timing out Camera as an accessible stream
 ## v0.2.1
 This package adds fixes the Docker deployment package.
 #### Minor changes
 * Fixed the Docker deployment package
 * Updated README
 ## v0.2.0
 ### MySQL Cache Manager Release
 This package adds a new cache manager using a MySQL database, that can store the results between mutiple uses.
 #### Major changes
 * Added a MySQL Cache Manager
 #### Minor changes
 * Removed legacy code
 * Removed boost dependency
 * Improved debugging logs
 ## v0.1.1
 ### Docker release
 This package adds a way to deploy Cameradar using Docker.
 #### Major changes
 * Added a quick Docker deployment process
 * Added automatic dependencies downloading through CMake for the manual installation
 * Added CPack packaging for the Docker deployment
 #### Minor changes
 * Changed recommended cloning method to HTTPS
 * Added lots of informations to README.md
 ## v0.1.0
 This package was the first OpenSource version of Cameradar. It contained only a simple cache manager and had some bugs.
@@ -0,0 +1,34 @@
 # Build stage
 FROM golang:alpine AS build-env
 COPY . /go/src/github.com/ullaakut/cameradar
 WORKDIR /go/src/github.com/ullaakut/cameradar/cmd/cameradar
 RUN apk update && \
    apk upgrade && \
    apk add nmap nmap-nselibs nmap-scripts \
    curl curl-dev \
    gcc \
    libc-dev \
    git \
    pkgconfig
 ENV GO111MODULE=on
 RUN go version
 RUN go build -o cameradar
 # Final stage
 FROM alpine
 RUN apk --update add --no-cache nmap \
    nmap-nselibs \
    nmap-scripts \
    curl-dev
 WORKDIR /app/cameradar
 COPY --from=build-env /go/src/github.com/ullaakut/cameradar/dictionaries/ /app/dictionaries/
 COPY --from=build-env /go/src/github.com/ullaakut/cameradar/cmd/cameradar/ /app/cameradar/
 ENV CAMERADAR_CUSTOM_ROUTES="/app/dictionaries/routes"
 ENV CAMERADAR_CUSTOM_CREDENTIALS="/app/dictionaries/credentials.json"
 ENTRYPOINT ["/app/cameradar/cameradar"]
@@ -0,0 +1,52 @@
 First, make sure that none of the open and closed issues is about the same issue as you are describing, and make sure to check the frequently asked questions in the README file.
 Then, replace the parts of this template that are between <angle brackets> with the data relative to your issue.
 **If you're reporting a bug, use the template below. Otherwise, delete this template and write your issue normally.**
 ## Context
 Please select one:
 - [ ] I use the docker image `ullaakut/cameradar`
 - [ ] I use my own build of the docker image
 - [ ] I use the pre-compiled binary
 - [ ] I use my own build of the binary
 - [ ] None of the above / I don't know
 Please select one:
 - [ ] I use a specific version: <version tag>
 - [ ] I use the latest commit of the master branch
 - [ ] I use the latest commit of the develop branch
 - [ ] I use a forked version of the repository: <fork URL>
 - [ ] I use a specific commit: <commit hash>
 ## Environment
 My operating system:
 - [ ] Windows
 - [ ] OSX
 - [ ] Linux
 - [ ] Other
 OS version:      <version>
 OS architecture: <architecture>
 ## Issue
 ### What was expected
 <expected behavior>
 ### What happened
 <observed behavior>
 ### Logs
 If your issue is with Cameradar's binary or docker image, please run it with `-v` to print verbose logs, and paste them here:
 ```
 <cameradar logs>
 ```
@@ -1,201 +1,17 @@
-                                 Apache License
+Permission is hereby granted, free of charge, to any person obtaining a copy
-                           Version 2.0, January 2004
+of this software and associated documentation files (the "Software"), to deal
-                        http://www.apache.org/licenses/
+in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
-   1. Definitions.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-      "License" shall mean the terms and conditions for use, reproduction,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-      and distribution as defined by Sections 1 through 9 of this document.
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-      "Licensor" shall mean the copyright owner or entity authorized by
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-      the copyright owner that is granting the License.
+DEALINGS IN THE SOFTWARE.
      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.
      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.
      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.
      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.
      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).
      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the
      editorial revisions, annotations, elaborations, or other modifications
      represent, as a whole, an original work of authorship. For the purposes
      of this License, Derivative Works shall not include works that remain
      separable from, or merely link (or bind by name) to the interfaces of,
      the Work and Derivative Works thereof.
      "Contribution" shall mean any work of authorship, including
      the original version of the Work and any modifications or additions
      to that Work or Derivative Works thereof, that is intentionally
      submitted to Licensor for inclusion in the Work by the copyright owner
      or by an individual or Legal Entity authorized to submit on behalf of
      the copyright owner. For the purposes of this definition, "submitted"
      means any form of electronic, verbal, or written communication sent
      to the Licensor or its representatives, including but not limited to
      communication on electronic mailing lists, source code control systems,
      and issue tracking systems that are managed by, or on behalf of, the
      Licensor for the purpose of discussing and improving the Work, but
      excluding communication that is conspicuously marked or otherwise
      designated in writing by the copyright owner as "Not a Contribution."
      "Contributor" shall mean Licensor and any individual or Legal Entity
      on behalf of whom a Contribution has been received by Licensor and
      subsequently incorporated within the Work.
   2. Grant of Copyright License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      copyright license to reproduce, prepare Derivative Works of,
      publicly display, publicly perform, sublicense, and distribute the
      Work and such Derivative Works in Source or Object form.
   3. Grant of Patent License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      (except as stated in this section) patent license to make, have made,
      use, offer to sell, sell, import, and otherwise transfer the Work,
      where such license applies only to those patent claims licensable
      by such Contributor that are necessarily infringed by their
      Contribution(s) alone or by combination of their Contribution(s)
      with the Work to which such Contribution(s) was submitted. If You
      institute patent litigation against any entity (including a
      cross-claim or counterclaim in a lawsuit) alleging that the Work
      or a Contribution incorporated within the Work constitutes direct
      or contributory patent infringement, then any patent licenses
      granted to You under this License for that Work shall terminate
      as of the date such litigation is filed.
   4. Redistribution. You may reproduce and distribute copies of the
      Work or Derivative Works thereof in any medium, with or without
      modifications, and in Source or Object form, provided that You
      meet the following conditions:
      (a) You must give any other recipients of the Work or
          Derivative Works a copy of this License; and
      (b) You must cause any modified files to carry prominent notices
          stating that You changed the files; and
      (c) You must retain, in the Source form of any Derivative Works
          that You distribute, all copyright, patent, trademark, and
          attribution notices from the Source form of the Work,
          excluding those notices that do not pertain to any part of
          the Derivative Works; and
      (d) If the Work includes a "NOTICE" text file as part of its
          distribution, then any Derivative Works that You distribute must
          include a readable copy of the attribution notices contained
          within such NOTICE file, excluding those notices that do not
          pertain to any part of the Derivative Works, in at least one
          of the following places: within a NOTICE text file distributed
          as part of the Derivative Works; within the Source form or
          documentation, if provided along with the Derivative Works; or,
          within a display generated by the Derivative Works, if and
          wherever such third-party notices normally appear. The contents
          of the NOTICE file are for informational purposes only and
          do not modify the License. You may add Your own attribution
          notices within Derivative Works that You distribute, alongside
          or as an addendum to the NOTICE text from the Work, provided
          that such additional attribution notices cannot be construed
          as modifying the License.
      You may add Your own copyright statement to Your modifications and
      may provide additional or different license terms and conditions
      for use, reproduction, or distribution of Your modifications, or
      for any such Derivative Works as a whole, provided Your use,
      reproduction, and distribution of the Work otherwise complies with
      the conditions stated in this License.
   5. Submission of Contributions. Unless You explicitly state otherwise,
      any Contribution intentionally submitted for inclusion in the Work
      by You to the Licensor shall be under the terms and conditions of
      this License, without any additional terms or conditions.
      Notwithstanding the above, nothing herein shall supersede or modify
      the terms of any separate license agreement you may have executed
      with Licensor regarding such Contributions.
   6. Trademarks. This License does not grant permission to use the trade
      names, trademarks, service marks, or product names of the Licensor,
      except as required for reasonable and customary use in describing the
      origin of the Work and reproducing the content of the NOTICE file.
   7. Disclaimer of Warranty. Unless required by applicable law or
      agreed to in writing, Licensor provides the Work (and each
      Contributor provides its Contributions) on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
      implied, including, without limitation, any warranties or conditions
      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
      PARTICULAR PURPOSE. You are solely responsible for determining the
      appropriateness of using or redistributing the Work and assume any
      risks associated with Your exercise of permissions under this License.
   8. Limitation of Liability. In no event and under no legal theory,
      whether in tort (including negligence), contract, or otherwise,
      unless required by applicable law (such as deliberate and grossly
      negligent acts) or agreed to in writing, shall any Contributor be
      liable to You for damages, including any direct, indirect, special,
      incidental, or consequential damages of any character arising as a
      result of this License or out of the use or inability to use the
      Work (including but not limited to damages for loss of goodwill,
      work stoppage, computer failure or malfunction, or any and all
      other commercial damages or losses), even if such Contributor
      has been advised of the possibility of such damages.
   9. Accepting Warranty or Additional Liability. While redistributing
      the Work or Derivative Works thereof, You may choose to offer,
      and charge a fee for, acceptance of support, warranty, indemnity,
      or other liability obligations and/or rights consistent with this
      License. However, in accepting such obligations, You may act only
      on Your own behalf and on Your sole responsibility, not on behalf
      of any other Contributor, and only if You agree to indemnify,
      defend, and hold each Contributor harmless for any liability
      incurred by, or claims asserted against, such Contributor by reason
      of your accepting any such warranty or additional liability.
   END OF TERMS AND CONDITIONS
   APPENDIX: How to apply the Apache License to your work.
      To apply the Apache License to your work, attach the following
      boilerplate notice, with the fields enclosed by brackets "{}"
      replaced with your own identifying information. (Don't include
      the brackets!)  The text should be enclosed in the appropriate
      comment syntax for the file format. We also recommend that a
      file or class name and description of purpose be included on the
      same "printed page" as the copyright notice for easier
      identification within third-party archives.
   Copyright {yyyy} {name of copyright owner}
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
       http://www.apache.org/licenses/LICENSE-2.0
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
@@ -0,0 +1,288 @@
 # Cameradar
 <p align="center">
    <img src="images/Cameradar.gif" width="100%"/>
 </p>
 <p align="center">
    <a href="#license">
        <img src="https://img.shields.io/badge/license-Apache-blue.svg?style=flat" />
    </a>
    <a href="https://hub.docker.com/r/ullaakut/cameradar/">
        <img src="https://img.shields.io/docker/pulls/ullaakut/cameradar.svg?style=flat" />
    </a>
    <a href="https://travis-ci.org/Ullaakut/cameradar">
        <img src="https://travis-ci.org/Ullaakut/cameradar.svg?branch=master" />
    </a>
    <a href='https://coveralls.io/github/Ullaakut/cameradar?branch=master'>
        <img src='https://coveralls.io/repos/github/Ullaakut/cameradar/badge.svg?branch=master' alt='Coverage Status' />
    </a>
    <a href="https://golangci.com/r/github.com/ullaakut/cameradar">
        <img src="https://golangci.com/badges/github.com/ullaakut/cameradar.svg" />
    </a>
    <a href="https://goreportcard.com/report/github.com/ullaakut/cameradar">
        <img src="https://goreportcard.com/badge/github.com/ullaakut/cameradar" />
    </a>
    <a href="https://github.com/ullaakut/cameradar/releases/latest">
        <img src="https://img.shields.io/github/release/Ullaakut/cameradar.svg?style=flat" />
    </a>
    <a href="https://godoc.org/github.com/ullaakut/cameradar">
        <img src="https://godoc.org/github.com/ullaakut/cameradar?status.svg" />
    </a>
 </p>
 ## An RTSP stream access tool that comes with its library
 ### Cameradar allows you to
 * **Detect open RTSP hosts** on any accessible target host
 * Detect which device model is streaming
 * Launch automated dictionary attacks to get their **stream route** (e.g.: `/live.sdp`)
 * Launch automated dictionary attacks to get the **username and password** of the cameras
 * Retrieve a complete and user-friendly report of the results
 <p align="center"><img src="images/Cameradar.png" width="250"/></p>
 ## Table of content
 * [Docker Image](#docker-image)
 * [Configuration](#configuration)
 * [Output](#output)
 * [Check camera access](#check-camera-access)
 * [Command-line options](#command-line-options)
 * [Contribution](#contribution)
 * [Frequently Asked Questions](#frequently-asked-questions)
 * [License](#license)
 ## Docker Image for Cameradar
 <p align="center"><img src="images/CameradarV4.png" width="70%"/></p>
 Install [docker](https://docs.docker.com/engine/installation/) on your machine, and run the following command:
 ```bash
 docker run -t ullaakut/cameradar -t <target> <other command-line options>
 ```
 [See command-line options](#command-line-options).
 e.g.: `docker run -t ullaakut/cameradar -t 192.168.100.0/24` will scan the ports 554, 5554 and 8554 of hosts on the 192.168.100.0/24 subnetwork and attack the discovered RTSP streams and will output debug logs.
 * `YOUR_TARGET` can be a subnet (e.g.: `172.16.100.0/24`), an IP (e.g.: `172.16.100.10`), or a range of IPs (e.g.: `172.16.100.10-20`).
 * If you want to get the precise results of the nmap scan in the form of an XML file, you can add `-v /your/path:/tmp/cameradar_scan.xml` to the docker run command, before `ullaakut/cameradar`.
 * If you use the `-r` and `-c` options to specify your custom dictionaries, make sure to also use a volume to add them to the docker container. Example: `docker run -t -v /path/to/dictionaries/:/tmp/ ullaakut/cameradar -r /tmp/myroutes -c /tmp/mycredentials.json -t mytarget`
 ## Installing the binary on your machine
 Only use this solution if for some reason using docker is not an option for you or if you want to locally build Cameradar on your machine.
 ### Dependencies
 * `go` (> `1.10`)
 ### Steps to install
 Make sure you installed the dependencies mentionned above, and that you have Go modules enabled (`GO111MODULE=on`)
 1. `go get github.com/ullaakut/cameradar`
 2. `cd $GOPATH/src/github.com/ullaakut/cameradar`
 3. `cd cameradar`
 4. `go install`
 The `cameradar` binary is now in your `$GOPATH/bin` ready to be used. See command line options [here](#command-line-options).
 ## Configuration
 The **RTSP port used for most cameras is 554**, so you should probably specify 554 as one of the ports you scan. Not specifying any ports to the cameradar application will scan the 554, 5554 and 8554 ports.
 `docker run -t --net=host ullaakut/cameradar -p "18554,19000-19010" -t localhost` will scan the ports `18554`, and the range of ports between `19000` and `19010` on `localhost`.
 You **can use your own files for the credentials and routes dictionaries** used to attack the cameras, but the Cameradar repository already gives you a good base that works with most cameras, in the `/dictionaries` folder.
 ```bash
 docker run -t -v /my/folder/with/dictionaries:/tmp/dictionaries \
           ullaakut/cameradar \
           -r "/tmp/dictionaries/my_routes" \
           -c "/tmp/dictionaries/my_credentials.json" \
           -t 172.19.124.0/24
 ```
 This will put the contents of your folder containing dictionaries in the docker image and will use it for the dictionary attack instead of the default dictionaries provided in the cameradar repo.
 ## Check camera access
 If you have [VLC Media Player](http://www.videolan.org/vlc/), you should be able to use the GUI or the command-line to connect to the RTSP stream using this format: `rtsp://username:password@address:port/route`
 ## Command-line options
 * **"-t, --targets"**: Set target. Required. Target can be a file (see [instructions on how to format the file](#format-input-file)), an IP, an IP range, a subnetwork, or a combination of those. Example: `--targets="192.168.1.72,192.168.1.74"`
 * **"-p, --ports"**: (Default: `554,5554,8554`) Set custom ports.
 * **"-s, --speed"**: (Default: `4`) Set custom nmap discovery presets to improve speed or accuracy. It's recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a very performant and reliable network. You might also want to keep it low to keep your discovery stealthy. See [this for more info on the nmap timing templates](https://nmap.org/book/man-performance.html).
 * **"-T, --timeout"**: (Default: `2000`) Set custom timeout value in miliseconds after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on very performant and reliable networks.
 * **"-r, --custom-routes"**: (Default: `<CAMERADAR_GOPATH>/dictionaries/routes`) Set custom dictionary path for routes
 * **"-c, --custom-credentials"**: (Default: `<CAMERADAR_GOPATH>/dictionaries/credentials.json`) Set custom dictionary path for credentials
 * **"-o, --nmap-output"**: (Default: `/tmp/cameradar_scan.xml`) Set custom nmap output path
 * **"-d, --debug"**: Enable debug logs
 * **"-v, --verbose"**: Enable verbose curl logs (not recommended for most use)
 * **"-h"**: Display the usage information
 ## Format input file
 The file can contain IPs, hostnames, IP ranges and subnetwork, separated by newlines. Example:
 ```go
 0.0.0.0
 localhost
 192.17.0.0/16
 192.168.1.140-255
 192.168.2-3.0-255
 ```
 ## Environment Variables
 ### `CAMERADAR_TARGET`
 This variable is mandatory and specifies the target that cameradar should scan and attempt to access RTSP streams on.
 Examples:
 * `172.16.100.0/24`
 * `192.168.1.1`
 * `localhost`
 * `192.168.1.140-255`
 * `192.168.2-3.0-255`
 ### `CAMERADAR_PORTS`
 This variable is optional and allows you to specify the ports on which to run the scans.
 Default value: `554,5554,8554`
 It is recommended not to change these except if you are certain that cameras have been configured to stream RTSP over a different port. 99.9% of cameras are streaming on these ports.
 ### `CAMERADAR_NMAP_OUTPUT_FILE`
 This variable is optional and allows you to specify on which file nmap will write its output.
 Default value: `/tmp/cameradar_scan.xml`
 This can be useful only if you want to read the files yourself, if you don't want it to write in your `/tmp` folder, or if you want to use only the RunNmap function in cameradar, and do its parsing manually.
 ### `CAMERADAR_CUSTOM_ROUTES`, `CAMERADAR_CUSTOM_CREDENTIALS`
 These variables are optional, allowing to replace the default dictionaries with custom ones, for the dictionary attack.
 Default values: `<CAMERADAR_GOPATH>/dictionaries/routes` and `<CAMERADAR_GOPATH>/dictionaries/credentials.json`
 ### `CAMERADAR_SPEED`
 This optional variable allows you to set custom nmap discovery presets to improve speed or accuracy. It's recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a very performant and reliable network. See [this for more info on the nmap timing templates](https://nmap.org/book/man-performance.html).
 Default value: `4`
 ### `CAMERADAR_TIMEOUT`
 This optional variable allows you to set custom timeout value in miliseconds after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on very performant and reliable networks.
 Default value: `2000`
 ### `CAMERADAR_LOGGING`
 This optional variable allows you to enable a more verbose output to have more information about what is going on.
 It will output nmap results, cURL requests, etc.
 Default: `false`
 ## Contribution
 ### Build
 #### Docker build
 To build the docker image, simply run `docker build -t . cameradar` in the root of the project.
 Your image will be called `cameradar` and NOT `ullaakut/cameradar`.
 #### Go build
 Make sure you installed the [dependencies](#dependencies), and that you have Go modules enabled (`GO111MODULE=on`)
 1. `go get github.com/ullaakut/cameradar`
 2. `cd $GOPATH/src/github.com/ullaakut/cameradar`
 3. `cd cameradar`
 4. `go build`
 The cameradar binary is now in the root of the directory.
 See [the contribution document](/CONTRIBUTING.md) to get started.
 ## Frequently Asked Questions
 > Cameradar does not detect any camera!
 That means that either your cameras are not streaming in RTSP or that they are not on the target you are scanning. In most cases, CCTV cameras will be on a private subnetwork, isolated from the internet. Use the `-t` option to specify your target. If you are sure you did everything right but it still does not work, please open an issue with details on the device you are trying to access 🙏
 > Cameradar detects my cameras, but does not manage to access them at all!
 Maybe your cameras have been configured and the credentials / URL have been changed. Cameradar only guesses using default constructor values if a custom dictionary is not provided. You can use your own dictionaries in which you just have to add your credentials and RTSP routes. To do that, see how the [configuration](#configuration) works. Also, maybe your camera's credentials are not yet known, in which case if you find them it would be very nice to add them to the Cameradar dictionaries to help other people in the future.
 > What happened to the C++ version?
 You can still find it under the 1.1.4 tag on this repo, however it was less performant and stable than the current version written in Golang. It is not recommended to use it.
 > How to use the Cameradar library for my own project?
 See the example in `/cmd/cameradar`. You just need to run `go get github.com/ullaakut/cameradar` and to use the `cameradar` package in your code. You can find the documentation on [godoc](https://godoc.org/github.com/ullaakut/cameradar).
 > I want to scan my own localhost for some reason and it does not work! What's going on?
 Use the `--net=host` flag when launching the cameradar image, or use the binary by running `go run cameradar/cameradar.go` or [installing it](#installing-the-binary).
 > I don't see a colored output:(
 You forgot the `-t` flag before `ullaakut/cameradar` in your command-line. This tells docker to allocate a pseudo-tty for cameradar, which makes it able to use colors.
 > I don't have a camera but I'd like to try Cameradar!
 Simply run `docker run -p 8554:8554 -e RTSP_USERNAME=admin -e RTSP_PASSWORD=12345 -e RTSP_PORT=8554 ullaakut/rtspatt` and then run cameradar and it should guess that the username is admin and the password is 12345. You can try this with any default constructor credentials (they can be found [here](dictionaries/credentials.json)).
 > What authentication types does Cameradar support?
 Cameradar supports both basic and digest authentication.
 ## Examples
 > Running cameradar on your own machine to scan for default ports
 `docker run --net=host -t ullaakut/cameradar -t localhost`
 > Running cameradar with an input file, logs enabled on port 8554
 `docker run -v /tmp:/tmp --net=host -t ullaakut/cameradar -t /tmp/test.txt -p 8554`
 > Running cameradar on a subnetwork with custom dictionaries, on ports 554, 5554 and 8554
 `docker run -v /tmp:/tmp --net=host -t ullaakut/cameradar -t 192.168.0.0/24 --custom-credentials="/tmp/dictionaries/credentials.json" --custom-routes="/tmp/dictionaries/routes" -p 554,5554,8554`
 ## License
 Copyright 2019 Ullaakut
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,380 @@
 package cameradar
 import (
 	"fmt"
 	"time"
 	curl "github.com/ullaakut/go-curl"
 )
 // HTTP responses.
 const (
 	httpOK           = 200
 	httpUnauthorized = 401
 	httpForbidden    = 403
 	httpNotFound     = 404
 )
 // CURL RTSP request types.
 const (
 	rtspDescribe = 2
 	rtspSetup    = 4
 )
 // Attack attacks the given targets and returns the accessed streams.
 func (s *Scanner) Attack(targets []Stream) ([]Stream, error) {
 	if len(targets) == 0 {
 		return nil, fmt.Errorf("unable to attack empty list of targets")
 	}
 	// Most cameras will be accessed successfully with these two attacks.
 	s.term.StartStepf("Attacking routes of %d streams", len(targets))
 	streams := s.AttackRoute(targets)
 	s.term.StartStepf("Attempting to detect authentication methods of %d streams", len(targets))
 	streams = s.DetectAuthMethods(streams)
 	s.term.StartStepf("Attacking credentials of %d streams", len(targets))
 	streams = s.AttackCredentials(streams)
 	// But some cameras run GST RTSP Server which prioritizes 401 over 404 contrary to most cameras.
 	// For these cameras, running another route attack will solve the problem.
 	for _, stream := range streams {
 		if !stream.RouteFound || !stream.CredentialsFound {
 			s.term.StartStepf("Second round of attacks")
 			streams = s.AttackRoute(streams)
 			break
 		}
 	}
 	s.term.StartStep("Validating that streams are accessible")
 	streams = s.ValidateStreams(streams)
 	s.term.EndStep()
 	return streams, nil
 }
 // ValidateStreams tries to setup the stream to validate whether or not it is available.
 func (s *Scanner) ValidateStreams(targets []Stream) []Stream {
 	for i := range targets {
 		targets[i].Available = s.validateStream(targets[i])
 	}
 	return targets
 }
 // AttackCredentials attempts to guess the provided targets' credentials using the given
 // dictionary or the default dictionary if none was provided by the user.
 func (s *Scanner) AttackCredentials(targets []Stream) []Stream {
 	resChan := make(chan Stream)
 	defer close(resChan)
 	for i := range targets {
 		// TODO: Perf Improvement: Skip cameras with no auth type detected, and set their
 		// CredentialsFound value to true.
 		go s.attackCameraCredentials(targets[i], resChan)
 	}
 	attackResults := []Stream{}
 	// TODO: Change this into a for+select and make a successful result close the chan.
 	for range targets {
 		attackResults = append(attackResults, <-resChan)
 	}
 	for i := range attackResults {
 		if attackResults[i].CredentialsFound {
 			targets = replace(targets, attackResults[i])
 		}
 	}
 	return targets
 }
 // AttackRoute attempts to guess the provided targets' streaming routes using the given
 // dictionary or the default dictionary if none was provided by the user.
 func (s *Scanner) AttackRoute(targets []Stream) []Stream {
 	resChan := make(chan Stream)
 	defer close(resChan)
 	for i := range targets {
 		go s.attackCameraRoute(targets[i], resChan)
 	}
 	attackResults := []Stream{}
 	// TODO: Change this into a for+select and make a successful result close the chan.
 	for range targets {
 		attackResults = append(attackResults, <-resChan)
 	}
 	for i := range attackResults {
 		if attackResults[i].RouteFound {
 			targets = replace(targets, attackResults[i])
 		}
 	}
 	return targets
 }
 // DetectAuthMethods attempts to guess the provided targets' authentication types, between
 // digest, basic auth or none at all.
 func (s *Scanner) DetectAuthMethods(targets []Stream) []Stream {
 	for i := range targets {
 		targets[i].AuthenticationType = s.detectAuthMethod(targets[i])
 		var authMethod string
 		switch targets[i].AuthenticationType {
 		case 0:
 			authMethod = "no"
 		case 1:
 			authMethod = "basic"
 		case 2:
 			authMethod = "digest"
 		}
 		s.term.Debugf("Stream %s uses %s authentication method\n", GetCameraRTSPURL(targets[i]), authMethod)
 	}
 	return targets
 }
 func (s *Scanner) attackCameraCredentials(target Stream, resChan chan<- Stream) {
 	for _, username := range s.credentials.Usernames {
 		for _, password := range s.credentials.Passwords {
 			ok := s.credAttack(target, username, password)
 			if ok {
 				target.CredentialsFound = true
 				target.Username = username
 				target.Password = password
 				resChan <- target
 				return
 			}
 		}
 	}
 	target.CredentialsFound = false
 	resChan <- target
 }
 func (s *Scanner) attackCameraRoute(target Stream, resChan chan<- Stream) {
 	for _, route := range s.routes {
 		ok := s.routeAttack(target, route)
 		if ok {
 			target.RouteFound = true
 			target.Route = route
 			resChan <- target
 			return
 		}
 	}
 	target.RouteFound = false
 	resChan <- target
 }
 func (s *Scanner) detectAuthMethod(stream Stream) int {
 	c := s.curl.Duphandle()
 	attackURL := fmt.Sprintf(
 		"rtsp://%s:%d/%s",
 		stream.Address,
 		stream.Port,
 		stream.Route,
 	)
 	s.setCurlOptions(c)
 	// Send a request to the URL of the stream we want to attack.
 	_ = c.Setopt(curl.OPT_URL, attackURL)
 	// Set the RTSP STREAM URI as the stream URL.
 	_ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL)
 	// 2 is CURL_RTSPREQ_DESCRIBE.
 	_ = c.Setopt(curl.OPT_RTSP_REQUEST, 2)
 	// Perform the request.
 	err := c.Perform()
 	if err != nil {
 		s.term.Debugf("Perform failed: %v", err)
 		return -1
 	}
 	authType, err := c.Getinfo(curl.INFO_HTTPAUTH_AVAIL)
 	if err != nil {
 		s.term.Debugf("Getinfo failed: %v", err)
 		return -1
 	}
 	if s.verbose {
 		s.term.Debugln("DESCRIBE", attackURL, "RTSP/1.0 >", authType)
 	}
 	return authType.(int)
 }
 func (s *Scanner) routeAttack(stream Stream, route string) bool {
 	c := s.curl.Duphandle()
 	attackURL := fmt.Sprintf(
 		"rtsp://%s:%s@%s:%d/%s",
 		stream.Username,
 		stream.Password,
 		stream.Address,
 		stream.Port,
 		route,
 	)
 	s.setCurlOptions(c)
 	// Set proper authentication type.
 	_ = c.Setopt(curl.OPT_HTTPAUTH, stream.AuthenticationType)
 	_ = c.Setopt(curl.OPT_USERPWD, fmt.Sprint(stream.Username, ":", stream.Password))
 	// Send a request to the URL of the stream we want to attack.
 	_ = c.Setopt(curl.OPT_URL, attackURL)
 	// Set the RTSP STREAM URI as the stream URL.
 	_ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL)
 	// 2 is CURL_RTSPREQ_DESCRIBE.
 	_ = c.Setopt(curl.OPT_RTSP_REQUEST, rtspDescribe)
 	// Perform the request.
 	err := c.Perform()
 	if err != nil {
 		s.term.Debugf("Perform failed: %v", err)
 		return false
 	}
 	// Get return code for the request.
 	rc, err := c.Getinfo(curl.INFO_RESPONSE_CODE)
 	if err != nil {
 		s.term.Debugf("Getinfo failed: %v", err)
 		return false
 	}
 	if s.verbose {
 		s.term.Debugln("DESCRIBE", attackURL, "RTSP/1.0 >", rc)
 	}
 	// If it's a 401 or 403, it means that the credentials are wrong but the route might be okay.
 	// If it's a 200, the stream is accessed successfully.
 	if rc == httpOK || rc == httpUnauthorized || rc == httpForbidden {
 		return true
 	}
 	return false
 }
 func (s *Scanner) credAttack(stream Stream, username string, password string) bool {
 	c := s.curl.Duphandle()
 	attackURL := fmt.Sprintf(
 		"rtsp://%s:%s@%s:%d/%s",
 		username,
 		password,
 		stream.Address,
 		stream.Port,
 		stream.Route,
 	)
 	s.setCurlOptions(c)
 	// Set proper authentication type.
 	_ = c.Setopt(curl.OPT_HTTPAUTH, stream.AuthenticationType)
 	_ = c.Setopt(curl.OPT_USERPWD, fmt.Sprint(username, ":", password))
 	// Send a request to the URL of the stream we want to attack.
 	_ = c.Setopt(curl.OPT_URL, attackURL)
 	// Set the RTSP STREAM URI as the stream URL.
 	_ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL)
 	// 2 is CURL_RTSPREQ_DESCRIBE.
 	_ = c.Setopt(curl.OPT_RTSP_REQUEST, 2)
 	// Perform the request.
 	err := c.Perform()
 	if err != nil {
 		s.term.Debugf("Perform failed: %v", err)
 		return false
 	}
 	// Get return code for the request.
 	rc, err := c.Getinfo(curl.INFO_RESPONSE_CODE)
 	if err != nil {
 		s.term.Debugf("Getinfo failed: %v", err)
 		return false
 	}
 	if s.verbose {
 		s.term.Debugln("DESCRIBE", attackURL, "RTSP/1.0 >", rc)
 	}
 	// If it's a 404, it means that the route is incorrect but the credentials might be okay.
 	// If it's a 200, the stream is accessed successfully.
 	if rc == httpOK || rc == httpNotFound {
 		return true
 	}
 	return false
 }
 func (s *Scanner) validateStream(stream Stream) bool {
 	c := s.curl.Duphandle()
 	attackURL := fmt.Sprintf(
 		"rtsp://%s:%s@%s:%d/%s",
 		stream.Username,
 		stream.Password,
 		stream.Address,
 		stream.Port,
 		stream.Route,
 	)
 	s.setCurlOptions(c)
 	// Set proper authentication type.
 	_ = c.Setopt(curl.OPT_HTTPAUTH, stream.AuthenticationType)
 	_ = c.Setopt(curl.OPT_USERPWD, fmt.Sprint(stream.Username, ":", stream.Password))
 	// Send a request to the URL of the stream we want to attack.
 	_ = c.Setopt(curl.OPT_URL, attackURL)
 	// Set the RTSP STREAM URI as the stream URL.
 	_ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL)
 	// 2 is CURL_RTSPREQ_SETUP.
 	_ = c.Setopt(curl.OPT_RTSP_REQUEST, rtspSetup)
 	_ = c.Setopt(curl.OPT_RTSP_TRANSPORT, "RTP/AVP;unicast;client_port=33332-33333")
 	// Perform the request.
 	err := c.Perform()
 	if err != nil {
 		s.term.Debugf("Perform failed: %v", err)
 		return false
 	}
 	// Get return code for the request.
 	rc, err := c.Getinfo(curl.INFO_RESPONSE_CODE)
 	if err != nil {
 		s.term.Debugf("Getinfo failed: %v", err)
 		return false
 	}
 	if s.verbose {
 		s.term.Debugln("SETUP", attackURL, "RTSP/1.0 >", rc)
 	}
 	// If it's a 200, the stream is accessed successfully.
 	if rc == httpOK {
 		return true
 	}
 	return false
 }
 func (s *Scanner) setCurlOptions(c Curler) {
 	// Do not write sdp in stdout
 	_ = c.Setopt(curl.OPT_WRITEFUNCTION, doNotWrite)
 	// Do not use signals (would break multithreading).
 	_ = c.Setopt(curl.OPT_NOSIGNAL, 1)
 	// Do not send a body in the describe request.
 	_ = c.Setopt(curl.OPT_NOBODY, 1)
 	// Set custom timeout.
 	_ = c.Setopt(curl.OPT_TIMEOUT_MS, int(s.timeout/time.Millisecond))
 }
 // HACK: See https://stackoverflow.com/questions/3572397/lib-curl-in-c-disable-printing
 func doNotWrite([]uint8, interface{}) bool {
 	return true
 }
@@ -0,0 +1,687 @@
 package cameradar
 import (
 	"errors"
 	"io/ioutil"
 	"testing"
 	"time"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"github.com/ullaakut/disgo"
 	curl "github.com/ullaakut/go-curl"
 )
 type CurlerMock struct {
 	mock.Mock
 }
 func (m *CurlerMock) Setopt(opt int, param interface{}) error {
 	args := m.Called(opt, param)
 	return args.Error(0)
 }
 func (m *CurlerMock) Perform() error {
 	args := m.Called()
 	return args.Error(0)
 }
 func (m *CurlerMock) Getinfo(info curl.CurlInfo) (interface{}, error) {
 	args := m.Called(info)
 	return args.Int(0), args.Error(1)
 }
 func (m *CurlerMock) Duphandle() Curler {
 	return m
 }
 func TestAttack(t *testing.T) {
 	var (
 		stream1 = Stream{
 			Device:  "fakeDevice",
 			Address: "fakeAddress",
 			Port:    1337,
 		}
 		stream2 = Stream{
 			Device:  "fakeDevice",
 			Address: "differentFakeAddress",
 			Port:    1337,
 		}
 		fakeTargets     = []Stream{stream1, stream2}
 		fakeRoutes      = Routes{"live.sdp", "media.amp"}
 		fakeCredentials = Credentials{
 			Usernames: []string{"admin", "root"},
 			Passwords: []string{"12345", "root"},
 		}
 	)
 	tests := []struct {
 		description string
 		targets []Stream
 		performErr error
 		expectedStreams []Stream
 		expectedErr     error
 	}{
 		{
 			description: "inverted RTSP RFC",
 			targets: fakeTargets,
 			performErr: errors.New("dummy error"),
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "attack works",
 			targets: fakeTargets,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "no targets",
 			targets: nil,
 			expectedStreams: nil,
 			expectedErr:     errors.New("unable to attack empty list of targets"),
 		},
 	}
 	for _, test := range tests {
 		t.Run(test.description, func(t *testing.T) {
 			curlerMock := &CurlerMock{}
 			if len(test.targets) != 0 {
 				curlerMock.On("Setopt", mock.Anything, mock.Anything).Return(nil)
 				curlerMock.On("Perform").Return(test.performErr)
 				if test.performErr == nil {
 					curlerMock.On("Getinfo", mock.Anything).Return(200, nil)
 				}
 			}
 			scanner := &Scanner{
 				term:        disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),
 				curl:        curlerMock,
 				timeout:     time.Millisecond,
 				verbose:     false,
 				credentials: fakeCredentials,
 				routes:      fakeRoutes,
 			}
 			results, err := scanner.Attack(test.targets)
 			assert.Equal(t, test.expectedErr, err)
 			assert.Len(t, results, len(test.expectedStreams))
 			curlerMock.AssertExpectations(t)
 		})
 	}
 }
 func TestAttackCredentials(t *testing.T) {
 	var (
 		stream1 = Stream{
 			Device:    "fakeDevice",
 			Address:   "fakeAddress",
 			Port:      1337,
 			Available: true,
 		}
 		stream2 = Stream{
 			Device:    "fakeDevice",
 			Address:   "differentFakeAddress",
 			Port:      1337,
 			Available: true,
 		}
 		fakeTargets     = []Stream{stream1, stream2}
 		fakeCredentials = Credentials{
 			Usernames: []string{"admin", "root"},
 			Passwords: []string{"12345", "root"},
 		}
 	)
 	tests := []struct {
 		description string
 		targets     []Stream
 		credentials Credentials
 		timeout     time.Duration
 		verbose     bool
 		status int
 		performErr     error
 		getInfoErr     error
 		invalidTargets bool
 		expectedStreams []Stream
 	}{
 		{
 			description: "Credentials found",
 			targets:     fakeTargets,
 			credentials: fakeCredentials,
 			timeout:     1 * time.Millisecond,
 			status: 404,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "Camera accessed",
 			targets:     fakeTargets,
 			credentials: fakeCredentials,
 			timeout:     1 * time.Millisecond,
 			status: 200,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "curl perform fails",
 			targets:     fakeTargets,
 			credentials: fakeCredentials,
 			timeout:     1 * time.Millisecond,
 			performErr: errors.New("dummy error"),
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "curl getinfo fails",
 			targets:     fakeTargets,
 			credentials: fakeCredentials,
 			timeout:     1 * time.Millisecond,
 			getInfoErr: errors.New("dummy error"),
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "Verbose mode disabled",
 			targets:     fakeTargets,
 			credentials: fakeCredentials,
 			timeout:     1 * time.Millisecond,
 			verbose:     false,
 			status: 403,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "Verbose mode enabled",
 			targets:     fakeTargets,
 			credentials: fakeCredentials,
 			timeout:     1 * time.Millisecond,
 			verbose:     true,
 			status: 403,
 			expectedStreams: fakeTargets,
 		},
 	}
 	for _, test := range tests {
 		t.Run(test.description, func(t *testing.T) {
 			curlerMock := &CurlerMock{}
 			if !test.invalidTargets {
 				curlerMock.On("Setopt", mock.Anything, mock.Anything).Return(nil)
 				curlerMock.On("Perform").Return(test.performErr)
 				if test.performErr == nil {
 					curlerMock.On("Getinfo", mock.Anything).Return(test.status, test.getInfoErr)
 				}
 			}
 			scanner := &Scanner{
 				term:        disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),
 				curl:        curlerMock,
 				timeout:     test.timeout,
 				verbose:     test.verbose,
 				credentials: test.credentials,
 			}
 			results := scanner.AttackCredentials(test.targets)
 			assert.Len(t, results, len(test.expectedStreams))
 			curlerMock.AssertExpectations(t)
 		})
 	}
 }
 func TestAttackRoute(t *testing.T) {
 	var (
 		stream1 = Stream{
 			Device:    "fakeDevice",
 			Address:   "fakeAddress",
 			Port:      1337,
 			Available: true,
 		}
 		stream2 = Stream{
 			Device:    "fakeDevice",
 			Address:   "differentFakeAddress",
 			Port:      1337,
 			Available: true,
 		}
 		fakeTargets = []Stream{stream1, stream2}
 		fakeRoutes  = Routes{"live.sdp", "media.amp"}
 	)
 	tests := []struct {
 		description string
 		targets []Stream
 		routes  Routes
 		timeout time.Duration
 		verbose bool
 		status int
 		performErr     error
 		getInfoErr     error
 		invalidTargets bool
 		expectedStreams []Stream
 		expectedErr     error
 	}{
 		{
 			description: "Route found",
 			targets: fakeTargets,
 			routes:  fakeRoutes,
 			timeout: 1 * time.Millisecond,
 			status: 403,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "Route found",
 			targets: fakeTargets,
 			routes:  fakeRoutes,
 			timeout: 1 * time.Millisecond,
 			status: 401,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "Camera accessed",
 			targets: fakeTargets,
 			routes:  fakeRoutes,
 			timeout: 1 * time.Millisecond,
 			status: 200,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "curl perform fails",
 			targets: fakeTargets,
 			routes:  fakeRoutes,
 			timeout: 1 * time.Millisecond,
 			performErr: errors.New("dummy error"),
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "curl getinfo fails",
 			targets: fakeTargets,
 			routes:  fakeRoutes,
 			timeout: 1 * time.Millisecond,
 			getInfoErr: errors.New("dummy error"),
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "verbose mode disabled",
 			targets: fakeTargets,
 			routes:  fakeRoutes,
 			timeout: 1 * time.Millisecond,
 			verbose: false,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "verbose mode enabled",
 			targets: fakeTargets,
 			routes:  fakeRoutes,
 			timeout: 1 * time.Millisecond,
 			verbose: true,
 			expectedStreams: fakeTargets,
 		},
 	}
 	for _, test := range tests {
 		t.Run(test.description, func(t *testing.T) {
 			curlerMock := &CurlerMock{}
 			if !test.invalidTargets {
 				curlerMock.On("Setopt", mock.Anything, mock.Anything).Return(nil)
 				curlerMock.On("Perform").Return(test.performErr)
 				if test.performErr == nil {
 					curlerMock.On("Getinfo", mock.Anything).Return(test.status, test.getInfoErr)
 				}
 			}
 			scanner := &Scanner{
 				term:    disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),
 				curl:    curlerMock,
 				timeout: test.timeout,
 				verbose: test.verbose,
 				routes:  test.routes,
 			}
 			results := scanner.AttackRoute(test.targets)
 			assert.Len(t, results, len(test.expectedStreams))
 			curlerMock.AssertExpectations(t)
 		})
 	}
 }
 func TestValidateStreams(t *testing.T) {
 	var (
 		stream1 = Stream{
 			Device:    "fakeDevice",
 			Address:   "fakeAddress",
 			Port:      1337,
 			Available: true,
 		}
 		stream2 = Stream{
 			Device:    "fakeDevice",
 			Address:   "differentFakeAddress",
 			Port:      1337,
 			Available: true,
 		}
 		fakeTargets = []Stream{stream1, stream2}
 	)
 	tests := []struct {
 		description string
 		targets []Stream
 		timeout time.Duration
 		verbose bool
 		status int
 		performErr error
 		getInfoErr error
 		expectedStreams []Stream
 	}{
 		{
 			description: "route found",
 			targets: fakeTargets,
 			timeout: 1 * time.Millisecond,
 			status: 403,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "route found",
 			targets: fakeTargets,
 			timeout: 1 * time.Millisecond,
 			status: 401,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "camera accessed",
 			targets: fakeTargets,
 			timeout: 1 * time.Millisecond,
 			status: 200,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "unavailable stream",
 			targets: fakeTargets,
 			timeout: 1 * time.Millisecond,
 			status: 400,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "curl perform fails",
 			targets: fakeTargets,
 			timeout: 1 * time.Millisecond,
 			performErr: errors.New("dummy error"),
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "curl getinfo fails",
 			targets: fakeTargets,
 			timeout: 1 * time.Millisecond,
 			getInfoErr: errors.New("dummy error"),
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "verbose disabled",
 			targets: fakeTargets,
 			timeout: 1 * time.Millisecond,
 			verbose: false,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "verbose enabled",
 			targets: fakeTargets,
 			timeout: 1 * time.Millisecond,
 			verbose: true,
 			expectedStreams: fakeTargets,
 		},
 	}
 	for _, test := range tests {
 		t.Run(test.description, func(t *testing.T) {
 			curlerMock := &CurlerMock{}
 			curlerMock.On("Setopt", mock.Anything, mock.Anything).Return(nil)
 			curlerMock.On("Perform").Return(test.performErr)
 			if test.performErr == nil {
 				curlerMock.On("Getinfo", mock.Anything).Return(test.status, test.getInfoErr)
 			}
 			scanner := &Scanner{
 				term:    disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),
 				curl:    curlerMock,
 				timeout: test.timeout,
 				verbose: test.verbose,
 			}
 			results := scanner.ValidateStreams(test.targets)
 			assert.Equal(t, len(test.expectedStreams), len(results))
 			for _, expectedStream := range test.expectedStreams {
 				assert.Contains(t, results, expectedStream)
 			}
 			curlerMock.AssertExpectations(t)
 		})
 	}
 }
 func TestDetectAuthenticationType(t *testing.T) {
 	var (
 		stream1 = Stream{
 			Device:    "fakeDevice",
 			Address:   "fakeAddress",
 			Port:      1337,
 			Available: true,
 		}
 		stream2 = Stream{
 			Device:    "fakeDevice",
 			Address:   "differentFakeAddress",
 			Port:      1337,
 			Available: true,
 		}
 		fakeTargets = []Stream{stream1, stream2}
 	)
 	tests := []struct {
 		description string
 		targets []Stream
 		timeout time.Duration
 		verbose bool
 		status int
 		performErr error
 		getInfoErr error
 		expectedStreams []Stream
 	}{
 		{
 			description: "no auth enabled",
 			targets: fakeTargets,
 			timeout: 1 * time.Millisecond,
 			status: 0,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "basic auth enabled",
 			targets: fakeTargets,
 			timeout: 1 * time.Millisecond,
 			status: 1,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "digest auth enabled",
 			targets: fakeTargets,
 			timeout: 1 * time.Millisecond,
 			status: 2,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "curl getinfo fails",
 			targets: fakeTargets,
 			timeout: 1 * time.Millisecond,
 			getInfoErr: errors.New("dummy error"),
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "curl perform fails",
 			targets: fakeTargets,
 			timeout: 1 * time.Millisecond,
 			performErr: errors.New("dummy error"),
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "verbose disabled",
 			targets: fakeTargets,
 			timeout: 1 * time.Millisecond,
 			verbose: false,
 			expectedStreams: fakeTargets,
 		},
 		{
 			description: "verbose enabled",
 			targets: fakeTargets,
 			timeout: 1 * time.Millisecond,
 			verbose: true,
 			expectedStreams: fakeTargets,
 		},
 	}
 	for _, test := range tests {
 		t.Run(test.description, func(t *testing.T) {
 			curlerMock := &CurlerMock{}
 			curlerMock.On("Setopt", mock.Anything, mock.Anything).Return(nil)
 			curlerMock.On("Perform").Return(test.performErr)
 			if test.performErr == nil {
 				curlerMock.On("Getinfo", mock.Anything).Return(test.status, test.getInfoErr)
 			}
 			scanner := &Scanner{
 				term:    disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),
 				curl:    curlerMock,
 				timeout: test.timeout,
 				verbose: test.verbose,
 			}
 			results := scanner.DetectAuthMethods(test.targets)
 			assert.Equal(t, len(test.expectedStreams), len(results))
 			for _, expectedStream := range test.expectedStreams {
 				assert.Contains(t, results, expectedStream)
 			}
 			curlerMock.AssertExpectations(t)
 		})
 	}
 }
 func TestDoNotWrite(t *testing.T) {
 	assert.Equal(t, true, doNotWrite(nil, nil))
 }
@@ -0,0 +1,14 @@
 // Package cameradar provides methods to be able to discover and
 // attack RTSP streams easily. RTSP streams are used by most
 // IP Cameras, often for surveillance.
 //
 // A simple example usage of the library can be found in
 // https://github.com/ullaakut/cameradar/tree/master/cameradar
 //
 // The example usage is complete enough for most users to
 // ignore the library, but for users with specific needs
 // such as creating their own bruteforcing dictionary to
 // access cameras, or running their own network scan, this
 // library allows to use simple and performant methods to
 // attack streams.
 package cameradar
@@ -0,0 +1,92 @@
 package main
 import (
 	"errors"
 	"fmt"
 	"os"
 	"strings"
 	"time"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
 	"github.com/ullaakut/cameradar"
 	"github.com/ullaakut/disgo"
 	"github.com/ullaakut/disgo/style"
 )
 func parseArguments() error {
 	viper.SetEnvPrefix("cameradar")
 	viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
 	pflag.StringSliceP("targets", "t", []string{}, "The targets on which to scan for open RTSP streams - required (ex: 172.16.100.0/24)")
 	pflag.StringSliceP("ports", "p", []string{"554", "5554", "8554"}, "The ports on which to search for RTSP streams")
 	pflag.StringP("custom-routes", "r", "<GOPATH>/src/github.com/ullaakut/cameradar/dictionaries/routes", "The path on which to load a custom routes dictionary")
 	pflag.StringP("custom-credentials", "c", "<GOPATH>/src/github.com/ullaakut/cameradar/dictionaries/credentials.json", "The path on which to load a custom credentials JSON dictionary")
 	pflag.IntP("speed", "s", 4, "The nmap speed preset to use for discovery")
 	pflag.DurationP("timeout", "T", 2*time.Second, "The timeout in miliseconds to use for attack attempts")
 	pflag.BoolP("debug", "d", true, "Enable the debug logs")
 	pflag.BoolP("verbose", "v", false, "Enable the verbose logs")
 	pflag.BoolP("help", "h", false, "displays this help message")
 	viper.AutomaticEnv()
 	pflag.Parse()
 	err := viper.BindPFlags(pflag.CommandLine)
 	if err != nil {
 		return err
 	}
 	if viper.GetBool("help") {
 		pflag.Usage()
 		fmt.Println("\nExamples of usage:")
 		fmt.Println("\tScanning your home network for RTSP streams:\tcameradar -t 192.168.0.0/24")
 		fmt.Println("\tScanning a remote camera on a specific port:\tcameradar -t 172.178.10.14 -p 18554 -s 2")
 		fmt.Println("\tScanning an unstable remote network: \t\tcameradar -t 172.178.10.14/24 -s 1 --timeout 10000 -l")
 		os.Exit(0)
 	}
 	if viper.GetStringSlice("targets") == nil {
 		return errors.New("targets (-t, --targets) argument required\n    examples:\n      - 172.16.100.0/24\n      - localhost\n      - 8.8.8.8")
 	}
 	return nil
 }
 func main() {
 	err := parseArguments()
 	if err != nil {
 		printErr(err)
 	}
 	c, err := cameradar.New(
 		cameradar.WithTargets(viper.GetStringSlice("targets")),
 		cameradar.WithPorts(viper.GetStringSlice("ports")),
 		cameradar.WithDebug(viper.GetBool("debug")),
 		cameradar.WithVerbose(viper.GetBool("verbose")),
 		cameradar.WithCustomCredentials(viper.GetString("custom-credentials")),
 		cameradar.WithCustomRoutes(viper.GetString("custom-routes")),
 		cameradar.WithSpeed(viper.GetInt("speed")),
 		cameradar.WithTimeout(viper.GetDuration("timeout")),
 	)
 	if err != nil {
 		printErr(err)
 	}
 	scanResult, err := c.Scan()
 	if err != nil {
 		printErr(err)
 	}
 	streams, err := c.Attack(scanResult)
 	if err != nil {
 		printErr(err)
 	}
 	c.PrintStreams(streams)
 }
 func printErr(err error) {
 	disgo.Errorln(style.Failure(style.SymbolCross), err)
 	os.Exit(1)
 }
@@ -0,0 +1,25 @@
 package cameradar
 import (
 	curl "github.com/ullaakut/go-curl"
 )
 // Curler is an interface that implements the CURL interface of the go-curl library
 // Used for mocking
 type Curler interface {
 	Setopt(opt int, param interface{}) error
 	Perform() error
 	Getinfo(info curl.CurlInfo) (interface{}, error)
 	Duphandle() Curler
 }
 // Curl is a libcurl wrapper used to make the Curler interface work even though
 // golang currently does not support covariance (see https://github.com/golang/go/issues/7512)
 type Curl struct {
 	*curl.CURL
 }
 // Duphandle wraps curl.Duphandle
 func (c *Curl) Duphandle() Curler {
 	return &Curl{c.CURL.Duphandle()}
 }
@@ -0,0 +1,20 @@
 package cameradar
 import (
 	"reflect"
 	"testing"
 	curl "github.com/ullaakut/go-curl"
 )
 func TestCurl(t *testing.T) {
 	handle := Curl{
 		CURL: curl.EasyInit(),
 	}
 	handle2 := handle.Duphandle()
 	if reflect.DeepEqual(handle, handle2) {
 		t.Errorf("unexpected identical handle from duphandle: expected %+v got %+v", handle, handle2)
 	}
 }
@@ -0,0 +1,45 @@
 {
  "usernames": [
    "",
    "666666",
    "888888",
    "Admin",
    "admin",
    "admin1",
    "administrator",
    "Administrator",
    "aiphone",
    "Dinion",
    "root",
    "service",
    "supervisor",
    "ubnt"
  ],
  "passwords": [
    "",
    "111111",
    "1111111",
    "1234",
    "12345",
    "123456",
    "4321",
    "666666",
    "888888",
    "9999",
    "admin",
    "aiphone",
    "camera",
    "fliradmin",
    "ikwd",
    "jvc",
    "meinsm",
    "pass",
    "password",
    "root",
    "service",
    "supervisor",
    "system",
    "ubnt",
    "wbox123"
  ]
 }
@@ -0,0 +1,165 @@
 0/1:1/main
 0/usrnm:pwd/main
 0/video1
 1
 1.AMP
 1/h264major
 1/stream1
 11
 12
 125
 666
 access_code
 access_name_for_stream_1_to_5
 api/mjpegvideo.cgi
 av0_0
 av2
 avc
 avn=2
 AVStream1_1
 axis-media/media.amp
 axis-media/media.amp?camera=1
 axis-media/media.amp?videocodec=h264
 cam
 CAM_ID.password.mp2
 cam/realmonitor
 cam/realmonitor?channel=0&subtype=0
 cam/realmonitor?channel=1&subtype=0
 cam/realmonitor?channel=1&subtype=1&unicast=true&proto=Onvif
 cam0_0
 cam0_1
 cam1/h264
 cam1/h264/multicast
 cam1/mjpeg
 cam1/mpeg4
 cam1/mpeg4?user='username'&pwd='password'
 cam1/onvif-h264
 camera.stm
 ch0
 ch0_0.h264
 ch0_unicast_firststream
 ch0_unicast_secondstream
 ch00/0
 ch001.sdp
 CH001.sdp
 ch01.264
 ch01.264?
 ch01.264?ptype=tcp
 ch1-s1
 channel1
 GetData.cgi
 gnz_media/main
 h264
 h264_vga.sdp
 h264.sdp
 h264/ch1/sub/av_stream
 h264/media.amp
 HighResolutionVideo
 image.mpg
 img/media.sav
 img/media.sav?channel=1
 img/video.asf
 img/video.sav
 ioImage/1
 ipcam_h264.sdp
 ipcam_mjpeg.sdp
 ipcam.sdp
 live
 live_mpeg4.sdp
 live_st1
 live.sdp
 live/av0
 live/ch0
 live/ch00_0
 live/ch01_0
 live/h264
 live/main
 live/main0
 live/mpeg4
 live1.sdp
 live3.sdp
 livestream
 LowResolutionVideo
 main
 media
 media.amp
 media.amp?streamprofile=Profile1
 media/media.amp
 media/video1
 MediaInput/h264
 MediaInput/mpeg4
 medias2
 mjpeg/media.smp
 mp4
 mpeg/media.amp
 mpeg4
 mpeg4/1/media.amp
 mpeg4/media.amp
 mpeg4/media.smp
 mpeg4unicast
 mpg4/rtsp.amp
 multicaststream
 now.mp4
 nph-h264.cgi
 nphMpeg4/g726-640x
 nphMpeg4/g726-640x48
 nphMpeg4/g726-640x480
 nphMpeg4/nil-320x240
 onvif-media/media.amp
 ONVIF/MediaInput
 ONVIF/MediaInput?profile=4_def_profile6
 onvif1
 pass@10.0.0.5:6667/blinkhd
 play1.sdp
 play2.sdp
 profile2/media.smp
 profile5/media.smp
 rtpvideo1.sdp
 rtsp_live0
 rtsp_live1
 rtsp_live2
 rtsp_tunnel
 rtsph264
 rtsph2641080p
 StdCh1
 stream
 stream.sdp
 stream1
 streaming/channels/0
 Streaming/Channels/1
 streaming/channels/1
 streaming/channels/101
 Streaming/Unicast/channels/101
 StreamingSetting?version=1.0&action=getRTSPStream&ChannelID=1&ChannelName=Channel1
 tcp/av0_0
 test
 trackID=1
 ucast/11
 udp/av0_0
 udp/unicast/aiphone_H264
 udpstream
 user_defined
 user.pin.mp2
 user=admin_password=?????_channel=1_stream=0.sdp?real_stream
 user=admin_password=R5XFY888_channel=1_stream=0.sdp?real_stream
 user=admin&password=&channel=1&stream=0.sdp?
 user=admin&password=&channel=1&stream=0.sdp?real_stream
 v2
 video
 video.3gp
 video.h264
 video.mjpg
 video.mp4
 video.pro1
 video.pro2
 video.pro3
 video0.sdp
 video1
 video1+audio1
 videoinput_1/h264_1/media.stm
 VideoInput/1/h264/1
 VideoInput/1/mpeg4/1
 videoMain
 vis
 wfov
@@ -0,0 +1,5 @@
 0.0.0.0
 localhost
 192.17.0.0/16
 192.168.1.140-255
 192.168.2-3.0-255
@@ -0,0 +1,19 @@
 module github.com/ullaakut/cameradar
 require (
 	github.com/Ullaakut/nmap v0.0.0-20190306183004-e38898a9bead // indirect
 	github.com/fatih/color v1.7.0 // indirect
 	github.com/gernest/wow v0.1.0
 	github.com/go-playground/locales v0.12.1 // indirect
 	github.com/go-playground/universal-translator v0.16.0 // indirect
 	github.com/leodido/go-urn v1.1.0 // indirect
 	github.com/mattn/go-colorable v0.1.1 // indirect
 	github.com/mattn/go-isatty v0.0.6 // indirect
 	github.com/pkg/errors v0.8.1
 	github.com/spf13/pflag v1.0.3
 	github.com/spf13/viper v1.3.1
 	github.com/ullaakut/disgo v0.3.0
 	github.com/ullaakut/go-curl v0.0.0-20190525093431-597e157bbffd
 	github.com/ullaakut/nmap v0.0.0-20190306183004-e38898a9bead
 	gopkg.in/go-playground/validator.v9 v9.27.0
 )
@@ -0,0 +1,73 @@
 github.com/Ullaakut/nmap v0.0.0-20190306183004-e38898a9bead h1:iclmd4In7CnuZGbbnnaeF1DtSePgXxN71pq5UNI1M7c=
 github.com/Ullaakut/nmap v0.0.0-20190306183004-e38898a9bead/go.mod h1:fkC066hwfcoKwlI7DS2ARTggSVtBTZYCjVH1TzuTMaQ=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/gernest/wow v0.1.0 h1:g9xdwCwP0+xgVYlA2sopI0gZHqXe7HjI/7/LykG4fks=
 github.com/gernest/wow v0.1.0/go.mod h1:dEPabJRi5BneI1Nev1VWo0ZlcTWibHWp43qxKms4elY=
 github.com/go-playground/locales v0.12.1 h1:2FITxuFt/xuCNP1Acdhv62OzaCiviiE4kotfhkmOqEc=
 github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM=
 github.com/go-playground/universal-translator v0.16.0 h1:X++omBR/4cE2MNg91AoC3rmGrCjJ8eAeUP/K/EKx4DM=
 github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/leodido/go-urn v1.1.0 h1:Sm1gr51B1kKyfD2BlRcLSiEkffoG96g6TPv6eRoEiB8=
 github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw=
 github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/mattn/go-colorable v0.1.1 h1:G1f5SKeVxmagw/IyvzvtZE4Gybcc4Tr1tf7I8z0XgOg=
 github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
 github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.6 h1:SrwhHcpV4nWrMGdNcC2kXpMfcBVYGDuTArqyhocJgvA=
 github.com/mattn/go-isatty v0.0.6/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/viper v1.3.1 h1:5+8j8FTpnFV4nEImW/ofkzEt8VoOiLXxdYIDsB73T38=
 github.com/spf13/viper v1.3.1/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/ullaakut/disgo v0.0.0-20190310161027-e17c43d71b3d h1:tObr2ILgSQwrhpQRiVUKHtXF+0V5gYnnd/zBQGAmfuQ=
 github.com/ullaakut/disgo v0.0.0-20190310161027-e17c43d71b3d/go.mod h1:UOgLVyqihzJ7yihrHjYZikivT+AHb9NhT3r1OyPCJqg=
 github.com/ullaakut/disgo v0.3.0 h1:2zrEyNBfPRgDVDgzM/qLXZ4Yqt3Lxz7ERvZUSmqSY2M=
 github.com/ullaakut/disgo v0.3.0/go.mod h1:UOgLVyqihzJ7yihrHjYZikivT+AHb9NhT3r1OyPCJqg=
 github.com/ullaakut/go-curl v0.0.0-20190310175419-50acab4cef70 h1:3q4hgRu9NT894aYmnoMFl5wPvdNhpHYmdi2+Njyxq5U=
 github.com/ullaakut/go-curl v0.0.0-20190310175419-50acab4cef70/go.mod h1:FTfXm4jC9Ff1yqc3/HMXCyr+SGO03vJyijJCQlNyF10=
 github.com/ullaakut/go-curl v0.0.0-20190525093431-597e157bbffd h1:IzJ7V8S7/NXc4aLOj0QavbQZ5Z/Q2RpCifshHoJ5ytA=
 github.com/ullaakut/go-curl v0.0.0-20190525093431-597e157bbffd/go.mod h1:FTfXm4jC9Ff1yqc3/HMXCyr+SGO03vJyijJCQlNyF10=
 github.com/ullaakut/nmap v0.0.0-20190306183004-e38898a9bead h1:Pw5wKSAfxi8GcYJSc3GdcwtPG5tyg7zg9E3hAHbLPO0=
 github.com/ullaakut/nmap v0.0.0-20190306183004-e38898a9bead/go.mod h1:4CQy4PqZA4Snk3+MS26+1oAkJ8dCY8kGH6+kF42yajw=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190103213133-ff983b9c42bc h1:F5tKCVGp+MUAHhKp5MZtGqAlGX3+oCsiL1Q629FL90M=
 golang.org/x/crypto v0.0.0-20190103213133-ff983b9c42bc/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190116161447-11f53e031339 h1:g/Jesu8+QLnA0CPzF3E1pURg0Byr7i6jLoX5sqjcAh0=
 golang.org/x/sys v0.0.0-20190116161447-11f53e031339/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223 h1:DH4skfRX4EBpamg7iV4ZlCpblAHI6s6TDM39bFZumv8=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/go-playground/validator.v9 v9.27.0 h1:wCg/0hk9RzcB0CYw8pYV6FiBYug1on0cpco9YZF8jqA=
 gopkg.in/go-playground/validator.v9 v9.27.0/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -0,0 +1,27 @@
 package cameradar
 import "fmt"
 func replace(streams []Stream, new Stream) []Stream {
 	var updatedSlice []Stream
 	for _, old := range streams {
 		if old.Address == new.Address && old.Port == new.Port {
 			updatedSlice = append(updatedSlice, new)
 		} else {
 			updatedSlice = append(updatedSlice, old)
 		}
 	}
 	return updatedSlice
 }
 // GetCameraRTSPURL generates a stream's RTSP URL.
 func GetCameraRTSPURL(stream Stream) string {
 	return "rtsp://" + stream.Username + ":" + stream.Password + "@" + stream.Address + ":" + fmt.Sprint(stream.Port) + "/" + stream.Route
 }
 // GetCameraAdminPanelURL returns the URL to the camera's admin panel.
 func GetCameraAdminPanelURL(stream Stream) string {
 	return "http://" + stream.Address + "/"
 }
@@ -0,0 +1,105 @@
 package cameradar
 import (
 	"testing"
 	"github.com/stretchr/testify/assert"
 )
 func TestReplace(t *testing.T) {
 	validStream1 := Stream{
 		Device:  "fakeDevice",
 		Address: "fakeAddress",
 		Port:    1,
 	}
 	validStream2 := Stream{
 		Device:  "fakeDevice",
 		Address: "differentFakeAddress",
 		Port:    2,
 	}
 	invalidStream := Stream{
 		Device:  "invalidDevice",
 		Address: "anotherFakeAddress",
 		Port:    3,
 	}
 	invalidStreamModified := Stream{
 		Device:  "updatedDevice",
 		Address: "anotherFakeAddress",
 		Port:    3,
 	}
 	testCases := []struct {
 		streams   []Stream
 		newStream Stream
 		expectedStreams []Stream
 	}{
 		{
 			streams:   []Stream{validStream1, validStream2, invalidStream},
 			newStream: invalidStreamModified,
 			expectedStreams: []Stream{validStream1, validStream2, invalidStreamModified},
 		},
 	}
 	for _, test := range testCases {
 		streams := replace(test.streams, test.newStream)
 		assert.Equal(t, len(test.expectedStreams), len(streams))
 		for _, expectedStream := range test.expectedStreams {
 			assert.Contains(t, streams, expectedStream)
 		}
 	}
 }
 func TestGetCameraRTSPURL(t *testing.T) {
 	validStream := Stream{
 		Address:  "1.2.3.4",
 		Username: "ullaakut",
 		Password: "ba69897483886f0d2b0afb6345b76c0c",
 		Route:    "cameradar.sdp",
 		Port:     1337,
 	}
 	testCases := []struct {
 		stream Stream
 		expectedRTSPURL string
 	}{
 		{
 			stream: validStream,
 			expectedRTSPURL: "rtsp://ullaakut:ba69897483886f0d2b0afb6345b76c0c@1.2.3.4:1337/cameradar.sdp",
 		},
 	}
 	for _, test := range testCases {
 		assert.Equal(t, test.expectedRTSPURL, GetCameraRTSPURL(test.stream))
 	}
 }
 func TestGetCameraAdminPanelURL(t *testing.T) {
 	validStream := Stream{
 		Address: "1.2.3.4",
 	}
 	testCases := []struct {
 		stream Stream
 		expectedRTSPURL string
 	}{
 		{
 			stream: validStream,
 			expectedRTSPURL: "http://1.2.3.4/",
 		},
 	}
 	for _, test := range testCases {
 		assert.Equal(t, test.expectedRTSPURL, GetCameraAdminPanelURL(test.stream))
 	}
 }
@@ -0,0 +1,122 @@
 package cameradar
 import (
 	"bufio"
 	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"os"
 	"strings"
 )
 var fs fileSystem = osFS{}
 type fileSystem interface {
 	Open(name string) (file, error)
 	Stat(name string) (os.FileInfo, error)
 }
 type file interface {
 	io.Closer
 	io.Reader
 	io.ReaderAt
 	io.Seeker
 	Stat() (os.FileInfo, error)
 }
 // osFS implements fileSystem using the local disk.
 type osFS struct{}
 func (osFS) Open(name string) (file, error)        { return os.Open(name) }
 func (osFS) Stat(name string) (os.FileInfo, error) { return os.Stat(name) }
 // LoadCredentials opens a dictionary file and returns its contents as a Credentials structure.
 func (s *Scanner) LoadCredentials() error {
 	s.term.Debugf("Loading credentials dictionary from path %q\n", s.credentialDictionaryPath)
 	// Open & Read XML file.
 	content, err := ioutil.ReadFile(s.credentialDictionaryPath)
 	if err != nil {
 		return fmt.Errorf("could not read credentials dictionary file at %q: %v", s.credentialDictionaryPath, err)
 	}
 	// Unmarshal content of JSON file into data structure.
 	err = json.Unmarshal(content, &s.credentials)
 	if err != nil {
 		return fmt.Errorf("unable to unmarshal dictionary contents: %v", err)
 	}
 	s.term.Debugf("Loaded %d usernames and %d passwords\n", len(s.credentials.Usernames), len(s.credentials.Passwords))
 	return nil
 }
 // LoadRoutes opens a dictionary file and returns its contents as a Routes structure.
 func (s *Scanner) LoadRoutes() error {
 	s.term.Debugf("Loading routes dictionary from path %q\n", s.routeDictionaryPath)
 	file, err := os.Open(s.routeDictionaryPath)
 	if err != nil {
 		return fmt.Errorf("unable to open dictionary: %v", err)
 	}
 	defer file.Close()
 	scanner := bufio.NewScanner(file)
 	for scanner.Scan() {
 		s.routes = append(s.routes, scanner.Text())
 	}
 	s.term.Debugf("Loaded %d routes\n", len(s.routes))
 	return scanner.Err()
 }
 // ParseCredentialsFromString parses a dictionary string and returns its contents as a Credentials structure.
 func ParseCredentialsFromString(content string) (Credentials, error) {
 	var creds Credentials
 	// Unmarshal content of JSON file into data structure.
 	err := json.Unmarshal([]byte(content), &creds)
 	if err != nil {
 		return creds, err
 	}
 	return creds, nil
 }
 // ParseRoutesFromString parses a dictionary string and returns its contents as a Routes structure.
 func ParseRoutesFromString(content string) Routes {
 	return strings.Split(content, "\n")
 }
 // LoadTargets parses the file containing hosts to targets, if the targets are
 // just set to a file name.
 func (s *Scanner) LoadTargets() error {
 	if len(s.targets) != 1 {
 		return nil
 	}
 	path := s.targets[0]
 	_, err := fs.Stat(path)
 	if err != nil {
 		return nil
 	}
 	file, err := fs.Open(path)
 	if err != nil {
 		return fmt.Errorf("unable to open targets file %q: %v", path, err)
 	}
 	defer file.Close()
 	bytes, err := ioutil.ReadAll(file)
 	if err != nil {
 		return fmt.Errorf("unable to read targets file %q: %v", path, err)
 	}
 	s.targets = strings.Split(string(bytes), "\n")
 	s.term.Debugf("Successfylly parsed targets file with %d entries", len(s.targets))
 	return nil
 }
@@ -0,0 +1,440 @@
 package cameradar
 import (
 	"bytes"
 	"errors"
 	"fmt"
 	"io/ioutil"
 	"os"
 	"testing"
 	"github.com/ullaakut/disgo"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 )
 // Setup Mock
 type mockedFS struct {
 	osFS
 	fileExists bool
 	openError  bool
 	fileMock *fileMock
 	fileSize int64
 }
 // fileMock mocks a file
 type fileMock struct {
 	mock.Mock
 	readError bool
 	bytes.Buffer
 }
 type mockedFileInfo struct {
 	os.FileInfo
 }
 func (m mockedFileInfo) Size() int64 { return 1 }
 func (m mockedFS) Stat(name string) (os.FileInfo, error) {
 	if !m.fileExists {
 		return nil, os.ErrNotExist
 	}
 	return mockedFileInfo{}, nil
 }
 func (m mockedFS) Open(name string) (file, error) {
 	if m.openError {
 		return nil, os.ErrNotExist
 	}
 	return m.fileMock, nil
 }
 func (m *fileMock) Read(p []byte) (n int, err error) {
 	if m.readError {
 		return 0, os.ErrNotExist
 	}
 	return m.Buffer.Read(p)
 }
 func (m *fileMock) ReadAt(p []byte, off int64) (n int, err error) {
 	return 1, nil
 }
 func (m *fileMock) Seek(offset int64, whence int) (int64, error) {
 	return offset, nil
 }
 func (m *fileMock) Stat() (os.FileInfo, error) {
 	return mockedFileInfo{}, nil
 }
 // Close mock
 func (m *fileMock) Close() error {
 	args := m.Called()
 	return args.Error(0)
 }
 // Sync mock
 func (m *fileMock) Sync() error {
 	args := m.Called()
 	return args.Error(0)
 }
 func TestLoadCredentials(t *testing.T) {
 	credentialsJSONString := []byte("{\"usernames\":[\"admin\",\"root\"],\"passwords\":[\"12345\",\"root\"]}")
 	validCredentials := Credentials{
 		Usernames: []string{"admin", "root"},
 		Passwords: []string{"12345", "root"},
 	}
 	tests := []struct {
 		description string
 		input      []byte
 		fileExists bool
 		expectedCredentials Credentials
 		expectedErr         error
 	}{
 		{
 			description: "Valid baseline",
 			fileExists:          true,
 			input:               credentialsJSONString,
 			expectedCredentials: validCredentials,
 		},
 		{
 			description: "File does not exist",
 			fileExists:  false,
 			input:       credentialsJSONString,
 			expectedErr: errors.New("could not read credentials dictionary file at \"/tmp/cameradar_test_load_credentials_1.xml\": open /tmp/cameradar_test_load_credentials_1.xml: no such file or directory"),
 		},
 		{
 			description: "Invalid format",
 			fileExists:  true,
 			input:       []byte("not json"),
 			expectedErr: errors.New("unable to unmarshal dictionary contents: invalid character 'o' in literal null (expecting 'u')"),
 		},
 		{
 			description: "No streams in dictionary",
 			fileExists: true,
 			input:      []byte("{\"invalid\":\"json\"}"),
 		},
 	}
 	for i, test := range tests {
 		t.Run(test.description, func(t *testing.T) {
 			filePath := "/tmp/cameradar_test_load_credentials_" + fmt.Sprint(i) + ".xml"
 			// create file.
 			if test.fileExists {
 				_, err := os.Create(filePath)
 				if err != nil {
 					t.Fatalf("could not create xml file for LoadCredentials: %v. iteration: %d. file path: %s\n", err, i, filePath)
 				}
 				err = ioutil.WriteFile(filePath, test.input, 0644)
 				if err != nil {
 					t.Fatalf("could not write xml file for LoadCredentials: %v. iteration: %d. file path: %s\n", err, i, filePath)
 				}
 			}
 			scanner := &Scanner{
 				term:                     disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),
 				credentialDictionaryPath: filePath,
 			}
 			err := scanner.LoadCredentials()
 			assert.Equal(t, test.expectedErr, err)
 			assert.Len(t, scanner.credentials.Usernames, len(test.expectedCredentials.Usernames))
 			for _, expectedUsername := range test.expectedCredentials.Usernames {
 				assert.Contains(t, scanner.credentials.Usernames, expectedUsername)
 			}
 			assert.Len(t, scanner.credentials.Passwords, len(test.expectedCredentials.Passwords))
 			for _, expectedPassword := range test.expectedCredentials.Passwords {
 				assert.Contains(t, scanner.credentials.Passwords, expectedPassword)
 			}
 		})
 	}
 }
 func TestLoadRoutes(t *testing.T) {
 	routesJSONString := []byte("admin\nroot")
 	validRoutes := Routes{"admin", "root"}
 	tests := []struct {
 		description string
 		input       []byte
 		fileExists  bool
 		expectedRoutes Routes
 		expectedErr    error
 	}{
 		{
 			description: "Valid baseline",
 			fileExists:     true,
 			input:          routesJSONString,
 			expectedRoutes: validRoutes,
 		},
 		{
 			description: "File does not exist",
 			fileExists:  false,
 			input:       routesJSONString,
 			expectedErr: errors.New("unable to open dictionary: open /tmp/cameradar_test_load_routes_1.xml: no such file or directory"),
 		},
 		{
 			description: "No streams in dictionary",
 			fileExists: true,
 			input:      []byte(""),
 		},
 	}
 	for i, test := range tests {
 		t.Run(test.description, func(t *testing.T) {
 			filePath := "/tmp/cameradar_test_load_routes_" + fmt.Sprint(i) + ".xml"
 			// Create file.
 			if test.fileExists {
 				_, err := os.Create(filePath)
 				if err != nil {
 					fmt.Printf("could not create xml file for LoadRoutes: %v. iteration: %d. file path: %s\n", err, i, filePath)
 					os.Exit(1)
 				}
 				err = ioutil.WriteFile(filePath, test.input, 0644)
 				if err != nil {
 					fmt.Printf("could not write xml file for LoadRoutes: %v. iteration: %d. file path: %s\n", err, i, filePath)
 					os.Exit(1)
 				}
 			}
 			scanner := &Scanner{
 				term:                disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),
 				routeDictionaryPath: filePath,
 			}
 			err := scanner.LoadRoutes()
 			assert.Equal(t, test.expectedErr, err)
 			assert.Len(t, scanner.routes, len(test.expectedRoutes))
 			for _, expectedRoute := range test.expectedRoutes {
 				assert.Contains(t, scanner.routes, expectedRoute)
 			}
 		})
 	}
 }
 func TestParseCredentialsFromString(t *testing.T) {
 	defaultCredentials := Credentials{
 		Usernames: []string{
 			"",
 			"admin",
 			"Admin",
 			"Administrator",
 			"root",
 			"supervisor",
 			"ubnt",
 			"service",
 			"Dinion",
 			"administrator",
 			"admin1",
 		},
 		Passwords: []string{
 			"",
 			"admin",
 			"9999",
 			"123456",
 			"pass",
 			"camera",
 			"1234",
 			"12345",
 			"fliradmin",
 			"system",
 			"jvc",
 			"meinsm",
 			"root",
 			"4321",
 			"111111",
 			"1111111",
 			"password",
 			"ikwd",
 			"supervisor",
 			"ubnt",
 			"wbox123",
 			"service",
 		},
 	}
 	tests := []struct {
 		str                 string
 		expectedCredentials Credentials
 	}{
 		{
 			str:                 "{\"usernames\":[\"\",\"admin\",\"Admin\",\"Administrator\",\"root\",\"supervisor\",\"ubnt\",\"service\",\"Dinion\",\"administrator\",\"admin1\"],\"passwords\":[\"\",\"admin\",\"9999\",\"123456\",\"pass\",\"camera\",\"1234\",\"12345\",\"fliradmin\",\"system\",\"jvc\",\"meinsm\",\"root\",\"4321\",\"111111\",\"1111111\",\"password\",\"ikwd\",\"supervisor\",\"ubnt\",\"wbox123\",\"service\"]}",
 			expectedCredentials: defaultCredentials,
 		},
 		{
 			str:                 "{}",
 			expectedCredentials: Credentials{},
 		},
 		{
 			str:                 "{\"invalid_field\":42}",
 			expectedCredentials: Credentials{},
 		},
 		{
 			str:                 "not json",
 			expectedCredentials: Credentials{},
 		},
 	}
 	for _, test := range tests {
 		parsedCredentials, _ := ParseCredentialsFromString(test.str)
 		assert.Equal(t, test.expectedCredentials, parsedCredentials)
 	}
 }
 func TestParseRoutesFromString(t *testing.T) {
 	tests := []struct {
 		str            string
 		expectedRoutes Routes
 	}{
 		{
 			str:            "a\nb\nc",
 			expectedRoutes: []string{"a", "b", "c"},
 		},
 		{
 			str:            "a",
 			expectedRoutes: []string{"a"},
 		},
 		{
 			str:            "",
 			expectedRoutes: []string{""},
 		},
 	}
 	for _, test := range tests {
 		assert.Equal(t, test.expectedRoutes, ParseRoutesFromString(test.str))
 	}
 }
 func TestLoadTargets(t *testing.T) {
 	oldFS := fs
 	mfs := &mockedFS{}
 	fs = mfs
 	defer func() {
 		fs = oldFS
 	}()
 	tests := []struct {
 		description string
 		targets []string
 		fileExists bool
 		openError  bool
 		readError  bool
 		expectedTargets []string
 		expectedError   error
 	}{
 		{
 			description: "not a file",
 			targets: []string{"0.0.0.0"},
 			fileExists: false,
 			expectedTargets: []string{"0.0.0.0"},
 			expectedError:   nil,
 		},
 		{
 			description: "not file targets",
 			targets: []string{"0.0.0.0", "1.2.3.4/24"},
 			expectedTargets: []string{"0.0.0.0", "1.2.3.4/24"},
 			expectedError:   nil,
 		},
 		{
 			description: "file contains targets",
 			targets: []string{"test_does_not_really_exist"},
 			fileExists: true,
 			expectedTargets: []string{"0.0.0.0", "localhost", "192.17.0.0/16", "192.168.1.140-255", "192.168.2-3.0-255"},
 			expectedError:   nil,
 		},
 		{
 			description: "open error",
 			targets: []string{"test_does_not_really_exist"},
 			fileExists: true,
 			openError:  true,
 			expectedTargets: []string{"test_does_not_really_exist"},
 			expectedError:   errors.New("unable to open targets file \"test_does_not_really_exist\": file does not exist"),
 		},
 		{
 			description: "read error",
 			targets: []string{"test_does_not_really_exist"},
 			fileExists: true,
 			readError:  true,
 			expectedTargets: []string{"test_does_not_really_exist"},
 			expectedError:   errors.New("unable to read targets file \"test_does_not_really_exist\": file does not exist"),
 		},
 	}
 	for _, test := range tests {
 		t.Run(test.description, func(t *testing.T) {
 			mfs.fileExists = test.fileExists
 			mfs.openError = test.openError
 			mfs.fileMock = &fileMock{
 				readError: test.readError,
 			}
 			mfs.fileMock.On("Close").Return(nil)
 			mfs.fileMock.WriteString("0.0.0.0\nlocalhost\n192.17.0.0/16\n192.168.1.140-255\n192.168.2-3.0-255")
 			scanner := &Scanner{
 				term:    disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),
 				targets: test.targets,
 			}
 			err := scanner.LoadTargets()
 			assert.Equal(t, test.expectedTargets, scanner.targets)
 			assert.Equal(t, test.expectedError, err)
 		})
 	}
 }
 // This is completely useless and just lets me
 // not look at these two red lines on the coverage
 // any longer.
 func TestFS(t *testing.T) {
 	fs := osFS{}
 	fs.Open("test")
 	fs.Stat("test")
 }
@@ -0,0 +1,41 @@
 package cameradar
 import "time"
 // Stream represents a camera's RTSP stream
 type Stream struct {
 	Device   string `json:"device"`
 	Username string `json:"username"`
 	Password string `json:"password"`
 	Route    string `json:"route"`
 	Address  string `json:"address" validate:"required"`
 	Port     uint16 `json:"port" validate:"required"`
 	CredentialsFound bool `json:"credentials_found"`
 	RouteFound       bool `json:"route_found"`
 	Available        bool `json:"available"`
 	AuthenticationType int `json:"authentication_type"`
 }
 // Credentials is a map of credentials
 // usernames are keys and passwords are values
 // creds['admin'] -> 'secure_password'
 type Credentials struct {
 	Usernames []string `json:"usernames"`
 	Passwords []string `json:"passwords"`
 }
 // Routes is a slice of Routes
 // ['/live.sdp', '/media.amp', ...]
 type Routes []string
 // Options contains all options needed to launch a complete cameradar scan
 type Options struct {
 	Targets     []string      `json:"target" validate:"required"`
 	Ports       []string      `json:"ports"`
 	Routes      Routes        `json:"routes"`
 	Credentials Credentials   `json:"credentials"`
 	Speed       int           `json:"speed"`
 	Timeout     time.Duration `json:"timeout"`
 }
@@ -0,0 +1,70 @@
 package cameradar
 import (
 	"strings"
 	"github.com/ullaakut/nmap"
 )
 // Scan scans the target networks and tries to find RTSP streams within them.
 //
 // targets can be:
 //
 //    - a subnet (e.g.: 172.16.100.0/24)
 //    - an IP (e.g.: 172.16.100.10)
 //    - a hostname (e.g.: localhost)
 //    - a range of IPs (e.g.: 172.16.100.10-20)
 //
 // ports can be:
 //
 //    - one or multiple ports and port ranges separated by commas (e.g.: 554,8554-8560,18554-28554)
 func (s *Scanner) Scan() ([]Stream, error) {
 	s.term.StartStep("Scanning the network")
 	// Run nmap command to discover open ports on the specified targets & ports.
 	nmapScanner, err := nmap.NewScanner(
 		nmap.WithTargets(s.targets...),
 		nmap.WithPorts(s.ports...),
 		nmap.WithTimingTemplate(nmap.Timing(s.speed)),
 	)
 	if err != nil {
 		return nil, s.term.FailStepf("unable to create network scanner: %v", err)
 	}
 	return s.scan(nmapScanner)
 }
 func (s *Scanner) scan(nmapScanner nmap.ScanRunner) ([]Stream, error) {
 	results, err := nmapScanner.Run()
 	if err != nil {
 		return nil, s.term.FailStepf("error while scanning network: %v", err)
 	}
 	// Get streams from nmap results.
 	var streams []Stream
 	for _, host := range results.Hosts {
 		for _, port := range host.Ports {
 			if port.Status() != "open" {
 				continue
 			}
 			if !strings.Contains(port.Service.Name, "rtsp") {
 				continue
 			}
 			for _, address := range host.Addresses {
 				streams = append(streams, Stream{
 					Device:  port.Service.Product,
 					Address: address.Addr,
 					Port:    port.ID,
 				})
 			}
 		}
 	}
 	s.term.Debugf("Found %d RTSP streams\n", len(streams))
 	s.term.EndStep()
 	return streams, nil
 }
@@ -0,0 +1,321 @@
 package cameradar
 import (
 	"errors"
 	"io/ioutil"
 	"os"
 	"testing"
 	"github.com/ullaakut/disgo"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"github.com/ullaakut/nmap"
 )
 type nmapMock struct {
 	mock.Mock
 }
 func (m *nmapMock) Run() (*nmap.Run, error) {
 	args := m.Called()
 	if args.Get(0) != nil {
 		return args.Get(0).(*nmap.Run), args.Error(1)
 	}
 	return nil, args.Error(1)
 }
 var (
 	validStream1 = Stream{
 		Device:  "fakeDevice",
 		Address: "fakeAddress",
 		Port:    1337,
 	}
 	validStream2 = Stream{
 		Device:  "fakeDevice",
 		Address: "differentFakeAddress",
 		Port:    1337,
 	}
 	invalidStreamNoPort = Stream{
 		Device:  "invalidDevice",
 		Address: "fakeAddress",
 		Port:    0,
 	}
 	invalidStreamNoAddress = Stream{
 		Device:  "invalidDevice",
 		Address: "",
 		Port:    1337,
 	}
 )
 func TestScan(t *testing.T) {
 	tests := []struct {
 		description string
 		targets    []string
 		ports      []string
 		speed      int
 		removePath bool
 		expectedErr     error
 		expectedStreams []Stream
 	}{
 		{
 			description: "create new scanner and call scan, no error",
 			targets: []string{"localhost"},
 			ports:   []string{"80"},
 			speed:   5,
 		},
 		{
 			description: "create new scanner with missing nmap installation",
 			removePath: true,
 			ports:      []string{"80"},
 			expectedErr: errors.New("unable to create network scanner: 'nmap' binary was not found"),
 		},
 	}
 	for _, test := range tests {
 		t.Run(test.description, func(t *testing.T) {
 			if test.removePath {
 				os.Setenv("PATH", "")
 			}
 			scanner := &Scanner{
 				term:    disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),
 				targets: test.targets,
 				ports:   test.ports,
 				speed:   test.speed,
 			}
 			result, err := scanner.Scan()
 			assert.Equal(t, test.expectedErr, err)
 			assert.Equal(t, test.expectedStreams, result)
 		})
 	}
 }
 func TestInternalScan(t *testing.T) {
 	tests := []struct {
 		description string
 		nmapResult *nmap.Run
 		nmapError  error
 		expectedStreams []Stream
 		expectedErr     error
 	}{
 		{
 			description: "valid streams",
 			nmapResult: &nmap.Run{
 				Hosts: []nmap.Host{
 					{
 						Addresses: []nmap.Address{
 							{
 								Addr: validStream1.Address,
 							},
 						},
 						Ports: []nmap.Port{
 							{
 								State: nmap.State{
 									State: "open",
 								},
 								ID: validStream1.Port,
 								Service: nmap.Service{
 									Name:    "rtsp",
 									Product: validStream1.Device,
 								},
 							},
 						},
 					},
 					{
 						Addresses: []nmap.Address{
 							{
 								Addr: validStream2.Address,
 							},
 						},
 						Ports: []nmap.Port{
 							{
 								State: nmap.State{
 									State: "open",
 								},
 								ID: validStream2.Port,
 								Service: nmap.Service{
 									Name:    "rtsp-alt",
 									Product: validStream2.Device,
 								},
 							},
 						},
 					},
 				},
 			},
 			expectedStreams: []Stream{validStream1, validStream2},
 		},
 		{
 			description: "two invalid targets, no error",
 			nmapResult: &nmap.Run{
 				Hosts: []nmap.Host{
 					{
 						Addresses: []nmap.Address{
 							{
 								Addr: invalidStreamNoPort.Address,
 							},
 						},
 					},
 					{
 						Addresses: []nmap.Address{},
 						Ports: []nmap.Port{
 							{
 								State: nmap.State{
 									State: "open",
 								},
 								ID: validStream2.Port,
 								Service: nmap.Service{
 									Name:    "rtsp-alt",
 									Product: invalidStreamNoAddress.Device,
 								},
 							},
 						},
 					},
 				},
 			},
 			expectedStreams: nil,
 		},
 		{
 			description: "different port states, no error",
 			nmapResult: &nmap.Run{
 				Hosts: []nmap.Host{
 					{
 						Addresses: []nmap.Address{
 							{
 								Addr: invalidStreamNoPort.Address,
 							}},
 						Ports: []nmap.Port{
 							{
 								State: nmap.State{
 									State: "closed",
 								},
 								ID: validStream2.Port,
 								Service: nmap.Service{
 									Name:    "rtsp-alt",
 									Product: invalidStreamNoAddress.Device,
 								},
 							},
 						},
 					},
 					{
 						Addresses: []nmap.Address{
 							{
 								Addr: invalidStreamNoPort.Address,
 							}},
 						Ports: []nmap.Port{
 							{
 								State: nmap.State{
 									State: "unfiltered",
 								},
 								ID: validStream2.Port,
 								Service: nmap.Service{
 									Name:    "rtsp-alt",
 									Product: invalidStreamNoAddress.Device,
 								},
 							},
 						},
 					},
 					{
 						Addresses: []nmap.Address{
 							{
 								Addr: invalidStreamNoPort.Address,
 							}},
 						Ports: []nmap.Port{
 							{
 								State: nmap.State{
 									State: "filtered",
 								},
 								ID: validStream2.Port,
 								Service: nmap.Service{
 									Name:    "rtsp-alt",
 									Product: invalidStreamNoAddress.Device,
 								},
 							},
 						},
 					},
 				},
 			},
 			expectedStreams: nil,
 		},
 		{
 			description: "not rtsp, no error",
 			nmapResult: &nmap.Run{
 				Hosts: []nmap.Host{
 					{
 						Addresses: []nmap.Address{
 							{
 								Addr: invalidStreamNoPort.Address,
 							}},
 						Ports: []nmap.Port{
 							{
 								State: nmap.State{
 									State: "open",
 								},
 								ID: validStream2.Port,
 								Service: nmap.Service{
 									Name:    "tcp",
 									Product: invalidStreamNoAddress.Device,
 								},
 							},
 						},
 					},
 				},
 			},
 			expectedStreams: nil,
 		},
 		{
 			description: "no hosts found",
 			nmapResult:      &nmap.Run{},
 			expectedStreams: nil,
 		},
 		{
 			description: "scan failed",
 			nmapError:   errors.New("scan failed"),
 			expectedErr: errors.New("error while scanning network: scan failed"),
 		},
 	}
 	for _, test := range tests {
 		t.Run(test.description, func(t *testing.T) {
 			nmapMock := &nmapMock{}
 			nmapMock.On("Run").Return(test.nmapResult, test.nmapError)
 			scanner := &Scanner{
 				term: disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),
 			}
 			results, err := scanner.scan(nmapMock)
 			assert.Equal(t, test.expectedErr, err)
 			assert.Equal(t, test.expectedStreams, results, "wrong streams parsed")
 			assert.Equal(t, len(test.expectedStreams), len(results), "wrong streams parsed")
 			nmapMock.AssertExpectations(t)
 		})
 	}
 }
@@ -0,0 +1,143 @@
 package cameradar
 import (
 	"fmt"
 	"os"
 	"strings"
 	"time"
 	"github.com/ullaakut/disgo"
 	curl "github.com/ullaakut/go-curl"
 )
 // Scanner represents a cameradar scanner. It scans a network and
 // attacks all streams found to get their RTSP credentials.
 type Scanner struct {
 	curl Curler
 	term *disgo.Terminal
 	targets                  []string
 	ports                    []string
 	debug                    bool
 	verbose                  bool
 	speed                    int
 	timeout                  time.Duration
 	credentialDictionaryPath string
 	routeDictionaryPath      string
 	credentials Credentials
 	routes      Routes
 }
 // New creates a new Cameradar Scanner and applies the given options.
 func New(options ...func(*Scanner)) (*Scanner, error) {
 	err := curl.GlobalInit(curl.GLOBAL_ALL)
 	if err != nil {
 		return nil, fmt.Errorf("unable to initialize curl library: %v", err)
 	}
 	handle := curl.EasyInit()
 	if handle == nil {
 		return nil, fmt.Errorf("unable to initialize curl handle: %v", err)
 	}
 	scanner := &Scanner{
 		curl:                     &Curl{CURL: handle},
 		credentialDictionaryPath: "<GOPATH>/src/github.com/ullaakut/cameradar/dictionaries/credentials.json",
 		routeDictionaryPath:      "<GOPATH>/src/github.com/ullaakut/cameradar/dictionaries/routes",
 	}
 	for _, option := range options {
 		option(scanner)
 	}
 	gopath := os.Getenv("GOPATH")
 	scanner.credentialDictionaryPath = strings.Replace(scanner.credentialDictionaryPath, "<GOPATH>", gopath, 1)
 	scanner.routeDictionaryPath = strings.Replace(scanner.routeDictionaryPath, "<GOPATH>", gopath, 1)
 	scanner.term = disgo.NewTerminal(
 		disgo.WithDebug(scanner.debug),
 	)
 	err = scanner.LoadTargets()
 	if err != nil {
 		return nil, fmt.Errorf("unable to parse target file: %v", err)
 	}
 	scanner.term.StartStepf("Loading credentials")
 	err = scanner.LoadCredentials()
 	if err != nil {
 		return nil, scanner.term.FailStepf("unable to load credentials dictionary: %v", err)
 	}
 	scanner.term.StartStepf("Loading routes")
 	err = scanner.LoadRoutes()
 	if err != nil {
 		return nil, scanner.term.FailStepf("unable to load credentials dictionary: %v", err)
 	}
 	disgo.EndStep()
 	return scanner, nil
 }
 // WithTargets specifies the targets to scan and attack.
 func WithTargets(targets []string) func(s *Scanner) {
 	return func(s *Scanner) {
 		s.targets = targets
 	}
 }
 // WithPorts specifies the ports to scan and attack.
 func WithPorts(ports []string) func(s *Scanner) {
 	return func(s *Scanner) {
 		s.ports = ports
 	}
 }
 // WithDebug specifies whether or not to enable debug logs.
 func WithDebug(debug bool) func(s *Scanner) {
 	return func(s *Scanner) {
 		s.debug = debug
 	}
 }
 // WithVerbose specifies whether or not to enable verbose logs.
 func WithVerbose(verbose bool) func(s *Scanner) {
 	return func(s *Scanner) {
 		s.verbose = verbose
 	}
 }
 // WithCustomCredentials specifies a custom credential dictionary
 // to use for the attacks.
 func WithCustomCredentials(dictionaryPath string) func(s *Scanner) {
 	return func(s *Scanner) {
 		s.credentialDictionaryPath = dictionaryPath
 	}
 }
 // WithCustomRoutes specifies a custom route dictionary
 // to use for the attacks.
 func WithCustomRoutes(dictionaryPath string) func(s *Scanner) {
 	return func(s *Scanner) {
 		s.routeDictionaryPath = dictionaryPath
 	}
 }
 // WithSpeed specifies the speed at which the scan should be executed. Faster
 // means easier to detect, slower has bigger timeout values and is more silent.
 func WithSpeed(speed int) func(s *Scanner) {
 	return func(s *Scanner) {
 		s.speed = speed
 	}
 }
 // WithTimeout specifies the amount of time after which attack requests should
 // timeout. This should be high if the network you are attacking has a poor
 // connectivity or that you are located far away from it.
 func WithTimeout(timeout time.Duration) func(s *Scanner) {
 	return func(s *Scanner) {
 		s.timeout = timeout
 	}
 }
@@ -0,0 +1,133 @@
 package cameradar
 import (
 	"fmt"
 	"io/ioutil"
 	"testing"
 	"time"
 	"github.com/stretchr/testify/assert"
 	curl "github.com/ullaakut/go-curl"
 )
 func TestNew(t *testing.T) {
 	tests := []struct {
 		description string
 		targets           []string
 		ports             []string
 		debug             bool
 		verbose           bool
 		customCredentials string
 		customRoutes      string
 		speed             int
 		timeout           time.Duration
 		loadTargetsFail bool
 		loadCredsFail   bool
 		loadRoutesFail  bool
 		curlGlobalFail bool
 		curlEasyFail   bool
 		expectedErr bool
 	}{
 		{
 			description: "no error while loading dictionaries",
 			targets: []string{"titi", "toto"},
 			ports:   []string{"554"},
 			debug:   true,
 			verbose: false,
 			speed:   3,
 			timeout: time.Millisecond,
 		},
 		{
 			description: "unable to load targets",
 			loadTargetsFail: true,
 			expectedErr: true,
 		},
 		{
 			description: "unable to load credentials",
 			loadCredsFail: true,
 			expectedErr: true,
 		},
 		{
 			description: "unable to load routes",
 			loadRoutesFail: true,
 			expectedErr: true,
 		},
 		{
 			description: "curl fails to init",
 			curlGlobalFail: true,
 			expectedErr: true,
 		},
 		{
 			description: "curl fails to create handle",
 			curlEasyFail: true,
 			expectedErr: true,
 		},
 	}
 	for i, test := range tests {
 		t.Run(test.description, func(t *testing.T) {
 			if test.loadTargetsFail {
 				test.targets = []string{generateTmpFileName(i, "targets")}
 				ioutil.WriteFile(test.targets[0], []byte(`0.0.0.0`), 0000)
 			}
 			if !test.loadCredsFail {
 				test.customCredentials = generateTmpFileName(i, "creds")
 				ioutil.WriteFile(test.customCredentials, []byte(`{"usernames":["admin"],"passwords":["admin"]}`), 0644)
 			}
 			if !test.loadRoutesFail {
 				test.customRoutes = generateTmpFileName(i, "routes")
 				ioutil.WriteFile(test.customRoutes, []byte(`live.sdp`), 0644)
 			}
 			curl.TestGlobalFail = test.curlGlobalFail
 			curl.TestEasyFail = test.curlEasyFail
 			scanner, err := New(
 				WithTargets(test.targets),
 				WithPorts(test.ports),
 				WithDebug(test.debug),
 				WithVerbose(test.verbose),
 				WithSpeed(test.speed),
 				WithTimeout(test.timeout),
 				WithCustomCredentials(test.customCredentials),
 				WithCustomRoutes(test.customRoutes),
 			)
 			if test.expectedErr {
 				assert.Error(t, err)
 			} else {
 				assert.NoError(t, err)
 			}
 			if scanner != nil {
 				assert.Equal(t, test.targets, scanner.targets)
 				assert.Equal(t, test.ports, scanner.ports)
 				assert.Equal(t, test.debug, scanner.debug)
 				assert.Equal(t, test.verbose, scanner.verbose)
 				assert.Equal(t, test.speed, scanner.speed)
 				assert.Equal(t, test.timeout, scanner.timeout)
 			}
 		})
 	}
 }
 func generateTmpFileName(iteration int, purpose string) string {
 	return fmt.Sprintf("/tmp/cameradar_test_scanner_%s_%d_%d", purpose, time.Now().Unix(), iteration)
 }
@@ -0,0 +1,63 @@
 package cameradar
 import (
 	"github.com/ullaakut/disgo/style"
 	curl "github.com/ullaakut/go-curl"
 )
 // PrintStreams prints information on each stream.
 func (s *Scanner) PrintStreams(streams []Stream) {
 	if len(streams) == 0 {
 		s.term.Infof("%s No streams were found. Please make sure that your target is on an accessible network.\n", style.Failure(style.SymbolCross))
 	}
 	success := 0
 	for _, stream := range streams {
 		if stream.Available {
 			s.term.Infof("%s\tDevice RTSP URL:\t%s\n", style.Success(style.SymbolRightTriangle), style.Link(GetCameraRTSPURL(stream)))
 			s.term.Infof("\tAvailable:\t\t%s\n", style.Success(style.SymbolCheck))
 			success++
 		} else {
 			s.term.Infof("%s\tAdmin panel URL:\t%s You can use this URL to try attacking the camera's admin panel instead.\n", style.Failure(style.SymbolCross), style.Link(GetCameraAdminPanelURL(stream)))
 			s.term.Infof("\tAvailable:\t\t%s\n", style.Failure(style.SymbolCross))
 		}
 		if len(stream.Device) > 0 {
 			s.term.Infof("\tDevice model:\t\t%s\n\n", stream.Device)
 		}
 		s.term.Infof("\tIP address:\t\t%s\n", stream.Address)
 		s.term.Infof("\tRTSP port:\t\t%d\n", stream.Port)
 		switch stream.AuthenticationType {
 		case curl.AUTH_NONE:
 			s.term.Infoln("\tThis camera does not require authentication")
 		case curl.AUTH_BASIC:
 			s.term.Infoln("\tAuth type:\t\tbasic")
 		case curl.AUTH_DIGEST:
 			s.term.Infoln("\tAuth type:\t\tdigest")
 		}
 		if stream.CredentialsFound {
 			s.term.Infof("\tUsername:\t\t%s\n", style.Success(stream.Username))
 			s.term.Infof("\tPassword:\t\t%s\n", style.Success(stream.Password))
 		} else {
 			s.term.Infof("\tUsername:\t\t%s\n", style.Failure("not found"))
 			s.term.Infof("\tPassword:\t\t%s\n", style.Failure("not found"))
 		}
 		if stream.RouteFound {
 			s.term.Infof("\tRTSP route:\t\t%s\n\n\n", style.Success("/"+stream.Route))
 		} else {
 			s.term.Infof("\tRTSP route:\t\t%s\n\n\n", style.Failure("not found"))
 		}
 	}
 	if success > 1 {
 		s.term.Infof("%s Successful attack: %s devices were accessed", style.Success(style.SymbolCheck), style.Success(len(streams)))
 	} else if success == 1 {
 		s.term.Infof("%s Successful attack: %s device was accessed", style.Success(style.SymbolCheck), style.Success("one"))
 	} else {
 		s.term.Infof("%s Streams were found but none were accessed. They are most likely configured with secure credentials and routes. You can try adding entries to the dictionary or generating your own in order to attempt a bruteforce attack on the cameras.\n", style.Failure("\xE2\x9C\x96"))
 	}
 }
@@ -0,0 +1,186 @@
 package cameradar
 import (
 	"bytes"
 	"testing"
 	"github.com/stretchr/testify/assert"
 	"github.com/ullaakut/disgo"
 )
 var (
 	unavailable = Stream{}
 	available = Stream{
 		Available: true,
 	}
 	deviceFound = Stream{
 		Device: "devicename",
 	}
 	noAuth = Stream{
 		AuthenticationType: 0,
 	}
 	basic = Stream{
 		AuthenticationType: 1,
 	}
 	digest = Stream{
 		AuthenticationType: 2,
 	}
 	credsFound = Stream{
 		CredentialsFound: true,
 		Username:         "us3r",
 		Password:         "p4ss",
 	}
 	routeFound = Stream{
 		RouteFound: true,
 		Route:      "r0ute",
 	}
 )
 func TestPrintStreams(t *testing.T) {
 	tests := []struct {
 		description string
 		streams []Stream
 		expectedLogs []string
 	}{
 		{
 			description: "displays the proper message when no streams found",
 			streams: nil,
 			expectedLogs: []string{"No streams were found"},
 		},
 		{
 			description: "displays the admin panel URL when a stream is not accessible",
 			streams: []Stream{
 				unavailable,
 			},
 			expectedLogs: []string{"Admin panel URL"},
 		},
 		{
 			description: "displays the device name when it is found",
 			streams: []Stream{
 				deviceFound,
 			},
 			expectedLogs: []string{"Device model:"},
 		},
 		{
 			description: "displays authentication type (no auth)",
 			streams: []Stream{
 				noAuth,
 			},
 			expectedLogs: []string{"This camera does not require authentication"},
 		},
 		{
 			description: "displays authentication type (basic)",
 			streams: []Stream{
 				basic,
 			},
 			expectedLogs: []string{"basic"},
 		},
 		{
 			description: "displays authentication type (digest)",
 			streams: []Stream{
 				digest,
 			},
 			expectedLogs: []string{"digest"},
 		},
 		{
 			description: "displays credentials properly",
 			streams: []Stream{
 				credsFound,
 			},
 			expectedLogs: []string{
 				"Username",
 				"us3r",
 				"Password",
 				"p4ss",
 			},
 		},
 		{
 			description: "displays route properly",
 			streams: []Stream{
 				routeFound,
 			},
 			expectedLogs: []string{
 				"RTSP route",
 				"/r0ute",
 			},
 		},
 		{
 			description: "displays successes properly (no success)",
 			streams: []Stream{
 				unavailable,
 			},
 			expectedLogs: []string{
 				"Streams were found but none were accessed",
 			},
 		},
 		{
 			description: "displays successes properly (1 success)",
 			streams: []Stream{
 				available,
 			},
 			expectedLogs: []string{
 				"Successful attack",
 				"device was accessed",
 			},
 		},
 		{
 			description: "displays successes properly (multiple successes)",
 			streams: []Stream{
 				available,
 				available,
 				available,
 				available,
 			},
 			expectedLogs: []string{
 				"Successful attack",
 				"devices were accessed",
 			},
 		},
 	}
 	for _, test := range tests {
 		t.Run(test.description, func(t *testing.T) {
 			writer := &bytes.Buffer{}
 			scanner := &Scanner{
 				term: disgo.NewTerminal(disgo.WithDefaultOutput(writer)),
 			}
 			scanner.PrintStreams(test.streams)
 			for _, expectedLog := range test.expectedLogs {
 				assert.Contains(t, writer.String(), expectedLog)
 			}
 		})
 	}
 }
@@ -0,0 +1,191 @@
 package main
 import (
 	"bytes"
 	"fmt"
 	"io/ioutil"
 	"log"
 	"net/http"
 	"sort"
 	"strings"
 	"sync"
 	"github.com/ullaakut/disgo/style"
 	"github.com/PuerkitoBio/goquery"
 	"github.com/ullaakut/disgo"
 	"github.com/vbauerster/mpb"
 	"github.com/vbauerster/mpb/decor"
 )
 const dictionaryURL = "https://community.geniusvision.net/platform/cprndr/manulist"
 var rtspURLsFound sync.Map
 func main() {
 	if err := updateDictionary(); err != nil {
 		log.Fatalf(err.Error())
 	}
 }
 func updateDictionary() error {
 	disgo.SetTerminalOptions(disgo.WithColors(true), disgo.WithDebug(true))
 	disgo.StartStep("Fetching dictionary list")
 	resp, err := http.Get(dictionaryURL)
 	if err != nil {
 		return disgo.FailStepf("unable to download dictionaries: %v", err)
 	}
 	defer resp.Body.Close()
 	disgo.StartStep("Parsing dictionary list")
 	doc, err := goquery.NewDocumentFromReader(resp.Body)
 	if err != nil {
 		return disgo.FailStepf("unable to read from dictionary list: %v", err)
 	}
 	var vendorURLs []string
 	doc.Find("td.simpletable a").Each(func(i int, s *goquery.Selection) {
 		url, ok := s.Attr("href")
 		if !ok {
 			return
 		}
 		if url != "javascript:void(0)" {
 			vendorURLs = append(vendorURLs, url)
 		}
 	})
 	disgo.StartStep("Loading current cameradar dictionary")
 	currentDictionary, err := ioutil.ReadFile("dictionaries/routes")
 	if err != nil {
 		return disgo.FailStepf("unable to read current dictionary: %v", err)
 	}
 	dictionaryEntries := bytes.Split(currentDictionary, []byte("\n"))
 	for _, rtspURL := range dictionaryEntries {
 		rtspURLsFound.Store(string(rtspURL), struct{}{})
 	}
 	disgo.Debugf("Current dictionary has %d entries\n", len(dictionaryEntries))
 	disgo.EndStep()
 	p := mpb.New(mpb.WithWidth(64))
 	name := fmt.Sprintf("Fetching default routes from %d constructors:", len(vendorURLs))
 	bar := p.AddBar(int64(len(vendorURLs)),
 		// set custom bar style, default one is "[=>-]"
 		mpb.BarStyle("╢▌▌░╟"),
 		mpb.PrependDecorators(
 			// display our name with one space on the right
 			decor.Name(name, decor.WC{W: len(name), C: decor.DidentRight}),
 		),
 		mpb.AppendDecorators(decor.Percentage()),
 	)
 	for _, url := range vendorURLs {
 		go loadRoutes(url, bar)
 	}
 	p.Wait()
 	disgo.StartStep("Converting found routes into proper data model")
 	var rtspURLs []string
 	rtspURLsFound.Range(func(rtspURL, _ interface{}) bool {
 		disgo.Infoln("Adding URL", rtspURL.(string))
 		rtspURLs = append(rtspURLs, rtspURL.(string))
 		return true
 	})
 	sort.Slice(rtspURLs, func(a, b int) bool {
 		return rtspURLs[a] < rtspURLs[b]
 	})
 	disgo.EndStep()
 	if len(dictionaryEntries) < len(rtspURLs) {
 		disgo.Infof("%s Saving them in cameradar default dictionary.\n", style.Success("Found ", len(rtspURLs)-len(dictionaryEntries), " new entries!"))
 		saveRoutes(rtspURLs)
 	} else {
 		disgo.Infoln(style.Success("No new entry found, dictionary up-to-date! :)"))
 	}
 	return nil
 }
 func loadRoutes(url string, bar *mpb.Bar) {
 	defer bar.IncrBy(1)
 	var (
 		failureCounter int
 		resp           *http.Response
 		err            error
 	)
 	for failureCounter < 5 {
 		resp, err = http.Get(url)
 		if err != nil {
 			failureCounter++
 		} else {
 			break
 		}
 	}
 	if failureCounter == 5 {
 		disgo.Errorln("Request failed 5 times in a row, giving up on this vendor")
 		return
 	}
 	defer resp.Body.Close()
 	doc, err := goquery.NewDocumentFromReader(resp.Body)
 	if err != nil {
 		disgo.Errorf("unable to read from dictionary list for URL %q: %v\n", url, err)
 		return
 	}
 	doc.Find("tr.simpletable td.simpletable:nth-child(4) a").Each(func(i int, s *goquery.Selection) {
 		rtspURL := s.Text()
 		if strings.HasPrefix(rtspURL, "(") && strings.HasSuffix(rtspURL, ")") {
 			return
 		}
 		if strings.HasPrefix(rtspURL, "[") && strings.HasSuffix(rtspURL, "]") {
 			return
 		}
 		if strings.HasPrefix(rtspURL, "http://") {
 			return
 		}
 		// Skip the port and only get the route.
 		if strings.HasPrefix(rtspURL, "rtsp://ip-addr:") {
 			routeAndPort := strings.TrimSpace(strings.TrimPrefix(rtspURL, "rtsp://ip-addr:"))
 			route := strings.TrimLeft(routeAndPort, "0123456789/")
 			rtspURLsFound.Store(route, struct{}{})
 			return
 		}
 		switch rtspURL {
 		case "",
 			"rtsp://ip-addr/",
 			"rtsp://ip-addr",
 			"rtsp://ip-addr:pass@10.0.0.5:6667/blinkhd":
 			return
 		default:
 			route := strings.TrimSpace(strings.TrimPrefix(rtspURL, "rtsp://ip-addr/"))
 			rtspURLsFound.Store(route, struct{}{})
 		}
 	})
 }
 func saveRoutes(rtspURLs []string) {
 	contents := strings.Join(rtspURLs, "\n")
 	disgo.StartStep("Writing new dictionary file")
 	err := ioutil.WriteFile("dictionaries/routes", []byte(contents), 0644)
 	if err != nil {
 		disgo.FailStepf("unable to write dictionnary: %v", err)
 	}
 }
Author	SHA1	Message	Date
Brendan Le Glaunec	212ac2f0d5	Cameradar v4 (#212 ) * Refactor of cameradar library * Old unit tests updated & improved. New unit tests inc * Update documentation & issue template * Update dependencies * Update TravisCI build script to reflect argument change * Remove outdated contributing guide * Update README with more examples and remove part on library * Add second camera to Travis build script & improve error detection * Fix typo in travis script & add missing image to readme * Remember that travis uses bash syntax not fish * Use relative paths for images in the README	2019-05-26 08:33:08 +02:00
Brendan Le Glaunec	2e49587cc2	Remove erroneous route and update dictionary updater (#207 ) * Remove erroneous route and update dictionary updater * Rename dictionary updater	2019-05-23 09:19:04 +02:00
Brendan Le Glaunec	47285675b9	Add route dictionary generator (#204 )	2019-05-23 01:42:04 +02:00
Brendan Le Glaunec	2678df2e4c	Add default credentials for aiphone cameras (#203 )	2019-05-22 22:25:32 +02:00
Ullaakut	862e9f3de9	Add unit tests for DetectAuthType function	2019-05-22 22:14:36 +02:00
Ullaakut	260a9645be	Add digest authentication support	2019-05-22 22:14:36 +02:00
Brendan Le Glaunec	1d5d606085	Update documentation on new dependency management (#200 )	2019-05-21 07:31:18 +02:00
Brendan LE GLAUNEC	c249be1cc0	Update documentation on new dependency management (#196 )	2019-05-11 16:48:37 +02:00
Brendan LE GLAUNEC	1ec3a5fe44	Update documentation on new dependency management (#195 )	2019-05-11 16:33:16 +02:00
Ullaakut	3b082ea736	Update to disgo 0.3.0	2019-04-06 12:56:15 +02:00
Brendan LE GLAUNEC	b6ebd468c6	Integrate Disgo for user interface (#193 )	2019-03-10 20:12:46 +01:00
Brendan LE GLAUNEC	ceb210f281	Switch to go modules, use forked go-curl to fix CI (#192 )	2019-03-10 19:14:11 +01:00
Brendan LE GLAUNEC	fcb627dccd	Update Readme with new dependencies and update copyright date (#191 )	2019-03-10 17:16:39 +01:00
Ullaakut	098460702b	Fix environment key delimiter & fix environment overrides in docker image	2019-01-24 09:43:13 +01:00
Brendan LE GLAUNEC	5849898283	Cameradar 3.0.0: Uses ullaakut/nmap, runs faster, removed legacy code (#188 ) Unit tests functional and coverage back to 100% Add more routes to dictionary, add more credentials, add default port 5554, rename cameradar logs ENV variable, improve unit test readability, remove tmp file	2019-01-22 21:16:16 +01:00
Ullaakut	878ca9f032	Update dependencies	2018-12-25 10:17:54 +01:00
Isaev Denis	24f86b74f5	Add .golangci.yml and update dep (#184 ) * add .golangci.yml and update dep Prepare environment for https://golangci.com builds by installing libcurl-dev. Also update dep from 0.4.1 to 0.5.0 * Fix coveralls command in TravisCI script	2018-11-26 08:47:48 +01:00
Brendan LE GLAUNEC	a8c1c8c63b	Remove erroneous backquote from README	2018-11-12 07:41:23 +01:00
Brendan LE GLAUNEC	1ff17c429b	#169 Parse target list from text file (#177 ) * Add file parsing for targets & fix multi targets in docker * Remove deprecated info in README & update examples	2018-11-12 07:40:31 +01:00
Brendan LE GLAUNEC	145724bc95	Add dep to dependencies	2018-10-17 08:44:59 +02:00
Ullaakut	5aefc9831d	Add golang CI badge & redesign readme header	2018-10-02 08:45:25 +02:00
Ullaakut	cf3ca440b9	Simplify condition checks to improve code readability	2018-10-01 19:52:15 +02:00
Brendan Le Glaunec	4109a4405d	Add unit tests for stream validation	2018-07-22 17:34:48 +02:00
Brendan Le Glaunec	055dc69158	Add stream validation pt2 -- need to add unit tests	2018-07-22 17:34:48 +02:00
Brendan Le Glaunec	1ea9850842	Add stream validation -- need to add unit tests	2018-07-22 17:34:48 +02:00
Brendan Le Glaunec	6e92eecdf6	Fix import typo	2018-07-03 17:10:53 +02:00
Brendan Le Glaunec	844f1e31af	Fix XML model addrtype attribute name	2018-07-03 17:10:53 +02:00
Brendan Le Glaunec	fd83be9d95	Add unit test with ipv4 and MAC addr	2018-07-03 17:10:53 +02:00
Brendan Le Glaunec	456f7fffc5	No longer import hosts using their MAC addresses	2018-07-03 17:10:53 +02:00
Brendan Le Glaunec	541d64168d	Remove docker push from CI script after realization it's insecure	2018-05-04 17:56:18 +02:00
Brendan Le Glaunec	26c4c80fd2	Add default credentials for dahua NVR (http://www.dahuatech.com/)	2018-05-04 17:56:18 +02:00
Brendan Le Glaunec	bcc8099f91	Fix crash #174 by duplicating curl handle Wrap libcurl to bypass lack of covariance support	2018-03-13 11:45:42 +01:00
Brendan Le Glaunec	6392dcd9a0	Update contributing guidelines & update CHANGELOG	2018-03-12 15:46:08 +01:00
Brendan Le Glaunec	916e1713d8	Update dependencies	2018-03-12 15:04:06 +01:00
Brendan Le Glaunec	08fcfcdac8	Remove responsibility for Attack methods to declare no attack success as an error	2018-03-12 15:04:06 +01:00
Brendan Le Glaunec	20daf73371	Migrate cameradar server to cameradar-app repo	2018-03-12 15:04:06 +01:00
Brendan Le Glaunec	b909643c21	Remove all mentions of glide & add instructions to install dep	2018-03-12 15:04:06 +01:00
Brendan Le Glaunec	5a0ee4aaa7	Move repository to Ullaakut	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	8289f1edda	Add coverage badge	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	74672f6625	Increase test coverage, mock libcurl & uniformize error messages	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	c1ea6b167c	Fix misspelling and format using the -s option	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	71679691c4	Add example usage for testing purposes	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	cbf6f647aa	Add Coveralls integration	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	fb9c5afc5f	Switch from glide to dep & fix CI (#152 ) (#153 )	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	5d2626b639	Change license to MIT	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	2399df693d	Add examples in help message	2018-03-12 15:04:06 +01:00
Ishan Jain	df44c7d6f1	Add environment variables support	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	6d296b84d5	Clean implementation of JSONRPC server	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	1dadb93452	Cameradar service scans & attacks over WS	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	6ea4f6e123	WIP JSONRPC2 implementation	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	5a8417cf18	Basic bidirectional WS server - Fake temporary protocol (will probably be JSON RPC later) - Service can write freely to client through server - Any new component we need (workers, etc.) can access the channels to write to the client	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	4e922a2a48	Start cameradar server to communicate with GUI	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	3ef48a97cf	Fix CI for PRs originating from forks	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	35d629d8ce	Nmap output is now correctly logged	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	dba1391a08	Fix dictionary path for binary & use glide in CI	2018-03-12 15:04:06 +01:00
Brendan LE GLAUNEC	961d34d05a	Migrate GUI to another repository	2018-03-12 15:04:05 +01:00
Gael du Plessix	5d0c21c5d9	Setup travis email notifications for Brendy only	2018-03-12 15:04:05 +01:00
Gael du Plessix	71046216ce	Add GUI dev environment (#114 ) Setup dev tools to build GUI using ReasonML + Electron Use react-scripts instead of custom build config Add electron command Rename command	2018-03-12 15:04:05 +01:00
Brendan LE GLAUNEC	89647ae457	Fix timeout and unresponsive cameras being detected as successful & add error message Update unit tests Fix deadlock in libcurl for tests to stop failing randomly	2018-03-12 15:04:05 +01:00
Brendan LE GLAUNEC	216d30fd45	Add issue template	2018-03-12 15:04:05 +01:00
Brendan LE GLAUNEC	82e36e1fd3	Update file architecture to make go install work	2018-03-12 15:04:05 +01:00
Brendan LE GLAUNEC	34994e615a	Fix in README.md	2018-03-12 15:04:05 +01:00
Brendan LE GLAUNEC	6daceaeb2b	Add glide package manager	2018-03-12 15:04:05 +01:00
Brendan LE GLAUNEC	50da5ea82d	Fix usage of custom dictionaries in docker image	2018-03-12 15:04:05 +01:00
Brendan LE GLAUNEC	da7fb6cd49	Add more credentials to default dictionary	2018-03-12 15:04:05 +01:00
Brendan LE GLAUNEC	cfa90b36d8	Fix output when logs enabled	2018-03-12 15:04:05 +01:00
Brendan LE GLAUNEC	72fb21b132	Add multi stage docker build Upgrade travis docker version	2018-03-12 15:04:05 +01:00
Brendan LE GLAUNEC	948bfce5a0	Removed Output part from README	2018-03-12 15:04:05 +01:00
Brendan LE GLAUNEC	049a43ace2	Add gif to README.md	2018-03-12 15:04:05 +01:00
Brendan LE GLAUNEC	1c845d2b3c	Improve UX - Add spinner and messages Improve UX - Add number of streams being attacked	2018-03-12 15:04:05 +01:00
Brendan LE GLAUNEC	cb74761675	Add unit tests and functional test in CI * Unit tests Discover 90% The NmapRun function needs a refacto to make it use adaptors instead of directly calling exec.Command, exec.Command.StdoutPipe, exec.Command.Start, bufio.Scanner.Scan and bufio.Scanner.Err It makes me uncomfortable to push a test file that covers only 90%, but it's better than none, and the 10 missing %s are not very error-prone so it should be okay to delay this part a bit. For now it's more urgent to test as much of the code as possible * Unit tests Helpers 100% * Unit tests Loaders 100% - Attack 85% Once again, the Attack functions are not as simple as the rest to unit test, so I will refacto all of this to use a CURL adaptor later, but for now the total is of 88.6% of coverage, which is good enough for something I spent 2 hours on * Add testing to CI validation process * CI now does functional testing with RTSPATT * Change travis language to bash	2018-03-12 15:04:05 +01:00
Brendan LE GLAUNEC	be63c6a231	Add package overview & fix dead link	2018-03-12 15:04:05 +01:00
Brendan LE GLAUNEC	eab18925c7	Add godoc badge and remove temporary images	2018-03-12 15:04:00 +01:00
Brendan LE GLAUNEC	4c9d23acb1	Improve comments & improve cameraccess speed	2018-03-12 15:00:02 +01:00
Brendan LE GLAUNEC	ecdac00145	Move cameradar to root folder	2018-03-12 14:59:59 +01:00
Brendan LE GLAUNEC	2555a86f5f	Add known bugs to README & update examples	2018-03-12 14:59:56 +01:00
Brendan LE GLAUNEC	ebce965730	Remove debug logs from previous PR	2018-03-12 14:59:50 +01:00
Brendan LE GLAUNEC	a2af1329d7	Fix bug for some cameras running gst rtsp server	2018-03-12 14:59:47 +01:00
Brendan LE GLAUNEC	bf3a967fad	Fix entrypoint ignoring parameters & fix default dictionary values	2018-03-12 14:59:44 +01:00
Brendan LE GLAUNEC	3dcc80a0e8	Fixes in readme and contributing.md (#77 ) (#79 ) Remove codacy badge	2018-03-12 14:59:38 +01:00
Brendan LE GLAUNEC	624ff8bc1b	Fixes in readme and contributing.md (#77 )	2018-03-12 14:59:22 +01:00
Brendan LE GLAUNEC	59f51f6149	Cameradar becomes a golang library and cameraccess replaces the old cameradar (#75 ) * Better performance * Better UX * Lighter docker image * More control over the features * Suited for devs * Better documentation * No tests yet	2018-03-12 14:59:16 +01:00
Brendan LE GLAUNEC	b4090b8301	Improve README.md	2018-03-12 14:59:13 +01:00
Brendan LE GLAUNEC	02b58ad1a9	Rename bruteforce to dictionary attack to avoid confusion (#71 )	2018-03-12 14:59:09 +01:00
Brendan LE GLAUNEC	81b7e893dc	Rename subnet to target to avoid confusion (#70 )	2018-03-12 14:59:06 +01:00
Brendan LE GLAUNEC	8c6c94cc34	Update README.md (#69 ) Add more precision to the subnetwork (-s) argument to cameradar to improve user experience	2018-03-12 14:59:03 +01:00
Brendan LE GLAUNEC	fac60679bc	Rename CONTRIBUTION.md to CONTRIBUTING.md (#66 )	2018-03-12 14:58:59 +01:00
Brendan LE GLAUNEC	55122d523c	Add new RTSP routes (#67 )	2018-03-12 14:58:56 +01:00
Brendan LE GLAUNEC	5825f14ef1	Fix golang style issues (#65 ) In writeResult.go, two error strings began with an uppercase letter and ended with a dot. See https://github.com/golang/go/wiki/Errors for more information	2018-03-12 14:58:53 +01:00
Brendan LE GLAUNEC	60c2f1f18c	Update Codacy badge URL	2018-03-12 14:58:50 +01:00
Brendan LE GLAUNEC	44e3911e01	Usage of the develop branch unrestricted I decided that putting a `2.0.0` branch in place would require too much work as it would mean maintaining two versions of Cameradar at the same time. Thus, we will just keep the normal workflow as we used to.	2018-03-12 14:58:47 +01:00
Brendan LE GLAUNEC	28f642d39f	Fix automatic Docker Hub deployment The previous travis script was only tagging latest and not the tag of the branch, which resulted in outdated tags on the DockerHub	2018-03-12 14:58:43 +01:00
Brendan LE GLAUNEC	4dfe99064b	Release 1.1.4	2018-03-12 14:58:40 +01:00
Brendan LE GLAUNEC	097cbe3df3	Rename MySQL table & Update CONTRIBUTION.md for 2.0.0	2018-03-12 14:58:37 +01:00
Brendan LE GLAUNEC	3123e34076	Improve docker image usage	2018-03-12 14:58:33 +01:00
Brendan LE GLAUNEC	c334ea9f91	Fix critical functional test bug	2018-03-12 14:58:29 +01:00
Brendan LE GLAUNEC	bfecea00ad	Add contribution doc & update readme & dictionaries	2018-03-12 14:58:26 +01:00
Brendan LE GLAUNEC	1c7c462771	Add code quality check & fixed output format	2018-03-12 14:58:23 +01:00
Brendan LE GLAUNEC	308ba24e90	Improve output & remove legacy code	2018-03-12 14:58:16 +01:00
Brendan LE GLAUNEC	4a8f6550af	Put Gitflow back in place	2018-03-12 14:58:13 +01:00
Brendan LE GLAUNEC	c56cce6319	Update contribution format guidelines	2018-03-12 14:58:10 +01:00
Brendan LE GLAUNEC	832e4f9fa2	Update contribution info	2018-03-12 14:58:06 +01:00
Brendan LE GLAUNEC	63008d19af	Enhanced the latest release badge Replaced the raw version with one that will get the latest tag automatically and update the badge.	2018-03-12 14:58:03 +01:00
Brendan LE GLAUNEC	fbd78301a0	Travis functional testing & minor changes	2018-03-12 14:57:59 +01:00
Brendan LE GLAUNEC	2961d68200	Travis build test integration & changes to docker deployment	2018-03-12 14:57:55 +01:00
Brendan LE GLAUNEC	f86683d9ca	Add docker pulls badge to README.md	2018-03-12 14:57:52 +01:00
Brendan LE GLAUNEC	58bcfb9ee5	Fix functional tests & multiple bugfixes & use CES	2018-03-12 14:57:49 +01:00
Brendan LE GLAUNEC	5be5124e70	Remove unnecessary null pointer checks	2018-03-12 14:57:46 +01:00
Brendan LE GLAUNEC	b8291710d9	Docker Hub instructions update	2018-03-12 14:57:42 +01:00
Brendan LE GLAUNEC	b51a8da125	Deployment update & Docker Hub integration	2018-03-12 14:57:39 +01:00
Brendan LE GLAUNEC	2a0882869b	Update deployment process	2018-03-12 14:57:36 +01:00
Brendan LE GLAUNEC	c3d690371b	Update package	2018-03-12 14:57:34 +01:00
Brendan LE GLAUNEC	30c099f872	Fix multithreading & add timeout to ffmpeg	2018-03-12 14:57:31 +01:00
Brendan LE GLAUNEC	c660c1a676	Update package	2018-03-12 14:57:28 +01:00
Brendan LE GLAUNEC	c44a88b57a	Add GST RTSP SERVER option	2018-03-12 14:57:25 +01:00
Brendan LE GLAUNEC	509017f8df	Add package generation to README	2018-03-12 14:57:22 +01:00
Brendan LE GLAUNEC	7243059cdb	Update package name & add packge generation script	2018-03-12 14:57:19 +01:00
Brendan LE GLAUNEC	cd3cfc3837	Update Readme & Remove debug logs	2018-03-12 14:57:16 +01:00
Brendan LE GLAUNEC	509d68f023	Multithreading & UX update	2018-03-12 14:57:13 +01:00
Brendan LE GLAUNEC	de757e848d	Add Cameradar logo to README.md	2018-03-12 14:57:10 +01:00
Brendan LE GLAUNEC	1fb462bab4	Add Cameradar logo	2018-03-12 14:57:07 +01:00
Brendan LE GLAUNEC	4c4312f9b5	Add standard Comelit RTSP URL to dictionary	2018-03-12 14:56:59 +01:00
Brendan LE GLAUNEC	ff684d7544	Update testing binary	2018-03-12 14:56:54 +01:00
Brendan LE GLAUNEC	b69b4dc98c	Create CHANGELOG.md	2018-03-12 14:56:51 +01:00
Brendan LE GLAUNEC	34351ae14e	Fix potential failure in MySQL CM and fix describe method	2018-03-12 14:56:48 +01:00
Brendan LE GLAUNEC	d9945f5e26	Fix nmap package detection	2018-03-12 14:56:45 +01:00
Brendan LE GLAUNEC	6247656a63	Improve README.md	2018-03-12 14:56:41 +01:00
Brendan LE GLAUNEC	c46217918f	Fix GStreamer check	2018-03-12 14:56:38 +01:00
Brendan LE GLAUNEC	330e4a1e85	Remove forgotten logs	2018-03-12 14:56:35 +01:00
Brendan LE GLAUNEC	bded05688e	Fix issues with MySQL CM	2018-03-12 14:56:32 +01:00
Brendan LE GLAUNEC	13e1836604	Update OS to 16.04 & remove boost dependency	2018-03-12 14:56:28 +01:00
Brendan LE GLAUNEC	d611d00b55	Update deployment version	2018-03-12 14:56:24 +01:00
Brendan LE GLAUNEC	e4a2e06def	Add functionnal testing	2018-03-12 14:56:16 +01:00
Brendan LE GLAUNEC	df3c21701d	Improve README.md	2018-03-12 14:56:13 +01:00
Brendan LE GLAUNEC	85c816c8cb	Fix issue with MySQL & deployment	2018-03-12 14:56:09 +01:00
Brendan LE GLAUNEC	4633d3f520	Improve CMakeLists.txt	2018-03-12 14:56:06 +01:00
Brendan LE GLAUNEC	60288c09e4	Improve README.md	2018-03-12 14:56:03 +01:00
Brendan LE GLAUNEC	49bc3820aa	Cameradar now supports badly configured cameras	2018-03-12 14:56:00 +01:00
Brendan LE GLAUNEC	eed8aa0e9d	Improve README.md	2018-03-12 14:55:57 +01:00
Brendan LE GLAUNEC	e13879ab77	Add quick MySQL docker deployment & code cleaning	2018-03-12 14:55:53 +01:00
Brendan LE GLAUNEC	8a8e4faa42	Add MySQL Cache Manager & code cleanup	2018-03-12 14:55:48 +01:00
Brendan LE GLAUNEC	faa2570883	Deployment / CPack / Docker / Boost / Versionning	2018-03-12 14:55:45 +01:00
Brendan LE GLAUNEC	5c0ee0c5a0	Fix jsoncpp download issue	2018-03-12 14:55:42 +01:00
Brendan LE GLAUNEC	780a32d706	Improve README.md	2018-03-12 14:55:38 +01:00
Brendan LE GLAUNEC	29f05e0b70	Improve README.md	2018-03-12 14:55:35 +01:00
Brendan LE GLAUNEC	0144b569ad	Update cloning method to HTTPS	2018-03-12 14:55:32 +01:00
Brendan LE GLAUNEC	dd2747d12a	Add Deployment / CPack / Docker / Boost / Versionning	2018-03-12 14:55:28 +01:00
Brendan LE GLAUNEC	5ef63cd7e6	Update README to add future improvement	2018-03-12 14:55:25 +01:00
Brendan LE GLAUNEC	ac6002028d	Improve jsoncpp integration	2018-03-12 14:55:21 +01:00
Brendan LE GLAUNEC	5f80f1b76a	Add dependencies & improve readme	2018-03-12 14:55:15 +01:00
Brendan LE GLAUNEC	95276760be	Initial commit	2018-03-12 14:55:10 +01:00