fix: PR template typo

.github/workflows/release.yaml

@@ -28,7 +28,7 @@ jobs:
         if: steps.install-go.outputs.cache-hit != 'true'
 
       - name: Log in to Docker Hub
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}

CONTRIBUTING.md

@@ -14,49 +14,6 @@ Clone the repo and install dependencies using Go modules.
 go mod download
 ```
 
-### Test against fake targets
-
-Use the following options when you want reproducible local testing.
-
-#### Testing discovery behavior
-
-Use `scanme.nmap.org` to validate discovery-related behavior.
-
-- `scanme.nmap.org` does not expose RTSP or RTSPS ports.
-- Target its open ports (for example `22`, `80`, `9929`, `31337`) to test discovery flow, reporting, and scan handling.
-
-Example command:
-
-```bash
-cameradar -t scanme.nmap.org -p 22
-```
-
-#### Testing RTSP and attack behavior
-
-Use [RTSPAllTheThings](https://github.com/Ullaakut/RTSPAllTheThings) to test RTSP-specific logic and camera attack flows.
-
-- It supports both basic and digest authentication.
-- It behaves like a standards-compliant RTSP camera.
-
-> [!CAUTION]
-> It is no longer maintained and has limited camera emulation coverage.
-
-Example command:
-
-```bash
-docker run --net=host -p 8554:8554 -e RTSP_USERNAME=admin -e RTSP_PASSWORD=12345 -e RTSP_PORT=8554 -e RTSP_AUTHENTICATION_METHOD=digest ullaakut/rtspatt
-```
-
-Many real cameras slightly diverge from strict RTSP behavior. For example, some devices allow `DESCRIBE` without authentication, or return `403` and `404` in an order that differs from strict expectations.
-Unfortunately, RTSPATT cannot reproduce those behaviors.
-
-#### Prefer real cameras when possible
-
-The most reliable testing method is running against real cameras and real network conditions.
-
-> [!CAUTION]
-> Scan only authorized targets and networks.
-
 ## Run tests
 
 ```bash
@@ -65,37 +22,13 @@ make test
 
 ## Formatting and linting
 
+Run `gofmt` on changed files.
 Keep code idiomatic and consistent with existing style.
-By default, follow the [Uber Go Style Guide](https://github.com/uber-go/guide) and the guidelines from [Effective Go](https://go.dev/doc/effective_go).
 
 ```bash
 make fmt
 ```
 
-### Dependency for linting
-
-* golangci-lint
-    * see current version defined in `.github/workflows/test.yaml` at `jobs.tests.steps.["Run linter"]`
-    * configured in `.golangci.yml`
-
-```bash
-make lint
-```
-
-## Commit messages and PR titles
-
-Use [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) for commit messages and pull request titles.
-
-- Use the format: `type: subject`
-- Write the subject in imperative mood: `add`, `update`, `remove`, `fix`, `refactor`
-- Do not use gerunds in subjects: avoid `adding`, `updating`, `removing`
-
-Examples:
-
-- `feat: add RTSP timeout flag`
-- `fix: remove duplicate progress line`
-- `docs: update commit message guidelines`
-
 ## Reporting issues
 
 Use the issue template in [.github/ISSUE_TEMPLATE.md](.github/ISSUE_TEMPLATE.md).
@@ -110,4 +43,3 @@ Only scan authorized targets.
 4. Add or update tests when possible.
 5. Ensure `make test` passes.
 6. Try to bring as much test coverage as possible with your changes.
-7. Use a Conventional Commit-style PR title with an imperative subject.

README.md

@@ -47,8 +47,9 @@ Cameradar scans RTSP endpoints on authorized targets, and uses dictionary attack
 - [Security and responsible use](#security-and-responsible-use)
 - [Output](#output)
 - [Check camera access](#check-camera-access)
-- [Command-line options and environment variables](#command-line-options-and-environment-variables)
+- [Command-line options](#command-line-options)
 - [Input file format](#input-file-format)
+- [Environment variables](#environment-variables)
 - [Build and contribute](#build-and-contribute)
 - [Frequently asked questions](#frequently-asked-questions)
 - [Examples](#examples)
@@ -74,7 +75,7 @@ docker run --rm -t --net=host ullaakut/cameradar --targets 192.168.100.0/24
 
 This scans ports 554, 5554, and 8554 on the target subnet.
 It attempts to enumerate RTSP streams.
-For all options, see [Configuration reference](https://github.com/Ullaakut/cameradar/wiki/Configuration-Reference).
+For all options, see [command-line options](#command-line-options).
 
 - Targets can be CIDRs, IPs, IP ranges or a hostname.
     - Subnet: `172.16.100.0/24`
@@ -106,7 +107,7 @@ Use this option if Docker is not available or if you want a local build.
 1. `go install github.com/Ullaakut/cameradar/v6/cmd/cameradar@latest`
 
 The `cameradar` binary is now in your `$GOPATH/bin`.
-For available flags, see [Configuration reference](https://github.com/Ullaakut/cameradar/wiki/Configuration-Reference).
+For available flags, see [command-line options](#command-line-options).
 
 ## Install on Android (Termux)
 
@@ -272,11 +273,117 @@ localhost
 When you use `--skip-scan`, Cameradar expands each entry into explicit IP
 addresses before building the target list.
 
-## Command-line options and environment variables
+## Options
 
-The complete CLI and environment variable reference is maintained in [Configuration reference](https://github.com/Ullaakut/cameradar/wiki/Configuration-Reference).
+### `TARGETS` / `--targets` / `-t`
 
-This includes all supported flags, defaults, accepted values, and env var mapping.
+This variable is required.
+It specifies the target that Cameradar scans and attempts to access.
+
+Examples:
+
+* `172.16.100.0/24`
+* `192.168.1.1`
+* `localhost`
+* `192.168.1.140-255`
+* `192.168.2-3.0-255`
+
+### `PORTS` / `--ports` / `-p`
+
+This variable is optional and allows you to specify the ports to scan.
+
+Default value: `554,5554,8554`
+
+Change these only if you are sure cameras stream over different ports.
+Most cameras use these defaults.
+
+### `CUSTOM_ROUTES` / `--custom-routes` / `-r`
+
+This option is optional.
+It replaces the default routes dictionary used for the dictionary attack.
+
+If unset, Cameradar uses the built-in routes dictionary.
+
+### `CUSTOM_CREDENTIALS` / `--custom-credentials` / `-c`
+
+This option is optional.
+It replaces the default credentials dictionary used for the dictionary attack.
+
+If unset, Cameradar uses the built-in credentials dictionary.
+
+### `SCANNER` / `--scanner`
+
+This optional variable sets the discovery backend.
+
+* `nmap` includes service discovery and is generally more reliable when you want
+to specifically identify RTSP services.
+* `masscan` is generally more efficient for large-scale discovery, but it does
+not identify services and therefore can be less specific for RTSP.
+
+Supported values: `nmap`, `masscan`
+
+Default value: `nmap`
+
+### `SCAN_SPEED` / `--scan-speed` / `-s`
+
+This optional variable sets nmap discovery presets for speed or accuracy.
+Lower it on slow networks and raise it on fast networks.
+See [nmap timing templates](https://nmap.org/book/man-performance.html).
+
+This option is ignored when `--scanner masscan` is used.
+
+Default value: `4`
+
+### `SKIP_SCAN` / `--skip-scan`
+
+This optional flag skips network discovery and assumes every target and port
+pair is an RTSP stream.
+
+Use it when you already know the RTSP endpoints or when discovery is blocked.
+For best results, specify only RTSP ports.
+
+Default value: `false`
+
+### `ATTACK_INTERVAL` / `--attack-interval` / `-I`
+
+This optional variable sets a delay between attacks.
+Increase it for networks that may block brute-force attempts.
+Default: no delay.
+
+Default value: `0ms`
+
+### `TIMEOUT` / `--timeout` / `-T`
+
+This optional variable sets the timeout for requests sent to the cameras.
+Increase it for slow networks and decrease it for fast networks.
+
+Default value: `2000ms`
+
+### `DEBUG` / `--debug` / `-d`
+
+This optional variable enables more verbose output.
+
+It outputs discovery results (`nmap` or `masscan`), cURL requests, and more.
+
+Default: `false`
+
+### `UI` / `--ui`
+
+This option selects the UI mode.
+
+* `auto` selects `tui` if your terminal is interactive, `plain` otherwise
+* `tui` shows a fullscreen interface with a progress bar and shows the results in a table
+* `plain` logs the steps taken by cameradar as plain text and is meant to be used by non-interactive terminals
+
+Supported values: `auto`, `tui`, `plain`
+
+Default: `auto`
+
+### `OUTPUT` / `--output`
+
+This optional variable writes an M3U playlist of the discovered streams to the given file path.
+
+Example: `/tmp/cameradar.m3u`
 
 ## Build and contribute
 
@@ -296,7 +403,41 @@ The `cameradar` binary is now in `$GOPATH/bin/cameradar`.
 
 ## Frequently asked questions
 
-See [Troubleshooting & FAQ](https://github.com/Ullaakut/cameradar/wiki/Troubleshooting-%26-FAQ)
+> Cameradar does not detect any camera!
+
+This usually means the cameras are not streaming over RTSP.
+It can also mean the targets are not in your scan range.
+CCTV cameras are often on private subnets.
+Use `-t` to set the correct targets.
+If you still see no results, open an issue with device details.
+
+> Cameradar detects my cameras, but does not manage to access them!
+
+The camera configuration may have changed, so defaults do not match.
+Cameradar uses defaults unless you provide custom dictionaries.
+Add your credentials and routes, then follow the [configuration](#configuration) section.
+
+> What happened to the C++ version?
+
+The 1.1.4 tag contains the legacy C++ implementation.
+It is slower and less stable than the Go version, so it is not recommended to use.
+
+> I want to scan my local network or my own machine, and it does not work! What's going on?
+
+Use `--net=host` when running the Docker image, or use the installed binary.
+
+> I don't have a camera, but I'd like to try Cameradar!
+
+Run the following container, then run Cameradar against it:
+
+`docker run -p 8554:8554 -e RTSP_USERNAME=admin -e RTSP_PASSWORD=12345 -e RTSP_PORT=8554 ullaakut/rtspatt`
+
+Cameradar should discover the `admin` / `12345` credentials.
+You can try other default credentials listed in the dictionaries.
+
+> What authentication types does Cameradar support?
+
+Cameradar supports both basic and digest authentication.
 
 ## Examples
 
@@ -308,7 +449,7 @@ See [Troubleshooting & FAQ](https://github.com/Ullaakut/cameradar/wiki/Troublesh
 
 `docker run --rm -t --net=host -v /tmp:/tmp ullaakut/cameradar --targets /tmp/test.txt --ports 8554`
 
-> Running cameradar on a subnetwork with custom dictionaries, on ports 554, 5554, 8554, 322, and 8322
+> Running cameradar on a subnetwork with custom dictionaries, on ports 554, 5554 and 8554
 
 `docker run --rm -t --net=host -v /tmp:/tmp ullaakut/cameradar --targets 192.168.0.0/24 --custom-credentials "/tmp/dictionaries/credentials.json" --custom-routes "/tmp/dictionaries/routes" --ports 554,5554,8554`
 

cmd/cameradar/main.go

@@ -38,17 +38,18 @@ var (
 
 var flags = cmd.Flags{
 	&cli.StringSliceFlag{
-		Name:    flagTargets,
-		Usage:   "The targets on which to scan for open RTSP streams in a network range format",
-		Aliases: []string{"t"},
-		Sources: cli.EnvVars(strcase.ToSNAKE(flagTargets)),
+		Name:     flagTargets,
+		Usage:    "The targets on which to scan for open RTSP streams in a network range format",
+		Aliases:  []string{"t"},
+		Sources:  cli.EnvVars(strcase.ToSNAKE(flagTargets)),
+		Required: true,
 	},
 	&cli.StringSliceFlag{
 		Name:    flagPorts,
 		Usage:   "The ports on which to search for RTSP streams",
 		Aliases: []string{"p"},
 		Sources: cli.EnvVars(strcase.ToSNAKE(flagPorts)),
-		Value:   []string{"554", "5554", "8554", "http", "322", "8322"},
+		Value:   []string{"554", "5554", "8554", "http"},
 	},
 	&cli.StringFlag{
 		Name:    flagCustomRoutes,
@@ -127,13 +128,19 @@ func realMain() (code int) {
 		}
 	}()
 
+	scanCommand := &cli.Command{
+		Name:   "scan",
+		Usage:  "Scan targets for RTSP streams",
+		Flags:  flags,
+		Action: runCameradar,
+	}
+
 	app := &cli.Command{
-		Name:    "Cameradar",
-		Version: version,
-		Usage:   "Scan targets for RTSP streams",
-		Flags:   flags,
-		Action:  runCameradar,
+		Name:           "Cameradar",
+		Version:        version,
+		DefaultCommand: scanCommand.Name,
 		Commands: []*cli.Command{
+			scanCommand,
 			{
 				Name:   "version",
 				Usage:  "Print version information",

go.mod

@@ -5,14 +5,14 @@ go 1.25.3
 require (
 	github.com/Ullaakut/masscan v1.0.0
 	github.com/Ullaakut/nmap/v4 v4.0.0
-	github.com/bluenviron/gortsplib/v5 v5.4.0
+	github.com/bluenviron/gortsplib/v5 v5.3.2
 	github.com/charmbracelet/bubbles v1.0.0
 	github.com/charmbracelet/bubbletea v1.3.10
 	github.com/charmbracelet/lipgloss v1.1.0
 	github.com/ettle/strcase v0.2.0
 	github.com/hamba/cmd/v3 v3.1.0
 	github.com/stretchr/testify v1.11.1
-	github.com/urfave/cli/v3 v3.7.0
+	github.com/urfave/cli/v3 v3.6.2
 	golang.org/x/term v0.40.0
 )
 
@@ -20,7 +20,7 @@ require (
 	github.com/VictoriaMetrics/metrics v1.40.1 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/bluenviron/mediacommon/v2 v2.8.1 // indirect
+	github.com/bluenviron/mediacommon/v2 v2.8.0 // indirect
 	github.com/cactus/go-statsd-client/v5 v5.1.0 // indirect
 	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
@@ -81,7 +81,7 @@ require (
 	go.opentelemetry.io/otel/trace v1.40.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.8.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
-	golang.org/x/net v0.51.0 // indirect
+	golang.org/x/net v0.50.0 // indirect
 	golang.org/x/sys v0.41.0 // indirect
 	golang.org/x/text v0.34.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20250908214217-97024824d090 // indirect

go.sum

@@ -18,10 +18,10 @@ github.com/aymanbagabas/go-udiff v0.3.1 h1:LV+qyBQ2pqe0u42ZsUEtPiCaUoqgA9gYRDs3v
 github.com/aymanbagabas/go-udiff v0.3.1/go.mod h1:G0fsKmG+P6ylD0r6N/KgQD/nWzgfnl8ZBcNLgcbrw8E=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bluenviron/gortsplib/v5 v5.4.0 h1:xi9G4NU67+5uNxGZzJP87SwyaWKr+rUAzbIkOE2SQBo=
-github.com/bluenviron/gortsplib/v5 v5.4.0/go.mod h1:+vGoi2RqF8LA7ktls7nC0JIF3DmOHwj0448kdQGYBEQ=
-github.com/bluenviron/mediacommon/v2 v2.8.1 h1:UfR+AxqpL9fl5+KeT5BGklBfWgKS0OaSA7LsL8eVYS8=
-github.com/bluenviron/mediacommon/v2 v2.8.1/go.mod h1:4AsE74EnTxkHeUs1VMER31fivU0jufZUAepaKFRV1lM=
+github.com/bluenviron/gortsplib/v5 v5.3.2 h1:eGoOsJzV015A+9xuBPcDYNhqYjogH25zXhMoU1lNeXI=
+github.com/bluenviron/gortsplib/v5 v5.3.2/go.mod h1:x2Pn+7CYoASW4jz8O3Ae1cNTcfOoFMjUCGcafN4qzc8=
+github.com/bluenviron/mediacommon/v2 v2.8.0 h1:sacjx0Jwdl44awqN5jQhpm7LgVmDKf881hRqL9/fNgQ=
+github.com/bluenviron/mediacommon/v2 v2.8.0/go.mod h1:D63vIFWAgTIo0OLsk9EVKVH4yrs8AKHlNqjzVsBTMwc=
 github.com/cactus/go-statsd-client/v5 v5.1.0 h1:sbbdfIl9PgisjEoXzvXI1lwUKWElngsjJKaZeC021P4=
 github.com/cactus/go-statsd-client/v5 v5.1.0/go.mod h1:COEvJ1E+/E2L4q6QE5CkjWPi4eeDw9maJBMIuMPBZbY=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
@@ -202,8 +202,8 @@ github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFA
 github.com/tklauser/go-sysconf v0.3.12/go.mod h1:Ho14jnntGE1fpdOqQEEaiKRpvIavV0hSfmBq8nJbHYI=
 github.com/tklauser/numcpus v0.6.1 h1:ng9scYS7az0Bk4OZLvrNXNSAO2Pxr1XXRAPyjhIx+Fk=
 github.com/tklauser/numcpus v0.6.1/go.mod h1:1XfjsgE2zo8GVw7POkMbHENHzVg3GzmoZ9fESEdAacY=
-github.com/urfave/cli/v3 v3.7.0 h1:AGSnbUyjtLiM+WJUb4dzXKldl/gL+F8OwmRDtVr6g2U=
-github.com/urfave/cli/v3 v3.7.0/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
+github.com/urfave/cli/v3 v3.6.2 h1:lQuqiPrZ1cIz8hz+HcrG0TNZFxU70dPZ3Yl+pSrH9A8=
+github.com/urfave/cli/v3 v3.6.2/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
 github.com/valyala/fastrand v1.1.0 h1:f+5HkLW4rsgzdNoleUOB69hyT9IlD2ZQh9GyDMfb5G8=
 github.com/valyala/fastrand v1.1.0/go.mod h1:HWqCzkrkg6QXT8V2EXWvXCoow7vLwOFN002oeRzjapQ=
 github.com/valyala/histogram v1.2.0 h1:wyYGAZZt3CpwUiIb9AU/Zbllg1llXyrtApRS815OLoQ=
@@ -246,8 +246,8 @@ golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM
 golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
 golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c=
 golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU=
-golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo=
-golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y=
+golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
+golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
 golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
 golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

internal/attack/attacker.go

@@ -224,7 +224,7 @@ func (a Attacker) attackCredentialsForStream(ctx context.Context, target camerad
 				msg := fmt.Sprintf("credential attempt failed for %s:%d (%s:%s): %v", target.Address.String(), target.Port, username, password, err)
 				a.reporter.Debug(cameradar.StepAttackCredentials, msg)
 
-				continue
+				return target, nil
 			}
 
 			if ok {
@@ -253,7 +253,7 @@ func (a Attacker) attackRoutesForStream(ctx context.Context, target cameradar.St
 	if emitProgress {
 		a.reporter.Progress(cameradar.StepAttackRoutes, cameradar.ProgressTickMessage())
 	}
-	ok, err := a.routeAttack(ctx, &target, dummyRoute)
+	ok, err := a.routeAttack(target, dummyRoute)
 	if err != nil {
 		a.reporter.Debug(cameradar.StepAttackRoutes, fmt.Sprintf("route probe failed for %s:%d: %v", target.Address.String(), target.Port, err))
 		return target, nil
@@ -275,7 +275,7 @@ func (a Attacker) attackRoutesForStream(ctx context.Context, target cameradar.St
 		if emitProgress {
 			a.reporter.Progress(cameradar.StepAttackRoutes, cameradar.ProgressTickMessage())
 		}
-		ok, err := a.routeAttack(ctx, &target, route)
+		ok, err := a.routeAttack(target, route)
 		if err != nil {
 			a.reporter.Debug(cameradar.StepAttackRoutes, fmt.Sprintf("route attempt failed for %s:%d (%s): %v", target.Address.String(), target.Port, route, err))
 			return target, nil
@@ -290,30 +290,18 @@ func (a Attacker) attackRoutesForStream(ctx context.Context, target cameradar.St
 	return target, nil
 }
 
-func (a Attacker) routeAttack(ctx context.Context, stream *cameradar.Stream, route string) (bool, error) {
-	u, urlStr, err := buildRTSPURL(*stream, route, stream.Username, stream.Password)
+func (a Attacker) routeAttack(stream cameradar.Stream, route string) (bool, error) {
+	u, urlStr, err := buildRTSPURL(stream, route, stream.Username, stream.Password)
 	if err != nil {
 		return false, fmt.Errorf("building rtsp url: %w", err)
 	}
 
-	code, headers, err := a.probeDescribeHeaders(ctx, u, urlStr)
+	code, err := a.describeStatus(u)
 	if err != nil {
 		return false, fmt.Errorf("performing describe request at %q: %w", urlStr, err)
 	}
 
 	a.reporter.Debug(cameradar.StepAttackRoutes, fmt.Sprintf("DESCRIBE %s RTSP/1.0 > %d", urlStr, code))
-
-	if code == base.StatusMovedPermanently {
-		a.handleRedirect(stream, headers)
-		u, urlStr, err = buildRTSPURL(*stream, route, stream.Username, stream.Password)
-		if err == nil {
-			code, _, err = a.probeDescribeHeaders(ctx, u, urlStr)
-			if err == nil {
-				a.reporter.Debug(cameradar.StepAttackRoutes, fmt.Sprintf("DESCRIBE %s RTSP/1.0 (redirect followed) > %d", urlStr, code))
-			}
-		}
-	}
-
 	access := code == base.StatusOK || code == base.StatusUnauthorized || code == base.StatusForbidden
 	return access, nil
 }
@@ -326,12 +314,10 @@ func (a Attacker) credAttack(stream cameradar.Stream, username, password string)
 
 	code, err := a.describeStatus(u)
 	if err != nil {
-		a.reporter.Debug(cameradar.StepAttackCredentials, fmt.Sprintf("Error testing %s:%s -> %v", username, password, err))
 		return false, fmt.Errorf("performing describe request at %q: %w", urlStr, err)
 	}
 
 	a.reporter.Debug(cameradar.StepAttackCredentials, fmt.Sprintf("DESCRIBE %s RTSP/1.0 > %d", urlStr, code))
-
 	return code == base.StatusOK || code == base.StatusNotFound, nil
 }
 

internal/attack/rtsp.go

@@ -3,11 +3,9 @@ package attack
 import (
 	"bufio"
 	"context"
-	"crypto/tls"
 	"errors"
 	"fmt"
 	"net"
-	"net/netip"
 	"net/textproto"
 	"net/url"
 	"strconv"
@@ -21,16 +19,10 @@ import (
 	"github.com/bluenviron/gortsplib/v5/pkg/liberrors"
 )
 
-const (
-	rtsp  = "rtsp"
-	rtsps = "rtsps"
-)
-
 func (a Attacker) newRTSPClient(u *base.URL) (*gortsplib.Client, error) {
 	client := &gortsplib.Client{
 		ReadTimeout:  a.timeout,
 		WriteTimeout: a.timeout,
-		TLSConfig:    &tls.Config{InsecureSkipVerify: true},
 	}
 	client.Scheme = u.Scheme
 	client.Host = u.Host
@@ -71,16 +63,7 @@ func (a Attacker) describeStatus(u *base.URL) (base.StatusCode, error) {
 // which is exactly what we need in order to detect authentication methods.
 func (a Attacker) probeDescribeHeaders(ctx context.Context, u *base.URL, urlStr string) (base.StatusCode, base.Header, error) {
 	dialer := &net.Dialer{Timeout: a.timeout}
-	var conn net.Conn
-	var err error
-
-	if u.Scheme == rtsps {
-		tlsDialer := &tls.Dialer{NetDialer: dialer, Config: &tls.Config{InsecureSkipVerify: true}}
-		conn, err = tlsDialer.DialContext(ctx, "tcp", u.Host)
-	} else {
-		conn, err = dialer.DialContext(ctx, "tcp", u.Host)
-	}
-
+	conn, err := dialer.DialContext(ctx, "tcp", u.Host)
 	if err != nil {
 		return 0, nil, err
 	}
@@ -134,40 +117,6 @@ func (a Attacker) probeDescribeHeaders(ctx context.Context, u *base.URL, urlStr
 	return base.StatusCode(code), headers, nil
 }
 
-func (a Attacker) handleRedirect(stream *cameradar.Stream, resHeaders base.Header) {
-	locations := headerValues(resHeaders, "Location")
-	if len(locations) == 0 {
-		return
-	}
-	location, err := url.Parse(locations[0])
-	if err != nil {
-		return
-	}
-
-	switch location.Scheme {
-	case rtsps:
-		stream.Secure = true
-	case rtsp:
-		stream.Secure = false
-	}
-
-	if location.Hostname() != "" {
-		addr, err := netip.ParseAddr(location.Hostname())
-		if err == nil {
-			stream.Address = addr
-		}
-	}
-
-	if location.Port() != "" {
-		port, err := strconv.Atoi(location.Port())
-		if err == nil {
-			if port >= 0 && port <= 65535 {
-				stream.Port = uint16(port)
-			}
-		}
-	}
-}
-
 func authTypeFromHeaders(values base.HeaderValue) cameradar.AuthType {
 	if len(values) == 0 {
 		return cameradar.AuthUnknown
@@ -219,13 +168,8 @@ func buildRTSPURL(stream cameradar.Stream, route, username, password string) (*b
 	host := net.JoinHostPort(stream.Address.String(), strconv.Itoa(int(stream.Port)))
 	path := "/" + strings.TrimLeft(strings.TrimSpace(route), "/") // Ensure path starts with a single "/"
 
-	scheme := rtsp
-	if stream.Secure {
-		scheme = rtsps
-	}
-
 	u := &url.URL{
-		Scheme: scheme,
+		Scheme: "rtsp",
 		Host:   host,
 		Path:   path,
 	}

internal/attack/rtsp_url_test.go

@@ -19,7 +19,6 @@ func TestBuildRTSPURL(t *testing.T) {
 		route    string
 		username string
 		password string
-		secure   bool
 		wantURL  string
 	}{
 		{
@@ -75,27 +74,11 @@ func TestBuildRTSPURL(t *testing.T) {
 			username: "user",
 			wantURL:  "rtsp://user:@192.168.0.10:554/stream",
 		},
-		{
-			name:    "secure rtsps scheme without credentials",
-			route:   "stream",
-			secure:  true,
-			wantURL: "rtsps://192.168.0.10:554/stream",
-		},
-		{
-			name:     "secure rtsps scheme with credentials",
-			route:    "stream",
-			username: "admin",
-			password: "password",
-			secure:   true,
-			wantURL:  "rtsps://admin:password@192.168.0.10:554/stream",
-		},
 	}
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			s := stream
-			s.Secure = test.secure
-			_, gotURL, err := buildRTSPURL(s, test.route, test.username, test.password)
+			_, gotURL, err := buildRTSPURL(stream, test.route, test.username, test.password)
 			require.NoError(t, err)
 			require.Equal(t, test.wantURL, gotURL)
 		})

internal/output/m3u.go

@@ -119,10 +119,5 @@ func formatRTSPURL(stream cameradar.Stream) string {
 		credentials = stream.Username + ":" + stream.Password + "@"
 	}
 
-	scheme := "rtsp"
-	if stream.Secure {
-		scheme = "rtsps"
-	}
-
-	return fmt.Sprintf("%s://%s%s:%s%s", scheme, credentials, stream.Address.String(), strconv.FormatUint(uint64(stream.Port), 10), path)
+	return "rtsp://" + credentials + stream.Address.String() + ":" + strconv.FormatUint(uint64(stream.Port), 10) + path
 }

internal/scan/masscan/scanner.go

@@ -83,12 +83,9 @@ func runScan(ctx context.Context, runner Runner, reporter Reporter) ([]cameradar
 				continue
 			}
 
-			isSecure := port.Number == 322 || port.Number == 8322
-
 			streams = append(streams, cameradar.Stream{
 				Address: addr,
 				Port:    uint16(port.Number),
-				Secure:  isSecure,
 			})
 		}
 	}

internal/scan/masscan/scanner_test.go

@@ -53,16 +53,15 @@ func TestRunScan(t *testing.T) {
 			name: "collects streams from multiple hosts",
 			result: &masscanlib.Run{
 				Hosts: []masscanlib.Host{
-					{Address: "192.0.2.10", Ports: []masscanlib.Port{{Number: 8554, Status: "open"}, {Number: 8322, Status: "open"}}},
+					{Address: "192.0.2.10", Ports: []masscanlib.Port{{Number: 8554, Status: "open"}}},
 					{Address: "198.51.100.9", Ports: []masscanlib.Port{{Number: 554, Status: "open"}}},
 				},
 			},
 			wantStreams: []cameradar.Stream{
-				{Address: netip.MustParseAddr("192.0.2.10"), Port: 8554, Secure: false},
-				{Address: netip.MustParseAddr("192.0.2.10"), Port: 8322, Secure: true},
-				{Address: netip.MustParseAddr("198.51.100.9"), Port: 554, Secure: false},
+				{Address: netip.MustParseAddr("192.0.2.10"), Port: 8554},
+				{Address: netip.MustParseAddr("198.51.100.9"), Port: 554},
 			},
-			wantProgress: []string{"Found 3 RTSP streams"},
+			wantProgress: []string{"Found 2 RTSP streams"},
 		},
 		{
 			name:            "returns error when scan fails",

internal/scan/nmap/scanner.go

@@ -71,8 +71,6 @@ func runScan(ctx context.Context, nmap Runner, reporter Reporter) ([]cameradar.S
 				continue
 			}
 
-			isSecure := strings.Contains(port.Service.Name, "rtsps") || strings.Contains(port.Service.Name, "ssl") || port.ID == 322 || port.ID == 8322
-
 			for _, address := range host.Addresses {
 				addr, err := netip.ParseAddr(address.Addr)
 				if err != nil {
@@ -84,7 +82,6 @@ func runScan(ctx context.Context, nmap Runner, reporter Reporter) ([]cameradar.S
 					Device:  port.Service.Product,
 					Address: addr,
 					Port:    port.ID,
-					Secure:  isSecure,
 				})
 			}
 		}

internal/scan/nmap/scanner_test.go

@@ -54,7 +54,6 @@ func TestScanner_Scan(t *testing.T) {
 					Addresses: []nmaplib.Address{{Addr: "192.0.2.10"}, {Addr: "192.0.2.11"}},
 					Ports: []nmaplib.Port{
 						openPort(8554, "rtsp-alt", "Model A"),
-						openPort(322, "rtsps", "Model C"),
 					},
 				},
 				nmaplib.Host{
@@ -69,34 +68,19 @@ func TestScanner_Scan(t *testing.T) {
 					Device:  "Model A",
 					Address: netip.MustParseAddr("192.0.2.10"),
 					Port:    8554,
-					Secure:  false,
 				},
 				{
 					Device:  "Model A",
 					Address: netip.MustParseAddr("192.0.2.11"),
 					Port:    8554,
-					Secure:  false,
-				},
-				{
-					Device:  "Model C",
-					Address: netip.MustParseAddr("192.0.2.10"),
-					Port:    322,
-					Secure:  true,
-				},
-				{
-					Device:  "Model C",
-					Address: netip.MustParseAddr("192.0.2.11"),
-					Port:    322,
-					Secure:  true,
 				},
 				{
 					Device:  "Model B",
 					Address: netip.MustParseAddr("198.51.100.9"),
 					Port:    554,
-					Secure:  false,
 				},
 			},
-			wantProgress: "Found 5 RTSP streams",
+			wantProgress: "Found 3 RTSP streams",
 		},
 		{
 			name:            "returns error when scan fails",

internal/scan/skip/skip.go

@@ -51,11 +51,9 @@ func buildStreamsFromTargets(ctx context.Context, targets, ports []string) ([]ca
 	streams := make([]cameradar.Stream, 0, len(resolvedTargets)*len(resolvedPorts))
 	for _, addr := range resolvedTargets {
 		for _, port := range resolvedPorts {
-			isSecure := port == 322 || port == 8322
 			streams = append(streams, cameradar.Stream{
 				Address: addr,
 				Port:    port,
-				Secure:  isSecure,
 			})
 		}
 	}

internal/scan/skip/skip_test.go

@@ -16,7 +16,7 @@ func TestNew_ExpandsTargetsAndPorts(t *testing.T) {
 		"192.0.2.15",
 		"192.0.2.10-11",
 	}
-	ports := []string{"554", "322", "8554-8555"}
+	ports := []string{"554", "8554-8555"}
 
 	scanner := skip.New(targets, ports)
 
@@ -32,7 +32,7 @@ func TestNew_ExpandsTargetsAndPorts(t *testing.T) {
 		netip.MustParseAddr("192.0.2.11"),
 		netip.MustParseAddr("192.0.2.15"),
 	}
-	portsExpected := []uint16{554, 322, 8554, 8555}
+	portsExpected := []uint16{554, 8554, 8555}
 
 	var want []string
 	for _, addr := range addrs {
@@ -44,13 +44,6 @@ func TestNew_ExpandsTargetsAndPorts(t *testing.T) {
 	var got []string
 	for _, stream := range streams {
 		got = append(got, stream.Address.String()+":"+strconv.Itoa(int(stream.Port)))
-
-		if stream.Port == 322 || stream.Port == 8322 {
-			assert.True(t, stream.Secure)
-		} else {
-			assert.False(t, stream.Secure)
-		}
-
 	}
 
 	assert.ElementsMatch(t, want, got)

internal/ui/summary.go

@@ -126,12 +126,7 @@ func formatRTSPURL(stream cameradar.Stream) string {
 		credentials = stream.Username + ":" + stream.Password + "@"
 	}
 
-	scheme := "rtsp"
-	if stream.Secure {
-		scheme = "rtsps"
-	}
-
-	return fmt.Sprintf("%s://%s%s:%d%s", scheme, credentials, stream.Address.String(), stream.Port, path)
+	return fmt.Sprintf("rtsp://%s%s:%d%s", credentials, stream.Address.String(), stream.Port, path)
 }
 
 func formatAdminPanelURL(stream cameradar.Stream) string {

internal/ui/summary_test.go

@@ -46,7 +46,6 @@ func TestFormatSummary(t *testing.T) {
 					Device:             "Model A",
 					Address:            netip.MustParseAddr("10.0.0.1"),
 					Port:               8554,
-					Secure:             true,
 					Available:          true,
 					Routes:             []string{"stream1", "stream2"},
 					RouteFound:         true,
@@ -74,7 +73,7 @@ func TestFormatSummary(t *testing.T) {
 				"Authentication: digest",
 				"Routes: stream1, stream2",
 				"Credentials: user:pass",
-				"RTSP URL: rtsps://user:pass@10.0.0.1:8554/stream1",
+				"RTSP URL: rtsp://user:pass@10.0.0.1:8554/stream1",
 				"Admin panel: http://10.0.0.1/",
 				"Admin panel: http://10.0.0.2/",
 			},

stream.go

@@ -24,8 +24,6 @@ type Stream struct {
 	Address  netip.Addr `json:"address"  validate:"required"`
 	Port     uint16     `json:"port"     validate:"required"`
 
-	Secure bool `json:"secure"`
-
 	CredentialsFound bool `json:"credentials_found"`
 	RouteFound       bool `json:"route_found"`
 	Available        bool `json:"available"`