fix: command/flags to prevent subcommand being required (#411)

Bump the all group with 2 updates

CONTRIBUTING.md

@@ -22,13 +22,37 @@ make test
 
 ## Formatting and linting
 
-Run `gofmt` on changed files.
 Keep code idiomatic and consistent with existing style.
+By default, follow the [Uber Go Style Guide](https://github.com/uber-go/guide) and the guidelines from [Effective Go](https://go.dev/doc/effective_go).
 
 ```bash
 make fmt
 ```
 
+### Dependency for linting
+
+* golangci-lint
+    * see current version defined in `.github/workflows/test.yaml` at `jobs.tests.steps.["Run linter"]`
+    * configured in `.golangci.yml`
+
+```bash
+make lint
+```
+
+## Commit messages and PR titles
+
+Use [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) for commit messages and pull request titles.
+
+- Use the format: `type: subject`
+- Write the subject in imperative mood: `add`, `update`, `remove`, `fix`, `refactor`
+- Do not use gerunds in subjects: avoid `adding`, `updating`, `removing`
+
+Examples:
+
+- `feat: add RTSP timeout flag`
+- `fix: remove duplicate progress line`
+- `docs: update commit message guidelines`
+
 ## Reporting issues
 
 Use the issue template in [.github/ISSUE_TEMPLATE.md](.github/ISSUE_TEMPLATE.md).
@@ -43,3 +67,4 @@ Only scan authorized targets.
 4. Add or update tests when possible.
 5. Ensure `make test` passes.
 6. Try to bring as much test coverage as possible with your changes.
+7. Use a Conventional Commit-style PR title with an imperative subject.

README.md

@@ -47,9 +47,8 @@ Cameradar scans RTSP endpoints on authorized targets, and uses dictionary attack
 - [Security and responsible use](#security-and-responsible-use)
 - [Output](#output)
 - [Check camera access](#check-camera-access)
-- [Command-line options](#command-line-options)
+- [Command-line options and environment variables](#command-line-options-and-environment-variables)
 - [Input file format](#input-file-format)
-- [Environment variables](#environment-variables)
 - [Build and contribute](#build-and-contribute)
 - [Frequently asked questions](#frequently-asked-questions)
 - [Examples](#examples)
@@ -75,7 +74,7 @@ docker run --rm -t --net=host ullaakut/cameradar --targets 192.168.100.0/24
 
 This scans ports 554, 5554, and 8554 on the target subnet.
 It attempts to enumerate RTSP streams.
-For all options, see [command-line options](#command-line-options).
+For all options, see [Configuration reference](https://github.com/Ullaakut/cameradar/wiki/Configuration-Reference).
 
 - Targets can be CIDRs, IPs, IP ranges or a hostname.
     - Subnet: `172.16.100.0/24`
@@ -107,7 +106,7 @@ Use this option if Docker is not available or if you want a local build.
 1. `go install github.com/Ullaakut/cameradar/v6/cmd/cameradar@latest`
 
 The `cameradar` binary is now in your `$GOPATH/bin`.
-For available flags, see [command-line options](#command-line-options).
+For available flags, see [Configuration reference](https://github.com/Ullaakut/cameradar/wiki/Configuration-Reference).
 
 ## Install on Android (Termux)
 
@@ -273,117 +272,11 @@ localhost
 When you use `--skip-scan`, Cameradar expands each entry into explicit IP
 addresses before building the target list.
 
-## Options
+## Command-line options and environment variables
 
-### `TARGETS` / `--targets` / `-t`
+The complete CLI and environment variable reference is maintained in [Configuration reference](https://github.com/Ullaakut/cameradar/wiki/Configuration-Reference).
 
-This variable is required.
-It specifies the target that Cameradar scans and attempts to access.
-
-Examples:
-
-* `172.16.100.0/24`
-* `192.168.1.1`
-* `localhost`
-* `192.168.1.140-255`
-* `192.168.2-3.0-255`
-
-### `PORTS` / `--ports` / `-p`
-
-This variable is optional and allows you to specify the ports to scan.
-
-Default value: `554,5554,8554`
-
-Change these only if you are sure cameras stream over different ports.
-Most cameras use these defaults.
-
-### `CUSTOM_ROUTES` / `--custom-routes` / `-r`
-
-This option is optional.
-It replaces the default routes dictionary used for the dictionary attack.
-
-If unset, Cameradar uses the built-in routes dictionary.
-
-### `CUSTOM_CREDENTIALS` / `--custom-credentials` / `-c`
-
-This option is optional.
-It replaces the default credentials dictionary used for the dictionary attack.
-
-If unset, Cameradar uses the built-in credentials dictionary.
-
-### `SCANNER` / `--scanner`
-
-This optional variable sets the discovery backend.
-
-* `nmap` includes service discovery and is generally more reliable when you want
-to specifically identify RTSP services.
-* `masscan` is generally more efficient for large-scale discovery, but it does
-not identify services and therefore can be less specific for RTSP.
-
-Supported values: `nmap`, `masscan`
-
-Default value: `nmap`
-
-### `SCAN_SPEED` / `--scan-speed` / `-s`
-
-This optional variable sets nmap discovery presets for speed or accuracy.
-Lower it on slow networks and raise it on fast networks.
-See [nmap timing templates](https://nmap.org/book/man-performance.html).
-
-This option is ignored when `--scanner masscan` is used.
-
-Default value: `4`
-
-### `SKIP_SCAN` / `--skip-scan`
-
-This optional flag skips network discovery and assumes every target and port
-pair is an RTSP stream.
-
-Use it when you already know the RTSP endpoints or when discovery is blocked.
-For best results, specify only RTSP ports.
-
-Default value: `false`
-
-### `ATTACK_INTERVAL` / `--attack-interval` / `-I`
-
-This optional variable sets a delay between attacks.
-Increase it for networks that may block brute-force attempts.
-Default: no delay.
-
-Default value: `0ms`
-
-### `TIMEOUT` / `--timeout` / `-T`
-
-This optional variable sets the timeout for requests sent to the cameras.
-Increase it for slow networks and decrease it for fast networks.
-
-Default value: `2000ms`
-
-### `DEBUG` / `--debug` / `-d`
-
-This optional variable enables more verbose output.
-
-It outputs discovery results (`nmap` or `masscan`), cURL requests, and more.
-
-Default: `false`
-
-### `UI` / `--ui`
-
-This option selects the UI mode.
-
-* `auto` selects `tui` if your terminal is interactive, `plain` otherwise
-* `tui` shows a fullscreen interface with a progress bar and shows the results in a table
-* `plain` logs the steps taken by cameradar as plain text and is meant to be used by non-interactive terminals
-
-Supported values: `auto`, `tui`, `plain`
-
-Default: `auto`
-
-### `OUTPUT` / `--output`
-
-This optional variable writes an M3U playlist of the discovered streams to the given file path.
-
-Example: `/tmp/cameradar.m3u`
+This includes all supported flags, defaults, accepted values, and env var mapping.
 
 ## Build and contribute
 
@@ -403,41 +296,7 @@ The `cameradar` binary is now in `$GOPATH/bin/cameradar`.
 
 ## Frequently asked questions
 
-> Cameradar does not detect any camera!
-
-This usually means the cameras are not streaming over RTSP.
-It can also mean the targets are not in your scan range.
-CCTV cameras are often on private subnets.
-Use `-t` to set the correct targets.
-If you still see no results, open an issue with device details.
-
-> Cameradar detects my cameras, but does not manage to access them!
-
-The camera configuration may have changed, so defaults do not match.
-Cameradar uses defaults unless you provide custom dictionaries.
-Add your credentials and routes, then follow the [configuration](#configuration) section.
-
-> What happened to the C++ version?
-
-The 1.1.4 tag contains the legacy C++ implementation.
-It is slower and less stable than the Go version, so it is not recommended to use.
-
-> I want to scan my local network or my own machine, and it does not work! What's going on?
-
-Use `--net=host` when running the Docker image, or use the installed binary.
-
-> I don't have a camera, but I'd like to try Cameradar!
-
-Run the following container, then run Cameradar against it:
-
-`docker run -p 8554:8554 -e RTSP_USERNAME=admin -e RTSP_PASSWORD=12345 -e RTSP_PORT=8554 ullaakut/rtspatt`
-
-Cameradar should discover the `admin` / `12345` credentials.
-You can try other default credentials listed in the dictionaries.
-
-> What authentication types does Cameradar support?
-
-Cameradar supports both basic and digest authentication.
+See [Troubleshooting & FAQ](https://github.com/Ullaakut/cameradar/wiki/Troubleshooting-%26-FAQ)
 
 ## Examples
 

cmd/cameradar/main.go

@@ -38,11 +38,10 @@ var (
 
 var flags = cmd.Flags{
 	&cli.StringSliceFlag{
-		Name:     flagTargets,
-		Usage:    "The targets on which to scan for open RTSP streams in a network range format",
-		Aliases:  []string{"t"},
-		Sources:  cli.EnvVars(strcase.ToSNAKE(flagTargets)),
-		Required: true,
+		Name:    flagTargets,
+		Usage:   "The targets on which to scan for open RTSP streams in a network range format",
+		Aliases: []string{"t"},
+		Sources: cli.EnvVars(strcase.ToSNAKE(flagTargets)),
 	},
 	&cli.StringSliceFlag{
 		Name:    flagPorts,
@@ -128,19 +127,13 @@ func realMain() (code int) {
 		}
 	}()
 
-	scanCommand := &cli.Command{
-		Name:   "scan",
-		Usage:  "Scan targets for RTSP streams",
-		Flags:  flags,
-		Action: runCameradar,
-	}
-
 	app := &cli.Command{
-		Name:           "Cameradar",
-		Version:        version,
-		DefaultCommand: scanCommand.Name,
+		Name:    "Cameradar",
+		Version: version,
+		Usage:   "Scan targets for RTSP streams",
+		Flags:   flags,
+		Action:  runCameradar,
 		Commands: []*cli.Command{
-			scanCommand,
 			{
 				Name:   "version",
 				Usage:  "Print version information",

go.mod

@@ -5,14 +5,14 @@ go 1.25.3
 require (
 	github.com/Ullaakut/masscan v1.0.0
 	github.com/Ullaakut/nmap/v4 v4.0.0
-	github.com/bluenviron/gortsplib/v5 v5.3.2
+	github.com/bluenviron/gortsplib/v5 v5.4.0
 	github.com/charmbracelet/bubbles v1.0.0
 	github.com/charmbracelet/bubbletea v1.3.10
 	github.com/charmbracelet/lipgloss v1.1.0
 	github.com/ettle/strcase v0.2.0
 	github.com/hamba/cmd/v3 v3.1.0
 	github.com/stretchr/testify v1.11.1
-	github.com/urfave/cli/v3 v3.6.2
+	github.com/urfave/cli/v3 v3.7.0
 	golang.org/x/term v0.40.0
 )
 
@@ -20,7 +20,7 @@ require (
 	github.com/VictoriaMetrics/metrics v1.40.1 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/bluenviron/mediacommon/v2 v2.8.0 // indirect
+	github.com/bluenviron/mediacommon/v2 v2.8.1 // indirect
 	github.com/cactus/go-statsd-client/v5 v5.1.0 // indirect
 	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
@@ -81,7 +81,7 @@ require (
 	go.opentelemetry.io/otel/trace v1.40.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.8.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
-	golang.org/x/net v0.50.0 // indirect
+	golang.org/x/net v0.51.0 // indirect
 	golang.org/x/sys v0.41.0 // indirect
 	golang.org/x/text v0.34.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20250908214217-97024824d090 // indirect

go.sum

@@ -18,10 +18,10 @@ github.com/aymanbagabas/go-udiff v0.3.1 h1:LV+qyBQ2pqe0u42ZsUEtPiCaUoqgA9gYRDs3v
 github.com/aymanbagabas/go-udiff v0.3.1/go.mod h1:G0fsKmG+P6ylD0r6N/KgQD/nWzgfnl8ZBcNLgcbrw8E=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bluenviron/gortsplib/v5 v5.3.2 h1:eGoOsJzV015A+9xuBPcDYNhqYjogH25zXhMoU1lNeXI=
-github.com/bluenviron/gortsplib/v5 v5.3.2/go.mod h1:x2Pn+7CYoASW4jz8O3Ae1cNTcfOoFMjUCGcafN4qzc8=
-github.com/bluenviron/mediacommon/v2 v2.8.0 h1:sacjx0Jwdl44awqN5jQhpm7LgVmDKf881hRqL9/fNgQ=
-github.com/bluenviron/mediacommon/v2 v2.8.0/go.mod h1:D63vIFWAgTIo0OLsk9EVKVH4yrs8AKHlNqjzVsBTMwc=
+github.com/bluenviron/gortsplib/v5 v5.4.0 h1:xi9G4NU67+5uNxGZzJP87SwyaWKr+rUAzbIkOE2SQBo=
+github.com/bluenviron/gortsplib/v5 v5.4.0/go.mod h1:+vGoi2RqF8LA7ktls7nC0JIF3DmOHwj0448kdQGYBEQ=
+github.com/bluenviron/mediacommon/v2 v2.8.1 h1:UfR+AxqpL9fl5+KeT5BGklBfWgKS0OaSA7LsL8eVYS8=
+github.com/bluenviron/mediacommon/v2 v2.8.1/go.mod h1:4AsE74EnTxkHeUs1VMER31fivU0jufZUAepaKFRV1lM=
 github.com/cactus/go-statsd-client/v5 v5.1.0 h1:sbbdfIl9PgisjEoXzvXI1lwUKWElngsjJKaZeC021P4=
 github.com/cactus/go-statsd-client/v5 v5.1.0/go.mod h1:COEvJ1E+/E2L4q6QE5CkjWPi4eeDw9maJBMIuMPBZbY=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
@@ -202,8 +202,8 @@ github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFA
 github.com/tklauser/go-sysconf v0.3.12/go.mod h1:Ho14jnntGE1fpdOqQEEaiKRpvIavV0hSfmBq8nJbHYI=
 github.com/tklauser/numcpus v0.6.1 h1:ng9scYS7az0Bk4OZLvrNXNSAO2Pxr1XXRAPyjhIx+Fk=
 github.com/tklauser/numcpus v0.6.1/go.mod h1:1XfjsgE2zo8GVw7POkMbHENHzVg3GzmoZ9fESEdAacY=
-github.com/urfave/cli/v3 v3.6.2 h1:lQuqiPrZ1cIz8hz+HcrG0TNZFxU70dPZ3Yl+pSrH9A8=
-github.com/urfave/cli/v3 v3.6.2/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
+github.com/urfave/cli/v3 v3.7.0 h1:AGSnbUyjtLiM+WJUb4dzXKldl/gL+F8OwmRDtVr6g2U=
+github.com/urfave/cli/v3 v3.7.0/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
 github.com/valyala/fastrand v1.1.0 h1:f+5HkLW4rsgzdNoleUOB69hyT9IlD2ZQh9GyDMfb5G8=
 github.com/valyala/fastrand v1.1.0/go.mod h1:HWqCzkrkg6QXT8V2EXWvXCoow7vLwOFN002oeRzjapQ=
 github.com/valyala/histogram v1.2.0 h1:wyYGAZZt3CpwUiIb9AU/Zbllg1llXyrtApRS815OLoQ=
@@ -246,8 +246,8 @@ golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM
 golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
 golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c=
 golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU=
-golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
-golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
+golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo=
+golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y=
 golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
 golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=