Remove spam from curl verbose mode (#257)

* Add scan interval option

* Update tests for scan interval

* Handle missing target properly

* Update documentation to reflect that durations are not in milliseconds

.github/FUNDING.yml

@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ullaakut] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

.gitignore

@@ -5,3 +5,6 @@
 # Golang
 /bin/*
 /pkg/*
+
+# Builds
+dist/

.golangci.yml

@@ -1,7 +1,7 @@
 # https://github.com/golangci/golangci/wiki/Configuration
 
 service:
-  project-path: github.com/ullaakut/cameradar
+  project-path: github.com/Ullaakut/cameradar
   prepare:
     - apt-get update && apt-get install -y libcurl4-gnutls-dev
     - dep ensure

.goreleaser.yml

@@ -0,0 +1,43 @@
+project_name: cameradar
+dist: dist/cameradar
+
+env:
+  - GO111MODULE=on
+before:
+  hooks:
+    - go mod download
+
+builds:
+  - binary: cameradar
+    main: ./cmd/cameradar
+    goos:
+      - windows
+      - darwin
+      - linux
+    goarch:
+      - amd64
+      - 386
+      - arm
+      - arm64
+    goarm:
+      - 6
+      - 7
+
+    ignore:
+      - goos: darwin
+        goarch: 386
+
+changelog:
+  skip: true
+
+checksum:
+  name_template: "{{ .ProjectName }}_checksums.txt"
+
+archives:
+  - name_template: "{{ .Binary }}_{{ .Os }}_{{ .Arch }}{{ if .Arm}}v{{ .Arm }}{{ end }}"
+    format: tar.gz
+    format_overrides:
+      - goos: windows
+        format: zip
+    files:
+      - CHANGELOG.md

.travis.yml

@@ -2,8 +2,18 @@ dist: trusty
 sudo: required
 language: go
 
+addons:
+  apt:
+    packages:
+    # needed for the nfpm pipe:
+    - rpm
+    # needed for the snap pipe:
+    - snapd
+
 env:
   - GO111MODULE=on
+  # needed for the snap pipe:
+  - PATH=/snap/bin:$PATH
 
 services:
   - docker
@@ -18,7 +28,7 @@ before_install:
 - sudo apt-get remove docker docker-engine docker.io
 - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
 - sudo apt-get update
-- sudo apt-get install -y docker-ce nmap
+- sudo apt-get install -y docker-ce nmap libcurl4-openssl-dev
 - go get github.com/mattn/goveralls
 - docker version
 
@@ -27,8 +37,8 @@ install:
 
 script:
 # Run unit tests
-- go test -v -covermode=count -coverprofile=coverage.out
-- $HOME/gopath/bin/goveralls -coverprofile=coverage.out -service=travis-ci -repotoken=$COVERALLS_TOKEN
+- GO111MODULE=on go test -v -covermode=count -coverprofile=coverage.out
+- GO111MODULE=on $HOME/gopath/bin/goveralls -coverprofile=coverage.out -service=travis-ci -repotoken=$COVERALLS_TOKEN
 # Launch fake cameras to check if cameradar is able to access them
 - docker run -d --name="fake_camera_digest" -e RTSP_ROUTE="/live.sdp" -e RTSP_USERNAME="admin" -e RTSP_PASSWORD="12345" -e RTSP_AUTHENTICATION_METHOD="digest" -p 8554:8554 ullaakut/rtspatt
 - docker run -d --name="fake_camera_basic" -e RTSP_ROUTE="/live.sdp" -e RTSP_USERNAME="root" -e RTSP_PASSWORD="root" -e RTSP_AUTHENTICATION_METHOD="digest" -p 5554:5554 ullaakut/rtspatt
@@ -45,6 +55,7 @@ script:
 - cat camera_basic_logs.txt
 - cat logs.txt
 - grep "Successful attack" logs.txt || exit 1
+- git clean -fd
 
 notifications:
   email:

CHANGELOG.md

@@ -1,222 +0,0 @@
-# Cameradar Changelog
-
-This file lists all versions of the repository and precises all changes.
-
-## v2.0.0
-
-#### Major changes:
-
-* Cameradar is no longer a C++ application but a Golang library
-* It is also a Golang application replacing the former C++ one (the C++ Cameradar image can still be used with the tag `1.1.4`)
-* The new docker image is twice lighter (14MB vs 379MB before)
-* The Cameradar golang library enables users to build their own application around camera discovery and attack. Example of applications could be an automatic camera discovery daemon with scheduled scans, a security audit tool to check if CCTV cameras are protected from attacks by being isolated and having strong passwords, etc.
-
-## v1.1.4
-
-#### Minor changes:
-
-* Simplified use of Docker image
-* Renamed MySQL table name to be more explicit
-* Refactoring of the Golang functional tester done
-* The output was made more human readable
-* Added automatic code quality checks for pull requests
-* Added contribution documentation
-* Updated dictionaries to add user suggestions for Chinese cameras
-* Enhanced `result.json` file's format
-
-#### Bugfixes:
-
-* Fixed a bug in the functional testing in which if the `result.json` file was not formatted correctly, the test failed but was still considered a success.
-
-## v1.1.3
-
-#### Minor changes:
-
-* Added automatic pushes to DockerHub to the travis integration
-* Made travis configuration file better
-* Changed the package generation scripts to make them report errors
-* Removed old etix_rtsp_server binary from the test folder
-
-#### Bugfixes:
-
-* Fixed an issue that made it mandatory to launch tests at least once so that they can work the second time
-* Fixed an issue that made the golang testing tool not compile in the testing script
-* Fixed an issue that made the golang testing tool sometimes ignore some tests
-* The previous known issue has been investigated and we don't know where it came from. However after a night of testing I have been unable to reproduce it, so I will consider it closed
-
-## v1.1.2
-
-#### Minor changes:
-
-* Added travis integration
-* Added default environment value for Docker deployment
-* Updated docker image description with new easy usage
-* Updated README badges style (replaced flat with square-flat)
-* Build last package can now also generate a debug package if given the `Debug` command-line argument
-
-#### Known issues
-
-* There is still the issue with Camera Emulation Server, see the [previous version's patchnote](#v1.1.1) for more information.
-
-## v1.1.1
-
-#### Minor changes:
-
-* Removed unnecessary null pointer checks (thanks to https://github.com/elfring)
-* Updated package description
-* Removed debug message in CMake build
-* Added `/ch01.264` to the URL dictionary in the deployment (Comelit default RTSP URL)
-* Updated tests partially (still needs work to make the code cleaner)
-  * Variable names are now compliant with Golang best practices
-  * JSON variable names are back to normal
-  * Functions have been moved in more appropriate source files
-  * Structure definitions have been moved in more appropriate source files
-  * Source files have been renamed to be more relevant
-  * JUnit output now considers each camera as a test case
-  * JUnit output now contains errors which makes debugging much easier
-* Added header files where it was forgotten
-
-#### Bugfixes:
-
-* Fixed an issue where if you loose your internet connection during thumbnail generation, FFMpeg would get stuck forever and thus Cameradar would never finish
-* Fixed an issue where multithreading could cause crashes
-* Fixed an issue where the routes dictionary was mistaken for the credentials dictionary
-* Fixed issues with the golang testing tool
-  * Fixed automated camera generation
-  * Fixed docker IP address resolution
-
-#### Known issues:
-
-* There is an issue with Camera Emulation Server that makes it impossible for Cameradar to generate thumbnails, which is why right now the verification of the thumbnails presence is commented and it is assumed correct. It is probably an issue with GST-RTSP-Server but requires investigation.
-
-## v1.1.0
-
-#### Major changes:
-
-* There are more command line options
-  * Port can now be overridden in the command line
-  * Target can now be overridden in the command line
-* Bruteforce is now multithreaded and will use as many threads as there are discovered cameras
-* Thumbnail generation is now multithreaded and will use as many threads as there are discovered cameras
-* There are now default configuration values in order to make cameradar easier to use
-
-#### Minor changes:
-
-* The algorithms take external input into account (so that a 3rd party can change the DB to help Cameradar in real-time) and thus check the persistent data at each iteration
-* The default log level is now DEBUG instead of INFO
-* The attack logs are now INFO instead of DEBUG
-* The thumbnail generation logs are now INFO instead of DEBUG
-
-#### Bugs fixed
-
-* Fixed a bug in which the MySQL cache manager would consider a camera with known ids as having a valid path even if it weren't
-* Fixed a bug in which TCP RTSP streams would not generate thumbnails
-
-## v1.0.5
-
-* Fixed error in MySQL Cache Manager in which thumbnail generation on valid streams could not be done
-* Fixed potential crash in the case the machine running cameradar has no memory left to allocate space for the dynamic cache manager
-
-## v1.0.4
-
-#### Bugs fixed:
-
-* Fixed nmap package detection
-
-## v1.0.3
-
-#### Bugs fixed:
-
-* Corrected GStreamer check
-
-## v1.0.2
-
-#### Bugs fixed:
-
-* Fixed issues in MySQL Cache Manager
-
-#### Minor changes:
-
-* Added useful debug logs
-
-## v1.0.1
-
-### Ubuntu 16.04 Release
-
-#### Major changes:
-
-* The Docker deployment is now done using Ubuntu 16.04 instead of Ubuntu 15.10, so that it uses more recent packages.
-
-#### Minor changes:
-
-* Removed useless dependencies
-
-## v1.0.0
-
-### First production-ready release
-
-#### Major changes:
-
-* Added functional testing
-
-## v0.2.2
-
-After doing some testing on a weirdly configured camera network in a far away Datacenter, I discovered that some Cameras needed a few tweaks to the Cameradar attack method in order to be accessed.
-
-#### Major changes:
-
-* Cameradar can access Cameras that are configured to always send 400 Bad Requests responses
-
-#### Minor changes:
-
-* Changed iterator name from `it` to `stream` in dumb cache manager to improve code readability
-
-#### Bugfixes:
-
-* Cameradar no longer considers a timing out Camera as an accessible stream
-
-## v0.2.1
-
-This package adds fixes the Docker deployment package.
-
-#### Minor changes
-
-* Fixed the Docker deployment package
-* Updated README
-
-## v0.2.0
-
-### MySQL Cache Manager Release
-
-This package adds a new cache manager using a MySQL database, that can store the results between mutiple uses.
-
-#### Major changes
-
-* Added a MySQL Cache Manager
-
-#### Minor changes
-
-* Removed legacy code
-* Removed boost dependency
-* Improved debugging logs
-
-## v0.1.1
-
-### Docker release
-
-This package adds a way to deploy Cameradar using Docker.
-
-#### Major changes
-
-* Added a quick Docker deployment process
-* Added automatic dependencies downloading through CMake for the manual installation
-* Added CPack packaging for the Docker deployment
-
-#### Minor changes
-
-* Changed recommended cloning method to HTTPS
-* Added lots of informations to README.md
-
-## v0.1.0
-
-This package was the first OpenSource version of Cameradar. It contained only a simple cache manager and had some bugs.

Dockerfile

@@ -1,8 +1,8 @@
 # Build stage
 FROM golang:alpine AS build-env
 
-COPY . /go/src/github.com/ullaakut/cameradar
-WORKDIR /go/src/github.com/ullaakut/cameradar/cmd/cameradar
+COPY . /go/src/github.com/Ullaakut/cameradar
+WORKDIR /go/src/github.com/Ullaakut/cameradar/cmd/cameradar
 
 RUN apk update && \
     apk upgrade && \
@@ -19,14 +19,18 @@ RUN go build -o cameradar
 # Final stage
 FROM alpine
 
+# Necessary to install curl v7.64.0-r3.
+# Fix for https://github.com/Ullaakut/cameradar/issues/247
+RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.9/main' >> /etc/apk/repositories
+
 RUN apk --update add --no-cache nmap \
     nmap-nselibs \
     nmap-scripts \
-    curl-dev
+    curl-dev==7.64.0-r3
 
 WORKDIR /app/cameradar
-COPY --from=build-env /go/src/github.com/ullaakut/cameradar/dictionaries/ /app/dictionaries/
-COPY --from=build-env /go/src/github.com/ullaakut/cameradar/cmd/cameradar/ /app/cameradar/
+COPY --from=build-env /go/src/github.com/Ullaakut/cameradar/dictionaries/ /app/dictionaries/
+COPY --from=build-env /go/src/github.com/Ullaakut/cameradar/cmd/cameradar/ /app/cameradar/
 
 ENV CAMERADAR_CUSTOM_ROUTES="/app/dictionaries/routes"
 ENV CAMERADAR_CUSTOM_CREDENTIALS="/app/dictionaries/credentials.json"

README.md

@@ -79,15 +79,18 @@ Only use this solution if for some reason using docker is not an option for you
 ### Dependencies
 
 * `go` (> `1.10`)
+* `libcurl` development library (**[version has to be <7.66.0](https://github.com/Ullaakut/cameradar/issues/247)**)
+    * For apt users: `apt install libcurl4-openssl-dev`
 
 ### Steps to install
 
-Make sure you installed the dependencies mentionned above, and that you have Go modules enabled (`GO111MODULE=on`)
+Make sure you installed the [dependencies](#dependencies), **and that you have Go modules enabled (`GO111MODULE=on`)**.
 
-1. `go get github.com/ullaakut/cameradar`
-2. `cd $GOPATH/src/github.com/ullaakut/cameradar`
-3. `cd cameradar`
-4. `go install`
+1. `export GO111MODULE=on` (unless it's already on)
+2. `go get github.com/Ullaakut/cameradar`
+3. `cd $GOPATH/src/github.com/Ullaakut/cameradar`
+4. `cd cmd/cameradar`
+5. `go install`
 
 The `cameradar` binary is now in your `$GOPATH/bin` ready to be used. See command line options [here](#command-line-options).
 
@@ -117,8 +120,9 @@ If you have [VLC Media Player](http://www.videolan.org/vlc/), you should be able
 
 * **"-t, --targets"**: Set target. Required. Target can be a file (see [instructions on how to format the file](#format-input-file)), an IP, an IP range, a subnetwork, or a combination of those. Example: `--targets="192.168.1.72,192.168.1.74"`
 * **"-p, --ports"**: (Default: `554,5554,8554`) Set custom ports.
-* **"-s, --speed"**: (Default: `4`) Set custom nmap discovery presets to improve speed or accuracy. It's recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a very performant and reliable network. You might also want to keep it low to keep your discovery stealthy. See [this for more info on the nmap timing templates](https://nmap.org/book/man-performance.html).
-* **"-T, --timeout"**: (Default: `2000`) Set custom timeout value in miliseconds after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on very performant and reliable networks.
+* **"-s, --scan-speed"**: (Default: `4`) Set custom nmap discovery presets to improve speed or accuracy. It's recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a very performant and reliable network. You might also want to keep it low to keep your discovery stealthy. See [this for more info on the nmap timing templates](https://nmap.org/book/man-performance.html).
+* **"-I, --attack-interval"**: (Default: `0ms`) Set custom interval after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on fast and reliable networks.
+* **"-T, --timeout"**: (Default: `2000ms`) Set custom timeout value after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on fast and reliable networks.
 * **"-r, --custom-routes"**: (Default: `<CAMERADAR_GOPATH>/dictionaries/routes`) Set custom dictionary path for routes
 * **"-c, --custom-credentials"**: (Default: `<CAMERADAR_GOPATH>/dictionaries/credentials.json`) Set custom dictionary path for credentials
 * **"-o, --nmap-output"**: (Default: `/tmp/cameradar_scan.xml`) Set custom nmap output path
@@ -174,17 +178,23 @@ These variables are optional, allowing to replace the default dictionaries with
 
 Default values: `<CAMERADAR_GOPATH>/dictionaries/routes` and `<CAMERADAR_GOPATH>/dictionaries/credentials.json`
 
-### `CAMERADAR_SPEED`
+### `CAMERADAR_SCAN_SPEED`
 
-This optional variable allows you to set custom nmap discovery presets to improve speed or accuracy. It's recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a very performant and reliable network. See [this for more info on the nmap timing templates](https://nmap.org/book/man-performance.html).
+This optional variable allows you to set custom nmap discovery presets to improve speed or accuracy. It's recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a fast and reliable network. See [this for more info on the nmap timing templates](https://nmap.org/book/man-performance.html).
 
 Default value: `4`
 
+### `CAMERADAR_ATTACK_INTERVAL`
+
+This optional variable allows you to set custom interval to wait between each attack in order to stay stealthy. It's recommended to increase it when attempting to scan a network that might be protected against bruteforce attacks. By default, there is no interval, in order to make attacks as fast as possible
+
+Default value: `0ms`
+
 ### `CAMERADAR_TIMEOUT`
 
-This optional variable allows you to set custom timeout value in miliseconds after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on very performant and reliable networks.
+This optional variable allows you to set custom timeout value after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on fast and reliable networks.
 
-Default value: `2000`
+Default value: `2000ms`
 
 ### `CAMERADAR_LOGGING`
 
@@ -206,14 +216,15 @@ Your image will be called `cameradar` and NOT `ullaakut/cameradar`.
 
 #### Go build
 
-Make sure you installed the [dependencies](#dependencies), and that you have Go modules enabled (`GO111MODULE=on`)
+Make sure you installed the [dependencies](#dependencies), **and that you have Go modules enabled (`GO111MODULE=on`)**.
 
-1. `go get github.com/ullaakut/cameradar`
-2. `cd $GOPATH/src/github.com/ullaakut/cameradar`
-3. `cd cameradar`
-4. `go build`
+1. `export GO111MODULE=on` (unless it's already on)
+2. `go get github.com/Ullaakut/cameradar`
+3. `cd $GOPATH/src/github.com/Ullaakut/cameradar`
+4. `cd cmd/cameradar`
+5. `go install`
 
-The cameradar binary is now in the root of the directory.
+The cameradar binary is now in `$GOPATH/bin/cameradar`.
 
 See [the contribution document](/CONTRIBUTING.md) to get started.
 
@@ -229,11 +240,11 @@ Maybe your cameras have been configured and the credentials / URL have been chan
 
 > What happened to the C++ version?
 
-You can still find it under the 1.1.4 tag on this repo, however it was less performant and stable than the current version written in Golang. It is not recommended to use it.
+You can still find it under the 1.1.4 tag on this repo, however it was slower and less stable than the current version written in Golang. It is not recommended to use it.
 
 > How to use the Cameradar library for my own project?
 
-See the example in `/cmd/cameradar`. You just need to run `go get github.com/ullaakut/cameradar` and to use the `cameradar` package in your code. You can find the documentation on [godoc](https://godoc.org/github.com/ullaakut/cameradar).
+See the example in `/cmd/cameradar`. You just need to run `go get github.com/Ullaakut/cameradar` and to use the `cameradar` package in your code. You can find the documentation on [godoc](https://godoc.org/github.com/ullaakut/cameradar).
 
 > I want to scan my own localhost for some reason and it does not work! What's going on?
 

attack.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"time"
 
-	curl "github.com/ullaakut/go-curl"
+	curl "github.com/Ullaakut/go-curl"
 )
 
 // HTTP responses.
@@ -37,20 +37,23 @@ func (s *Scanner) Attack(targets []Stream) ([]Stream, error) {
 	s.term.StartStepf("Attacking credentials of %d streams", len(targets))
 	streams = s.AttackCredentials(streams)
 
+	s.term.StartStep("Validating that streams are accessible")
+	streams = s.ValidateStreams(streams)
+
 	// But some cameras run GST RTSP Server which prioritizes 401 over 404 contrary to most cameras.
 	// For these cameras, running another route attack will solve the problem.
 	for _, stream := range streams {
-		if !stream.RouteFound || !stream.CredentialsFound {
+		if !stream.RouteFound || !stream.CredentialsFound || !stream.Available {
 			s.term.StartStepf("Second round of attacks")
 			streams = s.AttackRoute(streams)
 
+			s.term.StartStep("Validating that streams are accessible")
+			streams = s.ValidateStreams(streams)
+
 			break
 		}
 	}
 
-	s.term.StartStep("Validating that streams are accessible")
-	streams = s.ValidateStreams(streams)
-
 	s.term.EndStep()
 
 	return streams, nil
@@ -60,6 +63,7 @@ func (s *Scanner) Attack(targets []Stream) ([]Stream, error) {
 func (s *Scanner) ValidateStreams(targets []Stream) []Stream {
 	for i := range targets {
 		targets[i].Available = s.validateStream(targets[i])
+		time.Sleep(s.attackInterval)
 	}
 
 	return targets
@@ -122,6 +126,7 @@ func (s *Scanner) AttackRoute(targets []Stream) []Stream {
 func (s *Scanner) DetectAuthMethods(targets []Stream) []Stream {
 	for i := range targets {
 		targets[i].AuthenticationType = s.detectAuthMethod(targets[i])
+		time.Sleep(s.attackInterval)
 
 		var authMethod string
 		switch targets[i].AuthenticationType {
@@ -150,6 +155,7 @@ func (s *Scanner) attackCameraCredentials(target Stream, resChan chan<- Stream)
 				resChan <- target
 				return
 			}
+			time.Sleep(s.attackInterval)
 		}
 	}
 
@@ -166,6 +172,7 @@ func (s *Scanner) attackCameraRoute(target Stream, resChan chan<- Stream) {
 			resChan <- target
 			return
 		}
+		time.Sleep(s.attackInterval)
 	}
 
 	target.RouteFound = false
@@ -188,19 +195,18 @@ func (s *Scanner) detectAuthMethod(stream Stream) int {
 	_ = c.Setopt(curl.OPT_URL, attackURL)
 	// Set the RTSP STREAM URI as the stream URL.
 	_ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL)
-	// 2 is CURL_RTSPREQ_DESCRIBE.
-	_ = c.Setopt(curl.OPT_RTSP_REQUEST, 2)
+	_ = c.Setopt(curl.OPT_RTSP_REQUEST, rtspDescribe)
 
 	// Perform the request.
 	err := c.Perform()
 	if err != nil {
-		s.term.Debugf("Perform failed: %v", err)
+		s.term.Errorf("Perform failed for %q (auth %d): %v", attackURL, stream.AuthenticationType, err)
 		return -1
 	}
 
 	authType, err := c.Getinfo(curl.INFO_HTTPAUTH_AVAIL)
 	if err != nil {
-		s.term.Debugf("Getinfo failed: %v", err)
+		s.term.Errorf("Getinfo failed: %v", err)
 		return -1
 	}
 
@@ -233,20 +239,19 @@ func (s *Scanner) routeAttack(stream Stream, route string) bool {
 	_ = c.Setopt(curl.OPT_URL, attackURL)
 	// Set the RTSP STREAM URI as the stream URL.
 	_ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL)
-	// 2 is CURL_RTSPREQ_DESCRIBE.
 	_ = c.Setopt(curl.OPT_RTSP_REQUEST, rtspDescribe)
 
 	// Perform the request.
 	err := c.Perform()
 	if err != nil {
-		s.term.Debugf("Perform failed: %v", err)
+		s.term.Errorf("Perform failed for %q (auth %d): %v", attackURL, stream.AuthenticationType, err)
 		return false
 	}
 
 	// Get return code for the request.
 	rc, err := c.Getinfo(curl.INFO_RESPONSE_CODE)
 	if err != nil {
-		s.term.Debugf("Getinfo failed: %v", err)
+		s.term.Errorf("Getinfo failed: %v", err)
 		return false
 	}
 
@@ -283,20 +288,19 @@ func (s *Scanner) credAttack(stream Stream, username string, password string) bo
 	_ = c.Setopt(curl.OPT_URL, attackURL)
 	// Set the RTSP STREAM URI as the stream URL.
 	_ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL)
-	// 2 is CURL_RTSPREQ_DESCRIBE.
-	_ = c.Setopt(curl.OPT_RTSP_REQUEST, 2)
+	_ = c.Setopt(curl.OPT_RTSP_REQUEST, rtspDescribe)
 
 	// Perform the request.
 	err := c.Perform()
 	if err != nil {
-		s.term.Debugf("Perform failed: %v", err)
+		s.term.Errorf("Perform failed for %q (auth %d): %v", attackURL, stream.AuthenticationType, err)
 		return false
 	}
 
 	// Get return code for the request.
 	rc, err := c.Getinfo(curl.INFO_RESPONSE_CODE)
 	if err != nil {
-		s.term.Debugf("Getinfo failed: %v", err)
+		s.term.Errorf("Getinfo failed: %v", err)
 		return false
 	}
 
@@ -334,7 +338,6 @@ func (s *Scanner) validateStream(stream Stream) bool {
 	_ = c.Setopt(curl.OPT_URL, attackURL)
 	// Set the RTSP STREAM URI as the stream URL.
 	_ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL)
-	// 2 is CURL_RTSPREQ_SETUP.
 	_ = c.Setopt(curl.OPT_RTSP_REQUEST, rtspSetup)
 
 	_ = c.Setopt(curl.OPT_RTSP_TRANSPORT, "RTP/AVP;unicast;client_port=33332-33333")
@@ -342,14 +345,14 @@ func (s *Scanner) validateStream(stream Stream) bool {
 	// Perform the request.
 	err := c.Perform()
 	if err != nil {
-		s.term.Debugf("Perform failed: %v", err)
+		s.term.Errorf("Perform failed for %q (auth %d): %v", attackURL, stream.AuthenticationType, err)
 		return false
 	}
 
 	// Get return code for the request.
 	rc, err := c.Getinfo(curl.INFO_RESPONSE_CODE)
 	if err != nil {
-		s.term.Debugf("Getinfo failed: %v", err)
+		s.term.Errorf("Getinfo failed: %v", err)
 		return false
 	}
 

attack_test.go

@@ -6,10 +6,10 @@ import (
 	"testing"
 	"time"
 
+	"github.com/Ullaakut/disgo"
+	curl "github.com/Ullaakut/go-curl"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
-	"github.com/ullaakut/disgo"
-	curl "github.com/ullaakut/go-curl"
 )
 
 type CurlerMock struct {

cameradar.go

@@ -3,7 +3,7 @@
 // IP Cameras, often for surveillance.
 //
 // A simple example usage of the library can be found in
-// https://github.com/ullaakut/cameradar/tree/master/cameradar
+// https://github.com/Ullaakut/cameradar/tree/master/cameradar
 //
 // The example usage is complete enough for most users to
 // ignore the library, but for users with specific needs

cmd/cameradar/cameradar.go

@@ -7,11 +7,11 @@ import (
 	"strings"
 	"time"
 
+	"github.com/Ullaakut/cameradar"
+	"github.com/Ullaakut/disgo"
+	"github.com/Ullaakut/disgo/style"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
-	"github.com/ullaakut/cameradar"
-	"github.com/ullaakut/disgo"
-	"github.com/ullaakut/disgo/style"
 )
 
 func parseArguments() error {
@@ -20,10 +20,11 @@ func parseArguments() error {
 
 	pflag.StringSliceP("targets", "t", []string{}, "The targets on which to scan for open RTSP streams - required (ex: 172.16.100.0/24)")
 	pflag.StringSliceP("ports", "p", []string{"554", "5554", "8554"}, "The ports on which to search for RTSP streams")
-	pflag.StringP("custom-routes", "r", "<GOPATH>/src/github.com/ullaakut/cameradar/dictionaries/routes", "The path on which to load a custom routes dictionary")
-	pflag.StringP("custom-credentials", "c", "<GOPATH>/src/github.com/ullaakut/cameradar/dictionaries/credentials.json", "The path on which to load a custom credentials JSON dictionary")
-	pflag.IntP("speed", "s", 4, "The nmap speed preset to use for discovery")
-	pflag.DurationP("timeout", "T", 2*time.Second, "The timeout in miliseconds to use for attack attempts")
+	pflag.StringP("custom-routes", "r", "${GOPATH}/src/github.com/Ullaakut/cameradar/dictionaries/routes", "The path on which to load a custom routes dictionary")
+	pflag.StringP("custom-credentials", "c", "${GOPATH}/src/github.com/Ullaakut/cameradar/dictionaries/credentials.json", "The path on which to load a custom credentials JSON dictionary")
+	pflag.IntP("scan-speed", "s", 4, "The nmap speed preset to use for scanning (lower is stealthier)")
+	pflag.DurationP("attack-interval", "I", 0, "The interval between each attack  (i.e: 2000ms, higher is stealthier)")
+	pflag.DurationP("timeout", "T", 2000*time.Millisecond, "The timeout to use for attack attempts (i.e: 2000ms)")
 	pflag.BoolP("debug", "d", true, "Enable the debug logs")
 	pflag.BoolP("verbose", "v", false, "Enable the verbose logs")
 	pflag.BoolP("help", "h", false, "displays this help message")
@@ -43,10 +44,12 @@ func parseArguments() error {
 		fmt.Println("\tScanning your home network for RTSP streams:\tcameradar -t 192.168.0.0/24")
 		fmt.Println("\tScanning a remote camera on a specific port:\tcameradar -t 172.178.10.14 -p 18554 -s 2")
 		fmt.Println("\tScanning an unstable remote network: \t\tcameradar -t 172.178.10.14/24 -s 1 --timeout 10000 -l")
+		fmt.Println("\tStealthily scanning a remote network: \t\tcameradar -t 172.178.10.14/24 -s 1 -I 5000")
 		os.Exit(0)
 	}
 
-	if viper.GetStringSlice("targets") == nil {
+	if len(viper.GetStringSlice("targets")) == 0 {
+		pflag.Usage()
 		return errors.New("targets (-t, --targets) argument required\n    examples:\n      - 172.16.100.0/24\n      - localhost\n      - 8.8.8.8")
 	}
 
@@ -66,7 +69,8 @@ func main() {
 		cameradar.WithVerbose(viper.GetBool("verbose")),
 		cameradar.WithCustomCredentials(viper.GetString("custom-credentials")),
 		cameradar.WithCustomRoutes(viper.GetString("custom-routes")),
-		cameradar.WithSpeed(viper.GetInt("speed")),
+		cameradar.WithScanSpeed(viper.GetInt("scan-speed")),
+		cameradar.WithAttackInterval(viper.GetDuration("attack-interval")),
 		cameradar.WithTimeout(viper.GetDuration("timeout")),
 	)
 	if err != nil {

curl.go

@@ -1,7 +1,7 @@
 package cameradar
 
 import (
-	curl "github.com/ullaakut/go-curl"
+	curl "github.com/Ullaakut/go-curl"
 )
 
 // Curler is an interface that implements the CURL interface of the go-curl library

curl_test.go

@@ -4,7 +4,7 @@ import (
 	"reflect"
 	"testing"
 
-	curl "github.com/ullaakut/go-curl"
+	curl "github.com/Ullaakut/go-curl"
 )
 
 func TestCurl(t *testing.T) {

dictionaries/credentials.json

@@ -22,24 +22,37 @@
     "1234",
     "12345",
     "123456",
+    "12345678",
     "4321",
     "666666",
+    "6fJjMKYx",
     "888888",
     "9999",
     "admin",
+    "administrator",
     "aiphone",
     "camera",
     "fliradmin",
+    "GRwvcj8j",
+    "hikvision",
+    "hikadmin",
     "ikwd",
     "jvc",
+    "kj3TqCWv",
     "meinsm",
     "pass",
     "password",
+    "password123",
+    "reolink",
     "root",
     "service",
     "supervisor",
     "system",
+    "tlJwpbo6",
+    "toor",
+    "tp-link",
     "ubnt",
-    "wbox123"
+    "wbox123",
+    "Y5eIMz3C"
   ]
-}
+}

dictionaries/routes

@@ -1,4 +1,5 @@
 
+/live/ch01_0
 0/1:1/main
 0/usrnm:pwd/main
 0/video1
@@ -9,7 +10,29 @@
 11
 12
 125
+1080p
+1440p
+480p
+4K
 666
+720p
+AVStream1_1
+CAM_ID.password.mp2
+CH001.sdp
+GetData.cgi
+HD
+HighResolutionVideo
+LowResolutionVideo
+MediaInput/h264
+MediaInput/mpeg4
+ONVIF/MediaInput
+ONVIF/MediaInput?profile=4_def_profile6
+StdCh1
+Streaming/Channels/1
+Streaming/Unicast/channels/101
+StreamingSetting?version=1.0&action=getRTSPStream&ChannelID=1&ChannelName=Channel1
+VideoInput/1/h264/1
+VideoInput/1/mpeg4/1
 access_code
 access_name_for_stream_1_to_5
 api/mjpegvideo.cgi
@@ -17,18 +40,19 @@ av0_0
 av2
 avc
 avn=2
-AVStream1_1
 axis-media/media.amp
 axis-media/media.amp?camera=1
 axis-media/media.amp?videocodec=h264
 cam
-CAM_ID.password.mp2
 cam/realmonitor
 cam/realmonitor?channel=0&subtype=0
 cam/realmonitor?channel=1&subtype=0
+cam/realmonitor?channel=1&subtype=1
 cam/realmonitor?channel=1&subtype=1&unicast=true&proto=Onvif
+cam0
 cam0_0
 cam0_1
+cam1
 cam1/h264
 cam1/h264/multicast
 cam1/mjpeg
@@ -37,37 +61,35 @@ cam1/mpeg4?user='username'&pwd='password'
 cam1/onvif-h264
 camera.stm
 ch0
-ch0_0.h264
-ch0_unicast_firststream
-ch0_unicast_secondstream
 ch00/0
 ch001.sdp
-CH001.sdp
 ch01.264
 ch01.264?
 ch01.264?ptype=tcp
+ch0_0.h264
+ch0_unicast_firststream
+ch0_unicast_secondstream
 ch1-s1
 channel1
-GetData.cgi
 gnz_media/main
 h264
-h264_vga.sdp
 h264.sdp
 h264/ch1/sub/av_stream
 h264/media.amp
-HighResolutionVideo
+h264Preview_01_main
+h264Preview_01_sub
+h264_vga.sdp
+h264_stream
 image.mpg
 img/media.sav
 img/media.sav?channel=1
 img/video.asf
 img/video.sav
 ioImage/1
+ipcam.sdp
 ipcam_h264.sdp
 ipcam_mjpeg.sdp
-ipcam.sdp
 live
-live_mpeg4.sdp
-live_st1
 live.sdp
 live/av0
 live/ch0
@@ -79,16 +101,15 @@ live/main0
 live/mpeg4
 live1.sdp
 live3.sdp
+live_mpeg4.sdp
+live_st1
 livestream
-LowResolutionVideo
 main
 media
 media.amp
 media.amp?streamprofile=Profile1
 media/media.amp
 media/video1
-MediaInput/h264
-MediaInput/mpeg4
 medias2
 mjpeg/media.smp
 mp4
@@ -107,8 +128,6 @@ nphMpeg4/g726-640x48
 nphMpeg4/g726-640x480
 nphMpeg4/nil-320x240
 onvif-media/media.amp
-ONVIF/MediaInput
-ONVIF/MediaInput?profile=4_def_profile6
 onvif1
 pass@10.0.0.5:6667/blinkhd
 play1.sdp
@@ -122,29 +141,30 @@ rtsp_live2
 rtsp_tunnel
 rtsph264
 rtsph2641080p
-StdCh1
+snap.jpg
 stream
+stream/0
+stream/1
+stream/live.sdp
 stream.sdp
 stream1
 streaming/channels/0
-Streaming/Channels/1
 streaming/channels/1
 streaming/channels/101
-Streaming/Unicast/channels/101
-StreamingSetting?version=1.0&action=getRTSPStream&ChannelID=1&ChannelName=Channel1
 tcp/av0_0
 test
+tmpfs/auto.jpg
 trackID=1
 ucast/11
 udp/av0_0
 udp/unicast/aiphone_H264
 udpstream
-user_defined
 user.pin.mp2
-user=admin_password=?????_channel=1_stream=0.sdp?real_stream
-user=admin_password=R5XFY888_channel=1_stream=0.sdp?real_stream
 user=admin&password=&channel=1&stream=0.sdp?
 user=admin&password=&channel=1&stream=0.sdp?real_stream
+user=admin_password=?????_channel=1_stream=0.sdp?real_stream
+user=admin_password=R5XFY888_channel=1_stream=0.sdp?real_stream
+user_defined
 v2
 video
 video.3gp
@@ -154,12 +174,13 @@ video.mp4
 video.pro1
 video.pro2
 video.pro3
+video0
 video0.sdp
 video1
+video1.sdp
 video1+audio1
-videoinput_1/h264_1/media.stm
-VideoInput/1/h264/1
-VideoInput/1/mpeg4/1
 videoMain
+videoinput_1/h264_1/media.stm
+videostream.asf
 vis
-wfov
+wfov

go.mod

@@ -1,19 +1,17 @@
-module github.com/ullaakut/cameradar
+module github.com/Ullaakut/cameradar
+
+go 1.12
 
 require (
-	github.com/Ullaakut/nmap v0.0.0-20190306183004-e38898a9bead // indirect
+	github.com/PuerkitoBio/goquery v1.5.0
+	github.com/Ullaakut/disgo v0.3.1
+	github.com/Ullaakut/go-curl v0.0.0-20190525093431-597e157bbffd
+	github.com/Ullaakut/nmap v2.0.0+incompatible
+	github.com/VividCortex/ewma v1.1.1 // indirect
 	github.com/fatih/color v1.7.0 // indirect
-	github.com/gernest/wow v0.1.0
-	github.com/go-playground/locales v0.12.1 // indirect
-	github.com/go-playground/universal-translator v0.16.0 // indirect
-	github.com/leodido/go-urn v1.1.0 // indirect
-	github.com/mattn/go-colorable v0.1.1 // indirect
-	github.com/mattn/go-isatty v0.0.6 // indirect
-	github.com/pkg/errors v0.8.1
+	github.com/mattn/go-colorable v0.1.2 // indirect
 	github.com/spf13/pflag v1.0.3
-	github.com/spf13/viper v1.3.1
-	github.com/ullaakut/disgo v0.3.0
-	github.com/ullaakut/go-curl v0.0.0-20190525093431-597e157bbffd
-	github.com/ullaakut/nmap v0.0.0-20190306183004-e38898a9bead
-	gopkg.in/go-playground/validator.v9 v9.27.0
+	github.com/spf13/viper v1.4.0
+	github.com/stretchr/testify v1.2.2
+	github.com/vbauerster/mpb v3.4.0+incompatible
 )

go.sum

@@ -1,38 +1,100 @@
-github.com/Ullaakut/nmap v0.0.0-20190306183004-e38898a9bead h1:iclmd4In7CnuZGbbnnaeF1DtSePgXxN71pq5UNI1M7c=
-github.com/Ullaakut/nmap v0.0.0-20190306183004-e38898a9bead/go.mod h1:fkC066hwfcoKwlI7DS2ARTggSVtBTZYCjVH1TzuTMaQ=
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/PuerkitoBio/goquery v1.5.0 h1:uGvmFXOA73IKluu/F84Xd1tt/z07GYm8X49XKHP7EJk=
+github.com/PuerkitoBio/goquery v1.5.0/go.mod h1:qD2PgZ9lccMbQlc7eEOjaeRlFQON7xY8kdmcsrnKqMg=
+github.com/Ullaakut/disgo v0.3.1 h1:BGGVHynji41KGuGI02ztTCnILRvyzlvmiCRl5bBpjKk=
+github.com/Ullaakut/disgo v0.3.1/go.mod h1:/CSvpnYVSKOeh2dvUvx9cXshzz2t7T1/lRO/MrFj3fI=
+github.com/Ullaakut/go-curl v0.0.0-20190525093431-597e157bbffd h1:CMe+dX1CL4pCXNytxIB2U1qp0xZObGMZosJhaQdUlUo=
+github.com/Ullaakut/go-curl v0.0.0-20190525093431-597e157bbffd/go.mod h1:u8mVgpDT88IPIt1B+Tu8vkrcFfBKGcfGwS9I7wmvMh0=
+github.com/Ullaakut/nmap v2.0.0+incompatible h1:tNXub052dsnG8+yrgpph9nhVixIBdpRRgzvmQoc8eBA=
+github.com/Ullaakut/nmap v2.0.0+incompatible/go.mod h1:fkC066hwfcoKwlI7DS2ARTggSVtBTZYCjVH1TzuTMaQ=
+github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
+github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/andybalholm/cascadia v1.0.0 h1:hOCXnnZ5A+3eVDX8pvgl4kofXv2ELss0bKcqRySc45o=
+github.com/andybalholm/cascadia v1.0.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/gernest/wow v0.1.0 h1:g9xdwCwP0+xgVYlA2sopI0gZHqXe7HjI/7/LykG4fks=
-github.com/gernest/wow v0.1.0/go.mod h1:dEPabJRi5BneI1Nev1VWo0ZlcTWibHWp43qxKms4elY=
-github.com/go-playground/locales v0.12.1 h1:2FITxuFt/xuCNP1Acdhv62OzaCiviiE4kotfhkmOqEc=
-github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM=
-github.com/go-playground/universal-translator v0.16.0 h1:X++omBR/4cE2MNg91AoC3rmGrCjJ8eAeUP/K/EKx4DM=
-github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
+github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
+github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/leodido/go-urn v1.1.0 h1:Sm1gr51B1kKyfD2BlRcLSiEkffoG96g6TPv6eRoEiB8=
-github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw=
+github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/mattn/go-colorable v0.1.1 h1:G1f5SKeVxmagw/IyvzvtZE4Gybcc4Tr1tf7I8z0XgOg=
-github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
-github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.6 h1:SrwhHcpV4nWrMGdNcC2kXpMfcBVYGDuTArqyhocJgvA=
-github.com/mattn/go-isatty v0.0.6/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-colorable v0.1.2 h1:/bC9yWikZXAL9uJdulbSfyVNIR3n3trXl+v8+1sx8mU=
+github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-isatty v0.0.8 h1:HLtExJ+uU2HOZ+wI0Tt5DtUDrx8yhUqDcp7fYERX4CE=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
+github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
+github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8=
@@ -41,33 +103,63 @@ github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/viper v1.3.1 h1:5+8j8FTpnFV4nEImW/ofkzEt8VoOiLXxdYIDsB73T38=
-github.com/spf13/viper v1.3.1/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
+github.com/spf13/viper v1.4.0 h1:yXHLWeravcrgGyFSyCgdYpXQ9dR9c/WED3pg1RhxqEU=
+github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
+github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
-github.com/ullaakut/disgo v0.0.0-20190310161027-e17c43d71b3d h1:tObr2ILgSQwrhpQRiVUKHtXF+0V5gYnnd/zBQGAmfuQ=
-github.com/ullaakut/disgo v0.0.0-20190310161027-e17c43d71b3d/go.mod h1:UOgLVyqihzJ7yihrHjYZikivT+AHb9NhT3r1OyPCJqg=
-github.com/ullaakut/disgo v0.3.0 h1:2zrEyNBfPRgDVDgzM/qLXZ4Yqt3Lxz7ERvZUSmqSY2M=
-github.com/ullaakut/disgo v0.3.0/go.mod h1:UOgLVyqihzJ7yihrHjYZikivT+AHb9NhT3r1OyPCJqg=
-github.com/ullaakut/go-curl v0.0.0-20190310175419-50acab4cef70 h1:3q4hgRu9NT894aYmnoMFl5wPvdNhpHYmdi2+Njyxq5U=
-github.com/ullaakut/go-curl v0.0.0-20190310175419-50acab4cef70/go.mod h1:FTfXm4jC9Ff1yqc3/HMXCyr+SGO03vJyijJCQlNyF10=
-github.com/ullaakut/go-curl v0.0.0-20190525093431-597e157bbffd h1:IzJ7V8S7/NXc4aLOj0QavbQZ5Z/Q2RpCifshHoJ5ytA=
-github.com/ullaakut/go-curl v0.0.0-20190525093431-597e157bbffd/go.mod h1:FTfXm4jC9Ff1yqc3/HMXCyr+SGO03vJyijJCQlNyF10=
-github.com/ullaakut/nmap v0.0.0-20190306183004-e38898a9bead h1:Pw5wKSAfxi8GcYJSc3GdcwtPG5tyg7zg9E3hAHbLPO0=
-github.com/ullaakut/nmap v0.0.0-20190306183004-e38898a9bead/go.mod h1:4CQy4PqZA4Snk3+MS26+1oAkJ8dCY8kGH6+kF42yajw=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
+github.com/vbauerster/mpb v3.4.0+incompatible h1:mfiiYw87ARaeRW6x5gWwYRUawxaW1tLAD8IceomUCNw=
+github.com/vbauerster/mpb v3.4.0+incompatible/go.mod h1:zAHG26FUhVKETRu+MWqYXcI70POlC6N8up9p1dID7SU=
+github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190103213133-ff983b9c42bc h1:F5tKCVGp+MUAHhKp5MZtGqAlGX3+oCsiL1Q629FL90M=
-golang.org/x/crypto v0.0.0-20190103213133-ff983b9c42bc/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190116161447-11f53e031339 h1:g/Jesu8+QLnA0CPzF3E1pURg0Byr7i6jLoX5sqjcAh0=
-golang.org/x/sys v0.0.0-20190116161447-11f53e031339/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
+go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190522155817-f3200d17e092 h1:4QSRKanuywn15aTZvI/mIDEgPQpswuFndXpOj3rKEco=
+golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223 h1:DH4skfRX4EBpamg7iV4ZlCpblAHI6s6TDM39bFZumv8=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/go-playground/validator.v9 v9.27.0 h1:wCg/0hk9RzcB0CYw8pYV6FiBYug1on0cpco9YZF8jqA=
-gopkg.in/go-playground/validator.v9 v9.27.0/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
+gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

loaders_test.go

@@ -8,7 +8,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/ullaakut/disgo"
+	"github.com/Ullaakut/disgo"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"

scan.go

@@ -3,7 +3,7 @@ package cameradar
 import (
 	"strings"
 
-	"github.com/ullaakut/nmap"
+	"github.com/Ullaakut/nmap"
 )
 
 // Scan scans the target networks and tries to find RTSP streams within them.
@@ -25,7 +25,7 @@ func (s *Scanner) Scan() ([]Stream, error) {
 	nmapScanner, err := nmap.NewScanner(
 		nmap.WithTargets(s.targets...),
 		nmap.WithPorts(s.ports...),
-		nmap.WithTimingTemplate(nmap.Timing(s.speed)),
+		nmap.WithTimingTemplate(nmap.Timing(s.scanSpeed)),
 	)
 	if err != nil {
 		return nil, s.term.FailStepf("unable to create network scanner: %v", err)
@@ -35,11 +35,15 @@ func (s *Scanner) Scan() ([]Stream, error) {
 }
 
 func (s *Scanner) scan(nmapScanner nmap.ScanRunner) ([]Stream, error) {
-	results, err := nmapScanner.Run()
+	results, warnings, err := nmapScanner.Run()
 	if err != nil {
 		return nil, s.term.FailStepf("error while scanning network: %v", err)
 	}
 
+	for _, warning := range warnings {
+		s.term.Infoln("[Nmap Warning]", warning)
+	}
+
 	// Get streams from nmap results.
 	var streams []Stream
 	for _, host := range results.Hosts {

scan_test.go

@@ -6,24 +6,24 @@ import (
 	"os"
 	"testing"
 
-	"github.com/ullaakut/disgo"
+	"github.com/Ullaakut/disgo"
 
+	"github.com/Ullaakut/nmap"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
-	"github.com/ullaakut/nmap"
 )
 
 type nmapMock struct {
 	mock.Mock
 }
 
-func (m *nmapMock) Run() (*nmap.Run, error) {
+func (m *nmapMock) Run() (*nmap.Run, []string, error) {
 	args := m.Called()
 
-	if args.Get(0) != nil {
-		return args.Get(0).(*nmap.Run), args.Error(1)
+	if args.Get(0) != nil && args.Get(1) != nil {
+		return args.Get(0).(*nmap.Run), args.Get(1).([]string), args.Error(2)
 	}
-	return nil, args.Error(1)
+	return nil, nil, args.Error(2)
 }
 
 var (
@@ -77,7 +77,7 @@ func TestScan(t *testing.T) {
 			removePath: true,
 			ports:      []string{"80"},
 
-			expectedErr: errors.New("unable to create network scanner: 'nmap' binary was not found"),
+			expectedErr: errors.New("unable to create network scanner: nmap binary was not found"),
 		},
 	}
 
@@ -88,10 +88,10 @@ func TestScan(t *testing.T) {
 			}
 
 			scanner := &Scanner{
-				term:    disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),
-				targets: test.targets,
-				ports:   test.ports,
-				speed:   test.speed,
+				term:      disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),
+				targets:   test.targets,
+				ports:     test.ports,
+				scanSpeed: test.speed,
 			}
 
 			result, err := scanner.Scan()
@@ -107,8 +107,9 @@ func TestInternalScan(t *testing.T) {
 	tests := []struct {
 		description string
 
-		nmapResult *nmap.Run
-		nmapError  error
+		nmapResult   *nmap.Run
+		nmapWarnings []string
+		nmapError    error
 
 		expectedStreams []Stream
 		expectedErr     error
@@ -294,8 +295,9 @@ func TestInternalScan(t *testing.T) {
 		{
 			description: "scan failed",
 
-			nmapError:   errors.New("scan failed"),
-			expectedErr: errors.New("error while scanning network: scan failed"),
+			nmapError:    errors.New("scan failed"),
+			nmapWarnings: []string{"invalid host"},
+			expectedErr:  errors.New("error while scanning network: scan failed"),
 		},
 	}
 
@@ -303,7 +305,7 @@ func TestInternalScan(t *testing.T) {
 		t.Run(test.description, func(t *testing.T) {
 			nmapMock := &nmapMock{}
 
-			nmapMock.On("Run").Return(test.nmapResult, test.nmapError)
+			nmapMock.On("Run").Return(test.nmapResult, test.nmapWarnings, test.nmapError)
 
 			scanner := &Scanner{
 				term: disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),

scanner.go

@@ -3,11 +3,16 @@ package cameradar
 import (
 	"fmt"
 	"os"
-	"strings"
 	"time"
 
-	"github.com/ullaakut/disgo"
-	curl "github.com/ullaakut/go-curl"
+	"github.com/Ullaakut/disgo"
+	"github.com/Ullaakut/disgo/style"
+	curl "github.com/Ullaakut/go-curl"
+)
+
+const (
+	defaultCredentialDictionaryPath = "${GOPATH}/src/github.com/Ullaakut/cameradar/dictionaries/credentials.json"
+	defaultRouteDictionaryPath      = "${GOPATH}/src/github.com/Ullaakut/cameradar/dictionaries/routes"
 )
 
 // Scanner represents a cameradar scanner. It scans a network and
@@ -20,7 +25,8 @@ type Scanner struct {
 	ports                    []string
 	debug                    bool
 	verbose                  bool
-	speed                    int
+	scanSpeed                int
+	attackInterval           time.Duration
 	timeout                  time.Duration
 	credentialDictionaryPath string
 	routeDictionaryPath      string
@@ -43,8 +49,8 @@ func New(options ...func(*Scanner)) (*Scanner, error) {
 
 	scanner := &Scanner{
 		curl:                     &Curl{CURL: handle},
-		credentialDictionaryPath: "<GOPATH>/src/github.com/ullaakut/cameradar/dictionaries/credentials.json",
-		routeDictionaryPath:      "<GOPATH>/src/github.com/ullaakut/cameradar/dictionaries/routes",
+		credentialDictionaryPath: defaultCredentialDictionaryPath,
+		routeDictionaryPath:      defaultRouteDictionaryPath,
 	}
 
 	for _, option := range options {
@@ -52,8 +58,12 @@ func New(options ...func(*Scanner)) (*Scanner, error) {
 	}
 
 	gopath := os.Getenv("GOPATH")
-	scanner.credentialDictionaryPath = strings.Replace(scanner.credentialDictionaryPath, "<GOPATH>", gopath, 1)
-	scanner.routeDictionaryPath = strings.Replace(scanner.routeDictionaryPath, "<GOPATH>", gopath, 1)
+	if gopath == "" && scanner.credentialDictionaryPath == defaultCredentialDictionaryPath && scanner.routeDictionaryPath == defaultRouteDictionaryPath {
+		disgo.Errorln(style.Failure("No $GOPATH was found.\nDictionaries may not be loaded properly, please set your $GOPATH to use the default dictionaries."))
+	}
+
+	scanner.credentialDictionaryPath = os.ExpandEnv(scanner.credentialDictionaryPath)
+	scanner.routeDictionaryPath = os.ExpandEnv(scanner.routeDictionaryPath)
 
 	scanner.term = disgo.NewTerminal(
 		disgo.WithDebug(scanner.debug),
@@ -125,11 +135,20 @@ func WithCustomRoutes(dictionaryPath string) func(s *Scanner) {
 	}
 }
 
-// WithSpeed specifies the speed at which the scan should be executed. Faster
+// WithScanSpeed specifies the speed at which the scan should be executed. Faster
 // means easier to detect, slower has bigger timeout values and is more silent.
-func WithSpeed(speed int) func(s *Scanner) {
+func WithScanSpeed(speed int) func(s *Scanner) {
 	return func(s *Scanner) {
-		s.speed = speed
+		s.scanSpeed = speed
+	}
+}
+
+// WithAttackInterval specifies the interval of time during which Cameradar
+// should wait between each attack attempt during bruteforcing.
+// Setting a high value for this obviously makes attacks much slower.
+func WithAttackInterval(interval time.Duration) func(s *Scanner) {
+	return func(s *Scanner) {
+		s.attackInterval = interval
 	}
 }
 

scanner_test.go

@@ -3,11 +3,12 @@ package cameradar
 import (
 	"fmt"
 	"io/ioutil"
+	"os"
 	"testing"
 	"time"
 
+	curl "github.com/Ullaakut/go-curl"
 	"github.com/stretchr/testify/assert"
-	curl "github.com/ullaakut/go-curl"
 )
 
 func TestNew(t *testing.T) {
@@ -21,6 +22,7 @@ func TestNew(t *testing.T) {
 		customCredentials string
 		customRoutes      string
 		speed             int
+		attackInterval    time.Duration
 		timeout           time.Duration
 
 		loadTargetsFail bool
@@ -75,23 +77,36 @@ func TestNew(t *testing.T) {
 
 			curlEasyFail: true,
 
+			expectedErr: true,
+		},
+		{
+			description: "gopath not set and default dicts",
+
+			customCredentials: defaultCredentialDictionaryPath,
+			customRoutes:      defaultRouteDictionaryPath,
+
 			expectedErr: true,
 		},
 	}
 
+	// Temporarily empty the gopath for testing purposes.
+	defer os.Setenv("GOPATH", os.Getenv("GOPATH"))
+
 	for i, test := range tests {
 		t.Run(test.description, func(t *testing.T) {
+			os.Setenv("GOPATH", "")
+
 			if test.loadTargetsFail {
 				test.targets = []string{generateTmpFileName(i, "targets")}
 				ioutil.WriteFile(test.targets[0], []byte(`0.0.0.0`), 0000)
 			}
 
-			if !test.loadCredsFail {
+			if !test.loadCredsFail && test.customCredentials == "" {
 				test.customCredentials = generateTmpFileName(i, "creds")
 				ioutil.WriteFile(test.customCredentials, []byte(`{"usernames":["admin"],"passwords":["admin"]}`), 0644)
 			}
 
-			if !test.loadRoutesFail {
+			if !test.loadRoutesFail && test.customRoutes == "" {
 				test.customRoutes = generateTmpFileName(i, "routes")
 				ioutil.WriteFile(test.customRoutes, []byte(`live.sdp`), 0644)
 			}
@@ -104,7 +119,8 @@ func TestNew(t *testing.T) {
 				WithPorts(test.ports),
 				WithDebug(test.debug),
 				WithVerbose(test.verbose),
-				WithSpeed(test.speed),
+				WithScanSpeed(test.speed),
+				WithAttackInterval(test.attackInterval),
 				WithTimeout(test.timeout),
 				WithCustomCredentials(test.customCredentials),
 				WithCustomRoutes(test.customRoutes),
@@ -121,7 +137,8 @@ func TestNew(t *testing.T) {
 				assert.Equal(t, test.ports, scanner.ports)
 				assert.Equal(t, test.debug, scanner.debug)
 				assert.Equal(t, test.verbose, scanner.verbose)
-				assert.Equal(t, test.speed, scanner.speed)
+				assert.Equal(t, test.speed, scanner.scanSpeed)
+				assert.Equal(t, test.attackInterval, scanner.attackInterval)
 				assert.Equal(t, test.timeout, scanner.timeout)
 			}
 		})

summary.go

@@ -1,8 +1,8 @@
 package cameradar
 
 import (
-	"github.com/ullaakut/disgo/style"
-	curl "github.com/ullaakut/go-curl"
+	"github.com/Ullaakut/disgo/style"
+	curl "github.com/Ullaakut/go-curl"
 )
 
 // PrintStreams prints information on each stream.

summary_test.go

@@ -4,8 +4,8 @@ import (
 	"bytes"
 	"testing"
 
+	"github.com/Ullaakut/disgo"
 	"github.com/stretchr/testify/assert"
-	"github.com/ullaakut/disgo"
 )
 
 var (

tools/dictionary_updater/main.go

@@ -10,10 +10,10 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/ullaakut/disgo/style"
+	"github.com/Ullaakut/disgo/style"
 
 	"github.com/PuerkitoBio/goquery"
-	"github.com/ullaakut/disgo"
+	"github.com/Ullaakut/disgo"
 	"github.com/vbauerster/mpb"
 	"github.com/vbauerster/mpb/decor"
 )