Remove spam from curl verbose mode (#257)

Dockerfile

@@ -19,10 +19,14 @@ RUN go build -o cameradar
 # Final stage
 FROM alpine
 
+# Necessary to install curl v7.64.0-r3.
+# Fix for https://github.com/Ullaakut/cameradar/issues/247
+RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.9/main' >> /etc/apk/repositories
+
 RUN apk --update add --no-cache nmap \
     nmap-nselibs \
     nmap-scripts \
-    curl-dev
+    curl-dev==7.64.0-r3
 
 WORKDIR /app/cameradar
 COPY --from=build-env /go/src/github.com/Ullaakut/cameradar/dictionaries/ /app/dictionaries/

README.md

@@ -79,7 +79,7 @@ Only use this solution if for some reason using docker is not an option for you
 ### Dependencies
 
 * `go` (> `1.10`)
-* `libcurl` development library
+* `libcurl` development library (**[version has to be <7.66.0](https://github.com/Ullaakut/cameradar/issues/247)**)
     * For apt users: `apt install libcurl4-openssl-dev`
 
 ### Steps to install

attack.go

@@ -195,13 +195,12 @@ func (s *Scanner) detectAuthMethod(stream Stream) int {
 	_ = c.Setopt(curl.OPT_URL, attackURL)
 	// Set the RTSP STREAM URI as the stream URL.
 	_ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL)
-	// 2 is CURL_RTSPREQ_DESCRIBE.
+	_ = c.Setopt(curl.OPT_RTSP_REQUEST, rtspDescribe)
-	_ = c.Setopt(curl.OPT_RTSP_REQUEST, 2)
 
 	// Perform the request.
 	err := c.Perform()
 	if err != nil {
-		s.term.Errorf("Perform failed: %v", err)
+		s.term.Errorf("Perform failed for %q (auth %d): %v", attackURL, stream.AuthenticationType, err)
 		return -1
 	}
 
@@ -240,13 +239,12 @@ func (s *Scanner) routeAttack(stream Stream, route string) bool {
 	_ = c.Setopt(curl.OPT_URL, attackURL)
 	// Set the RTSP STREAM URI as the stream URL.
 	_ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL)
-	// 2 is CURL_RTSPREQ_DESCRIBE.
 	_ = c.Setopt(curl.OPT_RTSP_REQUEST, rtspDescribe)
 
 	// Perform the request.
 	err := c.Perform()
 	if err != nil {
-		s.term.Errorf("Perform failed: %v", err)
+		s.term.Errorf("Perform failed for %q (auth %d): %v", attackURL, stream.AuthenticationType, err)
 		return false
 	}
 
@@ -290,13 +288,12 @@ func (s *Scanner) credAttack(stream Stream, username string, password string) bo
 	_ = c.Setopt(curl.OPT_URL, attackURL)
 	// Set the RTSP STREAM URI as the stream URL.
 	_ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL)
-	// 2 is CURL_RTSPREQ_DESCRIBE.
+	_ = c.Setopt(curl.OPT_RTSP_REQUEST, rtspDescribe)
-	_ = c.Setopt(curl.OPT_RTSP_REQUEST, 2)
 
 	// Perform the request.
 	err := c.Perform()
 	if err != nil {
-		s.term.Errorf("Perform failed: %v", err)
+		s.term.Errorf("Perform failed for %q (auth %d): %v", attackURL, stream.AuthenticationType, err)
 		return false
 	}
 
@@ -341,7 +338,6 @@ func (s *Scanner) validateStream(stream Stream) bool {
 	_ = c.Setopt(curl.OPT_URL, attackURL)
 	// Set the RTSP STREAM URI as the stream URL.
 	_ = c.Setopt(curl.OPT_RTSP_STREAM_URI, attackURL)
-	// 2 is CURL_RTSPREQ_SETUP.
 	_ = c.Setopt(curl.OPT_RTSP_REQUEST, rtspSetup)
 
 	_ = c.Setopt(curl.OPT_RTSP_TRANSPORT, "RTP/AVP;unicast;client_port=33332-33333")
@@ -349,7 +345,7 @@ func (s *Scanner) validateStream(stream Stream) bool {
 	// Perform the request.
 	err := c.Perform()
 	if err != nil {
-		s.term.Errorf("Perform failed: %v", err)
+		s.term.Errorf("Perform failed for %q (auth %d): %v", attackURL, stream.AuthenticationType, err)
 		return false
 	}
 

dictionaries/credentials.json

@@ -25,6 +25,7 @@
     "12345678",
     "4321",
     "666666",
+    "6fJjMKYx",
     "888888",
     "9999",
     "admin",
@@ -32,21 +33,26 @@
     "aiphone",
     "camera",
     "fliradmin",
+    "GRwvcj8j",
     "hikvision",
     "hikadmin",
     "ikwd",
     "jvc",
+    "kj3TqCWv",
     "meinsm",
     "pass",
     "password",
+    "password123",
     "reolink",
     "root",
     "service",
     "supervisor",
     "system",
+    "tlJwpbo6",
     "toor",
     "tp-link",
     "ubnt",
-    "wbox123"
+    "wbox123",
+    "Y5eIMz3C"
   ]
 }

dictionaries/routes

@@ -79,6 +79,7 @@ h264/media.amp
 h264Preview_01_main
 h264Preview_01_sub
 h264_vga.sdp
+h264_stream
 image.mpg
 img/media.sav
 img/media.sav?channel=1
@@ -140,6 +141,7 @@ rtsp_live2
 rtsp_tunnel
 rtsph264
 rtsph2641080p
+snap.jpg
 stream
 stream/0
 stream/1
@@ -151,6 +153,7 @@ streaming/channels/1
 streaming/channels/101
 tcp/av0_0
 test
+tmpfs/auto.jpg
 trackID=1
 ucast/11
 udp/av0_0
@@ -178,5 +181,6 @@ video1.sdp
 video1+audio1
 videoMain
 videoinput_1/h264_1/media.stm
+videostream.asf
 vis
 wfov

scan_test.go

@@ -17,13 +17,13 @@ type nmapMock struct {
 	mock.Mock
 }
 
-func (m *nmapMock) Run() (*nmap.Run, error) {
+func (m *nmapMock) Run() (*nmap.Run, []string, error) {
 	args := m.Called()
 
-	if args.Get(0) != nil {
+	if args.Get(0) != nil && args.Get(1) != nil {
-		return args.Get(0).(*nmap.Run), args.Error(1)
+		return args.Get(0).(*nmap.Run), args.Get(1).([]string), args.Error(2)
 	}
-	return nil, args.Error(1)
+	return nil, nil, args.Error(2)
 }
 
 var (
@@ -77,7 +77,7 @@ func TestScan(t *testing.T) {
 			removePath: true,
 			ports:      []string{"80"},
 
-			expectedErr: errors.New("unable to create network scanner: 'nmap' binary was not found"),
+			expectedErr: errors.New("unable to create network scanner: nmap binary was not found"),
 		},
 	}
 
@@ -107,8 +107,9 @@ func TestInternalScan(t *testing.T) {
 	tests := []struct {
 		description string
 
-		nmapResult *nmap.Run
+		nmapResult   *nmap.Run
-		nmapError  error
+		nmapWarnings []string
+		nmapError    error
 
 		expectedStreams []Stream
 		expectedErr     error
@@ -294,8 +295,9 @@ func TestInternalScan(t *testing.T) {
 		{
 			description: "scan failed",
 
-			nmapError:   errors.New("scan failed"),
+			nmapError:    errors.New("scan failed"),
-			expectedErr: errors.New("error while scanning network: scan failed"),
+			nmapWarnings: []string{"invalid host"},
+			expectedErr:  errors.New("error while scanning network: scan failed"),
 		},
 	}
 
@@ -303,7 +305,7 @@ func TestInternalScan(t *testing.T) {
 		t.Run(test.description, func(t *testing.T) {
 			nmapMock := &nmapMock{}
 
-			nmapMock.On("Run").Return(test.nmapResult, test.nmapError)
+			nmapMock.On("Run").Return(test.nmapResult, test.nmapWarnings, test.nmapError)
 
 			scanner := &Scanner{
 				term: disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),