Test debug mode in attack & remove unnecessary aliases & newlines

* Update README to reflect changes
* Various README improvements

README.md

@@ -84,13 +84,10 @@ Only use this solution if for some reason using docker is not an option for you
 
 ### Steps to install
 
-Make sure you installed the [dependencies](#dependencies), **and that you have Go modules enabled (`GO111MODULE=on`)**.
-
-1. `export GO111MODULE=on` (unless it's already on)
-2. `go get github.com/Ullaakut/cameradar`
-3. `cd $GOPATH/src/github.com/Ullaakut/cameradar`
-4. `cd cmd/cameradar`
-5. `go install`
+1. `go get github.com/Ullaakut/cameradar/v5`
+2. `cd $GOPATH/src/github.com/Ullaakut/cameradar`
+3. `cd cmd/cameradar`
+4. `go install`
 
 The `cameradar` binary is now in your `$GOPATH/bin` ready to be used. See command line options [here](#command-line-options).
 
@@ -134,7 +131,7 @@ If you have [VLC Media Player](http://www.videolan.org/vlc/), you should be able
 
 The file can contain IPs, hostnames, IP ranges and subnetwork, separated by newlines. Example:
 
-```go
+```text
 0.0.0.0
 localhost
 192.17.0.0/16
@@ -186,7 +183,7 @@ Default value: `4`
 
 ### `CAMERADAR_ATTACK_INTERVAL`
 
-This optional variable allows you to set custom interval to wait between each attack in order to stay stealthy. It's recommended to increase it when attempting to scan a network that might be protected against bruteforce attacks. By default, there is no interval, in order to make attacks as fast as possible
+This optional variable allows you to set `custom interval` to wait between each attack in order to stay stealthy. It's recommended to increase it when attempting to scan a network that might be protected against bruteforce attacks. By default, there is no interval, in order to make attacks as fast as possible
 
 Default value: `0ms`
 
@@ -216,18 +213,13 @@ Your image will be called `cameradar` and NOT `ullaakut/cameradar`.
 
 #### Go build
 
-Make sure you installed the [dependencies](#dependencies), **and that you have Go modules enabled (`GO111MODULE=on`)**.
-
-1. `export GO111MODULE=on` (unless it's already on)
-2. `go get github.com/Ullaakut/cameradar`
-3. `cd $GOPATH/src/github.com/Ullaakut/cameradar`
-4. `cd cmd/cameradar`
-5. `go install`
+1. `go get github.com/Ullaakut/cameradar/v5`
+2. `cd $GOPATH/src/github.com/Ullaakut/cameradar`
+3. `cd cmd/cameradar`
+4. `go install`
 
 The cameradar binary is now in `$GOPATH/bin/cameradar`.
 
-See [the contribution document](/CONTRIBUTING.md) to get started.
-
 ## Frequently Asked Questions
 
 > Cameradar does not detect any camera!
@@ -236,27 +228,27 @@ That means that either your cameras are not streaming in RTSP or that they are n
 
 > Cameradar detects my cameras, but does not manage to access them at all!
 
-Maybe your cameras have been configured and the credentials / URL have been changed. Cameradar only guesses using default constructor values if a custom dictionary is not provided. You can use your own dictionaries in which you just have to add your credentials and RTSP routes. To do that, see how the [configuration](#configuration) works. Also, maybe your camera's credentials are not yet known, in which case if you find them it would be very nice to add them to the Cameradar dictionaries to help other people in the future.
+Maybe your cameras have been configured, and the credentials / URL have been changed. Cameradar only guesses using default constructor values if a custom dictionary is not provided. You can use your own dictionaries in which you just have to add your credentials and RTSP routes. To do that, see how the [configuration](#configuration) works. Also, maybe your camera's credentials are not yet known, in which case if you find them it would be very nice to add them to the Cameradar dictionaries to help other people in the future.
 
 > What happened to the C++ version?
 
-You can still find it under the 1.1.4 tag on this repo, however it was slower and less stable than the current version written in Golang. It is not recommended to use it.
+You can still find it under the 1.1.4 tag on this repo, however it was slower and less stable than the current version written in Golang. It is not recommended using it.
 
 > How to use the Cameradar library for my own project?
 
-See the example in `/cmd/cameradar`. You just need to run `go get github.com/Ullaakut/cameradar` and to use the `cameradar` package in your code. You can find the documentation on [godoc](https://godoc.org/github.com/ullaakut/cameradar).
+See the example in `/cmd/cameradar`. You just need to run `go get github.com/Ullaakut/cameradar/v5` and to use the `cameradar` package in your code. You can find the documentation on [godoc](https://godoc.org/github.com/ullaakut/cameradar).
 
-> I want to scan my own localhost for some reason and it does not work! What's going on?
+> I want to scan my own localhost for some reason, and it does not work! What's going on?
 
-Use the `--net=host` flag when launching the cameradar image, or use the binary by running `go run cameradar/cameradar.go` or [installing it](#installing-the-binary).
+Use the `--net=host` flag when launching the cameradar image, or use the binary by running `go run cameradar/cameradar.go` or [installing it](#go-build).
 
 > I don't see a colored output:(
 
 You forgot the `-t` flag before `ullaakut/cameradar` in your command-line. This tells docker to allocate a pseudo-tty for cameradar, which makes it able to use colors.
 
-> I don't have a camera but I'd like to try Cameradar!
+> I don't have a camera, but I'd like to try Cameradar!
 
-Simply run `docker run -p 8554:8554 -e RTSP_USERNAME=admin -e RTSP_PASSWORD=12345 -e RTSP_PORT=8554 ullaakut/rtspatt` and then run cameradar and it should guess that the username is admin and the password is 12345. You can try this with any default constructor credentials (they can be found [here](dictionaries/credentials.json)).
+Simply run `docker run -p 8554:8554 -e RTSP_USERNAME=admin -e RTSP_PASSWORD=12345 -e RTSP_PORT=8554 ullaakut/rtspatt` and then run cameradar, and it should guess that the username is admin and that the password is 12345. You can try this with any default constructor credentials (they can be found [here](dictionaries/credentials.json)).
 
 > What authentication types does Cameradar support?
 

attack.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"time"
 
-	curl "github.com/Ullaakut/go-curl"
+	"github.com/Ullaakut/go-curl"
 )
 
 // HTTP responses.
@@ -21,10 +21,20 @@ const (
 	rtspSetup    = 4
 )
 
+// Authentication types.
+const (
+	authNone   = 0
+	authBasic  = 1
+	authDigest = 2
+)
+
+// Route that should never be a constructor default.
+const dummyRoute = "/0x8b6c42"
+
 // Attack attacks the given targets and returns the accessed streams.
 func (s *Scanner) Attack(targets []Stream) ([]Stream, error) {
 	if len(targets) == 0 {
-		return nil, fmt.Errorf("unable to attack empty list of targets")
+		return nil, fmt.Errorf("no stream found")
 	}
 
 	// Most cameras will be accessed successfully with these two attacks.
@@ -76,20 +86,13 @@ func (s *Scanner) AttackCredentials(targets []Stream) []Stream {
 	defer close(resChan)
 
 	for i := range targets {
-		// TODO: Perf Improvement: Skip cameras with no auth type detected, and set their
-		// CredentialsFound value to true.
 		go s.attackCameraCredentials(targets[i], resChan)
 	}
 
-	attackResults := []Stream{}
-	// TODO: Change this into a for+select and make a successful result close the chan.
 	for range targets {
-		attackResults = append(attackResults, <-resChan)
-	}
-
-	for i := range attackResults {
-		if attackResults[i].CredentialsFound {
-			targets = replace(targets, attackResults[i])
+		attackResult := <-resChan
+		if attackResult.CredentialsFound {
+			targets = replace(targets, attackResult)
 		}
 	}
 
@@ -106,15 +109,10 @@ func (s *Scanner) AttackRoute(targets []Stream) []Stream {
 		go s.attackCameraRoute(targets[i], resChan)
 	}
 
-	attackResults := []Stream{}
-	// TODO: Change this into a for+select and make a successful result close the chan.
 	for range targets {
-		attackResults = append(attackResults, <-resChan)
-	}
-
-	for i := range attackResults {
-		if attackResults[i].RouteFound {
-			targets = replace(targets, attackResults[i])
+		attackResult := <-resChan
+		if attackResult.RouteFound {
+			targets = replace(targets, attackResult)
 		}
 	}
 
@@ -130,11 +128,11 @@ func (s *Scanner) DetectAuthMethods(targets []Stream) []Stream {
 
 		var authMethod string
 		switch targets[i].AuthenticationType {
-		case 0:
+		case authNone:
 			authMethod = "no"
-		case 1:
+		case authBasic:
 			authMethod = "basic"
-		case 2:
+		case authDigest:
 			authMethod = "digest"
 		}
 
@@ -164,18 +162,27 @@ func (s *Scanner) attackCameraCredentials(target Stream, resChan chan<- Stream)
 }
 
 func (s *Scanner) attackCameraRoute(target Stream, resChan chan<- Stream) {
+	// If the stream responds positively to the dummy route, it means
+	// it doesn't require (or respect the RFC) a route and the attack
+	// can be skipped.
+	ok := s.routeAttack(target, dummyRoute)
+	if ok {
+		target.RouteFound = true
+		target.Routes = append(target.Routes, "/")
+		resChan <- target
+		return
+	}
+
+	// Otherwise, bruteforce the routes.
 	for _, route := range s.routes {
 		ok := s.routeAttack(target, route)
 		if ok {
 			target.RouteFound = true
-			target.Route = route
-			resChan <- target
-			return
+			target.Routes = append(target.Routes, route)
 		}
 		time.Sleep(s.attackInterval)
 	}
 
-	target.RouteFound = false
 	resChan <- target
 }
 
@@ -186,7 +193,7 @@ func (s *Scanner) detectAuthMethod(stream Stream) int {
 		"rtsp://%s:%d/%s",
 		stream.Address,
 		stream.Port,
-		stream.Route,
+		stream.Route(),
 	)
 
 	s.setCurlOptions(c)
@@ -210,7 +217,7 @@ func (s *Scanner) detectAuthMethod(stream Stream) int {
 		return -1
 	}
 
-	if s.verbose {
+	if s.debug {
 		s.term.Debugln("DESCRIBE", attackURL, "RTSP/1.0 >", authType)
 	}
 
@@ -255,7 +262,7 @@ func (s *Scanner) routeAttack(stream Stream, route string) bool {
 		return false
 	}
 
-	if s.verbose {
+	if s.debug {
 		s.term.Debugln("DESCRIBE", attackURL, "RTSP/1.0 >", rc)
 	}
 	// If it's a 401 or 403, it means that the credentials are wrong but the route might be okay.
@@ -275,7 +282,7 @@ func (s *Scanner) credAttack(stream Stream, username string, password string) bo
 		password,
 		stream.Address,
 		stream.Port,
-		stream.Route,
+		stream.Route(),
 	)
 
 	s.setCurlOptions(c)
@@ -304,7 +311,7 @@ func (s *Scanner) credAttack(stream Stream, username string, password string) bo
 		return false
 	}
 
-	if s.verbose {
+	if s.debug {
 		s.term.Debugln("DESCRIBE", attackURL, "RTSP/1.0 >", rc)
 	}
 
@@ -325,7 +332,7 @@ func (s *Scanner) validateStream(stream Stream) bool {
 		stream.Password,
 		stream.Address,
 		stream.Port,
-		stream.Route,
+		stream.Route(),
 	)
 
 	s.setCurlOptions(c)
@@ -356,9 +363,10 @@ func (s *Scanner) validateStream(stream Stream) bool {
 		return false
 	}
 
-	if s.verbose {
+	if s.debug {
 		s.term.Debugln("SETUP", attackURL, "RTSP/1.0 >", rc)
 	}
+
 	// If it's a 200, the stream is accessed successfully.
 	if rc == httpOK {
 		return true
@@ -375,6 +383,13 @@ func (s *Scanner) setCurlOptions(c Curler) {
 	_ = c.Setopt(curl.OPT_NOBODY, 1)
 	// Set custom timeout.
 	_ = c.Setopt(curl.OPT_TIMEOUT_MS, int(s.timeout/time.Millisecond))
+
+	// Enable verbose logs if verbose mode is on.
+	if s.verbose {
+		_ = c.Setopt(curl.OPT_VERBOSE, 1)
+	} else {
+		_ = c.Setopt(curl.OPT_VERBOSE, 0)
+	}
 }
 
 // HACK: See https://stackoverflow.com/questions/3572397/lib-curl-in-c-disable-printing

attack_test.go

@@ -7,7 +7,7 @@ import (
 	"time"
 
 	"github.com/Ullaakut/disgo"
-	curl "github.com/Ullaakut/go-curl"
+	"github.com/Ullaakut/go-curl"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 )
@@ -89,7 +89,7 @@ func TestAttack(t *testing.T) {
 			targets: nil,
 
 			expectedStreams: nil,
-			expectedErr:     errors.New("unable to attack empty list of targets"),
+			expectedErr:     errors.New("no stream found"),
 		},
 	}
 
@@ -109,7 +109,8 @@ func TestAttack(t *testing.T) {
 				term:        disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),
 				curl:        curlerMock,
 				timeout:     time.Millisecond,
-				verbose:     false,
+				verbose:     true,
+				debug:       true,
 				credentials: fakeCredentials,
 				routes:      fakeRoutes,
 			}
@@ -251,6 +252,7 @@ func TestAttackCredentials(t *testing.T) {
 				curl:        curlerMock,
 				timeout:     test.timeout,
 				verbose:     test.verbose,
+				debug:       test.verbose,
 				credentials: test.credentials,
 			}
 
@@ -389,6 +391,102 @@ func TestAttackRoute(t *testing.T) {
 				}
 			}
 
+			scanner := &Scanner{
+				term:    disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),
+				curl:    curlerMock,
+				timeout: test.timeout,
+				verbose: test.verbose,
+				debug:   test.verbose,
+				routes:  test.routes,
+			}
+
+			results := scanner.AttackRoute(test.targets)
+
+			assert.Len(t, results, len(test.expectedStreams))
+
+			curlerMock.AssertExpectations(t)
+		})
+	}
+}
+
+func TestAttackRoute_NoDummyRoute(t *testing.T) {
+	var (
+		stream1 = Stream{
+			Device:    "fakeDevice",
+			Address:   "fakeAddress",
+			Port:      1337,
+			Available: true,
+		}
+
+		stream2 = Stream{
+			Device:    "fakeDevice",
+			Address:   "differentFakeAddress",
+			Port:      1337,
+			Available: true,
+		}
+
+		fakeTargets = []Stream{stream1, stream2}
+		fakeRoutes  = Routes{"live.sdp", "media.amp"}
+	)
+
+	tests := []struct {
+		description string
+
+		targets []Stream
+		routes  Routes
+		timeout time.Duration
+		verbose bool
+
+		status int
+
+		expectedStreams []Stream
+		expectedErr     error
+	}{
+		{
+			description: "Route found",
+
+			targets: fakeTargets,
+			routes:  fakeRoutes,
+			timeout: 1 * time.Millisecond,
+
+			status: 403,
+
+			expectedStreams: fakeTargets,
+		},
+		{
+			description: "Route found",
+
+			targets: fakeTargets,
+			routes:  fakeRoutes,
+			timeout: 1 * time.Millisecond,
+
+			status: 401,
+
+			expectedStreams: fakeTargets,
+		},
+		{
+			description: "Camera accessed",
+
+			targets: fakeTargets,
+			routes:  fakeRoutes,
+			timeout: 1 * time.Millisecond,
+
+			status: 200,
+
+			expectedStreams: fakeTargets,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.description, func(t *testing.T) {
+			curlerMock := &CurlerMock{}
+			curlerMock.On("Setopt", mock.Anything, mock.Anything).Return(nil)
+			curlerMock.On("Perform").Return(nil)
+
+			// 404 on first call to the dummy route.
+			curlerMock.On("Getinfo", mock.Anything).Return(404, nil).Once()
+			curlerMock.On("Getinfo", mock.Anything).Return(test.status, nil)
+
 			scanner := &Scanner{
 				term:    disgo.NewTerminal(disgo.WithDefaultOutput(ioutil.Discard)),
 				curl:    curlerMock,
@@ -534,6 +632,7 @@ func TestValidateStreams(t *testing.T) {
 				curl:    curlerMock,
 				timeout: test.timeout,
 				verbose: test.verbose,
+				debug:   test.verbose,
 			}
 
 			results := scanner.ValidateStreams(test.targets)

cmd/cameradar/cameradar.go

@@ -7,7 +7,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/Ullaakut/cameradar"
+	"github.com/Ullaakut/cameradar/v5"
 	"github.com/Ullaakut/disgo"
 	"github.com/Ullaakut/disgo/style"
 	"github.com/spf13/pflag"
@@ -25,7 +25,7 @@ func parseArguments() error {
 	pflag.IntP("scan-speed", "s", 4, "The nmap speed preset to use for scanning (lower is stealthier)")
 	pflag.DurationP("attack-interval", "I", 0, "The interval between each attack  (i.e: 2000ms, higher is stealthier)")
 	pflag.DurationP("timeout", "T", 2000*time.Millisecond, "The timeout to use for attack attempts (i.e: 2000ms)")
-	pflag.BoolP("debug", "d", true, "Enable the debug logs")
+	pflag.BoolP("debug", "d", false, "Enable the debug logs")
 	pflag.BoolP("verbose", "v", false, "Enable the verbose logs")
 	pflag.BoolP("help", "h", false, "displays this help message")
 

go.mod

@@ -1,6 +1,6 @@
-module github.com/Ullaakut/cameradar
+module github.com/Ullaakut/cameradar/v5
 
-go 1.12
+go 1.14
 
 require (
 	github.com/PuerkitoBio/goquery v1.5.0

helpers.go

@@ -18,7 +18,7 @@ func replace(streams []Stream, new Stream) []Stream {
 
 // GetCameraRTSPURL generates a stream's RTSP URL.
 func GetCameraRTSPURL(stream Stream) string {
-	return "rtsp://" + stream.Username + ":" + stream.Password + "@" + stream.Address + ":" + fmt.Sprint(stream.Port) + "/" + stream.Route
+	return "rtsp://" + stream.Username + ":" + stream.Password + "@" + stream.Address + ":" + fmt.Sprint(stream.Port) + "/" + stream.Route()
 }
 
 // GetCameraAdminPanelURL returns the URL to the camera's admin panel.

helpers_test.go

@@ -61,7 +61,7 @@ func TestGetCameraRTSPURL(t *testing.T) {
 		Address:  "1.2.3.4",
 		Username: "ullaakut",
 		Password: "ba69897483886f0d2b0afb6345b76c0c",
-		Route:    "cameradar.sdp",
+		Routes:   []string{"cameradar.sdp"},
 		Port:     1337,
 	}
 

models.go

@@ -4,12 +4,12 @@ import "time"
 
 // Stream represents a camera's RTSP stream
 type Stream struct {
-	Device   string `json:"device"`
-	Username string `json:"username"`
-	Password string `json:"password"`
-	Route    string `json:"route"`
-	Address  string `json:"address" validate:"required"`
-	Port     uint16 `json:"port" validate:"required"`
+	Device   string   `json:"device"`
+	Username string   `json:"username"`
+	Password string   `json:"password"`
+	Routes   []string `json:"route"`
+	Address  string   `json:"address" validate:"required"`
+	Port     uint16   `json:"port" validate:"required"`
 
 	CredentialsFound bool `json:"credentials_found"`
 	RouteFound       bool `json:"route_found"`
@@ -18,6 +18,14 @@ type Stream struct {
 	AuthenticationType int `json:"authentication_type"`
 }
 
+// Route returns this stream's route if there is one.
+func (s Stream) Route() string {
+	if len(s.Routes) > 0 {
+		return s.Routes[0]
+	}
+	return ""
+}
+
 // Credentials is a map of credentials
 // usernames are keys and passwords are values
 // creds['admin'] -> 'secure_password'

scan.go

@@ -25,6 +25,7 @@ func (s *Scanner) Scan() ([]Stream, error) {
 	nmapScanner, err := nmap.NewScanner(
 		nmap.WithTargets(s.targets...),
 		nmap.WithPorts(s.ports...),
+		nmap.WithServiceInfo(),
 		nmap.WithTimingTemplate(nmap.Timing(s.scanSpeed)),
 	)
 	if err != nil {

scan_test.go

@@ -103,7 +103,6 @@ func TestScan(t *testing.T) {
 }
 
 func TestInternalScan(t *testing.T) {
-
 	tests := []struct {
 		description string
 

summary.go

@@ -46,11 +46,16 @@ func (s *Scanner) PrintStreams(streams []Stream) {
 			s.term.Infof("\tPassword:\t\t%s\n", style.Failure("not found"))
 		}
 
+		s.term.Infoln("\tRTSP routes:")
 		if stream.RouteFound {
-			s.term.Infof("\tRTSP route:\t\t%s\n\n\n", style.Success("/"+stream.Route))
+			for _, route := range stream.Routes {
+				s.term.Infoln(style.Success("\t\t\t\t/" + route))
+			}
 		} else {
-			s.term.Infof("\tRTSP route:\t\t%s\n\n\n", style.Failure("not found"))
+			s.term.Infoln(style.Failure("not found"))
 		}
+
+		s.term.Info("\n\n")
 	}
 
 	if success > 1 {

summary_test.go

@@ -39,7 +39,7 @@ var (
 
 	routeFound = Stream{
 		RouteFound: true,
-		Route:      "r0ute",
+		Routes:     []string{"r0ute"},
 	}
 )