Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
Camtruder is a high-performance RTSP camera discovery and vulnerability assessment tool written in Go. It efficiently scans and identifies vulnerable RTSP cameras across networks using various authentication methods and path combinations, with support for both targeted and internet-wide scanning capabilities.
-
Advanced Scanning Capabilities
- Single IP targeting
- CIDR range scanning
- File-based target lists
- Pipe input support (zmap integration)
- Internet-wide scanning with customizable limits
- Intelligent port discovery
-
Comprehensive Authentication Testing
- Built-in common credential database
- Custom username/password list support
- File-based credential input
- Multiple authentication format handling
- Credential validation system
-
Smart Path Discovery
- Extensive default path database
- Vendor-specific path detection
- Dynamic path generation
- Automatic path validation
- Custom path testing support
-
High Performance Architecture
- Multi-threaded scanning engine
- Configurable connection timeouts
- Efficient resource management
- Smart retry mechanisms
- Parallel connection handling
-
Advanced Output & Analysis
- Real-time console feedback
- Detailed logging system
- Camera fingerprinting
- Vendor detection
- Stream capability analysis
- JSON output support
- Go 1.19 or higher
- Internet connection
- Root/Administrator privileges (for certain scanning modes)
- Sufficient system resources for large-scale scans
# Clone the repository
git clone https://github.com/ALW1EZ/camtruder.git
# Navigate to the directory
cd camtruder
# Build the binary
go build -o camtruder
# Make it executable (Linux/macOS)
chmod +x camtruder# Scan a single IP
./camtruder -t 192.168.1.100
# Scan a network range
./camtruder -t 192.168.1.0/24
# Scan multiple IPs from file
./camtruder -t targets.txt
# Pipe from zmap
zmap -p554 192.168.0.0/16 | ./camtruder# Custom credentials with increased threads
./camtruder -t 192.168.1.0/24 -u admin,root -p pass123,admin123 -w 50
# Verbose output with custom timeout
./camtruder -t 192.168.1.0/24 -v -to 10
# Save results to file
./camtruder -t 192.168.1.0/24 -o results.txt
# Internet scan with limit
./camtruder -t 100 -w 50 -v| Option | Description | Default |
|---|---|---|
-t |
Target IP, CIDR range, or file | Required |
-u |
Custom username(s) | Built-in list |
-p |
Custom password(s) | Built-in list |
-w |
Number of threads | 20 |
-to |
Connection timeout (seconds) | 3 |
-o |
Output file path | None |
-v |
Verbose output | False |
- Default credential database
- Support for multiple authentication formats
- Custom credential list support
- Intelligent credential validation
- Comprehensive vendor path database
- Dynamic path generation
- Path validation system
- Custom path testing
- Multi-threaded architecture
- Smart connection handling
- Resource management
- Efficient retry mechanisms
- Real-time progress display
- Detailed logging
- Camera fingerprinting
- Stream analysis
- Result export
ββ Found vulnerable camera [Hikvision, H264, 30fps]
β Host : 192.168.1.100:554
β Auth : admin:12345
β Path : /Streaming/Channels/1
β° URL : rtsp://admin:12345@192.168.1.100:554/Streaming/Channels/1
This tool is intended for security research and authorized testing only. Users are responsible for ensuring they have permission to scan target systems and comply with all applicable laws and regulations.
This project is licensed under the MIT License - see the LICENSE file for details.
- Thanks to all contributors and the security research community
- Special thanks to the Go RTSP library maintainers
- Inspired by various open-source security tools
- Author: @ALW1EZ
- Project Link: https://github.com/ALW1EZ/camtruder
Made by @ALW1EZ