cameradar
Cameradar is a Go-based penetration testing tool that scans networks for RTSP video surveillance cameras and attempts to breach them via dictionary attacks on credentials and stream routes. It is actively maintained, MIT-licensed, and distributed via Docker and binary installation.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | Ullaakut/cameradar |
| Owner | Ullaakut |
| Primary language | Go |
| License | MIT — OSI-approved |
| Stars | 5.1k |
| Forks | 623 |
| Open issues | 17 |
| Latest release | v6.2.0 (2026-06-16) |
| Last updated | 2026-07-08 |
| Source | https://github.com/Ullaakut/cameradar |
What cameradar is
Cameradar performs RTSP endpoint discovery (via nmap or masscan), device model detection, and credential/route enumeration using customizable dictionaries. It supports RTSPS with TLS certificate handling, optional RTP frame validation, and reporting of successful access. Written in Go with GitHub Actions CI and code coverage monitoring.
Get the cameradar source
Clone the repository and explore it locally.
git clone https://github.com/Ullaakut/cameradar.gitcd cameradar# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Ensure your target scope is well-defined (CIDR, IP ranges, or hostnames) and document authorization before running scans to avoid accidental network sweeps.
- Custom credential and route dictionaries significantly impact success rates; baseline dictionaries are included but may require extension for non-standard camera deployments.
- Frame validation (--framecheck) can reduce false positives but adds latency; enable selectively when credentials/routes appear weak but validation is critical.
- Network latency and port filtering affect discovery reliability; use nmap for higher confidence endpoint identification or masscan for speed on permissive networks.
- Docker execution requires host networking (--net=host) for direct RTSP scanning; binary installation avoids container overhead for smaller assessments.
When to avoid it — and what to weigh
- Testing without explicit written authorization — RTSP scanning and credential attacks are illegal on unauthorized targets. Use only on systems you own or have signed permission to test.
- Expecting signature-based endpoint detection — Relies on open ports and service banners; silently running cameras or those behind firewalls will not be discovered by default scan modes.
- Need for high-speed scanning of massive networks without tuning — Default nmap scanner is slower than masscan; large CIDR blocks can take substantial time. Plan scan scope and parallelism carefully.
- Requirement for active camera vulnerability exploitation — Tool focuses on credential/route enumeration; does not exploit protocol vulnerabilities or firmware flaws. Complements but does not replace deeper exploit frameworks.
License & commercial use
MIT License (MIT). Permissive OSI-approved license permitting commercial use, modification, and distribution with attribution.
MIT license permits commercial deployment, but use is restricted to authorized testing only. Organizations may commercialize security services using Cameradar, but must ensure end-user authorization and comply with applicable computer fraud and abuse laws. Verify that your jurisdiction and contracts permit penetration testing before commercial offering.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
Tool is a credential-brute-force and endpoint-enumeration utility; effectiveness depends on dictionary quality and network access. No inherent exploit or RCE capability. RTSP credentials captured in plaintext during probing; ensure output logs are secured. Scanning can generate network noise and may trigger IDS/IPS if not coordinated with network teams. Frame validation helps reduce false positives but does not guarantee legitimate access. Use in isolated or closely monitored environments to prevent unauthorized camera access.
Alternatives to consider
Shodan / Censys (OSINT approach)
Identifies RTSP endpoints via passive reconnaissance and historical data rather than active scanning; no credential testing but lower operational footprint.
Nmap RTSP scripts (nmap --script rtsp*)
Lighter-weight service discovery integrated into nmap workflow; does not include dictionary attacks or device model detection but suits network-wide audits.
Metasploit RTSP modules (auxiliary/scanner/rtsp)
Part of larger pentest framework ecosystem; fewer features than Cameradar but integrates with Metasploit workflow and post-exploitation tools.
Build on cameradar with DEV.co software developers
Use Cameradar to identify weak RTSP endpoints and credentials during authorized penetration tests. Run in Docker, customize dictionaries, and generate actionable security reports.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
cameradar FAQ
Can I use Cameradar on networks I don't own?
What if my cameras use RTSPS with self-signed certificates?
How long does a scan take?
Can I use my own credential and route dictionaries?
Software development & web development with DEV.co
DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If cameradar is part of your open-source security roadmap, our team can implement, customize, migrate, and maintain it.
Assess Your RTSP Camera Infrastructure
Use Cameradar to identify weak RTSP endpoints and credentials during authorized penetration tests. Run in Docker, customize dictionaries, and generate actionable security reports.