DEV.co
Open-Source Security · Ullaakut

cameradar

Cameradar is a Go-based penetration testing tool that scans networks for RTSP video surveillance cameras and attempts to breach them via dictionary attacks on credentials and stream routes. It is actively maintained, MIT-licensed, and distributed via Docker and binary installation.

Source: GitHub — github.com/Ullaakut/cameradar
5.1k
GitHub stars
623
Forks
Go
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryUllaakut/cameradar
OwnerUllaakut
Primary languageGo
LicenseMIT — OSI-approved
Stars5.1k
Forks623
Open issues17
Latest releasev6.2.0 (2026-06-16)
Last updated2026-07-08
Sourcehttps://github.com/Ullaakut/cameradar

What cameradar is

Cameradar performs RTSP endpoint discovery (via nmap or masscan), device model detection, and credential/route enumeration using customizable dictionaries. It supports RTSPS with TLS certificate handling, optional RTP frame validation, and reporting of successful access. Written in Go with GitHub Actions CI and code coverage monitoring.

Quickstart

Get the cameradar source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/Ullaakut/cameradar.gitcd cameradar# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Authorized security assessments of RTSP camera infrastructure

Rapidly inventory RTSP endpoints and test weak default credentials across corporate surveillance systems during scheduled penetration tests.

Vulnerability scanning in isolated lab or internal network environments

Discover misconfigured or unpatched cameras on internal networks where RTSP is deployed without proper network segmentation.

Custom security testing with tailored dictionaries

Adapt the tool to organization-specific camera models and naming conventions by providing custom credential and route dictionaries.

Implementation considerations

  • Ensure your target scope is well-defined (CIDR, IP ranges, or hostnames) and document authorization before running scans to avoid accidental network sweeps.
  • Custom credential and route dictionaries significantly impact success rates; baseline dictionaries are included but may require extension for non-standard camera deployments.
  • Frame validation (--framecheck) can reduce false positives but adds latency; enable selectively when credentials/routes appear weak but validation is critical.
  • Network latency and port filtering affect discovery reliability; use nmap for higher confidence endpoint identification or masscan for speed on permissive networks.
  • Docker execution requires host networking (--net=host) for direct RTSP scanning; binary installation avoids container overhead for smaller assessments.

When to avoid it — and what to weigh

  • Testing without explicit written authorization — RTSP scanning and credential attacks are illegal on unauthorized targets. Use only on systems you own or have signed permission to test.
  • Expecting signature-based endpoint detection — Relies on open ports and service banners; silently running cameras or those behind firewalls will not be discovered by default scan modes.
  • Need for high-speed scanning of massive networks without tuning — Default nmap scanner is slower than masscan; large CIDR blocks can take substantial time. Plan scan scope and parallelism carefully.
  • Requirement for active camera vulnerability exploitation — Tool focuses on credential/route enumeration; does not exploit protocol vulnerabilities or firmware flaws. Complements but does not replace deeper exploit frameworks.

License & commercial use

MIT License (MIT). Permissive OSI-approved license permitting commercial use, modification, and distribution with attribution.

MIT license permits commercial deployment, but use is restricted to authorized testing only. Organizations may commercialize security services using Cameradar, but must ensure end-user authorization and comply with applicable computer fraud and abuse laws. Verify that your jurisdiction and contracts permit penetration testing before commercial offering.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Tool is a credential-brute-force and endpoint-enumeration utility; effectiveness depends on dictionary quality and network access. No inherent exploit or RCE capability. RTSP credentials captured in plaintext during probing; ensure output logs are secured. Scanning can generate network noise and may trigger IDS/IPS if not coordinated with network teams. Frame validation helps reduce false positives but does not guarantee legitimate access. Use in isolated or closely monitored environments to prevent unauthorized camera access.

Alternatives to consider

Shodan / Censys (OSINT approach)

Identifies RTSP endpoints via passive reconnaissance and historical data rather than active scanning; no credential testing but lower operational footprint.

Nmap RTSP scripts (nmap --script rtsp*)

Lighter-weight service discovery integrated into nmap workflow; does not include dictionary attacks or device model detection but suits network-wide audits.

Metasploit RTSP modules (auxiliary/scanner/rtsp)

Part of larger pentest framework ecosystem; fewer features than Cameradar but integrates with Metasploit workflow and post-exploitation tools.

Software development agency

Build on cameradar with DEV.co software developers

Use Cameradar to identify weak RTSP endpoints and credentials during authorized penetration tests. Run in Docker, customize dictionaries, and generate actionable security reports.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

cameradar FAQ

Can I use Cameradar on networks I don't own?
No. RTSP scanning and credential attacks are unauthorized access attempts under computer fraud laws in most jurisdictions. Use only on networks with explicit written authorization from the owner.
What if my cameras use RTSPS with self-signed certificates?
Set the SSL_CERT_FILE environment variable to point to the CA or server certificate file. Cameradar will use it to validate the RTSPS connection. Instructions are provided in the README for both Docker and binary deployments.
How long does a scan take?
Depends on target scope, network latency, and scanner choice. Default nmap discovery is slower but more accurate; masscan is faster but lacks service validation. Enable --framecheck only if you need RTP confirmation, as it adds per-credential latency.
Can I use my own credential and route dictionaries?
Yes. Pass --custom-credentials and --custom-routes flags with paths to your dictionary files. This allows you to tailor attacks to known camera models and organizational naming conventions.

Software development & web development with DEV.co

DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If cameradar is part of your open-source security roadmap, our team can implement, customize, migrate, and maintain it.

Assess Your RTSP Camera Infrastructure

Use Cameradar to identify weak RTSP endpoints and credentials during authorized penetration tests. Run in Docker, customize dictionaries, and generate actionable security reports.