Skip to main content

Tool for RTSP that brute-forces routes and credentials, makes screenshots!

Project description

RTSPBrute

pipeline status coverage report

Inspired by Cameradar

Features

  • Find accessible RTSP streams on any target
  • Brute-force stream routes
  • Brute-force credentials
  • Make screenshots on accessible streams
  • Generate user-friendly report of the results:
    • .txt file with each found stream on new line
    • .html file with screenshot of each found stream

Report files

  • result.txt: Each target is on a new line. Import to VLC: change extension to .m3u and open in VLC
  • index.html: Click on the screenshot to copy its link

Installation

Requirements

  • python (> 3.6)
  • av
  • Pillow
  • rich

Install with pip or your favorite PyPi package manager.

pip install rtspbrute

CLI

USAGE
    $ rtspbrute -t TARGETS [-p PORTS [PORTS ...]] [-r ROUTES] [-c CREDENTIALS]
                [-ct N] [-bt N] [-st N] [-T TIMEOUT] [-d] [-h]

ARGUMENTS
    -h, --help                     show this help message and exit
    -t, --targets TARGETS          the targets on which to scan for open RTSP streams
    -p, --ports PORTS [PORTS ...]  the ports on which to search for RTSP streams
    -r, --routes ROUTES            the path on which to load a custom routes
    -c, --credentials CREDENTIALS  the path on which to load a custom credentials
    -ct, --check-threads N         the number of threads to brute-force the routes
    -bt, --brute-threads N         the number of threads to brute-force the credentials
    -st, --screenshot-threads N    the number of threads to screenshot the streams
    -T, --timeout TIMEOUT          the timeout to use for sockets
    -d, --debug                    enable the debug logs

EXAMPLES
    $ rtspbrute -h
    $ rtspbrute -t hosts.txt -p 554 5554 8554 -d
    $ rtspbrute -t ips.txt -r routes.txt -c combinations.txt
    $ rtspbrute -t targets.txt -st 10 -T 10

"argument" (default_value):

  • "-t, --targets" (No default value): Set the path to the input file. The file can contain IPs, IP ranges and CIDRs. Each one of them should be on a separate line, e.g.:
0.0.0.0
192.168.100.1-192.168.254.1
192.17.0.0/16
  • "-p, --ports" (554): Set custom ports, e.g.: -p 554 5554 8554
  • "-r, --routes" (routes.txt): Set custom path to the file with routes. Each route should start with / and be on a separate line, e.g.:
/1
/11
/h264
  • "-c, --credentials" (credentials.txt): Set custom path to the file with credentials. Each combination should contain : and be on a separate line, e.g.:
admin:admin
user:user
  • "-ct, --check-threads" (500): Set custom number of threads to brute-force the routes
  • "-bt, --brute-threads" (200): Set custom number of threads to brute-force the credentials
  • "-st, --screenshot-threads" (20): Set custom number of threads to screenshot the streams. Smaller number leads to more successful screenshots: when there's too much threads PyAV will throw errors and wouldn't connect to target.
  • "-T, --timeout" (2): Set custom timeout value for socket connections
  • "-d, --debug" (False): Enable debug logging to debug.log file

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

rtspbrute-1.0.1.tar.gz (19.5 kB view hashes)

Uploaded Source

Built Distribution

rtspbrute-1.0.1-py3-none-any.whl (36.5 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page