Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool

By: Unknown — April 26^th 2025 at 12:30

Camtruder is a high-performance RTSP camera discovery and vulnerability assessment tool written in Go. It efficiently scans and identifies vulnerable RTSP cameras across networks using various authentication methods and path combinations, with support for both targeted and internet-wide scanning capabilities.

🌟 Key Features

Advanced Scanning Capabilities
Single IP targeting
CIDR range scanning
File-based target lists
Pipe input support
Internet-wide scanning with customizable limits
Intelligent port discovery
Location-based search using RIPE database
Raw CIDR output for integration with other tools
Screenshot Capability
Capture screenshots of discovered cameras
Automatic saving of JPEG images
Requires ffmpeg installation
Configurable output directory
Location-Based Search
Search by city or country name
RIPE database integration
Detailed output with netnames and IP ranges
CIDR notation support
Raw output mode for scripting
Comprehensive Authentication Testing
Built-in common credential database
Custom username/password list support
File-based credential input
Multiple authentication format handling
Credential validation system
Smart Path Discovery
Extensive default path database
Vendor-specific path detection
Dynamic path generation
Automatic path validation
High Performance Architecture
Multi-threaded scanning engine
Configurable connection timeouts
Efficient resource management
Smart retry mechanisms
Parallel connection handling
Advanced Output & Analysis
Real-time console feedback
Detailed logging system
Camera fingerprinting
Vendor detection
Stream capability analysis
Multiple output formats (verbose, raw)

📋 Requirements

Go 1.19 or higher
ffmpeg (required for screenshot functionality)
Internet connection
Root/Administrator privileges (for certain scanning modes)
Sufficient system resources for large-scale scans

🔧 Installation

Using go install (recommended)

go install github.com/ALW1EZ/camtruder@v3.7.0

From source

git clone https://github.com/ALW1EZ/camtruder.git
cd camtruder
go build

🚀 Usage

Basic Commands

# Scan a single IP
./camtruder -t 192.168.1.100

# Scan a network range
./camtruder -t 192.168.1.0/24

# Search by location with detailed output
./camtruder -t london -s
> [ NET-ISP ] [ 192.168.1.0/24 ] [256]

# Get raw CIDR ranges for location
./camtruder -t london -ss
> 192.168.1.0/24

# Scan multiple IPs from file
./camtruder -t targets.txt

# Take screenshots of discovered cameras
./camtruder -t 192.168.1.0/24 -m screenshots

# Pipe from port scanners
naabu -host 192.168.1.0/24 -p 554 | camtruder
masscan 192.168.1.0/24 -p554 --rate 1000 | awk '{print $6}' | camtruder
zmap -p554 192.168.0.0/16 | camtruder

# Internet scan (scan till 100 hits)
./camtruder -t 100

Advanced Options

# Custom credentials with increased threads
./camtruder -t 192.168.1.0/24 -u admin,root -p pass123,admin123 -w 50

# Location search with raw output piped to zmap
./camtruder -t berlin -ss | while read range; do zmap -p 554 $range; done

# Save results to file (as full url, you can use mpv --playlist=results.txt to watch the streams)
./camtruder -t istanbul -o results.txt

# Internet scan with limit of 50 workers and verbose output
./camtruder -t 100 -w 50 -v

🛠️ Command Line Options

Option	Description	Default
`-t`	Target IP, CIDR range, location, or file	Required
`-u`	Custom username(s)	Built-in list
`-p`	Custom password(s)	Built-in list
`-w`	Number of threads	20
`-to`	Connection timeout (seconds)	5
`-o`	Output file path	None
`-v`	Verbose output	False
`-s`	Search only - shows ranges with netnames	False
`-ss`	Raw IP range output - only CIDR ranges	False
`-po`	RTSP port	554
`-m`	Directory to save screenshots (requires ffmpeg)	None

📊 Output Formats

Standard Search Output (-s)

[ TR-NET-ISP ] [ 193.3.52.0/24 ] [256]
[ EXAMPLE-ISP ] [ 212.175.100.136/29 ] [8]

Raw CIDR Output (-ss)

193.3.52.0/24
212.175.100.136/29

Scan Results

╭─ Found vulnerable camera [Hikvision, H264, 30fps]
├ Host      : 192.168.1.100:554
├ Geo       : United States/California/Berkeley
├ Auth      : admin:12345
├ Path      : /Streaming/Channels/1
╰ URL       : rtsp://admin:12345@192.168.1.100:554/Streaming/Channels/1

⚠️ Disclaimer

This tool is intended for security research and authorized testing only. Users are responsible for ensuring they have permission to scan target systems and comply with all applicable laws and regulations.

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

Thanks to all contributors and the security research community
Special thanks to the Go RTSP library maintainers
Inspired by various open-source security tools

📬 Contact

Author: @ALW1EZ
Project Link: https://github.com/ALW1EZ/camtruder

Made by @ALW1EZ

Download Camtruder

KitPloit - PenTest Tools!

MemTracer - Memory Scaner

By: Zion3R — November 20^th 2023 at 11:30

MemTracer is a tool that offers live memory analysis capabilities, allowing digital forensic practitioners to discover and investigate stealthy attack traces hidden in memory. The MemTracer is implemented in Python language, aiming to detect reflectively loaded native .NET framework Dynamic-Link Library (DLL). This is achieved by looking for the following abnormal memory region’s characteristics:

The state of memory pages flags in each memory region. Specifically, the MEM_COMMIT flag which is used to reserve memory pages for virtual memory use.
The type of pages in the region. The MEM_MAPPED page type indicates that the memory pages within the region are mapped into the view of a section.
The memory protection for the region. The PAGE_READWRITE protection to indicate that the memory region is readable and writable, which happens if Assembly.Load(byte[]) method is used to load a module into memory.
The memory region contains a PE header.

The tool starts by scanning the running processes, and by analyzing the allocated memory regions characteristics to detect reflective DLL loading symptoms. Suspicious memory regions which are identified as DLL modules are dumped for further analysis and investigation.
Furthermore, the tool features the following options:

Dump the compromised process.
Export a JSON file that provides information about the compromised process, such as the process name, ID, path, size, and base address.
Search for specific loaded module by name.

Example

python.exe memScanner.py [-h] [-r] [-m MODULE]
-h, --help show this help message and exit
-r, --reflectiveScan Looking for reflective DLL loading
-m MODULE, --module MODULE Looking for spcefic loaded DLL

The script needs administrator privileges in order incepect all processes.

Download MemTracer

Naked Security