Ullaakut/cameradar

📋 What's Changed

• docs: add instructions on what targets to test against by @Ullaakut in https://github.com/Ullaakut/cameradar/pull/418
• Bump docker/login-action from 3 to 4 in the all group by @dependabot[bot] in https://github.com/Ullaakut/cameradar/pull/420
• Bump the all group with 2 updates by @dependabot[bot] in https://github.com/Ullaakut/cameradar/pull/422
• feat: support http tunneled rtsp by @arryllopez in https://github.com/Ullaakut/cameradar/pull/419
• Bump google.golang.org/grpc from 1.79.2 to 1.79.3 by @dependabot[bot] in https://github.com/Ullaakut/cameradar/pull/424
• Bump github.com/bluenviron/gortsplib/v5 from 5.4.0 to 5.5.0 in the all group by @dependabot[bot] in https://github.com/Ullaakut/cameradar/pull/425
• Bump github.com/urfave/cli/v3 from 3.7.0 to 3.8.0 in the all group by @dependabot[bot] in https://github.com/Ullaakut/cameradar/pull/426
• Bump github.com/bluenviron/gortsplib/v5 from 5.5.0 to 5.5.1 in the all group by @dependabot[bot] in https://github.com/Ullaakut/cameradar/pull/427
• + 10 more

✨ New Contributors

• @arryllopez made their first contribution in https://github.com/Ullaakut/cameradar/pull/419
• @whiteboxsolutions made their first contribution in https://github.com/Ullaakut/cameradar/pull/421
• @Noethix55555 made their first contribution in https://github.com/Ullaakut/cameradar/pull/440
• Full Changelog: https://github.com/Ullaakut/cameradar/compare/v6.1.1...v6.2.0

🐛 Critical bug fix

• fix: command/flags to prevent subcommand being required by @Ullaakut in https://github.com/Ullaakut/cameradar/pull/411

📦 Misc

• Bump the all group with 4 updates by @dependabot[bot] in https://github.com/Ullaakut/cameradar/pull/401
• Bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.40.0 by @dependabot[bot] in https://github.com/Ullaakut/cameradar/pull/404
• Bump goreleaser/goreleaser-action from 6 to 7 in the all group by @dependabot[bot] in https://github.com/Ullaakut/cameradar/pull/402
• feat: add codeowners, fix typos, fix license badge by @Ullaakut in https://github.com/Ullaakut/cameradar/pull/407
• docs: more precisions in contributing guide by @Ullaakut in https://github.com/Ullaakut/cameradar/pull/408
• Bump the all group with 2 updates by @dependabot[bot] in https://github.com/Ullaakut/cameradar/pull/409
• docs: remove config section in favor of wiki, add links to wiki by @Ullaakut in https://github.com/Ullaakut/cameradar/pull/412
• Full Changelog: https://github.com/Ullaakut/cameradar/compare/v6.1.0...v6.1.1

📋 What's Changed

• fix: always add leading slash to routes by @Ullaakut in https://github.com/Ullaakut/cameradar/pull/397
• feat: tui mode improvements by @Ullaakut in https://github.com/Ullaakut/cameradar/pull/395
• feat: add version subcommand to help with issues by @Ullaakut in https://github.com/Ullaakut/cameradar/pull/400
• feat: add masscan discovery backend by @Ullaakut in https://github.com/Ullaakut/cameradar/pull/403

📦 Maintenance

• Bump the all group with 3 updates by @dependabot[bot] in https://github.com/Ullaakut/cameradar/pull/399
• Bump the all group with 4 updates by @dependabot[bot] in https://github.com/Ullaakut/cameradar/pull/398

✨ New Contributors

• @dependabot[bot] made their first contribution in https://github.com/Ullaakut/cameradar/pull/399
• Full Changelog: https://github.com/Ullaakut/cameradar/compare/v6.0.2...v6.1.0

📋 What's Changed

• feat: small UI improvements by @Ullaakut in https://github.com/Ullaakut/cameradar/pull/394
• Added build metadata support (version, commit, date) with display methods
• Implemented startup configuration logging for plain/debug mode
• Added Ctrl+C (SIGINT) handling in TUI mode to gracefully cancel operations
• Reformatted log output to display timestamp first and normalize log levels to 4 characters
• fix: docker image tags
• Fixed Docker image tags in goreleaser to include "v" prefix
• Full Changelog: https://github.com/Ullaakut/cameradar/compare/v6.0.1...v6.0.2

📋 What's Changed

• chore: resize cameradar logo by @Ullaakut in https://github.com/Ullaakut/cameradar/pull/387
• fix: no longer give up on detecting auth type when getting a 401 by @Ullaakut in https://github.com/Ullaakut/cameradar/pull/391
• Adds AuthUnknown enum value to gracefully handle unknown/undetected authentication states instead of treating them as fatal errors
• Implements a custom RTSP DESCRIBE probe (probeDescribeHeaders) that retrieves response headers even on error responses, working around limitations in the gortsplib library
• Adds fallback authentication detection using case-insensitive substring matching when structured header parsing fails
• Implements a retry mechanism with 5 attempts for 503 Service Unavailable responses during stream validation
• Updates route handling to support paths without leading slashes and adds empty route support for default paths
• Full Changelog: https://github.com/Ullaakut/cameradar/compare/v6.0.0...v6.0.1
• + 1 more

📦 Highlights

• Rewrote core scanning and attack flows into modular, testable components with clear interfaces.
• Replaced the legacy curl-based RTSP stack with a Go RTSP client for better reliability and maintainability.
• Introduced a new UI system with TUI, plain, and auto modes, plus progress tracking and summaries.
• Added structured reporting and M3U output generation.

📦 CLI and UX

• Replaced the previous CLI parsing with urfave/cli and improved validation.
• Added --skip-scan mode to bypass discovery and attack known targets directly.
• Added --ui mode selection and enhanced interactive/non-interactive behavior.
• Improved logging and error reporting across steps.

📦 Architecture and Core

• Introduced a new App orchestration layer with explicit dependencies and context-aware execution.
• Added typed steps, progress messages, and summary helpers.
• Added target loading from files and more robust target parsing.
• Added a worker pool to parallelize attacks safely.

📦 Scanning

• Added a scan builder that selects between nmap and skip-scan strategies.
• Implemented nmap scanning with structured parsing and warnings.
• Added robust target expansion and IPv4 range handling.

📦 Attacks

• Implemented a new RTSP attacker with route probing, auth detection, credential attacks, and validation.
• Added re-attack logic for devices with non-standard RTSP behavior.
• Improved authentication detection and route/credential discovery logic.

📦 Dictionaries

• Moved dictionaries into embedded assets and added a new loader.
• Added support for custom dictionary paths with clear error handling.

📦 Output and Reporting

• Added M3U playlist output with labels and RTSP URLs.
• Added plain and TUI reporters with live progress updates.
• Added formatted summaries for accessible and discovered streams.

📦 Build, CI, and Tooling

• Replaced Travis CI with GitHub Actions workflows for build, test, and release.
• Added Dependabot config and GoReleaser v2 configuration.
• Added a Makefile for common tasks (fmt, test, lint, build).
• Updated Dockerfile to use prebuilt binaries and simplified runtime image.

📝 Documentation

• Reworked README with updated usage, security guidance, and examples.
• Added CONTRIBUTING guide and refreshed issue/PR templates.

🧪 Tests

• Added extensive tests for the new scanner, attacker, dictionary loader, UI, and helpers.
• Removed legacy tests tied to deleted components and APIs.

📋 What's Changed

• feat: write output to file by @Ullaakut in https://github.com/Ullaakut/cameradar/pull/361
• Full Changelog: https://github.com/Ullaakut/cameradar/compare/v5.0.3...v5.0.4

✨ Features

• Update dictionary https://github.com/Ullaakut/cameradar/pull/326
• Update dictionary by @Mr-xn https://github.com/Ullaakut/cameradar/pull/346
• Readme RU translation by @VoroninMichael https://github.com/Ullaakut/cameradar/pull/324
• Better logging for unknown auth types by @baryy100 https://github.com/Ullaakut/cameradar/pull/345

🐛 Fixes

• Fixed typo in loader code https://github.com/Ullaakut/cameradar/pull/311
• Fixed typo in error by @testwill https://github.com/Ullaakut/cameradar/pull/332

✨ New default credentials

• Add new default credentials
• [#304](https://github.com/Ullaakut/cameradar/pull/304) by @supremepot
• [#295](https://github.com/Ullaakut/cameradar/pull/295) by @ArturFormella
• Update install instructions [#291](https://github.com/Ullaakut/cameradar/pull/291) by @Ullaakut

📋 Changes

• [Update curl-dev dependency version](https://github.com/Ullaakut/cameradar/pull/282)
• [Add crossplatform docker builds](https://github.com/Ullaakut/cameradar/pull/283)
• [Update README to warn about binary builds and curl version](https://github.com/Ullaakut/cameradar/pull/284)

✨ Features

• [Support multi-route detection](#267) (#264)
• Change stream model to support multiple routes
• Simplify attack algorithm
• Use dummy route to detect cameras which accept all routes
• [Set module version to v5](#267) (#265)
• Update README to reflect changes
• Various README improvements

🐛 Bugfixes

• [Fix stream discovery on non-standard ports by using service info mode in nmap scan](#267) (#266)
• No longer enables debug by default
• Makes verbose mode work (used to not do anything)

📦 Misc

• Move issue template to .github and remove old changelog file
• Reword error message when no stream is found
• Remove unnecessary import alias

📋 Changes

• Add routes and credentials for Besder IP cameras ([#256](https://github.com/Ullaakut/cameradar/pull/256))
• Remove spam from curl verbose mode ([#257](https://github.com/Ullaakut/cameradar/pull/257))

📋 Changes

• Digest authentication is fixed by using an older curl version (#252)

📦 [v4.1.1](https://github.com/Ullaakut/cameradar/tree/v4.1.1) (2019-11-30)

• [All Commits](https://github.com/Ullaakut/cameradar/compare/v4.1.0...v4.1.1)
• Enhancements:
• [binary,enhancement,library] Add scan interval option ([#245](https://github.com/Ullaakut/cameradar/pull/245) by [Ullaakut](https://github.com/Ullaakut))
• [enhancement] Update dictionaries & dependencies for dictionary fetch tool ([#240](https://github.com/Ullaakut/cameradar/pull/240) by [Ullaakut](https://github.com/Ullaakut))
• Bug fixes:
• [bug] Update nmap dependency to v2.0.0 ([#250](https://github.com/Ullaakut/cameradar/pull/250) by [Ullaakut](https://github.com/Ullaakut))
• [bug] Fix scan interval option ([#246](https://github.com/Ullaakut/cameradar/pull/246) by [Ullaakut](https://github.com/Ullaakut))
• [bug] Fix capitalization issues in import path ([#244](https://github.com/Ullaakut/cameradar/pull/244) by [Ullaakut](https://github.com/Ullaakut))
• + 3 more

✨ Improvements and features

• Cameradar can now access cameras with both basic and digest authentication methods
• Previously, only basic auth was supported due to 90% of cameras using it over digest
• A tool to automatically update the route dictionary has been added to the repository
• The Cameradar API is now [much simpler to use](#cameradar-api) (#209)
• UX has been improved
• Spinner removed (#211)
• Better logs using [disgo](https://github.com/ullaakut/disgo)
• Two new verbosity levels: debug being the default and verbose showing extra logs for each curl request
• + 5 more

📝 Removed unmaintained documentation

• Contributing guide has been removed. It was very outdated and considering the low amount of contributions at the moment (🙁) I don't think it's worth the maintenance cost
• Documentation of the library in the readme was removed in favor of godoc. AFAIK no one uses cameradar as a library at the moment so I don't think it was necessary for it to be such a focus of the readme file.

📦 Cameradar API

• In the 3.0.0 version, the API of the cameradar API forces you to:
• Initialize, manipulate and clean a curl handle
• Call 5 or 6 functions from the library, with 4 to 6 arguments each, to perform a complete scan and attack process
• Print your own summary of the attack

📦 User Experience

• 
• The new interface is cleaner, provides a better picture of what is going on during the attack process and keeps the same attack summary as the previous interface has.
• Its debug and verbose mode are significantly more readable than the previous `--log` mode.

📦 Thanks

• Thanks to @rikosintie for his issue about digest authentication (#199)

🐛 Bugfixes

• Fixes a bug where the `CAMERADAR_CUSTOM_CREDENTIALS` and `CAMERADAR_CUSTOM_ROUTES` environment variables were no longer used, in favor of `CAMERADAR_CUSTOM-CREDENTIALS` and `CAMERADAR_CUSTOM-ROUTES` because of a regression introduced in v3.0.0. (#189)
• Fixes a bug where it was impossible to override the default dictionaries using the docker image. (#189)

📦 Enhancements

• The cameradar library is now more intuitive and easier to use by removing useless arguments from the `Discover` method
• Added more routes and credentials to the dictionaries #185
• Cameradar scans one more port by default (`5554`) #186
• Cameradar uses [nmap](https://github.com/Ullaakut.nmap) to improve error handling, make cameradar faster and easier to read #187
• Removed legacy code #187
• Finally reached 100% test coverage by completely mocking `nmap` #187

📦 Disclaimer

• I don't think any developers use it, so I guess it isn't a big deal, but just in case, I'll bump up the major version.

📦 Enhancements

• Cameradar can now take a file as an input, to make it easier to automatize #169
• Issuing of RTSP SETUP requests to improve route & credential detection #182
• Add more default credentials #176
• Increase test coverage #159

🐛 Bugfixes

• Fix multi address hosts #180
• Fix nmap not taking multiple hosts in docker #177

📦 Cameraccess

• Cameraccess will serve as both a replacement for the old Cameradar C++ app and an example on how to use the Cameradar library
• The Cameradar docker image uses Cameraccess as an entrypoint
• Cameraccess is more performant than the old C++ Cameradar
• Cameraccess has a better and more user-friendly UX than the old C++ Cameradar
• The new docker image is somehow exactly two times lighter than the previous one (187MB vs 374MB)

📦 Cameradar golang library

• The Cameradar golang library provides the necessary tools to quickly build a tiny program to discover and attack RTSP streams, and makes it easy to build on top of it.
• The code is much cleaner and all legacy code has been removed

📦 v1.1.4

• This version is the latest minor release before the 2.0.0. However, there might be other hotfixes coming after it if there are issues with the current state of Cameradar.
• Simplified use of Docker image
• Renamed MySQL table name to be more explicit
• Refactoring of the Golang functional tester done
• The output was made more human readable
• Added automatic code quality checks for pull requests
• Added contribution documentation
• Updated dictionaries to add user suggestions for Chinese cameras
• + 2 more

📦 v1.1.3

• Added automatic pushes to DockerHub to the travis integration
• Made travis configuration file better
• Changed the package generation scripts to make them report errors
• Removed old etix_rtsp_server binary from the test folder
• Fixed an issue that made it mandatory to launch tests at least once so that they can work the second time
• Fixed an issue that made the golang testing tool not compile in the testing script
• Fixed an issue that made the golang testing tool sometimes ignore some tests
• The previous known issue has been investigated and we don't know where it came from. However after a night of testing I have been unable to reproduce it, so I will consider it closed

📦 v1.1.2

• Added travis integration
• Added default environment value for Docker deployment
• Updated docker image description with new easy usage
• Updated README badges style (replaced flat with square-flat)
• Build last package can now also generate a debug package if given the `Debug` command-line argument

📦 v1.1.1

• Removed unnecessary null pointer checks (thanks to https://github.com/elfring)
• Updated package description
• Removed debug message in CMake build
• Added `/ch01.264` to the URL dictionary in the deployment (Comelit default RTSP URL)
• Updated tests partially (still needs work to make the code cleaner)
• Variable names are now compliant with Golang best practices
• JSON variable names are back to normal
• Functions have been moved in more appropriate source files
• + 12 more

📦 v1.1.0

• There are more command line options
• Port can now be overridden in the command line
• Subnet can now be overridden in the command line
• Bruteforce is now multithreaded and will use as many threads as there are discovered cameras
• Thumbnail generation is now multithreaded and will use as many threads as there are discovered cameras
• There are now default configuration values in order to make cameradar easier to use
• The algorithms take external input into account (so that a 3rd party can change the DB to help Cameradar in real-time) and thus check the persistent data at each iteration
• The default log level is now DEBUG instead of INFO
• + 4 more

📦 v1.0.5

• Fixed error in MySQL Cache Manager in which thumbnail generation on valid streams could not be done
• Fixed potential crash in the case the machine running cameradar has no memory left to allocate space for the dynamic cache manager

📋 Changes

• v1.0.1 : Updated to 16.04 & removed boost dependency
• v1.0.2 : Fix issues with MySQL Cache Manager
• v1.0.3 : Corrected GStreamer check
• v1.0.4 : Fixed nmap package detection

📋 Changes

• Added functional testing

📋 Changes

• Cameradar can access Cameras that are configured to always send 400 Bad Requests responses
• Changed iterator name from it to stream in dumb cache manager to improve code readability
• Cameradar no longer considers a timing out Camera as an accessible stream

📦 Version 0.2.0

• Major changes :
• MySQL Cache Manager
• Minor changes :
• Removed legacy code
• Removed boost dependency
• Improved debugging logs
• Updated README

📦 Version 0.2.1

• Minor changes :
• New docker deployment package
• Updated README

📋 Major changes

• Added a quick Docker deployment process
• Added automatic dependencies downloading through CMake for the manual installation
• Added CPack packaging for the Docker deployment

📋 Minor changes

• Changed recommended cloning method to HTTPS
• Added lots of informations to README.md