Camera Logo


With Xmas just a few weeks away, we thought we would focus on some of the smart gadgets within the home. Whether it be a baby monitor, security system, pet monitor, or some new gagdet with a camera installed. You might already have some of these devices in your home, or you could have a device under and Xmas tree.

Today, we take a look at how easy it is to extract/view RTSP streams from electronic devices.



The Real Time Streaming Protocol (RTSP) is a network control protocol designed for use in entertainment and communications systems to control streaming media servers. The protocol is used for establishing and controlling media sessions between endpoints. Clients of media servers issue VHS-style commands, such as play, record and pause, to facilitate real-time control of the media streaming from the server to a client (Video On Demand) or from a client to the server (Voice Recording).


Its as easy as:

  • File
  • Open Network

When accessing RTSP streams in VLC you are often given a URL in the format of:

  • rtsp://«ip>:«port»/«stream»


  • rtsp://

VLC is usually clever enough to figure out how to output the streaming data.

Seeking out RTSP

RTSP normally resides on the following TCP ports:

  • 554
  • 5554
  • 8554

A simple portscan can reveal whether these ports are open and accessible.

Manually Confirming RTSP

A simple cURL one-liner:

curl -i -X OPTIONS rtsp:// RTSP/1.1

A valid RTSP service should respond along the following lines:

RTSP/1.0 200 OK
CSeq: 1
Date: Tue, Dec 08 2020 09:56:12 GMT

RTSP Hacking made easy

Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.

Cameradar allows you to

  • Detect open RTSP hosts on any accessible target host
  • Detect which device model is streaming
  • Launch automated dictionary attacks to get their stream route (e.g.: /live.sdp)
  • Launch automated dictionary attacks to get the username and password of the cameras
  • Retrieve a complete and user-friendly report of the results

Examples to Hack RTSP Camera

Running cameradar on your own machine to scan for default ports

docker run --net=host -t ullaakut/cameradar -t localhost

Running cameradar with an input file, logs enabled on port 8554

docker run -v /tmp:/tmp --net=host -t ullaakut/cameradar -t /tmp/test.txt -p 8554

Running cameradar on a subnetwork with custom dictionaries, on ports 554, 5554 and 8554

docker run -v /tmp:/tmp --net=host -t ullaakut/cameradar -t --custom-credentials="/tmp/dictionaries/credentials.json" --custom-routes="/tmp/dictionaries/routes" -p 554,5554,8554

Example in action

Cameradar in action

Accessing the Stream using VLC we can see a picture from the security camera:

security camera footage

Share on: