Inspired by Cameradar

⚠️ DISCLAIMER: EDUCATIONAL PURPOSE ONLY This tool is designed strictly for educational purposes, security research, and authorized auditing. Any use of this tool for illegal or malicious activities is strictly prohibited. You are solely responsible for ensuring that you have explicit permission to scan or interact with any target. Always follow all legal and ethical rules and regulations in your jurisdiction.

• Find accessible RTSP streams on any target
• Brute-force stream routes
• Brute-force credentials
• Make screenshots on accessible streams
• Generate user-friendly report of the results:
  • .txt file with each found stream on new line
  • .html file with screenshot of each found stream

• result.txt: Each target is on a new line. Import to VLC: change extension to .m3u and open in VLC
• index.html: Click on the screenshot to copy its link

• python (>= 3.8)
• av
• Pillow
• rich

For the video processing libraries (PyAV/av) to compile and work effectively on Debian/Ubuntu, you'll need the following system dependencies:

sudo apt update
sudo apt install pkg-config libavformat-dev libavcodec-dev libavdevice-dev libavutil-dev libswscale-dev libavresample-dev libavfilter-dev -y

Install with pip or your favorite package manager after cloning the repo:

git clone https://github.com/lucky-om/RTSPbrute.git
cd RTSPbrute
pip install -r requirements.txt
python -m rtspbrute -h

USAGE
    $ rtspbrute -t TARGETS [-p PORTS [PORTS ...]] [-r ROUTES] [-c CREDENTIALS]
                [-ct N] [-bt N] [-st N] [-T TIMEOUT] [-d] [-h]

ARGUMENTS
    -h, --help                     show this help message and exit
    -t, --targets TARGETS          the targets on which to scan for open RTSP streams
    -p, --ports PORTS [PORTS ...]  the ports on which to search for RTSP streams
    -r, --routes ROUTES            the path on which to load a custom routes
    -c, --credentials CREDENTIALS  the path on which to load a custom credentials
    -ct, --check-threads N         the number of threads to brute-force the routes
    -bt, --brute-threads N         the number of threads to brute-force the credentials
    -st, --screenshot-threads N    the number of threads to screenshot the streams
    -T, --timeout TIMEOUT          the timeout to use for sockets
    -d, --debug                    enable the debug logs

EXAMPLES
    $ rtspbrute -h
    $ rtspbrute -t hosts.txt -p 554 5554 8554 -d
    $ rtspbrute -t ips.txt -r routes.txt -c combinations.txt
    $ rtspbrute -t targets.txt -st 10 -T 10

• "-t, --targets" (No default value): Set the path to the input file. The file can contain IPs, IP ranges and CIDRs. Each one of them should be on a separate line, e.g.:

0.0.0.0
192.168.100.1-192.168.254.1
192.17.0.0/16

• "-p, --ports" (554): Set custom ports, e.g.: -p 554 5554 8554
• "-r, --routes" (routes.txt): Set custom path to the file with routes. Each route should start with / and be on a separate line, e.g.:

/1
/11
/h264

• "-c, --credentials" (credentials.txt): Set custom path to the file with credentials. Each combination should contain : and be on a separate line, e.g.:

admin:admin
user:user

• "-ct, --check-threads" (500): Set custom number of threads to brute-force the routes
• "-bt, --brute-threads" (200): Set custom number of threads to brute-force the credentials
• "-st, --screenshot-threads" (20): Set custom number of threads to screenshot the streams. Smaller number leads to more successful screenshots: when there's too much threads PyAV will throw errors and wouldn't connect to target.
• "-T, --timeout" (2): Set custom timeout value for socket connections
• "-d, --debug" (False): Enable debug logging to debug.log file