Script rtsp-url-brute

Script types: portrule
Categories: brute, intrusive
Download: https://svn.nmap.org/nmap/scripts/rtsp-url-brute.nse

Script Summary

Attempts to enumerate RTSP media URLS by testing for common paths on devices such as surveillance IP cameras.

The script attempts to discover valid RTSP URLs by sending a DESCRIBE request for each URL in the dictionary. It then parses the response, based on which it determines whether the URL is valid or not.

Script Arguments

rtsp-url-brute.urlfile

sets an alternate URL dictionary file

rtsp-url-brute.threads

sets the maximum number of parallel threads to run

Example Usage

nmap --script rtsp-url-brute -p 554 <ip>

Script Output

PORT    STATE SERVICE
554/tcp open  rtsp
| rtsp-url-brute:
|   discovered:
|     rtsp://camera.example.com/mpeg4
|   other responses:
|     401:
|_      rtsp://camera.example.com/live/mpeg4

Requires

• coroutine
• io
• nmap
• rtsp
• shortport
• stdnse
• table
• rand

---

Author:

• Patrik Karlsson

License: Same as Nmap--See https://nmap.org/book/man-legal.html