RTSP (Streaming / Cameras)
aka camera, onvif
Real Time Streaming Protocol on 554 — the control channel for IP cameras and media servers. Brute-force the stream path and default credentials to pull up live video feeds.
Ports
| Port | Proto | Notes |
|---|---|---|
554 | tcp | RTSP |
8554 | tcp | alt RTSP |
Fingerprint
- RTSP/1.0 banner; OPTIONS returns supported methods
- nmap rtsp-methods / rtsp-url-brute
Default / weak creds
admin/admin, admin/(blank), root/root and vendor defaults
Exploitation primitives
- Enumerate valid stream URLs (rtsp-url-brute / Cameradar)
- Default creds → view the live feed
- DESCRIBE without auth sometimes leaks the stream outright
Overview
RTSP on 554 controls video streams. The job is finding the right URL path and credentials, then opening the feed.
Enumeration
Methods + URL brute force:
nmap -p554 --script rtsp-methods,rtsp-url-brute <TARGET>Full camera attack (paths + creds) with Cameradar:
cameradar -t <TARGET>View the feed
ffplay "rtsp://admin:admin@<TARGET>:554/Streaming/Channels/101"Hardening
Change default camera credentials, require auth on DESCRIBE/PLAY, and keep cameras on an isolated VLAN.