tuning

camdike.sh

@@ -2,7 +2,7 @@
 while true; do
     echo
     echo Gather IPs
-    ./fortune_rtsp.py -c 32 -t 1.5 -F -i tun0
+    ./fortune_rtsp.py -c 32 -t 0.7 -F -i tun0
     cat local/rtsp_554.txt >> local/potential_rtsp.txt
 
     echo

fortune_rtsp.py

@@ -1,16 +1,16 @@
 #!/usr/bin/env -S python -u
 from pathlib import Path
-from socket import SOL_SOCKET, SO_BINDTODEVICE, create_connection, timeout
+from socket import IPPROTO_TCP, SOL_SOCKET, SO_BINDTODEVICE, SO_LINGER, TCP_NODELAY, create_connection, timeout
 from time import time, sleep
 
 from fire import Fire
 
-from lib.scan import generate_ips, process_each
+from lib.scan import generate_ips, process_each, LINGER
 
 counter = 0
 max_count = 1024
 
-REQ = b'OPTIONS * RTSP/1.0\r\nCSeq: 1\r\n\r\n'
+REQ = b'OPTIONS * RTSP/1.0\r\nCSeq: 1\r\nUser-Agent: Mozilla/5.0\r\nAccept: application/sdp\r\n\r\n'
 
 
 def check(ip, pl, out, p, t, i):
@@ -33,8 +33,10 @@ def check(ip, pl, out, p, t, i):
             dt = time() - tim
             if i:
                 c.setsockopt(SOL_SOCKET, SO_BINDTODEVICE, i.encode())
+            c.setsockopt(IPPROTO_TCP, TCP_NODELAY, 1)
+            c.setsockopt(SOL_SOCKET, SO_LINGER, LINGER)
             c.sendall(REQ)
-            response = c.recv(1024).decode()
+            response = c.recv(128).decode()
             if response.startswith('RTSP/'):
                 _, code, _ = response.split(None, 2)
             break

lib/net.py

@@ -202,14 +202,15 @@ def query(self, url: str = '*', headers: dict = {}) -> Response:
 
         request = Request(method, url, Request.PROTO_RTSP_1)
         request.headers = headers
+        request_str = str(request)
 
-        logger.info('\n<< %s' % str(request).rstrip())
+        logger.info('<< %s' % request_str.rstrip())
 
         try:
-            connection.sendall(str(request).encode())
+            connection.sendall(request_str.encode())
             data = connection.recv(1024).decode()
 
-            logger.info('\n>> %s' % data.rstrip())
+            logger.info('>> %s' % data.rstrip())
 
             if data.startswith('RTSP/'):
                 response = Response(data)

rtsp_brute.py

@@ -60,6 +60,8 @@ def fuzz(connection: RTSPConnection, single_path: bool = True):
 
             if result:
                 results.append(result)
+            else:
+                break
 
         if single_path and results:
             break
@@ -74,7 +76,7 @@ def process_target(target_params: tuple[str, int, bool, str]) -> list[str]:
         if connection.query().ok:
             return fuzz(connection, single_path)
 
-        return []
+    return []
 
 
 def main(H: str = '', w: int = None, sp: bool = False, i: str = '', d: bool = False, de: bool = False):
@@ -128,9 +130,6 @@ def main(H: str = '', w: int = None, sp: bool = False, i: str = '', d: bool = Fa
                     host, port, *_ = futures[future]
                     res = future.result()
                     progress.update()
-                    if res is None:
-                        print('Result for host is None, giving up')
-                        return
                     results += res
 
     for result in results: