Hipcam IoT Camera Detect

Detects exposed Hipcam Cameras on RTSP port 554

id: hipcam-ip-camera-detection

info:
  name: Hipcam IP Camera Detection
  author: Redflare Cyber
  severity: medium
  description: This template checks for Hipcam IP cameras and identifies them via the RTSP service on TCP port 554.
  classification:
    cwe-id: CWE-284
  metadata:
    max-request: 1
    shodan-query: 'port:554 "Server: Hipcam RealServer/V1.0"'
  tags: hipcam,ipcamera,tcp,rtsp,IoT

requests:
  - raw:
      - |
        OPTIONS rtsp://{{Hostname}}:{{Port}}/ RTSP/1.0
        CSeq: 1

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "RTSP/1.0 200 OK"
          - "Server: Hipcam RealServer/V1.0"

      - type: regex
        regex:
          - "Public:.*OPTIONS,.*DESCRIBE,.*SETUP,.*TEARDOWN,.*PLAY,.*SET_PARAMETER,.*GET_PARAMETER"

tcp:
  - inputs:
      - data: "\r\n"
    host:
      - "{{Hostname}}"
    port: 554

    matchers:
      - type: word
        words:
          - "RTSP/1.0 200 OK"
          - "Server: Hipcam RealServer/V1.0"
          - "OPTIONS,DESCRIBE,SETUP,TEARDOWN,PLAY,SET_PARAMETER,GET_PARAMETER"

    extractors:
      - type: regex
        part: body
        regex:
          - "CSeq: ([0-9]+)"