Welcome to BloodCat
BloodCat is a powerful command-line security tool designed to identify publicly exposed RTSP network cameras that use weak or default credentials. It helps security researchers and network administrators assess camera security across networks and geographical regions.Key Features
Credential Brute-Force
Test RTSP cameras against common default passwords to identify security vulnerabilities
Geographical Discovery
Integrate with FoFa API to discover cameras by country, region, and city
Brand Detection
Automatically detect and target 10+ camera brands including Hikvision, Dahua, Axis, and more
Built-in Viewer
View discovered camera streams directly with the included ffplay-based viewer
Supported Camera Brands
BloodCat includes specialized detection and authentication patterns for:- Hikvision — Industry-leading surveillance cameras
- Dahua — Enterprise security systems
- Uniview — IP camera solutions
- Axis — Network camera manufacturer
- Sony — Professional security cameras
- Vivotek — Network surveillance equipment
- TVT — Digital video recorders
- Reolink — Consumer security cameras
- Milesight — IoT surveillance devices
How It Works
Target Selection
Specify a single camera IP or use FoFa API to discover cameras in specific geographical regions
Use Cases
- Security Auditing — Identify weak credentials in your organization’s camera infrastructure
- Penetration Testing — Assess camera security as part of comprehensive network assessments
- Research — Study the prevalence of default credentials in IoT devices
- Compliance — Verify that deployed cameras meet security hardening requirements
Quick Example
Test a specific camera:Next Steps
Installation
Install dependencies and get BloodCat running
Command Reference
Explore all available commands and options
Supported Brands
View detailed camera brand support
Examples
See real-world usage examples