docs: add instructions on what targets to test against

CONTRIBUTING.md

@@ -14,6 +14,49 @@ Clone the repo and install dependencies using Go modules.
 go mod download
 ```
 
+### Test against fake targets
+
+Use the following options when you want reproducible local testing.
+
+#### Testing discovery behavior
+
+Use `scanme.nmap.org` to validate discovery-related behavior.
+
+- `scanme.nmap.org` does not expose RTSP or RTSPS ports.
+- Target its open ports (for example `22`, `80`, `9929`, `31337`) to test discovery flow, reporting, and scan handling.
+
+Example command:
+
+```bash
+cameradar -t scanme.nmap.org -p 22
+```
+
+#### Testing RTSP and attack behavior
+
+Use [RTSPAllTheThings](https://github.com/Ullaakut/RTSPAllTheThings) to test RTSP-specific logic and camera attack flows.
+
+- It supports both basic and digest authentication.
+- It behaves like a standards-compliant RTSP camera.
+
+> [!CAUTION]
+> It is no longer maintained and has limited camera emulation coverage.
+
+Example command:
+
+```bash
+docker run --net=host -p 8554:8554 -e RTSP_USERNAME=admin -e RTSP_PASSWORD=12345 -e RTSP_PORT=8554 -e RTSP_AUTHENTICATION_METHOD=digest ullaakut/rtspatt
+```
+
+Many real cameras slightly diverge from strict RTSP behavior. For example, some devices allow `DESCRIBE` without authentication, or return `403` and `404` in an order that differs from strict expectations.
+Unfortunately, RTSPATT cannot reproduce those behaviors.
+
+#### Prefer real cameras when possible
+
+The most reliable testing method is running against real cameras and real network conditions.
+
+> [!CAUTION]
+> Scan only authorized targets and networks.
+
 ## Run tests
 
 ```bash

cmd/cameradar/main.go

@@ -38,10 +38,11 @@ var (
 
 var flags = cmd.Flags{
 	&cli.StringSliceFlag{
-		Name:    flagTargets,
+		Name:     flagTargets,
-		Usage:   "The targets on which to scan for open RTSP streams in a network range format",
+		Usage:    "The targets on which to scan for open RTSP streams in a network range format",
-		Aliases: []string{"t"},
+		Aliases:  []string{"t"},
-		Sources: cli.EnvVars(strcase.ToSNAKE(flagTargets)),
+		Sources:  cli.EnvVars(strcase.ToSNAKE(flagTargets)),
+		Required: true,
 	},
 	&cli.StringSliceFlag{
 		Name:    flagPorts,
@@ -127,13 +128,19 @@ func realMain() (code int) {
 		}
 	}()
 
+	scanCommand := &cli.Command{
+		Name:   "scan",
+		Usage:  "Scan targets for RTSP streams",
+		Flags:  flags,
+		Action: runCameradar,
+	}
+
 	app := &cli.Command{
-		Name:    "Cameradar",
+		Name:           "Cameradar",
-		Version: version,
+		Version:        version,
-		Usage:   "Scan targets for RTSP streams",
+		DefaultCommand: scanCommand.Name,
-		Flags:   flags,
-		Action:  runCameradar,
 		Commands: []*cli.Command{
+			scanCommand,
 			{
 				Name:   "version",
 				Usage:  "Print version information",