Skip to content

Latest commit

 

History

History
102 lines (76 loc) · 4.09 KB

README.md

File metadata and controls

102 lines (76 loc) · 4.09 KB

Logo

Utilize fingerprinting techniques to actively hunt for Command and Control (C2) servers on Shodan.
In addition, incorporate threat feeds from Feodo Tracker, ThreatFox, and URLhaus to generate a personalized, local database of C2 servers.


Table of Contents


📔 Pre-requisites

  • the current version requires Linux based operating system
  • install Python version >= 3.6
  • clone this project with the following command
$ git clone https://github.com/martinkubecka/C2Hunter.git
  • in the config directory create config.yml file based on the config/example.yml structure

📦 Installing Required Packages

$ pip install -r requirements.txt

🗝️ API Key

  • add your Shodan API key to the newly created config/config.yml file

Note: Shodan's Freelancer Plan may not be sufficient based on the frequency with which this application is run.


🦅 Usage

usage: c2hunter.py [-h] [-q] [-c FILE] [-o DIRECTORY] [-s] [-p] [-ds] [-df] [-du] [-dt] [-db]

Utilize fingerprinting techniques to actively hunt for Command and Control (C2) servers on Shodan. 
In addition, incorporate threat feeds from Feodo Tracker, ThreatFox, and URLhaus to generate a personalized, local database of C2 servers.

options:
  -h, --help                        show this help message and exit
  -q, --quiet                       do not print a banner
  -c FILE, --config FILE            config file (default: "config/config.yml")
  -o DIRECTORY, --output DIRECTORY  output directory (default: "reports/")
  -s, --search-country-code         search IoCs based on the configured country code
  -p, --print-active                print filtered active endpoints to the console

disable options:
  -ds, --disable-shodan             disable querying Shodan
  -df, --disable-feodotracker       disable querying Feodo Tracker
  -du, --disable-urlhaus            disable querying URLhaus
  -dt, --disable-threatfox          disable querying ThreatFox
  -db, --disable-backup             disable file reports backup

📂 Resources


🧰 Development

🏢 Virtual environment

  1. use your package manager to install python-pip if it is not present on your system
  2. install virtualenv
  3. verify installation by checking the virtualenv version
  4. inside the project directory create a virtual environment called venv
  5. activate it by using the source command
  6. you can deactivate the virtual environment from the parent folder of venv directory with the deactivate command
$ sudo apt-get install python-pip
$ pip install virtualenv
$ virtualenv --version
$ virtualenv --python=python3 venv
$ source venv/bin/activate
$ deactivate