Projects STRLCPY C2-Tracker Files
42 lines | ISO-8859-1 | 1 KB

C2 Tracker

This repo houses the code I made to mine various C2 IPs from Shodan. The searches used were sourced from Michael Koczwara's Research (see references below).

Current Metrics

  • Suspected C2 Servers: 2,641

    • Cobalt Strike: 1,757
    • Metaploit Framework: 603
    • Covenant: 33
    • Mythic: 55
    • Brute Ratel C4: 9
    • Posh C2: 9
  • (Those numbers don't add up so I suspect a few IPs are housing multiple C2s, see future state)

Current State

This script is automated and will run nightly to update data/* so there is no need for you to run it locally.

Running Locally

However if you want to host a private version, fill out the API key field on line 5 and run the following, then automate it however you wish (e.g. crontab):

python3 -m pip install -r requirements.txt

Future State

  • Write scripts to analyze DNS/WHOIS info
  • Build automation into the script
  • Write script to identify servers with multiple frameworks running
  • Track metrics over time


Please wait...
Page is in error, reload to recover