Skip to content

Dinas-Kominfo-Kota-Tangerang/c2-tracker-docker-version

BranchesTags
 
 

Repository files navigation

C2 Tracker - OSINT Version

TangerangKota-CSIRT (nauliajati@tangerangkota.go.id)

Automated C2 infrastructure tracking using free OSINT sources.

💡 Acknowledgment
This project was inspired by C2-Tracker.

Quick Setup (New Environment - Recommended)

# 1. Run auto-setup script
./setup.sh

# 2. Update API keys in .env file
nano .env

# 3. Start containers
docker-compose up -d --build

Manual Setup

  1. Create directories:

    mkdir -p data logs
chmod 755 data logs

  2. Fix permissions current user:

    chown -R $(id -u):$(id -g) data logs

  3. Update docker-compose.yml:

    # Replace user: "1000:1000" with your current user:
user: "$(id -u):$(id -g)"

Environment Variables

Required API keys in .env file:

Features

  • Free OSINT Sources: ThreatFox, AlienVault OTX, CyberCure, MISP, GitHub IOCs
  • Automated Scheduling: Runs every 6 hours
  • Priority Targeting: Focuses on high-risk C2 infrastructure
  • Export Formats: JSON, CSV, STIX

Usage

Running the Application

  1. Start all services:

    docker-compose up -d --build

  2. Run manually (per-services):

    # Run main collection script
docker exec c2-tracker python main.py

# Or run specific source
docker exec c2-tracker python -c "from sources.threatfox import ThreatFoxCollector; ThreatFoxCollector().collect()"

  3. View real-time logs:

    # All services
docker-compose logs -f

# Specific service
docker logs -f c2-tracker-scheduler

  4. Stop services:

    docker-compose down

Monitor Data Collection

Check collection status:

# View latest data files
ls -la data/

# Check collection logs
docker logs c2-tracker-scheduler | tail -20

# Monitor active processes
docker exec c2-tracker ps aux

Troubleshooting & Debugging

Permission Denied Errors

# Fix data directory permissions
sudo chown -R $(id -u):$(id -g) data/ logs/

# Or run setup script
./setup.sh

Scheduler Not Working

Container includes cron automatically. Check logs:

# Check if cron is running
docker exec c2-tracker service cron status

# View cron logs
docker logs c2-tracker-scheduler

# Check crontab configuration
docker exec c2-tracker crontab -l

API Connection Issues

  1. Check API keys:

    # Verify .env file exists and has correct keys
cat .env | grep -E "(SHODAN|VIRUS|ALIEN)"

  2. Test API connectivity:

    # Test Shodan API
docker exec c2-tracker python -c "import requests; print(requests.get('https://api.shodan.io/api-info?key=YOUR_KEY').json())"

  3. Check rate limits:

    # View recent API calls in logs
docker logs c2-tracker-scheduler | grep -i "rate\|limit\|error"

Data Collection Problems

  1. No data collected:

    # Check if sources are reachable
docker exec c2-tracker python -c "from sources.threatfox import ThreatFoxCollector; print(ThreatFoxCollector().test_connection())"

# Check permissions
ls -la data/

# Run collection manually with debug
docker exec c2-tracker python main.py --debug

  2. Incomplete data:

    # Check source logs
grep -i "error\|fail" logs/*.log

# Verify data format
head -20 data/iocs.json

  3. Old data (not updating):

    # Check file timestamps
ls -la data/ | head -10

# Force manual collection
docker exec c2-tracker python main.py --force-update

Container Issues

  1. Container won't start:

    # Check container status
docker ps -a

# View container logs
docker logs c2-tracker-scheduler

# Check resource usage
docker stats

  2. Out of memory/disk space:

    # Check disk usage
df -h
du -sh data/ logs/

# Clean old logs
find logs/ -name "*.log" -mtime +7 -delete

  3. Network connectivity:

    # Test internet connection from container
docker exec c2-tracker ping -c3 8.8.8.8

# Test DNS resolution
docker exec c2-tracker nslookup google.com

Performance Optimization

  1. Speed up collection:

    # Increase concurrent requests (edit main.py)
# Reduce collection frequency (edit crontab)
docker exec c2-tracker crontab -e

  2. Reduce resource usage:

    # Limit Docker memory
# Add to docker-compose.yml:
# mem_limit: 512m
# cpus: "0.5"

Data Output

Results saved to:

  • data/OSINT Sources IPs.txt - Raw IP addresses from all sources
  • data/iocs.json - Structured IOC data with metadata
  • data/iocs.csv - CSV format for spreadsheet analysis
  • data/iocs_stix.json - STIX format for threat intelligence platforms
  • logs/collection.log - Collection activity logs
  • logs/errors.log - Error & debugging logs

Data Format Examples

JSON format (iocs.json):

{
  "indicators": [
    {
      "value": "192.168.1.1",
      "type": "ip",
      "source": "ThreatFox",
      "confidence": 90,
      "tags": ["malware", "c2"],
      "first_seen": "2024-01-01T00:00:00Z"
    }
  ]
}

CSV format (iocs.csv):

indicator,type,source,confidence,tags,first_seen
192.168.1.1,ip,ThreatFox,90,"malware,c2",2024-01-01T00:00:00Z

About

Live Feed of C2 servers, tools, and botnets - Docker version :)

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 95.7%
  • Shell 3.0%
  • Dockerfile 1.3%