Combine c2-dns and c2-ip modules into c2

alphasoc / flightsim

A utility to safely generate malicious network traffic patterns and evaluate controls.

https://alphasoc.com

Other

1.25k stars 132 forks source link

Combine c2-dns and c2-ip modules into c2 #7

Closed chrisforce1 closed 5 years ago

chrisforce1 commented 6 years ago

We should combine them by taking 5 random FQDNs and 5 random IP:port pairs, then:

Resolving the FQDNs (as per c2-dns)
Connecting to the resolved IPs on TCP port 80 (new code)
Connecting to the 5 IP:port pairs (as per c2-ip)

chrisforce1 commented 5 years ago

While we're looking at this, we should also see if there's a way we can pull recent C2s from the CyberCrime Tracker, as the current code pulls the whole dataset and often hits C2 destinations from 2014-2015 which is far from ideal.

chrisforce1 commented 5 years ago

Let's also move away from the CyberCrime Tracker here and use open-wisdom.

chrisforce1 commented 5 years ago

Now that the open-wisdom issues are closed, can we solve this and tidy it all up? 🙏