CStrike

CStrike — Autonomous Offensive Security Platform

Add a target, click scan, and watch an AI-driven attack unfold across phases — reconnaissance through exploitation — with 35+ security tools orchestrated automatically. You are the operator, not the command executor.

How It Works

CStrike is a web-based offensive security platform with a real-time dark-themed dashboard. You add targets, launch scans, and the platform autonomously runs a phased attack pipeline — making decisions in real-time about which tools to run, what to try next, and where to pivot. Everything streams live via WebSocket — no page refreshes, no waiting for reports.

The AI engine (supporting Ollama for local models, and public AI Providers) analyzes scan results after each phase and decides what to do next. You can watch its reasoning in real-time through the AI Stream view — every thought, command, and decision is visible as it happens.

The 9-Phase Attack Pipeline

When you start a scan, CStrike executes these phases autonomously:

  1. Reconnaissance — nmap, dig, amass, subfinder, httpx, nikto, wafw00f, whatweb, dnsrecon — builds a port map, discovers subdomains, identifies the tech stack
  2. AI Analysis (Phase 1) — AI reviews recon results, recommends attack vectors and tool selection
  3. Web Scanning — OWASP ZAP and Burp Suite run DAST against discovered web surfaces
  4. Web Exploitation — nuclei, ffuf, sqlmap, hydra — validates CVEs, discovers directories, confirms injection points, brute-forces credentials
  5. API Security — VulnAPI scanner discovers API endpoints and tests against OWASP API Top 10
  6. Metasploit — Automated module selection and execution via RPC, session management, post-exploitation
  7. Exploitation Chains — Links results from previous phases: credential reuse, lateral movement
  8. AI Analysis (Phase 2) — Re-evaluates all findings, suggests pivots and missed vectors
  9. Reporting — Compiles results, scores credentials, generates full evidence timeline

What You See in the Dashboard

Targets & Scans

  • Add targets by URL or hostname
  • One-click full autonomous scans
  • Live scan progress by phase
  • Cancel any scan mid-execution
  • Results by severity: critical, high, medium, low

Exploitation

  • Exploit case management with phased pipeline (enumerate → exploit → persist)
  • OPSEC gating — approve before dangerous tasks run
  • AI recommends next steps after each task
  • Manual task launcher for direct tool execution
  • Campaign grouping for multi-target engagements

Loot & Evidence

  • Credential tracker with scoring (SSH creds rank higher than HTTP basic)
  • Live credential validation (SSH, FTP, SMB, RDP, LDAP)
  • Credential heatmap visualization
  • Full evidence timeline per target
  • Raw tool output for every scan and task

35+ Security Tools

Scanning & Recon
nmap, masscan, rustscan, nikto, whatweb, wafw00f, httpx, gowitness, subfinder, amass, dnsrecon

Exploitation
nuclei, sqlmap, xsstrike, commix, hydra, Metasploit RPC, OWASP ZAP, Burp Suite

Fuzzing & Enumeration
ffuf, gobuster, feroxbuster, dirb, wfuzz, enum4linux, smbclient, ldapsearch, snmpwalk

Post-Exploitation
impacket (secretsdump, psexec, wmiexec), chisel, john, hashcat, bloodhound

OSINT & SSL
theHarvester, sherlock, gau, waybackurls, testssl.sh, sslscan, sslyze

Container & Cloud
trivy, kube-hunter, VulnAPI (API DAST)

OPSEC & VPN Rotation

CStrike manages your operational security automatically. Five VPN providers are supported — with an nftables kill switch that drops all traffic if the tunnel goes down. Split routing keeps management traffic local while red team traffic goes through the VPN.

VPN IP rotation happens automatically during scans with three strategies: per-tool (new IP for every tool execution), periodic (rotate every N tools), or phase-based (new IP on each phase change). The rotation takes 5-10 seconds per swap from a pre-generated WireGuard config pool, and every rotation is logged with before/after IPs.

Target scope gating enforces your authorized scope at the API layer — no tool can reach outside your approved target list. An exploitation gate requires manual approval before any active exploitation runs.

AI Stream & Real-Time Visibility

Everything in CStrike streams live. The AI Stream shows the AI engine reasoning in real-time — you see every thought, every command decision, every observation as it happens. The dashboard displays system metrics (CPU, RAM, VPN status), service health (API, Metasploit, ZAP, Burp), and an attack battle map visualization. Logs stream with level filtering. WebSocket events fire for every scan result, credential discovery, phase change, and VPN rotation.

Interactive Terminal

Built-in terminal for interactive shell sessions — SSH into targets, catch reverse shells, run local commands — all from the browser. Session management tracks active connections with a 2000-line output buffer per session. A text-based TUI is also available for headless operation.

Deployment

CStrike ships as a Docker Compose stack (9 containers: PostgreSQL, Redis, API, Frontend, Traefik, KasmVNC browser, OWASP ZAP, Metasploit, VulnBox) or as a pre-built VM image (QCOW2, VMDK, OVA, VDI) for Proxmox, VMware, VirtualBox, or KVM. Also available as a bare-metal installer for Debian 12 and cloud-init scripts for AWS, GCP, Azure, and DigitalOcean.

Request Access
Scroll to Top