cstrike

CStrike is an autonomous offensive security platform that orchestrates a 9-phase attack pipeline across 35+ integrated tools inside a Docker stack. The system exposes a real-time web dashboard and a remote browser session (KasmVNC) to manage scans, view results, and control tool execution. Use the Quick Start to boot the entire stack with a single command, then seed the database and monitor progress through the API and frontend. The pipeline integrates reconnaissance, AI analysis, web scanning, exploitation, API security checks, and Metasploit coordination to deliver a comprehensive assessment workflow. Administrative safeguards and VPN rotation features help manage engagement scope and operator OPSEC during tests.

Prerequisites

• Docker Engine 24+ and Docker Compose v2+ (plugin)
• Debian 12 (Bookworm) or compatible Linux host
• Sufficient hardware: 4 CPU cores, 8 GB RAM, 50 GB disk

1. Clone the repository

git clone https://github.com/culpur/cstrike.git
cd cstrike

2. Copy and customize environment variables

cp .env.example .env
# Edit .env — set POSTGRES_PASSWORD, REDIS_PASSWORD, KASM_PASSWORD

3. Generate TLS certificates for TLS/HTTPS access (optional for local secure access)

bash docker/generate-certs.sh

4. Start the Docker stack

docker compose up -d

5. Seed the database (first run only)

docker exec cstrike-api npx prisma db seed

6. Access interfaces

• HTTPS Dashboard: https://localhost/
• Remote Browser (Kasm): https://localhost:6901/
• TUI: docker exec -it cstrike-api python -m tui

Notes:
- The API container runs the Node + Python based services and coordinates the MCP server actions.
- If you prefer installing on bare-metal, see the Distribution docs in docs/DISTRIBUTION.md and follow the Bare Metal Install guide.

Tips and caveats:

• Ensure host tools are installed on the host (nmap, nuclei, ffuf, hydra, sqlmap, impacket, etc.) as the API container executes these tools via bind-mounted host directories.
• Set proper TLS certificates to avoid browser security warnings in production deployments.
• VPN/IP rotation is integral to scans; configure the WireGuard/VPN pool properly in your environment to enable smooth IP cycling.
• The environment variables POSTGRES_PASSWORD, REDIS_PASSWORD, and KASM_PASSWORD must be defined in .env and kept secure; mismatches will prevent services from starting.
• For scaled or production use, monitor resource usage and consider increasing RAM or CPU limits and adjusting database/Redis persistence as needed.