MCPcopy Index your code
hub / github.com/drinkingc0ffee/rayhunter-enhanced

github.com/drinkingc0ffee/rayhunter-enhanced @v0.4.2

Chat with this repo
repository ↗ · DeepWiki ↗ · release v0.4.2 ↗ · + Follow
608 symbols 1,393 edges 91 files 161 documented · 26%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Rayhunter Enhanced - Cellular Security Analysis Tool

License: MIT Rust Security

🚨 Critical Security Research Tool

Rayhunter Enhanced is an advanced cellular network security analysis framework designed to detect sophisticated attacks on mobile communications, including:

  • 2G Downgrade Attacks (IMSI catchers)
  • Rogue Cell Tower Detection
  • Man-in-the-Middle Cellular Attacks
  • Network Spoofing Analysis
  • GPS-Cellular Correlation Forensics

⚠️ Important Legal Notice

This tool is designed for legitimate security research, network defense, and authorized penetration testing only. Users must:

  • ✅ Have explicit permission to analyze cellular networks
  • ✅ Comply with local telecommunications laws
  • ✅ Use only for defensive security purposes
  • NOT use for unauthorized interception or surveillance

The authors are not responsible for misuse of this software.

🎯 Key Features

Attack Detection Capabilities

  • RRC Connection Release Detection - Identifies forced 2G downgrades
  • SIB Manipulation Analysis - Detects broadcast information tampering
  • Cell Tower Spoofing - Identifies rogue cellular infrastructure
  • IMSI Catcher Detection - Advanced fake base station identification

Advanced Analysis Tools

  • SCAT Integration - Professional QMDL file parsing
  • GPS Correlation - Map cellular events to geographic locations
  • Multi-format Export - KML, CSV, JSON, GPX output
  • Forensic Documentation - Complete evidence chain preservation

Professional-Grade Parsing

  • QMDL Analysis - Qualcomm diagnostic message logs
  • NDJSON Processing - Structured cellular data analysis
  • Raw Binary Parsing - Low-level protocol inspection
  • Multi-tool Integration - SCAT, custom analyzers

🚀 Quick Start

Prerequisites

# Rust (latest stable)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

# Python 3.9+
python3 --version

# SCAT (Samsung Cellular Analysis Tool) - Optional but recommended
# Install from: https://github.com/fgsect/scat

Installation

git clone https://github.com/[your-org]/rayhunter-enhanced.git
cd rayhunter-enhanced

# Build the main application
cargo build --release

# Install Python dependencies for analysis tools
pip3 install -r requirements.txt

Basic Usage

1. Detect 2G Downgrade Attacks

# Analyze QMDL file for downgrade attacks
python3 tools/downgrade_analyzer.py --qmdl capture.qmdl --output analysis.json

# Generate reproducible report
python3 verify_downgrade_analysis.py

2. Correlate with GPS Data

# Correlate cellular observations with GPS coordinates
python3 tools/cell_gps_correlator.py \
    --gps locations.gps \
    --qmdl capture.qmdl \
    --output correlation.csv

3. Advanced SCAT Analysis

# Parse QMDL with professional SCAT tool
python3 tools/scat_cellular_parser.py \
    --scat-json scat_output.json \
    --output cellular_analysis.json

📊 Analysis Workflow

graph TD
    A[QMDL/PCAPNG Files] --> B[Rayhunter Enhanced]
    C[GPS Data] --> B
    B --> D[2G Downgrade Detection]
    B --> E[Cell Tower Analysis]
    B --> F[GPS Correlation]
    D --> G[Security Report]
    E --> G
    F --> G
    G --> H[Evidence Documentation]
    G --> I[KML Visualization]
    G --> J[Forensic CSV Export]

🛠️ Advanced Tools

Cellular Analysis Suite

  • downgrade_analyzer.py - 2G downgrade attack detection
  • cell_gps_correlator.py - GPS-cellular correlation with SCAT integration
  • comprehensive_cellular_correlator.py - Detailed cellular parameter extraction
  • scat_cellular_parser.py - Professional SCAT output analysis
  • extract_cell_details.py - Network identifier extraction

Forensic Documentation

  • verify_downgrade_analysis.py - Reproducible analysis verification
  • Automated evidence chain preservation
  • Complete technical documentation generation
  • Multi-format export (JSON, CSV, KML, GPX)

📈 Use Cases

Security Research

  • Academic research on cellular security vulnerabilities
  • Development of cellular attack detection systems
  • Analysis of rogue base station behavior

Network Defense

  • Corporate security assessment of mobile infrastructure
  • Detection of unauthorized cellular surveillance equipment
  • Mobile network penetration testing

Digital Forensics

  • Investigation of cellular-based attacks
  • Evidence collection for legal proceedings
  • Technical analysis for law enforcement

🔧 Configuration

Environment Setup

# Copy example configuration
cp config.example.json config.local.json

# Edit for your environment
vim config.local.json

SCAT Integration

# Install SCAT for enhanced QMDL parsing
# Download from: https://github.com/fgsect/scat
# Update path in tools configuration

📖 Documentation

🤝 Contributing

We welcome contributions from the security research community:

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-detection)
  3. Commit your changes (git commit -m 'Add amazing detection capability')
  4. Push to the branch (git push origin feature/amazing-detection)
  5. Open a Pull Request

Contribution Guidelines

  • Focus on defensive security capabilities
  • Include comprehensive documentation
  • Add test cases for new features
  • Follow responsible disclosure practices

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🔒 Security Considerations

Data Handling

  • Never commit real QMDL files or sensitive data
  • Sanitize all example data before sharing
  • Use test data for demonstrations and documentation

Responsible Use

  • Obtain permission before analyzing cellular networks
  • Report vulnerabilities through proper channels
  • Respect privacy and telecommunications regulations

🆘 Support & Community

🏆 Acknowledgments

  • EFF Rayhunter Team - Original rayhunter project foundation
  • SCAT Developers - Professional cellular analysis capabilities
  • Security Research Community - Continued innovation in mobile security

⚠️ Remember: Use responsibly and legally. This tool is for defensive security research only.

Extension points exported contracts — how you extend this code

Analyzer (Interface)
An [Analyzer] represents one type of heuristic for detecting an IMSI Catcher (IC). While maintaining some amount of stat [6 …
lib/src/analysis/analyzer.rs
GenericFramebuffer (Interface)
(no doc) [3 implementers]
bin/src/display/generic_framebuffer.rs
SystemStats (Interface)
(no doc)
bin/web/src/lib/systemStats.ts
QmdlAnalyzer (Interface)
A [QmdlAnalyzer] operates at the QMDL message level, before GSMTAP parsing. This allows for extraction of cellular netwo [1 …
lib/src/analysis/analyzer.rs
RuntimeMetadata (Interface)
(no doc)
bin/web/src/lib/systemStats.ts
DiskStats (Interface)
(no doc)
bin/web/src/lib/systemStats.ts
MemoryStats (Interface)
(no doc)
bin/web/src/lib/systemStats.ts
AnalyzerConfig (Interface)
(no doc)
bin/web/src/lib/utils.svelte.ts

Core symbols most depended-on inside this repo

write
called by 31
bin/src/analysis.rs
exists
called by 29
bin/src/qmdl_store.rs
telnet_send_command
called by 22
installer/src/util.rs
parse
called by 17
lib/src/gsmtap_parser.rs
is_empty
called by 14
lib/src/analysis/analyzer.rs
decode
called by 14
telcom-parser/src/lib.rs
add_analyzer
called by 8
lib/src/analysis/analyzer.rs
adb_at_syscmd
called by 8
installer/src/orbic.rs

Shape

Method 256
Function 181
Class 120
Enum 40
Interface 11

Languages

Rust71%
Python23%
TypeScript6%

Modules by API surface

lib/src/diag.rs33 symbols
bin/src/qmdl_store.rs31 symbols
lib/src/cellular_info.rs28 symbols
lib/src/analysis/analyzer.rs24 symbols
installer/src/orbic.rs19 symbols
bin/web/src/lib/manifest.svelte.ts18 symbols
lib/src/analysis/cellular_network.rs17 symbols
bin/src/gps_correlation.rs16 symbols
tools/cell_gps_correlator.py15 symbols
lib/src/diag_device.rs15 symbols
bin/src/analysis.rs15 symbols
tools/comprehensive_cellular_correlator.py14 symbols

For agents

$ claude mcp add rayhunter-enhanced \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact