Skip to content

JulianBurns85/CASTNET

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

30 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

CASTNET 🎣

Predator Hunter β€” v2.0

Distributed Civilian IMSI Catcher Detection and Geolocation Network

Where Rayhunter Threat Analyzer is the forensic lab, CASTNET is the net.

Built as the live operational layer for an ongoing IMSI catcher investigation β€” Cranbourne East, Victoria, Australia, 2026.

Python 3.9+ License: MIT Status: Live


What It Does

Every CASTNET node (a phone, tablet, or vehicle dongle) passively monitors cellular signals and reports confirmed rogue Cell ID detections β€” tagged with GPS coordinates, RSRP signal strength, and Timing Advance β€” to a central aggregation API running on a Raspberry Pi.

When three or more nodes detect the same rogue CID simultaneously, trilateration runs automatically and the attacker's physical location is estimated.

A live Leaflet.js map dashboard shows all detections, node status, and signal data in real time β€” served directly from the Pi via Flask at /dashboard.


Live Dashboard

map

Access via: http://<pi-lan-ip>:5000/dashboard


Architecture

castnet_node.py / castnet_android.py   (phone / tablet / OBD-II dongle)
       |
       | POST /api/v1/report  (via Tailscale WireGuard β€” encrypted)
       v
castnet_api.py           (Raspberry Pi β€” Flask + SQLite)
       |
       |── GET /api/v1/summary      β†’ live stats
       |── GET /api/v1/detections   β†’ detection feed
       |── GET /api/v1/map          β†’ GeoJSON for Leaflet
       |── GET /dashboard           β†’ serves live map HTML
       v
castnet_map.html         (Leaflet.js live map dashboard β€” browser)

Components

Component Location Description
Field node (Linux) castnet_node.py Runs on Linux or Android (Termux). No root required.
Field node (Android) castnet_android.py Native Android node via Termux. GPS + cellular scanning.
Central API castnet_api.py Flask REST API + SQLite. Runs on Raspberry Pi 24/7 via systemd. Serves dashboard at /dashboard.
Map dashboard dashboard/castnet_map.html Green-on-black Leaflet.js live map. Auto-refreshes every 30s.
Communal API castnet_communal_api.py Multi-operator aggregation server for community-wide detection.
Server castnet_server.py Extended server with additional reporting and aggregation logic.
Silent Trident castnet_silent_trident.py Passive trilateration engine β€” no active probing.
systemd service docs/castnet-api.service Auto-start and auto-restart on Pi boot.

Quick Start

Central API (Raspberry Pi)

mkdir ~/castnet
cd ~/castnet
pip install flask --break-system-packages
python castnet_api.py

Auto-start on boot:

sudo cp docs/castnet-api.service /etc/systemd/system/
sudo systemctl enable castnet-api
sudo systemctl start castnet-api

Field Node (Android Termux)

pkg install termux-api
pip install requests
python castnet_android.py

Termux requirements: Install the Termux:API companion app from F-Droid (not Play Store). Grant Phone and Location permissions to Termux:API in Android Settings.

Field Node (Linux)

pip install requests
python castnet_node.py

Map Dashboard

Open in any browser on your local network:

http://<pi-lan-ip>:5000/dashboard

API Endpoints

Method Endpoint Description
POST /api/v1/report Receive detection from node
GET /api/v1/detections All detections (filterable by hours, rogue_only)
GET /api/v1/summary Live stats β€” nodes, detection counts, last hit
GET /api/v1/map GeoJSON for Leaflet map
GET /dashboard Serve live map dashboard (HTML)

Live Network β€” Cranbourne East Investigation

Node Device Status
grapher Pixel 9 Pro (GrapheneOS) βœ… Live
ulefone_tab4_node1 Ulefone Android tablet βœ… Live

Confirmed rogue CIDs monitored (16 confirmed + 2 watchlist):

# Telstra AU (MCC=505 MNC=001 TAC=12385)
137713195,   # highest observation count
137713175,   # geo-located Prendergast Ave 331m
137713165,   # confirmed
137713155,   # confirmed
135836191,   # geo-located Collison Rd 912m
135836171,   # geo-located Casey Fields 2424m
135836161,   # added May 2026 β€” 31 observations

# Vodafone AU (MCC=505 MNC=003 TAC=30336)
8409357, 8409367, 8409387,
8409397,     # anomalous β€” rapid sub-2s departures

# Post-ACMA visit CIDs (appeared 8 May 2026 β€” zero OpenCelliD observations)
8666381, 8666391, 8666411

Full forensic analysis: rayhunter-threat-analyzer


Roadmap

  • v0.1 β€” Field node + central API + Tailscale reporting
  • v0.1 β€” systemd auto-start on Pi boot
  • v0.1 β€” Leaflet.js live map dashboard
  • v0.1 β€” Two-node live network operational
  • v0.2 β€” Node heartbeat + offline buffering
  • v0.3 β€” Dual reporting to local + communal server simultaneously
  • v0.3 β€” GPS tagging on mobile nodes (live β€” Termux GPS)
  • v0.4 β€” Trilateration engine (3+ nodes + RSRP)
  • v0.5 β€” RSRP signal strength heat map overlay
  • v2.0 β€” Flask serves dashboard directly at /dashboard (LAN + Tailscale)
  • v2.0 β€” Android-native node (castnet_android.py)
  • v2.0 β€” Live detection feed with per-node stats and known rogue CID list
  • v2.1 β€” CRIKEY! alert mode πŸ¦…
  • v3.0 β€” OBD-II vehicle node (Pi Zero 2W)
  • v3.0 β€” Public communal rogue CID registry

Hardware

Central: Raspberry Pi 5 (API + Pi-hole + Tailscale + ARIA)

Nodes: Android tablet + Pixel 9 Pro (GrapheneOS) via Termux

Planned: bladeRF 2.0 micro xA4 Β· MikroTik Chateau 5G R17 ax Β· Poynting XPOL-2-5G Β· Pi Zero 2W OBD-II node


Related Projects


Want to Run a Node?

If you're in Australia and suspect IMSI catcher activity in your area, you can run castnet_android.py on any Android device with Termux β€” no root required, no special hardware beyond the phone you already have.

Your node will:

  • Scan for rogue CIDs from the known database every 30 seconds
  • Tag detections with GPS coordinates and signal strength
  • Report to your own local API (self-hosted β€” your data stays yours)

See Contributing below, or open an issue if you want help getting set up.


Legal

Passive monitoring only. No transmission. No network impersonation.

Australia: Radiocommunications Act 1992 (Cth) β€” passive reception of signals requires no licence.

Regulatory actions on file:

  • ACMA ENQ-1851DVJH04
  • TIO 2026-03-04898
  • VicPol CIRS-20260331-141
  • AFP LEX 4864

Contributing

Pull requests welcome. If you're running your own CASTNET instance or have confirmed rogue CIDs to add to the registry, open an issue.

If you're a researcher, journalist, or regulator interested in the underlying investigation data, contact via GitHub or the regulatory references above.


License

MIT β€” see LICENSE


Built with a Raspberry Pi 5, two Android devices, a bladeRF SDR, too much coffee, and justifiable paranoia.

β€” Julian Burns, Cranbourne East VIC, 2026

*"Because they killed Steve... YOU BASTARDS!!!" ??

About

Distributed civilian IMSI catcher detection and geolocation network

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors