CStrike v2.6 — VMDK Distribution, Self-Update System, VPN Kill-Switch

What's New in v2.6

Self-Update System

One-click updates from the CStrike Dashboard. Detects new releases, pulls changes, rebuilds containers, and restarts services — all with a live-animated progress UI.

Parallel Full Port Scan

Full 65,535-port scans using RustScan with automatic service detection. Completes a full scan in under 60 seconds.

Stop & Delete Scans

Stop running scans and delete completed scans directly from the Command Center.

VMDK Distribution

New VMware-native streamOptimized VMDK format for both architectures, alongside QCOW2, VDI, and OVA.

VPN Kill-Switch Improvements

Improved iptables-based kill-switch with proper chain management, connection tracking, and DNS leak prevention.

---

Downloads

amd64 (x86_64)

Format	Download	Torrent
QCOW2 (Proxmox/KVM)	cstrikev2.6_amd64.qcow2	torrent
VMDK (VMware)	cstrikev2.6_amd64.vmdk	torrent
OVA (VMware/VBox)	cstrikev2.6_amd64.ova	torrent
VDI (VirtualBox)	cstrikev2.6_amd64.vdi	torrent

SHA256: checksums-amd64-v2.6.sha256

aarch64 (ARM64)

Format	Download	Torrent
QCOW2 (Proxmox/KVM)	cstrikev2.6_aarch64.qcow2	torrent
VMDK (VMware)	cstrikev2.6_aarch64.vmdk	torrent
OVA (VMware/VBox)	cstrikev2.6_aarch64.ova	torrent
VDI (VirtualBox)	cstrikev2.6_aarch64.vdi	torrent

SHA256: checksums-aarch64-v2.6.sha256

---

First Boot

1. Import the image into your hypervisor
2. Boot the VM (4 CPU / 8 GB RAM recommended)
3. First boot auto-expands disk, regenerates SSH keys, randomizes passwords
4. Access Dashboard at https://<vm-ip>/
5. Default credentials in /opt/cstrike/.env

Requirements

• 4+ CPU cores, 8+ GB RAM, 50+ GB disk
• One network interface (management/scan traffic)
• Optional second interface (VPN traffic)

CStrike v2.5.2

CStrike v2.5.2 — Exploit Pipeline Lifecycle Fixes & Tool Dependency Repairs

Bug Fixes

Exploit case pipeline stalling — Cases would get stuck in ACTIVE/ENUMERATION state after all tasks completed. Four root causes identified and fixed:

• Phase advancement missing in full-auto mode — ExploitTrackManager auto-approved gated tasks but never updated currentPhase, so cases appeared stuck in ENUMERATION while EXPLOITATION tasks were running. Phase now auto-advances based on highest active task phase.
• No case completion logic — Nothing ever transitioned cases from ACTIVE to COMPLETED. New checkCaseCompletion() detects when all tasks are terminal (with 30s grace period for late-spawning tasks) and closes the case.
• AI analysis feed spam — feedFindingsToAI() fired per-task with zero rate limiting. 25+ tasks completing near-simultaneously triggered 25+ identical AI analysis calls within 1.5 seconds. Added 10-second per-case debounce.
• Scan cleanup left orphaned cases — cleanupScan() only cleared in-memory state, leaving database cases as ACTIVE indefinitely. Now completes active cases and cancels queued tasks when the parent scan ends.

Tool dependency fixes:

• nikto — Missing Perl modules libjson-perl and libxml-writer-perl in the API Docker container. Every nikto invocation failed with Required module not found: JSON.
• httpx — Python httpx pip package (installed for TUI/MCP components) placed a CLI wrapper at /usr/local/bin/httpx that shadowed the ProjectDiscovery Go binary. The tool executor passed -u which Python httpx doesn't accept. Fixed by re-copying the Go binary after pip install.
• searchsploit — Tool executor passed --json --colour (invalid GNU-style long options). searchsploit uses -j for JSON output. Fixed to searchsploit -j <query>.

Files Changed

File	Change
docker/Dockerfile.api	Added libjson-perl libxml-writer-perl, re-copy Go httpx after pip install
api/src/services/toolExecutor.ts	searchsploit flags: --json --colour → -j
api/src/routes/cases.ts	advanceCasePhase(), checkCaseCompletion(), debouncedFeedFindingsToAI()
api/src/services/exploitTrackManager.ts	Phase advancement in full-auto, async cleanupScan() with case completion

Upgrade

cd /opt/cstrike && git pull origin main
docker compose build api && docker compose up -d api

v2.5.1

• Fixed base maps
• Fixed Split VPN functionality

CStrike v2.5 — AI Thinking, VulnBox, 9-Container Stack, ARM64

CStrike v2.5

Highlights

• AI Thinking Mode toggle for all providers (Ollama native, OpenAI/Anthropic/Grok via CoT)
• VulnBox deliberately vulnerable target container (30+ vulns, 12 services)
• 9-container Docker stack — added ZAP daemon, Metasploit RPC, VulnBox
• ARM64 (aarch64) support — native VM images + docker-compose override
• Dashboard — dynamic AI Feed/Exploitation Tracks layout, service host indicators
• TaskMapFooter error boundary for crash recovery
• Enable/Disable All bulk toggle for Scan Modes and Allowed Tools
• Early Exploitation task materialization during recon, persistence payloads
• Full-Auto Mode exploitation gate bypass for automated attack chains

Pre-built VM Downloads

Architecture	QCOW2	OVA
amd64	Download	Download
aarch64	Download	Download

BitTorrent | Checksums

VulnBox

Separately available at culpur/vulnbox v2.5

Bug Fixes

• Strict TypeScript Docker build (all strict-mode errors resolved)
• Target deletion URL vs ID parsing
• Scan stop/target status sync
• AI timeout increased to 3 minutes
• Credential re-validation dedup

Full Changelog

See v2-changelog.md

v2

Complete rewrite of CSTRIKE architecture, distribution, and modeling. Enjoy!

v1.2

Repo Cleanup, and VulnAPI implementation.

v1.5 coming soon

• Ollama support
• MCP server to maximize context and orchestration

v1

Origin Version.