C2 Log-Parser

Streamlined reporting for modern adversaries.

One structure. Infinite analysis.

TIBER and TLPT engagements require meticulous, granular documentation of every operator action. Consolidating disparate logs from different Command & Control frameworks is tedious and error-prone.

C2 Log-Parser is a modular, extensible parser that ingests logs directly from your C2s and provides a single, unified structure for comprehensive analysis and automated report generation.

๐Ÿ“ฅ

Ingest

Parse logs from Cobalt Strike, Brute Ratel, and Outflank C2 (OC2). Store them securely in a structured SQLite database.

๐Ÿงน

Minimize

Remove operational clutter automatically. Exclude specific beacons, IPs, or hostnames using a simple configuration file.

๐Ÿ“Š

Report

Generate detailed CSV reports ready for client delivery, fully supporting TIBER-EU and MITRE ATT&CK mappings.

Quick Start

Download the standalone binary from the releases page, or run it via Python:

# Setup environment
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

# Full pipeline: ingest, minimize, report
python3 gimmelogs.py -x cs -i ./logs -c config.yml -m -r -p ./results