# efforg/rayhunter **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/efforg-rayhunter).** 4,596 stars · 352 forks · Rust · gpl-3.0 ## Links - GitHub: https://github.com/EFForg/rayhunter - Homepage: https://efforg.github.io/rayhunter/ - awesome-repositories: https://awesome-repositories.com/repository/efforg-rayhunter.md ## Description Rayhunter is an IMSI catcher detection tool and cellular network monitor designed to identify cell-site simulators and fake base stations. It functions as an SDR signal analyzer that tracks tower connectivity, logs GPS locations, and monitors for network downgrades or disabled encryption on mobile hardware. The system distinguishes itself through heuristic-based traffic analysis used to detect suspicious identity requests, malformed system information, and the use of null ciphers. It includes a remote device management interface consisting of a REST API and web dashboard for controlling detection daemons. The project covers broad capabilities in wireless signal capturing, remote device administration via ADB or telnet, and hardware integration for rendering status through LEDs and physical button triggers. It also provides network management utilities, including dual-mode WiFi operation and automated driver recovery. Software is deployed to supported mobile devices through automated daemon installation and can be updated using source packages or pre-built binaries. ## Tags ### Part of an Awesome List - [IMSI Catcher Detection](https://awesome-repositories.com/f/awesome-lists/security/imsi-catcher-detection.md) — Provides specialized tools to identify rogue base stations and cell-site simulators through signal analysis. ([source](https://cdn.jsdelivr.net/gh/efforg/rayhunter@main/README.md)) - [Network Security Analysis](https://awesome-repositories.com/f/awesome-lists/security/network-security-analysis.md) — Processes captured traffic files using heuristics to identify potential IMSI catchers and simulators. ([source](https://efforg.github.io/rayhunter/reanalyzing.html)) - [Security And Privacy](https://awesome-repositories.com/f/awesome-lists/security/security-and-privacy.md) — IMSI catcher detection tool. ### Hardware & IoT - [Heuristic Analysis](https://awesome-repositories.com/f/hardware-iot/radio-frequency-signal-processing/heuristic-analysis.md) — Uses heuristic-based pattern recognition on cellular signal logs to identify fake base stations and IMSI catchers. - [GPS Coordinate Loggers](https://awesome-repositories.com/f/hardware-iot/gps-location-tracking/gps-coordinate-loggers.md) — Logs GPS coordinates and timestamps alongside cellular traffic captures for spatial mapping of base stations. - [Wireless Signal Recorders](https://awesome-repositories.com/f/hardware-iot/radio-frequency-signal-processing/wireless-signal-recorders.md) — Provides a web interface to control recording and manage logs of raw radio frequency data. ([source](https://efforg.github.io/rayhunter/using-rayhunter.html)) ### System Administration & Monitoring - [Cellular Network Monitors](https://awesome-repositories.com/f/system-administration-monitoring/cellular-network-monitors.md) — Tracks tower connectivity and monitors for network downgrades or disabled encryption on mobile hardware. - [Cellular Traffic Analysis](https://awesome-repositories.com/f/system-administration-monitoring/network-traffic-analysis/cellular-traffic-analysis.md) — Processes mobile traffic captures using heuristic analysis to detect suspicious identity requests and encryption disablement. - [Remote Access Utilities](https://awesome-repositories.com/f/system-administration-monitoring/remote-access-utilities.md) — Provides administrative command-line access to mobile hardware via ADB or Telnet bridges. - [Driver Recovery Loops](https://awesome-repositories.com/f/system-administration-monitoring/background-process-management/automatic-crash-recovery/driver-recovery-loops.md) — Automatically detects wireless driver failures and re-initializes the network stack to maintain connectivity. - [Cellular Connection Logging](https://awesome-repositories.com/f/system-administration-monitoring/health-monitoring/connection-health-monitors/cellular-connection-logging.md) — Generates diagnostic logs for cellular tower connections and disconnections to assist in network capture analysis. ([source](https://efforg.github.io/rayhunter/heuristics.html)) - [Remote Device Management](https://awesome-repositories.com/f/system-administration-monitoring/remote-device-management.md) — Provides a centralized interface for configuring and monitoring detection daemons on remote devices. - [Telnet Remote Management](https://awesome-repositories.com/f/system-administration-monitoring/telnet-remote-management.md) — Implements administrative interfaces providing remote command execution via the Telnet protocol. ([source](https://efforg.github.io/rayhunter/wingtech-ct2mhs01.html)) - [Traffic Analysis](https://awesome-repositories.com/f/system-administration-monitoring/traffic-analysis.md) — Provides a command-line tool to apply detection heuristics to captured traffic files offline on a desktop. ([source](https://efforg.github.io/rayhunter/print.html)) ### Operating Systems & Systems Programming - [Hardware Shell Access](https://awesome-repositories.com/f/operating-systems-systems-programming/hardware-shell-access.md) — Provides a command-line interface for direct access to device hardware for system interaction and troubleshooting. ([source](https://efforg.github.io/rayhunter/moxee.html)) - [Mobile Hardware Shell Bridges](https://awesome-repositories.com/f/operating-systems-systems-programming/terminal-command-line-environments/shells-scripting/powershell/remote-shells/mobile-hardware-shell-bridges.md) — Ships bridge utilities for transferring files and opening remote command shells on mobile hardware. ([source](https://efforg.github.io/rayhunter/installing-from-source.html)) - [Root-Level System Integration](https://awesome-repositories.com/f/operating-systems-systems-programming/root-level-system-integration.md) — Provides root-level access for direct interfacing with system binaries and protected internal APIs. ([source](https://efforg.github.io/rayhunter/orbic.html)) ### Scientific & Mathematical Computing - [SDR Signal Analysis](https://awesome-repositories.com/f/scientific-mathematical-computing/data-modeling-processing/signal-processing/sdr-signal-analysis.md) — Provides a framework for processing signal captures and applying detection logic to identify suspicious cellular behavior. ### Security & Cryptography - [Authentication Bypass Detections](https://awesome-repositories.com/f/security-cryptography/authentication-bypass-detections.md) — The analysis of identity request patterns that bypass authentication to identify potential cell-site simulators. ([source](https://efforg.github.io/rayhunter/heuristics.html)) - [Cellular Simulator Detections](https://awesome-repositories.com/f/security-cryptography/cellular-simulator-detections.md) — The analysis of cellular signals to identify simulators and catchers utilizing compatible modem hardware. ([source](https://efforg.github.io/rayhunter/uz801.html)) - [Cipher Suite Detection](https://awesome-repositories.com/f/security-cryptography/encryption/cipher-suite-detection.md) — Identifies base stations requesting null ciphers to transmit data without encryption. ([source](https://efforg.github.io/rayhunter/heuristics.html)) - [Fake Base Station Detections](https://awesome-repositories.com/f/security-cryptography/fake-base-station-detections.md) — The detection of incomplete system information block chains that indicate the presence of a fake base station. ([source](https://efforg.github.io/rayhunter/heuristics.html)) - [Network Downgrade Detection](https://awesome-repositories.com/f/security-cryptography/network-security-monitors/network-downgrade-detection.md) — Monitors base stations that force devices from secure 4G connections to less secure 2G networks. ([source](https://efforg.github.io/rayhunter/heuristics.html)) - [Detection](https://awesome-repositories.com/f/security-cryptography/firewalls/daemon-controllers/detection.md) — Implements a web server interface for remote management of the background detection process via HTTP. ### Development Tools & Productivity - [ADB Device Managers](https://awesome-repositories.com/f/development-tools-productivity/adb-device-managers.md) — Uses ADB-based toolsets for deploying software and managing system interactions on mobile hardware. ### Mobile Development - [Mobile Device Management](https://awesome-repositories.com/f/mobile-development/mobile-infrastructure-security/mobile-device-management.md) — Manages, configures, and monitors detection daemons on mobile device hardware. ### Networking & Communication - [Driver Recovery Mechanisms](https://awesome-repositories.com/f/networking-communication/network-stacks/embedded-network-driver-integration/driver-recovery-mechanisms.md) — Automatically detects kernel module failures and reloads the wireless driver to maintain network connectivity. ([source](https://efforg.github.io/rayhunter/print.html)) ### Web Development - [REST APIs](https://awesome-repositories.com/f/web-development/rest-apis.md) — Provides a REST API for the programmatic management of detection daemons via a web interface. ([source](https://efforg.github.io/rayhunter/api-docs.html))