project archive

Security projects

The builds behind the writeups — tooling and research I've shipped to solve real problems, not demos that only look good in a README.

Python · Active Directory
Python · Active Directory
AD Recon Lite — Lightweight Active Directory enumeration and dangerous-config detector
A focused Python tool that connects to a domain controller over LDAP and flags the AD misconfigurations attackers actually target during enumeration
View project
Python · Defensive Security
Python · Defensive Security
BlueStack — SIEM-in-a-Box for the B0bTheSkull Blue-Team Toolkit
A pre-wired ELK stack that ingests JSON from four custom blue-team tools, normalizes severity, tags events to MITRE ATT&CK techniques, and surfaces everything in Kibana — one command to stand up
View project
Python · Container Security
Python · Container Security
Container Watch — Docker Runtime Security Monitor
A lightweight Python tool that audits running containers for dangerous misconfigurations — privileged mode, sensitive mounts, exposed sockets, and more — in real time or on demand
View project
Python · Web Scraping
Python · Web Scraping
Cross-Verified Job Scraper (Python)
A LinkedIn job scraper with MLM/scam filtering, plus a second-pass cross-verification step that confirms each posting on the company's own careers site before flagging it as Golden.
View project
Python · OSINT
Python · OSINT
Darkdump — Dark Web OSINT Crawler
A paste and leak intelligence extractor that pulls IOCs, credentials, API keys, and crypto wallets from raw text dumps using regex and entropy analysis
View project
Project
Evil Twin Attack Simulation & Rogue AP Detection
Built a rogue access point on ESP32 hardware to simulate evil twin Wi-Fi attacks — captive portal, credential harvesting, and all — then engineered the detection signatures to catch it.
View project
Python · Deception
Python · Deception
HoneyNet — Modular Honeypot Framework
SSH, HTTP, and FTP decoy services that log attacker credentials, shell commands, and file probes into a single JSON stream — with real-time coordinated scan detection
View project
Python · Detection Engineering
Python · Detection Engineering
LogHound — CLI Log Anomaly Detection
A Python CLI that parses auth and web server logs to surface brute force attacks, credential stuffing, privilege escalation, and scanner behavior before they become incidents
View project
Python · Post-Exploitation
Python · Post-Exploitation
Loot CLI — Filesystem Recon for CTFs and Post-Exploitation
A Python CLI that walks a directory tree once and dispatches every path through eight specialized scanners to surface credentials, keys, SUID binaries, and CTF flags
View project
Python · Malware Analysis
Python · Malware Analysis
MalDoc Scanner — Static analyzer for malicious Office docs and PDFs
A Python static analyzer that extracts and scores VBA macros, embedded JavaScript, and IOCs from Office documents and PDFs without ever opening them in a viewer
View project
Python · Network Security
Python · Network Security
NetSentinel — Real-Time Network IDS
A Python-based network intrusion detection system that catches ARP spoofing, port scans, DNS hijacking, and ICMP floods as they happen — not after the fact
View project
Python · Threat Intelligence
Python · Threat Intelligence
PhishKit Analyzer — Static triage for phishing HTML artifacts
A static analysis tool that fingerprints phishing kits, identifies credential harvesting forms, detects brand impersonation, and extracts blocklist-ready IOCs from a saved HTML file
View project
Infrastructure · DNS
Infrastructure · DNS
Pi-hole Lab — DNS Filtering on the LAN
A Raspberry Pi 5 running Pi-hole with a local unbound recursive resolver — DNS-layer ad/tracker/malware blocking, observability via Prometheus + Grafana, and a doc set built like infrastructure.
View project
Python · Detection Engineering
Python · Detection Engineering
SigmaForge — Sigma Rule Writer, Validator, and Multi-Backend Converter
A CLI tool that wraps the pySigma ecosystem to validate, inspect, and convert Sigma detection rules to SIEM query languages during the authoring loop
View project
Python · OSINT
Python · OSINT
SubScope — Subdomain Reconnaissance
A subdomain enumeration tool that chains certificate transparency, DNS brute force, HTTP probing, and takeover detection into one clean pipeline
View project
Python · Threat Intelligence
Python · Threat Intelligence
ThreatPulse — CLI threat intelligence aggregator & web dashboard
A Python tool that fans out IOC lookups across four free threat intel feeds simultaneously, consolidates the results, and surfaces a single threat verdict
View project
Python · Security Tooling
Python · Security Tooling
VaultScan — Secret Scanner for Git Repositories
A CI-friendly Python tool that walks git history to surface leaked API keys, credentials, and private keys using regex pattern matching and Shannon entropy gating
View project
Python · Web Security
WebAudit — Web Application Security Scanner
A Python scanner that audits web apps for misconfigs and common vulns, then generates a self-contained HTML report with severity ratings and remediation steps
View project

AD Recon Lite — Lightweight Active Directory enumeration and dangerous-config detector

BlueStack — SIEM-in-a-Box for the B0bTheSkull Blue-Team Toolkit

Container Watch — Docker Runtime Security Monitor

Cross-Verified Job Scraper (Python)

Darkdump — Dark Web OSINT Crawler

Evil Twin Attack Simulation & Rogue AP Detection

HoneyNet — Modular Honeypot Framework

LogHound — CLI Log Anomaly Detection

Loot CLI — Filesystem Recon for CTFs and Post-Exploitation

MalDoc Scanner — Static analyzer for malicious Office docs and PDFs

NetSentinel — Real-Time Network IDS

PhishKit Analyzer — Static triage for phishing HTML artifacts

Pi-hole Lab — DNS Filtering on the LAN

SigmaForge — Sigma Rule Writer, Validator, and Multi-Backend Converter

SubScope — Subdomain Reconnaissance

ThreatPulse — CLI threat intelligence aggregator & web dashboard

VaultScan — Secret Scanner for Git Repositories

WebAudit — Web Application Security Scanner