aicertificationcloud-engineeringcybercybersecuritycybersecurity-analystcybersecurity-certificationcybersecurity-certificationscybersecurity-educationcybersecurity-jobscybersecurity-portfoliocybersecurity-projectscybersecurity-toolsgrchackinglearningpentestingproject-repositoryprojetcspython
Closes 36 findings from the project audit. The headline win is correctness: the daemon now actually does what the README claims, all three audit-log integrity layers verify, and the rotation control loop terminates. Critical fixes: - Orchestrator bumps Credential.last_rotated_at on success and writes a sealed credential_versions row, so the policy evaluator stops re-firing the same rotation every tick - Envelope encryption (AES-256-GCM, KEK-wrapped DEK, AAD-bound) is now wired into the rotation success path; the credential_versions table is no longer dead schema - cre audit verify checks all three layers (hash chain + HMAC ratchet + Merkle batches) instead of only the chain - BatchSealerScheduler runs every 300s and on shutdown so audit_batches actually fills with signed Merkle roots - Compliance bundle exports the real audit_batches list and covers public_key.pem under the manifest's checksum - cre run/watch hard-fail without CRE_HMAC_KEY_HEX + CRE_KEK_HEX rather than silently using zero defaults Quality fixes: - HTTP::Client wrapper with connect/read timeouts + bounded retry-with- jitter on 408/429/5xx; Telegram error logs redact the bot token - EventBus dispatch isolates Block subscribers behind select+timeout so one stuck subscriber can't pin the bus - RotationWorker checks rotations.in_flight before dispatching to dedupe duplicate schedules; PG enforces it at the DB via partial unique index - Commit-step failures transition rotations to Inconsistent (a terminal state) and raise a critical alert instead of pretending success - env_file rotator uses per-PID pending paths plus an exclusive flock on a sibling .lock file so two daemons can't race on the rename - Versioned migration runner replaces the soup of CREATE IF NOT EXISTS; SQLite gains BEFORE UPDATE / BEFORE DELETE triggers on audit_events - AuditSubscriber publishes a critical alert + panics by default when log writes fail, instead of silently dropping - Engine.stop drains via an ack channel with a 2s deadline rather than the previous magic 50ms sleep - Policy DSL moved into CRE::Policy::Dsl module (consumers `include` it); multiple matching policies raise PolicyConflictError - Evaluator uses credentials.overdue() per-max_age group instead of loading every credential each tick - AuditRepo gains each_in_range streaming and all_batches enumeration; bundle export streams instead of buffering - New cre verify-bundle <zip> CLI re-runs every check the bundle README documents; new cre tui-demo for synthetic event preview Tests: 179 unit (up from 159), all passing. New rotation_worker_spec, new SigV4 regression vector, new orchestrator success-path coverage (envelope write + last_rotated_at bump + Inconsistent state). Docs: README + learn/00..04 aligned with the post-audit behavior; removed /snooze (was a stub) and the AwsIamKey/Database CredentialKind variants that had no rotators. Added required-env-var documentation. |
||
|---|---|---|
| .github | ||
| PROJECTS | ||
| RESOURCES | ||
| ROADMAPS | ||
| SYNOPSES | ||
| TEMPLATES | ||
| .gitguardian.yml | ||
| .gitignore | ||
| .gitmodules | ||
| .pre-commit-config.yaml | ||
| LICENSE | ||
| README.md | ||
README.md
Cybersecurity Projects 🐉
67 Cybersecurity Projects, Certification Roadmaps & Resources
Made possible by CertGames
View Complete Projects:
Currently building: Credential Rotation Enforcer
Quick Navigation
Projects
67 hands-on cybersecurity projects with full source code, from beginner to advanced level.
Certification Roadmaps
10 structured career paths with certification guides for SOC Analyst, Pentester, Security Engineer, and more.
Learning Resources
Tools, courses, certifications, communities, and frameworks for cybersecurity professionals.
Projects
Beginner Projects
| Project | Info | What You'll Learn |
|---|---|---|
| Simple Port Scanner Async TCP port scanner in C++ @deniskhud |
TCP socket programming • Async I/O patterns • Service detection Source Code | Docs |
|
| Keylogger Capture keyboard events with timestamps |
Event handling • File I/O • Ethical considerations Source Code | Docs |
|
| Caesar Cipher CLI encryption/decryption tool |
Classical cryptography • Brute force attacks • CLI design Source Code | Docs |
|
| DNS Lookup CLI Tool Query DNS records with WHOIS |
DNS protocols • WHOIS queries • Reverse DNS lookup Source Code | Docs |
|
| Simple Vulnerability Scanner Check software against CVE databases |
CVE databases • Dependency scanning • Vulnerability assessment Source Code | Docs |
|
| Metadata Scrubber Tool Remove EXIF and privacy metadata @Heritage-XioN |
EXIF data • Privacy protection • Batch processing Source Code | Docs |
|
| Network Traffic Analyzer Capture and analyze packets |
Packet capture • Protocol analysis • Traffic visualization Source (C++) | Docs (C++) | Source (Python) | Docs (Python) |
|
| Hash Cracker Dictionary and brute-force cracking |
Hash algorithms • Dictionary attacks • Password security Source Code | Docs |
|
| Steganography Multi-Tool Hide data in images, audio, QR, PDFs, text |
Multi-format steganography • Zero-width Unicode • Audio LSB • QR exploitation Learn More |
|
| Ghost on the Wire L2 attack & defense: MAC spoofing + ARP detection |
ARP protocol • MAC spoofing • MITM detection • L2 trust mapping Learn More |
|
| Canary Token Generator Self-hosted honeytokens that alert on access |
Deception defense • Honeytokens • Webhook alerting • Intrusion detection Learn More |
|
| Security News Scraper Aggregate cybersecurity news |
Web scraping • CVE parsing • Database storage Learn More |
|
| Phishing Domain Generator & Quishing Scanner Typosquat generation + QR phishing detection |
Homoglyph attacks • Typosquatting • QR code analysis • Domain intelligence Learn More |
|
| SSH Brute Force Detector Monitor and block SSH attacks |
Log parsing • Attack detection • Firewall automation Learn More |
|
| Simple C2 Beacon Command and Control beacon/server |
C2 architecture • MITRE ATT&CK • WebSocket protocol • XOR encoding Source Code | Docs |
|
| Base64 Encoder/Decoder Multi-format encoding tool |
Base64/32 encoding • URL encoding • Auto-detection Source Code | Docs |
|
| Linux CIS Hardening Auditor CIS benchmark compliance checker |
CIS benchmarks • System hardening • Compliance scoring • Shell scripting Source Code | Docs |
|
| Systemd Persistence Scanner Hunt Linux persistence mechanisms |
Persistence techniques • Systemd internals • Cron analysis • Threat hunting Source Code | Docs |
|
| Linux eBPF Security Tracer Real-time syscall tracing with eBPF |
eBPF programs • Syscall tracing • BCC framework • Security observability Source Code | Docs |
|
| Trojan Application Builder Educational malware lifecycle demo |
Trojan anatomy • Data exfiltration • File encryption • Attack lifecycle Learn More |
|
| DNS Sinkhole Pi-hole-style malware domain blocker |
DNS protocol • Blocklist management • Query logging • Network defense Learn More |
|
| Firewall Rule Engine Parse and validate iptables/nftables rules |
Firewall internals • Rule parsing • iptables/nftables • V language Source Code | Docs |
|
| LLM Prompt Injection Firewall Detect and block prompt injection attacks |
AI security • Prompt injection • Input sanitization • LLM defense Learn More |
Intermediate Projects
| Project | Info | What You'll Learn |
|---|---|---|
| Payload Obfuscation Engine Multi-layer payload obfuscation toolkit |
Obfuscation techniques • Polymorphism • AV evasion • Signature detection Learn More |
|
| SIEM Dashboard Log aggregation with correlation |
SIEM concepts • Log correlation • Full-stack development Source Code | Docs |
|
| Token Abuse Playground 15+ token vulnerabilities to exploit and fix |
JWT exploitation • OAuth attacks • Session security • Token forensics Learn More |
|
| Supply Chain Attack Simulator Fake PyPI package dependency confusion demo |
Supply chain attacks • Dependency confusion • Package security • PyPI internals Learn More |
|
| DDoS Mitigation Tool Detect traffic spikes |
DDoS detection • Rate limiting • Anomaly detection Learn More |
|
| Secrets Scanner Scan codebases and git history for leaked secrets |
Secret detection • Shannon entropy • HIBP k-anonymity • SARIF output Source Code | Docs |
|
| API Security Scanner Enterprise API vulnerability scanner |
OWASP API Top 10 • ML fuzzing • GraphQL/SOAP testing Source Code | Docs |
|
| Wireless Deauth Detector Monitor WiFi deauth attacks |
Wireless security • Packet sniffing • Attack detection Learn More |
|
| Credential Enumeration Post-exploitation credential collection |
Credential extraction • Browser forensics • Red team tooling • Nim language Source Code | Docs |
|
| Binary Analysis Tool Disassemble and analyze executables |
Binary analysis • String extraction • Malware detection Source Code | Docs |
|
| Chaos Engineering Security Tool Inject security failures to test resilience |
Chaos engineering • Security resilience • Credential spraying • Auth testing Learn More |
|
| Credential Rotation Enforcer Track and enforce credential rotation policies |
Credential hygiene • Secret rotation • Compliance dashboards • API integration Learn More |
|
| Race Condition Exploiter TOCTOU race condition attack & defense lab |
TOCTOU attacks • Double-spend bugs • Concurrent exploitation • Race visualization Learn More |
|
| Self-Hosted Shodan Clone Internet-connected device search engine |
Service fingerprinting • Network scanning • OSINT • Search engine design Learn More |
|
| JA3/JA4 TLS Fingerprinting Tool Fingerprint TLS clients by handshake |
TLS handshake analysis • JA3/JA4 hashing • Bot detection • Malware C2 identification Learn More |
|
| Mobile App Security Analyzer Decompile and analyze mobile apps |
APK/IPA analysis • Reverse engineering • OWASP Mobile Learn More |
|
| DLP Scanner Data Loss Prevention for files, DBs, and traffic |
PII detection • GDPR/HIPAA compliance • Pattern matching • Data classification Source Code | Docs |
|
| Lua/Nginx Edge Backend Full CRUD backend via Lua in Nginx |
Edge computing • OpenResty • Lua scripting • WAF • JWT at the edge Learn More |
|
| Privesc Playground 20+ privilege escalation paths to exploit |
SUID exploitation • Sudo abuse • Cron hijacking • GTFOBins • Capability abuse Learn More |
|
| SBOM Generator & Vulnerability Matcher Software Bill of Materials with CVE matching |
SPDX/CycloneDX formats • Dependency analysis • CVE databases • EO 14028 compliance Source Code | Docs |
|
| Subdomain Takeover Scanner Detect dangling DNS records |
DNS enumeration • CNAME analysis • Cloud resource claiming • Bug bounty Learn More |
|
| GraphQL Security Tester Automated GraphQL vulnerability testing |
Introspection attacks • Query depth DoS • Authorization bypass • Batching abuse Learn More |
|
| Docker Security Audit CIS Docker Benchmark scanner |
CIS benchmarks • Container security • Multiple output formats Source Code | Docs |
Advanced Projects
| Project | Info | What You'll Learn |
|---|---|---|
| API Rate Limiter Distributed rate limiting middleware |
Token bucket algorithm • Distributed systems • Redis backend Source Code | Docs |
|
| Encrypted Chat Application Real-time E2EE messaging |
Signal Protocol • Double Ratchet • WebAuthn • WebSockets Source Code | Docs |
|
| Exploit Development Framework Modular exploitation framework |
Exploit development • Payload generation • Plugin architecture Learn More |
|
| AI Threat Detection ML-powered nginx threat detection |
ML ensemble (AE + RF + IF) • ONNX inference • Real-time detection Source Code |
|
| Bug Bounty Platform Full vulnerability disclosure platform |
Full-stack development • CVSS scoring • Workflow automation Source Code | Docs |
|
| Cloud Security Compliance Dashboard Multi-cloud compliance with CIS, SOC2, HIPAA |
CIS benchmarks • SOC2/HIPAA compliance • Cost-security optimization • Drift detection Learn More |
|
| Malware Analysis Platform Automated sandbox analysis |
Malware analysis • Sandboxing • YARA rules • IOC extraction Learn More |
|
| Quantum Resistant Encryption Post-quantum cryptography |
Post-quantum algorithms • Hybrid encryption • Kyber/Dilithium Learn More |
|
| Zero Day Vulnerability Scanner Coverage-guided fuzzing |
Fuzzing • Vulnerability research • Crash triage Learn More |
|
| Distributed Password Cracker GPU-accelerated cracking |
Distributed systems • GPU computing • Hash cracking Learn More |
|
| Kernel Rootkit Detection Detect kernel-level rootkits |
Kernel internals • Memory forensics • Rootkit detection Learn More |
|
| Blockchain Smart Contract Auditor Solidity vulnerability analysis |
Smart contracts • Static analysis • Solidity security Learn More |
|
| Adversarial ML Attacker Generate adversarial examples |
Adversarial ML • FGSM/DeepFool • Model robustness Learn More |
|
| Advanced Persistent Threat Simulator Multi-stage APT simulation |
APT techniques • C2 infrastructure • Lateral movement Learn More |
|
| Hardware Security Module Emulator Software HSM with PKCS#11 |
HSM concepts • PKCS#11 interface • Cryptographic operations Learn More |
|
| Network Covert Channel Data exfiltration techniques |
Covert channels • Data exfiltration • Steganography Learn More |
|
| Automated Penetration Testing Full pentest automation |
Pentest automation • Recon to exploitation • Report generation Learn More |
|
| Haskell Reverse Proxy Functional reverse proxy with security middleware |
Functional programming • Reverse proxy design • Security middleware • Haskell Source Code |
|
| "Monitor the Situation" Dashboard Real-time cyber threat situational awareness |
Threat intelligence • CVE tracking • MITRE ATT&CK • OSINT • Real-time dashboards Learn More |
|
| Honeypot Network Multi-service honeypot deployment & analysis |
Honeypot deployment • Attacker behavior analysis • IOC extraction • MITRE mapping Source Code | Docs |
|
| Supply Chain Security Analyzer Dependency vulnerability analysis |
Supply chain security • Dependency analysis • Malicious packages Learn More |
Learn More
Certification Roadmaps - Career paths for SOC Analyst, Pentester, Security Engineer, GRC Analyst, and 6 more tracks
Learning Resources - Tools, courses, certifications, YouTube channels, Reddit communities, and security frameworks
License
AGPL 3.0