Red Teaming is one of the most attractive fields in offensive security or ethical hacking. Every day professionals and students are learning, creating and exploiting all types of systems.
The internet is not only the most common means through which people interact and chat, but also a place where they are constantly exposed to a world where anyone can be monitored, exploited, tracked or scammed.
This is why us, programmers, take action; several of us continually try to protect this wonderful place while others, out of immaturity or shrewd interests, act in just the opposite direction.
If you’re interested in this field and want to join it, no matter your current level of knowledge, learning how to create your own tools will result in great advantage as a pentester.
So I put some thought into it and got the idea to create this project list aimed at anyone who is interested in learning “how to” not become the ultimate script kiddie.
Here I discriminate (based solely on my own experience) almost 100 types of projects that you should at least try to either implement or study.
I recommend you to do them on the programming language you are most comfortable with. Implementing these projects will definitely help you gain more experience and, consequently, master the language.
They are divided in categories, ranging from super basic to advanced projects.
If you enjoy this list please take the time to recommend it to a friend and follow me! I will be happy with that 🙂
And remember: With great power comes… (we already know).
| Level 1 | Basic | Example |
|---|---|---|
| [0] | TCP or UDP server just to receive messages | ✔️ |
| [1] | TCP chat server | ✔️ |
| [2] | UDP chat server | ✔️ |
| [3] | Multi-threaded UDP or TCP chat server | ✔️ |
| [4] | Server for file transfers | ✔️ |
| [5] | Caesar Cipher tool | ✔️ |
| [6] | TCP chat server -> The messages should be encoded with Caesar Cipher | ❌ |
| [7] | ROT13 Cipher | ✔️ |
| [8] | UDP Chat server -> The messages should be encoded with ROT13 Cipher | ❌ |
| [9] | Remote command execution | ✔️ |
| [10] | Recreate the Netcat tool | ✔️ |
| Level 2 | Essential | Example |
|---|---|---|
| [11] | Simple port scanner | ✔️ |
| [12] | Port scanner with OS fingerprint using TTL (Time To Live) | ❌ |
| [13] | Port scanner with port footprint (HTTP? DNS? FTP? IRC?) | ❌ |
| [14] | Simple Web Directory brute-forcer (Threaded) | ✔️ |
| [15] | Recursive Web Directory brute-forcer (Threaded peer recursion) | ✔️ |
| [16] | Web Login bruteforce tool | ❌ |
| [17] | FTP Login bruteforce tool | ❌ |
| [18] | SSH Login bruteforce tool | ✔️ |
| [19] | FTP User footprint | ❌ |
| [20] | MYSQL User footprint | ❌ |
| [21] | Simple Google Bot for web scan | ❌ |
| [22] | Auto website comment bot | ❌ |
| [23] | Auto website message bot | ❌ |
| [24] | Web-scrapping using Regex | ❌ |
| [25] | Bot to collect information about someone using Google / Bing / Yahoo! | ✔️ |
| [26] | Simple SQLi tester | ❌ |
| [27] | Simple XSS tester | ❌ |
| [28] | Simple WordPress brute-forcer | ❌ |
| [29] | SQLi database retriever | ❌ |
| [30] | Spam creator | ❌ |
For more information click here.
garak checks if an LLM can be made to fail in a way we don't…
Vermilion is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration…
ADCFFS is a PowerShell script that can be used to exploit the AD CS container…
Tartufo will, by default, scan the entire history of a git repository for any text…
Loco is strongly inspired by Rails. If you know Rails and Rust, you'll feel at…
A data hoarder’s dream come true: bundle any web page into a single HTML file.…