Cyber security

100 Red Team Projects – A Comprehensive Guide For Pentesters And Network Managers

Red Teaming is one of the most attractive fields in offensive security or ethical hacking. Every day professionals and students are learning, creating and exploiting all types of systems.

The internet is not only the most common means through which people interact and chat, but also a place where they are constantly exposed to a world where anyone can be monitored, exploited, tracked or scammed.

This is why us, programmers, take action; several of us continually try to protect this wonderful place while others, out of immaturity or shrewd interests, act in just the opposite direction.

If you’re interested in this field and want to join it, no matter your current level of knowledge, learning how to create your own tools will result in great advantage as a pentester.

So I put some thought into it and got the idea to create this project list aimed at anyone who is interested in learning “how to” not become the ultimate script kiddie.

Here I discriminate (based solely on my own experience) almost 100 types of projects that you should at least try to either implement or study.

I recommend you to do them on the programming language you are most comfortable with. Implementing these projects will definitely help you gain more experience and, consequently, master the language.

They are divided in categories, ranging from super basic to advanced projects.

If you enjoy this list please take the time to recommend it to a friend and follow me! I will be happy with that 🙂

And remember: With great power comes… (we already know).

Level 1BasicExample
[0]TCP or UDP server just to receive messages✔️
[1]TCP chat server✔️
[2]UDP chat server✔️
[3]Multi-threaded UDP or TCP chat server✔️
[4]Server for file transfers✔️
[5]Caesar Cipher tool✔️
[6]TCP chat server -> The messages should be encoded with Caesar Cipher
[7]ROT13 Cipher✔️
[8]UDP Chat server -> The messages should be encoded with ROT13 Cipher
[9]Remote command execution✔️
[10]Recreate the Netcat tool✔️
Level 2EssentialExample
[11]Simple port scanner✔️
[12]Port scanner with OS fingerprint using TTL (Time To Live)
[13]Port scanner with port footprint (HTTP? DNS? FTP? IRC?)
[14]Simple Web Directory brute-forcer (Threaded)✔️
[15]Recursive Web Directory brute-forcer (Threaded peer recursion)✔️
[16]Web Login bruteforce tool
[17]FTP Login bruteforce tool
[18]SSH Login bruteforce tool✔️
[19]FTP User footprint
[20]MYSQL User footprint
[21]Simple Google Bot for web scan
[22]Auto website comment bot
[23]Auto website message bot
[24]Web-scrapping using Regex
[25]Bot to collect information about someone using Google / Bing / Yahoo!✔️
[26]Simple SQLi tester
[27]Simple XSS tester
[28]Simple WordPress brute-forcer
[29]SQLi database retriever
[30]Spam creator

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

15 hours ago

MODeflattener – Miasm’s OLLVM Deflattener

MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…

15 hours ago

My Awesome List : Tools And Their Functions

"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…

15 hours ago

Chrome Browser Exploitation, Part 3 : Analyzing And Exploiting CVE-2018-17463

CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…

15 hours ago

Chrome Browser Exploitation, Part 1 : Introduction To V8 And JavaScript Internals

The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…

16 hours ago

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

18 hours ago