#python
Everything across writeups and projects that touches this topic.
Hack The Box
machines, challenges, sherlocks, learning paths
TryHackMe
rooms, learning, events
Projects
builds & tooling
- Python · Active Directory
AD Recon Lite — Lightweight Active Directory enumeration and dangerous-config detector
A focused Python tool that connects to a domain controller over LDAP and flags the AD misconfigurations attackers actually target during enumeration
- Python · Container Security
Container Watch — Docker Runtime Security Monitor
A lightweight Python tool that audits running containers for dangerous misconfigurations — privileged mode, sensitive mounts, exposed sockets, and more — in real time or on demand
- Python · Web Scraping
Cross-Verified Job Scraper (Python)
A LinkedIn job scraper with MLM/scam filtering, plus a second-pass cross-verification step that confirms each posting on the company's own careers site before flagging it as Golden.
- Python · OSINT
Darkdump — Dark Web OSINT Crawler
A paste and leak intelligence extractor that pulls IOCs, credentials, API keys, and crypto wallets from raw text dumps using regex and entropy analysis
- Python · Deception
HoneyNet — Modular Honeypot Framework
SSH, HTTP, and FTP decoy services that log attacker credentials, shell commands, and file probes into a single JSON stream — with real-time coordinated scan detection
- Python · Detection Engineering
LogHound — CLI Log Anomaly Detection
A Python CLI that parses auth and web server logs to surface brute force attacks, credential stuffing, privilege escalation, and scanner behavior before they become incidents
- Python · Post-Exploitation
Loot CLI — Filesystem Recon for CTFs and Post-Exploitation
A Python CLI that walks a directory tree once and dispatches every path through eight specialized scanners to surface credentials, keys, SUID binaries, and CTF flags
- Python · Malware Analysis
MalDoc Scanner — Static analyzer for malicious Office docs and PDFs
A Python static analyzer that extracts and scores VBA macros, embedded JavaScript, and IOCs from Office documents and PDFs without ever opening them in a viewer
- Python · Network Security
NetSentinel — Real-Time Network IDS
A Python-based network intrusion detection system that catches ARP spoofing, port scans, DNS hijacking, and ICMP floods as they happen — not after the fact
- Python · Threat Intelligence
PhishKit Analyzer — Static triage for phishing HTML artifacts
A static analysis tool that fingerprints phishing kits, identifies credential harvesting forms, detects brand impersonation, and extracts blocklist-ready IOCs from a saved HTML file
- Python · Detection Engineering
SigmaForge — Sigma Rule Writer, Validator, and Multi-Backend Converter
A CLI tool that wraps the pySigma ecosystem to validate, inspect, and convert Sigma detection rules to SIEM query languages during the authoring loop
- Python · OSINT
SubScope — Subdomain Reconnaissance
A subdomain enumeration tool that chains certificate transparency, DNS brute force, HTTP probing, and takeover detection into one clean pipeline
- Python · Threat Intelligence
ThreatPulse — CLI threat intelligence aggregator & web dashboard
A Python tool that fans out IOC lookups across four free threat intel feeds simultaneously, consolidates the results, and surfaces a single threat verdict
- Python · Security Tooling
VaultScan — Secret Scanner for Git Repositories
A CI-friendly Python tool that walks git history to surface leaked API keys, credentials, and private keys using regex pattern matching and Shannon entropy gating
- Python · Web Security
WebAudit — Web Application Security Scanner
A Python scanner that audits web apps for misconfigs and common vulns, then generates a self-contained HTML report with severity ratings and remediation steps