-
Notifications
You must be signed in to change notification settings - Fork 6
Project Roadmap
Carter Perez edited this page Dec 9, 2025
·
1 revision
Suggested build order organized by skill progression. Each phase builds on previous knowledge.
- Completed: 3/60
- In Progress: Aenebris (Haskell Reverse Proxy)
- Next Up: DNS Lookup Tool
Quick wins, core concepts
| # | Project | Difficulty | Key Skills | Est. Complexity |
|---|---|---|---|---|
| 4 | DNS Lookup Tool | Beginner | dnspython, DNS records, CLI | Low |
| 5 | Simple Port Scanner | Beginner | Sockets, threading, networking | Low |
| 6 | Caesar Cipher | Beginner | Cryptography basics, CLI | Low |
| 7 | Base64 Encoder/Decoder | Beginner | Encoding schemes, data formats | Low |
| 8 | Hash Cracker | Beginner | Hashing, wordlists, hashlib | Low |
Working with files, metadata, integrity
| # | Project | Difficulty | Key Skills | Est. Complexity |
|---|---|---|---|---|
| 9 | Metadata Scrubber | Beginner | EXIF, file parsing, PIL/PyPDF | Low |
| 10 | Steganography Tool | Beginner | LSB encoding, image manipulation | Low |
| 11 | File Integrity Monitor | Beginner | Checksums, watchdog, file I/O | Low-Med |
| 12 | Firewall Log Parser | Beginner | Log parsing, regex, visualization | Low-Med |
Network analysis and detection
| # | Project | Difficulty | Key Skills | Est. Complexity |
|---|---|---|---|---|
| 13 | Network Traffic Analyzer | Beginner | Scapy, packet capture, protocols | Medium |
| 14 | ARP Spoofing Detector | Beginner | ARP protocol, network monitoring | Medium |
| 15 | WiFi Network Scanner | Beginner | Wireless protocols, scapy | Medium |
| 16 | MAC Address Spoofer | Beginner | Network interfaces, OS commands | Low |
Security monitoring and alerts
| # | Project | Difficulty | Key Skills | Est. Complexity |
|---|---|---|---|---|
| 17 | SSH Brute Force Detector | Beginner | Log analysis, iptables, alerting | Medium |
| 18 | Phishing URL Detector | Beginner | URL parsing, Safe Browsing API | Low-Med |
| 19 | Security News Scraper | Beginner | Web scraping, BeautifulSoup, CVE | Low |
| 20 | Simple Vulnerability Scanner | Beginner | pip-audit, CVE databases | Medium |
OS-specific security tools
| # | Project | Difficulty | Key Skills | Est. Complexity |
|---|---|---|---|---|
| 21 | Windows Registry Monitor | Beginner | winreg, Windows API | Medium |
| 22 | Ransomware Simulator | Beginner | Encryption, file handling | Medium |
Deeper network security concepts
| # | Project | Difficulty | Key Skills | Est. Complexity |
|---|---|---|---|---|
| 23 | Reverse Shell Handler | Intermediate | Sockets, sessions, cmd2 | Medium |
| 24 | DDoS Mitigation Tool | Intermediate | Traffic analysis, iptables, anomaly detection | Medium-High |
| 25 | Wireless Deauth Detector | Intermediate | 802.11, deauth frames, alerting | Medium |
| 26 | Network Intrusion Prevention | Intermediate | Snort rules, packet inspection | High |
| 27 | Network Baseline Monitor | Intermediate | Statistics, anomaly detection | Medium |
Web application security testing
| # | Project | Difficulty | Key Skills | Est. Complexity |
|---|---|---|---|---|
| 28 | Web Vulnerability Scanner | Intermediate | httpx, XSS, SQLi, CSRF | High |
| 29 | OAuth Token Analyzer | Intermediate | JWT, PyJWT, token security | Medium |
| 30 | API Rate Limiter | Intermediate | Redis, token bucket, middleware | Medium |
| 31 | SSL/TLS Certificate Scanner | Intermediate | SSL/TLS, cipher suites, HSTS | Medium |
| 32 | Web Application Firewall | Intermediate | Reverse proxy, pattern matching | High |
Complete applications with frontend
| # | Project | Difficulty | Key Skills | Est. Complexity |
|---|---|---|---|---|
| 33 | SIEM Dashboard | Intermediate | FastAPI, React, syslog, correlation | High |
| 34 | Threat Intelligence Aggregator | Intermediate | APIs, IOCs, WHOIS, enrichment | High |
| 35 | Password Policy Auditor | Intermediate | AD/LDAP, policy analysis | Medium |
| 36 | OSINT Reconnaissance Framework | Intermediate | Multiple data sources, automation | High |
Modern infrastructure security
| # | Project | Difficulty | Key Skills | Est. Complexity |
|---|---|---|---|---|
| 37 | Container Security Scanner | Intermediate | Docker API, Dockerfile analysis | Medium-High |
| 38 | Docker Security Audit | Intermediate | CIS benchmarks, container inspection | Medium |
| 39 | Cloud Asset Inventory | Intermediate | boto3, Azure SDK, GCP SDK | High |
| 40 | Backup Integrity Checker | Intermediate | Checksums, restoration testing | Medium |
Enterprise environment tools
| # | Project | Difficulty | Key Skills | Est. Complexity |
|---|---|---|---|---|
| 41 | Active Directory Enumeration | Intermediate | LDAP, AD structure, permissions | High |
| 42 | Privilege Escalation Finder | Intermediate | SUID, permissions, kernel exploits | High |
Reverse engineering and app security
| # | Project | Difficulty | Key Skills | Est. Complexity |
|---|---|---|---|---|
| 43 | Binary Analysis Tool | Intermediate | PE/ELF parsing, disassembly | High |
| 44 | Mobile App Security Analyzer | Intermediate | APK/IPA decompilation, OWASP Mobile | High |
Complex multi-component systems
| # | Project | Difficulty | Key Skills | Est. Complexity |
|---|---|---|---|---|
| 45 | Bug Bounty Platform | Advanced | Full-stack, CVSS, workflows | Very High |
| 46 | Cloud Security Posture Management | Advanced | Multi-cloud, CIS benchmarks | Very High |
| 47 | Malware Analysis Platform | Advanced | Sandboxing, YARA, behavior tracking | Very High |
Machine learning for security
| # | Project | Difficulty | Key Skills | Est. Complexity |
|---|---|---|---|---|
| 48 | AI Threat Detection | Advanced | ML, CICIDS2017, FastAPI inference | Very High |
| 49 | Adversarial ML Attacker | Advanced | FGSM, DeepFool, model robustness | Very High |
Red team and exploitation
| # | Project | Difficulty | Key Skills | Est. Complexity |
|---|---|---|---|---|
| 50 | Exploit Development Framework | Advanced | Metasploit-like, shellcode, payloads | Very High |
| 51 | Advanced Persistent Threat Simulator | Advanced | C2, lateral movement, persistence | Very High |
| 52 | Automated Penetration Testing | Advanced | Orchestration, full pentest workflow | Very High |
| 53 | Zero Day Vulnerability Scanner | Advanced | Fuzzing, AFL, crash triage | Very High |
| 54 | Distributed Password Cracker | Advanced | GPU, distributed computing | Very High |
Emerging security technologies
| # | Project | Difficulty | Key Skills | Est. Complexity |
|---|---|---|---|---|
| 55 | Quantum Resistant Encryption | Advanced | Kyber, Dilithium, liboqs | Very High |
| 56 | Blockchain Smart Contract Auditor | Advanced | Solidity, Mythril, Slither | Very High |
| 57 | Network Covert Channel | Advanced | DNS/ICMP tunneling, steganography | High |
| 58 | Supply Chain Security Analyzer | Advanced | Dependency analysis, typosquatting | Very High |
System internals
| # | Project | Difficulty | Key Skills | Est. Complexity |
|---|---|---|---|---|
| 59 | Kernel Rootkit Detection | Advanced | Volatility, memory forensics | Very High |
| 60 | Hardware Security Module Emulator | Advanced | PKCS#11, key management | Very High |
[###-----------------------------------------------] 3/60 (5%)
Completed: API Security Scanner, Encrypted P2P Chat, Keylogger
In Progress: Aenebris (Haskell Reverse Proxy)
Next: DNS Lookup Tool
©AngelaMos | CertGames.com | CarterPerez-dev | 2025
Progress: 3/60