Skip to content

HiddenEye1/Security-Toolkit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
CVE_CH~1.PY
CVE_CH~1.PY
 
 
LOG_PA~1.PY
LOG_PA~1.PY
 
 
PORT_S~1.PY
PORT_S~1.PY
 
 
README.md
README.md
 
 

Repository files navigation

🔐 Security Toolkit

A collection of Python security tools for log analysis, port scanning, and CVE research. Built as part of a hands-on cybersecurity portfolio — BTS CIEL → Ingénieur Cybersécurité ESNA Bretagne.

Python License Status

Tools

Tool Description
log_parser.py SSH & HTTP log analyzer — detects brute-force, error floods, top attacker IPs
port_scanner.py TCP port scanner with banner grabbing, CIDR support, multi-threading
cve_checker.py CVE lookup via NIST NVD API 2.0 — search by keyword, filter by severity, export JSON

Setup

git clone https://github.com/HiddenEye1/Security-Toolkit.git
cd security-toolkit
pip install -r requirements.txt

Requirements: Python 3.10+, requests, colorama

log_parser.py

Parses /var/log/auth.log (SSH) and Apache/Nginx access logs. Detects brute-force attempts, error floods, and surfaces top attacker IPs.

Usage

# Analyze SSH login attempts
python log_parser.py --type ssh --file /var/log/auth.log

# Analyze HTTP access log, flag IPs with 20+ errors, show top 15
python log_parser.py --type http --file /var/log/nginx/access.log --threshold 20 --top 15

# Lower threshold to catch lighter brute-force attempts
python log_parser.py --type ssh --file auth.log --threshold 3

Example Output (SSH)

╔══════════════════════════════════════════════╗
║          Security Log Analyzer v1.0          ║
╚══════════════════════════════════════════════╝

──────────────────────────────────────────────────
  BRUTE-FORCE SUSPECTS  (>= 10 failures)  [3 IPs]
──────────────────────────────────────────────────
  IP Address             Attempts
  ────────────────────── ──────────
  185.234.219.41              847  ← red
  91.108.4.213                213  ← red
  45.33.32.156                 12  ← yellow

──────────────────────────────────────────────────
  SUMMARY
──────────────────────────────────────────────────
  Total failed attempts :  1072
  Unique attacker IPs   :    47
  Brute-force suspects  :     3

  [!] Recommended: block top IPs with ufw or fail2ban
      sudo ufw deny from 185.234.219.41 to any

Options

Flag Default Description
--type required ssh or http
--file required Path to the log file
--threshold 10 Min failures to flag an IP
--top 10 Number of top results to show

port_scanner.py

A threaded TCP port scanner written from scratch — no nmap dependency. Supports single IPs, hostnames, CIDR ranges, and banner grabbing.

Usage

# Quick scan of top 100 ports
python port_scanner.py -t 192.168.1.1

# Scan specific ports with banner grabbing
python port_scanner.py -t 192.168.1.1 -p 22,80,443,8080 --banner

# Scan a full /24 subnet
python port_scanner.py -t 192.168.1.0/24 -p top100 --threads 200

# Full port scan (1-65535), faster timeout
python port_scanner.py -t 10.0.0.1 -p all --timeout 0.3 --threads 500

Example Output

╔══════════════════════════════════════════════╗
║          TCP Port Scanner v1.0               ║
╚══════════════════════════════════════════════╝

  Targets  : 1 host(s)
  Ports    : 100 port(s)  [top100]
  Threads  : 100
  Started  : 2025-01-15 14:32:01

[*] Scanning 192.168.1.1...

──────────────────────────────────────────────────────────────
  Target   : 192.168.1.1
  Scanned  : 100 ports  |  Time: 2.41s
──────────────────────────────────────────────────────────────

  PORT       STATE     SERVICE          Banner
  ───────    ───────   ──────────────   ────────────────────────────
  22/tcp     open      SSH              SSH-2.0-OpenSSH_8.9p1 Ubuntu
  80/tcp     open      HTTP             HTTP/1.1 301 Moved Permanently
  443/tcp    open      HTTPS
  3306/tcp   open      MySQL            5.7.42-0ubuntu0.18.04.1

  4 open port(s) found on 192.168.1.1

Port Format Options

Value Description
80 Single port
1-1024 Port range
22,80,443 Comma-separated
top100 100 most common ports (default)
all All 65535 ports

Options

Flag Default Description
-t / --target required IP, hostname, or CIDR
-p / --ports top100 Port selection
--timeout 1.0 Connect timeout (seconds)
--threads 100 Concurrent threads
--banner off Enable banner grabbing

⚠️ Legal notice: Only scan systems you own or have explicit written permission to test.

cve_checker.py

Queries the NIST NVD API 2.0 to search for CVEs by keyword or ID. Displays CVSS scores, severity, vectors, and references. Supports JSON export.

Usage

# Search by keyword
python cve_checker.py --keyword "apache log4j"

# Filter by severity
python cve_checker.py --keyword "openssh" --severity CRITICAL --limit 20

# Look up a specific CVE
python cve_checker.py --cve CVE-2021-44228

# Export to JSON
python cve_checker.py --keyword "nginx" --limit 50 --export nginx_cves.json

# Verbose output (full description + affected products)
python cve_checker.py --keyword "wordpress" --severity HIGH --verbose

Example Output

╔══════════════════════════════════════════════╗
║        CVE Checker — NVD API v2.0            ║
╚══════════════════════════════════════════════╝

  NVD API  : No API key (rate limited)
  Searching for 'log4j'  (limit: 10)...

──────────────────────────────────────────────────────────────────
  [1] CVE-2021-44228   CRITICAL   CVSS 3.1: 10.0  ██████████
  Published : 2021-12-10  |  Modified: 2023-04-03
  Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

  Description:
  Apache Log4j2 2.0-beta9 through 2.14.1 does not protect from
  attacker controlled LDAP and other JNDI related endpoints...

  References:
    • https://logging.apache.org/log4j/2.x/security.html
    • https://github.com/advisories/GHSA-jfh8-c2jp-jmjd
  NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-44228

══════════════════════════════════════════════════════════════════
  SUMMARY: 10 CVEs found for 'log4j'
─────────────────────────────────────────────────────────────────
  CRITICAL   █████               5
  HIGH       ████                4
  MEDIUM     █                   1

API Key (Optional)

Without an API key you're limited to 5 requests/30s. For heavier use:

# Get a free key: https://nvd.nist.gov/developers/request-an-api-key
export NVD_API_KEY="your-key-here"
python cve_checker.py --keyword "linux kernel" --limit 100

Options

Flag Default Description
--keyword Search term (mutually exclusive with --cve)
--cve Specific CVE ID
--severity all CRITICAL, HIGH, MEDIUM, LOW
--limit 10 Max results
--sort score Sort by score or date
--export Save results to JSON
--verbose off Full output

Project Structure

security-toolkit/
├── log_parser.py       # SSH & HTTP log threat detection
├── port_scanner.py     # TCP port scanner with banner grabbing
├── cve_checker.py      # CVE lookup via NIST NVD API
├── requirements.txt    # Python dependencies
└── README.md

Skills Demonstrated

  • Network programming with raw sockets (TCP, banner grabbing)
  • Log parsing with regex and pattern detection
  • REST API integration (NIST NVD API 2.0)
  • Multi-threaded scanning with concurrent.futures
  • CLI tooling with argparse
  • CVSS scoring and vulnerability classification
  • CIDR/subnet handling with ipaddress

Roadmap

  • UDP scanning support
  • HTML report generation for port scanner
  • Scheduled CVE monitoring with email alerts
  • Geolocation of attacker IPs (MaxMind GeoLite2)
  • Integration with fail2ban automatic blocking

Disclaimer

These tools are intended for authorized security testing and education only. Unauthorized port scanning or log access may be illegal. Always obtain explicit permission before testing systems you do not own.

Author

Adzik — BTS CIEL | Futur ingénieur cybersécurité @ ESNA Bretagne
GitHub · LinkedIn

About

log parser, port scanner, CVE checker...

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages