15 Security & Pentesting Projects (2026)

Security skills are among the most valuable in tech. These 15 projects teach you network scanning, vulnerability detection, log analysis, and security automation using Python and common security tools. Each project builds toward the skills needed for ethical hacking, blue-team defense, and security engineering roles.

Beginner Projects

1. Port Scanner (Python / nmap wrapper)

Difficulty: ⭐
Skills: Socket programming, threading, service detection
Build a port scanner that checks open ports on a target. Features: scan common ports (1–1024), multi-threaded for speed, service banner grabbing, CSV/JSON output, timeout handling.

2. Log Analyzer for Failed SSH Attempts

Difficulty: ⭐
Skills: Log parsing, regex, pattern matching
Build a tool that analyzes /var/log/auth.log for failed SSH attempts. Features: extract IP addresses and timestamps, count attempts per IP, geo-lookup IP origins, top 10 attacking IPs report.

3. Password Strength Checker

Difficulty: ⭐
Skills: String analysis, entropy calculation, common password lists
Build a password strength evaluator. Features: length, character diversity (upper/lower/digit/symbol), entropy score, check against common passwords list (rockyou), visual strength meter.

4. Hash Cracker (Dictionary Attack)

Difficulty: ⭐⭐
Skills: Hash algorithms (MD5, SHA1, SHA256), dictionary I/O, multithreading
Build a tool that cracks hashes using a wordlist. Features: support MD5/SHA1/SHA256/ bcrypt, progress bar, wordlist loading, custom rules (append numbers, capitalize), result caching.

5. URL Fuzzer

Difficulty: ⭐⭐
Skills: HTTP requests, directory brute-forcing, status code analysis
Build a web directory fuzzer. Features: take base URL + wordlist, send GET requests, filter by status code (200, 403), detect file types, rate limiting to avoid bans.

Intermediate Projects

6. Web Vulnerability Scanner (XSS / SQLi)

Difficulty: ⭐⭐⭐
Skills: Form parsing, payload injection, response analysis
Build a scanner that detects basic XSS and SQL injection. Features: spider forms on a page, inject test payloads, detect reflected XSS in response, detect SQL error messages, generate report.

7. Network Sniffer (Packet Capture)

Difficulty: ⭐⭐⭐
Skills: Scapy / pyshark, packet parsing, protocol analysis
Build a packet sniffer that captures and analyzes network traffic. Features: capture on interface, filter by protocol (TCP, UDP, ICMP), extract payload data, detect unusual flags (SYN flood, NULL scan), PCAP export.

8. Keylogger Detector

Difficulty: ⭐⭐⭐
Skills: Process monitoring, API hook detection, system call analysis
Build a tool that detects keyloggers on a system. Features: list running processes, flag processes with hook DLLs (Windows) or input monitoring (Linux), check startup entries, signature-based detection.

9. Malware Hash Analyzer

Difficulty: ⭐⭐⭐
Skills: Hash computation, VirusTotal API, file metadata parsing
Build a tool that analyzes file hashes against threat intelligence. Features: compute SHA256 hash, query VirusTotal API, parse PE/ELF headers, detect packing, generate threat score.

10. Phishing URL Detector

Difficulty: ⭐⭐⭐
Skills: URL parsing, feature extraction, ML classification
Build a detector that identifies phishing URLs. Features: extract features (URL length, special chars, domain age, TLD), train classifier on phishing dataset, real-time prediction, browser extension interface.

11. Firewall Rule Tester

Difficulty: ⭐⭐⭐
Skills: iptables / nftables parsing, rule simulation, connectivity testing
Build a tool that validates firewall rules. Features: parse iptables ruleset, simulate packet against rules, detect overly permissive rules (ANY:ANY), test connectivity with crafted packets.

12. SSL/TLS Certificate Checker

Difficulty: ⭐⭐⭐
Skills: SSL handshake, certificate parsing, cipher analysis
Build a tool that checks SSL/TLS configuration of domains. Features: fetch certificate chain, check expiration, detect weak ciphers, verify hostname match, grade (A–F) per SSL Labs standards.

Advanced Projects

13. Honeypot Server

Difficulty: ⭐⭐⭐⭐⭐
Skills: Socket servers, protocol emulation, attack logging
Build a low-interaction honeypot that simulates services (SSH, HTTP, FTP). Features: simulate SSH login prompt, capture credentials, log attacker IP + commands, geo-blocking, alert on attack patterns.

14. Intrusion Detection System (Signature-Based)

Difficulty: ⭐⭐⭐⭐⭐
Skills: Packet capture, signature matching, alerting
Build a network-based IDS that detects known attack patterns. Features: packet capture from interface, rule-based detection (like Snort), match payload against signatures, generate alerts, PCAP logging of suspicious traffic.

15. Ransom Note Analyzer

Difficulty: ⭐⭐⭐⭐
Skills: Text analysis, threat intel correlation, cryptocurrency tracking
Build a tool that analyzes ransomware notes. Features: parse ransom note text, extract wallet addresses and contact emails, check against known ransomware families, query blockchain for transactions, generate threat report.

16. Forensics Image Analyzer

Difficulty: ⭐⭐⭐⭐⭐
Skills: Disk image parsing, file carving, metadata extraction
Build a forensic analysis tool for disk images. Features: parse raw/dd images, recover deleted files (carving), extract EXIF metadata, search for keywords, generate timeline of file activity.

17. Custom Exploit PoC

Difficulty: ⭐⭐⭐⭐⭐
Skills: Buffer overflow, ROP chains, shellcode (ethical lab only)
Build a proof-of-concept exploit for a known CVE in a lab environment. Features: trigger vulnerability in a controlled app, craft payload, execute shellcode, document mitigation.

18. Security Audit Automation Tool

Difficulty: ⭐⭐⭐⭐
Skills: Checklist automation, configuration parsing, report generation
Build a tool that automates security audits (CIS benchmarks). Features: check OS hardening settings (password policy, firewall, services), audit cloud config (S3 bucket permissions, IAM), generate compliance report.

19. CVE Monitor / Notifier

Difficulty: ⭐⭐⭐⭐
Skills: CVE API integration, keyword matching, notification pipeline
Build a tool that monitors new CVEs and notifies when relevant ones appear. Features: fetch NVD/CVE feed, filter by keywords (product, vendor, severity), send Slack/email alerts, maintain CVE database with status tracking.

FAQ