- Projects -

SSH-Based Website Security Assessment Tool I was able to create a tool that connects to remote web servers via SSH and performed series of checks to determine if the hosted website follow best security practices. In my SSH Project I was able to accomplish the following task:
  • SSH Authentication: Use key-based or password-based SSH to connect to target servers.
  • SSL/TLS Certificate Validation: Check for valid, non-expired certificates and strong cipher suites.
  • HTTP Headers Inspection: Verify presence of security headers
  • Port Scanning: Ensure only necessary ports (443) are open.
  • File Permissions Audit: Check for misconfigured web directories or sensitive files with insecure permissions.
  • CMS Vulnerability Check: If the site uses WordPress, Joomla, etc., check for outdated plugins or core files.
  • Log Analysis: Review server logs for suspicious access patterns or brute-force attempts.
Footprinting Website using Passive and Active methods. Footprinting a website is a foundational step in cybersecurity reconnaissance, helping you gather detailed information about a target before any active engagement. It’s especially useful for ethical hacking, penetration testing, and vulnerability assessments. During my Footprinting project I was able to use different tools to gather information about websitesthe. I was able to use the following tools:
  • TheHarvester
  • Maltego
  • SpiderFoot
  • WHOIS Lookpu
  • Nslookup
  • Ping
  • Nmap
  • SuperScan
  • Nikto
  • Etc
During this project, I was able to gather weak points on websites, evaluated exposure, identify open ports, identify DNS servers and IP addresses. Generating Hashes Hashing is a core concept in cybersecurity, used for verifying data integrity, storing passwords securely, and identifying files. I was able to generate hashes using command-line tools, programming libraries, and some online utilities. Some online tools I use was:
  • Supports MD5,
  • SHA1
  • SHA2
  • BLAKE
  • Keccak, and more
I was also able to use other online tools to generate dozens of hash types from input text. Identify Hashes using both online tools and online tools.  Verify applications or files hashes before downloading them, etc   Digital Signature Digitally signing a file ensures its authenticity and integrity, confirming that it hasn’t been tampered with and verifying the identity of the signer. I was able to generate both public and private keys, using command lines and online tools. I was able to use the RSA and SHA-256 methods, during this exercise.

Burp Suite attack project
During this project I was able to capture and analyze session IDs using Burp Suite, in Kali. I was able to user Burp Suite to capture user password for a fail login on a vulnerable website
Granting Permissions to Users in Linux
Granting permissions to users in Linux is all about managing file ownership, permissions, and sometimes group memberships. I was able to use different command in Kali Linux to give permission to users and groups.

Identifying phishing websites is a critical skill in cybersecurity, especially for protecting users and systems from credential theft, malware, and fraud. I was able to identify fishing websites by checking for misspellings, extra characters, or unusual domain extensions. Looking for HTTPS and the Padlock Icon, Inspecting the page design, blurry logos, poor grammar and awkward phrasing. Looking up for Pop-Ups and Urgent Messages, checking the source of the like. Using tools to help Detect Phishing like:
  • Burp Suite
  • PhishTank
  • VirusTotal
  • Browser Warnings