My Projects

I enjoy working on cybersecurity and automation projects that challenge me to think outside the box. Each project has helped me gain hands-on experience with offensive security concepts, scripting, and various tools. Below are some of my projects.

NEMESIS

Nemesis is a Python-based command-line tool that interacts with the National Vulnerability Database (NVD) API to fetch and analyze security vulnerabilities. It allows users to retrieve CVEs (Common Vulnerabilities and Exposures) and CPEs (Common Platform Enumerations) associated with specific targets, helping in vulnerability assessment and research.

BRUTALLE
CREEPLOG
PCAPPER

Here's what I did and learnt:

  • Developed a Python script to fetch and process vulnerability data from an external API.

  • Gained a deep understanding of CVEs, CPEs, and how vulnerability databases function.

  • handling requests and parsing JSON responses.

  • Implemented argument parsing for user-friendly CLI interactions.

  • Used YAML files for structured data management and configuration.

Brutalle is a custom interactive shell built in Python that provides various functionalities for interacting with the OS terminal and managing remote connections. It includes an interactive shell mode for executing OS commands, a reverse shell listener to handle incoming connections, SSH file upload and download functionality and a self destruct mechanism to remove traces after execution.

Here's what I did and learnt:

  • Developed a custom shell environment with interactive command execution.

  • Explored the inner workings of reverse shells and remote access methods.

  • Gained hands-on experience with SSH file transfers using Paramiko.

  • Implemented a self-destruct mechanism for enhanced operational security.

  • Strengthened my understanding of subprocess management and shell interactions in Python.

Creeplog is an educational Windows keylogger designed to capture keystrokes and send them to a central server interface for review. Once the keystrokes are recorded, the malware self-destructs, deleting all traces from the system. This project demonstrates how keyloggers operate and how they can be monitored through a web-based interface.

Here's what I did and learnt:

  • Built a Windows-based keylogger to capture keystrokes.

  • Developed a Flask-based web server for remote monitoring.

  • Designed a web interface using HTML & CSS for reviewing logged data.

  • Implemented a self-destruction mechanism to remove traces after execution.

  • Gained hands-on experience with frontend and backend development in a cybersecurity context.

Pcapper is a Python-based network traffic capture and analysis tool, built for learning and experimentation in cybersecurity. It provides powerful features for sniffing, filtering, and analyzing network traffic, making it a great tool for protocol exploration and attack detection. It can capture & filter packets directly from the network, detect SYN flood attacks, extract HTTP payloads and do much more.

Here's what I did and learnt:

  • Developed a custom network packet sniffer in Python.

  • Gained hands-on experience with Wireshark and packet analysis.

  • Learned how PCAP & PCAPNG files store captured network data.

  • Explored SYN flood attack patterns and their detection methods.

  • Strengthened my understanding of network protocols and packet structures.

PHISH ME NOT

Phish Me Not is a phishing simulation tool I built as a college project during my third year. Developed using Python, HTML, CSS, and JavaScript, this tool provides a web-based interface where users can create phishing campaigns and analyze captured credentials for educational and security awareness purposes. It includes pre-built templates for popular platforms like Google, Microsoft, Instagram, Facebook, and much more allowing users to simulate real-world phishing attacks in a controlled environment.

Here's what I did and learnt:

  • Developed a Flask-based web interface for managing phishing campaigns.

  • Developed a clone of popular website login pages.

  • Implemented credential capture and storage mechanisms for analysis.

  • Used the SMTP library to simulate phishing email delivery.

  • Worked with APIs and JSON data for dynamic content handling.

Interested in collaborating or discussing my work? Feel free to reach out!

Let's have a chat

© 2025 Moiz Bootwala. All rights reserved.