CyberLab

Uchechukwu Odoemelam

Software engineer exploring the broad computer science field, with a growing concentration in network and cybersecurity.

Below is a collection of small, tested cybersecurity tools I've built — each pairs a demo vulnerable server with a scanner that detects the issue and confirms the fix.

web security

XSS Reflection Scanner

Built an XSS reflection scanner with an Express demo server exposing three endpoints at different security levels (raw, HTML-escaped, CSP-protected). All 16 node:test tests passed, covering true positives, false positives, output format, and edge cases.

✓ 16 tests passing
network security

Port Scanner with Service Fingerprinting

Built a parallel TCP port scanner that fingerprints services via banner analysis (HTTP response headers, SMTP 220 greeting, echo reflection). Demo server exposes HTTP, TCP echo, and fake SMTP on consecutive ports. All 22 node:test tests passed on first run.

✓ 22 tests passing
web security

SQL Injection Detector

Built a SQL injection detector with an Express + node:sqlite demo server exposing vulnerable (string-concatenated) and safe (parameterized) login and search endpoints. All 20 node:test tests passed, covering error-based SQLi, authentication bypass, and UNION-based data exfiltration.

✓ 20 tests passing
cryptography

Hash Collision Demonstrator

Built a hash algorithm security scanner with an Express demo server exposing MD5 (vulnerable), SHA-1 (deprecated), and SHA-256 (safe) hash endpoints. The server computes a live birthday-attack collision on a 32-bit MD5 prefix at startup. All 23 node:test tests passed.

✓ 23 tests passing
authentication and access

Brute Force Rate Limiter Demo

Built a brute force protection demo with an Express server exposing a vulnerable endpoint (no rate limiting) and a protected endpoint (IP-based lockout after 5 consecutive failures with 30-second window). A scanner tool probes both and reports findings as structured JSON. All 20 node:test tests passed on first run.

✓ 20 tests passing
malware analysis and forensics

File Entropy Analyzer

Built a Shannon entropy scanner with an Express demo server serving four files at different entropy levels (0, ~4, ~8, ~8 bits/byte). The tool fetches, analyzes, and classifies each file, flagging the two high-entropy blobs as encrypted_or_packed. All 22 node:test tests passed on the first run.

✓ 22 tests passing
web security

CSRF Token Validator

Built a CSRF token validator with an Express demo server exposing a vulnerable funds-transfer endpoint (no token check), a protected endpoint (synchronizer token + single-use rotation), and cookie endpoints with and without SameSite=Strict. All 21 node:test tests passed on the first run.

✓ 21 tests passing
cryptography

AES Encryption Mode Comparison

Built an AES mode comparison tool with an Express demo server exposing ECB (vulnerable), CBC (legacy), CTR (unauthenticated), and GCM (recommended) encrypt endpoints. A scanner detects determinism in ECB, missing auth tags in CBC/CTR, and confirms GCM is clean. All 22 node:test tests passed on the first run.

✓ 22 tests passing
secure coding

Input Sanitization Library

Built an input sanitization library with an Express demo server exposing three vulnerable/safe endpoint pairs (HTML escaping, path normalization, command injection). The scanner tool sends attack payloads to all six endpoints and reports findings as structured JSON. All 20 node:test tests passed on the first run.

✓ 20 tests passing
malware analysis and forensics

Log File Anomaly Detector

Built a rule-based log anomaly detector with an Express demo server that seeds realistic access logs containing five injected attack patterns. The tool fetches logs over HTTP, applies five detection rules, and emits structured JSON findings with HIGH/MEDIUM severity ratings. All 23 node:test tests passed on the first run.

✓ 23 tests passing
cryptography

JWT Vulnerability Scanner

Built a JWT vulnerability scanner with a FastAPI demo server exposing three attack surfaces: alg=none acceptance, HS256 with a weak crackable secret, and missing expiry validation. The scanner probes all three, cracks the secret via dictionary attack, forges an expired token, and verifies the safe endpoint rejects unsigned tokens. All 27 pytest tests passed on first run after fixing an httpx edge case with trailing-space header values.

✓ 27 tests passing
web security

HTTP Security Header Auditor

Built an HTTP security header auditor with an Express demo server exposing three endpoints at different security levels (no headers, partial headers, full headers). A weighted scoring system converts the six-header check into an A–F grade; only endpoints below grade A appear in findings. All 27 node:test tests passed on the first run.

✓ 27 tests passing
malware analysis and forensics

Keylogger Detection and Flagging

Built a layered keylogger detection tool with a FastAPI demo server exposing eight scan endpoints (four seeded with indicators, four clean baselines). The tool cross-references process names, registry autorun keys, temp-directory files, and network connections against a rule set to produce a structured JSON threat report with HIGH/MEDIUM severity ratings. All 39 pytest tests passed on the first run after a one-line fix for a Python 3.14 subprocess handle-inheritance issue on Windows.

✓ 39 tests passing
network security

DNS Record Analyzer

Built a DNS record analyzer with an Express demo server exposing four mock domains at different email authentication security levels (strict, permissive SPF, no auth, monitoring-only DMARC). The tool queries the server's DNS API, parses SPF and DMARC records from TXT entries, and reports misconfigurations as structured JSON findings. All 20 node:test tests passed on the first run.

✓ 20 tests passing
osint and recon

Email Header Analyzer

Built an email header analyzer with a FastAPI demo server serving four header samples (clean, spoofed sender, missing auth, DMARC p=none). The tool fetches each sample over HTTP, parses Authentication-Results with Python's email module and regex, and reports SPF failures, email spoofing, DMARC failures, and monitoring-only policies as structured JSON findings. All 21 pytest tests passed on the first run.

✓ 21 tests passing
authentication and access

OAuth 2.0 PKCE Flow Analyzer

Built an OAuth 2.0 PKCE vulnerability scanner with an Express demo server exposing vulnerable (no PKCE, any redirect_uri) and safe (PKCE required, allowlisted redirect_uri) authorization flows. The scanner detects missing code_verifier enforcement and open redirect_uri acceptance. All 24 node:test tests passed on the first run.

✓ 24 tests passing