NetSec Toolkit
TLS analysis, scanning, and PDF reporting
A three-tool network security analysis suite: ICMP ping/traceroute, TCP SYN port scanner, and TLS certificate analyzer. Detects 4 classes of certificate misconfigurations against real endpoints with automated PDF report generation.
What it is
NetSec Toolkit is a collection of three Python security tools for network reconnaissance and certificate validation. The ICMP tool constructs ping packets and traces network hops via TTL manipulation. The SYN scanner crafts raw TCP packets to detect open ports without completing the three-way handshake. The TLS analyzer connects to HTTPS endpoints, parses X.509 certificate chains, and flags security issues including expired certificates, self-signed certificates, hostname mismatches, and outdated TLS versions. A PDF report generator compiles findings into a formatted security report.
By the numbers
| Metric | Value |
|---|---|
| Scanning tools | 3 (ICMP ping, SYN scanner, TLS analyzer) |
| Test endpoints | 5 (badssl.com variants) |
| Vulnerability classes detected | 4 (expired, self-signed, hostname mismatch, outdated TLS) |
| Certificate parsing | Full X.509 chain with SAN wildcard validation |
| Report output | Automated PDF with findings |
| Protocols analyzed | ICMP, TCP, TLS/SSL |
Architecture
targets.txt
|
+--> ICMP Ping / Traceroute ----+
| |
+--> TCP SYN Scanner -----------+--> PDF Report Generator --> Security Report PDF
| |
+--> TLS Certificate Analyzer --+
|
v
tls_report.jsonKey features
- TCP SYN scanning via Scapy — Raw packet crafting. Sends SYN, reads SYN-ACK (0x12) for open ports or RST-ACK (0x14) for closed, then sends RST to clean up half-open connections.
- TLS certificate chain analysis — Connects to endpoints without certificate verification (intentionally, to analyze broken certs), then parses the full X.509 chain for subject, issuer, dates, extensions, and cipher suites.
- 4-class vulnerability detection — Expired certificates (not_after vs.
current time), self-signed certificates (subject == issuer), hostname
mismatches (including wildcard pattern validation for
*.domain.com), and outdated TLS versions (TLSv1.0, TLSv1.1). - ICMP ping with TTL-based traceroute — Varies TTL values to discover intermediate network hops, interpreting ICMP type 0 (echo reply) and type 11 (time exceeded) responses.
- Automated PDF report generation — Uses fpdf2 with structured formatting, color-coded findings, and professional layout compiled from all three tools' output.
What makes it stand out
- Validated against real broken endpoints. Tested against badssl.com variants that intentionally exhibit each vulnerability class. The analyzer correctly identifies each misconfiguration type.
- Raw packet craft, not wrappers. SYN scanning and ICMP traceroute
built on Scapy with explicit flag handling, not
nmaporpingshell-outs. - Full X.509 parsing. Extracts Subject Alternative Names from certificate extensions and reports cipher suite details — not just pass/fail.
Stack
| Layer | Technology |
|---|---|
| Language | Python 3.11+ |
| Network | Scapy (raw packet crafting) |
| Cryptography | cryptography (X.509 parsing) |
| TLS | ssl module (handshake, cipher negotiation) |
| Reporting | fpdf2 (PDF generation) |