Skip to content

sumin-world/rust-security-suminworld

BranchesTags

Repository files navigation

rust-security-suminworld πŸ¦€πŸ”’

Rust License: MIT CI GitHub last commit GitHub stars

Rust-based Security Research Lab β€” Passive Wi-Fi auditing, packet fuzzing, Discord security bots, cryptography toolkit, and kernel-level research, all written in safe, high-performance Rust.

πŸ”– Topics

rust Β· security Β· cybersecurity Β· wifi Β· wireless-security Β· penetration-testing Β· 802.11 Β· pcap Β· cryptography Β· merkle-tree Β· fuzzing Β· discord-bot

🎯 Overview

rust-security-suminworld is a Cargo workspace containing practical security tools and educational research modules. Every crate compiles with zero warnings, passes cargo clippy cleanly, and ships with unit + integration tests (64 tests total).

Highlights
πŸš€ High Performance Async I/O via Tokio, zero-cost abstractions
πŸ›‘οΈ Memory Safe Ownership & borrowing eliminate buffer overflows and use-after-free
πŸ§ͺ Well Tested 64 tests across all workspace members
πŸ“ Clean Code 0 compiler warnings, 0 clippy lints, cargo fmt enforced
🧩 Modular Each tool is an independent crate β€” build and run individually

πŸ“¦ Workspace Members

Crate Type Description
port_scanner πŸ”§ Tool High-performance async TCP port scanner (Tokio + Semaphore)
discord_audit_bot πŸ”§ Tool Discord server security audit bot (Serenity)
packet-match-fuzz πŸ”§ Tool KMP pattern matcher & mutation fuzzer for packet payloads
wifi_audit πŸ”§ Tool Passive 802.11 Wi-Fi auditor (Beacon / Probe analysis)
crypto πŸ”¬ Research Educational cryptography: Caesar, VigenΓ¨re, XOR, Feistel, RSA, FNV-1a
merkle πŸ”¬ Research SHA-256 Merkle tree with domain-separated hashing & inclusion proofs
kernel-features πŸ”¬ Research Rust-for-Linux language features study (Field Projection, In-place Init, Arbitrary Self Types)

⚠️ All tools are for educational and authorized security testing only.

πŸš€ Quick Start

Prerequisites

  • Rust β‰₯ 1.75 β€” install via rustup
  • libpcap (for wifi_audit): 
    # Ubuntu / Debian
sudo apt install -y libpcap-dev build-essential
# macOS
brew install libpcap

Build & Test

git clone https://github.com/sumin-world/rust-security-suminworld.git
cd rust-security-suminworld

# Build everything
cargo build --release

# Run all 64 tests
cargo test

# Lint check (should produce 0 warnings)
cargo clippy --all-targets

Run Individual Tools

# Port scanner
cargo run -p port_scanner -- 192.168.1.1 --range 1-1024 --fast

# Discord bot (set token first)
cp .env.example tools/discord_audit_bot/.env   # then fill in DISCORD_TOKEN
cargo run -p discord_audit_bot

# Wi-Fi audit (requires monitor mode + root)
sudo cargo run -p wifi_audit -- --iface wlan0mon

# Crypto demo (Caesar, Vigenère, XOR, Feistel, FNV, entropy)
cargo run -p research-crypto --example demo

# Packet fuzzing library
cargo test -p packet-match-fuzz

πŸ”§ Tools

Port Scanner

Async TCP port scanner using Tokio with configurable concurrency and timeout.

# Scan common ports
cargo run -p port_scanner -- scanme.nmap.org -p 22,80,443

# Fast scan (top 1024 ports, 1024 concurrent, 200ms timeout)
cargo run -p port_scanner -- 10.0.0.1 --fast

Tests: 19 unit tests covering parse_range, parse_ports_list, dedup_sort, preview_ports.

Discord Audit Bot

Modular Discord security bot built with Serenity. Refactored from a single 1,191-line file into five clean modules:

Module Responsibility
main.rs Entry point & Serenity client setup
models.rs SecurityReport, SecurityLevel, AppState structs
scanner.rs SecurityScanner β€” audit logic & report formatting
handler.rs EventHandler β€” Discord command dispatch
helpers.rs Embed builders, account_age_days utility

Packet-Match-Fuzz

Full KMP-based pattern-matching and mutation-fuzzing library for packet payloads:

Module Purpose
kmp.rs KMP string matcher β€” find_all, find_first, contains
stream.rs Streaming matcher that retains state across packet chunks
fuzz.rs Mutation fuzzer (BitFlip, ByteReplace, ByteInsert, ByteDelete, ChunkShuffle)

Tests: 15 unit tests + 1 doc-test.

Wi-Fi Audit

Passive 802.11 auditing tool β€” captures Beacon frames, Probe Requests, and Probe Responses via libpcap in monitor mode.

sudo cargo run -p wifi_audit -- --iface wlan0mon --list-clients

πŸ”¬ Research

Cryptography Toolkit (research/crypto)

Educational implementations with comprehensive tests:

Module Algorithms
classical.rs Caesar cipher, Vigenère cipher
symmetric.rs XOR cipher, Feistel network
asymmetric.rs RSA (Miller–Rabin, modular exponentiation)
hash.rs FNV-1a hash, hash-chain with reduction
utils.rs Hex encoding, Shannon entropy, random BigUint

Tests: 18 unit tests. Demo: cargo run -p research-crypto --example demo

Merkle Tree (research/merkle)

SHA-256 Merkle tree with domain-separated hashing (leaf 0x00 prefix vs internal 0x01 prefix) for second-preimage resistance.

  • from_leaves() β€” build from arbitrary byte slices
  • root() β€” get the 32-byte root hash
  • proof(index) β€” generate inclusion proof
  • verify(root, leaf, proof, index) β€” static verification
  • leaf_count() β€” number of leaves

Tests: 7 tests (4 unit + 3 integration).

Kernel Features Study (research/kernel-features)

Executable examples exploring Rust language features needed for Linux kernel development:

Example Feature
field_projection Struct field projection through smart pointers
inplace_init In-place initialization (avoiding large stack copies)
smart_pointers Arbitrary self types for custom smart pointers
limitations Current limitations & development timeline

Tests: 4 unit tests. Docs: research/kernel-features/docs/

πŸ”Ž Side-Channel Research β€” Flush+Reload PoC

⚠️ Educational only. Run exclusively on hardware you own.

The poCs/cache/ directory contains a C-based Flush+Reload cache side-channel proof-of-concept:

File Role
victim_sim.c Victim: repeatedly accesses a probe array indexed by a secret byte
flush_reload_attacker.c Attacker: uses clflush + rdtscp to measure access times
flush_reload_attacker_csv.c Attacker variant: outputs iter,cycles CSV for analysis 
# Compile
gcc -O2 -o victim_sim poCs/cache/victim_sim.c
gcc -O2 -o attacker   poCs/cache/flush_reload_attacker_csv.c

# Run
./victim_sim &
VICTIM_PID=$!
./attacker > /tmp/flush_reload_data.csv
kill $VICTIM_PID

Cache hits (~1,000 cycles) vs cache misses (>100,000 cycles) reveal whether the victim accessed the targeted memory line.

πŸ“ Project Structure

rust-security-suminworld/
β”œβ”€β”€ Cargo.toml               # Workspace manifest (shared deps, profiles)
β”œβ”€β”€ tools/
β”‚   β”œβ”€β”€ port_scanner/        # Async TCP port scanner
β”‚   β”œβ”€β”€ discord_audit_bot/   # Discord security audit bot (5 modules)
β”‚   β”œβ”€β”€ packet-match-fuzz/   # KMP matcher + mutation fuzzer
β”‚   └── wifi_audit/          # Passive 802.11 auditor
β”œβ”€β”€ research/
β”‚   β”œβ”€β”€ crypto/              # Educational cryptography toolkit
β”‚   β”œβ”€β”€ merkle/              # SHA-256 Merkle tree
β”‚   └── kernel-features/     # Rust-for-Linux feature study
β”œβ”€β”€ poCs/
β”‚   └── cache/               # Flush+Reload side-channel PoC (C)
β”œβ”€β”€ docs/
β”‚   β”œβ”€β”€ learning_notes.md    # Study notes
β”‚   └── LEGAL_NOTICE.md      # Legal & ethical guidance
β”œβ”€β”€ .github/workflows/ci.yml # CI pipeline
β”œβ”€β”€ CONTRIBUTING.md
β”œβ”€β”€ CODE_OF_CONDUCT.md
β”œβ”€β”€ SECURITY.md
└── LICENSE                  # MIT

πŸ“Š Code Quality

Metric Value
Compiler warnings 0
Clippy lints 0
Test count 64 (all passing)
Test failures 0
Formatting cargo fmt enforced

Test Breakdown

Crate Tests
port_scanner 19
crypto 18
packet-match-fuzz 16
merkle 7
kernel-features 4
Total 64

πŸ›£οΈ Roadmap

βœ… Phase 1 β€” Core (Complete)

  • Async TCP port scanner with CLI
  • Discord security audit bot (modular architecture)
  • KMP packet pattern matcher & mutation fuzzer
  • Passive Wi-Fi audit tool (802.11)
  • Educational cryptography toolkit
  • SHA-256 Merkle tree with domain separation
  • Rust-for-Linux kernel features study
  • Flush+Reload cache side-channel PoC

πŸ”œ Phase 2 β€” Advanced Tools

  • Hash Cracker β€” dictionary attacks, rainbow tables
  • Web Fuzzer β€” directory discovery, parameter injection
  • Log Analyzer β€” multi-format parsing, anomaly detection
  • Packet Sniffer β€” real-time protocol decoding

🀝 Contributing

Contributions of all levels are welcome! See CONTRIBUTING.md for details.

# Development workflow
cargo fmt --all             # Format
cargo clippy --all-targets  # Lint
cargo test                  # Test

Please ensure your PR introduces zero new warnings and includes tests for new functionality.

⚠️ Ethical Use & Disclaimer

All tools are intended exclusively for:

  • πŸ“š Educational purposes β€” learning cybersecurity concepts
  • πŸ›‘οΈ Authorized testing β€” only on systems you own or have explicit permission to test
  • πŸ”¬ Security research β€” improving defensive capabilities

The authors assume no liability for misuse. Users are solely responsible for ensuring compliance with applicable laws. See LEGAL_NOTICE.md and SECURITY.md.

πŸ“„ License

MIT β€” free for commercial and personal use.

πŸ”— Links
πŸ“¦ Repository github.com/sumin-world/rust-security-suminworld
πŸ› Issues Report a bug
πŸ“– Rust Book doc.rust-lang.org/book
⚑ Tokio tokio.rs
πŸ” RustCrypto github.com/RustCrypto

Built with πŸ¦€ Rust β€” memory-safe, blazingly fast, fearlessly concurrent.

⭐ Star · Issues · Releases

About

let'sRUst!

github.com/sumin-world

Topics

rust security pcap linux-kernel wifi cybersecurity penetration-testing qemu 80211 wireless-security passive-monitoring kernel-security

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages