Filter By
435 Resources
Golang Security
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple to
A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index
Nancy nancy is a tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index, and as well, works with Nexus IQ Server
How to systematically secure anything: a repository about security engineering
How to Secure Anything Security engineering is the discipline of building secure systems. Its lessons are not just applicable to computer security. In
A vulnerability scanner for container images and filesystems
A vulnerability scanner for container images and filesystems
Find secrets and passwords in container images and file systems
Find secrets and passwords in container images and file systems
边界打点后的自动化渗透工具
InScan开源扫描器 简介 本工具只可用于安全测试,勿用于非法用途! 工具定位 边界打点后的自动化内网工具,完全与服务端脱离。服务端只用于生成poc,网段信息等配置。 内网渗透痛点 目前已有的扫描器,依赖库较多,体积过于庞大,在内网渗透中,很多极端情况无法安装扫描器,使用socks4/socks5
Tracee: Linux Runtime Security and Forensics using eBPF
Tracee is a Runtime Security and forensics tool for Linux. It is using Linux eBPF technology to trace your system and applications at runtime, and analyze collected events to detect suspicious behavioral patterns.
coyim - a safe and secure chat client
CoyIM - a safe and secure chat client CoyIM is a new client for the XMPP protocol. It is built upon https://github.com/agl/xmpp-client and https://git
firedrill is a malware simulation harness for evaluating your security controls
firedrill 🧯 Malware simulation harness. Build native binaries for Windows, Linux and Mac simulating malicious behaviours. Test the effectiveness of y
Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain.
pinentry-touchid Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain. Macbook Pro devic
Signing prototype
sigstore signing CLI tool ⚠️ Not ready for use yet! sigstore CLI is a generic tool to sign blobs, tarballs etc and establish a trust root using the si
CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻💻
CVE-2021-3449 OpenSSL 1.1.1k DoS exploit Usage: go run . -host hostname:port This program implements a proof-of-concept exploit of CVE-2021-3449 affe
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
SourcePoint SourcePoint is a polymorphic C2 profile generator for Cobalt Strike C2s, written in Go. SourcePoint allows unique C2 profiles to be genera
🔑 A decentralized key derivation protocol for simple passphrase.
Throttled Identity Protocol (TIP) is a decentralized key derivation protocol, which allows people to obtain a strong secret key through a very simple passphrase, e.g. a six-digit PIN.
Container Signing
cosign Container Signing, Verification and Storage in an OCI registry. Cosign aims to make signatures invisible infrastructure. Info Cosign is develop
Shellcode implementation of Reflective DLL Injection by Golang. Convert DLLs to position independent shellcode
🐸 Frog For Automatic Scan 🐶 Doge For Defense Evasion&Offensive Security Doge-sRDI Shellcode implementation of Reflective DLL Injection by Golang. Co
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
age age is a simple, modern and secure file encryption tool, format, and library. It features small explicit keys, no config options, and UNIX-style c
gosec - Golang Security Checker
Inspects source code for security problems by scanning the Go AST.
A tool for secrets management, encryption as a service, and privileged access management
Vault Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please respo
kunpeng是一个Golang编写的开源POC框架/库,以动态链接库的形式提供各种语言调用,通过此项目可快速开发漏洞检测类的系统。
Kunpeng 简介 Kunpeng是一个Golang编写的开源POC检测框架,集成了包括数据库、中间件、web组件、cms等等的漏洞POC(查看已收录POC列表),可检测弱口令、SQL注入、XSS、RCE等漏洞类型,以动态链接库的形式提供调用,通过此项目可快速开发漏洞检测类的系统,比攻击者快一步发
Obfuscate Go code by wrapping the Go toolchain
Obfuscate Go code by wrapping the Go toolchain.
A rest application to update firewalld rules on a linux server
Firewalld-rest A REST application to dynamically update firewalld rules on a linux server. Firewalld is a firewall management tool for Linux operating
SPIRE is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms
SPIRE (the SPIFFE Runtime Environment) is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms
Check and exploit log4j2 vulnerability with single Go program.
Log4Shell Check and exploit log4j2 vulnerability with single Go program. You don't need to install anything except develop it. It supports ldaps and h
Let's Encrypt client and ACME library written in Go
Let's Encrypt client and ACME library written in Go. Features ACME v2 RFC 8555 Register with CA Obtain certificates, both from scratch or with an exis
A scalable overlay networking tool with a focus on performance, simplicity and security
What is Nebula? Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. It lets you seamlessly connect comp
A fast tool to scan CRLF vulnerability written in Go
CRLFuzz A fast tool to scan CRLF vulnerability written in Go Resources Installation from Binary from Source from GitHub Usage Basic Usage Flags Target
一款适用于红蓝对抗中的蜜罐和钓鱼系统
goblin 钓鱼演练工具 [English Readme Click Me] goblin 是一款适用于红蓝对抗的钓鱼演练工具。通过反向代理,可以在不影响用户操作的情况下无感知的获取用户的信息,或者诱导用户操作。也可以通过使用代理方式达到隐藏服务端的目的。内置插件,通过简单的配置,快速调整网页内容
Secure software enclave for storage of sensitive information in memory.
MemGuard Software enclave for storage of sensitive information in memory. This package attempts to reduce the likelihood of sensitive data being expos
A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting Family project Table of Contents Weapons Contribute Thanks to con
Golang port of SharpEDRChecker: EDRHunt
EDRHunt scans Windows services, drivers, processes, registry for installed EDRs.
Coraza WAF is a golang modsecurity compatible web application firewall library
Coraza Web Application Firewall, this project is a Golang port of ModSecurity with the goal to become the first enterprise-grade Open Source Web Application Firewall, flexible and powerful enough to serve as the baseline for many projects.
Convenience of containers, security of virtual machines
Convenience of containers, security of virtual machines With firebuild, you can build and deploy secure VMs directly from Dockerfiles and Docker image
Golang package for reading FoxPro DBF/FPT files.
go-foxpro-dbf Golang package for reading FoxPro DBF/FPT files. This package provides a reader for reading FoxPro database files. At this moment it is
Automatic Linux privesc via exploitation of low-hanging fruit
Traitor Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy! Traitor packages up a bunch of methods to e
全新的开源漏洞测试框架,实现poc在线编辑、运行、批量测试。使用文档:
pocassist是一个 Golang 编写的全新开源漏洞测试框架。 简单易用 只需要在前端编辑,即可生成poc对批量目标进行测试 单二进制文件,无依赖,也无需安装 性能优秀 支持高并发,通过使用 ants实例化协程池,复用 goroutine 多重内存复用,尽可能小的内存占用 规则体系 完全兼容x
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Lightweight static analysis for many languages. Find bugs and enforce code standards. Semgrep is a fast, open-source, static analysis tool that finds
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources.
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well.
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。 支持主机存活探测、端口扫描、常见服务的爆破、ms17010、redis批量写公钥、计划任务反弹shell、读取win网卡信息、web指纹识别、web漏洞扫描等。
Sqreen's Application Security Management for the Go language
Sqreen's Application Security Management for Go After performance monitoring (APM), error and log monitoring it’s time to add a security component int
Gryffin is a large scale web security scanning platform.
Gryffin (beta) Gryffin is a large scale web security scanning platform. It is not yet another scanner. It was written to solve two specific problems w
Gitrob: Putting the Open Source in OSINT
Gitrob: Putting the Open Source in OSINT Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github. Gitrob wil
Analyse binaries for missing security features, information disclosure and more.
extrude Analyse binaries for missing security features, information disclosure and more. 🚧 Extrude is in the early stages of development, and current
A Flask-based HTTP(S) command and control (C2) framework with a web frontend. Malleable agents written in Go and scripts written in bash.
▄▄▄▄ ██▓ █████▒██▀███ ▒█████ ██████ ▄▄▄█████▓ ▓█████▄ ▓██▒▓██ ▒▓██ ▒ ██▒▒██▒ ██▒▒██ ▒ ▓ ██▒ ▓▒ ▒██▒ ▄██▒██▒▒████ ░▓██ ░▄█ ▒▒██░ ██▒░
Ladon Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介 LadonGo一款开源内网渗透扫描器框架,使用它可轻松一键探测C段、B段、A段存活主机、指纹识别、端口扫描、密码爆破、远程执行、高危漏洞检测等。3.6版本包含2
An authorization library that supports access control models like ACL, RBAC, ABAC in Golang
Casbin News: still worry about how to write the correct Casbin policy? Casbin online editor is coming to help! Try it at: https://casbin.org/editor/ C
✒ A self-hosted, cross-platform service to sign iOS apps using any CI as a builder
iOS Signer Service A self-hosted, cross-platform service to sign iOS apps using any CI as a builder Introduction There are many reasons to install app
A modern tool for the Windows kernel exploration and tracing
Fibratus A modern tool for the Windows kernel exploration and observability Get Started » Docs • Filaments • Download • Discussions What is Fibratus?
Purpose-built security agent for hosted runners
Step Security Agent Purpose-built security agent for hosted runners To pilot it, add the following code to your GitHub Actions workflow file as the fi
step-ca is an online certificate authority for secure, automated certificate management.
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
Minify and Secure Docker containers (free and open source!) Don't change anything in your Docker container image and minify it by up to 30x making it
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Finder Of XSS, and Dal(달) is the Korean pronunciation of moon. What is DalFox 🌘 🦊 DalFox is a fast, powerful parameter analysis and XSS scanner, bas