Golang Security Resources | GolangResource

Filter By

Golang Security

SPIRE is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms

SPIRE (the SPIFFE Runtime Environment) is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms

Jan 2, 2023

Build awesome Golang desktop apps and beautiful interfaces with Vue.js, React.js, Framework 7, and more...

Guark Guark allows you to build beautiful user interfaces using modern web technologies such as Vue.js, React.js..., while your app logic handled and

Jan 1, 2023

DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it

DirDar v1.0 Description 🏴‍☠️ bypass forbidden directories - find and identify dir listing - you can use it as directory brute-forcer as well Compatab

Jan 1, 2023

zero-trust remote firewall instrumentation

ShieldWall embraces the zero-trust principle and instruments your server firewall to block inbound connections from every IP on any port, by default.

Jan 1, 2023

A fast tool to scan CRLF vulnerability written in Go

CRLFuzz A fast tool to scan CRLF vulnerability written in Go Resources Installation from Binary from Source from GitHub Usage Basic Usage Flags Target

Jan 1, 2023

Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain.

pinentry-touchid Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain. Macbook Pro devic

Jan 1, 2023

Automatic Linux privesc via exploitation of low-hanging fruit

Traitor Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy! Traitor packages up a bunch of methods to e

Jan 1, 2023

Find secrets and passwords in container images and file systems

Jan 1, 2023

The fastest dork scanner written in Go.

go-dork The fastest dork scanner written in Go. There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yaho

Jan 1, 2023

Sensitive information protection toolkit

godlp 一、简介为了保障企业的数据安全和隐私安全，godlp 提供了一系列针对敏感数据的识别和处置方案，其中包括敏感数据识别算法，数据脱敏处理方式，业务自定义的配置选项和海量数据处理能力。 godlp 能够应用多种隐私合规标准，对原始数据进行分级打标、判断敏感级别和实施相应的脱敏处理。 In

Jan 1, 2023

A vulnerability scanner for container images and filesystems

Jan 1, 2023

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple to

Dec 31, 2022

ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file.

ZipExec ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded i

Dec 31, 2022

Search for vulnerabilities and exposures while filtering based on age, keywords, and other parameters.

FAV/E FAV/E (Find A Vulnerability/Exposure) utilizes the NIST CVE database search API to search for vulnerabilities and exposures while filtering base

Dec 31, 2022

Cyber Stasis is an economic simulator in the form of a fictional game based on global real-time demand and supply.

Cyber Stasis Cyber Stasis is an economic simulator in the form of a fictional game based on global real-time demand and supply. How to Play The game r

Dec 31, 2022

Obfuscate Go code by wrapping the Go toolchain

Obfuscate Go code by wrapping the Go toolchain.

Dec 31, 2022

Let's Encrypt client and ACME library written in Go

Let's Encrypt client and ACME library written in Go. Features ACME v2 RFC 8555 Register with CA Obtain certificates, both from scratch or with an exis

Dec 30, 2022

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on

Dec 30, 2022

🌰 encrypt/decrypt using ssh keys

ssh-vault 🌰 encrypt/decrypt using ssh private keys Documentation https://ssh-vault.com Usage $ ssh-vault -h Example: $ echo "secret" | ssh-vault -u

Dec 30, 2022

An easy-to-use XChaCha20-encryption wrapper for io.ReadWriteCloser (even lossy UDP) using ECDH key exchange algorithm, ED25519 signatures and Blake3+Poly1305 checksums/message-authentication for Go (golang). Also a multiplexer.

Quick start Prepare keys (on both sides): [ -f ~/.ssh/id_ed25519 ] && [ -f ~/.ssh/id_ed25519.pub ] || ssh-keygen -t ed25519 scp ~/.ssh/id_ed25519.pub

Dec 30, 2022

Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

Fast and customisable vulnerability scanner based on simple YAML based DSL. How • Install • For Security Engineers • For Developers • Documentation •

Dec 30, 2022

A modern tool for the Windows kernel exploration and tracing

Fibratus A modern tool for the Windows kernel exploration and observability Get Started » Docs • Filaments • Download • Discussions What is Fibratus?

Dec 30, 2022

Git-like capabilities for your object storage

What is lakeFS lakeFS is an open source layer that delivers resilience and manageability to object-storage based data lakes. With lakeFS you can build

Dec 30, 2022

研究利用golang来bypassAV

GolangBypassAV 研究利用golang来bypassAV 说明免杀这块本来就不是web狗擅长的，而且作为一个web狗也没必要花太多时间来折腾这个，达到能用就行，不要追求全部免杀，能免杀目标就行。

Dec 30, 2022

:key: Idiotproof golang password validation library inspired by Python's passlib

passlib for go Python's passlib is quite an amazing library. I'm not sure there's a password library in existence with more thought put into it, or wi

Dec 30, 2022

Secure software enclave for storage of sensitive information in memory.

MemGuard Software enclave for storage of sensitive information in memory. This package attempts to reduce the likelihood of sensitive data being expos

Dec 30, 2022

ARP spoofing tool based on go language, supports LAN host scanning, ARP poisoning, man-in-the-middle attack, sensitive information sniffing, HTTP packet sniffing

[ARP Spoofing] [Usage] Commands: clear clear the screen cut 通过ARP欺骗切断局域网内某台主机的网络 exit exit the program help display help hosts 主机管理功能 loot 查看嗅探到的敏感信息

Dec 30, 2022

ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。

ServerScan ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗ ███████╗ ██████╗ █████╗ ███╗ ██╗ ██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗

Dec 30, 2022

PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. You can use PHP like functions in your app, module etc. when you add this module to your project.

PHP Functions for Golang - phpfuncs PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. Y

Dec 30, 2022

全新的开源漏洞测试框架，实现poc在线编辑、运行、批量测试。使用文档：

pocassist是一个 Golang 编写的全新开源漏洞测试框架。简单易用只需要在前端编辑，即可生成poc对批量目标进行测试单二进制文件，无依赖，也无需安装性能优秀支持高并发，通过使用 ants实例化协程池，复用 goroutine 多重内存复用，尽可能小的内存占用规则体系完全兼容x

Dec 30, 2022

:lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)

acmetool is an easy-to-use command line tool for automatically acquiring certificates from ACME servers (such as Let's Encrypt). Designed to flexibly

Dec 29, 2022

A scalable overlay networking tool with a focus on performance, simplicity and security

What is Nebula? Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. It lets you seamlessly connect comp

Dec 29, 2022

SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

SourcePoint SourcePoint is a polymorphic C2 profile generator for Cobalt Strike C2s, written in Go. SourcePoint allows unique C2 profiles to be genera

Dec 29, 2022

A template for creating new Golang + Docker + Canonical Domain + Badges + Renovate + Golangci + Goreleaser + CircleCI + ...

golang-repo-template 😄 golang-repo-template Usage foo@bar:~$ golang-repo-template hello world _

Dec 29, 2022

Golang port of SharpEDRChecker: EDRHunt

EDRHunt scans Windows services, drivers, processes, registry for installed EDRs.

Dec 29, 2022

Coraza Server is the most ambitious implementation of Coraza WAF

Coraza Server is the most ambitious implementation of Coraza WAF, it's designed to integrate with systems written in different languages, like C, using multiple protocols like SPOA, REST and GRPC.

Dec 29, 2022

边界打点后的自动化渗透工具

InScan开源扫描器简介本工具只可用于安全测试，勿用于非法用途！工具定位边界打点后的自动化内网工具，完全与服务端脱离。服务端只用于生成poc，网段信息等配置。内网渗透痛点目前已有的扫描器，依赖库较多，体积过于庞大，在内网渗透中，很多极端情况无法安装扫描器，使用socks4/socks5

Dec 29, 2022

Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user.

Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user. Drift

Dec 29, 2022

Incident Response - Fast suspicious file finder

FastFinder - Incident Response - Fast suspicious file finder What is this project designed for? FastFinder is a lightweight tool made for threat hunti

Dec 28, 2022

The Go Vulnerability Database

The Go Vulnerability Database golang.org/x/vulndb This repository is a prototype of the Go Vulnerability Database. Read the Draft Design. Neither the

Dec 28, 2022

Gitrob: Putting the Open Source in OSINT

Gitrob: Putting the Open Source in OSINT Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github. Gitrob wil

Dec 28, 2022

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

age age is a simple, modern and secure file encryption tool, format, and library. It features small explicit keys, no config options, and UNIX-style c

Dec 28, 2022

androidqf (Android Quick Forensics) helps quickly gathering forensic evidence from Android devices, in order to identify potential traces of compromise.

androidqf androidqf (Android Quick Forensics) is a portable tool to simplify the acquisition of relevant forensic data from Android devices. It is the

Dec 28, 2022

Update-java-ca-certificates - Small utility to convert the system trust store to a system Java KeyStore

update-java-ca-certificates This small utility takes care of creating a system-w

Dec 28, 2022

Convenience of containers, security of virtual machines

Convenience of containers, security of virtual machines With firebuild, you can build and deploy secure VMs directly from Dockerfiles and Docker image

Dec 28, 2022

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

Database protection suite with field level encryption and intrusion detection. | Acra Engineering Examples | Documentation | Installation | Examples a

Dec 28, 2022

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Introduction Microsoft Application Inspector is a software source code characterization tool that helps identify coding features of first or third par

Dec 28, 2022

DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Minify and Secure Docker containers (free and open source!) Don't change anything in your Docker container image and minify it by up to 30x making it

Dec 27, 2022