369 Resources
Golang dependency-security Libraries
Wire: Automated Initialization in Go
Wire: Automated Initialization in Go Wire is a code generation tool that automates connecting components using dependency injection. Dependencies betw
Web-based, zero-config, dependency-free database schema change and version control tool for teams
Live Demo • Install • Help • Development • Design Doc Bytebase is a web-based, zero-config, dependency-free database schema change and version control
Gitscanner is used to perform a variety of security checks against Git repositories and is expandable. Feel free to add your own checks.
Git Repository security checker This is a fast Go implementation to check Git repositories (local or remote) for some common security issues. It relie
Pure Golang implementation of server-side ECMR exchange functionality (Tang server)
Tang.go Tang.go pure-go library that implement server side of ECMR key exchange. It functionally similar to Tang project. The library also provides a
Validate the Strength of a Password in Go
go-password-validator Simple password validator using raw entropy values. Hit the project with a star if you find it useful ⭐ Supported by Qvault This
beego framework filter for easy security headers management
beego-security-headers beego-security-headers is a beego framework filter which allows HTTP response security headers to be easily managed on applicat
Go HTTP Strict Transport Security library
HTTP Strict Transport Security (HSTS) http RoundTripper implementing HTTP Strict Transport Security (RFC 6797) with sites preloaded from Chromium usin
Find which of your go lang direct GitHub dependencies is susceptible to ChainJacking attack
ChainJacking is a tool to find which of your Go lang direct GitHub dependencies is susceptible to ChainJacking attack. Read more about it here Require
Simple Golang HTTPS/TLS Examples
Generate private key (.key) # Key considerations for algorithm "RSA" ≥ 2048-bit openssl genrsa -out server.key 2048 # Key considerations for algorith
Golang for Security Professionals
Hacking with Go This is my attempt at filling the gap in Go security tooling. When starting to learn Go, I learned from a lot of tutorials but I could
Clean Architecture template for Golang services
Go Clean template Clean Architecture template for Golang services Overview The purpose of the template is to show: how to organize a project and preve
A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.
PewSWITCH A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157. Related blog: https://0xinfection.github.io/p
alog is a dependency free, zero/minimum memory allocation JSON logger with extensions
Alog (c) 2020-2021 Gon Y Yi. https://gonyyi.com. MIT License Version 1.0.0 Intro Alog was built with a very simple goal in mind: Support Tagging (and
Dependency-Free Bencode Editor
rbEdit A statically compiled and dependency-free Bencode editor in Go, useful for command line use and scripts. Quick Start # Compile for linux arch:
A golang CTF competition platform with high-performance, security and low hardware requirements.
CTFgo - CTF Platform written in Golang A golang CTF competition platform with high-performance, security and low hardware requirements. Live Demo • Di
A mobile security hash generator using golang
Mobile Security Hash Generator Project scope This little script is my first experiment using Go. I wrote it for my friend @marcotrumpet because he nee
Analyse binaries for missing security features, information disclosure and more.
extrude Analyse binaries for missing security features, information disclosure and more. 🚧 Extrude is in the early stages of development, and current
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Table of contents 1. About 2. Getting started 2.1. Requirements 2.2. Installation 3. Usage 3.1. CLI Usage 3.2. Using Docker 3.3. Older versions 3.4. U
Frontend to display data from huskyCI analyses
How does it work? The main goal of this project is to provide a front-end for every huskyCI user to check the stats of the analyses done. If you don't
Prevent unauthorised access of public endpoints by for example bots or bad clients.
Anonymous API Auth Provider Inspired by: https://hackernoon.com/improve-the-security-of-api-keys-v5kp3wdu Architecture The basic idea is, to prevent u
Prevent unauthorised access of public endpoints by for example bots or bad clients.
Anonymus API Auth Provider Inspired by: https://hackernoon.com/improve-the-security-of-api-keys-v5kp3wdu Architecture The basic idea is, to prevent un
A demo repo to show KICS Github Action in Action
🤖 KICS GitHub Actions Demo This repository shows how KICS GitHub Action can be set and was fully inspired by the documentation on KICS GitHub Actions
A Declarative Cloud Firewall Reverse Proxy Solution with Companion Mobile App
A declarative Cloud firewall reverse proxy solution with inbuilt DDoS protection and alerting mechanism to protect your servers and keeping an eye on those malicious requests
Purpose-built security agent for hosted runners
Step Security Agent Purpose-built security agent for hosted runners To pilot it, add the following code to your GitHub Actions workflow file as the fi
A vulnerability scanner for container images and filesystems
A vulnerability scanner for container images and filesystems
A scanner for running security-related configuration checks such as CIS benchmarks
Localtoast Localtoast is a scanner for running security-related configuration checks such as CIS benchmarks in an easily configurable manner. The scan
A golang library to validate and format swiss social security numbers
s3n is a golang library to validate and format swiss social security numbers (aka. AVS in french and AHV in german).
Simple web content/proxy server that embodies enterprise zero trust security
pswa - Protected Static Web App Introduction pswa is a simple web content/proxy server which is suitable for various static web apps. Features Availab
Interactive dependency graph visualization tool for golang
Interactive dependency graph visualization tool for golang using the awesome cytoscape graph visualizer.
A CLI tool to display all dependencies or dependents of an object in a Kubernetes cluster.
kube-lineage A CLI tool to display all dependencies or dependents of an object in a Kubernetes cluster. Usage $ kube-lineage clusterrole system:metric
GitHub App to set and enforce security policies
Allstar Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies. Its goal is to be able to continuousl
firedrill is a malware simulation harness for evaluating your security controls
firedrill 🧯 Malware simulation harness. Build native binaries for Windows, Linux and Mac simulating malicious behaviours. Test the effectiveness of y
Kubernetes Pod Security Standards implementation
Pod Security Admission The Pod Security Standards are a set of best-practice profiles for running pods securely. This repository contains the codified
Gitrob: Putting the Open Source in OSINT
Gitrob: Putting the Open Source in OSINT Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github. Gitrob wil
CloudQuery extracts, transforms, and loads your cloud assets into normalized PostgreSQL tables.
The open-source cloud asset inventory backed by SQL. CloudQuery extracts, transforms, and loads your cloud assets into normalized PostgreSQL tables. C
CDK - Zero Dependency Container Penetration Toolkit
CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with penetration tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.
a collection of security projects
security projects A collection of security projects that I worked on from UC Berkeley's security course (cs 161) taught by Nick Weaver. Project 1 (Exp
Native, Protobuf & SQL-compliant objects used by offensive security tools.
Attacked Infrastructure Modular Specification (AIMS) Overview This repository aims to gather various declarations/specification of elements faced or n
A proxy to hide NFT metadata during the sale and prevent people from sniping specific NFTs.
NFT Sale Proxy A proxy to hide NFT metadata during the sale and prevent people from sniping specific NFTs. Check alephao/nft-sale-proxy-examples to se
Monmind - obfuscate multiple strings & hide text from binary searching
Monmind - obfuscate multiple strings & hide text from binary searching Obfuscation strings in golang code INSTALL You can install monmind by running:
Secure logger in Go to avoid output sensitive data in log
zlog A main distinct feature of zlog is secure logging that avoid to output secret/sensitive values to log. The feature reduce risk to store secret va
Kubernetes Operator to sync secrets between different secret backends and Kubernetes
Vals-Operator Here at Digitalis we love vals, it's a tool we use daily to keep secrets stored securely. We also use secrets-manager on the Kubernetes
Secret management toolchain
Harp TL;DR. Why harp? Use cases How does it work? Like a Data pipeline but for secret Immutable transformation What can I do? FAQ License Homebrew ins
One Time Passwords (OTPs) are an mechanism to improve security over passwords alone.
otp: One Time Password utilities Go / Golang Why One Time Passwords? One Time Passwords (OTPs) are an mechanism to improve security over passwords alo
Go linter which checks for dangerous unicode character sequences
bidichk - checks for dangerous unicode character sequences bidichk finds dangerous unicode character sequences in Go source files. Considered dangerou
A fast unused and duplicate dependency checker
Depp - A fast unused and duplicate package checker Installation npm install -g depp-installer (will try to get npm install -g depp later) Usage Just
Dependency management solution for Hashicorp Terraform modules
TERRADEP This is the module dependency solution for implementing terraform's modules dependency. Using this, users can now manage dependencies both fr
checkip is a CLI tool and library that checks an IP address using various public services.
checkip is a CLI tool and library that checks an IP address using various public services.
siusiu (suite-suite harmonics) a suite used to manage the suite, designed to free penetration testing engineers from learning and using various security tools, reducing the time and effort spent by penetration testing engineers on installing tools, remembering how to use tools.
siusiu (suite-suite harmonics) a suite used to manage the suite, designed to free penetration testing engineers from learning and using various security tools, reducing the time and effort spent by penetration testing engineers on installing tools, remembering how to use tools.
A small & fast dependency-free library for parsing micro expressions.
MicroExpr A small & fast dependency-free library for parsing micro expressions. This library was originally built for use in templating languages (e.g
mesh-kridik is an open-source security scanner that performs various security checks on a Kubernetes cluster with istio service mesh and is leveraged by OPA (Open Policy Agent) to enforce security rules.
mesh-kridik Enhance your Kubernetes service mesh security !! mesh-kridik is an open-source security scanner that performs various security checks on a
A go package implementing a simple logic-bomb.
puffgo A simple go package implementing a simple logic-bomb ❗ Warning ❗ This project is strictly for educational/research purposes, any malicious acti
Go binary that finds .EXEs and .DLLs on the system that don't have security controls enabled
Go Hunt Weak PEs Go binary that finds .EXEs and .DLLs on the system that don't have security controls enabled (ASLR, DEP, CFG etc). Usage $ ./go-hunt-
Golang jwt tokens without any external dependency
Yet another jwt lib This is a simple lib made for small footprint and easy usage It allows creating, signing, reading and verifying jwt tokens easily
Automatic AWS Security Group ingress through DDNS
Auto DDNS Security Lambda Update AWS Security Group rules to an IP resolved from a DNS hostname. Useful to dynamically allow ingress from a DDNS hostn
Dangling DNS entries detection tool.
dnscheck Introduction dnscheck is a tool that reads a list of domains from a file and checks them for the following issues: CNAMEs pointing to an uncl
depstat is a dependency analyzer for Go modules enabled projects.
depstat is a dependency analyzer for Go modules enabled projects. It runs as part of the Kubernetes CI pipeline to help evaluate dependency updates to Kubernetes.
kdigger is a context discovery tool for Kubernetes penetration testing.
kdigger kdigger, short for "Kubernetes digger", is a context discovery tool for Kubernetes penetration testing. This tool is a compilation of various
A dependency injection library that is focused on clean API and flexibility
Dependency injection DI is a dependency injection library that is focused on clean API and flexibility. DI has two types of top-level abstractions: Co
Fetches one or more DNS zones via AXFR and dumps in Unix hosts format for local use
axfr2hosts About axfr2hosts is a tool meant to do a DNS zone transfer in a form of AXFR transaction of one or more zones towards a single DNS server a
Jacket of google/wire: advanced DI approach wrapping google/wire for cloud.
Wire-Jacket: IoC Container of google/wire for cloud-native Jacket of google/wire: advanced DI approach wrapping google/wire for cloud. google/wire : h
A lightweight IoC dependency injection container for Golang
iocgo A lightweight IoC dependency injection container for Golang English | 中文 How to use Installation it requires Go 1.15 or newer versions. install
Open Source runtime scanner for OpenShift cluster and perform security audit checks based on CIS RedHat OpenShift Benchmark specification
OpenShift-Ordeal Scan your Openshift cluster !! OpenShift-Ordeal is an open source audit scanner who perform audit check on OpenShift Cluster and outp
two scripts written in golang that will help you recognize dependency confusion.
two scripts written in golang that will help you recognize dependency confusion.
Golang port of SharpEDRChecker: EDRHunt
EDRHunt scans Windows services, drivers, processes, registry for installed EDRs.
Fleet - Open source device management, built on osquery.
Fleet - Open source device management, built on osquery.
MNA - stands for mobile number assignment - a small zero external dependency golang library that is used to identify mobile number assignment in tanzania
MNA - stands for mobile number assignment - a small zero external dependency golang library that is used to identify mobile number assignment in tanzania
Red team tool that emulates the SolarWinds CI compromise attack vector.
SolarSploit Sample malicious program that emulates the SolarWinds attack vector. Listen for processes that use the go compiler Wait for a syscall to o
Ephemeral One Time/Build-Time gRPC TLS PKI system.
PkiSauce Ephemeral Build Time TLS PKI saucing for your intra services GRPC (or not) communications. Description A simple attempt to avoid deploying co
Simple PKI for developers.
SimpleCA Have you ever been working with a technology and needed TLS certificates quickly? Perhaps you wanted to set up a PKI infrastructure for testi
A "passwordless" login experience for your AWS RDS
RDS Auth Proxy A two-layer proxy for connecting into RDS postgres databases based on IAM authentication. This tool allows you to keep your databases f
Helm plugin to reference value files packaged in dependency charts
Helm Octopus Plugin This Helm plugin allows to reference packaged value files (other than the default values.yaml). Install helm plugin install https:
sso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal services
sso See our launch blog post for more information! Please take the SSO Community Survey to let us know how we're doing, and to help us plan our roadma
This plugin enhances Hashicorp Vault Service with cryptographic operations to create, import and sign using different type of keypairs and Ethereum wallets, including signing operation for public ethereum transaction, EEA and Quorum
Quorum Hashicorp Vault plugin The Quorum plugin enhances Hashicorp Vault Service with cryptographic operations under Vault engine, such as: Create and
2FA (Two-Factor Authentication) application for CLI terminal with support to import/export andOTP files.
zauth zauth is a 2FA (Two-Factor Authentication) application for terminal written in Go. Features Supports both TOTP and HOTP codes. Add new entries d
ZITADEL - Identity Experience Platform
What Is ZITADEL ZITADEL is a "Cloud Native Identity and Access Management" solution built for the cloud era. ZITADEL uses a modern software stack cons
Manage your dotfiles across multiple diverse machines, securely.
chezmoi Manage your dotfiles across multiple diverse machines, securely. With chezmoi, you can install chezmoi and your dotfiles on a new, empty machi
Reconstruct Open API Specifications from real-time workload traffic seamlessly
Reconstruct Open API Specifications from real-time workload traffic seamlessly: Capture all API traffic in an existing environment using a service-mes
The Single Sign-On Multi-Factor portal for web apps
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications
2FA (Two-Factor Authentication) application for CLI terminal with support to import/export andOTP files.
zauth zauth is a 2FA (Two-Factor Authentication) application for terminal written in Go. Features Supports both TOTP and HOTP codes. Add new entries d
A microservice gateway developed based on golang.With a variety of plug-ins which can be expanded by itself, plug and play. what's more,it can quickly help enterprises manage API services and improve the stability and security of API services.
Goku API gateway is a microservice gateway developed based on golang. It can achieve the purposes of high-performance HTTP API forwarding, multi tenant management, API access control, etc. it has a powerful custom plug-in system, which can be expanded by itself, and can quickly help enterprises manage API services and improve the stability and security of API services.
Scan Fastjson Use Golang Only
SuperFastjsonScan 该工具仅是Demo版,并不完善,给各位提供一个思路 参考工具:https://github.com/EmYiQing/XiuScan/ 该工具的核心是:不搭建JNDI Server或LDAP Server,也不用Dnslog平台,即可进行无回显Java反序列化漏洞
Super Java Vulnerability Scanner
XiuScan 不完善,正在开发中 介绍 一个纯Golang编写基于命令行的Java框架漏洞扫描工具 致力于参考xray打造一款高效方便的漏扫神器 计划支持Fastjson、Shiro、Struts2、Spring、WebLogic等框架 PS: 取名为XiuScan因为带我入安全的大哥是修君 特点
androidqf (Android Quick Forensics) helps quickly gathering forensic evidence from Android devices, in order to identify potential traces of compromise.
androidqf androidqf (Android Quick Forensics) is a portable tool to simplify the acquisition of relevant forensic data from Android devices. It is the
This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic again and send it to the target of your choice. Unlike most SSL stripping solutions this tool will negotiate ALPN and preserve the negotiated protocol all the way to the target.
ALPN Pass This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic a
Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.
Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.
🌀 Dismap - Asset discovery and identification tool
🌀 Dismap - Asset discovery and identification tool [English readme Click Me] Dismap 定位是一个资产发现和识别工具;其特色功能在于快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑
DorkScout - Golang tool to automate google dork scan against the entiere internet or specific targets
dorkscout dokrscout is a tool to automate the finding of vulnerable applications or secret files around the internet throught google searches, dorksco
GoPhish by default tips your hand to defenders and security solutions. T
GoPhish by default tips your hand to defenders and security solutions. The container here strips those indicators and makes other changes to hopefully evade detection during operations.
kubeaudit helps you audit your Kubernetes clusters against common security controls
kubeaudit helps you audit your Kubernetes clusters against common security controls
kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA
Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA Tests are configured with YAML files, making this tool easy to update as test specifications evolve.
GoKart - Go Security Static Analysis
GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code.
urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl.
a recon tool that allows searching on URLs that are exposed via shortener services
一个简易版本的Go依赖注入实现
di di是一个简易版本的Go依赖注入实现 di 安装 快速使用 函数 New RegisterBean RegisterNamedBean Provide ProvideWithBeanName GetBean Property UseValueStore Serve LoadAndServe 标
gosec - Golang Security Checker
Inspects source code for security problems by scanning the Go AST.
password manager using age for encryption
page ====== password manager using age (https://age-encryption.org/) for encryption. encrypted secrets are files in the $PAGE_SECRETS/ directory that
a Go code to detect leaks in JS files via regex patterns
a Go code to detect leaks in JS files via regex patterns
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Ligolo-ng : Tunneling like a VPN An advanced, yet simple, tunneling tool that uses a TUN interface. by TNP IT Security Table of Contents Introduction
🔭 Kubernetes out-cluster vulnerability scanner
Kubnerable Kubnerable is an out-cluster vulnerability scanner tool for Kubernetes resources. It comes with a predefined vulnerability database (vulner