92 Resources
Golang tls-certificate Libraries
Cloud IP address ranges lookup tool + DNS subdomain enumeration + Certificate Transparency
Cloud edge Lookup an IP to find the cloud provider and other details based on the provider's published JSON data Cloud edge is a recon tool focused on
Fix Burp Suite's horrible TLS stack & spoof any browser fingerprint
Awesome TLS This extension hijacks Burp's HTTP and TLS stack to make it more powerful and less prone to fingerprinting by all kinds of WAFs. It does t
GO Simple Tunnel - a simple tunnel written in golang
GO Simple Tunnel GO语言实现的安全隧道 English README !!!V3版本已经可用,欢迎抢先体验!!! 特性 多端口监听 可设置转发代理,支持多级转发(代理链) 支持标准HTTP/HTTPS/HTTP2/SOCKS4(A)/SOCKS5代理协议 Web代理支持探测防御 支
A tool for capturing newly issued x.509 from Certificate Transparency logs & performing periodic revocation checking.
ct-logster This repository contains the tools for collecting newly issued x509 certificates from Certificate Transparency logs, as well as performing
Trusted Certificate Service for Kubernetes Platform
Trusted Certificate Service (TCS) is a Kubernetes (k8s) service to protect private keys using Intel's SGX technology including support for k8s CSR and cert-manager CR APIs. TCS also contains integration samples for Istio service mesh and Key Management Reference Application (KMRA).
A CLI tool to get Certificate Transparency logs of a domain name.
crt crt is a CLI tool to get Certificate Transparency logs of a domain name. It can also enumerate subdomains. Installation If you have Go installed:
Crypto-project - Personal project for learning TLS
crypto-project My personal attempt to implement this cipher suite using the Go l
step-ca is an online certificate authority for secure, automated certificate management.
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
Http-server - A HTTP server and can be accessed via TLS and non-TLS mode
Application server.go runs a HTTP/HTTPS server on the port 9090. It gives you 4
fido-ident: a cli tool for getting the attestation certificate from a fido token.
fido-ident fido-ident is a cli tool for getting the attestation certificate from a fido token. fido-ident will print the raw certificate and the human
A Kubernetes operator that allows for automatic provisioning and distribution of cert-manager certs across namespaces
cached-certificate-operator CachedCertificate Workflow When a CachedCertificate is created or updated the operator does the following: Check for a val
Laptop Booking Application in Golang and gRPC, load-balancing with NGINX, and fully compatible with HTTPS OpenAPI v3
Laptop Booking Application in Golang and gRPC Goals GitHub CI & Coverage Badge Serialize protobuf messages Create laptop unary gRPC Search laptop Serv
A layer of abstraction the around acme/autocert certificate manager (Golang)
Simple Secure Server Prerequisites: Your server must be reachable through the provided domain name, this is how LetsEncrypt verifies domain ownership
Cert bound sts server - Certificate Bound Tokens using Security Token Exchange Server (STS)
Certificate Bound Tokens using Security Token Exchange Server (STS) Sample demonstration of Certificate Bound Tokens acquired from a Security Token Ex
MTLS - Golang mTLS example,mTLS using TLS do both side authentication & authorization
mTLS Golang Example mTLS Golang Example 1. What is mutual TLS (mTLS)? 2. How doe
MTLS - Golang mTLS example,mTLS using TLS do both side authentication & authorization
mTLS Golang Example mTLS Golang Example 1. What is mutual TLS (mTLS)? 2. How doe
Order TLS certificates using ACME TLS-ALPN-01
Order TLS certificates using ACME TLS-ALPN-01
Tool to generate certificate images easily.
Arthur A program to generate certificates with the same appearance but with different data. Thanks to foggleman/gg rendering 2D graphics library as ma
A utility for the certificate trust list (CTL).
ctlutil A utility for the certificate trust list (CTL) Installation First install Go. If you just want to install the binary to your current directory
A Go package for creating temporary test certificates
testcerts A Go package for creating temporary x509 test certificates There are many Certificate generation tools out there, but most focus on being a
A Golang localhost TLS Server for testing Mutual Authentication (A.K.A Client-Side Authentication)
goMutualAuthServer goMutualAuthServer implements a localhost TLS server in Golang, which can be used to perform Mutual Authentication (A.K.A Client-Si
Acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)
acmetool is an easy-to-use command line tool for automatically acquiring certificates from ACME servers (such as Let's Encrypt). Designed to flexibly integrate into your webserver setup to enable automatic verification. Unlike the official Let's Encrypt client, this doesn't modify your web server configuration.
Monitors the expiry time of tls certificates and exports prometheus metrics
Certificate Monitor Monitors the expiry time of tls certificates and exports prometheus metrics. Target domains can be automatically discovered via in
Spoof TLS/JA3 fingerprints in GO and Javascript
Currently a WIP and under active development. See the Projects Tab for more info More documentation coming soon, Changelog provided as well For any fe
VPN client in a thin Docker container for multiple VPN providers, written in Go
VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
minimal implementation of secured encrypted tcp/ip connection without tls / ssl.
go-secure-transport Demo implementation of secured encrypted TCP connection without TLS / SSL. See ./example for server & client using the transport t
Simple Golang HTTPS/TLS Examples
Generate private key (.key) # Key considerations for algorithm "RSA" ≥ 2048-bit openssl genrsa -out server.key 2048 # Key considerations for algorith
A GREAT GUI Offline Tool for manipulating/seeking resolver list of repique and dnscrypt proxy.
Intro A GUI Offline Tool for decrypting and manipulating *.md files used by repique and dnscrypt proxy It's targeted for creating your own DoT, DoH an
EU Digital Covid Certificate utilities in Go [Create, Validate and Parse Green-Pass/EU-DCC]
go-dcc EU Digital Covid Certificate utilities in Go [Create, Validate and Parse Green-Pass/EU-DCC] Repo work in-progress CLI Usage: ######Create and S
Using Wireshark to decrypt TLS gRPC Client-Server protobuf messages
Using Wireshark to decrypt TLS gRPC Client-Server protobuf messages Sample client server in golang that demonstrates how to decode protobuf messages f
Watch and react to changes in Kubernetes TLS Secrets
cert-watch Watch and react to change in Kubernetes TLS Secrets. What is cert-watch? Kubernetes has introduced a number of different ways to keep certi
Transparent TLS and HTTP proxy serve and operate on all 65535 ports, with domain regex whitelist and rest api control
goshkan Transparent TLS and HTTP proxy serve & operating on all 65535 ports, with domain regex whitelist and rest api control tls and http on same por
Generate self-signed, trusted certificates for local development.
Development Certificates Generator devcert takes away the pain of creating self-signed certificates for development manually. Usage $ devcert my-proje
COVID-19 certificate parser/validator API
=covid-decoder= A simple REST API that parses COVID-19 certificates (provided in textual form) 🚀 Motivation There are plenty of Green Pass (COVID-19
Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user.
Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user. Drift
Caddy: an extensible server platform that uses TLS by default
a project Every site on HTTPS Caddy is an extensible server platform that uses TLS by default. Releases · Documentation · Get Help Menu Features Insta
go HTTP client that makes it plain simple to configure TLS, basic auth, retries on specific errors, keep-alive connections, logging, timeouts etc.
goat Goat, is an HTTP client built on top of a standard Go http package, that is extremely easy to configure; no googling required. The idea is simila
A COVID-19 Certificate Decoder based on @stapelberg's coronaqr library / CLI
corona-decoder This is a super simple CLI application that uses @stapelberg's coronaqr library / CLI to provide quickly some information about a COVID
Retrieve SSL certificate information
cert Retrieve SSL certificate information from provided hostname. Why I just simply want to retrieve a website's SSL certificate information in my ter
DNS/DoT to DoH proxy with load-balancing, fail-over and SSL certificate management
dns-proxy Configuration Variable Example Description TLS_DOMAIN my.duckdns.org Domain name without wildcards. Used to create wildcard certificate and
For whatever reason you want to transfer TLS certificates in kubernetes to Qiniu CDN
Qiniu Certificate Sync For whatever reason you want to transfer TLS certificates in kubernetes to Qiniu CDN This app will upload provided TLS secrets
Ephemeral One Time/Build-Time gRPC TLS PKI system.
PkiSauce Ephemeral Build Time TLS PKI saucing for your intra services GRPC (or not) communications. Description A simple attempt to avoid deploying co
Simple PKI for developers.
SimpleCA Have you ever been working with a technology and needed TLS certificates quickly? Perhaps you wanted to set up a PKI infrastructure for testi
node api for proxying requests with golang to spoof tls fingerprint
WIP NOT BUILT WONT WORK AS IS gotTLS A node websocket api version of https://github.com/Carcraftz/TLS-Fingerprint-API to spoof TLS fingerprint to prev
Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal
Easy and Powerful TLS Automation The same library used by the Caddy Web Server Caddy's automagic TLS features—now for your own Go programs—in one powe
Premier ACME client library for Go
acmez - ACME client library for Go ACMEz ("ack-measy" or "acme-zee", whichever you prefer) is a fully-compliant RFC 8555 (ACME) implementation in pure
CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻💻
CVE-2021-3449 OpenSSL 1.1.1k DoS exploit Usage: go run . -host hostname:port This program implements a proof-of-concept exploit of CVE-2021-3449 affe
High-performance, non-blocking, event-driven, easy-to-use networking framework written in Go, support tls/http1.x/websocket.
High-performance, non-blocking, event-driven, easy-to-use networking framework written in Go, support tls/http1.x/websocket.
check-cert: Go-based tooling to check/verify certs
check-cert: Go-based tooling to check/verify certs
This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic again and send it to the target of your choice. Unlike most SSL stripping solutions this tool will negotiate ALPN and preserve the negotiated protocol all the way to the target.
ALPN Pass This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic a
Discover expired TLS certificates in the services of a kubernetes cluster
About verify-k8s-certs is a daemon (prometheus exporter) to discover expired TLS certificates in a kubernetes cluster. It exposes the informations as
Fork of Go stdlib's net/http that works with alternative TLS libraries like refraction-networking/utls.
github.com/ooni/oohttp This repository contains a fork of Go's standard library net/http package including patches to allow using this HTTP code with
Golang implementation of the covid certificate QRCode decoder
Golang implementation of the covid certificates. At the moment it only includes DCC signed data decoding but I've planned to add a lot more of features related to certificates processing.
A server that proxies requests and uses fhttp & my fork of CycleTLS to modify your clienthello and prevent your requests from being fingerprinted.
TLS-Fingerprint-API A server that proxies requests and uses my fork of CycleTLS & fhttp (fork of net/http) to prevent your requests from being fingerp
This is a SSH CA that allows you to retrieve a signed SSH certificate by authenticating to Duo.
github-duo-ssh-ca Authenticate to GitHub Enterprise in a secure way by requiring users to go through a Duo flow to get a short-lived SSH certificate t
TLS/SSL Tunnel - A modern STunnel replacement written in golang
go-tunnel - Robust Quic/TLS Tunnel (Stunnel replacement) What is it? A supercharged Stunnel replacement written in golang. is in a sense a proxy enabl
proxyd proxies data between TCP, TLS, and unix sockets
proxyd proxyd proxies data between TCP, TLS, and unix sockets TLS termination: Connecting to a remote application's unix socket: +---------+
Go decoder for EU Digital COVID Certificate (EUDCC) QR code data
Go Corona QR Code Decoder This repository contains a decoder for EU Digital COVID Certificate (EUDCC) QR code data, written in Go. If you got vaccinat
gobetween - modern & minimalistic load balancer and reverse-proxy for the ☁️ Cloud era.
gobetween - modern & minimalistic load balancer and reverse-proxy for the ☁️ Cloud era. Current status: Maintenance mode, accepting PRs. Currently in
Mutual TLS encryption TCP proxy with golang
mtls-tcp-proxy Mutual Authentication TLS encryption TCP proxy with golang Why? I created this because of sometimes, it is not possible for us to estab
This library generate a new tlsconfig usable within go standard library configured with a self-signed certificate generated on the fly
sslcert This library generate a new tlsconfig usable within go standard library configured with a self-signed certificate generated on the fly. Exampl
Toy TLS certificate viewer
veilig Toy tls certificate viewer that I built because openssl s_client confuses me Source available at: https://github.com/noqqe/veilig/ Please repor
Tooling to validate HTTPS Certificates and Connections Around Web 🕷️
Cassler - SSL Validator Tool If your read fast, it's sounds like "Cassia Eller" Tooling to validate HTTPS Certificates and Connections Around Web 🕷️
httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
Features • Installation • Usage • Running httpx • Notes • Join Discord httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers us
Privacy important, fast, recursive dns resolver server with dnssec support
🚀 Privacy important, fast, recursive dns resolver server with dnssec support Installation go get github.com/semihalev/sdns Pre-build Binaries Downloa
Certificate authority and access plane for SSH, Kubernetes, web applications, and databases
Teleport is an identity-aware, multi-protocol access proxy which understands SSH, HTTPS, Kubernetes API, MySQL and PostgreSQL wire protocols.
A tiny command line DNS client with support for UDP, DoT, DoH, and DoQ.
q A tiny command line DNS client with support for UDP, DoT, DoH, and DoQ. Usage q command line DNS client (https://github.com/natesales/q) Usage: q
CFSSL: Cloudflare's PKI and TLS toolkit
CFSSL CloudFlare's PKI/TLS toolkit CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing,
Go HTTP tunnel is a reverse tunnel based on HTTP/2.
Go HTTP tunnel is a reverse tunnel based on HTTP/2. It enables you to share your localhost when you don't have a public IP.
mkcert is a simple tool for making locally-trusted development certificates
A simple zero-config tool to make locally trusted development certificates with any names you'd like.
uber's ssh certificate pam module
Uber's SSH certificate pam module. This is a pam module that will authenticate a user based on them having an ssh certificate in their ssh-agent signe
Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
Advertisement GOPROXY Introduction The GoProxy is a high-performance http proxy, https proxy, socks5 proxy, ss proxy, websocket proxies, tcp proxies,
Headless CMS with automatic JSON API. Featuring auto-HTTPS from Let's Encrypt, HTTP/2 Server Push, and flexible server framework written in Go.
Ponzu Watch the video introduction Ponzu is a powerful and efficient open-source HTTP server framework and CMS. It provides automatic, free, and secur
Simple and easy go web micro framework
DotWeb Simple and easy go web micro framework Important: Now need go1.9+ version support, and support go mod. Document: https://www.kancloud.cn/devfee
Network-wide ads & trackers blocking DNS server
Privacy protection center for you and your devices Free and open source, powerful network-wide ads & trackers blocking DNS server. AdGuard.com | Wiki
Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal
Easy and Powerful TLS Automation The same library used by the Caddy Web Server Caddy's automagic TLS features—now for your own Go programs—in one powe
A suite of gRPC debugging tools. Like Fiddler/Charles but for gRPC.
grpc-tools A suite of tools for gRPC debugging and development. Like Fiddler/Charles but for gRPC! The main tool is grpc-dump which transparently inte
🙌It 👐just 👌not ☝works
fuck-signal-tls-proxy Why Deliver something [3] not work at all is more rude than dirty word. In short, everything is designed to blend into the backg
Tiny-HTTPS protocol implementation (experiment purpose.)
thttps Basic TLS implementation in Go, written as a learning project. Most components are forked from Go version 1.7 tiny-HTTPS is not suitable for re
Go package to embed the Mozilla Included CA Certificate List
rootcerts Package rootcerts provides an embedded copy of the Mozilla Included CA Certificate List, more specifically the PEM of Root Certificates in M
Certificate monitoring utility for watching tls certificates and reporting the result as metrics.
cert-checker cert-checker is a certificate monitoring utility for watching tls certificates. These checks get exposed as Prometheus metrics to be view
Let's Encrypt client and ACME library written in Go
Let's Encrypt client and ACME library written in Go. Features ACME v2 RFC 8555 Register with CA Obtain certificates, both from scratch or with an exis
Package telnet provides TELNET and TELNETS client and server implementations, for the Go programming language, in a style similar to the "net/http" library that is part of the Go standard library, including support for "middleware"; TELNETS is secure TELNET, with the TELNET protocol over a secured TLS (or SSL) connection.
go-telnet Package telnet provides TELNET and TELNETS client and server implementations, for the Go programming language. The telnet package provides a
Reverse proxy with automatically obtains TLS certificates from Let's Encrypt
Русскоязычное описание ниже (Russian below). English description Home page: https://github.com/rekby/lets-proxy2 Features: http-01 and tls-alpn-01 val
Fast, multi-platform web server with automatic HTTPS
a project Every site on HTTPS Caddy is an extensible server platform that uses TLS by default. Releases · Documentation · Get Help Menu Features Insta
Let's Encrypt client and ACME library written in Go
Let's Encrypt client and ACME library written in Go. Features ACME v2 RFC 8555 Register with CA Obtain certificates, both from scratch or with an exis
An opinionated helper for generating tls certificates
Certificates helper This is an opinionated helper for generating tls certificates. It outputs only in PEM format but this enables you easily generate
:lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)
acmetool is an easy-to-use command line tool for automatically acquiring certificates from ACME servers (such as Let's Encrypt). Designed to flexibly
Golang package for send email. Support keep alive connection, TLS and SSL. Easy for bulk SMTP.
Go Simple Mail The best way to send emails in Go with SMTP Keep Alive and Timeout for Connect and Send. IMPORTANT Examples in this README are for v2.2
Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication.
❗ Cache package has been moved to libcache repository Go-Guardian Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to