Go Security Resources

SourcePoint SourcePoint is a polymorphic C2 profile generator for Cobalt Strike C2s, written in Go. SourcePoint allows unique C2 profiles to be genera

Throttled Identity Protocol (TIP) is a decentralized key derivation protocol, which allows people to obtain a strong secret key through a very simple passphrase, e.g. a six-digit PIN.

cosign Container Signing, Verification and Storage in an OCI registry. Cosign aims to make signatures invisible infrastructure. Info Cosign is develop

🐸 Frog For Automatic Scan 🐶 Doge For Defense Evasion&Offensive Security Doge-sRDI Shellcode implementation of Reflective DLL Injection by Golang. Co

age age is a simple, modern and secure file encryption tool, format, and library. It features small explicit keys, no config options, and UNIX-style c

Vault Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please respo

Kunpeng 简介 Kunpeng是一个Golang编写的开源POC检测框架，集成了包括数据库、中间件、web组件、cms等等的漏洞POC（查看已收录POC列表），可检测弱口令、SQL注入、XSS、RCE等漏洞类型，以动态链接库的形式提供调用，通过此项目可快速开发漏洞检测类的系统，比攻击者快一步发

Obfuscate Go code by wrapping the Go toolchain.

SPIRE (the SPIFFE Runtime Environment) is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms

Let's Encrypt client and ACME library written in Go. Features ACME v2 RFC 8555 Register with CA Obtain certificates, both from scratch or with an exis

What is Nebula? Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. It lets you seamlessly connect comp

CRLFuzz A fast tool to scan CRLF vulnerability written in Go Resources Installation from Binary from Source from GitHub Usage Basic Usage Flags Target

goblin 钓鱼演练工具 [English Readme Click Me] goblin 是一款适用于红蓝对抗的钓鱼演练工具。通过反向代理，可以在不影响用户操作的情况下无感知的获取用户的信息，或者诱导用户操作。也可以通过使用代理方式达到隐藏服务端的目的。内置插件，通过简单的配置，快速调整网页内容

MemGuard Software enclave for storage of sensitive information in memory. This package attempts to reduce the likelihood of sensitive data being expos

Coraza Web Application Firewall, this project is a Golang port of ModSecurity with the goal to become the first enterprise-grade Open Source Web Application Firewall, flexible and powerful enough to serve as the baseline for many projects.

go-foxpro-dbf Golang package for reading FoxPro DBF/FPT files. This package provides a reader for reading FoxPro database files. At this moment it is

Traitor Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy! Traitor packages up a bunch of methods to e

Lightweight static analysis for many languages. Find bugs and enforce code standards. Semgrep is a fast, open-source, static analysis tool that finds

Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well.

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。 支持主机存活探测、端口扫描、常见服务的爆破、ms17010、redis批量写公钥、计划任务反弹shell、读取win网卡信息、web指纹识别、web漏洞扫描等。

Gitrob: Putting the Open Source in OSINT Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github. Gitrob wil

extrude Analyse binaries for missing security features, information disclosure and more. 🚧 Extrude is in the early stages of development, and current

Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介 LadonGo一款开源内网渗透扫描器框架，使用它可轻松一键探测C段、B段、A段存活主机、指纹识别、端口扫描、密码爆破、远程执行、高危漏洞检测等。3.6版本包含2

Casbin News: still worry about how to write the correct Casbin policy? Casbin online editor is coming to help! Try it at: https://casbin.org/editor/ C

iOS Signer Service A self-hosted, cross-platform service to sign iOS apps using any CI as a builder Introduction There are many reasons to install app

Fibratus A modern tool for the Windows kernel exploration and observability Get Started » Docs • Filaments • Download • Discussions What is Fibratus?

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Minify and Secure Docker containers (free and open source!) Don't change anything in your Docker container image and minify it by up to 30x making it

Finder Of XSS, and Dal(달) is the Korean pronunciation of moon. What is DalFox 🌘 🦊 DalFox is a fast, powerful parameter analysis and XSS scanner, bas

Welcome to xray 👋 一款功能强大的安全评估工具 ✨ Demo 🏠 使用文档 ⬇️ 下载地址 注意：xray 不开源，直接下载构建的二进制文件即可，仓库内主要为社区贡献的 poc，每次 xray 发布将自动打包。 🚀 快速使用 在使用之前，请务必阅读并同意 License 文件中

Local PHP Security Checker The Local PHP Security Checker is a command line tool that checks if your PHP application depends on PHP packages with know

SingularityCE Guidelines for Contributing Pull Request Template Project License Documentation Support Citation SingularityCE is the Community Edition

Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA Tests are configured with YAML files, making this tool easy to update as test specifications evolve.

摧日：CuiRi 红队专用免杀木马生成工具 0x01 简介： ____ __ __ _____ ______ _____ / ___) ) ) ( ( (_ _) ( __ \ (_ _) / / ( (

Cameradar An RTSP stream access tool that comes with its library Cameradar allows you to Detect open RTSP hosts on any accessible target host Detect w

The Go Vulnerability Database golang.org/x/vulndb This repository is a prototype of the Go Vulnerability Database. Read the Draft Design. Neither the

scaninfo by 华东360安服团队 注意的点 漏洞扫描的时候有时候最后几个任务会卡住，是因为ftp爆破模块，这个fscan也一样目前没有好的解决办法，后续更新.先阶段可以-eq 21跳过ftp，或者control+c 主动停止不影响结果保存。 有时候扫外网的全端口会漏掉端口可以使用-n 指定

Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user. Drift

acmetool is an easy-to-use command line tool for automatically acquiring certificates from ACME servers (such as Let's Encrypt). Designed to flexibly

ShieldWall embraces the zero-trust principle and instruments your server firewall to block inbound connections from every IP on any port, by default.

这是什么 一个用go实现的iOS重签名模块，即市面上的iOS超级签名、蒲公英ios内测分发原理 使用本模块可以进行基本的IPA安装包重签名分发 实现功能：苹果开发者账号管理、IPA安装包管理 前提 1.生成ios.csr和ios.key文件 openssl genrsa -out

sns IIS shortname scanner written in Go Installation Make sure you've a recent version of the Go compiler installed on your system. Then just run: GO1

RunExploit Golang语言编写的json格式poc利用工具，目前支持多种格式poc 该工具为命令行工具，加载json格式数据，用于检测单个目标是否存在漏洞，并利用 程序目录结构： config.json RunExploit.exe config.json { "Exploit"

📚 Documentation 💠 Configuration Hub 💬 Discourse (Forum) 💬 Gitter (Live chat) 💃 This is a community driven project, we need your feedback. TL;DR

Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more... Coded with 💙 by edoardottt. Share on Twitter! P

EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptograp

Database protection suite with field level encryption and intrusion detection. | Acra Engineering Examples | Documentation | Installation | Examples a

TrojanSourceFinder TrojanSourceFinder helps developers detect "Trojan Source" vulnerability in source code. Trojan Source vulnerability allows an atta

curlNexec 👋 Certainly useful , mainly for fun, rougly inspired by 0x00 article Short story curlNexec enable us to execute a remote binary on a local

在线体验 漏洞报告 Yarx 是什么 Yarx 来自于 x-r-a-y 的反向拼写，它能够根据 xray 的 yaml poc 规则全自动的生成一个满足规则要求的 Server，使用 xray 扫描该 Server 将会扫描出对应的漏洞。它的核心工作原理如下： 它的主要特性有: 支持 status、

shhgit helps secure forward-thinking development, operations, and security teams by finding secrets across their code before it leads to a security br

Introduction Microsoft Application Inspector is a software source code characterization tool that helps identify coding features of first or third par