Go Security Resources

What is lakeFS lakeFS is an open source layer that delivers resilience and manageability to object-storage based data lakes. With lakeFS you can build

cosign Container Signing, Verification and Storage in an OCI registry. Cosign aims to make signatures invisible infrastructure. Info Cosign is develop

Database protection suite with field level encryption and intrusion detection. | Acra Engineering Examples | Documentation | Installation | Examples a

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Local PHP Security Checker The Local PHP Security Checker is a command line tool that checks if your PHP application depends on PHP packages with know

pinentry-touchid Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain. Macbook Pro devic

SPIRE (the SPIFFE Runtime Environment) is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms

hotdog-localstack-PoC PoC for running AWS services(kinesis, dynamodb, lambdas) locally with Localstack alias awslocal="aws --endpoint-url=http://local

godlp 一、简介 为了保障企业的数据安全和隐私安全，godlp 提供了一系列针对敏感数据的识别和处置方案， 其中包括敏感数据识别算法，数据脱敏处理方式，业务自定义的配置选项和海量数据处理能力。 godlp 能够应用多种隐私合规标准，对原始数据进行分级打标、判断敏感级别和实施相应的脱敏处理。 In

CVE-2021-3449 OpenSSL 1.1.1k DoS exploit Usage: go run . -host hostname:port This program implements a proof-of-concept exploit of CVE-2021-3449 affe

GolangBypassAV 研究利用golang来bypassAV 说明 免杀这块本来就不是web狗擅长的，而且作为一个web狗也没必要花太多时间来折腾这个，达到能用就行，不要追求全部免杀，能免杀目标就行。

Welcome to xray 👋 一款功能强大的安全评估工具 ✨ Demo 🏠 使用文档 ⬇️ 下载地址 注意：xray 不开源，直接下载构建的二进制文件即可，仓库内主要为社区贡献的 poc，每次 xray 发布将自动打包。 🚀 快速使用 在使用之前，请务必阅读并同意 License 文件中

A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting Family project Table of Contents Weapons Contribute Thanks to con

摧日：CuiRi 红队专用免杀木马生成工具 0x01 简介： ____ __ __ _____ ______ _____ / ___) ) ) ( ( (_ _) ( __ \ (_ _) / / ( (

[ARP Spoofing] [Usage] Commands: clear clear the screen cut 通过ARP欺骗切断局域网内某台主机的网络 exit exit the program help display help hosts 主机管理功能 loot 查看嗅探到的敏感信息

iOS Signer Service A self-hosted, cross-platform service to sign iOS apps using any CI as a builder Introduction There are many reasons to install app

Easy and Powerful TLS Automation The same library used by the Caddy Web Server Caddy's automagic TLS features—now for your own Go programs—in one powe

ppmap A simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the g

Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA Tests are configured with YAML files, making this tool easy to update as test specifications evolve.

pocassist是一个 Golang 编写的全新开源漏洞测试框架。 简单易用 只需要在前端编辑，即可生成poc对批量目标进行测试 单二进制文件，无依赖，也无需安装 性能优秀 支持高并发，通过使用 ants实例化协程池，复用 goroutine 多重内存复用，尽可能小的内存占用 规则体系 完全兼容x

What is Nebula? Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. It lets you seamlessly connect comp

在线体验 漏洞报告 Yarx 是什么 Yarx 来自于 x-r-a-y 的反向拼写，它能够根据 xray 的 yaml poc 规则全自动的生成一个满足规则要求的 Server，使用 xray 扫描该 Server 将会扫描出对应的漏洞。它的核心工作原理如下： 它的主要特性有: 支持 status、

Decker - Penetration Testing Orchestration Framework Purpose Decker is a penetration testing orchestration framework. It leverages HashiCorp Configura

log4shelldetect Scans a file or folder recursively for jar files that may be vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths in

Struts2Scanner 可快速检测struts2漏洞，也可以批量检测。还可以对已检测出漏洞的网站执行shell命令

Minify and Secure Docker containers (free and open source!) Don't change anything in your Docker container image and minify it by up to 30x making it

Lightweight static analysis for many languages. Find bugs and enforce code standards. Semgrep is a fast, open-source, static analysis tool that finds

Casbin News: still worry about how to write the correct Casbin policy? Casbin online editor is coming to help! Try it at: https://casbin.org/editor/ C

Kunpeng 简介 Kunpeng是一个Golang编写的开源POC检测框架，集成了包括数据库、中间件、web组件、cms等等的漏洞POC（查看已收录POC列表），可检测弱口令、SQL注入、XSS、RCE等漏洞类型，以动态链接库的形式提供调用，通过此项目可快速开发漏洞检测类的系统，比攻击者快一步发

Dent More Information If you want to learn more about the techniques utlized in this framework please take a look at this article. Description This fr

shhgit helps secure forward-thinking development, operations, and security teams by finding secrets across their code before it leads to a security br

age age is a simple, modern and secure file encryption tool, format, and library. It features small explicit keys, no config options, and UNIX-style c

/'___\ /'___\ /'___\ /\ \__/ /\ \__/ __ __ /\ \__/ \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\ \ \ \_/ \ \ \_/\ \ \_\ \ \ \

Traitor Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy! Traitor packages up a bunch of methods to e

sigstore signing CLI tool ⚠️ Not ready for use yet! sigstore CLI is a generic tool to sign blobs, tarballs etc and establish a trust root using the si

mesh-kridik Enhance your Kubernetes service mesh security !! mesh-kridik is an open-source security scanner that performs various security checks on a

go-dork The fastest dork scanner written in Go. There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yaho

SingularityCE Guidelines for Contributing Pull Request Template Project License Documentation Support Citation SingularityCE is the Community Edition

otp: One Time Password utilities Go / Golang Why One Time Passwords? One Time Passwords (OTPs) are an mechanism to improve security over passwords alo

Finder Of XSS, and Dal(달) is the Korean pronunciation of moon. What is DalFox 🌘 🦊 DalFox is a fast, powerful parameter analysis and XSS scanner, bas

Hyperfox Hyperfox is a security auditing tool that proxies and records HTTP and HTTPS traffic between two points. Installation You can install the lat

Tracee is a Runtime Security and forensics tool for Linux. It is using Linux eBPF technology to trace your system and applications at runtime, and analyze collected events to detect suspicious behavioral patterns.

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

🌀 Dismap - Asset discovery and identification tool [English readme Click Me] Dismap 定位是一个资产发现和识别工具；其特色功能在于快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑

How to Secure Anything Security engineering is the discipline of building secure systems. Its lessons are not just applicable to computer security. In

FastFinder - Incident Response - Fast suspicious file finder What is this project designed for? FastFinder is a lightweight tool made for threat hunti

📚 Documentation 💠 Configuration Hub 💬 Discourse (Forum) 💬 Gitter (Live chat) 💃 This is a community driven project, we need your feedback. TL;DR

Obfuscate Go code by wrapping the Go toolchain.

Sqreen's Application Security Management for Go After performance monitoring (APM), error and log monitoring it’s time to add a security component int

Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介 LadonGo一款开源内网渗透扫描器框架，使用它可轻松一键探测C段、B段、A段存活主机、指纹识别、端口扫描、密码爆破、远程执行、高危漏洞检测等。3.6版本包含2

Simple Go-based permission setter for containers running as non root users

Introduction Microsoft Application Inspector is a software source code characterization tool that helps identify coding features of first or third par

SourcePoint SourcePoint is a polymorphic C2 profile generator for Cobalt Strike C2s, written in Go. SourcePoint allows unique C2 profiles to be genera

Cameradar An RTSP stream access tool that comes with its library Cameradar allows you to Detect open RTSP hosts on any accessible target host Detect w