Go Security Resources

AI-CodeWise 🦉 AI-Powered Code Reviews for Best Practices & Security Issues Across Languages AI-CodeWise GitHub Action: Your AI-powered Code Reviewer!

depsdev CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security sig

Gomap Gomap is a package that contains several functions to make it easier to work with maps in Go. Installation go get github.com/dimasadyaksa/gomap

Coraza Web Application Firewall, this project is a Golang port of ModSecurity with the goal to become the first enterprise-grade Open Source Web Application Firewall, flexible and powerful enough to serve as the baseline for many projects.

Vuls: VULnerability Scanner Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go. We have a slack team. Join slack team Twitter: @vuls_e

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。 支持主机存活探测、端口扫描、常见服务的爆破、ms17010、redis批量写公钥、计划任务反弹shell、读取win网卡信息、web指纹识别、web漏洞扫描等。

cent Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place Inst

ppmap A simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the g

Lightweight static analysis for many languages. Find bugs and enforce code standards. Semgrep is a fast, open-source, static analysis tool that finds

Hyperfox Hyperfox is a security auditing tool that proxies and records HTTP and HTTPS traffic between two points. Installation You can install the lat

Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA Tests are configured with YAML files, making this tool easy to update as test specifications evolve.

Webseclab Webseclab contains a sample set of web security test cases and a toolkit to construct new ones. It can be used for testing security scanners

otp: One Time Password utilities Go / Golang Why One Time Passwords? One Time Passwords (OTPs) are an mechanism to improve security over passwords alo

cosign Container Signing, Verification and Storage in an OCI registry. Cosign aims to make signatures invisible infrastructure. Info Cosign is develop

golang uuid-shellcode加载器,分离执行,可直接把shellcode写入程序。

iOS Signer Service A self-hosted, cross-platform service to sign iOS apps using any CI as a builder Introduction There are many reasons to install app

nmap This library aims at providing idiomatic nmap bindings for go developers, in order to make it easier to write security audit tools using golang.

Casbin News: still worry about how to write the correct Casbin policy? Casbin online editor is coming to help! Try it at: https://casbin.org/editor/ C

gldap gldap is a framework for building LDAP services. Among other things, it defines abstractions for: Server: supports both LDAP and LDAPS (TLS) pro

Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介 LadonGo一款开源内网渗透扫描器框架，使用它可轻松一键探测C段、B段、A段存活主机、指纹识别、端口扫描、密码爆破、远程执行、高危漏洞检测等。3.6版本包含2

fulcio - A New Kind of Root CA For Code Signing fulcio is a free Root-CA for code signing certs - issuing certificates based on an OIDC email address.

Optimus Optimus is an easy-to-use, reliable, and performant workflow orchestrator for data transformation, data modeling, pipelines, and data quality

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Easy and Powerful TLS Automation The same library used by the Caddy Web Server Caddy's automagic TLS features—now for your own Go programs—in one powe

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

go-password-validator Simple password validator using raw entropy values. Hit the project with a star if you find it useful ⭐ Supported by Qvault This

sns IIS shortname scanner written in Go Installation Make sure you've a recent version of the Go compiler installed on your system. Then just run: GO1

Log4Shell Check and exploit log4j2 vulnerability with single Go program. You don't need to install anything except develop it. It supports ldaps and h

Finder Of XSS, and Dal(달) is the Korean pronunciation of moon. What is DalFox 🌘 🦊 DalFox is a fast, powerful parameter analysis and XSS scanner, bas

Tracee is a Runtime Security and forensics tool for Linux. It is using Linux eBPF technology to trace your system and applications at runtime, and analyze collected events to detect suspicious behavioral patterns.

How to Secure Anything Security engineering is the discipline of building secure systems. Its lessons are not just applicable to computer security. In

A port scan and service weakpass brute tool build by golang.

/'___\ /'___\ /'___\ /\ \__/ /\ \__/ __ __ /\ \__/ \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\ \ \ \_/ \ \ \_/\ \ \_\ \ \ \

SingularityCE Guidelines for Contributing Pull Request Template Project License Documentation Support Citation SingularityCE is the Community Edition

Welcome to xray 👋 一款功能强大的安全评估工具 ✨ Demo 🏠 使用文档 ⬇️ 下载地址 注意：xray 不开源，直接下载构建的二进制文件即可，仓库内主要为社区贡献的 poc，每次 xray 发布将自动打包。 🚀 快速使用 在使用之前，请务必阅读并同意 License 文件中

📚 Documentation 💠 Configuration Hub 💬 Discourse (Forum) 💬 Gitter (Live chat) 💃 This is a community driven project, we need your feedback. TL;DR

在线体验 漏洞报告 Yarx 是什么 Yarx 来自于 x-r-a-y 的反向拼写，它能够根据 xray 的 yaml poc 规则全自动的生成一个满足规则要求的 Server，使用 xray 扫描该 Server 将会扫描出对应的漏洞。它的核心工作原理如下： 它的主要特性有: 支持 status、

wormhole-william-mobile This is a Magic Wormhole client for Android. (Perhaps someday this will also support iOS). Some current limitations: Receiving

Order TLS certificates using ACME TLS-ALPN-01

GoPhish by default tips your hand to defenders and security solutions. The container here strips those indicators and makes other changes to hopefully evade detection during operations.

goblin 钓鱼演练工具 [English Readme Click Me] goblin 是一款适用于红蓝对抗的钓鱼演练工具。通过反向代理，可以在不影响用户操作的情况下无感知的获取用户的信息，或者诱导用户操作。也可以通过使用代理方式达到隐藏服务端的目的。内置插件，通过简单的配置，快速调整网页内容

Unofficial, simple yet effective Google Cloud Trace CLI tool. Installation Homeb

Local PHP Security Checker The Local PHP Security Checker is a command line tool that checks if your PHP application depends on PHP packages with know

Cameradar An RTSP stream access tool that comes with its library Cameradar allows you to Detect open RTSP hosts on any accessible target host Detect w

goSecretBoxPassword This is a Golang library for securing passwords it is based on the Dropbox method for password storage. The both passphrases are f

A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting Family project Table of Contents Weapons Contribute Thanks to con

About The Project Shortlink App in Golang Multiple Node based Architecture to create and scale at ease Highly performant key-value storage system Cent

Secure Secure is an HTTP middleware for Go that facilitates some quick security wins. It's a standard net/http Handler, and can be used with many fram

🌀 Dismap - Asset discovery and identification tool [English readme Click Me] Dismap 定位是一个资产发现和识别工具；其特色功能在于快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑

curlNexec 👋 Certainly useful , mainly for fun, rougly inspired by 0x00 article Short story curlNexec enable us to execute a remote binary on a local

Inspects source code for security problems by scanning the Go AST.

Description ido (I do) executes your shell command provided as its input, but it may wait for you to confirm when there is some potential risky patter

Firewalld-rest A REST application to dynamically update firewalld rules on a linux server. Firewalld is a firewall management tool for Linux operating

Vault Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please respo