Go Security Resources

depsdev CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security sig

AI-CodeWise 🦉 AI-Powered Code Reviews for Best Practices & Security Issues Across Languages AI-CodeWise GitHub Action: Your AI-powered Code Reviewer!

▄▄▄▄ ██▓ █████▒██▀███ ▒█████ ██████ ▄▄▄█████▓ ▓█████▄ ▓██▒▓██ ▒▓██ ▒ ██▒▒██▒ ██▒▒██ ▒ ▓ ██▒ ▓▒ ▒██▒ ▄██▒██▒▒████ ░▓██ ░▄█ ▒▒██░ ██▒░

Zinc Search Engine Zinc is a search engine that does full text indexing. It is a lightweight alternative to Elasticsearch and runs using a fraction of

Substation Substation is a cloud native data pipeline toolkit. What is Substation? Substation is a modular ingest, transform, load (ITL) application f

Gopherscript Gopherscript is a secure scripting/configuration language written in Go. It features a fined-grain permission system and enforces a stron

Cloud Security Icons These icons are published under the extremely permissive Creative Commons Zero v1.0 Universal license. Downloads We provide all i

sig-716i A CLI tool written in Go that can be used to disrupt wireless connectivity in the area accessible to your wireless interface. This tool scans

Open Source API Firewall API Firewall is a high-performance proxy with API request and response validation based on OpenAPI/Swagger schema. It is desi

Dear Port80 About The Project: “Dear Port80” is a zero-config TCP proxy server that hides SSH connection behind a HTTP server! +---------------------

cnfuzz - Cloud Native Web API Fuzzer "Breaking Cloud Native Web APIs in their natural habitat." Fuzzing web APIs in their fully converged Cloud Native

The KYVE Chain v0.2.0 The chain nodes are the backbone of KYVE. The chain layer is a completely sovereign Proof of Stake blockchain build with Cosmos

What is Gologin Gologin is an easy to setup professional login manager for Go web applications. It helps you protect your application resources from u

CetusGuard CetusGuard is a tool that allows to protect the Docker daemon socket by filtering the calls to its API endpoints. Some highlights: It is wr

slowloris - Golang distributed Slowloris attack How it works Read the article 🦷 How to protect from it TBD Installation Run go install github.com/its

APKrash APKrash is an Android APK security analysis toolkit focused on comparing APKs to detect tampering and repackaging. Features Able to analyze pu

vault-operator The vault-operator provides several CRDs to interact securely and indirectly with secrets. Details Currently only stage 1 is implemente

Sample use package main import ( "fmt" "log" "github.com/jreisinger/nmapser

Godbolt CLI Godbolt console wrapper for easily execute local file without any security risk and compiler. Install Compile the source code and add to y

HTTPCustomHouse CLi tools helping to forge HTTP smuggling attack and others (httpcustomhouse) Analyze smuggled request without interacting with remote

GO/NET Scanner ScreenShots Install chmod +x install.sh ./install.sh [as root] U

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

🍷 Dionisio Dionisio is a tool that can automate the search for exploits and vulnerabilities. Written in Go and open source, Dionisio has an advanced

sbom-operator Catalogue all images of a Kubernetes cluster to multiple targets w

Hashkill ♻️ Changelog v0.2 Added timing Fixed running, the program breaks if all

Stratus Red team Stratus Red Team is "Atomic Red Team™" for the cloud, allowing

Pwnkit-go This is a working exploit for the pwnkit vulnerability, CVE-2021-4034,

HackerNews Telegram bot - Golang version A Telegram bot that serves you with personalized HackerNews articles. You can self host it and make it filter

wholeaked is a file-sharing tool that allows you to find the responsible person in case of a leakage

Web-Security-Academy - Web Security Academy, developed in GO

shfz A scenario-based web application fuzzng tool that supports fuzz generation

Savoir Savoir is a tool to perform tasks during internal security assessment. Th

Velociraptor - Endpoint visibility and collection tool. Velociraptor is a tool for collecting host based state information using The Velociraptor Quer

Authentication Plugin for implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0, SAML Authentication

volana (moon in malagasy) { Use it ; 🌚(hide from); 🌞(detected by) } Shell comm

A terminal designed for anyone to use and designed for any platform. Which includes the basic features of any terminal and includes friendly commands to perform tools such as ping, traceroute, generate key pairs, encrypt/decrypt, router security actions, etc. All of the source code is done in Go.

Harbor Snyk Scanner Harbor Snyk Scanner is a scanner adaptor for Harbor to integrate scan results from Snyk. The project is currently work in progress

OpenSCA-Cli 项目介绍 OpenSCA 用来扫描项目的第三方组件依赖及漏洞信息。 下载安装 从 releases 下载对应系统架构的可执行文件压缩包 或者下载源码编译(需要 go 1.11 及以上版本) git clone https://github.com/XmirrorSecurit

scout Scout is a standalone open source software solution for DIY video security. https://www.jonoton-innovation.com Features No monthly fees! Easy In

Hexa Policy Orchestrator Hexa is the open-source, standards-based policy orchestration software for multi-cloud and hybrid businesses. The Hexa projec

Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URL and Role. URLs and Roles are managed as YAML-based

QR Secrets QR secrets is a cryptographically secure mechanism to store secret data with the highest levels of security. Incorporating; AES256-GCM-HKDF

Tink A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. https:/

A take on supply chain security in Go List your dependencies capabilities and monitor if dependency updates require more capabilities. The Problem Rec

Table of Contents DNS Monster Main features Installation Linux Container Build Manually Build Statically Windows FreeBSD and MacOS Architecture AIO In

garlicshare is an open source tool that lets you securely and anonymously share files on a hosted onion service using the Tor network.

Certificate Bound Tokens using Security Token Exchange Server (STS) Sample demonstration of Certificate Bound Tokens acquired from a Security Token Ex

Monero Copyright (c) 2014-2021 The Monero Project. Portions Copyright (c) 2012-2013 The Cryptonote developers. Table of Contents Development resources

A library for secure smart contract development. Build on a solid foundation of community-vetted code. Implementations of standards like ERC20 and ERC

Smart Contract Security Best Practices Visit the documentation site: https://consensys.github.io/smart-contract-best-practices/ Read the docs in Chine

vault-plugin-secrets-jenkins This is a backend plugin to be used with Hashicorp Vault. This plugin generates ephemeral Jenkins Users and API tokens. v

README.md murphysec 一款专注于软件供应链安全的开源工具，包含开源组件依赖分析、漏洞检测及漏洞修复等功能。 安装 macOS 使用Homebrew安装 // TODO Windows 使用scoop安装 scoop bucket add murphysec https://gith

Passhash passhash addresses the dismal state of password management in Go by offering easy-to-use APIs to manage credentials (e.g. password hashes) No

tenancy A Go library for multitenancy in Postgres using Row Level Security (RLS). Usage Tenancy as a connection pool. By default, tenancy.Open() begin

CVE-2021-44228 Log4J Vulnerability can be detected at runtime and attack paths can be visualized by ThreatMapper. Live demo of Log4J Vulnerability her

English | Français | Español | Deutsch | Português | Türkçe | 中文 | русский Picocrypt is a very small (hence Pico), very simple, yet very secure encryp

k-amon-k - Yet another log4j scanner Quick-n-Dirty installation Assuming you hav

Databunker Databunker is a network-based, self-hosted, GDPR compliant, secure vault for personal data or PII: https://databunker.org/ Project demo is

chasquid chasquid is an SMTP (email) server with a focus on simplicity, security, and ease of operation. It is designed mainly for individuals and sma

Stowaway English Stowaway是一个利用go语言编写、专为渗透测试工作者制作的多级代理工具 用户可使用此程序将外部流量通过多个节点代理至内网，突破内网访问限制，构造树状节点网络，并轻松实现管理功能 PS:谢谢大家的star，同时欢迎大家使用后提出问题&&Bug 😘 。 PPS:

Bhojpur.NET Platform The Bhojpur.NET Platform automates the provisioning of ready-to-use Network, Security, and IT applications Learn more 👉 The Bhoj

Apple 'Wireless Accessory Configuration' (WAC) research Introduction This repository contains some research on how the WAC protocol works. I was mostl

Painless access control for cloud-native applications Cerbos helps you super-charge your authorization implementation by writing context-aware access

WebAuthn Library This library is meant to handle Web Authentication for Go apps that wish to implement a passwordless solution for users. While the sp

ipa-medit Ipa-medit is a memory search and patch tool for resigned ipa without jailbreaking. It supports iOS apps running on iPhone and Apple Silicon

Guardian Guardian is a data access management tool. It manages resources from various data providers along with the users’ access. Users required to r

sgCheckup - Check your Security Groups for Unexpected Open Ports & Generate nmap Output sgCheckup is a tool to scan your AWS Security Groups for a com

Dependencies Docker Go 1.17 MySQL 8.0.25 Bootstrap Run chmod +x start.sh if start.sh script does not have privileged to run Run ./start.sh --bootstrap

Catalyst Speed up your reactions Website - The Catalyst Handbook (Documentation) - Try online (user: bob, password: bob) Catalyst is an incident respo

Password manager Description CLI to store and retrieve passwords. The retrieved password will be stored on your clipboard! Usage 1.Start with Go go ru

Simple local log4j vulnerability scanner (Written in Go because, you know, "write once, run anywhere.") This is a simple tool that can be used to find

starboard-exporter Exposes Prometheus metrics from Starboard's VulnerabilityReport custom resources (CRs). Metrics This exporter exposes two types of

GoSDDL (Security Descriptor Definition Language) Converter from SDDL-string to user-friendly JSON. SDDL consist of four part: Owner, Primary Group, DA

In-toto Go implementation Go implementation of the in-toto Python reference implementation. Docs To read the documentation along with some examples, r

Git Repository security checker This is a fast Go implementation to check Git repositories (local or remote) for some common security issues. It relie

Tang.go Tang.go pure-go library that implement server side of ECMR key exchange. It functionally similar to Tang project. The library also provides a

go-password-validator Simple password validator using raw entropy values. Hit the project with a star if you find it useful ⭐ Supported by Qvault This

beego-security-headers beego-security-headers is a beego framework filter which allows HTTP response security headers to be easily managed on applicat

HTTP Strict Transport Security (HSTS) http RoundTripper implementing HTTP Strict Transport Security (RFC 6797) with sites preloaded from Chromium usin

ChainJacking is a tool to find which of your Go lang direct GitHub dependencies is susceptible to ChainJacking attack. Read more about it here Require

Generate private key (.key) # Key considerations for algorithm "RSA" ≥ 2048-bit openssl genrsa -out server.key 2048 # Key considerations for algorith

Hacking with Go This is my attempt at filling the gap in Go security tooling. When starting to learn Go, I learned from a lot of tutorials but I could

PewSWITCH A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157. Related blog: https://0xinfection.github.io/p

CTFgo - CTF Platform written in Golang A golang CTF competition platform with high-performance, security and low hardware requirements. Live Demo • Di

Mobile Security Hash Generator Project scope This little script is my first experiment using Go. I wrote it for my friend @marcotrumpet because he nee

extrude Analyse binaries for missing security features, information disclosure and more. 🚧 Extrude is in the early stages of development, and current

Table of contents 1. About 2. Getting started 2.1. Requirements 2.2. Installation 3. Usage 3.1. CLI Usage 3.2. Using Docker 3.3. Older versions 3.4. U

How does it work? The main goal of this project is to provide a front-end for every huskyCI user to check the stats of the analyses done. If you don't

Anonymous API Auth Provider Inspired by: https://hackernoon.com/improve-the-security-of-api-keys-v5kp3wdu Architecture The basic idea is, to prevent u

Anonymus API Auth Provider Inspired by: https://hackernoon.com/improve-the-security-of-api-keys-v5kp3wdu Architecture The basic idea is, to prevent un

🤖 KICS GitHub Actions Demo This repository shows how KICS GitHub Action can be set and was fully inspired by the documentation on KICS GitHub Actions

A declarative Cloud firewall reverse proxy solution with inbuilt DDoS protection and alerting mechanism to protect your servers and keeping an eye on those malicious requests

Step Security Agent Purpose-built security agent for hosted runners To pilot it, add the following code to your GitHub Actions workflow file as the fi

A vulnerability scanner for container images and filesystems

Localtoast Localtoast is a scanner for running security-related configuration checks such as CIS benchmarks in an easily configurable manner. The scan

s3n is a golang library to validate and format swiss social security numbers (aka. AVS in french and AHV in german).

pswa - Protected Static Web App Introduction pswa is a simple web content/proxy server which is suitable for various static web apps. Features Availab

Allstar Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies. Its goal is to be able to continuousl

firedrill 🧯 Malware simulation harness. Build native binaries for Windows, Linux and Mac simulating malicious behaviours. Test the effectiveness of y

Pod Security Admission The Pod Security Standards are a set of best-practice profiles for running pods securely. This repository contains the codified