Go Security-scanner Resources

depsdev CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security sig

AI-CodeWise 🦉 AI-Powered Code Reviews for Best Practices & Security Issues Across Languages AI-CodeWise GitHub Action: Your AI-powered Code Reviewer!

🔎 scan the internet to find "private" proxies. 🧠 HTTP/SOCKS4/SOCKS5 Proxies. 📌 Installation: - sudo apt-get install git zmap golang

▄▄▄▄ ██▓ █████▒██▀███ ▒█████ ██████ ▄▄▄█████▓ ▓█████▄ ▓██▒▓██ ▒▓██ ▒ ██▒▒██▒ ██▒▒██ ▒ ▓ ██▒ ▓▒ ▒██▒ ▄██▒██▒▒████ ░▓██ ░▄█ ▒▒██░ ██▒░

Zinc Search Engine Zinc is a search engine that does full text indexing. It is a lightweight alternative to Elasticsearch and runs using a fraction of

Scan systems and docker images for potential spring4shell vulnerabilities. Will detect in-depth (layered archives jar/zip/tar/war and scans for vulnerable Spring4shell versions. Binaries for Windows, Linux and OsX, but can be build on each platform supported by supported Golang.

Substation Substation is a cloud native data pipeline toolkit. What is Substation? Substation is a modular ingest, transform, load (ITL) application f

Gopherscript Gopherscript is a secure scripting/configuration language written in Go. It features a fined-grain permission system and enforces a stron

Cloud Security Icons These icons are published under the extremely permissive Creative Commons Zero v1.0 Universal license. Downloads We provide all i

sig-716i A CLI tool written in Go that can be used to disrupt wireless connectivity in the area accessible to your wireless interface. This tool scans

Open Source API Firewall API Firewall is a high-performance proxy with API request and response validation based on OpenAPI/Swagger schema. It is desi

Dear Port80 About The Project: “Dear Port80” is a zero-config TCP proxy server that hides SSH connection behind a HTTP server! +---------------------

cnfuzz - Cloud Native Web API Fuzzer "Breaking Cloud Native Web APIs in their natural habitat." Fuzzing web APIs in their fully converged Cloud Native

The KYVE Chain v0.2.0 The chain nodes are the backbone of KYVE. The chain layer is a completely sovereign Proof of Stake blockchain build with Cosmos

What is Gologin Gologin is an easy to setup professional login manager for Go web applications. It helps you protect your application resources from u

CetusGuard CetusGuard is a tool that allows to protect the Docker daemon socket by filtering the calls to its API endpoints. Some highlights: It is wr

slowloris - Golang distributed Slowloris attack How it works Read the article 🦷 How to protect from it TBD Installation Run go install github.com/its

go-scan-spring Vulnerability scanner to find Spring4Shell (CVE-2022-22965) vulnerabilities For more information: https://www.fracturelabs.com/posts/ef

APKrash APKrash is an Android APK security analysis toolkit focused on comparing APKs to detect tampering and repackaging. Features Able to analyze pu

vault-operator The vault-operator provides several CRDs to interact securely and indirectly with secrets. Details Currently only stage 1 is implemente

Sample use package main import ( "fmt" "log" "github.com/jreisinger/nmapser

Godbolt CLI Godbolt console wrapper for easily execute local file without any security risk and compiler. Install Compile the source code and add to y

HTTPCustomHouse CLi tools helping to forge HTTP smuggling attack and others (httpcustomhouse) Analyze smuggled request without interacting with remote

GO/NET Scanner ScreenShots Install chmod +x install.sh ./install.sh [as root] U

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

Search running process for a given dll/function. Exposes a bufio.Scanner-like interface for walking a process' PEB

Crimson Prober v1 Alpha version of Asynchronous TCP scanner through SOCKS5 proxi

🍷 Dionisio Dionisio is a tool that can automate the search for exploits and vulnerabilities. Written in Go and open source, Dionisio has an advanced

Knockout-City-Stat-Scanner Credits This project is mostly a fancy wrapper around the Extract Table (github) API, they did all the heavy lifting here a

__ __/ \__ Gothyc A Minecraft port scanner written in Go. 🐹 / \__/ \__ \__/ \__/ \ Version 0.3.0 \__/ \__/ Author @toas

sbom-operator Catalogue all images of a Kubernetes cluster to multiple targets w

Hashkill ♻️ Changelog v0.2 Added timing Fixed running, the program breaks if all

go-dork The fastest dork scanner written in Go. There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yaho

Stratus Red team Stratus Red Team is "Atomic Red Team™" for the cloud, allowing

Pwnkit-go This is a working exploit for the pwnkit vulnerability, CVE-2021-4034,

HackerNews Telegram bot - Golang version A Telegram bot that serves you with personalized HackerNews articles. You can self host it and make it filter

🦫 GoScan GoScan is a port-scanner made entirely in Go-lang. The purpose of the tool is to be fast, dynamic and simple so that a professional in the C

wholeaked is a file-sharing tool that allows you to find the responsible person in case of a leakage

Web-Security-Academy - Web Security Academy, developed in GO

shfz A scenario-based web application fuzzng tool that supports fuzz generation

go-basic-port-scanner Scanning of TCP ports only. Usage git clone https://git

Savoir Savoir is a tool to perform tasks during internal security assessment. Th

Velociraptor - Endpoint visibility and collection tool. Velociraptor is a tool for collecting host based state information using The Velociraptor Quer

Authentication Plugin for implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0, SAML Authentication

volana (moon in malagasy) { Use it ; 🌚(hide from); 🌞(detected by) } Shell comm

A terminal designed for anyone to use and designed for any platform. Which includes the basic features of any terminal and includes friendly commands to perform tools such as ping, traceroute, generate key pairs, encrypt/decrypt, router security actions, etc. All of the source code is done in Go.

Harbor Snyk Scanner Harbor Snyk Scanner is a scanner adaptor for Harbor to integrate scan results from Snyk. The project is currently work in progress

Openstack Invalid HTTPS Cert Scanner Scans all OpenStack API endpoints in a given catalog and warns about legacy HTTPS certificates that do not list t

OpenSCA-Cli 项目介绍 OpenSCA 用来扫描项目的第三方组件依赖及漏洞信息。 下载安装 从 releases 下载对应系统架构的可执行文件压缩包 或者下载源码编译(需要 go 1.11 及以上版本) git clone https://github.com/XmirrorSecurit

scout Scout is a standalone open source software solution for DIY video security. https://www.jonoton-innovation.com Features No monthly fees! Easy In

Hexa Policy Orchestrator Hexa is the open-source, standards-based policy orchestration software for multi-cloud and hybrid businesses. The Hexa projec

Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URL and Role. URLs and Roles are managed as YAML-based

QR Secrets QR secrets is a cryptographically secure mechanism to store secret data with the highest levels of security. Incorporating; AES256-GCM-HKDF

Tink A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. https:/

A take on supply chain security in Go List your dependencies capabilities and monitor if dependency updates require more capabilities. The Problem Rec

GoLite Project - Go Huskies! This is a project conducted and led in the course MPCS 51300 Compilers at the University of Chicago. In a group of two, w

Table of Contents DNS Monster Main features Installation Linux Container Build Manually Build Statically Windows FreeBSD and MacOS Architecture AIO In

garlicshare is an open source tool that lets you securely and anonymously share files on a hosted onion service using the Tor network.

go-scan-ports A quick and dirty concurrent Golang-based port scanner, this will scan ports 1 through 1024 Usage: Requires 1 command line argument of U

Certificate Bound Tokens using Security Token Exchange Server (STS) Sample demonstration of Certificate Bound Tokens acquired from a Security Token Ex

Go Blog Updates - Scanner This service scans go blog (go.dev) and publishes new posts to message broker (rabbitmq). It uses mongodb as a storage for a

log4jscanner A log4j vulnerability filesystem scanner and Go package for analyzing JAR files. Command line tool This project includes a scanner that w

Monero Copyright (c) 2014-2021 The Monero Project. Portions Copyright (c) 2012-2013 The Cryptonote developers. Table of Contents Development resources

A library for secure smart contract development. Build on a solid foundation of community-vetted code. Implementations of standards like ERC20 and ERC

Smart Contract Security Best Practices Visit the documentation site: https://consensys.github.io/smart-contract-best-practices/ Read the docs in Chine

vault-plugin-secrets-jenkins This is a backend plugin to be used with Hashicorp Vault. This plugin generates ephemeral Jenkins Users and API tokens. v

README.md murphysec 一款专注于软件供应链安全的开源工具，包含开源组件依赖分析、漏洞检测及漏洞修复等功能。 安装 macOS 使用Homebrew安装 // TODO Windows 使用scoop安装 scoop bucket add murphysec https://gith

Golang Network Port Scanner Simple command line tool to scan network ports. Command line tool was done as part of technical interview and as example f

A vulnerability scanner for container images and filesystems. Easily install the

Passhash passhash addresses the dismal state of password management in Go by offering easy-to-use APIs to manage credentials (e.g. password hashes) No

sakuraji_log4j This tool is used to discover and remedidate the Log4Shell vulnerability [CVE-2021-45105] by removing the 'JndiLookup.class' file from

tenancy A Go library for multitenancy in Postgres using Row Level Security (RLS). Usage Tenancy as a connection pool. By default, tenancy.Open() begin

Log4Shell Sentinel - A Smart CVE-2021-44228 Scanner Introduction While there have some excellent tools released to help organizations scan their envir

CVE-2021-44228 Log4J Vulnerability can be detected at runtime and attack paths can be visualized by ThreatMapper. Live demo of Log4J Vulnerability her

Log4j-scanner URL mode (fuzzing url with header, payload) go run . url -h Usage

English | Français | Español | Deutsch | Português | Türkçe | 中文 | русский Picocrypt is a very small (hence Pico), very simple, yet very secure encryp

k-amon-k - Yet another log4j scanner Quick-n-Dirty installation Assuming you hav

log4shell-looker a log4jshell vulnerability scanner for bug bounty (Written in G

Databunker Databunker is a network-based, self-hosted, GDPR compliant, secure vault for personal data or PII: https://databunker.org/ Project demo is

chasquid chasquid is an SMTP (email) server with a focus on simplicity, security, and ease of operation. It is designed mainly for individuals and sma

Stowaway English Stowaway是一个利用go语言编写、专为渗透测试工作者制作的多级代理工具 用户可使用此程序将外部流量通过多个节点代理至内网，突破内网访问限制，构造树状节点网络，并轻松实现管理功能 PS:谢谢大家的star，同时欢迎大家使用后提出问题&&Bug 😘 。 PPS:

A-simple-port-scanner Description: A basic port scanner which checks if a port is opened, closed, or filtered. This scanner can be improved in many wa

Bhojpur.NET Platform The Bhojpur.NET Platform automates the provisioning of ready-to-use Network, Security, and IT applications Learn more 👉 The Bhoj

Apple 'Wireless Accessory Configuration' (WAC) research Introduction This repository contains some research on how the WAC protocol works. I was mostl

ugly-duckling What It Is ugly-duckling is a very basic (and currently alpha-quality) vulnerability scanner built by the reasearch team at Detectify. I

Painless access control for cloud-native applications Cerbos helps you super-charge your authorization implementation by writing context-aware access

WebAuthn Library This library is meant to handle Web Authentication for Go apps that wish to implement a passwordless solution for users. While the sp

ipa-medit Ipa-medit is a memory search and patch tool for resigned ipa without jailbreaking. It supports iOS apps running on iPhone and Apple Silicon

Guardian Guardian is a data access management tool. It manages resources from various data providers along with the users’ access. Users required to r

sgCheckup - Check your Security Groups for Unexpected Open Ports & Generate nmap Output sgCheckup is a tool to scan your AWS Security Groups for a com

log4j-scanner A scanning tool to check if the system is vuln and report it to the log4j-collector which will display the data at the log4j-collector-f

backscanner Ever needed or wondered how to efficiently search for something in a log file, but starting at the end and going backward? Here's your sol

Snugger is a light weight but fast network recon scanner that is written from pure golang. with this scann you can ARP your network, port scan hosts and host lists, as well as scan for BSSId

LogMePwn A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability. With enough amo

Summary Yesterdy which is Decemeber 12, 2021. One of my friend send me a message on twitter that he want me to write a script that brute force list of

Dependencies Docker Go 1.17 MySQL 8.0.25 Bootstrap Run chmod +x start.sh if start.sh script does not have privileged to run Run ./start.sh --bootstrap

scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability CVE-2021-4

log4j-scanner Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS. Example Usage Usage .\log4j-scanner.exe Terminal is used to output resul

Catalyst Speed up your reactions Website - The Catalyst Handbook (Documentation) - Try online (user: bob, password: bob) Catalyst is an incident respo

Password manager Description CLI to store and retrieve passwords. The retrieved password will be stored on your clipboard! Usage 1.Start with Go go ru