/cybersecurity-golang-security

An ongoing collection of Go tools and frameworks, software, libraries, learning tutorials, frameworks, academic and practical resources.

MIT LicenseMIT

Golang Security

Welcome to the World of Golang:

An ongoing collection of Go language tools and frameworks, software, libraries, learning tutorials, frameworks, academic and practical resources. Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.

go

Table of Contents

Auth

  • saml2aws - CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP

Encryption

  • bencrypt - Encryption Abstraction Layer and Utilities.
  • holeysocks - Cross-Platform Reverse Socks Proxy in Go.
  • gokrb5 - Pure Go Kerberos library for clients and services.
  • go-tunnel - TLS/SSL Tunnel - A modern STunnel replacement written in golang.
  • memguard - A pure Go library for handling sensitive values in memory.
  • nacl - Go implementation of the NaCL set of API's.
  • passlib - Futureproof password hashing library.
  • saltpack - Modern crypto messaging format.
  • simple-scrypt - Scrypt package with a simple, obvious API and automatic cost calibration built-in.
  • sio - Go implementation of the Data At Rest Encryption (DARE) format.
  • hashid - Given a string determine the possible hashing algorithms used to produce that string.
  • crunchy - Finds common flaws in passwords. Like cracklib

Packers / Obfuscators

  • Amber - Amber is a reflective PE packer for bypassing security products and mitigations.
  • gscript - Framework to rapidly implement custom droppers for all three major operating systems
  • gobfuscate - Obfuscate Go binaries and packages
  • goupx - Fix golang compiled binaries on x86_64 so that they can be packed with UPX.
  • stegify - Go tool for LSB steganography, capable of hiding any file within an image.
  • obfs4 - Yawning Angel courtesy mirror of the obfourscator
  • strobfus - String obfuscation

Private Key Infrastructure

  • acmetool - ACME (Let's Encrypt) client tool with automatic renewal.
  • certigo - A utility to examine and validate certificates in a variety of formats
  • CloudFlare SSL - CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates.

SSH

  • ssh-vault - encrypt/decrypt using ssh keys.
  • pam-ussh - uber's ssh certificate pam module.

File Transfer

  • dnd - A web based drag and drop file transfer tool for sending files across the internet.
  • grab - Go package for managing file downloads.
  • onionbox - Send and recieve files through TOR
  • proxyd - proxyd proxies data between TCP, TLS, and unix sockets

Recon

Phishing

  • evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication.
  • gophish - Open-Source Phishing Toolkit
  • modlishka - Modlishka. Reverse Proxy. Phishing NG.
  • phishery - An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector

Command and Control

  • chashell - Chashell is a Go reverse shell that communicates over DNS.
  • chisel - Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH.
  • GoAT - GoAT (Golang Advanced Trojan) is a trojan that uses Twitter as a C&C server
  • gobot2 - Second Version of The GoBot Botnet, But more advanced.
  • goDoH - A DNS-over-HTTPS Command & Control Proof of Concept.
  • goredshell - A cross platform tool for verifying credentials and executing single commands
  • hershell - Multiplatform reverse shell generator.
  • hideNsneak - a CLI for ephemeral penetration testing
  • keyserver - Easily serve HTTP and DNS keys for proper payload protection.
  • liberetto - Libretto is a Golang library to create Virtual Machines (VMs) on any cloud and Virtual Machine hosting platforms such as AWS, Azure, OpenStack, vSphere, or VirtualBox.
  • merlin - Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
  • shellz - shellz is a small utility to track and control your ssh, telnet, web and custom shells and tunnels.
  • squidshell - A dynamic HTTP and DNS reverse proxy
  • ratnet - Ratnet is a prototype anonymity network for mesh routing and embedded scenarios.
  • Venom - A Multi-hop Proxy for Penetration Testers Written in Go
  • holepunch-client - Totally self-contained SSH reverse tunnel written in Go
  • Platypus - A modern multiple reverse shell sessions manager written in go
  • GoMet - Multi-platform backdoor in Go. TCP forwarding, socks5, tunneling, shell, download, exec

Web Framework Hardening

  • beego-security-headers - Beego framework filter for easy security headers management.
  • badactor - An in-memory application driven jailer written in Go.
  • goth - Provides a simple, clean, and idiomatic way to use OAuth and OAuth2. Handles multiple providers out of the box.
  • hsts - Go HTTP Strict Transport Security library
  • httpauth - HTTP Authentication middleware.
  • jwt - Clean and easy to use implementation of JSON Web Tokens (JWT).
  • jwt - Lightweight JSON Web Token (JWT) library.
  • nosurf - CSRF protection middleware for Go.
  • oauth2 - Successor of goauth2. Generic OAuth 2.0 package that comes with JWT, Google APIs, Compute Engine and App Engine support.
  • osin - Golang OAuth2 server library.
  • paseto - Platform-Agnostic Security Tokens implementation in GO (Golang)
  • gorilla/csrf - Provides Cross-Site Request Forgery (CSRF) prevention middleware for Go web applications & services.
  • gorilla/securecookie - Encodes and decodes authenticated and optionally encrypted cookie values for Go web applications.
  • secure - Secure is an HTTP middleware for Go that facilitates most of your security needs for web applications.

Web Application Testing

  • gobuster - Directory/file & DNS busting tool written in Go.
  • gofuzz - Aims to reproduce wfuzz's functionality and versatility. Based on gobuster.
  • recursebuster - Rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments
  • url2img - HTTP server with API for capturing screenshots of websites.
  • madns - DNS server for pentesters.
  • rescope - Parse scope definitions to Burp Suite / ZAP compatible formats for import
  • Wuzz - Interactive cli tool for HTTP inspection.

Network Scanners

  • amass - In-depth DNS Enumeration and Network Mapping
  • bettercap - The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.
  • furious - Golang IP/port scanner with SYN (stealth) scanning and device manufacturer identification
  • goddi - goddi (go dump domain info) dumps Active Directory domain information
  • nextnet - nextnet is a pivot point discovery tool written in Go.
  • vulns - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
  • xray - XRay is a tool for recon, mapping and OSINT gathering from public networks.
  • subjack - Subdomain Takeover tool written in Go
  • flightsim - A utility to generate malicious network traffic and evaluate controls
  • Cameradar - An scanner with RTSP stream access tool that comes with its library

Network Analysis

  • netcap - The Netcap (NETwork CAPture) framework efficiently converts a stream of network packets into highly accessible type-safe structured data that represent specific protocols or custom abstractions.
  • goshark - Package goshark use tshark to decode IP packet and create data struct to analyse packet.
  • gosnmp - Native Go library for performing SNMP actions.
  • gopassivedns - PassiveDNS in Go.
  • nfp - Network Finger Printer

Exploit Development

  • binjection - Injects additional machine instructions into various binary formats.
  • pwn - Pwntools for go!
  • monkey - Monkey patching in Go
  • usercorn - Dynamic binary analysis via platform emulation

Detection Engines

  • fleet - A flexible control server for osquery fleets
  • go-yara - Go Bindings for YARA, the "pattern matching swiss knife for malware researchers (and everyone else)".
  • honeytrap - Advanced Honeypot framework.
  • malace - VirusTotal Wanna Be - Now with 100% more Hipster
  • sgt - Osquery Mangement Server
  • osquery-go - Go bindings for osquery

Chat Bots

  • marvin - IRC bot with Markov spew, answering machine, and mixed drink recipes.
  • alfred - A Slack bot to add security info to messages containing URLs, hashes and IPs.
  • go-chat-bot - IRC, Slack & Telegram bot written in Go.
  • flottbot - A chatbot framework written in Go. All configurations are made in YAML.
  • gohubsbot - A minimal bridge bot between Mozilla Hubs and the Matrix chat protocol

System Information

General Post Exploitation

  • dlgs - Go cross-platform library for displaying dialogs and input boxes
  • goreddeath - Experimenting with destructive file attacks in Go.
  • goredloot - A tool to collect secrets (keys and passwords) and stage (compress and encrypt) them for exfiltration.
  • goredspy - Post exploitation desktop screensho / user monitoring tool
  • PandorasBox - Security tool to quickly audit Public Box files and folders.

Windows Specific

  • amsi - Golang implementation of Microsoft Antimalware Scan Interface
  • go-acl - Go library for manipulating ACLs on Windows.
  • go-execute-assembly - Allow a Go process to dynamically load .NET assemblies.
  • go-ole - Go bindings for Windows COM using shared libraries instead of cgo.
  • gosecretsdump - Fast hash dumper for NTDS.dit files
  • go-winio - This repository contains utilities for efficiently performing Win32 IO operations in Go.
  • ldap - Basic LDAP v3 functionality for the GO programming language.
  • winrm - Command-line tool and library for Windows remote command execution in Go.
  • wmi - Package wmi provides a WQL interface to Windows WMI.
  • taskmaster - Windows Task Scheduler Library for Go.
  • gordp - Rdp client on pure GoLang
  • w32 - A wrapper of Windows APIs for Go
  • goWMIExec - Pash the Hash, execute a command on a target machine using WMI by providing an NTLM hash for the specified user.

MacOS Specific

  • damage - A toolkit for creating and manipulating DMGs
  • racoon - loop through a munki manifest and install everything

Linux Specific

  • ftrace - Go library to trace Linux syscalls using the FTRACE kernel framework.
  • netstat - Netstat implementation in Go.
  • opensnitch - OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
  • passwd - A Go parser for the /etc/passwd file.

Container Specific

Data Parsing

  • cacador - Indicator extractor of IOCs

Static Code Analysis

  • go-callvis - go-callvis is a development tool to help visualize call graph of a Go program using interactive view.
  • go-diff - Diff, match and patch text in Go
  • gosec - Inspects source code for security problems by scanning the Go AST.
  • gometalinter - Concurrently run Go lint tools and normalise their output.

Assembly

  • avo - Generate x86 Assembly with Go
  • c2goasm - C to Go Assembly
  • shellcode - Shellcode library as a Go package

Contributing

Found an awesome project, package, article, or another type of resources related to golang Security? Submit a pull request! Just follow the guidelines. Thank you!

License

MIT License & cc license

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

To the extent possible under law, Paul Veillard has waived all copyright and related or neighboring rights to this work.