82 Go Security Libraries

A fast enumeration tool for publicly exposed Azure Storage blobs.

A fast enumeration tool for publicly exposed Azure Storage blobs.

Goblob 🫐 Goblob is a lightweight and fast enumeration tool designed to aid in the discovery of sensitive information exposed publicy in Azure blobs,

01

🌹 Subrose is an open-source, data privacy vault to store and manage PII in a fully compliant manner.

🌹 Subrose is an open-source, data privacy vault to store and manage PII in a fully compliant manner.

Open-source, data privacy vault to store and manage PII in a fully compliant manner. Website | Blog Docs Subrose is an open source, data privacy vault

02

Last Stop is more than just DLP. On top of our increased security visibility

Last Stop is more than just DLP. On top of our increased security visibility

Last Stop is more than just DLP. On top of our increased security visibility, we enable people to share prompts amongst each other as individuals or as an organization to increase speed to knowledge, building a platform for centralized usage.

03

Lightweight SSL/TLS reverse proxy with authorization(via Telegram and SSH) for self-hosted apps

Lightweight SSL/TLS reverse proxy with authorization(via Telegram and SSH) for self-hosted apps

Jauth Jauth is a lightweight SSL/TLS reverse proxy with authorization. Great for protect your self-hosted applications. Features Single binary executa

04

API Insights is an open-source tool that helps developers improve API quality and security.

API Insights is an open-source tool that helps developers improve API quality and security.

API Insights API Insights is a tool to enable organizations to manage versioned API specifications (Swagger 2.0/OpenAPI Spec 3.x) for services. It als

05

A tool to check the security settings of Github Organizations.

A tool to check the security settings of Github Organizations.

Github Analyzer Audits a GitHub organization for potential security issues. The tool is currently in pre-alpha stage and only supports limited functio

06

Interactive CLI for Laizy AI - Pass complex tasks to an AI so you can focus on more important work and improve your overall productivity.

Interactive CLI for Laizy AI - Pass complex tasks to an AI so you can focus on more important work and improve your overall productivity.

Laizy Shell An interactive shell environment with an enhanced AI assistant. All the power of laizy.dev in a handy commandline tool. Features Natural l

07

Cloud-native authorization for modern applications and APIs

Cloud-native authorization for modern applications and APIs

Topaz - cloud-native authorization for modern applications and APIs Topaz is an open-source authorization service providing fine-grained, real-time, p

08

Bruteforce WiFi-password with a 4-way handshake

Bruteforce WiFi-password with a 4-way handshake

cr4gg Crack WPA keys via recorded 4-Way Handshake. This version requires that the 4-Way Handshake is in an isolated pcap file, you can use Wireshark f

09

gup is a go replacement for `python3 -m http.server` with helpful features for security testing

gup is a go replacement for `python3 -m http.server` with helpful features for security testing

This is gup the guppy gup gup (go-up) is meant to be a go replacement for python3 -m http.server with features that I find useful when practicing on H

10

Network security visualization tool, showcasing live traffic between internal and external hosts in a real-time visualization.

Network security visualization tool, showcasing live traffic between internal and external hosts in a real-time visualization.

Riverside What is this tool meant to do? Riverside provides a web-based, dynamic network security visualization of real-time network flow data. Users

11

An open source web application firewall based on openresty, suitable for small and medium-sized enterprises.

什么是 Easywaf? Easywaf是开源的WEB应用防火墙,基于openresty开发,适用于中小型企业,可以保护WEB应用或API接口,阻断常见的web攻击。同时Easywaf提供友好的后台管控界面,支持IP、URL、Referer、User-Agent等HTTP常见字段的自定义访问规则。

12

Automating situational awareness for cloud penetration tests.

Automating situational awareness for cloud penetration tests.

🦊 CloudFox 🦊 CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s an open source command line tool created to help p

13

Web API for nuclei and subfinder will help you automate your entire security testing workflow since you can host it anywhere and make it accessible.

Web API for nuclei and subfinder will help you automate your entire security testing workflow since you can host it anywhere and make it accessible.

Nuclei And Subfinder API Web API for nuclei and subfinder will help you automate your entire security testing workflow since you can host it anywhere

14

Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.

Always Encrypted Kubernetes Constellation is a Kubernetes engine that aims to provide the best possible data security. It wraps your K8s cluster into

15

A collection of cloud security icons :cloud::lock:

A collection of cloud security icons :cloud::lock:

Cloud Security Icons These icons are published under the extremely permissive Creative Commons Zero v1.0 Universal license. Downloads We provide all i

16

Lightning powered distributed virtual private network with Bitcoin and Lightning integration.

Indra Lightning powered distributed virtual private network with Bitcoin and Lightning integration. About White Paper The ubiquitous use of encryption

17

ipmap - cross platform ip mapper

ipmap - cross platform ip mapper

ipmap ipmap is an open source, cross-platform and powerful network analysis tool. Installation Download the latest version from the release page. Extr

18

NoirGate provides on-demand ephemeral anonymous shells secured by TOTP

NoirGate provides on-demand ephemeral anonymous shells secured by TOTP

Noirgate ꩜ NoirGate provides on-demand ephemeral anonymous shells secured by TOTP. Try Me! - Text HOW to 1-337-561-1337 There are often times while co

19

Track Kubernetes CVEs by native GitHub notifications!

Track Kubernetes CVEs by native GitHub notifications!

Kubernetes-Sec-Alert - Track Kubernetes CVEs by native GitHub notifications! How it works Scheduled script every hour fetches the cves list from the O

20

A cloud security tool to search and clean up unused AWS access keys, written in Go.

A cloud security tool to search and clean up unused AWS access keys, written in Go.

Search and clean up unused AWS access keys A cloud security tool to search and clean up unused AWS access keys, written in Go. Features Find unused ac

21

simple Dos tool in python and go 😀

simple Dos tool in python and go 😀

😀 DOS TOOL 😀 ported to Go language from Python. The main difference from Python version layed in Golang architecture for concurrency: the goroutines

22

Lightning powered distributed virtual private network with Bitcoin and Lightning integration.

Indranet Lightning powered distributed virtual private network with Bitcoin and Lightning integration. About White Paper The ubiquitous use of encrypt

23

ZincSearch. A lightweight alternative to elasticsearch that requires minimal resources, written in Go.

ZincSearch. A lightweight alternative to elasticsearch that requires minimal resources, written in Go.

Zinc Search Engine Zinc is a search engine that does full text indexing. It is a lightweight alternative to Elasticsearch and runs using a fraction of

24

What is scan4all: integrated vscan, nuclei, ksubdomain, subfinder, etc., fully automated and intelligent

What is scan4all: integrated vscan, nuclei, ksubdomain, subfinder, etc., fully automated and intelligent

What is scan4all: integrated vscan, nuclei, ksubdomain, subfinder, etc., fully automated and intelligent

25

A tool for securing CI/CD workflows with version pinning.

A tool for securing CI/CD workflows with version pinning.

Ratchet Ratchet is a tool for improving the security of CI/CD workflows by automating the process of pinning and unpinning upstream versions. It's lik

26

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

📖 Documentation Chain-bench is an open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software

27

Open source compliance tool for development platforms.

Reposaur Reposaur is the open source compliance tool for development platforms. Audit, verify and report on your data and configurations easily with p

28

Kubernetes-native security toolkit

Kubernetes-native security toolkit

Kubernetes-native security toolkit. (Documentation) Introduction There are lots of security tools in the cloud native world, created by Aqua and by ot

29

Language-agnostic SLSA provenance generation for Github Actions

Generation of SLSA3+ provenance for native GitHub projects This repository contains tools for generating non-forgeable SLSA provenance on GitHub that

30

Crack java.util.Random when nextInt is used with a power of two.

"Power of Two" LCG Cracker This program can accurately predict the output of java.util.Random's nextInt(int bound) method, when bound is a power of tw

31

🐸 Scans your Git repository with JFrog Xray for security vulnerabilities. 🤖

🐸 Scans your Git repository with JFrog Xray for security vulnerabilities. 🤖

Frogbot Table of contents What is Frogbot? Scanning pull requests after they are opened Scanning repositories after pull requests are merged Installin

32

Secure images, for lazy people

Secure images, for lazy people

lazytrivy Note It's functional and not too ugly, but I'd stay away from the code till I've refactored it :-D lazytrivy is a wrapper for Trivy that all

33

A simple tool to audit your AWS infrastructure for misconfiguration or potential security issues.

A simple tool to audit your AWS infrastructure for misconfiguration or potential security issues.

YATAS Yet Another Testing & Auditing Solution The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won't check

34

Breaking Cloud Native Web APIs in their natural habitat.

Breaking Cloud Native Web APIs in their natural habitat.

cnfuzz - Cloud Native Web API Fuzzer "Breaking Cloud Native Web APIs in their natural habitat." Fuzzing web APIs in their fully converged Cloud Native

35

Threatest is a Go framework for end-to-end testing threat detection rules.

Threatest Threatest is a Go framework for testing threat detection end-to-end. Threatest allows you to detonate an attack technique, and verify that t

36

Practice your Go movements 🥋

Practice yourself, for heaven's sake, in little things; and thence proceed to greater. -- Epictetus (Discourses IV.i) Go katas Katas (形) are practiced

37

⛓ The security layer for the KYVE protocol.

The KYVE Chain v0.6.3 The chain nodes are the backbone of KYVE. The chain layer is a completely sovereign Proof of Stake blockchain build with Cosmos

38

A secure honeypot framework, extremely easy to configure by yaml 🚀

A secure honeypot framework, extremely easy to configure by yaml 🚀

Beelzebub A secure honeypot framework, extremely easy to configure by yaml 🚀 Examples: mariocandela/beelzebub-example Quick Start Using docker-compos

39

🧬 Generate secure by default cloud infrastructure configuration with Go and Terraform.

🧬 fusion Generate secure by default cloud infrastructure configuration with Go and Terraform. Install 📥 Install the fusion cli Go If you have Go set

40

Securely store environment variables and secrets in the cloud of your choice.

Envsec: Securely store environment variables in your cloud Envsec is a tool that securely stores environment variables in the cloud of your choice. En

41

Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration

hijagger - check package registries for hijackable packages This tool checks every maintainer from every package in the NPM and Python Pypi registry f

42

Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.

pretender Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing pretender is a tool dev

43

Proviesec Fuzz Scanner - dir/path web scanner

Proviesec Fuzz Scanner - dir/path web scanner

PSFuzz - ProvieSec Fuzz Scanner - Web path discovery Introduction ⭐ Star us on GitHub — it motivates a lot! ⭐ Web path discovery Discover with ProSecF

44

All-in-one Kubernetes access manager. User-level credentials, RBAC, SSO, audit logs.

Paralus Paralus is a free, open source tool that enables controlled, audited access to Kubernetes infrastructure for your users, user groups, and serv

45

Remote control agent and controller.

Viper Remote control software using gRPC and Go. Components Agent: Runs on the endpoint. Controller: The server that the agents connect to. Agent Mana

46

Shadowrange is a cyberragne for active cybersecurity trainings and exercises. Curzor is one of the basics parts of that range - a web app containing multuple security vulnerabilities.

Curzor Curzor is a basic vulnerable web application written in Golang, part of the Shadowspace cyber range. The application itself is intended for edu

47

gcis - executes security scan over all Docker images used in all CI files

gcis - executes security scan over all Docker images used in all CI files

gitlab-ci-image-scanner (gcis) Scrapes all GitLab gitlab-ci.yml files in all Groups where your API token has access to Identifies Docker images in use

48

A ligthweight container for distributed security policy evaluation.

A ligthweight container for distributed security policy evaluation.

Rönd Rönd is a ligthweight container that allows you to distribute security policy enforcing throughout your application. Rönd is based on OpenPolicy

49

Golang distributed Slowloris attack 🦥

Golang distributed Slowloris attack 🦥

slowloris - Golang distributed Slowloris attack How it works Read the article 🦷 How to protect from it TBD Installation Run go install github.com/its

50

A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar

OpenFGA A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is designed to m

51

Gomologin is Golang (Go) login manager working with RDBMS Databases

Gomologin is Golang (Go) login manager working with RDBMS Databases

What is Gomologin Gomologin is an easy to setup professional login manager for Go web applications. It helps you protect your application resources fr

52

A GitHub Action to audit all your organization's repositories using Reposaur.

Repo Audit A GitHub Action to audit all your organization's repositories using Reposaur. Features Automatically audit every repository in a GitHub Org

53

Traefik plugin to proxy requests to Snapt Nova for evaluation against the WAF.

Traefik plugin to proxy requests to Snapt Nova for evaluation against the WAF.

Traefik Nova Plugin Traefik plugin to proxy requests to Snapt Nova for evaluation against the WAF. Usage (Kubernetes) See examples/k8s for a full Kube

54

A tiny firewall for LND that allows (whitelist) or denies (blacklist) channels openings from a list of nodes.

LND whitelist A RPC daemon for LND that listens in the background and allows (whitelist) or denies (blacklist) incoming channels from a list of node p

55

Lock-free priority queue, using CAS to ensure concurrency security

lock_free_priority_queue Lock-free priority queue, using CAS to ensure concurrency security test func main() { q := lockfreepriorityqueue.NewLKQueue

56

Terraform provider for IBM Security Verify based on the new framework.

Terraform Provider Scaffolding (Terraform Plugin Framework) This template repository is built on the Terraform Plugin Framework. The template reposito

57

Evaluate the RBAC permissions of serviceaccounts, pods and nodes in Kubernetes clusters through policies written in Rego

Evaluate the RBAC permissions of serviceaccounts, pods and nodes in Kubernetes clusters through policies written in Rego

rbac-police Retrieve the RBAC permissions of serviceAccounts, pods and nodes in a Kubernetes cluster, and evaluate them using policies written in Rego

58

This is an app that helps you keep track of when you last contacted your friends. This time it comes with more security features and documentation.

This is an app that helps you keep track of when you last contacted your friends. This time it comes with more security features and documentation.

Live: https://guarded-wildwood-57389.herokuapp.com/ This assignment is for GoSchool module Go In Action 2. It is a continuation of earlier assignments

59

Use SQL to instantly query PAN-OS firewalls, security policies & more. Open source CLI. No DB required.

Use SQL to instantly query PAN-OS firewalls, security policies & more. Open source CLI. No DB required.

PAN-OS Plugin for Steampipe Use SQL to query firewalls, security policies and more from PAN-OS. Get started → Documentation: Table definitions & examp

60

Go implementation of Encrypted-Content-Encoding for HTTP (RFC 8188).

Encrypted-Content-Encoding for HTTP This a Go implementation of RFC 8188, specifically the draft published on June 2017. ECE for HTTP defines a way to

61

Go implementation of the Secure Remote Password (SRP) protocol.

Secure Remote Password Package srp is a Go implementation of Secure Remote Password protocol as defined by RFC 2945 and RFC 5054. SRP is an authentica

62

A Go library that provides PIV smart card interface for YubiKey security keys.

YubiKey A Golang library that provides PIV smart card interface for YubiKey security keys. Usage See yubikey_test.go, slot_test.go. Test # Test everyt

63

Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.

STUNNER Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers. TURN is a protocol mostly used in videoconferencing and audio chat

64

Implementing JWT Authentication in Golang REST APIs and securing it with Authentication Middleware.

Implementing JWT Authentication in Golang REST APIs and securing it with Authentication Middleware.

Implementing JWT Authentication in Golang In this article, we will learn about implementing JWT Authentication in Golang REST APIs and securing it wit

65

CetusGuard is a tool that allows to protect the Docker daemon socket by filtering the calls to its API endpoints.

CetusGuard CetusGuard is a tool that allows to protect the Docker daemon socket by filtering the calls to its API endpoints. Some highlights: It is wr

66

Linux Process Discovery. C Library, Go bindings, Runtime.

Xpid It's like nmap but for pids. 🤓 xpid [flags] -o [output] Investigate pid 123 and write the report to out.txt xpid 123 out.txt Find all pos

67

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

Open Source API Firewall API Firewall is a high-performance proxy with API request and response validation based on OpenAPI/Swagger schema. It is desi

68

Deepfence PacketStreamer is a high-performance remote packet capture and collection tool.

Deepfence PacketStreamer is a high-performance remote packet capture and collection tool.

PacketStreamer Deepfence PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence's ThreatStryker secur

69

A CLI tool that can be used to disrupt wireless connectivity in your area by jamming all the wireless devices connected to multiple access points.

sig-716i A CLI tool written in Go that can be used to disrupt wireless connectivity in the area accessible to your wireless interface. This tool scans

70

A turbo traffic generator pentesting tool to generate random traffic with random mac and ip addresses in addition to random sequence numbers to a particular ip and port.

A turbo traffic generator pentesting tool to generate random traffic with random mac and ip addresses in addition to random sequence numbers to a particular ip and port.

FREE Reverse Engineering Self-Study Course HERE turbo-attack A turbo traffic generator pentesting tool to generate random traffic with random mac and

71

Gopherscript is a secure and minimal scripting language written in Go.

Gopherscript is a secure and minimal scripting language written in Go.

Gopherscript Gopherscript is a secure scripting/configuration language written in Go. It features a fined-grain permission system and enforces a stron

72

Command line fuzzer and bruteforcer 🌪 wfuzz for command

 Command line fuzzer and bruteforcer 🌪 wfuzz for command

cfuzz The same thing as wfuzz but for command line fuzzing. This enables to fuzz any command line execution and filter results. Also a good friend for

73

Simwigo is a cross-platform tool, written in Go, to simplify the deployment of a web service.

Simwigo is a cross-platform tool, written in Go, to simplify the deployment of a web service.

Simwigo : a cross-platform tool, written in Go, to simplify the deployment of a web service. It is easy to use and user-friendly. It also implements f

74

Rest in peace(s) - HTTP/UDP load testing tool

RIP This is a HTTP load testing and UDP flood attack tool that run requests concurrently. Note: I am using this project as a Go learning project. Refa

75

The easiest way to access your cloud.

The easiest way to access your cloud.

Granted The easiest way to access your cloud. 🚀 Get Started What is Granted? Granted is a command line interface (CLI) application which simplifies a

76

A port scanner and service detection tool that uses 1000 goroutines at once to scan any hosts's ip or fqdn with the sole purpose of testing your own network to ensure there are no malicious services running.

A port scanner and service detection tool that uses 1000 goroutines at once to scan any hosts's ip or fqdn with the sole purpose of testing your own network to ensure there are no malicious services running.

A port scanner and service detection tool that uses 1000 goroutines at once to scan any hosts's ip or fqdn with the sole purpose of testing your own network to ensure there are no malicious services running.

77

Quickly set up a ready to use development environment integrated with a multi-account CI/CD pipeline following security and DevOps best practices

Quickly set up a ready to use development environment integrated with a multi-account CI/CD pipeline following security and DevOps best practices

DevSecOps Quick Start This artefact helps development teams to quickly set up a ready to use environment integrated with a multi-account CI/CD pipelin

78

A centralized keylogger application. Monitor and track the keystrokes of all your devices in real-time at one place.

Zanshin ⚠️ This project is work in progress. A centralized keylogger application. Monitor and track the keystrokes of all your devices in real-time at

79

Nmapservices - Most common ports with golang

Sample use package main import ( "fmt" "log" "github.com/jreisinger/nmapser

80

sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.

sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.

sgCheckup - Check your Security Groups for Unexpected Open Ports & Generate nmap Output sgCheckup is a tool to scan your AWS Security Groups for a com

81

password manager using age for encryption

page ====== password manager using age (https://age-encryption.org/) for encryption. encrypted secrets are files in the $PAGE_SECRETS/ directory that

82
1