awesome-go-security

A dedicated place for cool golang security projects, frameworks, libraries, and software.

Pulled from collections such as awesome-go and awesome-golang-security

Auth

• saml2aws - CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP
• A Guide on implementing Role-Based Access Control (RBAC) Authorization in Go

Encryption

• bencrypt - Encryption Abstraction Layer and Utilities.
• holeysocks - Cross-Platform Reverse Socks Proxy in Go.
• gokrb5 - Pure Go Kerberos library for clients and services.
• go-tunnel - TLS/SSL Tunnel - A modern STunnel replacement written in golang.
• memguard - A pure Go library for handling sensitive values in memory.
• nacl - Go implementation of the NaCL set of API's.
• passlib - Futureproof password hashing library.
• saltpack - Modern crypto messaging format.
• simple-scrypt - Scrypt package with a simple, obvious API and automatic cost calibration built-in.
• sio - Go implementation of the Data At Rest Encryption (DARE) format.
• hashid - Given a string determine the possible hashing algorithms used to produce that string.
• crunchy - Finds common flaws in passwords. Like cracklib.
• go-peer - A software library for creating secure and anonymous decentralized systems.

Packers / Obfuscators

• Amber - Amber is a reflective PE packer for bypassing security products and mitigations.
• gscript - Framework to rapidly implement custom droppers for all three major operating systems.
• gobfuscate - Obfuscate Go binaries and packages.
• goupx - Fix golang compiled binaries on x86_64 so that they can be packed with UPX.
• stegify - Go tool for LSB steganography, capable of hiding any file within an image.
• obfs4 - Yawning Angel courtesy mirror of the obfourscator.
• strobfus - String obfuscation.

Private Key Infrastructure

• acmetool - ACME (Let's Encrypt) client tool with automatic renewal.
• certigo - A utility to examine and validate certificates in a variety of formats.
• CloudFlare SSL - CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates.

SSH

• ssh-vault - encrypt/decrypt using ssh keys.
• pam-ussh - uber's ssh certificate pam module.

File Transfer

• dnd - A web based drag and drop file transfer tool for sending files across the internet.
• grab - Go package for managing file downloads.
• onionbox - Send and recieve files through TOR.
• proxyd - proxyd proxies data between TCP, TLS, and unix sockets.

Recon

• goca - Goca Scanner https://goca.io.

Phishing

• evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication.
• gophish - Open-Source Phishing Toolkit.
• modlishka - Modlishka. Reverse Proxy. Phishing NG.
• phishery - An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector.

Command and Control

• chashell - Chashell is a Go reverse shell that communicates over DNS.
• chisel - Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH.
• GoAT - GoAT (Golang Advanced Trojan) is a trojan that uses Twitter as a C&C server.
• gobot2 - Second Version of The GoBot Botnet, But more advanced.
• goDoH - A DNS-over-HTTPS Command & Control Proof of Concept.
• goredshell - A cross platform tool for verifying credentials and executing single commands.
• hershell - Multiplatform reverse shell generator.
• hideNsneak - a CLI for ephemeral penetration testing.
• keyserver - Easily serve HTTP and DNS keys for proper payload protection.
• liberetto - Libretto is a Golang library to create Virtual Machines (VMs) on any cloud and Virtual Machine hosting platforms such as AWS, Azure, OpenStack, vSphere, or VirtualBox.
• merlin - Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
• shellz - shellz is a small utility to track and control your ssh, telnet, web and custom shells and tunnels.
• squidshell - A dynamic HTTP and DNS reverse proxy.
• ratnet - Ratnet is a prototype anonymity network for mesh routing and embedded scenarios.
• Venom - A Multi-hop Proxy for Penetration Testers Written in Go.
• holepunch-client - Totally self-contained SSH reverse tunnel written in Go.
• Platypus - A modern multiple reverse shell sessions manager written in go.
• GoMet - Multi-platform backdoor in Go. TCP forwarding, socks5, tunneling, shell, download, exec.

Web Framework Hardening

• beego-security-headers - Beego framework filter for easy security headers management.
• badactor - An in-memory application driven jailer written in Go.
• goth - Provides a simple, clean, and idiomatic way to use OAuth and OAuth2. Handles multiple providers out of the box.
• hsts - Go HTTP Strict Transport Security library.
• httpauth - HTTP Authentication middleware.
• jwt - Clean and easy to use implementation of JSON Web Tokens (JWT).
• jwt - Lightweight JSON Web Token (JWT) library.
• nosurf - CSRF protection middleware for Go.
• oauth2 - Successor of goauth2. Generic OAuth 2.0 package that comes with JWT, Google APIs, Compute Engine and App Engine support.
• osin - Golang OAuth2 server library.
• paseto - Platform-Agnostic Security Tokens implementation in GO (Golang).
• gorilla/csrf - Provides Cross-Site Request Forgery (CSRF) prevention middleware for Go web applications & services.
• gorilla/securecookie - Encodes and decodes authenticated and optionally encrypted cookie values for Go web applications.
• secure - Secure is an HTTP middleware for Go that facilitates most of your security needs for web applications.

OSINT

• removed commits finder - OSINT tool to find deleted commits from a GitHub repository.
• mosint - An automated e-mail OSINT tool written in Go.

Web Application Testing

• gobuster - Directory/file & DNS busting tool written in Go.
• ffuf - Fast web fuzzer written in Go & working with recursion functionality.
• gofuzz - Aims to reproduce wfuzz's functionality and versatility. Based on gobuster.
• recursebuster - Rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments.
• url2img - HTTP server with API for capturing screenshots of websites.
• madns - DNS server for pentesters.
• rescope - Parse scope definitions to Burp Suite / ZAP compatible formats for import.
• Wuzz - Interactive cli tool for HTTP inspection.

Network Scanners

• amass - In-depth DNS Enumeration and Network Mapping.
• bettercap - The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.
• furious - Golang IP/port scanner with SYN (stealth) scanning and device manufacturer identification.
• goddi - goddi (go dump domain info) dumps Active Directory domain information.
• nextnet - nextnet is a pivot point discovery tool written in Go.
• vulns - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go.
• xray - XRay is a tool for recon, mapping and OSINT gathering from public networks.
• subjack - Subdomain Takeover tool written in Go.
• flightsim - A utility to generate malicious network traffic and evaluate controls.
• Cameradar - An scanner with RTSP stream access tool that comes with its library.

Network Analysis

• netcap - The Netcap (NETwork CAPture) framework efficiently converts a stream of network packets into highly accessible type-safe structured data that represent specific protocols or custom abstractions.
• goshark - Package goshark use tshark to decode IP packet and create data struct to analyse packet.
• gosnmp - Native Go library for performing SNMP actions.
• gopassivedns - PassiveDNS in Go.
• nfp - Network Finger Printer.

Exploit Development

• binjection - Injects additional machine instructions into various binary formats.
• pwn - Pwntools for go!
• monkey - Monkey patching in Go.
• usercorn - Dynamic binary analysis via platform emulation.

Detection Engines

• aegis - A multiplatform debugger detection library.
• fleet - A flexible control server for osquery fleets
• go-yara - Go Bindings for YARA, the "pattern matching swiss knife for malware researchers (and everyone else)".
• honeytrap - Advanced Honeypot framework.
• malace - VirusTotal Wanna Be - Now with 100% more Hipster.
• sgt - Osquery Mangement Server.
• osquery-go - Go bindings for osquery.

Chat Bots

• marvin - IRC bot with Markov spew, answering machine, and mixed drink recipes.
• alfred - A Slack bot to add security info to messages containing URLs, hashes and IPs.
• go-chat-bot - IRC, Slack & Telegram bot written in Go.
• flottbot - A chatbot framework written in Go. All configurations are made in YAML.
• gohubsbot - A minimal bridge bot between Mozilla Hubs and the Matrix chat protocol.

System Information

• goinfo - get os information use golang.
• gopsutil - psutil for golang.

General Post Exploitation

• dlgs - Go cross-platform library for displaying dialogs and input boxes.
• goreddeath - Experimenting with destructive file attacks in Go.
• goredloot - A tool to collect secrets (keys and passwords) and stage (compress and encrypt) them for exfiltration.
• goredspy - Post exploitation desktop screensho / user monitoring tool.
• PandorasBox - Security tool to quickly audit Public Box files and folders.

Windows Specific

• amsi - Golang implementation of Microsoft Antimalware Scan Interface.
• go-acl - Go library for manipulating ACLs on Windows.
• go-execute-assembly - Allow a Go process to dynamically load .NET assemblies.
• go-ole - Go bindings for Windows COM using shared libraries instead of cgo.
• gosecretsdump - Fast hash dumper for NTDS.dit files.
• go-winio - This repository contains utilities for efficiently performing Win32 IO operations in Go.
• ldap - Basic LDAP v3 functionality for the GO programming language.
• winrm - Command-line tool and library for Windows remote command execution in Go.
• wmi - Package wmi provides a WQL interface to Windows WMI.
• taskmaster - Windows Task Scheduler Library for Go.
• gordp - Rdp client on pure GoLang.
• w32 - A wrapper of Windows APIs for Go.
• goWMIExec - Pash the Hash, execute a command on a target machine using WMI by providing an NTLM hash for the specified user.
• fibratus.io - A tool for the Windows kernel exploration and observability

MacOS Specific

• damage - A toolkit for creating and manipulating DMGs.
• racoon - loop through a munki manifest and install everything.

Linux Specific

• ftrace - Go library to trace Linux syscalls using the FTRACE kernel framework.
• netstat - Netstat implementation in Go.
• opensnitch - OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
• passwd - A Go parser for the /etc/passwd file.

Container Specific

• kube-auto-analyzer - Kubernetes Auto Analyzer.
• amicontained - Container introspection tool.

Data Parsing

• cacador - Indicator extractor of IOCs.

Static Code Analysis

• go-callvis - go-callvis is a development tool to help visualize call graph of a Go program using interactive view.
• go-diff - Diff, match and patch text in Go.
• gosec - Inspects source code for security problems by scanning the Go AST.
• golangci-lint - Concurrently run Go lint tools and normalise their output.

Assembly

• avo - Generate x86 Assembly with Go.
• c2goasm - C to Go Assembly.
• shellcode - Shellcode library as a Go package.