Go Security

Open-source Go projects categorized as Security

Top 23 Go Security Projects

  • GitHub repo Caddy

    Fast, multi-platform web server with automatic HTTPS

    Project mention: Supporting Let’s Encrypt, the nonprofit making HTTPS free for all | news.ycombinator.com | 2021-06-14

    first off, let me say, for me. I use Caddy (https://caddyserver.com/) and it just works. You start it, it gets a cert from letsencrypt and starts serving https. So it was (almost) zero work to serve with https.

    As for reasons to encrypt

    1. Prevents (I think) ISPs in the middle from injecting ads, spyware, phishing scams, etc on top of your site.

    2. Prevents 3rd parties from seeing what pages the user is accessing. Some people would prefer that other's can not read over their shoulder and see what they're reading.

    I know for me, I'm sensitive to that particular issue to the point that I don't really want to use Netflix, Amazon Prime, Spotify, etc. I really don't like the idea that they're building a profile of me based on what I watch and thinking they know who I am based on that.

    It could be as simple as I don't want it known if I'm reading liberal or conservative blogs.

    I'm sure others might have other reasons they don't want a 3rd party to know what specific pages they're reading.


    ps: I get there are other ways to track me but I'm fairly confident that I'm avoiding most of them via HTTPS, VPNs, Private browser windows, multiple profiles, 3rd party cookies off, ad blockers, etc....

  • GitHub repo hydra

    OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.

    Project mention: User account over Internet | reddit.com/r/linuxadmin | 2021-05-10

    If you just have some services/users at a remote location that you want to authenticate/authorize using your existing user directory, I’d recommend using OAuth2/OpenID Connect over https. This has the added benefit of enabling users to enroll multi-factor, federating with other identity providers (if you want), is more future proof (LDAP isn’t cloud native/friendly), and can be exposed to the Internet without the need of a VPN relatively safely. Another benefit is support for remote users and SaaS - for example, enabling users working from home to authenticate to SaaS applications using their directory login (without SSL/agent-VPNs or punching holes in firewall). Examples include: Okta(free tier permits 2000 monthly active users), Keycloak,Dex,ory.sh.

  • GitHub repo Lean and Mean Docker containers

    DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

    Project mention: Creating Production-Ready Containers - The Basics | dev.to | 2021-06-03

    There are many ways to slim a container, from basic security to fully automated open-source tools like DockerSlim. Full disclosure: I work for Slim.AI, a company founded on the DockerSlim open source project. Let's look at some of the common ways developers create production-ready container images today.

  • GitHub repo bettercap

    The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

    Project mention: Concerned about my local network security | reddit.com/r/hacking | 2021-05-29

    I believe he’s referring to this link. It’s a multi-tool that you could run to do some more in-depth recon on the network activity including running MiTM attacks on the other hosts.

  • GitHub repo Gravitational Teleport

    Certificate authority and access plane for SSH, Kubernetes, web applications, and databases

    Project mention: Ask HN: Who is hiring? (June 2021) | news.ycombinator.com | 2021-06-01
  • GitHub repo cilium

    eBPF-based Networking, Security, and Observability

    Project mention: Gopher Gold #20 - Wed Nov 18 2020 | dev.to | 2020-11-17

    cilium/cilium (Go): eBPF-based Networking, Security, and Observability

  • GitHub repo sops

    Simple and flexible tool for managing secrets

    Project mention: How to Handle Secrets on the Command Line | news.ycombinator.com | 2021-06-13

    Sidenote: I really like the cookie consent form on this site. It's unobtrusive, clear, opt-out by default and the highlighted and only button is "Continue to site". Bravo to https://www.clym.io/

    Nice article, covers the basics well. Credential files seem like simplest way to go and are secure enough for most local uses. For anything more involved a secrets manager is probably required. I've been using Linux for a long time and hadn't heard about `keyctl`, thanks for mentioning it. A more flexible solution might be https://github.com/mozilla/sops

  • GitHub repo trivy

    A Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CI

    Project mention: Keycloak on Distroless | dev.to | 2021-05-27

    The original and main purpose of this manipulation is to reduce the number of CVEs present in our image. We will be able to compare it using trivy again on our newly image.

  • GitHub repo authelia

    The Single Sign-On Multi-Factor portal for web apps

    Project mention: Self hosting apps behind reverse proxy | reddit.com/r/selfhosted | 2021-06-07

    Authelia is what you seek

  • GitHub repo gophish

    Open-Source Phishing Toolkit

    Project mention: Phishing testing? | reddit.com/r/k12sysadmin | 2021-06-09

    GoPhish is open source

  • GitHub repo Blackbox

    Safely store secrets in Git/Mercurial/Subversion

    Project mention: How do you provision app secrets? | reddit.com/r/sysadmin | 2021-04-21

    For Puppet i use blackbox

  • GitHub repo lego

    Let's Encrypt client and ACME library written in Go

    Project mention: Ask HN: Cheapest/ easiest way to host a static site | news.ycombinator.com | 2021-03-26
  • GitHub repo gosec

    Golang security checker

    Project mention: How to Handle Secrets on the Command Line | news.ycombinator.com | 2021-06-13

    I defer to using AWS SSM to retrieve secrets https://github.com/kaihendry/dotfiles/blob/master/bin/ssm

    But yeah, reading secrets of env or ps or the clipboard is a real issue, so I focus on making sure that doesn't leak.

    I've made terrible mistakes leading /proc accidentally in my Web app https://github.com/securego/gosec/issues/569

  • GitHub repo aquatone

    A Tool for Domain Flyovers

    Project mention: Which is better choice for taking screenshots on large networks Aquatone or eyewitness ? | reddit.com/r/netsec | 2021-02-04
  • GitHub repo chezmoi

    Manage your dotfiles across multiple diverse machines, securely.

    Project mention: Chezmoi: Manage your dotfiles across multiple diverse machines | news.ycombinator.com | 2021-05-30
  • GitHub repo crowdsec

    CrowdSec - an open-source massively multiplayer firewall able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global IP reputation database to protect the user network.

    Project mention: CrowdSec: an open-source, modernized & collaborative fail2ban | reddit.com/r/Information_Security | 2021-06-01
  • GitHub repo certificates

    🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

    Project mention: self signed certificates to secure ip of tomcat | reddit.com/r/devops | 2021-06-03

    Highly recommended: cfssl or step CA to cover the CA and certificate creation. Can't help on the Tomcat side though.

  • GitHub repo tfsec

    🔒🌍 Security scanner for your Terraform code

    Project mention: Terraforming in 2021 – new features, testing and compliance | dev.to | 2021-05-02

    Here again more than one tool exists to assist. We will highlight two of the most popular ones here: tfsec and checkov. Both provide a predefined set of checks that they use to inspect your code, allowing to explicitly open exceptions (if you really want to) by annotating your code with comments, and adjust the configuration to ignore some modules, for example.

  • GitHub repo sso

    sso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal services

    Project mention: Web proxy (Bastion ?) to access Website in "private" network. | reddit.com/r/selfhosted | 2021-05-20

    https://github.com/buzzfeed/sso - Google only

  • GitHub repo Cameradar

    Cameradar hacks its way into RTSP videosurveillance cameras

  • GitHub repo Rudder

    Privacy and Security focused Segment-alternative, in Golang and React

  • GitHub repo google-ctf

    Google CTF

    Project mention: Computer Science Major looking for white hat (preferred) hackers that have respect for women in the CS Industry. | reddit.com/r/computerscience | 2021-06-14

    Past year comps are also available to explore.

  • GitHub repo autocert

    [mirror] Go supplementary cryptography libraries

    Project mention: Minio Changes License to AGPL | news.ycombinator.com | 2021-04-23
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-06-14.


What are some of the best open-source Security projects in Go? This list will help you:

Project Stars
1 Caddy 33,642
2 hydra 11,050
3 Lean and Mean Docker containers 10,197
4 bettercap 9,942
5 Gravitational Teleport 9,577
6 cilium 8,508
7 sops 7,681
8 trivy 7,572
9 authelia 6,514
10 gophish 5,872
11 Blackbox 5,799
12 lego 4,651
13 gosec 4,369
14 aquatone 4,146
15 chezmoi 3,890
16 crowdsec 3,462
17 certificates 3,122
18 tfsec 2,820
19 sso 2,613
20 Cameradar 2,592
21 Rudder 2,526
22 google-ctf 2,207
23 autocert 2,192
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives