Top 23 Go security-tool Projects

security-tools

• Add a project

1. trivy

   1 95 26,368 9.8 Go

   Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

   

   Project mention: Stop shipping insecure Dockerfiles: real devs don’t run as root | dev.to | 2025-05-03

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. gitleaks

   2 41 19,741 9.4 Go

   Find secrets with Gitleaks 🔑

   

   Project mention: Gitleaks – open-source Secret Scannng | news.ycombinator.com | 2025-04-05

4. trufflehog

   3 32 18,990 9.8 Go

   Find, verify, and analyze leaked credentials

   

   Project mention: Ask HN: What are you working on? (April 2025) | news.ycombinator.com | 2025-04-27

   Will monitor your progress

   Also be interesting to see what trufflehog finds (should be false positive)

   https://github.com/trufflesecurity/trufflehog

5. SafeLine

   4 184 16,304 9.3 Go

   SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

   

   Project mention: What Is a WAF and Why Do You Need One? (Beginner-Friendly Guide) | dev.to | 2025-04-30

   👉 See the Live Demo 👉 GitHub Project

6. vuls

   5 3 11,519 9.1 Go

   Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

   

7. sliver

   6 20 9,313 9.0 Go

   Adversary Emulation Framework

   

8. gosec

   7 22 8,199 9.0 Go

   Go security checker

   

   Project mention: Top 10 Code Security Tools | dev.to | 2024-10-30

   Source

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. osv-scanner

    8 11 7,377 9.8 Go

    Vulnerability scanner written in Go which uses the data provided by https://osv.dev

    

    Project mention: Google OSV-Scanner V2: Elevating Open Source Vulnerability Management | dev.to | 2025-03-24

    This improved scanning ensures no weak link in source manifests and lock files goes unnoticed, which is crucial for maintaining security in complex ecosystems. For developers looking to integrate these capabilities, they can visit the OSV-Scanner GitHub repository for more information.

11. certificates

    9 42 7,271 9.5 Go

    🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

    

    Project mention: Just want simple TLS for your .internal network? | news.ycombinator.com | 2024-10-17

    How does this compare with smallstep step-ca certificates?

    https://github.com/smallstep/certificates

12. traitor

    10 17 6,824 0.0 Go

    :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

    

13. scan4all

    11 1 5,667 6.8 Go

    Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

    

14. syzkaller

    12 7 5,654 9.9 Go

    syzkaller is an unsupervised coverage-guided kernel fuzzer

    

15. spicedb

    13 42 5,642 9.8 Go

    Open Source, Google Zanzibar-inspired database for scalably storing and querying fine-grained authorization data

    

    Project mention: Beware of the New Enemy Problem ⚠️ | dev.to | 2025-03-06

    Here's an example of how it works in SpiceDB - a database inspired by Google Zanzibar. A zookie is passed when making a permissions check request, and guarantees that the policy and individual relationships used to compute the answer will be at least as fresh as the Zookie presented requires.

16. osmedeus

    14 2 5,582 5.1 Go

    A Workflow Engine for Offensive Security

    

17. Modlishka

    15 11 4,963 6.0 Go

    Modlishka. Reverse Proxy.

    

18. terrascan

    16 24 4,923 4.8 Go

    Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

    

    Project mention: Terrascan: Detect Compliance and Security Violations Across Iac | news.ycombinator.com | 2025-01-23

19. Cameradar

    17 3 4,314 3.0 Go

    Cameradar hacks its way into RTSP videosurveillance cameras

    

20. cli

    18 9 3,859 9.4 Go

    🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc. (by smallstep)

    

    Project mention: Setting up a trusted, self-signed SSL/TLS certificate authority in Linux | news.ycombinator.com | 2025-02-17

    I previously used openssl-based scripts to generate certificates to use for local development or applications on a private network. I have since moved to using the step CLI [1].

    OpenSSL is powerful, but it's hard to figure out how to use correctly. Each command seems cryptic no matter how many times I use it.

    The step CLI is a lot simpler, even though it has a few quirks: generating PKCS1 formatted private keys instead of the newer PKCS7 format, making every leaf certificate eligible to be either a server certificate or a client certificate, and absurdly low default certificate expirations.

    1: https://github.com/smallstep/cli

21. SecretScanner

    19 7 3,189 7.2 Go

    :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

    

22. Stowaway

    20 33 3,008 6.5 Go

    👻Stowaway -- Multi-hop Proxy Tool for pentesters

    

23. dockle

    21 2 2,894 6.1 Go

    Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

    

24. ContainerSSH

    22 13 2,822 7.3 Go

    ContainerSSH: Launch containers on demand

    

    Project mention: Ask HN: How did you replace Teleport? | news.ycombinator.com | 2024-10-17

    If you need only SSH, then try ContainerSSH[1] - it's pretty simple to setup & integrate using OPA for authorization.

    [1]: https://github.com/ContainerSSH/ContainerSSH

25. ksubdomain

    23 1 2,289 0.0 Go

    无状态子域名爆破工具

    

26. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Go security-tools related posts

• Gitleaks – open-source Secret Scannng

  1 project | news.ycombinator.com | 5 Apr 2025

• Ask HN: Has anyone adopted or seen adoption of RFC8959 secret-token?

  1 project | news.ycombinator.com | 24 Mar 2025

• Google OSV-Scanner V2: Elevating Open Source Vulnerability Management

  1 project | dev.to | 24 Mar 2025

• Unlocking the Power of SARIF: The Backbone of Modern Static Analysis

  1 project | dev.to | 22 Mar 2025

• Terrascan: Detect Compliance and Security Violations Across Iac

  1 project | news.ycombinator.com | 23 Jan 2025

• Top 10 Code Security Tools

  1 project | dev.to | 30 Oct 2024

• Do not use secrets in environment variables and

  6 projects | news.ycombinator.com | 7 Oct 2024
• A note from our sponsor - InfluxDB
  www.influxdata.com | 12 May 2025

  InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →

Index

Sponsored

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

www.influxdata.com

Do not miss the trending Go projects with our weekly report!