The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Go security-tool Projects
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
-
traitor
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
certificates
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
-
scan4all
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
-
terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
-
spicedb
Open Source, Google Zanzibar-inspired permissions database to enable fine-grained access control for customer applications
-
cli
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc. (by smallstep)
-
SecretScanner
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
-
dockle
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons | dev.to | 2024-04-16Trivy Owner/Maintainer: Aqua Security Age: First released on GitHub on May 7th, 2019 License: Apache License 2.0 backward-compatible with tfsec
install gitleaks in your machine gitleaks
Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03Trufflehog
Project mention: With VPN's such as Twin Gate and TailScale, why open ports to expose services to the internet? | /r/selfhosted | 2023-07-05IDK if you are too young to remember the fallout from Snowden, but the Kremlin threw out entire rooms computers and for a time used actual typewriters. Because those computers had, more or less, twingate connectors on them. That's a bit of a rich example, but you're essentially installing what sliver calls an implant, what meterpreter calls a payload, and what Cobalt Strike calls a beacon. It's cool if you want to, but there's no need when you can just open a port with the same technology a Fortune 50 does.
6. Gosec
Project mention: Traitor – Automatic Linux privesc via exploitation of low-hanging fruits | news.ycombinator.com | 2023-06-12
You can roll your own with https://github.com/smallstep/certificates. We maintain major open source projects and contribute a lot to other projects. I don’t think that means everything we do has to be open source. Sorry this one wasn’t. Doing this in pure open source would be a book, not a blog post.
Love Let’s Encrypt — we’re sponsors — but using them for WiFi is a terrible idea. You need internal PKI for WiFi.
Project mention: Automated Unit Test Improvement Using Large Language Models at Meta | news.ycombinator.com | 2024-02-17https://arxiv.org/abs/2402.09171 :
> This paper describes Meta's TestGen-LLM tool, which uses LLMs to automatically improve existing human-written tests. TestGen-LLM verifies that its generated test classes successfully clear a set of filters that assure measurable improvement over the original test suite, thereby eliminating problems due to LLM hallucination. [...] We believe this is the first report on industrial scale deployment of LLM-generated code backed by such assurances of code improvement.
Coverage-guided unit test improvement might [with LLMs] be efficient too.
https://github.com/topics/coverage-guided-fuzzing :
- e.g. Google/syzkaller is a coverage-guided syscall fuzzer: https://github.com/google/syzkaller
- Gitlab CI supports coverage-guided fuzzing: https://docs.gitlab.com/ee/user/application_security/coverag...
- oss-fuzz, osv
Additional ways to improve tests:
Hypothesis and pynguin generate tests from type annotations.
There are various tools to generate type annotations for Python code;
> pytype (Google) [1], PyAnnotate (Dropbox) [2], and MonkeyType (Instagram) [3] all do dynamic / runtime PEP-484 type annotation type inference [4] to generate type annotations. https://news.ycombinator.com/item?id=39139198
icontract-hypothesis generates tests from icontract DbC Design by Contract type, value, and invariance constraints specified as precondition and postcondition @decorators:
Project mention: A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons | dev.to | 2024-04-16Terrascan Owner/Maintainer: Tenable (acquired in 2022) Age: First release on GitHub on November 28th, 2017 License: Apache License 2.0
Project mention: How do you manage transactions in Go? Do we really need to use one transaction for each request? | /r/golang | 2023-06-02Have you taken a look at SpiceDB? The Authzed blog has a few posts that are useful to improving your understanding -- I can think of two: New Enemies and Writing relationships to SpiceDB.
You might want to try this tool https://github.com/Ullaakut/cameradar , as most of the webcams are based on RTSP( Real-Time Streaming Protocol ) protocol.
Project mention: Google will disable all but OAuth for IMAP, SMTP and POP starting Sept. 30 | news.ycombinator.com | 2024-01-18https://github.com/smallstep/cli implements some OAuth flows from the CLI, it may be helpful for you.
Project mention: Ask HN: Tell us about your project that's not done yet but you want feedback on | news.ycombinator.com | 2023-08-16- Build your own honeypot with ContainerSSH (DevConf CZ 2021) [4]
[1]: https://containerssh.io
There's also Picocrypt.
Go security-tools related posts
- SLSA up to v1.9.0 (latest) breaking GHA pipelines
- A tool for using AWS Identity Center for the CLI and web console
- I Analyzed StackOverflow for Secrets
- [Help Needed] Securing Customized Gitleaks and Backend Communication?
- With VPN's such as Twin Gate and TailScale, why open ports to expose services to the internet?
- Distributing ACME Let'sEncrypt certs for homelab
- Safety in Go
-
A note from our sponsor - WorkOS
workos.com | 24 Apr 2024
Index
What are some of the best open-source security-tool projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | trivy | 21,316 |
2 | gitleaks | 15,225 |
3 | trufflehog | 13,863 |
4 | vuls | 10,659 |
5 | sliver | 7,551 |
6 | gosec | 7,441 |
7 | traitor | 6,491 |
8 | certificates | 6,131 |
9 | osv-scanner | 5,825 |
10 | scan4all | 5,231 |
11 | syzkaller | 5,124 |
12 | osmedeus | 5,069 |
13 | Modlishka | 4,670 |
14 | terrascan | 4,494 |
15 | spicedb | 4,489 |
16 | Cameradar | 3,884 |
17 | cli | 3,478 |
18 | SecretScanner | 2,956 |
19 | dockle | 2,651 |
20 | ContainerSSH | 2,565 |
21 | Stowaway | 2,415 |
22 | Picocrypt | 2,248 |
23 | ksubdomain | 2,086 |
Sponsored