Go security-tools

Open-source Go projects categorized as security-tools | Edit details

Top 23 Go security-tool Projects

  • trivy

    Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets

    Project mention: Container scanners not scan software not added by package manager | news.ycombinator.com | 2022-05-10

    - Use trivy or grype with software installed without package manager (via tar) e.g. eclipse-temurin in the alpine version. The java executable gets unpacked into /opt but is not recognized.


  • gitleaks

    Scan git repos (or files) for secrets using regex and entropy 🔑

    Project mention: Using Secrets in Cloudflare Workers with GitHub Actions | dev.to | 2022-05-10

    This cookie value shouldn't be seen by others! It's tied to your account and should be handled carefully. Values like this leaking to the wild are the cause of countless security breaches that still occur regularly, and there are entire projects dedicated to finding them.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • vuls

    Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

    Project mention: Vuls: Agent-less vulnerability scanner for Linux, FreeBSD | news.ycombinator.com | 2022-05-03
  • gosec

    Golang security checker

    Project mention: gosec | reddit.com/r/devopspro | 2022-02-28
  • traitor

    :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

    Project mention: Exploiting | reddit.com/r/openSUSE | 2022-04-05

    How about traitor?

  • certificates

    🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

    Project mention: Rootless containers - security aspects | reddit.com/r/selfhosted | 2022-05-05

    Checkout smallstep's certificates systemd service file which has a lot of the systemd sandboxing features.

  • syzkaller

    syzkaller is an unsupervised coverage-guided kernel fuzzer

    Project mention: Audit of Linux kernel code | reddit.com/r/linuxquestions | 2021-12-14
  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • Modlishka

    Modlishka. Reverse Proxy.

    Project mention: Browser in the Browser (BITB) Attack | news.ycombinator.com | 2022-03-18

    I remember some big service many years ago (maybe yahoo?) had a “memorable image” or something that was associated with your username as some kind of anti phish metric. Of course nowadays that would be trivial to bypass with something like Modliskha or a different reverse proxy passing through the website content.


  • osmedeus

    A Workflow Engine for Offensive Security

  • terrascan

    Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

    Project mention: Top 200 Kubernetes Tools for DevOps Engineer Like You | dev.to | 2022-01-15

    TerraScan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. klum - Kubernetes Lazy User Manager Kyverno - Kubernetes Native Policy Management https://kyverno.io kiosk - kiosk office Multi-Tenancy Extension For Kubernetes - Secure Cluster Sharing & Self-Service Namespace Provisioning kube-bench - CIS Kubernetes Benchmark tool kube-hunter - Pentesting tool - Hunts for security weaknesses in Kubernetes clusters kube-who-can - Show who has RBAC permissions to perform actions on different resources in Kubernetes starboard - Kubernetes-native security toolkit Simulator - Kubernetes Security Training Platform - Focussing on security mitigation RBAC Lookup - Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster https://fairwinds.com Kubeaudit - kubeaudit helps you audit your Kubernetes clusters against common security controls Gangway - An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster Audit2rbac - Autogenerate RBAC policies based on Kubernetes audit logs Chartsec - Helm Chart security scanner kubestriker - Security Auditing tool Datree - CLI tool to prevent K8s misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies Krane - Kubernetes RBAC static Analysis & visualisation tool Flaco - The Falco Project - Cloud-Native runtime security Clair - Vulnerability Static Analysis for Containers Anchore Cli - Coomand Line Interface built on top of anchore engine to manage and inspect images, policies, subscriptions and registries Project Quay - Container image registry designed to boost the security of your repositories via vulnerability scanning and tight access control Kubescape - Tool to test if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CK®

  • Cameradar

    Cameradar hacks its way into RTSP videosurveillance cameras

    Project mention: Some information and advice about DDoS, from someone who was there during #opPayback | reddit.com/r/anonymous | 2022-02-27
  • sliver

    Adversary Emulation Framework

    Project mention: Sliver C2 Framework v1.5.11 released - as used by the Russian SVR - documented by NCSC, CISA, FBI and NSA in May 2021 | reddit.com/r/blueteamsec | 2022-04-18
  • cli

    🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc. (by smallstep)

    Project mention: If you’re not using SSH certificates you’re doing SSH wrong | news.ycombinator.com | 2022-03-24

    And they have an open issue for producing a chocolatey package: https://github.com/smallstep/cli/issues/365

  • gokart

    A static analysis tool for securing Go code

    Project mention: GitHub - praetorian-inc/gokart: A static analysis tool for securing Go code | reddit.com/r/devopsish | 2021-08-21
  • dockle

    Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

    Project mention: A beginner's question : am I doing things the right way ? | reddit.com/r/docker | 2021-09-17

    Check out dockle; https://github.com/goodwithtech/dockle

  • ksubdomain


  • jaeles

    The Swiss Army knife for automated Web Application Testing

    Project mention: Vulnerability scanners for a lot of domains | reddit.com/r/bugbounty | 2021-12-05

    Hey, check https://github.com/projectdiscovery/nuclei as @mr_coffee_robot suggested and check out https://github.com/jaeles-project/jaeles

  • Stowaway

    👻Stowaway -- Multi-hop Proxy Tool for pentesters

    Project mention: Stowaway -- Multi-hop Proxy Tool for pentesters | reddit.com/r/CKsTechNews | 2022-05-07
  • SecretScanner

    :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

    Project mention: ThreatMapper 1.3.0: Now with Secret Scanning, Runtime SBOMs, and More | dev.to | 2022-03-15

    In this release, we’ve integrated the open source project called SecretScanner into ThreatMapper so that now you can scan for both vulnerabilities and secrets in production, assess the risks associated across all potential issues, and then prioritize remediation accordingly.

  • kubesploit

    Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

    Project mention: 🔥🔥 A new version 0.1.3 released for Kubesploit: a post-exploitation framework for Kubernetes🔥🔥 | reddit.com/r/netsec | 2022-02-11
  • git-hound

    Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.

    Project mention: GitHound | reddit.com/r/devopspro | 2022-01-27
  • Whaler

    Program to reverse Docker images into Dockerfiles

    Project mention: Scanning Millions Of Publicly Exposed Docker Containers - Thousands Of Secrets Leaked | reddit.com/r/netsec | 2021-11-13

    3) Specific tooling. Tools like whaler will automate the process of pulling the Dockerfile contents out of an image file.

  • gotestwaf

    An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses

    Project mention: OWASP TOP 10 mapped to AWS Managed Rules | dev.to | 2022-04-20

    If you are searching for a solution to deploy, update, and stage your Web Application Firewalls while managing them centrally via AWS Firewall Manager take a look at the AWS Firewall Factory tool. AWS Firewall Factory is able to test your deployed firewall using GoTestWAF. GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC and many more. It was designed to evaluate web application security solutions, such as API security proxies, Web Application Firewalls, IPS, API gateways, etc.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-05-10.

Go security-tools related posts


What are some of the best open-source security-tool projects in Go? This list will help you:

Project Stars
1 trivy 11,784
2 gitleaks 9,686
3 vuls 9,242
4 gosec 6,052
5 traitor 5,159
6 certificates 4,310
7 syzkaller 4,122
8 Modlishka 3,892
9 osmedeus 3,825
10 terrascan 3,018
11 Cameradar 2,912
12 sliver 2,559
13 cli 2,473
14 gokart 1,975
15 dockle 1,891
16 ksubdomain 1,563
17 jaeles 1,517
18 Stowaway 1,352
19 SecretScanner 1,303
20 kubesploit 873
21 git-hound 828
22 Whaler 808
23 gotestwaf 723
Find remote jobs at our new job board 99remotejobs.com. There are 13 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives