Top 23 Go security-tool Projects
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secretsProject mention: Container scanners not scan software not added by package manager | news.ycombinator.com | 2022-05-10
- Use trivy or grype with software installed without package manager (via tar) e.g. eclipse-temurin in the alpine version. The java executable gets unpacked into /opt but is not recognized.
Scan git repos (or files) for secrets using regex and entropy 🔑Project mention: Using Secrets in Cloudflare Workers with GitHub Actions | dev.to | 2022-05-10
This cookie value shouldn't be seen by others! It's tied to your account and should be handled carefully. Values like this leaking to the wild are the cause of countless security breaches that still occur regularly, and there are entire projects dedicated to finding them.
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devicesProject mention: Vuls: Agent-less vulnerability scanner for Linux, FreeBSD | news.ycombinator.com | 2022-05-03
Golang security checkerProject mention: gosec | reddit.com/r/devopspro | 2022-02-28
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sockProject mention: Exploiting | reddit.com/r/openSUSE | 2022-04-05
How about traitor?
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.Project mention: Rootless containers - security aspects | reddit.com/r/selfhosted | 2022-05-05
Checkout smallstep's certificates systemd service file which has a lot of the systemd sandboxing features.
syzkaller is an unsupervised coverage-guided kernel fuzzerProject mention: Audit of Linux kernel code | reddit.com/r/linuxquestions | 2021-12-14
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
Modlishka. Reverse Proxy.Project mention: Browser in the Browser (BITB) Attack | news.ycombinator.com | 2022-03-18
I remember some big service many years ago (maybe yahoo?) had a “memorable image” or something that was associated with your username as some kind of anti phish metric. Of course nowadays that would be trivial to bypass with something like Modliskha or a different reverse proxy passing through the website content.
A Workflow Engine for Offensive Security
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.Project mention: Top 200 Kubernetes Tools for DevOps Engineer Like You | dev.to | 2022-01-15
TerraScan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. klum - Kubernetes Lazy User Manager Kyverno - Kubernetes Native Policy Management https://kyverno.io kiosk - kiosk office Multi-Tenancy Extension For Kubernetes - Secure Cluster Sharing & Self-Service Namespace Provisioning kube-bench - CIS Kubernetes Benchmark tool kube-hunter - Pentesting tool - Hunts for security weaknesses in Kubernetes clusters kube-who-can - Show who has RBAC permissions to perform actions on different resources in Kubernetes starboard - Kubernetes-native security toolkit Simulator - Kubernetes Security Training Platform - Focussing on security mitigation RBAC Lookup - Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster https://fairwinds.com Kubeaudit - kubeaudit helps you audit your Kubernetes clusters against common security controls Gangway - An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster Audit2rbac - Autogenerate RBAC policies based on Kubernetes audit logs Chartsec - Helm Chart security scanner kubestriker - Security Auditing tool Datree - CLI tool to prevent K8s misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies Krane - Kubernetes RBAC static Analysis & visualisation tool Flaco - The Falco Project - Cloud-Native runtime security Clair - Vulnerability Static Analysis for Containers Anchore Cli - Coomand Line Interface built on top of anchore engine to manage and inspect images, policies, subscriptions and registries Project Quay - Container image registry designed to boost the security of your repositories via vulnerability scanning and tight access control Kubescape - Tool to test if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CK®
Cameradar hacks its way into RTSP videosurveillance camerasProject mention: Some information and advice about DDoS, from someone who was there during #opPayback | reddit.com/r/anonymous | 2022-02-27
Adversary Emulation FrameworkProject mention: Sliver C2 Framework v1.5.11 released - as used by the Russian SVR - documented by NCSC, CISA, FBI and NSA in May 2021 | reddit.com/r/blueteamsec | 2022-04-18
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc. (by smallstep)
A static analysis tool for securing Go codeProject mention: GitHub - praetorian-inc/gokart: A static analysis tool for securing Go code | reddit.com/r/devopsish | 2021-08-21
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to startProject mention: A beginner's question : am I doing things the right way ? | reddit.com/r/docker | 2021-09-17
Check out dockle; https://github.com/goodwithtech/dockle
The Swiss Army knife for automated Web Application TestingProject mention: Vulnerability scanners for a lot of domains | reddit.com/r/bugbounty | 2021-12-05
Hey, check https://github.com/projectdiscovery/nuclei as @mr_coffee_robot suggested and check out https://github.com/jaeles-project/jaeles
👻Stowaway -- Multi-hop Proxy Tool for pentestersProject mention: Stowaway -- Multi-hop Proxy Tool for pentesters | reddit.com/r/CKsTechNews | 2022-05-07
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:Project mention: ThreatMapper 1.3.0: Now with Secret Scanning, Runtime SBOMs, and More | dev.to | 2022-03-15
In this release, we’ve integrated the open source project called SecretScanner into ThreatMapper so that now you can scan for both vulnerabilities and secrets in production, assess the risks associated across all potential issues, and then prioritize remediation accordingly.
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.Project mention: 🔥🔥 A new version 0.1.3 released for Kubesploit: a post-exploitation framework for Kubernetes🔥🔥 | reddit.com/r/netsec | 2022-02-11
Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.Project mention: GitHound | reddit.com/r/devopspro | 2022-01-27
Program to reverse Docker images into DockerfilesProject mention: Scanning Millions Of Publicly Exposed Docker Containers - Thousands Of Secrets Leaked | reddit.com/r/netsec | 2021-11-13
3) Specific tooling. Tools like whaler will automate the process of pulling the Dockerfile contents out of an image file.
An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypassesProject mention: OWASP TOP 10 mapped to AWS Managed Rules | dev.to | 2022-04-20
If you are searching for a solution to deploy, update, and stage your Web Application Firewalls while managing them centrally via AWS Firewall Manager take a look at the AWS Firewall Factory tool. AWS Firewall Factory is able to test your deployed firewall using GoTestWAF. GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC and many more. It was designed to evaluate web application security solutions, such as API security proxies, Web Application Firewalls, IPS, API gateways, etc.
Go security-tools related posts
Using Secrets in Cloudflare Workers with GitHub Actions
2 projects | dev.to | 10 May 2022
Image Scanning admission controllers
1 project | reddit.com/r/kubernetes | 4 May 2022
[P] Introducing FlowMeter for network packet analysis
2 projects | reddit.com/r/MachineLearning | 29 Apr 2022
Sliver C2 Framework v1.5.11 released - as used by the Russian SVR - documented by NCSC, CISA, FBI and NSA in May 2021
1 project | reddit.com/r/blueteamsec | 18 Apr 2022
GitHub secret finder
1 project | reddit.com/r/OSINT | 18 Apr 2022
Useful Tools and Programs for eBPF
1 project | reddit.com/r/eBPF | 29 Mar 2022
Useful Tools and Programs for eBPF(Extended Berkeley Packet Filter)
1 project | reddit.com/r/osdev | 29 Mar 2022
What are some of the best open-source security-tool projects in Go? This list will help you:
Are you hiring? Post a new remote job listing for free.