Top 23 Go Security Projects
-
Caddy
Fast, multi-platform web server with automatic HTTPS
The solution: Meli, a self-hosted platform built on top of the well-known Caddy Server. Out of the box, you get automatic HTTPs, zero-downtime, and heavy-duty performance.
-
hydra
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.
Latest mention: Ory Hydra 1.9: Open-source Golang OAuth2 provider | reddit.com/r/patient_hackernews | 2021-01-13 -
Lean and Mean Docker containers
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
6) I stumbled across a tool docker-slim that can supposedly reduce a container's size by up to 30x.
-
Gravitational Teleport
Secure Access for Developers that doesn't get in the way.
Latest mention: Pomerium — open source identity-aware access proxy — now supports TCP | reddit.com/r/devops | 2021-01-22How doe this compare to e.g. Teleport?
-
bettercap
The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.
bettercap/bettercap (Go): The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.
-
cilium
eBPF-based Networking, Security, and Observability
cilium/cilium (Go): eBPF-based Networking, Security, and Observability
-
sops
Simple and flexible tool for managing secrets
I run a personal server with many different projects orchestrated using k8s. I commit encrypted secrets to git which are output from a tool called sops https://github.com/mozilla/sops
-
trivy
A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
-
Blackbox
Safely store secrets in Git/Mercurial/Subversion
Interested in making GPG easier to use for encrypting secrets in Git? https://github.com/StackExchange/blackbox is being rewritten in Go and needs help testing, improving, ensuring compatibility, etc.
-
gophish
Open-Source Phishing Toolkit
-
Gitrob
Reconnaissance tool for GitHub organizations
-
lego
Let's Encrypt client and ACME library written in Go
Latest mention: Nginx reverse proxy manager - how to do manual DNS challenge? | reddit.com/r/selfhosted | 2021-01-08Maybe https://github.com/go-acme/lego is an alternative for you. The dns integration lists Google Cloud
-
chezmoi
Manage your dotfiles across multiple diverse machines, securely.
There are a lot of different tools that can help you to manage your dotfiles. I use Dotdrop but there are several alternatives. Chezmoi Yadm Dotbot They can handle different systems but still being sync. Hope it helps!
-
authelia
The Single Sign-On Multi-Factor portal for web apps
Latest mention: Single login for multiple services via Caddy? | reddit.com/r/selfhosted | 2021-01-19People seem to recommend https://github.com/authelia/authelia these days. I haven't set it up myself yet.
-
crowdsec
Crowdsec - An open-source, lightweight agent to detect and respond to bad behaviours. It also automatically benefits from our global community-wide IP reputation database.
Latest mention: CrowdSec, an open-source, modernized & collaborative fail2ban | reddit.com/r/cybersecurity | 2021-01-18 -
certificates
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
Hashicorp Vault is the most well known tool for this, but I’ve also heard good things about Smallstep’s Certificate store (GitHub: https://github.com/smallstep/certificates)
-
Cameradar
Cameradar hacks its way into RTSP videosurveillance cameras
-
Rudder
Privacy and Security focused Segment-alternative, in Golang and React
-
tfsec
🔒🌍 Security scanner for your Terraform code
Latest mention: Terraform VMware vSphere Provider - is it worth it? | reddit.com/r/Terraform | 2021-01-12I know tfsec (https://github.com/tfsec/tfsec) which is pretty good for AWS resources but I think vSphere resources are not implemented.
-
google-ctf
Google CTF
Latest mention: The International Obfuscated C Code Contest 2020 winners | news.ycombinator.com | 2021-01-08For those interested in more Turing complete format strings, look no further than the "sprint" challenge from this years Google CTF: https://ctftime.org/task/12834. It's sprintf in a loop this time and the program simulates a maze: https://github.com/google/google-ctf/tree/master/2020/quals/...
-
runtime
Kata Containers version 1.x runtime (for version 2.x see https://github.com/kata-containers/kata-containers).
Latest mention: Building a secure/sandboxed environment for executing untrusted code | dev.to | 2021-01-16Kata Containers
-
autocert
[mirror] Go supplementary cryptography libraries
Latest mention: how does bcrypt.CompareHash function know which cost to select? | reddit.com/r/golang | 2021-01-02https://github.com/golang/crypto/blob/eec23a3978adcfd26c29f4153eaa3e3d9b2cc53a/bcrypt/bcrypt.go#L234-L254
-
memguard
Secure software enclave for storage of sensitive information in memory.
Index
What are some of the best open-source Security projects in Go? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | Caddy | 31,690 |
| 2 | hydra | 10,099 |
| 3 | Lean and Mean Docker containers | 9,567 |
| 4 | Gravitational Teleport | 8,973 |
| 5 | bettercap | 8,453 |
| 6 | cilium | 7,333 |
| 7 | sops | 6,642 |
| 8 | trivy | 5,984 |
| 9 | Blackbox | 5,612 |
| 10 | gophish | 5,403 |
| 11 | Gitrob | 4,989 |
| 12 | lego | 4,421 |
| 13 | chezmoi | 3,170 |
| 14 | authelia | 2,856 |
| 15 | crowdsec | 2,743 |
| 16 | certificates | 2,718 |
| 17 | Cameradar | 2,455 |
| 18 | Rudder | 2,229 |
| 19 | tfsec | 2,153 |
| 20 | google-ctf | 2,094 |
| 21 | runtime | 2,057 |
| 22 | autocert | 2,055 |
| 23 | memguard | 1,844 |