Top 23 Go security-tool Projects

• trivy

  83 21,525 9.8 Go

  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

  

Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

4. Trivy: https://github.com/aquasecurity/trivy Trivy is a versatile tool that scans for vulnerabilities in your containers, and also checks for vulnerabilities in your application dependencies.

• gitleaks

  36 15,361 8.1 Go

  Protect and discover secrets using Gitleaks 🔑

  

Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

1. Gitleaks: https://github.com/gitleaks/gitleaks Gitleaks provides a way for developers to find and prevent security breaches by scanning Git repositories for secrets like passwords and API keys.

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• trufflehog

  25 13,996 9.9 Go

  Find and verify secrets

  

Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03

Trufflehog

• vuls

  3 10,699 8.8 Go

  Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

  

• sliver

  20 7,614 9.6 Go

  Adversary Emulation Framework

  

Project mention: With VPN's such as Twin Gate and TailScale, why open ports to expose services to the internet? | /r/selfhosted | 2023-07-05

IDK if you are too young to remember the fallout from Snowden, but the Kremlin threw out entire rooms computers and for a time used actual typewriters. Because those computers had, more or less, twingate connectors on them. That's a bit of a rich example, but you're essentially installing what sliver calls an implant, what meterpreter calls a payload, and what Cobalt Strike calls a beacon. It's cool if you want to, but there's no need when you can just open a port with the same technology a Fortune 50 does.

• gosec

  20 7,490 8.7 Go

  Go security checker

  

Project mention: Secure Randomness in Go 1.22 | news.ycombinator.com | 2024-05-07

For those unaware, gosec (and by extension golangci-lint) will warn about uses of `math/rand`

https://github.com/securego/gosec/blob/d3b2359ae29fe344f4df5...

• traitor

  17 6,497 0.0 Go

  :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

Project mention: Traitor – Automatic Linux privesc via exploitation of low-hanging fruits | news.ycombinator.com | 2023-06-12

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• certificates

  40 6,211 9.5 Go

  🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

  

Project mention: You shouldn't run NSA-grade Wi-Fi at home | news.ycombinator.com | 2024-01-04

You can roll your own with https://github.com/smallstep/certificates. We maintain major open source projects and contribute a lot to other projects. I don’t think that means everything we do has to be open source. Sorry this one wasn’t. Doing this in pure open source would be a book, not a blog post.

Love Let’s Encrypt — we’re sponsors — but using them for WiFi is a terrible idea. You need internal PKI for WiFi.

• osv-scanner

  10 5,874 9.6 Go

  Vulnerability scanner written in Go which uses the data provided by https://osv.dev

  

• scan4all

  1 5,274 7.7 Go

  Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

  

• syzkaller

  7 5,150 9.8 Go

  syzkaller is an unsupervised coverage-guided kernel fuzzer

  

Project mention: Automated Unit Test Improvement Using Large Language Models at Meta | news.ycombinator.com | 2024-02-17

https://arxiv.org/abs/2402.09171 :

> This paper describes Meta's TestGen-LLM tool, which uses LLMs to automatically improve existing human-written tests. TestGen-LLM verifies that its generated test classes successfully clear a set of filters that assure measurable improvement over the original test suite, thereby eliminating problems due to LLM hallucination. [...] We believe this is the first report on industrial scale deployment of LLM-generated code backed by such assurances of code improvement.

Coverage-guided unit test improvement might [with LLMs] be efficient too.

https://github.com/topics/coverage-guided-fuzzing :

- e.g. Google/syzkaller is a coverage-guided syscall fuzzer: https://github.com/google/syzkaller

- Gitlab CI supports coverage-guided fuzzing: https://docs.gitlab.com/ee/user/application_security/coverag...

- oss-fuzz, osv

Additional ways to improve tests:

Hypothesis and pynguin generate tests from type annotations.

There are various tools to generate type annotations for Python code;

> pytype (Google) [1], PyAnnotate (Dropbox) [2], and MonkeyType (Instagram) [3] all do dynamic / runtime PEP-484 type annotation type inference [4] to generate type annotations. https://news.ycombinator.com/item?id=39139198

icontract-hypothesis generates tests from icontract DbC Design by Contract type, value, and invariance constraints specified as precondition and postcondition @decorators:

• osmedeus

  2 5,098 6.4 Go

  A Workflow Engine for Offensive Security

• Modlishka

  11 4,685 6.0 Go

  Modlishka. Reverse Proxy.

• spicedb

  38 4,565 9.7 Go

  Open Source, Google Zanzibar-inspired permissions database to enable fine-grained access control for customer applications

  

Project mention: How do you manage transactions in Go? Do we really need to use one transaction for each request? | /r/golang | 2023-06-02

Have you taken a look at SpiceDB? The Authzed blog has a few posts that are useful to improving your understanding -- I can think of two: New Enemies and Writing relationships to SpiceDB.

• terrascan

  23 4,526 6.6 Go

  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

  

Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

2. Terrascan: https://github.com/tenable/terrascan Terrascan detects security vulnerabilities and compliance violations across your IaC. Supports multiple cloud providers, ensuring that your infrastructure complies with security best practices.

• Cameradar

  3 3,902 3.4 Go

  Cameradar hacks its way into RTSP videosurveillance cameras

• cli

  8 3,498 9.2 Go

  🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc. (by smallstep)

  

Project mention: Google will disable all but OAuth for IMAP, SMTP and POP starting Sept. 30 | news.ycombinator.com | 2024-01-18

https://github.com/smallstep/cli implements some OAuth flows from the CLI, it may be helpful for you.

• SecretScanner

  7 2,963 7.2 Go

  :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

  

• dockle

  2 2,659 5.5 Go

  Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

  

• ContainerSSH

  12 2,582 5.8 Go

  ContainerSSH: Launch containers on demand

  

Project mention: Ask HN: Tell us about your project that's not done yet but you want feedback on | news.ycombinator.com | 2023-08-16

- Build your own honeypot with ContainerSSH (DevConf CZ 2021) [4]

[1]: https://containerssh.io

• Stowaway

  33 2,423 7.1 Go

  👻Stowaway -- Multi-hop Proxy Tool for pentesters

Project mention: Stowaway -- Multi-hop Proxy Tool for pentesters | /r/hacking | 2023-11-13

• Picocrypt

  78 2,295 6.5 Go

  A very small, very simple, yet very secure encryption tool.

Project mention: BitLocker vs Veracrypt | /r/Bitwarden | 2023-06-20

There's also Picocrypt.

• ksubdomain

  1 2,086 0.0 Go

  无状态子域名爆破工具

  

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Go security-tools related posts

• Secure Randomness in Go 1.22

  3 projects | news.ycombinator.com | 7 May 2024

• Cloud Security and Resilience: DevSecOps Tools and Practices

  10 projects | dev.to | 1 May 2024

• SLSA up to v1.9.0 (latest) breaking GHA pipelines

  1 project | news.ycombinator.com | 20 Mar 2024

• A tool for using AWS Identity Center for the CLI and web console

  1 project | news.ycombinator.com | 13 Feb 2024

• I Analyzed StackOverflow for Secrets

  1 project | news.ycombinator.com | 17 Nov 2023

• [Help Needed] Securing Customized Gitleaks and Backend Communication?

  1 project | /r/cybersecurity | 16 Nov 2023

• With VPN's such as Twin Gate and TailScale, why open ports to expose services to the internet?

  1 project | /r/selfhosted | 5 Jul 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 17 May 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Go projects with our weekly report!