Displaying 1 to 20 from 181 results

fosite - Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.

  •    Go

The security first OAuth2 & OpenID Connect framework for Go. Built simple, powerful and extensible. This library implements peer-reviewed IETF RFC6749, counterfeits weaknesses covered in peer-reviewed IETF RFC6819 and countermeasures various database attack scenarios, keeping your application safe when that hacker penetrates or leaks your database. OpenID Connect is implemented according to OpenID Connect Core 1.0 incorporating errata set 1 and includes all flows: code, implicit, hybrid.OAuth2 and OpenID Connect are difficult protocols. If you want quick wins, we strongly encourage you to look at Hydra. Hydra is a secure, high performance, cloud native OAuth2 and OpenID Connect service that integrates with every authentication method imaginable and is built on top of Fosite.

hydra - OAuth2 server with OpenID Connect - cloud native, security-first, open source API security for your infrastructure

  •    Go

ORY Hydra is a hardened OAuth2 and OpenID Connect server optimized for low-latency, high throughput, and low resource consumption. ORY Hydra is not an identity provider (user sign up, user log in, password reset flow), but connects to your existing identity provider through a consent app. Implementing the consent app in a different language is easy, and exemplary consent apps (Go, Node) and SDKs (Go, Node) are provided.Besides mitigating various attack vectors, such as database compromisation and OAuth 2.0 weaknesses, ORY Hydra is able to securely manage JSON Web Keys, and has a sophisticated policy-based access control you can use if you want to. Click here to read more about security.

osin - Golang OAuth2 server library

  •    Go

OSIN is an OAuth2 server library for the Go language, as specified at http://tools.ietf.org/html/rfc6749 and http://tools.ietf.org/html/draft-ietf-oauth-v2-10.It also includes support for PKCE, as specified at https://tools.ietf.org/html/rfc7636, which increases security for code-exchange flows for public OAuth clients.

acme - :lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)

  •    Go

acmetool is an easy-to-use command line tool for automatically acquiring certificates from ACME servers (such as Let's Encrypt). Designed to flexibly integrate into your webserver setup to enable automatic verification. Unlike the official Let's Encrypt client, this doesn't modify your web server configuration.You can perform verifications using port 80 or 443 (if you don't yet have a server running on one of them); via webroot; by configuring your webserver to proxy requests for /.well-known/acme-challenge/ to a special port (402) which acmetool can listen on; or by configuring your webserver not to listen on port 80, and instead running acmetool's built in HTTPS redirector (and challenge responder) on port 80. This is useful if all you want to do with port 80 is redirect people to port 443.




secure - HTTP middleware for Go that facilitates some quick security wins.

  •    Go

Secure is an HTTP middleware for Go that facilitates some quick security wins. It's a standard net/http Handler, and can be used with many frameworks or directly with Go's net/http package.Be sure to include the Secure middleware as close to the top (beginning) as possible (but after logging and recovery). It's best to do the allowed hosts and SSL check before anything else.

syzkaller - syzkaller is an unsupervised, coverage-guided Linux system call fuzzer

  •    Go

syzkaller is an unsupervised coverage-guided Linux kernel fuzzer.The project mailing list is syzkaller@googlegroups.com. You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.

docker-slim - DockerSlim (docker-slim): Optimize and secure your Docker containers (free and open source)

  •    Go

Creating small containers requires a lot of voodoo magic and it can be pretty painful. You shouldn't have to throw away your tools and your workflow to have skinny containers. Using Docker should be easy.docker-slim is a magic diet pill for your containers :) It will use static and dynamic analysis to create a skinny container for your app.

boulder - An ACME-based CA, written in Go.

  •    Go

This is an implementation of an ACME-based CA. The ACME protocol allows the CA to automatically verify that an applicant for a certificate actually controls an identifier, and allows domain holders to issue and revoke certificates for their domains.Boulder has a Dockerfile to make it easy to install and set up all its dependencies. This is how the maintainers work on Boulder, and is our main recommended way to run it.


nosurf - CSRF protection middleware for Go.

  •    Go

nosurf is an HTTP package for Go that helps you prevent Cross-Site Request Forgery attacks. It acts like a middleware and therefore is compatible with basically any Go HTTP application.Even though CSRF is a prominent vulnerability, Go's web-related package infrastructure mostly consists of micro-frameworks that neither do implement CSRF checks, nor should they.

piknik - Copy/paste anything over the network

  •    Go

Piknik seamlessly and securely transfers URLs, code snippets, documents, virtually anything between arbitrary hosts. No SSH needed, and hosts can sit behind NAT gateways, on different networks.

pouch - Pouch is an open-source project created to promote the container technology movement.

  •    Go

Pouch is an open-source project created by Alibaba Group to promote the container technology movement. Pouch's vision is to advance container ecosystem and promote container standards OCI(Open Container Initiative), so that container technologies become the foundation for application development in the Cloud era.

xray - XRay is a tool for recon, mapping and OSINT gathering from public networks.

  •    Go

XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. The shodan.io API key parameter ( -shodan-key KEY ) is optional, however if not specified, no service fingerprinting will be performed and a lot less information will be shown (basically it just gonna be DNS subdomain enumeration).

Gitleaks - Searches full repo history for secrets and keys

  •    Go

Gitleaks audits local and remote repos by running regex checks against all commits.

cilium - HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP

  •    Go

Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes and Mesos. A new Linux kernel technology called BPF is at the foundation of Cilium. It supports dynamic insertion of BPF bytecode into the Linux kernel at various integration points such as: network IO, application sockets, and tracepoints to implement security, networking and visibility logic. BPF is highly efficient and flexible. To learn more about BPF, read more in our extensive BPF and XDP Reference Guide.

bettercap - The Swiss Army knife for 802

  •    Go

bettercap is the Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and attacks. A precompiled version is available for each release, alternatively you can use the latest version of the source code from this repository in order to build your own binary.

felix - Project Calico's per-host agent Felix, responsible for programming routes and security policy

  •    Go

This repository contains the source code for Project Calico's per-host daemon, Felix. The best place to ask a question or get help from the community is the calico-users #slack. We also have an IRC channel.

repo-security-scanner - CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys

  •    Go

Check the entire history of the current branch for secrets. See example in this repo.

gophish - Open-Source Phishing Toolkit

  •    Go

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Installation of Gophish is dead-simple - just download and extract the zip containing the release for your system, and run the binary. Gophish has binary releases for Windows, Mac, and Linux platforms.

teleport - Privileged access management for elastic infrastructure.

  •    Go

Teleport is built on top of the high-quality Golang SSH implementation and it is fully compatible with OpenSSH and can be used with sshd servers and ssh clients. Download the latest binary release, unpack the .tar.gz and run sudo ./install. This will copy Teleport binaries into /usr/local/bin.

cameradar - Cameradar hacks its way into RTSP videosurveillance cameras

  •    Go

See command-line options. e.g.: docker run -t ullaakut/cameradar -t 192.168.100.0/24 -l will scan the ports 554 and 8554 of hosts on the 192.168.100.0/24 subnetwork and attack the discovered RTSP streams and will output debug logs.