[B! go][security] ishideoã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

ishideo id:ishideo

goã¨securityã«é–¢ã™ã‚‹ishideoã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (36)

${{author_name}}$

{{author_name}} {{created}}

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

{{#following_bookmarks}}

${{author_name}}$

{{author_name}} {{created}}

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

{{/following_bookmarks}}

{{/is_wiped}}

GitHub - ozansz/binaryedge-challenge-amileaked
ishideo 2021/03/07
amlleaked

golang

go

binaryedge

leak

vulnerability

security

github
ãƒªãƒ³ã‚¯
ã‚»ã‚ãƒ¥ã‚¢ã«Goã‚’æ›¸ããŸã‚ã®ã€Œã‚¬ãƒ¼ãƒ‰ãƒ¬ãƒ¼ãƒ«ã€ã‚’ç½®ã“ã† - å®‰å…¨ãªGoãƒ—ãƒãƒ€ã‚¯ãƒˆé–‹ç™ºã«å‘ã‘ãŸæŒç¶šå¯èƒ½ãªã‚¢ãƒ—ãƒãƒ¼ãƒ - Flatt Security Blog
The Go gopher was designed by Renee French. (http://reneefrench.blogspot.com/) The design is licensed under the Creative Commons 3.0 Attributions license. ç¨®ã€…ã® linter ãŒæ§˜ã€…ãªãƒ—ãƒãƒ€ã‚¯ãƒˆã®å“è³ªã‚’é«˜ã‚ã¦ããŸã€ã¨ã„ã†ã®ã¯ç–‘ã†ä½™åœ°ã®ãªã„äº‹å®Ÿã§ã™ã€‚å®Ÿè£…ã®åˆæ©çš„ãªå•é¡Œã‚’ã‚¨ãƒ‡ã‚£ã‚¿å†…ã‚„ CI/CD ãƒ‘ã‚¤ãƒ—ãƒ©ã‚¤ãƒ³ä¸ã§æ©Ÿæ¢°çš„ã«æ¤œå‡ºã§ãã‚‹ç’°å¢ƒã‚’ä½œã‚Œã°ã€é–‹ç™ºè€…ã¯ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã‚„ã‚³ãƒ¼ãƒ‰ãƒ¬ãƒ“ãƒ¥ãƒ¼ã®é‚ªé”ã«ãªã‚‹äº›æœ«ãªå•é¡Œã‚’æ—©æœŸã«é ã‹ã‚‰è¿½ã„å‡ºã—ã€æœ¬è³ªçš„ãªå•é¡Œã«é›†ä¸ã§ãã¾ã™ã€‚ ã¾ãŸã€ãã®ã‚ˆã†ãªç’°å¢ƒã¥ãã‚Šï¼ˆe.g. linter ã®ãƒ«ãƒ¼ãƒ«ã‚»ãƒƒãƒˆã®å®šç¾©ã€çµ„ç¹”ç‹¬è‡ªã®ãƒ«ãƒ¼ãƒ«ã®ä½œæˆã€â€¦ï¼‰ã¯ã€ã¾ã•ã«é–‹ç™ºçµ„ç¹”ã®ãƒ™ãƒ¼ã‚¹ãƒ©ã‚¤ãƒ³ã‚’å®šç¾©ã™ã‚‹ä½œæ¥ã¨ã—ã¦æ‰ãˆã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ä¸€åº¦èª°ã‹ãŒå®šç¾©
ishideo 2021/02/25
golang

go

secure

security

gosec

ruleguard

semgrep
ãƒªãƒ³ã‚¯
GitHub - PentestPad/subzy: Subdomain takeover vulnerability checker
ishideo 2021/02/19
subdomain

takeover

go

security

scanner

checker

github

cli

subzy

golang
ãƒªãƒ³ã‚¯
GitHub - mhmdiaa/chronos: Wayback Machine OSINT Framework
ishideo 2020/10/01
wayback-machine

waybackunifier

golang

go

github

osint

security
ãƒªãƒ³ã‚¯
GitHub - dreddsa5dies/goHackTools: Hacker tools on Go (Golang)
ishideo 2020/09/29
golang

go

gohacktools

scan

bruteforce

security

pentest

github
ãƒªãƒ³ã‚¯
GitHub - haccer/subjack: Subdomain Takeover tool written in Go
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
ishideo 2020/07/27
subjack

subdomain

takeover

go

golang

github

security

vulnerability

pentest
ãƒªãƒ³ã‚¯
DNSæ”¹ç«„æ¤œçŸ¥ãƒ„ãƒ¼ãƒ«ã‚’golangã§ä½œã£ãŸ(Slacké€šçŸ¥ä»˜ã) - Code Day's Night
DNSã®NSãƒ¬ã‚³ãƒ¼ãƒ‰ã€MXãƒ¬ã‚³ãƒ¼ãƒ‰ã®æ”¹ç«„ã‚’æ¤œçŸ¥ï¼ˆå¤‰æ›´æ¤œçŸ¥ï¼‰ã—ã€ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã§Slacké€šçŸ¥ã‚‚ã§ãã‚‹ãƒ„ãƒ¼ãƒ«ã‚’å…¬é–‹ã—ã¾ã—ãŸã€‚ https://github.com/ichikaway/nschecker Goè¨€èªžã§é–‹ç™ºã—ã€Linuxã¨Macã®ãƒã‚¤ãƒŠãƒªã‚‚ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã§ãã¾ã™ã€‚ ã™ãã«å®Ÿè¡Œã§ãã‚‹ãŸã‚ã€cronæŒ‡å®šã—ã¦ãŠã‘ã°æ„å›³ã—ãªã„ãƒ¬ã‚³ãƒ¼ãƒ‰ã®å¤‰æ›´ãŒã‚ã‹ã‚Šã¾ã™ã€‚ ä½œã£ãŸçµŒç·¯ æœ€è¿‘ã€ãƒ‰ãƒ¡ã‚¤ãƒ³ãƒã‚¤ã‚¸ãƒ£ãƒƒã‚¯ã®äº‹ä»¶ã‚’ç›®ã«ã™ã‚‹ã‚ˆã«ãªã‚Šã¾ã—ãŸã€‚ DNSè¨å®šã®æ”¹ã–ã‚“ã«ã‚ˆã‚‹ãƒ‰ãƒ¡ã‚¤ãƒ³åãƒã‚¤ã‚¸ãƒ£ãƒƒã‚¯ã«æ³¨æ„å–šèµ·ï¼ˆJPRSï¼‰ | ScanNet Security 2020å¹´6æœˆã«ã‚³ã‚¤ãƒ³ãƒã‚§ãƒƒã‚¯ã®ãƒ‰ãƒ¡ã‚¤ãƒ³ãƒã‚¤ã‚¸ãƒ£ãƒƒã‚¯äº‹ä»¶ãŒèµ·ãã¦ã„ã¾ã™ã€‚ ã‚³ã‚¤ãƒ³ãƒã‚§ãƒƒã‚¯ã®ãƒ‰ãƒ¡ã‚¤ãƒ³ãƒã‚¤ã‚¸ãƒ£ãƒƒã‚¯ã®æ‰‹æ³•ã‚’èª¿æŸ»ã—ãŸ - Shooting!!! ã“ã®è¨˜äº‹ã‚’èªã‚€ã¨ã€æ”¹ç«„ã•ã‚ŒãŸãƒ¬ã‚³ãƒ¼ãƒ‰ã¯ã€ns-1515.aws dns-"0"61.orgã®ã‚ˆã†ãªä¸€è¦‹æ£ã—ãã†ã ãŒ
ishideo 2020/07/27
dns

golang

go

slack

security

vulnerability

nschecker

registrar

domain-hijacking

name-server
ãƒªãƒ³ã‚¯
GitHub - abadojack/gocensys: Go library for interacting with Censys
ishideo 2020/06/25
censys

go

golang

github

osint

security
ãƒªãƒ³ã‚¯
GitHub - projectdiscovery/dnsprobe: DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
ishideo 2020/06/11
golang

go

dns

dnsprobe

security

vulnerability

subdomain

bug-bounty

github
ãƒªãƒ³ã‚¯
GitHub - tomnomnom/burl: A Broken-URL Checker
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
ishideo 2020/06/11
burl

url

broken

checker

vulnerability

security

golang

go

github

tomnomnom
ãƒªãƒ³ã‚¯
GitHub - hakluke/hakrawler: Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
ishideo 2020/06/08
hakrawler

go

golang

endpoint

github

security

vulnerability

javascript

sitemap.xml

wayback-machine
ãƒªãƒ³ã‚¯
Security assessment techniques for Go projects
The Trail of Bits Assurance practice has received an influx of Go projects, following the success of our Kubernetes assessment this summer. As a result, weâ€™ve been adapting for Go projects some of the security assessment techniques and tactics weâ€™ve used with other compiled languages. We started by understanding the design of the language, identifying areas where developers may not fully understan
ishideo 2020/06/04
go

golang

security

analysis

fuzz

gofuzz
ãƒªãƒ³ã‚¯
GitHub - ffuf/ffuf: Fast web fuzzer written in Go
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
ishideo 2020/06/02
fuzzer

fuz

ffuf

golang

go

security

virtual-host

parameter

post

github
ãƒªãƒ³ã‚¯
GitHub - ropnop/go-windapsearch: Utility to enumerate users, groups and computers from a Windows domain through LDAP queries
ishideo 2020/05/25
ldap

enumeration

windows

go

golang

github

security

go-windapsearch
ãƒªãƒ³ã‚¯
GitHub - ssllabs/ssllabs-scan: A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.
This tool is a command-line client for the SSL Labs APIs, designed for automated and/or bulk testing. If you'd like to contribute, please have a look at the TODO file. For larger work, please get in touch first. For smaller work (there are some TODO comments in the source code), feel free to submit pull requests. To report a probl em related to this tool, please create a new issue on GitHub: https:
ishideo 2020/04/16
golang

ssllabs

security

ssllabs-scan

scan

ssl

tls

test

cli

github
ãƒªãƒ³ã‚¯
OWASP/Go-SCPã‚’èªã‚“ã§ã‚»ã‚ãƒ¥ã‚¢ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°ã¨Goã‚’å¦ã¶ - My External Storage
ã“ã®è¨˜äº‹ã¯Go Advent Calendar 2019ã®4æ—¥ç›®ã®è¨˜äº‹ã«ãªã‚‹ã€‚ 3æ—¥ç›®ã¯@ikawahaã•ã‚“ã®ã€ŒGoa v3 ã®ãƒ†ã‚¹ãƒˆã‚’ã‚·ãƒ¥ãƒƒã¨ã™ã‚‹]ã€ã ã£ãŸã€‚ æœ¬è¨˜äº‹ã§ã¯Open Web Application Security Projectï¼ˆOWASP)ãŒå…¬é–‹ã—ã¦ã„ã‚‹Go-SCPãƒªãƒã‚¸ãƒˆãƒªã‚’ç´¹ä»‹ã™ã‚‹ã€‚ Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã«ã¯ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°ï¼ˆXSSï¼‰ã‚„ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒªã‚¯ã‚¨ã‚¹ãƒˆãƒ•ã‚©ãƒ¼ã‚¸ã‚§ãƒªï¼ˆCSRFï¼‰ãªã©ã€æ§˜ã€…ãªè„†å¼±æ€§ãŒæ½œã‚€å¯èƒ½æ€§ãŒã‚ã‚‹ã€‚ è„†å¼±æ€§å¯¾ç–ã®æ›¸ç±ã¨ã—ã¦ã¯ã€ä½“ç³»çš„ã«å¦ã¶ å®‰å…¨ãªWebã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®ä½œã‚Šæ–¹ï¼ˆå¾³ä¸¸æœ¬ï¼‰ãªã©ãŒæœ‰åã ã‚ã†ã€‚ Go-SCPãƒªãƒã‚¸ãƒˆãƒªã«ã¯Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚’å®Ÿè£…ã™ã‚‹éš›ã«å¿…è¦ãªè„†å¼±æ€§ã®çŸ¥è˜ã¨ã€Goã‚’ä½¿ã£ãŸè„†å¼±æ€§å¯¾ç–ã®å®Ÿè£…æ–¹æ³•ãŒå«ã¾ã‚Œã¦ã„ã‚‹ã€‚ https://github.com/OWASP/Go-SCP TL;DR OWASPã¨ã„ã†WEB
ishideo 2019/12/05
security

go

golang

https

go-scp

owasp

secure
ãƒªãƒ³ã‚¯
GitHub - kgretzky/evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
ishideo 2019/12/04
phishing

security

framework

evilginx2

github

bypass

nginx

go

golang
ãƒªãƒ³ã‚¯
GitHub - drk1wi/Modlishka: Modlishka. Reverse Proxy.
Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow, which allows it to transparently proxy multi-domain destination traffic, both TLS and non-TLS, over a single domain, without a requirement of installing any additional certificate on the client. What exactly does this mean? In short, it simply
ishideo 2019/12/04
phishing

security

modlishka

reverse-proxy

github

bypass

golang

go
ãƒªãƒ³ã‚¯
Vulsã®ã‚³ãƒ¼ãƒ‰ã‚’èªã‚€ ãã®ï¼’ go-cve-dictionary ã‚’ç†è§£ã™ã‚‹ã€ãƒã‚°ã‚’è¦‹ã¤ã‘ã¦ãƒ—ãƒ«ãƒªã‚¯ã‚’å‡ºã—ã¦ãƒžãƒ¼ã‚¸ã•ã‚Œã‚‹ã¾ã§ - Security Index
å‰å›žã€Vulsã®ã‚³ãƒ¼ãƒ‰ã‚’èªã‚€ ãã®ï¼‘ å…¨ä½“åƒã®æŠŠæ¡ã§ã–ã£ãã‚Šã¨scanã‚³ãƒžãƒ³ãƒ‰å‘¨ã‚Šã®ããƒ¼ã†ã‚³ãƒ¼ãƒ‰ã¨å®Ÿè¡Œæ™‚ã®æµã‚Œã®ç†è§£ã‚’è¡Œã„ã¾ã—ãŸã€‚ ä»Šå›žã¯ã€Vulsã®ä¸ã§åˆ©ç”¨ã•ã‚Œã¦ã„ã‚‹ go-cve-dictionary ã«ã¤ã„ã¦ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ã‚’èªã‚“ã§ã€ç†è§£ã‚’ã—ã¦ã„ããŸã„ã¨æ€ã„ã¾ã™ã€‚ ã¾ãŸã€ä»Šå›žã¯ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ã‚’ç¢ºèªã—ã¦ã„ãä¸ã§ãƒã‚°ã‚’ç™ºè¦‹ã—ãƒ—ãƒ«ãƒªã‚¯ã‚’å‡ºã—ã¦ã¿ã¾ã—ãŸã®ã§ãƒ—ãƒ«ãƒªã‚¯ã®æŠ•ã’æ–¹ã«ã¤ã„ã¦ã‚‚ç°¡å˜ã«è§£èª¬ã—ã¦ã„ããŸã„ã¨æ€ã„ã¾ã™ã€‚ (è¿½è¨˜ 2019/11/23) ç„¡äº‹ãƒ—ãƒ«ãƒªã‚¯ãŒãƒžãƒ¼ã‚¸ã•ã‚Œã¾ã—ãŸï¼ go-cve-dictionaryã®ç‰¹å¾´ ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ main.go commands/ commands/fetchnvd.go 1. ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹æŽ¥ç¶š 2. metaæƒ…å ±ã®å–å¾— 3. metaæƒ…å ±ã‚ˆã‚Šæ›´æ–°ãŒå¿…è¦ã‹ã©ã†ã‹åˆ¤æ– (éŽåŽ»ã®metaæƒ…å ±ã¨æ¯”è¼ƒ) 4. NVDã®è„†å¼±æ€§æƒ…å ±ã®åŽé›†ã€å¤‰æ› 5. è„†å¼±æ€§æƒ…å ±ã‚’ãƒ‡ãƒ¼ã‚¿
ishideo 2019/11/18
vuls

go-cve-dictionary

golang

go

bug

pull-request

vulnerability

security
ãƒªãƒ³ã‚¯
Vulsã¯ã©ã†ã‚„ã£ã¦è„†å¼±æ€§ã‚’è¦‹ã¤ã‘ã‚‹ã‹ - Qiita
Deleted articles cannot be recovered. Draft of this article would be also deleted. Are you sure you want to delete this article? ã¯ã˜ã‚ã« VulsãŒã©ã†ã‚„ã£ã¦ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã•ã‚ŒãŸãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ã¨ãã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã«å¯¾å¿œã™ã‚‹CVEã‚’è¦‹ã¤ã‘å‡ºã™ã®ã‹ç–‘å•ã«æ€ã„ã¾ã—ãŸã€‚ Golangã‚‚Vulsã‚‚ä½•ã‚‚åˆ†ã‹ã‚‰ãªã„ã®ã§é–“é•ã£ã¦ãŸã‚‰çªã£è¾¼ã‚“ã§ãã ã•ã„ é–¢æ•°å‘¼ã³å‡ºã—ãƒªã‚¹ãƒˆï¼ˆï¼Ÿ ã“ã†ã„ã†ã¨ãã©ã†ã„ã†å›³ã«ã™ã‚Œã°è‰¯ã„ã‹ã‚ã‹ã‚“ãªã„ã§ã™ãâ€¦ ãƒãƒ¼ã‚«ãƒ«ã®CentOSã‚’Deep Scanã™ã‚‹å ´åˆã‚’ä»®å®šã—ã¦ã„ã¾ã™ã€‚ä¸»è¦ãªã‚‚ã®ã ã‘æŠœãå‡ºã—ã¦ã¾ã™ã€‚ ()ã¯æ·±ã•ï¼Ÿã¿ãŸã„ãªã‚‚ã®ã®ã¤ã‚‚ã‚Šã§ã™ (0) commands/scan.go Execute vuls scanã•ã‚ŒãŸã¨ãå‘¼ã³å‡ºã•ã‚Œã‚‹ (1) scan/ser
ishideo 2019/11/14
golang

vuls

qiita

vulnerability

security

osint

go
ãƒªãƒ³ã‚¯
1 2 æ¬¡ã®ãƒšãƒ¼ã‚¸

ãŠçŸ¥ã‚‰ã›

ã‚‚ã£ã¨èªã‚€

å…¬å¼Twitter

@HatenaBookmark
ãƒªãƒªãƒ¼ã‚¹ã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“ã‚¹ã®ãŠçŸ¥ã‚‰ã›
@hatebu
æœ€æ–°ã®äººæ°—ã‚¨ãƒ³ãƒˆãƒªãƒ¼ã®é…ä¿¡

ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

jæ¬¡ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

kå‰ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

lã‚ã¨ã§èªã‚€

eã‚³ãƒ¡ãƒ³ãƒˆä¸€è¦§ã‚’é–‹ã

oãƒšãƒ¼ã‚¸ã‚’é–‹ã

è¨å®šã‚’å¤‰æ›´ã—ã¾ã—ãŸx