Book Image

Security with Go

By : John Daniel Leon, Karthik Gaekwad

Book Image

Security with Go

By: John Daniel Leon, Karthik Gaekwad

Overview of this book

Go is becoming more and more popular as a language for security experts. Its wide use in server and cloud environments, its speed and ease of use, and its evident capabilities for data analysis, have made it a prime choice for developers who need to think about security. Security with Go is the first Golang security book, and it is useful for both blue team and red team applications. With this book, you will learn how to write secure software, monitor your systems, secure your data, attack systems, and extract information. Defensive topics include cryptography, forensics, packet capturing, and building secure web applications. Offensive topics include brute force, port scanning, packet injection, web scraping, social engineering, and post exploitation techniques.

Free Chapter

Introduction to Security with Go

Introduction to Security with Go

Why use Go for security?

Development environment

Running Go examples

The Go Programming Language

The Go Programming Language

Go language specification

The Go playground

Notes about source code

Control structures

Getting help and documentation

Working with Files

Working with Files

Reading and writing

Creating temporary files and directories

Downloading a file over HTTP

Forensics

Packet Capturing and Injection

Packet Capturing and Injection

Getting a list of network devices

Capturing packets

Capturing with filters

Saving to the pcap file

Reading from a pcap file

Decoding packet layers

Creating a custom layer

Converting bytes to and from packets

Creating and sending packets

Decoding packets faster

Cryptography

Secure Shell (SSH)

Secure Shell (SSH)

Using the Go SSH client

Brute Force

Brute forcing HTTP basic authentication

Brute forcing the HTML login form

Brute forcing SSH

Brute forcing database login

Web Applications

Web Applications

Web Scraping

Web scraping fundamentals

Using the goquery package for web scraping

How to protect against web scraping

Host Discovery and Enumeration

Host Discovery and Enumeration

TCP and UDP sockets

Grabbing a banner from a service

Creating a TCP proxy

Finding named hosts on a network

Fuzzing a network service

Social Engineering

Social Engineering

Gathering intel via JSON REST API

Sending phishing emails with SMTP

Generating QR codes

Post Exploitation

Post Exploitation

Cross compiling

Creating bind shells

Creating reverse bind shells

Creating web shells

Finding writable files

Changing file timestamp

Changing file permissions

Changing file ownership

Conclusions

Recapping the topics you have learned

More thoughts on the usage of Go

What I hope you take away from the book

Be aware of legal, ethical, and technical boundaries

Where to go from here

Getting help and learning more

Another Book You May Enjoy

Another Book You May Enjoy

Leave a review – let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

TCP and UDP sockets

Sockets are the building blocks of networking. Servers listen and clients dial using sockets to bind together and share information. The Internet Protocol (IP) layer specifies the address of a machine, but the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP) specify which port on the machine should be used.

The main difference between the two is the connection state. TCP keeps the connection alive and verifies that messages are received. UDP just sends a message off without receiving an acknowledgement from the remote host.

Creating a server

Here is an example server. The tcp argument for net.Listen() can be changed to udp if you want to change protocol:

package main

import (
   &quot...