Book Image

Security with Go

By : John Daniel Leon, Karthik Gaekwad

Book Image

Security with Go

By: John Daniel Leon, Karthik Gaekwad

Overview of this book

Go is becoming more and more popular as a language for security experts. Its wide use in server and cloud environments, its speed and ease of use, and its evident capabilities for data analysis, have made it a prime choice for developers who need to think about security. Security with Go is the first Golang security book, and it is useful for both blue team and red team applications. With this book, you will learn how to write secure software, monitor your systems, secure your data, attack systems, and extract information. Defensive topics include cryptography, forensics, packet capturing, and building secure web applications. Offensive topics include brute force, port scanning, packet injection, web scraping, social engineering, and post exploitation techniques.

Free Chapter

Introduction to Security with Go

Introduction to Security with Go

Why use Go for security?

Development environment

Running Go examples

The Go Programming Language

The Go Programming Language

Go language specification

The Go playground

Notes about source code

Control structures

Getting help and documentation

Working with Files

Working with Files

Reading and writing

Creating temporary files and directories

Downloading a file over HTTP

Forensics

Packet Capturing and Injection

Packet Capturing and Injection

Getting a list of network devices

Capturing packets

Capturing with filters

Saving to the pcap file

Reading from a pcap file

Decoding packet layers

Creating a custom layer

Converting bytes to and from packets

Creating and sending packets

Decoding packets faster

Cryptography

Secure Shell (SSH)

Secure Shell (SSH)

Using the Go SSH client

Brute Force

Brute forcing HTTP basic authentication

Brute forcing the HTML login form

Brute forcing SSH

Brute forcing database login

Web Applications

Web Applications

Web Scraping

Web scraping fundamentals

Using the goquery package for web scraping

How to protect against web scraping

Host Discovery and Enumeration

Host Discovery and Enumeration

TCP and UDP sockets

Grabbing a banner from a service

Creating a TCP proxy

Finding named hosts on a network

Fuzzing a network service

Social Engineering

Social Engineering

Gathering intel via JSON REST API

Sending phishing emails with SMTP

Generating QR codes

Post Exploitation

Post Exploitation

Cross compiling

Creating bind shells

Creating reverse bind shells

Creating web shells

Finding writable files

Changing file timestamp

Changing file permissions

Changing file ownership

Conclusions

Recapping the topics you have learned

More thoughts on the usage of Go

What I hope you take away from the book

Be aware of legal, ethical, and technical boundaries

Where to go from here

Getting help and learning more

Another Book You May Enjoy

Another Book You May Enjoy

Leave a review – let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Saving to the pcap file

This program will perform a packet capture and store the results in a file. The important step in this example is the call to the pcapgo package—the WriteFileHeader() function of Writer. After that, the WritePacket() function can be used to write the desired packets to a file. You can capture all the traffic and choose to write only specific packets based on your own filtering criteria, if desired. Perhaps you only want to write odd or malformed packets to log anomalies.

To do the equivalent with tcpdump, just pass it the -w flag with a filename, as shown in the following command:

tcpdump -i eth0 -w my_capture.pcap

The pcap files created with this example can be opened with Wireshark and viewed just like files created with tcpdump.

This example creates an output file named test.pcap and opens a network device for live capture. It captures 100 packets...