Book Image

Security with Go

By : John Daniel Leon, Karthik Gaekwad
Book Image

Security with Go

By: John Daniel Leon, Karthik Gaekwad

Overview of this book

Go is becoming more and more popular as a language for security experts. Its wide use in server and cloud environments, its speed and ease of use, and its evident capabilities for data analysis, have made it a prime choice for developers who need to think about security. Security with Go is the first Golang security book, and it is useful for both blue team and red team applications. With this book, you will learn how to write secure software, monitor your systems, secure your data, attack systems, and extract information. Defensive topics include cryptography, forensics, packet capturing, and building secure web applications. Offensive topics include brute force, port scanning, packet injection, web scraping, social engineering, and post exploitation techniques.

Related Content you might be interested in

Current Title:

Small book image
Security with Go
John Daniel Leon | Karthik Gaekwad
Jan, 2018 | 340 pages
Small book image
Go Web Scraping Quick Start Guide
Vincent Smith
Jan, 2019 | 132 pages
Small book image
Go Standard Library Cookbook
Radomír Sohlich
Feb, 2018 | 340 pages
Small book image
Go Systems Programming
Mihalis Tsoukalos
Sep, 2017 | 466 pages
Table of Contents (15 chapters)
Free Chapter
1
Introduction to Security with Go
Introduction to Security with Go
About Go
Why use Go for security?
Development environment
Running Go examples
Summary
2
The Go Programming Language
The Go Programming Language
Go language specification
The Go playground
A tour of Go
Keywords
Notes about source code
Comments
Types
Control structures
Defer
Packages
Classes
Goroutines
Getting help and documentation
Summary
3
Working with Files
Working with Files
File basics
Reading and writing
Archives
Compression
Creating temporary files and directories
Downloading a file over HTTP
Summary
4
Forensics
Forensics
Files
Steganography
Network
Summary
5
Packet Capturing and Injection
Packet Capturing and Injection
Prerequisites
Getting a list of network devices
Capturing packets
Capturing with filters
Saving to the pcap file
Reading from a pcap file
Decoding packet layers
Creating a custom layer
Converting bytes to and from packets
Creating and sending packets
Decoding packets faster
Summary
6
Cryptography
Cryptography
Hashing
Encryption
Summary
7
Secure Shell (SSH)
Secure Shell (SSH)
Using the Go SSH client
Summary
8
Brute Force
Brute Force
Brute forcing HTTP basic authentication
Brute forcing the HTML login form
Brute forcing SSH
Brute forcing database login
Summary
9
Web Applications
Web Applications
HTTP server
HTTP client
Summary
10
Web Scraping
Web Scraping
Web scraping fundamentals
Using the goquery package for web scraping
How to protect against web scraping
Summary
11
Host Discovery and Enumeration
Host Discovery and Enumeration
TCP and UDP sockets
Port scanning
Grabbing a banner from a service
Creating a TCP proxy
Finding named hosts on a network
Fuzzing a network service
Summary
12
Social Engineering
Social Engineering
Gathering intel via JSON REST API
Sending phishing emails with SMTP
Generating QR codes
Honeypots
Sandboxing
Summary
13
Post Exploitation
Post Exploitation
Cross compiling
Creating bind shells
Creating reverse bind shells
Creating web shells
Finding writable files
Changing file timestamp
Changing file permissions
Changing file ownership
Summary
14
Conclusions
Conclusions
Recapping the topics you have learned
More thoughts on the usage of Go
What I hope you take away from the book
Be aware of legal, ethical, and technical boundaries
Where to go from here
Getting help and learning more
15
Another Book You May Enjoy
Another Book You May Enjoy
Leave a review – let other readers know what you think

Creating a TCP proxy

Much like the HTTP proxy in Chapter 9, Web Applications, a TCP level proxy can be useful for debugging, logging, analyzing traffic, and privacy. When doing port scans, host discovery, and enumeration, a proxy can be useful to hide your location and source IP address. You may want to hide where you are coming from, disguise who you are, or just use a throwaway IP in case you get blacklisted for performing the requests.

The following example will listen in on a local port, forward a request to a remote host, and then send the response of the remote server back to the client. It will also log any requests.

You can test out this proxy by running the server in the previous section and then setting up the proxy to forward to that server. When the echoing server and the proxy server are running, use the TCP client to connect to the proxy server:

package main

import...
Previous Section
End of Section 5
Next Section