Book Image

Security with Go

By : John Daniel Leon, Karthik Gaekwad

Book Image

Security with Go

By: John Daniel Leon, Karthik Gaekwad

Overview of this book

Go is becoming more and more popular as a language for security experts. Its wide use in server and cloud environments, its speed and ease of use, and its evident capabilities for data analysis, have made it a prime choice for developers who need to think about security. Security with Go is the first Golang security book, and it is useful for both blue team and red team applications. With this book, you will learn how to write secure software, monitor your systems, secure your data, attack systems, and extract information. Defensive topics include cryptography, forensics, packet capturing, and building secure web applications. Offensive topics include brute force, port scanning, packet injection, web scraping, social engineering, and post exploitation techniques.

Free Chapter

Introduction to Security with Go

Introduction to Security with Go

Why use Go for security?

Development environment

Running Go examples

The Go Programming Language

The Go Programming Language

Go language specification

The Go playground

Notes about source code

Control structures

Getting help and documentation

Working with Files

Working with Files

Reading and writing

Creating temporary files and directories

Downloading a file over HTTP

Forensics

Packet Capturing and Injection

Packet Capturing and Injection

Getting a list of network devices

Capturing packets

Capturing with filters

Saving to the pcap file

Reading from a pcap file

Decoding packet layers

Creating a custom layer

Converting bytes to and from packets

Creating and sending packets

Decoding packets faster

Cryptography

Secure Shell (SSH)

Secure Shell (SSH)

Using the Go SSH client

Brute Force

Brute forcing HTTP basic authentication

Brute forcing the HTML login form

Brute forcing SSH

Brute forcing database login

Web Applications

Web Applications

Web Scraping

Web scraping fundamentals

Using the goquery package for web scraping

How to protect against web scraping

Host Discovery and Enumeration

Host Discovery and Enumeration

TCP and UDP sockets

Grabbing a banner from a service

Creating a TCP proxy

Finding named hosts on a network

Fuzzing a network service

Social Engineering

Social Engineering

Gathering intel via JSON REST API

Sending phishing emails with SMTP

Generating QR codes

Post Exploitation

Post Exploitation

Cross compiling

Creating bind shells

Creating reverse bind shells

Creating web shells

Finding writable files

Changing file timestamp

Changing file permissions

Changing file ownership

Conclusions

Recapping the topics you have learned

More thoughts on the usage of Go

What I hope you take away from the book

Be aware of legal, ethical, and technical boundaries

Where to go from here

Getting help and learning more

Another Book You May Enjoy

Another Book You May Enjoy

Leave a review – let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Creating web shells

A web shell is similar to a bind shell, but, instead of listening as a raw TCP socket, it listens and communicates as an HTTP server. It is a useful method of creating persistent access to a machine.

One reason a web shell may be necessary, is because of firewalls or other network restrictions. HTTP traffic may be treated differently than other traffic. Sometimes the 80 and 443 ports are the only ports allowed through a firewall. Some networks may inspect the traffic to ensure that only HTTP formatted requests are allowed through.

Keep in mind that using plain HTTP means the traffic can be logged in plaintext. HTTPS can be used to encrypt the traffic, but the SSL certificate and key are going to reside on the server so that a server admin will have access to it. All you need to do to make this example use SSL is to change http.ListenAndServe() to http.ListenAndServeTLS...