Book Image

Security with Go

By : John Daniel Leon, Karthik Gaekwad
Book Image

Security with Go

By: John Daniel Leon, Karthik Gaekwad

Overview of this book

Go is becoming more and more popular as a language for security experts. Its wide use in server and cloud environments, its speed and ease of use, and its evident capabilities for data analysis, have made it a prime choice for developers who need to think about security. Security with Go is the first Golang security book, and it is useful for both blue team and red team applications. With this book, you will learn how to write secure software, monitor your systems, secure your data, attack systems, and extract information. Defensive topics include cryptography, forensics, packet capturing, and building secure web applications. Offensive topics include brute force, port scanning, packet injection, web scraping, social engineering, and post exploitation techniques.

Related Content you might be interested in

Current Title:

Small book image
Security with Go
John Daniel Leon | Karthik Gaekwad
Jan, 2018 | 340 pages
Small book image
Go Web Scraping Quick Start Guide
Vincent Smith
Jan, 2019 | 132 pages
Small book image
Go Standard Library Cookbook
Radomír Sohlich
Feb, 2018 | 340 pages
Small book image
Go Systems Programming
Mihalis Tsoukalos
Sep, 2017 | 466 pages
Table of Contents (15 chapters)
Free Chapter
1
Introduction to Security with Go
Introduction to Security with Go
About Go
Why use Go for security?
Development environment
Running Go examples
Summary
2
The Go Programming Language
The Go Programming Language
Go language specification
The Go playground
A tour of Go
Keywords
Notes about source code
Comments
Types
Control structures
Defer
Packages
Classes
Goroutines
Getting help and documentation
Summary
3
Working with Files
Working with Files
File basics
Reading and writing
Archives
Compression
Creating temporary files and directories
Downloading a file over HTTP
Summary
4
Forensics
Forensics
Files
Steganography
Network
Summary
5
Packet Capturing and Injection
Packet Capturing and Injection
Prerequisites
Getting a list of network devices
Capturing packets
Capturing with filters
Saving to the pcap file
Reading from a pcap file
Decoding packet layers
Creating a custom layer
Converting bytes to and from packets
Creating and sending packets
Decoding packets faster
Summary
6
Cryptography
Cryptography
Hashing
Encryption
Summary
7
Secure Shell (SSH)
Secure Shell (SSH)
Using the Go SSH client
Summary
8
Brute Force
Brute Force
Brute forcing HTTP basic authentication
Brute forcing the HTML login form
Brute forcing SSH
Brute forcing database login
Summary
9
Web Applications
Web Applications
HTTP server
HTTP client
Summary
10
Web Scraping
Web Scraping
Web scraping fundamentals
Using the goquery package for web scraping
How to protect against web scraping
Summary
11
Host Discovery and Enumeration
Host Discovery and Enumeration
TCP and UDP sockets
Port scanning
Grabbing a banner from a service
Creating a TCP proxy
Finding named hosts on a network
Fuzzing a network service
Summary
12
Social Engineering
Social Engineering
Gathering intel via JSON REST API
Sending phishing emails with SMTP
Generating QR codes
Honeypots
Sandboxing
Summary
13
Post Exploitation
Post Exploitation
Cross compiling
Creating bind shells
Creating reverse bind shells
Creating web shells
Finding writable files
Changing file timestamp
Changing file permissions
Changing file ownership
Summary
14
Conclusions
Conclusions
Recapping the topics you have learned
More thoughts on the usage of Go
What I hope you take away from the book
Be aware of legal, ethical, and technical boundaries
Where to go from here
Getting help and learning more
15
Another Book You May Enjoy
Another Book You May Enjoy
Leave a review – let other readers know what you think

Packet Capturing and Injection

Packet capturing is the process of monitoring the raw traffic going through a network. This applies to wired Ethernet and wireless network devices. The tcpdump and libpcap packages are the standard when it comes to packet capturing. They were written in the 1980s and are still being used today. The gopacket package not only wraps the C libraries but also adds layers of Go abstraction to make it more idiomatic to Go and practical to use.

The pcap library allows you to gather information about network devices, read packets off the wire, store traffic in a .pcap file, filter traffic based on a number of criteria, or forge custom packets and send them through the network device. For the pcap library, filtering is done with Berkeley Packet Filters (BPF).

There are countless uses of packet capturing. It can be used to set up honeypots and monitor what...

Previous Section
End of Section 1
Next Section