Security with Go电子书

Title Page

Copyright and Credits

Security with Go

Packt Upsell

Why subscribe?

PacktPub.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Conventions used

Get in touch

Reviews

Introduction to Security with Go

About Go

Go language design

The History of Go

Adoption and community

Common criticisms about Go

The Go toolchain

Go mascot

Learning Go

Why use Go?

Why use Go for security?

Why not use Python?

Why not use Java?

Why not use C++?

Development environment

Installing Go on other platforms

Other Linux distributions

Windows

Mac

Setting up Go

Creating your workspace

Setting up environment variables

Editors

Creating your first package

Writing your first program

Running the executable file

Building the executable file

Installing the executable file

Formatting with go fmt

Running Go examples

Building a single Go file

Running a single Go file

Building multiple Go files

Building a folder (package)

Installing a program for use

Summary

The Go Programming Language

Go language specification

The Go playground

A tour of Go

Keywords

Notes about source code

Comments

Types

Boolean

Numeric

Generic numbers

Specific numbers

Unsigned integers

Signed integers

Floating point numbers

Other numeric types

String

Array

Slice

Struct

Pointer

Function

Interface

Map

Channel

Control structures

if

for

range

switch, case, fallthrough, and default

goto

Defer

Packages

Classes

Inheritance

Polymorphism

Constructors

Methods

Operator overloading

Goroutines

Getting help and documentation

Online Go documentation

Offline Go documentation

Summary

Working with Files

File basics

Creating an empty file

Truncating a file

Getting the file info

Renaming a file

Deleting a file

Opening and closing files

Checking whether a file exists

Checking read and write permissions

Changing permissions, ownership, and timestamps

Hard links and symlinks

Reading and writing

Copying a file

Seeking positions in a file

Writing bytes to a file

Quickly writing to a file

Buffered writer

Reading up to n bytes from a file

Reading exactly n bytes

Reading at least n bytes

Reading all bytes of a file

Quickly reading whole files to memory

Buffered reader

Reading with a scanner

Archives

Archive (ZIP) files

Extracting (unzip) archived files

Compression

Compressing a file

Uncompressing a File

Creating temporary files and directories

Downloading a file over HTTP

Summary

Forensics

Files

Getting file information

Finding the largest files

Finding recently modified files

Reading the boot sector

Steganography

Generating an image with random noise

Creating a ZIP archive

Creating a steganographic image archive

Detecting a ZIP archive in a JPEG image

Network

Looking up a hostname from an IP address

Looking up IP addresses from a hostname

Looking up MX records

Looking up nameservers for a hostname

Summary

Packet Capturing and Injection

Prerequisites

Installing libpcap and Git

Installing libpcap on Ubuntu

Installing libpcap on Windows

Installing libpcap on macOS

Installing gopacket

Permission problems

Getting a list of network devices

Capturing packets

Capturing with filters

Saving to the pcap file

Reading from a pcap file

Decoding packet layers

Creating a custom layer

Converting bytes to and from packets

Creating and sending packets

Decoding packets faster

Summary

Cryptography

Hashing

Hashing small files

Hashing large files

Storing passwords securely

Encryption

Cryptographically secure pseudo-random number generator (CSPRNG)

Symmetric encryption

AES

Asymmetric encryption

Generating a public and private key pair

Digitally signing a message

Verifying a signature

TLS

Generating a self-signed certificate

Creating a certificate signing request

Signing a certificate request

TLS server

TLS client

Other encryption packages

OpenPGP

Off The Record (OTR) messaging

Summary

Secure Shell (SSH)

Using the Go SSH client

Authentication methods

Authenticating with a password

Authenticating with private key

Verifying remote host

Executing a command over SSH

Starting an interactive shell

Summary

Brute Force

Brute forcing HTTP basic authentication

Brute forcing the HTML login form

Brute forcing SSH

Brute forcing database login

Summary

Web Applications

HTTP server

Simple HTTP servers

HTTP basic auth

Using HTTPS

Creating secure cookies

HTML escaping output

Middleware with Negroni

Logging requests

Adding secure HTTP headers

Serving static files

Other best practices

CSRF tokens

Preventing user enumeration and abuse

Registration

Login

Resetting the password

User profiles

Preventing LFI and RFI abuse

Contaminated files

HTTP client

The basic HTTP request

Using the client SSL certificate

Using a proxy

Using system proxy

Using a specific HTTP proxy

Using a SOCKS5 proxy (Tor)

Summary

Web Scraping

Web scraping fundamentals

Finding strings in HTTP responses with the strings package

Using regular expressions to find email addresses in a page

Extracting HTTP headers from an HTTP response

Setting cookies with an HTTP client

Finding HTML comments in a web page

Finding unlisted files on a web server

Changing the user agent of a request

Fingerprinting web application technology stacks

Fingerprinting based on HTTP response headers

Fingerprinting web applications

How to prevent fingerprinting of your applications

Using the goquery package for web scraping

Listing all hyperlinks in a page

Finding documents in a web page

Listing page title and headings

Crawling pages on the site that store the most common words

Printing a list of external JavaScript files in a page

Depth-first crawling

Breadth-first crawling

How to protect against web scraping

Summary

Host Discovery and Enumeration

TCP and UDP sockets

Creating a server

Creating a client

Port scanning

Grabbing a banner from a service

Creating a TCP proxy

Finding named hosts on a network

Fuzzing a network service

Summary

Social Engineering

Gathering intel via JSON REST API

Sending phishing emails with SMTP

Generating QR codes

Base64 encoding data

Honeypots

TCP honeypot

The TCP testing tool

HTTP POST form login honeypot

HTTP form field honeypots

Sandboxing

Summary

Post Exploitation

Cross compiling

Creating bind shells

Creating reverse bind shells

Creating web shells

Finding writable files

Changing file timestamp

Changing file permissions

Changing file ownership

Summary

Conclusions

Recapping the topics you have learned

More thoughts on the usage of Go

What I hope you take away from the book

Be aware of legal, ethical, and technical boundaries

Where to go from here

Getting help and learning more

Another Book You May Enjoy

Leave a review – let other readers know what you think