Security with Go
John Daniel Leon更新时间:2021-06-30 19:07:25
最新章节:Leave a review – let other readers know what you thinkcoverpage
Title Page
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Conventions used
Get in touch
Reviews
Introduction to Security with Go
About Go
Go language design
The History of Go
Adoption and community
Common criticisms about Go
The Go toolchain
Go mascot
Learning Go
Why use Go?
Why use Go for security?
Why not use Python?
Why not use Java?
Why not use C++?
Development environment
Installing Go on other platforms
Other Linux distributions
Windows
Mac
Setting up Go
Creating your workspace
Setting up environment variables
Editors
Creating your first package
Writing your first program
Running the executable file
Building the executable file
Installing the executable file
Formatting with go fmt
Running Go examples
Building a single Go file
Running a single Go file
Building multiple Go files
Building a folder (package)
Installing a program for use
Summary
The Go Programming Language
Go language specification
The Go playground
A tour of Go
Keywords
Notes about source code
Comments
Types
Boolean
Numeric
Generic numbers
Specific numbers
Unsigned integers
Signed integers
Floating point numbers
Other numeric types
String
Array
Slice
Struct
Pointer
Function
Interface
Map
Channel
Control structures
if
for
range
switch case fallthrough and default
goto
Defer
Packages
Classes
Inheritance
Polymorphism
Constructors
Methods
Operator overloading
Goroutines
Getting help and documentation
Online Go documentation
Offline Go documentation
Summary
Working with Files
File basics
Creating an empty file
Truncating a file
Getting the file info
Renaming a file
Deleting a file
Opening and closing files
Checking whether a file exists
Checking read and write permissions
Changing permissions ownership and timestamps
Hard links and symlinks
Reading and writing
Copying a file
Seeking positions in a file
Writing bytes to a file
Quickly writing to a file
Buffered writer
Reading up to n bytes from a file
Reading exactly n bytes
Reading at least n bytes
Reading all bytes of a file
Quickly reading whole files to memory
Buffered reader
Reading with a scanner
Archives
Archive (ZIP) files
Extracting (unzip) archived files
Compression
Compressing a file
Uncompressing a File
Creating temporary files and directories
Downloading a file over HTTP
Summary
Forensics
Files
Getting file information
Finding the largest files
Finding recently modified files
Reading the boot sector
Steganography
Generating an image with random noise
Creating a ZIP archive
Creating a steganographic image archive
Detecting a ZIP archive in a JPEG image
Network
Looking up a hostname from an IP address
Looking up IP addresses from a hostname
Looking up MX records
Looking up nameservers for a hostname
Summary
Packet Capturing and Injection
Prerequisites
Installing libpcap and Git
Installing libpcap on Ubuntu
Installing libpcap on Windows
Installing libpcap on macOS
Installing gopacket
Permission problems
Getting a list of network devices
Capturing packets
Capturing with filters
Saving to the pcap file
Reading from a pcap file
Decoding packet layers
Creating a custom layer
Converting bytes to and from packets
Creating and sending packets
Decoding packets faster
Summary
Cryptography
Hashing
Hashing small files
Hashing large files
Storing passwords securely
Encryption
Cryptographically secure pseudo-random number generator (CSPRNG)
Symmetric encryption
AES
Asymmetric encryption
Generating a public and private key pair
Digitally signing a message
Verifying a signature
TLS
Generating a self-signed certificate
Creating a certificate signing request
Signing a certificate request
TLS server
TLS client
Other encryption packages
OpenPGP
Off The Record (OTR) messaging
Summary
Secure Shell (SSH)
Using the Go SSH client
Authentication methods
Authenticating with a password
Authenticating with private key
Verifying remote host
Executing a command over SSH
Starting an interactive shell
Summary
Brute Force
Brute forcing HTTP basic authentication
Brute forcing the HTML login form
Brute forcing SSH
Brute forcing database login
Summary
Web Applications
HTTP server
Simple HTTP servers
HTTP basic auth
Using HTTPS
Creating secure cookies
HTML escaping output
Middleware with Negroni
Logging requests
Adding secure HTTP headers
Serving static files
Other best practices
CSRF tokens
Preventing user enumeration and abuse
Registration
Login
Resetting the password
User profiles
Preventing LFI and RFI abuse
Contaminated files
HTTP client
The basic HTTP request
Using the client SSL certificate
Using a proxy
Using system proxy
Using a specific HTTP proxy
Using a SOCKS5 proxy (Tor)
Summary
Web Scraping
Web scraping fundamentals
Finding strings in HTTP responses with the strings package
Using regular expressions to find email addresses in a page
Extracting HTTP headers from an HTTP response
Setting cookies with an HTTP client
Finding HTML comments in a web page
Finding unlisted files on a web server
Changing the user agent of a request
Fingerprinting web application technology stacks
Fingerprinting based on HTTP response headers
Fingerprinting web applications
How to prevent fingerprinting of your applications
Using the goquery package for web scraping
Listing all hyperlinks in a page
Finding documents in a web page
Listing page title and headings
Crawling pages on the site that store the most common words
Printing a list of external JavaScript files in a page
Depth-first crawling
Breadth-first crawling
How to protect against web scraping
Summary
Host Discovery and Enumeration
TCP and UDP sockets
Creating a server
Creating a client
Port scanning
Grabbing a banner from a service
Creating a TCP proxy
Finding named hosts on a network
Fuzzing a network service
Summary
Social Engineering
Gathering intel via JSON REST API
Sending phishing emails with SMTP
Generating QR codes
Base64 encoding data
Honeypots
TCP honeypot
The TCP testing tool
HTTP POST form login honeypot
HTTP form field honeypots
Sandboxing
Summary
Post Exploitation
Cross compiling
Creating bind shells
Creating reverse bind shells
Creating web shells
Finding writable files
Changing file timestamp
Changing file permissions
Changing file ownership
Summary
Conclusions
Recapping the topics you have learned
More thoughts on the usage of Go
What I hope you take away from the book
Be aware of legal ethical and technical boundaries
Where to go from here
Getting help and learning more
Another Book You May Enjoy
Leave a review – let other readers know what you think
更新时间:2021-06-30 19:07:25