Open Source Go Libraries

Coraza is an open-source, enterprise-grade, high-performance Web Application Firewall (WAF) ready to protect your beloved applications. It is written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set. Coraza is a drop-in alternative to replace the soon-to-be abandoned Trustwave ModSecurity Engine and supports industry-standard SecLang rule sets. Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances.

Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions. Interactsh Cli client requires go1.17+ to install successfully. interactsh-client with -sf, -session-file flag can be used store/read the current session information from user defined file which is useful to resume the same session to poll the interactions even after the client gets stopped or closed. Running the interactsh-client in verbose mode (v) to see the whole request and response, along with an output file to analyze afterwards. Using the server flag, interactsh-client can be configured to connect with a self-hosted Interactsh server, this flag accepts single or multiple server separated by comma. Default servers are subject to change/rotate/down at any time, thus we recommend using a self-hosted interactsh server if you are experiencing issues with the default server.