Can we use Go instead of python for security?

Hello Guys,
can we use Go instead of python for security? and is it a good choice for Security and hacking?

What do you mean by ‘security’? Please be more specifict and tell us what kind of problem you want to solve.

Packages

Projects at the Go Wiki - a curated list of Go projects.

  • Cryptography

  • Misc Networking

  • Security

Also:

Freshly I want to start to be security and become be white hat. my friend said to me I must learn these topics
Network+
CCNA
MCSE
LPIC 1/2/ (3)
SSCP
Secutrity+
CEH
SANS
Python / ( Perl / JS )

now I want to instead of Python, Perl or JS learn just Golang and write my tools if I need with just Golang. is it possible or I must learn these three languages? and if is it possible to secure things or penetration tests with Golang is it a good decision or not?

Most of these topics are not related to any specific programming language. An exception might be web security where knowledge of JavaScript probably is required since it is the only language that runs in web browsers.

1 Like

Should I learn C before I start with golang? (Go Forum)

Go is recommended as the first programming language? (Go Forum)

NB: The blog Post url points to a dead link.

Are people Re-Inventing everything in GO? (Go Forum)

Coding examples of rendering natural languages’ strings.

sh-4.2$ perl -C -e 'print "Perl in Urdu: \x{0644}\x{FEAE}\x{FB58}\n"'
Perl in Urdu: پرل
sh-4.2$ tclsh
% set Tcl "\u0644\u0627\uFEF0\uFEB3\uFEF0\uFE97"
تی‌سی‌ال
% puts "Tcl in Farsi: $Tcl"
Tcl in Farsi: تی‌سی‌ال
% exit

sh-4.2$ 

Currently Arabic script renders in 9term, but neither in the Acme nor Sam editors.

(Running 9front from a flash stick.)

term% echo $font
/lib/font/bit/vga/unicode.font
term% python
Python 2.5.1 (r251:54863, Feb 29 2016, 00:02:07) [C] on plan9
Type "help", "copyright", "credits" or "license" for more information.
>>> python = u'\uFEE5\uFEEE\uFE9C\uFEF3\uFE8E\uFE91'
print 'Python in Arabic: ', python.encode('utf-8')
Python in Arabic: بايثون
>>> exit()
term%

The Unicode Standard is missing these for Sorani (Central Kurdish), but it has been
said that the use of Presentation Forms of Arabic letters is to be discouraged.

ARABIC LETTER REH WITH SMALL V FINAL FORM
ARABIC LETTER REH WITH SMALL V BELOW FINAL FORM

ARABIC LETTER LAM WITH SMALL V INITIAL FORM
ARABIC LETTER LAM WITH SMALL V MEDIAL FORM
ARABIC LETTER LAM WITH SMALL V FINAL FORM

ARABIC LETTER LAM WITH ALEF WITH SMALL V ABOVE ISOLATED FORM
ARABIC LETTER LAM WITH ALEF WITH SMALL V ABOVE FINAL FORM

ARABIC LETTER YEH WITH SMALL V INITIAL FORM
ARABIC LETTER YEH WITH SMALL V MEDIAL FORM
ARABIC LETTER YEH WITH SMALL V FINAL FORM

Packt.com has a $5 sale going on right now:

Security with Go
By:** John Daniel Leon
Publisher:** Packt Publishing
Pub. Date:** January 31, 2018
Print ISBN-13:** 978-1-78862-791-7
Web ISBN-13:** 978-1-78862-225-7
Pages in Print Edition:** 340

In Iran, we can’t access to international books or visa card, PayPal and either Github :frowning: and this is not our fault. because or governments and the world ignore us. all world ignore Iranian people and we are Suffering :frowning:

Perhaps you can contact the publisher, Packt, directly and see if they can help you out.

1 Like

I think I would say “yes” to your question, based on what I understand. Go is similar to Python in that it is a very simple (in a lexicon sense) language, so there isn’t as much to memorize or know. The downsides are not necessarily the same, but relate to solutions to similar problems (e.g. Garbage Collection).

Go also gives you surface area to develop very fast execution and delivery pipelines in the form of containers, which can definitely be useful from a security standpoint.

1 Like

Honestly, I think there is no way around Python, mainly in the security area, for the simple fact that many tools are offering a Python interfaces. Also, Python is perfect for fast prototyping.

Go however is perfect for developing independent applications that might be relevant in security area, like web crawlers, security scanners, web applications, cryptographic calculations, etc, because of it’s great support for concurrency - it became my favorite language, meynwhile I even prefer it to Python. Python has a big disadvantage with any CPU intensive concurrent tasks due to its GIL (global interpreter lock), which basically allows you to only take advantage of one CPU core. If you must do really heavy number crunching, plain C might be more suitable to avoid time loss because of Go’s garbage collector; however, there are rare cases where this becomes really relevant.

All in all, I would say, a combination of Go and Python might be a good choice. I think Perl is no longer essential, it was relevant 10 years ago. Today, passive knowledge of it is enough, you might still find it in some older web applications. Javascript and Php are of course relevant for web applications in general, and you definitely must know both of them passively to perform good penetration tests, as in these situations it is not you who decides about the relevant languages, but the setup of your customer. With a bit lower importance, Java is also something to be aware of in this setup.

1 Like

Chapter 12 (referenced book)

Certain individuals have forwarded the adoption of the phrase “social engineering” in the the IT sector, whereas the original meaning of the phrase as applied in the social sciences, bears inference to a class-based targeting, and not what those IT sector proponents of the use of the phrase imply, as that which might legally be considered penal code violations.

One encounters a lot of bias among personnel in IT.

Also in publications regarding software.

Whether this is attributed to lack of education I cannot say.

Basically I think one should not solely study IT but also study humanities.

1 Like

There can be C language security concerns.

UNP (blog Post)

cf: mktemp

Also Perl language security concerns.

cpan (blog Post)

bash-4.3$ perl -ne 'print if $. eq 100 .. 108' /tmp/cpan/build/YAML-1.29-iAk26F/README
    YAML is taint safe.

      Using modules like Data::Dumper for serialization is fine as long as
      you can be sure that nobody can tamper with your data files or
      transmissions. That's because you need to use Perl's eval() built-in
      to deserialize the data. Somebody could add a snippet of Perl to
      erase your files.

      YAML's parser does not need to eval anything.
bash-4.3$
1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.