{"id":38717483,"url":"https://github.com/greenstatic/openspa","last_synced_at":"2026-01-17T11:04:46.175Z","repository":{"id":51153986,"uuid":"144714775","full_name":"greenstatic/openspa","owner":"greenstatic","description":"OpenSPA - An open and extensible Single Packet Authorization (SPA) protocol","archived":false,"fork":false,"pushed_at":"2023-01-25T07:01:09.000Z","size":695,"stargazers_count":94,"open_issues_count":5,"forks_count":22,"subscribers_count":12,"default_branch":"dev","last_synced_at":"2024-11-13T19:42:02.198Z","etag":null,"topics":["port-knocking","single-packet-authorization","spa"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/greenstatic.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-08-14T12:06:15.000Z","updated_at":"2024-09-24T07:01:03.000Z","dependencies_parsed_at":"2023-02-14T05:32:02.482Z","dependency_job_id":null,"html_url":"https://github.com/greenstatic/openspa","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/greenstatic/openspa","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenstatic%2Fopenspa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenstatic%2Fopenspa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenstatic%2Fopenspa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenstatic%2Fopenspa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/greenstatic","download_url":"https://codeload.github.com/greenstatic/openspa/tar.gz/refs/heads/dev","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenstatic%2Fopenspa/sbom","scorecard":{"id":444687,"data":{"date":"2025-08-11","repo":{"name":"github.com/greenstatic/openspa","commit":"edc748cfbcd34acb2865e24fdd1430c941bed0e5"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":8,"reason":"binaries present in source code","details":["Warn: binary detected: internal/xdp/bpf_bpfeb.o:1","Warn: binary detected: internal/xdp/bpf_bpfel.o:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/greenstatic/openspa/ci.yaml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/greenstatic/openspa/ci.yaml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/greenstatic/openspa/ci.yaml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/greenstatic/openspa/ci.yaml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/greenstatic/openspa/ci.yaml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/greenstatic/openspa/ci.yaml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/greenstatic/openspa/ci.yaml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/greenstatic/openspa/ci.yaml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/greenstatic/openspa/ci.yaml/dev?enable=pin","Info:   0 out of   7 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'dev'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T06:24:10.569Z","repository_id":51153986,"created_at":"2025-08-19T06:24:10.570Z","updated_at":"2025-08-19T06:24:10.570Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28506593,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T10:25:30.148Z","status":"ssl_error","status_checked_at":"2026-01-17T10:25:29.718Z","response_time":85,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["port-knocking","single-packet-authorization","spa"],"created_at":"2026-01-17T11:04:43.893Z","updated_at":"2026-01-17T11:04:46.158Z","avatar_url":"https://github.com/greenstatic.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OpenSPA\n\n[![CI](https://github.com/greenstatic/openspa/actions/workflows/ci.yaml/badge.svg)](https://github.com/greenstatic/openspa/actions/workflows/ci.yaml)\n[![Go Reference](https://pkg.go.dev/badge/github.com/greenstatic/openspa.svg)](https://pkg.go.dev/github.com/greenstatic/openspa)\n[![Go Report Card](https://goreportcard.com/badge/github.com/greenstatic/openspa)](https://goreportcard.com/report/github.com/greenstatic/openspa)\n![License](https://img.shields.io/github/license/greenstatic/openspa)\n\nOpenSPA: An open and extensible Single Packet Authorization (SPA) implementation of the [OpenSPA Protocol](docs/protocol.md).\n\n[v1](https://github.com/greenstatic/openspa/tree/v1) of the protocol was created in 2018 and while functioning, it has a \nfew shortcomings which are being resolved in v2 (currently the dev branch) of the protocol.\n\n**v2 is currently as of 2022 under heavy development.** No guarantees are made that it will remain backwards compatible \nin it's current form.\nWe WILL break it during development.\n\nv1 was never production ready and so any PR regarding v1 will be rejected.\n\n## What is OpenSPA?\nOpenSPA is an open and extensible SPA implementation built upon the OpenSPA Protocol.\nOpenSPA allows the deployment of a service on an internal network or the internet, that is hidden to all unauthorized \nusers.\nAuthorized users authenticate by sending a single packet to the OpenSPA server, which will reveal itself only if the \nuser is authorized to access the service.\n\nOpenSPA builds what essentially is a dynamic firewall.\n\n![OpenSPA-Demo](docs/assets/openspa_brief.png)\n\nUnauthorized users will not be able to detect via the network the presence of the hidden service (no ping, traceroute, \nport scans, fingerprinting, etc.).\nOnce the user sends an OpenSPA request packet (via UDP) and they are authorized only then will the server respond with \na response.\nUnauthorized users thus will also be unable to confirm the existence of the OpenSPA service.\n\n## Version 1 vs. 2?\nThe major difference between v1 and v2 of the OpenSPA protocol is how binary messages (request \u0026 response) are encoded.\nVersion 1 had a well-defined binary format (e.g. offset X with a length of 32 bits contains the client's IP address).\nWhile this of course worked, it also proved very difficult to extend and modify.\nWhich is why version 2 uses TLVs to encode the binary messages.\nThis allows v2 to be customized and extended very easily for different use-cases.\n\nVersion 2 also brings native support for IPtables, making extension scripts optional (or rather an alternative to the \nnative IPtables integration to support different firewalls).\n\n## Version 2 Status\nCompleted:\n* openspalib (`pkg/openspalib`) - library for the OpenSPA protocol. With this you can implement your own OpenSPA client \nand server\n* Client (`cli/openspa-client`) - OpenSPA client CLI\n* Server (`cli/openspa-server`) - OpenSPA server CLI\n  * Config file support\n  * Native IPtables integration\n  * External firewall integration\n  * External authorization integration\n* adk (Anti DoS Knocking protection) implemented using TOTP\n* Server should expose Prometheus metrics via HTTP\n* eBPF/XDP adk acceleration (Anti DoS knocking protection)\n* Benchmarks (ADK with XDP and without)\n\nPlanned:\n* ECC support\n* x509 certificate support\n* Helper utility to generate keys\n* Server external authentication support\n* Replay attack prevention\n* Use `SO_REUSEPORT` to increase performance on multi-core, multi-NIC queue systems [good blog post about the issue](https://blog.cloudflare.com/how-to-receive-a-million-packets/)\n\n## Building from Source\n```sh\n$ sudo apt install build-essential make git\n$ git clone https://github.com/greenstatic/openspa.git\n$ cd openspa\n$ make build\n# Build artifacts in the: ./artifacts directory\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgreenstatic%2Fopenspa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgreenstatic%2Fopenspa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgreenstatic%2Fopenspa/lists"}