{"id":26455053,"url":"https://github.com/kaliforniagator/secshell-go","last_synced_at":"2026-05-12T07:36:32.349Z","repository":{"id":281587557,"uuid":"945741673","full_name":"KaliforniaGator/SecShell-Go","owner":"KaliforniaGator","description":"An implementation of SecShell now written in go with security features like command whitelisting and blacklisting built-in. It also uses sanitizing to ensure commands are clean from most injection attacks.","archived":false,"fork":false,"pushed_at":"2025-03-18T01:06:16.000Z","size":175,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-18T01:22:05.050Z","etag":null,"topics":["cyber","cybersecurity","go","golang","security","shell"],"latest_commit_sha":null,"homepage":"https://gatorsecc.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/KaliforniaGator.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-10T03:47:04.000Z","updated_at":"2025-03-18T01:06:20.000Z","dependencies_parsed_at":"2025-03-10T04:33:02.684Z","dependency_job_id":"8a842426-d937-4633-97a4-b0d753d8d932","html_url":"https://github.com/KaliforniaGator/SecShell-Go","commit_stats":null,"previous_names":["kaliforniagator/secshell-go"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KaliforniaGator%2FSecShell-Go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KaliforniaGator%2FSecShell-Go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KaliforniaGator%2FSecShell-Go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KaliforniaGator%2FSecShell-Go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/KaliforniaGator","download_url":"https://codeload.github.com/KaliforniaGator/SecShell-Go/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244300929,"owners_count":20430839,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cyber","cybersecurity","go","golang","security","shell"],"created_at":"2025-03-18T20:29:47.189Z","updated_at":"2026-05-12T07:36:32.343Z","avatar_url":"https://github.com/KaliforniaGator.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Preview](https://github.com/user-attachments/assets/c5444355-b435-4fbf-84a0-cf1f1ad23233)\n\n# 🚨 SecShell - Secure Shell for Modern Systems (Go)\n\n**SecShell** is a next-generation secure shell written in Go, engineered for professionals who demand robust security, fine-grained control, and operational transparency. It provides a hardened environment for command execution, featuring advanced whitelisting, process isolation, and real-time job/service management.\n\n---\n\n## 🔑 Key Features\n\n- **Command Whitelisting \u0026 Blacklisting**: Only explicitly allowed commands or those in trusted directories can run. Blacklisted commands are strictly blocked.\n- **Input Sanitization**: All user input is sanitized to prevent injection and exploitation.\n- **Process Isolation**: Each command runs in its own process, minimizing risk.\n- **Job Management**: Track, control, and inspect background jobs.\n- **Service Management**: Start, stop, restart, and check system services securely.\n- **Piped \u0026 Background Execution**: Full support for pipes (`|`), redirection (`\u003e`, `\u003c`), and background jobs (`\u0026`).\n- **Command History \u0026 Search**: Persistent history with interactive and query-based search, including interactive search mode.\n- **Environment Variable Control**: Set, unset, and list environment variables.\n- **Security Toggle (Admin Only)**: Temporarily bypass security checks with authentication.\n- **Pentesting Utilities**: Built-in port, host, and web scanners, reverse shell payload generation, and session management.\n- **Encoding/Decoding Tools**: Base64, Hex, URL, Binary encode/decode, and file support.\n- **Hashing Utility**: Calculate and compare hashes (MD5, SHA1, SHA256, SHA512) for strings and files.\n- **String Extraction**: Extract printable strings from binaries.\n- **Script Execution**: Run scripts with automatic interpreter detection.\n- **Update \u0026 Version Control**: Self-update and version display commands.\n- **Comprehensive Logging**: All actions are logged for audit and review.\n- **Interactive Paged Output**: View long output with paging and search (`more` command).\n- **Built-in Text Editor**: Edit files directly with the `edit` command.\n\n---\n\n## 🛡️ Built-in Commands\n\n________________________________________________________________________________________________________________________________\n| Command | Description / Usage |\n|------------------------|-----------------------------------------------------------------------------------------------------|\n| `allowed` | Show allowed directories, commands, built-ins, or binaries.\u003cbr\u003eUsage: `allowed \u003cdirs|commands|bins|builtins|all\u003e` |\n| `help` | Show help message or help for a specific command.\u003cbr\u003eUsage: `help [command]` |\n| `exit` | Exit the shell (admin only). |\n| `services` | Manage system services.\u003cbr\u003eUsage: `services \u003cstart,stop,restart,status,list\u003e \u003cservice_name\u003e` |\n| `jobs` | Manage background jobs.\u003cbr\u003eUsage: `jobs \u003clist,stop,start,status,clear-finished\u003e [pid]` |\n| `cd` | Change directory.\u003cbr\u003eUsage: `cd (--prev | -p) [directory]` |\n| `history` | Show command history.\u003cbr\u003eUsage: `history [-s \u003cquery\u003e | -i | clear]\u003cbr\u003e\u0026nbsp;\u0026nbsp;Supports: !\u003cnum\u003e, !!` |\n| `export` | Set an environment variable.\u003cbr\u003eUsage: `export VAR=value` |\n| `env` | List all environment variables. |\n| `unset` | Unset an environment variable.\u003cbr\u003eUsage: `unset VAR` |\n| `logs` | List or clear logs.\u003cbr\u003eUsage: `logs \u003clist|clear\u003e` |\n| `blacklist` | List blacklisted commands. |\n| `whitelist` | List whitelisted commands. |\n| `edit-blacklist` | Edit the blacklist file (admin only). |\n| `edit-whitelist` | Edit the whitelist file (admin only). |\n| `reload-blacklist` | Reload the blacklist (admin only). |\n| `reload-whitelist` | Reload the whitelist (admin only). |\n| `download` | Download files from the internet.\u003cbr\u003eUsage: `download [-o output1,output2,...] \u003curl [url2 ...]\u003e` |\n| `toggle-security` | Toggle security enforcement (admin only, password required). |\n| `time` | Show current time. |\n| `date` | Show current date. |\n| `--version` | Display current version. |\n| `--update` | Update SecShell to the latest version. |\n| `features` | List all available features.\u003cbr\u003eUsage: `features` |\n| `changelog` | Display the application changelog.\u003cbr\u003eUsage: `changelog` |\n| **Pentesting Tools** | |\n| `portscan` | Advanced port scanner.\u003cbr\u003eUsage: `portscan [options] \u003ctarget\u003e`\u003cbr\u003e |\n| | Options:\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-p \u003cports\u003e` (port range, e.g. 1-1000)\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-udp` (UDP scan)\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-t \u003c1-5\u003e` (timing, 1=slowest, 5=fastest)\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-v` (show service version)\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-j` (JSON output), `-html` (HTML output)\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-o \u003cfile\u003e` (output file)\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-syn` (SYN scan, root only)\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-os` (OS detection)\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-e` (enhanced detection)\u003cbr\u003e |\n| `hostscan` | Discover hosts in a network.\u003cbr\u003eUsage: `hostscan \u003cnetwork-range\u003e` |\n| `webscan` | Scan a web target.\u003cbr\u003eUsage: `webscan [options] \u003curl\u003e`\u003cbr\u003e |\n| | Options:\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-t, --timeout \u003csec\u003e`\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-H, --header \u003cHeader:Value\u003e`\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-k, --insecure` (skip SSL verification)\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-A, --user-agent \u003cUA\u003e`\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`--threads \u003cn\u003e`\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-w, --wordlist \u003cfile\u003e`\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-m, --methods \u003cGET,POST,...\u003e`\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-v, --verbose`\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`--follow-redirects`\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`--cookie \u003ccookie\u003e`\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`--auth \u003ctoken\u003e`\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-f, --format \u003ctext|json|html\u003e`\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`-o, --output \u003cfile\u003e`\u003cbr\u003e |\n| `payload` | Generate reverse shell payload.\u003cbr\u003eUsage: `payload \u003cip-address\u003e \u003cport\u003e` |\n| `session` | Manage pentest sessions.\u003cbr\u003e |\n| | Usage:\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`session -l` (list sessions)\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`session -i \u003cid\u003e` (interact with session)\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`session -c \u003cport\u003e` (listen for new session)\u003cbr\u003e |\n| | \u0026nbsp;\u0026nbsp;`session -k \u003cid\u003e` (kill session) |\n| **Encoding/Decoding** | |\n| `base64` | Encode/decode Base64.\u003cbr\u003eUsage: `base64 [-e|-d] \u003cstring\u003e OR base64 [-e|-d] -f \u003cfile\u003e [\u003e output_file]` |\n| `hex` | Encode/decode Hex.\u003cbr\u003eUsage: `hex [-e|-d] \u003cstring\u003e OR hex [-e|-d] -f \u003cfile\u003e [\u003e output_file]` |\n| `urlencode`, `url` | Encode/decode URL.\u003cbr\u003eUsage: `urlencode [-e|-d] \u003cstring\u003e [\u003e output_file]` |\n| `binary` | Encode/decode binary.\u003cbr\u003eUsage: `binary [-e|-d] \u003cstring\u003e OR binary [-e|-d] -f \u003cfile\u003e [\u003e output_file]` |\n| **Hashing** | |\n| `hash` | Calculate or compare hashes.\u003cbr\u003eUsage: `hash -s|-f \u003cString|file\u003e [algo] [-c \u003chash-to-compare\u003e]\u003cbr\u003e\u0026nbsp;\u0026nbsp;Algo: md5, sha1, sha256, sha512, all` |\n| **Analysis** | |\n| `extract-strings` | Extract printable strings from binaries.\u003cbr\u003eUsage: `extract-strings \u003cfile\u003e [-n min-len] [-o output.json]\u003cbr\u003e\u0026nbsp;\u0026nbsp;(or \u003e output.json)` |\n| `type` | Show how a name resolves in SecShell (builtin, alias, keyword, or executable).\u003cbr\u003eUsage: `type \u003cname\u003e [name ...]` |\n| `size` | Show file/folder size in selected unit.\u003cbr\u003eUsage: `size \u003c-b|-kb|-mb|-gb|-tb|-pb\u003e \u003cpath\u003e` |\n| `meta` | Show file metadata or remove extended metadata.\u003cbr\u003eUsage: `meta [-r] \u003cfile\u003e` |\n| `obfu` | Obfuscate text and print encoded output.\u003cbr\u003eUsage: `obfu \u003ctext\u003e` |\n| `mini` | Minify file content in place (HTML/CSS/JS/plain text).\u003cbr\u003eUsage: `mini \u003cfile\u003e` |\n| **Scripting** | |\n| `./\u003cscript\u003e` | Execute scripts with automatic interpreter detection. |\n| **UI/Display** | |\n| `more` | Display text files or command output with interactive paging and search.\u003cbr\u003eUsage: `more \u003cfile\u003e` or `command | more` or `more \u003c input_file` |\n| `edit` | Open a file in the built-in text editor.\u003cbr\u003eUsage: `edit \u003cfilename\u003e` |\n| `colors` | Display all available colors and styles.\u003cbr\u003eUsage: `colors` |\n| `edit-prompt` | Edit the command prompt.\u003cbr\u003eUsage: `edit-prompt` |\n| `reload-prompt` | Reload the command prompt configuration.\u003cbr\u003eUsage: `reload-prompt` |\n| `prompt` | Display the current command prompt configuration and options.\u003cbr\u003eUsage: `prompt` |\n| `files` | Open interactive file manager.\u003cbr\u003eUsage: `files` |\n| `sec` | Run the built-in scripting engine (SecEngine).\u003cbr\u003eUsage: `sec` |\n--------------------------------------------------------------------------------------------------------------------------------\n\n---\n\n## ⚡ Quick Start\n\n### Requirements\n\n- **Go (Golang)** - For building from source\n- **systemctl** - For service management features\n- **Nano Editor** - For built-in editing features\n- **DrawBox** ([DrawBox Repository](https://github.com/KaliforniaGator/DrawBox))\n- **PAM Development Library (`libpam0g-dev`)** - For Linux authentication (not required on macOS)\n\n### Installation Options\n\n#### Option 1: Quick Install Script (Recommended)\n\nInstall the pre-compiled binary directly:\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/KaliforniaGator/SecShell-Go/main/install.sh | bash\n```\n\nThis will:\n- Auto-detect your OS (`Linux`/`Darwin`) and architecture (`x86_64`/`arm64`)\n- Fetch the latest version from GitHub releases\n- Download the appropriate archive (e.g., `SecShell-Go_Darwin_arm64.tar.gz` for M1/M2 Macs)\n- Install the binary and DrawBox dependency\n\n**Supported platforms:**\n| OS | Architecture | Archive |\n|---|---|---|\n| macOS (Darwin) | Apple Silicon (M1/M2) | `SecShell-Go_Darwin_arm64.tar.gz` |\n| macOS (Darwin) | Intel (x86_64) | `SecShell-Go_Darwin_x86_64.tar.gz` |\n| Linux | x86_64 | `SecShell-Go_Linux_x86_64.tar.gz` |\n\n#### Option 2: Update Existing Installation\n\nUpdate an existing installation to the latest version:\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/KaliforniaGator/SecShell-Go/main/update.sh | bash\n```\n\nOr from within SecShell:\n```\n--update\n```\n\nThis will:\n- Compare your current version with the latest release\n- Download only if an update is available\n- Update both SecShell-Go and DrawBox\n\n#### Option 3: Manual Build from Source\n\nIf you prefer to build from source:\n\n```bash\n# Clone the repository\ngit clone https://github.com/KaliforniaGator/SecShell-Go.git\ncd SecShell-Go\n\n# Build the binary\ngo build -o secshell secshell.go\n\n# Install the binary\nsudo mv secshell /usr/bin/ # Linux\n# or\nsudo mv secshell /usr/local/bin/ # macOS\n```\n\nNote: Building from source requires Go to be installed on your system.\n\n---\n\n## 🚀 Usage\n\nStart SecShell:\n\n```bash\nsecshell\n```\n\n### Example Commands\n\n- List files: `ls -l`\n- Start a service: `services start nginx`\n- Set an environment variable: `export MY_VAR=value`\n- Run a command in the background: `sleep 10 \u0026`\n- View command history: `history`\n- Search history: `history -s nginx`\n- Interactive history search: `history -i`\n- Download a file: `download https://example.com/file.txt`\n- Scan ports: `portscan 192.168.1.1 1-1000`\n- View file content page by page: `more /var/log/syslog` or `ls -la | more`\n- Edit a file: `edit myfile.txt`\n- Toggle security (admin): `toggle-security`\n- Encode a string in base64: `base64 -e \"Hello\"`\n- Decode a hex string: `hex -d \"48656c6c6f\"`\n- Calculate SHA256 hash: `hash -s \"test\" sha256`\n- Extract strings from a binary: `extract-strings firmware.bin -n 8`\n- Resolve command type: `type ls cd url if`\n- Show folder size in MB: `size -mb ./tools`\n- Show metadata: `meta ./README.md`\n- Remove file metadata: `meta -r image.jpg`\n- Obfuscate text: `obfu \"my secret token\"`\n- Minify a JS file: `mini app.js`\n- Run a Python script: `./myscript.py arg1 arg2`\n\n---\n\n## ⚙️ Configuration\n\nSecShell uses two config files:\n\n- `.whitelist` — List of allowed commands.\n- `.blacklist` — List of disallowed commands.\n\nEdit with `edit-whitelist` or `edit-blacklist` (admin only). Files are auto-created if missing.\n\n---\n\n## 🔒 Security Model\n\n- **Strict Whitelisting**: Only commands in `.whitelist` or trusted directories are allowed.\n- **Blacklist Enforcement**: Blacklisted commands are always blocked.\n- **Admin Bypass**: Admins can temporarily disable security (with authentication).\n- **Network Command Restrictions**: Sensitive network tools (e.g., `wget`, `curl`, `nmap`) are restricted for non-admins.\n- **Audit Logging**: All actions are logged for review.\n\n---\n\n## 🤝 Contributing\n\nContributions are welcome! Please open issues or submit pull requests for improvements, bug fixes, or new features.\n\n---\n\n## 📄 License\n\nSecShell is licensed under the **GNU Affero General Public License (AGPL)**. See [LICENSE](LICENSE) for details.\n\n---\n\n**Serious about security. Built for professionals.**","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkaliforniagator%2Fsecshell-go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkaliforniagator%2Fsecshell-go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkaliforniagator%2Fsecshell-go/lists"}