{"id":373146,"url":"https://github.com/goshs-labs/goshs","last_synced_at":"2026-06-22T16:01:20.987Z","repository":{"id":43262907,"uuid":"300549409","full_name":"goshs-labs/goshs","owner":"goshs-labs","description":"Feature-rich single-binary file server for red teamers and developers.  HTTP/S · WebDAV · FTP/SFTP · SMB · LDAP/S · NTLM hash capture · DNS/SMTP callbacks ·  TLS · Auth · Share links. A powerful python3 -m http.server replacement.","archived":false,"fork":false,"pushed_at":"2026-06-19T12:54:08.000Z","size":9668,"stargazers_count":890,"open_issues_count":0,"forks_count":49,"subscribers_count":6,"default_branch":"main","last_synced_at":"2026-06-21T13:59:58.059Z","etag":null,"topics":["capture-the-flag","ctf","devtools","dns-server","file-server","file-transfer","golang","http-server","https-server","kali-linux","ldap","ntlm","offensive-security","penetration-testing","red-teaming","security-tools","sftp","smb","smtp-server","webdav"],"latest_commit_sha":null,"homepage":"https://goshs.de","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/goshs-labs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-10-02T08:24:17.000Z","updated_at":"2026-06-20T16:26:54.000Z","dependencies_parsed_at":"2025-05-21T21:03:32.074Z","dependency_job_id":"7c195056-328e-4e55-93e7-8d2a1100e0f2","html_url":"https://github.com/goshs-labs/goshs","commit_stats":null,"previous_names":["goshs-labs/goshs","patrickhener/goshs"],"tags_count":65,"template":false,"template_full_name":null,"purl":"pkg:github/goshs-labs/goshs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goshs-labs%2Fgoshs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goshs-labs%2Fgoshs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goshs-labs%2Fgoshs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goshs-labs%2Fgoshs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/goshs-labs","download_url":"https://codeload.github.com/goshs-labs/goshs/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goshs-labs%2Fgoshs/sbom","scorecard":{"id":722292,"data":{"date":"2025-08-11","repo":{"name":"github.com/patrickhener/goshs","commit":"cea833bc147c8b21464d70f6e3ab59006c6b7156"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":3,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Warn: no linked content found","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Code-Review","score":0,"reason":"Found 1/27 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:10","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:15"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.1.0 not signed: https://api.github.com/repos/patrickhener/goshs/releases/222652736","Warn: release artifact v1.0.9 not signed: https://api.github.com/repos/patrickhener/goshs/releases/221475573","Warn: release artifact v1.0.8 not signed: https://api.github.com/repos/patrickhener/goshs/releases/219743790","Warn: release artifact v1.0.7 not signed: https://api.github.com/repos/patrickhener/goshs/releases/219524964","Warn: release artifact v1.0.6 not signed: https://api.github.com/repos/patrickhener/goshs/releases/217929560","Warn: release artifact v1.1.0 does not have provenance: https://api.github.com/repos/patrickhener/goshs/releases/222652736","Warn: release artifact v1.0.9 does not have provenance: https://api.github.com/repos/patrickhener/goshs/releases/221475573","Warn: release artifact v1.0.8 does not have provenance: https://api.github.com/repos/patrickhener/goshs/releases/219743790","Warn: release artifact v1.0.7 does not have provenance: https://api.github.com/repos/patrickhener/goshs/releases/219524964","Warn: release artifact v1.0.6 does not have provenance: https://api.github.com/repos/patrickhener/goshs/releases/217929560"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickhener/goshs/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickhener/goshs/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickhener/goshs/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickhener/goshs/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickhener/goshs/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickhener/goshs/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickhener/goshs/release.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:2","Warn: containerImage not pinned by hash: Dockerfile:20: pin your Docker image by updating alpine:latest to alpine:latest@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (6) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T11:43:39.563Z","repository_id":43262907,"created_at":"2025-08-22T11:43:39.563Z","updated_at":"2025-08-22T11:43:39.563Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34655718,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-22T02:00:06.391Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"owner":{"login":"goshs-labs","name":"goshs-labs","uuid":"288591202","kind":"organization","description":"","email":null,"website":"https://goshs.de","location":"Germany","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/288591202?v=4","repositories_count":1,"last_synced_at":"2026-05-28T11:23:27.823Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/goshs-labs","funding_links":[],"total_stars":877,"followers":0,"following":0,"created_at":"2026-05-28T11:23:27.844Z","updated_at":"2026-05-28T11:23:27.844Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/goshs-labs","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/goshs-labs/repositories"},"packages":[{"id":14560497,"name":"github.com/goshs-labs/goshs","ecosystem":"go","description":null,"homepage":null,"licenses":null,"normalized_licenses":[],"repository_url":"https://github.com/goshs-labs/goshs","keywords_array":[],"namespace":null,"versions_count":46,"first_release_published_at":"2020-10-02T08:28:00.000Z","latest_release_published_at":"2026-03-13T14:11:55.000Z","latest_release_number":"v1.1.4","last_synced_at":"2026-05-28T19:30:10.083Z","created_at":"2026-05-28T19:30:06.310Z","updated_at":"2026-05-28T20:37:51.884Z","registry_url":"https://pkg.go.dev/github.com/goshs-labs/goshs","install_command":"go get github.com/goshs-labs/goshs","documentation_url":"https://pkg.go.dev/github.com/goshs-labs/goshs#section-documentation","metadata":{},"repo_metadata":{},"repo_metadata_updated_at":"2026-05-28T20:37:51.863Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":5.035479429185533,"dependent_packages_count":4.718422284959875,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":4.876950857072703},"purl":"pkg:golang/github.com/goshs-labs/goshs","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/goshs-labs/goshs","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/goshs-labs/goshs","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/goshs-labs/goshs/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgoshs-labs%2Fgoshs/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgoshs-labs%2Fgoshs/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgoshs-labs%2Fgoshs/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgoshs-labs%2Fgoshs/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgoshs-labs%2Fgoshs/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgoshs-labs%2Fgoshs/codemeta","maintainers":[],"registry":{"name":"proxy.golang.org","url":"https://proxy.golang.org","ecosystem":"go","default":true,"packages_count":2183916,"maintainers_count":0,"namespaces_count":792747,"keywords_count":113213,"github":"golang","metadata":{"funded_packages_count":53976},"icon_url":"https://github.com/golang.png","created_at":"2022-04-04T15:19:22.939Z","updated_at":"2026-06-10T05:03:23.672Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/namespaces"}},{"id":14254128,"name":"goshs.de/goshs/v2","ecosystem":"go","description":"","homepage":"https://github.com/goshs-labs/goshs","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/goshs-labs/goshs","keywords_array":[],"namespace":"goshs.de/goshs","versions_count":17,"first_release_published_at":"2026-04-15T10:14:48.069Z","latest_release_published_at":"2026-05-29T10:20:25.000Z","latest_release_number":"v2.1.0","last_synced_at":"2026-05-30T00:03:21.959Z","created_at":"2026-04-15T10:14:21.381Z","updated_at":"2026-05-30T00:03:21.959Z","registry_url":"https://pkg.go.dev/goshs.de/goshs/v2","install_command":"go get goshs.de/goshs/v2","documentation_url":"https://pkg.go.dev/goshs.de/goshs/v2#section-documentation","metadata":{},"repo_metadata":{"id":43262907,"uuid":"300549409","full_name":"goshs-labs/goshs","owner":"goshs-labs","description":"Feature-rich single-binary file server for red teamers and developers.  HTTP/S · WebDAV · FTP/SFTP · SMB · LDAP/S · NTLM hash capture · DNS/SMTP callbacks ·  TLS · Auth · Share links. A powerful python3 -m http.server replacement.","archived":false,"fork":false,"pushed_at":"2026-05-28T11:07:21.000Z","size":9567,"stargazers_count":877,"open_issues_count":0,"forks_count":49,"subscribers_count":6,"default_branch":"main","last_synced_at":"2026-05-28T11:23:26.760Z","etag":null,"topics":["capture-the-flag","ctf","devtools","dns-server","file-server","file-transfer","golang","http-server","https-server","kali-linux","ldap","ntlm","offensive-security","penetration-testing","red-teaming","security-tools","sftp","smb","smtp-server","webdav"],"latest_commit_sha":null,"homepage":"https://goshs.de","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/goshs-labs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-10-02T08:24:17.000Z","updated_at":"2026-05-28T11:07:26.000Z","dependencies_parsed_at":"2025-05-21T21:03:32.074Z","dependency_job_id":"7c195056-328e-4e55-93e7-8d2a1100e0f2","html_url":"https://github.com/goshs-labs/goshs","commit_stats":null,"previous_names":["goshs-labs/goshs"],"tags_count":63,"template":false,"template_full_name":null,"purl":"pkg:github/goshs-labs/goshs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goshs-labs%2Fgoshs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goshs-labs%2Fgoshs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goshs-labs%2Fgoshs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goshs-labs%2Fgoshs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/goshs-labs","download_url":"https://codeload.github.com/goshs-labs/goshs/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goshs-labs%2Fgoshs/sbom","scorecard":{"id":722292,"data":{"date":"2025-08-11","repo":{"name":"github.com/patrickhener/goshs","commit":"cea833bc147c8b21464d70f6e3ab59006c6b7156"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":3,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Warn: no linked content found","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Code-Review","score":0,"reason":"Found 1/27 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:10","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:15"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.1.0 not signed: https://api.github.com/repos/patrickhener/goshs/releases/222652736","Warn: release artifact v1.0.9 not signed: https://api.github.com/repos/patrickhener/goshs/releases/221475573","Warn: release artifact v1.0.8 not signed: https://api.github.com/repos/patrickhener/goshs/releases/219743790","Warn: release artifact v1.0.7 not signed: https://api.github.com/repos/patrickhener/goshs/releases/219524964","Warn: release artifact v1.0.6 not signed: https://api.github.com/repos/patrickhener/goshs/releases/217929560","Warn: release artifact v1.1.0 does not have provenance: https://api.github.com/repos/patrickhener/goshs/releases/222652736","Warn: release artifact v1.0.9 does not have provenance: https://api.github.com/repos/patrickhener/goshs/releases/221475573","Warn: release artifact v1.0.8 does not have provenance: https://api.github.com/repos/patrickhener/goshs/releases/219743790","Warn: release artifact v1.0.7 does not have provenance: https://api.github.com/repos/patrickhener/goshs/releases/219524964","Warn: release artifact v1.0.6 does not have provenance: https://api.github.com/repos/patrickhener/goshs/releases/217929560"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickhener/goshs/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickhener/goshs/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickhener/goshs/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickhener/goshs/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickhener/goshs/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickhener/goshs/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickhener/goshs/release.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:2","Warn: containerImage not pinned by hash: Dockerfile:20: pin your Docker image by updating alpine:latest to alpine:latest@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (6) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T11:43:39.563Z","repository_id":43262907,"created_at":"2025-08-22T11:43:39.563Z","updated_at":"2025-08-22T11:43:39.563Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33675019,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-29T02:00:06.066Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"patrickhener","name":"Patrick Hener","uuid":"7579055","kind":"user","description":"","email":"","website":"https://hesec.de","location":"Germany","twitter":null,"company":"Code White GmbH","icon_url":"https://avatars.githubusercontent.com/u/7579055?u=7a0c0bdba66b4069b285f7f4e0862f74bb951cda\u0026v=4","repositories_count":11,"last_synced_at":"2023-03-05T15:42:33.213Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/patrickhener","funding_links":[],"total_stars":null,"followers":null,"following":null,"created_at":"2022-11-15T18:41:23.327Z","updated_at":"2023-03-05T15:42:33.226Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/patrickhener","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/patrickhener/repositories"},"tags":[]},"repo_metadata_updated_at":"2026-05-30T00:02:58.814Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":5.162994502481751,"dependent_packages_count":4.837816059619227,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":5.000405281050488},"purl":"pkg:golang/goshs.de/goshs/v2","advisories":[{"uuid":"GSA_kwCzR0hTQS1teGczLTQzMnAtbXI3Ms4ABW87","url":"https://github.com/advisories/GHSA-mxg3-432p-mr72","title":"goshs: SSH host key verification disabled, allowing transparent MITM of every tunnelled HTTP request","description":"### Summary\n\nThe `--tunnel` / `-t` flag opens an outbound SSH connection to `localhost.run:22` with `HostKeyCallback: ssh.InsecureIgnoreHostKey()`. The Go documentation for that function states verbatim: *\"It should not be used for production code.\"* With the callback disabled the client accepts any host key the server presents, so an attacker who can intercept the operator's TCP connection to `localhost.run:22` (any router on the path, malicious local network, ARP/DNS spoof on the operator's LAN, BGP hijack, malicious VPN) can present their own SSH host key, terminate the SSH session locally, and proxy onward — sitting transparently in the middle of the tunnel.\n\nBecause `localhost.run` does TLS termination at their end, the HTTP traffic on the SSH leg is plaintext, so the on-path attacker reads and rewrites every request and response in cleartext. The goshs operator gets no warning; the public URL works normally.\n\n### Affected Code\n\n**File:** `tunnel/tunnel.go`\n\n```go\nfunc Start(localIP string, localPort int) (*Tunnel, error) {\n    config := \u0026ssh.ClientConfig{\n        User:            \"nokey\",\n        Auth:            []ssh.AuthMethod{ssh.Password(\"\")},\n        HostKeyCallback: ssh.InsecureIgnoreHostKey(), // accepts any server key\n        Timeout:         10 * time.Second,\n        BannerCallback:  func(banner string) error { return nil },\n    }\n    client, err := ssh.Dial(\"tcp\", \"localhost.run:22\", config)\n    ...\n}\n```\n\nThere is no fallback verification — no `ssh.FixedHostKey`, no `known_hosts` read, no TOFU pin. Every invocation of `goshs --tunnel` is equally vulnerable.\n\n### Exploit Chain\n\n1. Operator runs `goshs --tunnel`. `tunnel.Start()` opens an SSH client to `localhost.run:22` with `InsecureIgnoreHostKey()`.\n2. Attacker positioned on the network path (compromised router, café Wi-Fi MITM, malicious VPN exit, hostile ISP, BGP hijack, or `arpspoof` + DNS spoof on the operator's LAN) intercepts the outbound TCP connection to `localhost.run:22` and answers with their own SSH server.\n3. The attacker's fake SSH server presents an attacker-generated host key. The goshs client's `HostKeyCallback` returns nil unconditionally. Handshake completes; the client believes it is talking to `localhost.run`.\n4. The attacker proxies the SSH session onward to the real `localhost.run:22`, forwarding the URL capture so `Start()` reads back the genuine `https://*.lhr.life` line and returns successfully. The operator sees the public URL printed to stdout exactly as expected.\n5. Every HTTP request arriving at the public URL is routed over the SSH session. The attacker reads every URL, query string, header, body, and `Authorization` value sent by every visitor.\n6. For each response the attacker can rewrite the body or headers — serving modified files, injecting HTML/JS, redirecting requests, or stripping `Set-Cookie` attributes.\n7. Captured basic-auth credentials give the attacker authenticated access to upload, share-link, catcher, clipboard, and CLI endpoints. If goshs is running credential-collection listeners (SMB/LDAP/SMTP), the captured NTLM hashes and SMTP messages flowing through the tunnel are also exposed.\n\n### Impact\n\n- **Confidentiality (High):** all HTTP request and response content is readable by the on-path attacker (URLs, headers, basic-auth `Authorization`, file contents, share-link tokens, the `?goshs-info` JSON dump).\n- **Integrity (High):** attacker can modify responses in-flight — replace served files, inject `\u003cscript\u003e` into HTML responses, swap offered binaries for backdoored ones.\n- **Availability:** not affected.\n\n### Preconditions\n\n- Operator must be running `goshs --tunnel` / `goshs -t`.\n- Attacker must hold a network-on-path position between the operator and `localhost.run:22` (LAN MITM, malicious Wi-Fi, hostile ISP/VPN, BGP hijack, or DNS spoofing combined with an attacker-controlled SSH endpoint).\n\n---\n\n### Fix (applied in v2.0.7)\n\n`ssh.InsecureIgnoreHostKey()` has been replaced with a **Trust-On-First-Use (TOFU)** host key callback backed by `~/.config/goshs/known_hosts`.\n\n**Behaviour after the fix:**\n\n- On **first connection**: goshs accepts the host key presented by `localhost.run`, writes it to `~/.config/goshs/known_hosts` (mode `0600`), and prints two warning lines:\n  ```\n  WARN  tunnel: pinned new host key for localhost.run:22 (SHA256:\u003cfingerprint\u003e) in ~/.config/goshs/known_hosts\n  WARN  tunnel: verify with: ssh-keyscan localhost.run 2\u003e/dev/null | ssh-keygen -l -f -\n  ```\n  The operator should compare the printed fingerprint against the `ssh-keyscan` output to confirm no MITM occurred on that first connection.\n\n- On **subsequent connections**: the stored key is loaded via `golang.org/x/crypto/ssh/knownhosts` and the presented key is verified against it. A mismatch returns a typed `HostKeyMismatchError` and goshs exits immediately with:\n  ```\n  FATAL tunnel: ssh: host key mismatch for localhost.run:22 — possible MITM attack.\n        If localhost.run legitimately rotated its key, delete ~/.config/goshs/known_hosts and reconnect\n  ```\n\n**Files changed:**\n\n| File | Change |\n|------|--------|\n| `config/config.go` | Added `Dir()` — creates and returns `~/.config/goshs` (mode `0700`) |\n| `main.go` | Calls `config.Dir()` on every startup to ensure the directory exists |\n| `tunnel/tunnel.go` | Replaced `InsecureIgnoreHostKey()` with `buildTOFUCallback(knownHostsFile)`; added exported `HostKeyMismatchError` type |\n| `httpserver/server.go` | Resolves `~/.config/goshs/known_hosts` via `config.Dir()`, passes it to `tunnel.Start()`; fatal-exits on `HostKeyMismatchError` |\n\n**Implementation uses only already-vendored dependencies** (`golang.org/x/crypto/ssh/knownhosts` is part of the existing `golang.org/x/crypto` direct dependency — no new modules added).","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-05-15T17:17:38.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.4,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","references":["https://github.com/patrickhener/goshs/security/advisories/GHSA-mxg3-432p-mr72","https://github.com/patrickhener/goshs/commit/8f409cb08aacc6e94704334e8b1fb2cd50f5dd98","https://github.com/patrickhener/goshs/releases/tag/v2.0.7","https://github.com/advisories/GHSA-mxg3-432p-mr72"],"source_kind":"github","identifiers":["GHSA-mxg3-432p-mr72"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-05-15T18:00:17.674Z","updated_at":"2026-05-18T10:00:16.857Z","epss_percentage":null,"epss_percentile":null,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1teGczLTQzMnAtbXI3Ms4ABW87","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1teGczLTQzMnAtbXI3Ms4ABW87","packages":[{"ecosystem":"go","package_name":"goshs.de/goshs/v2","versions":[{"first_patched_version":"2.0.7","vulnerable_version_range":"\u003c= 2.0.6"}],"purl":"pkg:go/goshs.de%2Fgoshs%2Fv2"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1teGczLTQzMnAtbXI3Ms4ABW87/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/goshs.de/goshs/v2","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/go/goshs.de/goshs/v2","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/goshs.de/goshs/v2/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2026-05-15T07:01:43.731Z","issues_count":67,"pull_requests_count":82,"avg_time_to_close_issue":2295754.873015873,"avg_time_to_close_pull_request":269301.2631578947,"issues_closed_count":63,"pull_requests_closed_count":76,"pull_request_authors_count":9,"issue_authors_count":22,"avg_comments_per_issue":2.3582089552238807,"avg_comments_per_pull_request":0.5121951219512195,"merged_pull_requests_count":73,"bot_issues_count":0,"bot_pull_requests_count":13,"past_year_issues_count":7,"past_year_pull_requests_count":9,"past_year_avg_time_to_close_issue":418320.0,"past_year_avg_time_to_close_pull_request":2211.1111111111113,"past_year_issues_closed_count":4,"past_year_pull_requests_closed_count":9,"past_year_pull_request_authors_count":2,"past_year_issue_authors_count":6,"past_year_avg_comments_per_issue":1.1428571428571428,"past_year_avg_comments_per_pull_request":0.0,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":9,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickhener%2Fgoshs/issues","maintainers":[{"login":"patrickhener","count":93,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/patrickhener"}],"active_maintainers":[{"login":"patrickhener","count":7,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/patrickhener"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/goshs.de%2Fgoshs%2Fv2/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/goshs.de%2Fgoshs%2Fv2/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/goshs.de%2Fgoshs%2Fv2/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/goshs.de%2Fgoshs%2Fv2/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/goshs.de%2Fgoshs%2Fv2/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/goshs.de%2Fgoshs%2Fv2/codemeta","maintainers":[],"registry":{"name":"proxy.golang.org","url":"https://proxy.golang.org","ecosystem":"go","default":true,"packages_count":2183916,"maintainers_count":0,"namespaces_count":792747,"keywords_count":113213,"github":"golang","metadata":{"funded_packages_count":53976},"icon_url":"https://github.com/golang.png","created_at":"2022-04-04T15:19:22.939Z","updated_at":"2026-06-10T05:03:23.672Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/namespaces"}}],"commits":{"id":11777488,"full_name":"goshs-labs/goshs","default_branch":"master","total_commits":538,"total_committers":11,"total_bot_commits":30,"total_bot_committers":1,"mean_commits":48.90909090909091,"dds":0.2434944237918215,"past_year_total_commits":239,"past_year_total_committers":5,"past_year_total_bot_commits":22,"past_year_total_bot_committers":1,"past_year_mean_commits":47.8,"past_year_dds":0.11297071129707115,"last_synced_at":"2026-05-30T01:08:45.036Z","last_synced_commit":"cb212364991048727ddea2bfbd40810f8cdeecb5","created_at":"2026-05-30T00:02:58.755Z","updated_at":"2026-05-30T01:07:45.413Z","committers":[{"name":"Patrick Hener","email":"patrickhener@posteo.de","login":"patrickhener","count":407},{"name":"Patrick Hener","email":"patrick.hener@syss.de","login":null,"count":55},{"name":"Patrick Hener","email":"patrick.hener@to.com","login":null,"count":31},{"name":"dependabot[bot]","email":"49699333+dependabot[bot]","login":"dependabot[bot]","count":30},{"name":"aWZHY0yQH81uOYvH","email":"32046476+aWZHY0yQH81uOYvH","login":"aWZHY0yQH81uOYvH","count":7},{"name":"Oleksandr Redko","email":"oleksandr.red+github@gmail.com","login":"alexandear","count":3},{"name":"ty3tx","email":"tzy5088@psu.edu","login":"ty3gx","count":1},{"name":"parzel","email":"parzel@posteo.de","login":"parzel","count":1},{"name":"Hazegard","email":"m.catrice@outlook.com","login":"Hazegard","count":1},{"name":"Andrew Gordon","email":"andrewbebiegordon@gmail.com","login":"abgordon","count":1},{"name":"Vagelis","email":"evangelos.aidonopoulos@cz.verizon.com","login":null,"count":1}],"past_year_committers":[{"name":"Patrick Hener","email":"patrickhener@posteo.de","login":"patrickhener","count":212},{"name":"dependabot[bot]","email":"49699333+dependabot[bot]","login":"dependabot[bot]","count":22},{"name":"Oleksandr Redko","email":"oleksandr.red+github@gmail.com","login":"alexandear","count":3},{"name":"ty3tx","email":"tzy5088@psu.edu","login":"ty3gx","count":1},{"name":"parzel","email":"parzel@posteo.de","login":"parzel","count":1}],"commits_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub/repositories/goshs-labs%2Fgoshs/commits","host":{"name":"GitHub","url":"https://github.com","kind":"github","last_synced_at":"2026-06-22T00:00:10.186Z","repositories_count":6265756,"commits_count":874607124,"contributors_count":35087579,"owners_count":1170019,"icon_url":"https://github.com/github.png","host_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub/repositories"}},"issues":{"table":{"full_name":"goshs-labs/goshs","html_url":"https://github.com/goshs-labs/goshs","last_synced_at":null,"status":null,"issues_count":null,"pull_requests_count":null,"avg_time_to_close_issue":null,"avg_time_to_close_pull_request":null,"issues_closed_count":null,"pull_requests_closed_count":null,"pull_request_authors_count":null,"issue_authors_count":null,"avg_comments_per_issue":null,"avg_comments_per_pull_request":null,"merged_pull_requests_count":null,"bot_issues_count":null,"bot_pull_requests_count":null,"past_year_issues_count":null,"past_year_pull_requests_count":null,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":null,"past_year_issues_closed_count":null,"past_year_pull_requests_closed_count":null,"past_year_pull_request_authors_count":null,"past_year_issue_authors_count":null,"past_year_avg_comments_per_issue":null,"past_year_avg_comments_per_pull_request":null,"past_year_bot_issues_count":null,"past_year_bot_pull_requests_count":null,"past_year_merged_pull_requests_count":null,"created_at":"2026-06-22T16:01:20.924Z","updated_at":"2026-06-22T16:01:20.924Z","repository_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/goshs-labs%2Fgoshs","issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/goshs-labs%2Fgoshs/issues","issue_labels_count":{"table":{}},"pull_request_labels_count":{"table":{}},"issue_author_associations_count":{"table":{}},"pull_request_author_associations_count":{"table":{}},"issue_authors":{"table":{}},"pull_request_authors":{"table":{}},"host":{"table":{"name":"GitHub","url":"https://github.com","kind":"github","last_synced_at":"2026-06-22T00:00:10.239Z","repositories_count":14832098,"issues_count":33066650,"pull_requests_count":109080621,"authors_count":11314552,"icon_url":"https://github.com/github.png","host_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories","owners_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/owners","authors_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors"}},"past_year_issue_labels_count":{"table":{}},"past_year_pull_request_labels_count":{"table":{}},"past_year_issue_author_associations_count":{"table":{}},"past_year_pull_request_author_associations_count":{"table":{}},"past_year_issue_authors":{"table":{}},"past_year_pull_request_authors":{"table":{}},"maintainers":[],"active_maintainers":[]}},"events":{"total":{"DeleteEvent":2,"PushEvent":20,"CreateEvent":6},"last_year":{"DeleteEvent":2,"PushEvent":20,"CreateEvent":6}},"keywords":["capture-the-flag","ctf","devtools","dns-server","file-server","file-transfer","golang","http-server","https-server","kali-linux","ldap","ntlm","offensive-security","penetration-testing","red-teaming","security-tools","sftp","smb","smtp-server","webdav"],"dependencies":[{"ecosystem":"go","filepath":"go.mod","sha":null,"kind":"manifest","created_at":"2022-08-12T10:21:33.482Z","updated_at":"2022-08-12T10:21:33.482Z","repository_link":"https://github.com/goshs-labs/goshs/blob/main/go.mod","dependencies":[{"id":1315561742,"package_name":"github.com/gorilla/mux","ecosystem":"go","requirements":"v1.8.0","direct":true,"kind":"runtime","optional":false},{"id":1315561743,"package_name":"github.com/gorilla/websocket","ecosystem":"go","requirements":"v1.4.2","direct":true,"kind":"runtime","optional":false},{"id":1315561744,"package_name":"github.com/sirupsen/logrus","ecosystem":"go","requirements":"v1.8.1","direct":true,"kind":"runtime","optional":false},{"id":1315561745,"package_name":"golang.org/x/net","ecosystem":"go","requirements":"v0.0.0-20211007125505-59d4e928ea9d","direct":true,"kind":"runtime","optional":false}]},{"ecosystem":"go","filepath":"go.sum","sha":null,"kind":"lockfile","created_at":"2022-08-12T10:21:33.565Z","updated_at":"2022-08-12T10:21:33.565Z","repository_link":"https://github.com/goshs-labs/goshs/blob/main/go.sum","dependencies":[{"id":1315564479,"package_name":"github.com/davecgh/go-spew","ecosystem":"go","requirements":"v1.1.1","direct":false,"kind":"runtime","optional":false},{"id":1315564480,"package_name":"github.com/gorilla/mux","ecosystem":"go","requirements":"v1.8.0","direct":false,"kind":"runtime","optional":false},{"id":1315564481,"package_name":"github.com/gorilla/websocket","ecosystem":"go","requirements":"v1.4.2","direct":false,"kind":"runtime","optional":false},{"id":1315564482,"package_name":"github.com/pmezard/go-difflib","ecosystem":"go","requirements":"v1.0.0","direct":false,"kind":"runtime","optional":false},{"id":1315564483,"package_name":"github.com/sirupsen/logrus","ecosystem":"go","requirements":"v1.8.1","direct":false,"kind":"runtime","optional":false},{"id":1315564484,"package_name":"github.com/stretchr/testify","ecosystem":"go","requirements":"v1.2.2","direct":false,"kind":"runtime","optional":false},{"id":1315564485,"package_name":"golang.org/x/net","ecosystem":"go","requirements":"v0.0.0-20211007125505-59d4e928ea9d","direct":false,"kind":"runtime","optional":false},{"id":1315564486,"package_name":"golang.org/x/sys","ecosystem":"go","requirements":"v0.0.0-20191026070338-33540a1f6037","direct":false,"kind":"runtime","optional":false},{"id":1315564487,"package_name":"golang.org/x/sys","ecosystem":"go","requirements":"v0.0.0-20201119102817-f84b799fce68","direct":false,"kind":"runtime","optional":false},{"id":1315564488,"package_name":"golang.org/x/sys","ecosystem":"go","requirements":"v0.0.0-20210423082822-04245dca01da","direct":false,"kind":"runtime","optional":false},{"id":1315564489,"package_name":"golang.org/x/term","ecosystem":"go","requirements":"v0.0.0-20201126162022-7de9c90e9dd1","direct":false,"kind":"runtime","optional":false},{"id":1315564490,"package_name":"golang.org/x/text","ecosystem":"go","requirements":"v0.3.6","direct":false,"kind":"runtime","optional":false},{"id":1315564491,"package_name":"golang.org/x/tools","ecosystem":"go","requirements":"v0.0.0-20180917221912-90fa682c2a6e","direct":false,"kind":"runtime","optional":false}]},{"ecosystem":"actions","filepath":".github/workflows/codeql-analysis.yml","sha":null,"kind":"manifest","created_at":"2023-01-29T02:31:43.032Z","updated_at":"2023-01-29T02:31:43.032Z","repository_link":"https://github.com/goshs-labs/goshs/blob/main/.github/workflows/codeql-analysis.yml","dependencies":[{"id":7220415630,"package_name":"actions/checkout","ecosystem":"actions","requirements":"v2","direct":true,"kind":"composite","optional":false},{"id":7220415631,"package_name":"github/codeql-action/init","ecosystem":"actions","requirements":"v1","direct":true,"kind":"composite","optional":false},{"id":7220415632,"package_name":"github/codeql-action/autobuild","ecosystem":"actions","requirements":"v1","direct":true,"kind":"composite","optional":false},{"id":7220415633,"package_name":"github/codeql-action/analyze","ecosystem":"actions","requirements":"v1","direct":true,"kind":"composite","optional":false}]},{"ecosystem":"actions","filepath":".github/workflows/release.yml","sha":null,"kind":"manifest","created_at":"2023-01-29T02:31:43.096Z","updated_at":"2023-01-29T02:31:43.096Z","repository_link":"https://github.com/goshs-labs/goshs/blob/main/.github/workflows/release.yml","dependencies":[{"id":7220415657,"package_name":"actions/checkout","ecosystem":"actions","requirements":"v2","direct":true,"kind":"composite","optional":false},{"id":7220415658,"package_name":"actions/setup-go","ecosystem":"actions","requirements":"v2","direct":true,"kind":"composite","optional":false},{"id":7220415659,"package_name":"goreleaser/goreleaser-action","ecosystem":"actions","requirements":"v2","direct":true,"kind":"composite","optional":false}]},{"ecosystem":"docker","filepath":"Dockerfile","sha":null,"kind":"manifest","created_at":"2025-05-02T09:31:42.340Z","updated_at":"2025-05-02T09:31:42.340Z","repository_link":"https://github.com/goshs-labs/goshs/blob/main/Dockerfile","dependencies":[{"id":22949237583,"package_name":"golang","ecosystem":"docker","requirements":"1.24-alpine","direct":true,"kind":"build","optional":false},{"id":22949237584,"package_name":"alpine","ecosystem":"docker","requirements":"latest","direct":true,"kind":"build","optional":false}]}],"score":null,"created_at":"2026-06-21T15:45:25.706Z","updated_at":"2026-06-22T16:01:21.005Z","avatar_url":"https://github.com/goshs-labs.png","language":"Go","codemeta":null,"publiccode":null,"project_url":"https://summary.ecosyste.ms/api/v1/projects/373146","html_url":"https://summary.ecosyste.ms/projects/373146"}