Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
github.com/riobard/go-shadowsocks2
Advanced tools
github.com/riobard/go-shadowsocks2
- Version
- v0.2.3
- Version published
- Created
go-shadowsocks2
A fresh implementation of Shadowsocks in Go.
GoDoc at https://godoc.org/github.com/riobard/go-shadowsocks2/
Features
- SOCKS5 proxy
- Support for Netfilter TCP redirect (IPv6 should work but not tested)
- UDP tunneling (e.g. relay DNS packets)
- TCP tunneling (e.g. benchmark with iperf3)
Install
Pre-built binaries are available from https://github.com/riobard/go-shadowsocks2/releases
You can also build from source:
go get -u -v github.com/riobard/go-shadowsocks2
Requires Go >= 1.10.
Basic Usage
Server
Start a server listening on port 8488 using AEAD_CHACHA20_POLY1305 AEAD cipher with password your-password.
go-shadowsocks2 -s ss://AEAD_CHACHA20_POLY1305:your-password@:8488 -verbose
Client
Start a client connecting to the above server. The client listens on port 1080 for incoming SOCKS5 connections, and tunnels both UDP and TCP on port 8053 and port 8054 to 8.8.8.8:53 and 8.8.4.4:53 respectively.
go-shadowsocks2 -c ss://AEAD_CHACHA20_POLY1305:PASSWORD@[server_address]:8488 \
-verbose -socks :1080 -udptun :8053=8.8.8.8:53,:8054=8.8.4.4:53 \
-tcptun :8053=8.8.8.8:53,:8054=8.8.4.4:53
Replace [server_address] with the server's public address.
Advanced Usage
Netfilter TCP redirect (Linux only)
The client offers -redir and -redir6 (for IPv6) options to handle TCP connections
redirected by Netfilter on Linux. The feature works similar to ss-redir from shadowsocks-libev.
Start a client listening on port 1082 for redirected TCP connections and port 1083 for redirected TCP IPv6 connections.
go-shadowsocks2 -c ss://AEAD_CHACHA20_POLY1305:PASSWORD@[server_address]:8488 -redir :1082 -redir6 :1083
TCP tunneling
The client offers -tcptun [local_addr]:[local_port]=[remote_addr]:[remote_port] option to tunnel TCP.
For example it can be used to proxy iperf3 for benchmarking.
Start iperf3 on the same machine with the server.
iperf3 -s
By default iperf3 listens on port 5201.
Start a client on the same machine with the server. The client listens on port 1090 for incoming connections and tunnels to localhost:5201 where iperf3 is listening.
go-shadowsocks2 -c ss://AEAD_CHACHA20_POLY1305:PASSWORD@[server_address]:8488 -tcptun :1090=localhost:5201
Start iperf3 client to connect to the tunneld port instead
iperf3 -c localhost -p 1090
TODO
- Test coverage
Design Principles
The code base strives to
- be idiomatic Go and well organized;
- use fewer external dependences as reasonably possible;
- only include proven modern ciphers;
FAQs
Unknown package
Package last updated on 16 Feb 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025