go-sql-driver/mysql
ffuf
Our great sponsors
go-sql-driver/mysql | ffuf | |
---|---|---|
19 | 17 | |
14,111 | 11,209 | |
0.8% | 3.1% | |
7.9 | 6.1 | |
2 days ago | 7 days ago | |
Go | Go | |
Mozilla Public License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
go-sql-driver/mysql
-
Tools besides Go for a newbie
IDE: use whatever make you productive. I personally use vscode. VCS: git, as golang communities use github heavily as base for many libraries. AFAIK Linter: use staticcheck for linting as it looks like mostly used linting tool in go, supported by many also. In Vscode it will be recommended once you install go plugin. Libraries/Framework: actually the standard libraries already included many things you need, decent enough for your day-to-day development cycles(e.g. `net/http`). But here are things for extra: - Struct fields validator: validator - Http server lib: chi router , httprouter , fasthttp (for non standard http implementations, but fast) - Web Framework: echo , gin , fiber , beego , etc - Http client lib: most already covered by stdlib(net/http), so you rarely need extra lib for this, but if you really need some are: resty - CLI: cobra - Config: godotenv , viper - DB Drivers: sqlx , postgre , sqlite , mysql - nosql: redis , mongodb , elasticsearch - ORM: gorm , entgo , sqlc(codegen) - JS Transpiler: gopherjs - GUI: fyne - grpc: grpc - logging: zerolog - test: testify , gomock , dockertest - and many others you can find here
-
Questions regarding prepared statements in database/sql
I understand that database/db is an abstraction. As to the driver, sorry, it completely went out of my head. The guide primarily focuses on https://github.com/go-sql-driver/mysql, which is also what I’m interested in.
-
Make Deno MySQL driver works better
Authentication method mismatch is not allowed to occur more than once. It is not a part of MySQL protocol. go-sql-driver also has the same rule.
-
Golang future web frameworks!
go-sql-driver/mysql 12.1k Stars, Used by 72.4k
-
Finding an Authorization Bypass on My Own Website
> mysql_real_escape_string is still vulnerable when being used with some exotic character sets
Indeed -- mysql_real_escape_string "mostly" fixes this problem by requiring a connection as one of its args, and since it's usually aware of the connection state, it can check that to see if one of those exotic charsets is in-use. But the problem is that there are multiple ways to change the connection charset, some of which the driver is aware of (e.g. in PHP mysqli set_charset) but some it is not (running textual statements like SET NAMES or SET CHARACTER SET).
But generally an attacker won't ever have the ability to set an arbitrary exotic character set for the connection, unless they already have some other sql injection mechanism, in which case it's a moot point :)
Driver documentation also typically mentions this problem. For example, here's the doc for doing client-side param interpolation in the most popular MySQL driver for Golang: https://github.com/go-sql-driver/mysql#interpolateparams
It also explicitly detects if your initial connection settings attempt to use one of those charsets along with param interpolation, and throws an error if so: https://github.com/go-sql-driver/mysql/blob/21f789cd/dsn.go#...
> Couldn't one just save the extra round-trip with length-prefixed strings by sending the query together with the parameters in a single message?
AFAIK, no, not with the traditional MySQL binary protocol. The newer "X protocol" introduced in MySQL 5.7 does allow this, but it is not widely implemented in drivers.
-
[Question] Working with databases/storing data in Go applications.
However, you can use something like this https://github.com/go-reform/reform to help you with, I will call it automating the code writing. But I have always opted to one of the supported drivers and written a queries myself using for example this https://github.com/go-sql-driver/mysql.
-
Help a Go Lang neophyte become a veteran
For DB connection, you'll need something like https://github.com/Go-SQL-Driver/MySQL/ for mysql
-
Which SQL driver to use with Postgres
I'm following Alex Edwards web dev book, he uses MySQL with go-sql-driver/mysql , i want to use Postgres, which one should I use?
-
Are both MySQL and Postgres drivers similar in quality?
go-sql-driver/mysql is the main pure golang implementation and is the most feature complete. Very happy with the result that it provides.
https://github.com/go-sql-driver/mysql/issues/561 , and it's not coming anytime soon
ffuf
-
Show HN: Pfuzz, a web fuzzer following the Unix philosophy
It seems to me like "fuzzing" has a different meaning in web application penetration testing. Here, "fuzzer" is a term for tools that just generate different request using wordlists, without adding any mutations. For example, the two popular web fuzzers ffuf [1] and wfuzz [2] also call themselves fuzzers.
I see how reusing a term for a different concept is bothersome, but I feel like "fuzzer" is the term that people learning about bug bounty hunting are familiar with.
You can use radamsa [1] to create mutations for JSON payloads. There's an example using it with ffuf here: https://github.com/ffuf/ffuf?tab=readme-ov-file#using-extern...
-
The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research)
FFUF
-
Pentesting Tools I Use Everyday
Learn more about ffuf here: https://github.com/ffuf/ffuf
-
Tips on enumerating unknown APIs in my environment?
Also, I see you mentioned using curl. You can checkout ffuf which is closely related but more geared towards what you're doing.
- Fastest webpath scanner out here?
-
Brute forcing a website link
Custom word list with ffuf. https://github.com/ffuf/ffuf.
So ffuf (https://github.com/ffuf/ffuf) or wfuzz (https://github.com/xmendez/wfuzz) are a better choice to enumerate GET/POST parameters/values.
- Do not leave your Radarr instance public
-
Here's my quick tutorial on using Dirbuster! Enjoy!
Dirbuster always bugs for me, I can't change anything after starting an attack without getting the entire GUI messed up. I recommend trying out ffuf or feroxbuster.
What are some alternatives?
gobuster - Directory/File, DNS and VHost busting tool written in Go
feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
sqlx - general purpose extensions to golang's database/sql
pgx - PostgreSQL driver and toolkit for Go
pq - Pure Go Postgres driver for database/sql
nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
opentelemetry-collector - OpenTelemetry Collector
go-sqlite3 - sqlite3 driver for go using database/sql
vertica-sql-go - Official native Go client for the Vertica Analytics Database.
go-mssqldb - Microsoft SQL server driver written in go language
go-adodb - Microsoft ActiveX Object DataBase driver for go that using exp/sql
go-oci8 - Oracle driver for Go using database/sql