Top 23 Go Bugbounty Projects

Bugbounty

• Add a project

1. subfinder

   1 10 11,647 8.9 Go

   Fast passive subdomain enumeration tool.

   

   Project mention: Ask HN: How did internet discover my subdomain? | news.ycombinator.com | 2025-03-06

   I'm surprised nobody mentioned subfinder yet: https://github.com/projectdiscovery/subfinder

   Subfinder uses different public and private sources to discover subdomains. Certificate Transparency logs are a great source, but it also has some other options.

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. httpx

   2 3 8,483 9.3 Go

   httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. (by projectdiscovery)

   

4. hetty

   3 3 6,888 5.2 Go

   An HTTP toolkit for security research.

   

5. scan4all

   4 1 5,667 6.8 Go

   Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

   

6. osmedeus

   5 2 5,582 5.1 Go

   A Workflow Engine for Offensive Security

   

7. hakrawler

   6 3 4,701 2.5 Go

   Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

   

8. dalfox

   7 1 4,251 9.7 Go

   🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

   

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. interactsh

    8 9 3,746 9.3 Go

    An OOB interaction gathering server and client library

    

11. S3Scanner

    9 7 2,754 5.9 Go

    Scan for misconfigured S3 buckets across S3-compatible APIs!

    

    Project mention: Hacking misconfigured AWS S3 buckets: A complete guide | news.ycombinator.com | 2024-09-09

12. uncover

    10 3 2,598 8.7 Go

    Quickly discover exposed hosts on the internet using multiple search engines.

    

13. jaeles

    11 1 2,231 3.2 Go

    The Swiss Army knife for automated Web Application Testing

    

14. puredns

    12 4 1,864 2.5 Go

    Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

    

    Project mention: Recon v2: Um curto update sobre como estou mudando meu processo de recon | dev.to | 2025-02-09

15. cariddi

    13 7 1,668 8.6 Go

    Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

    

16. gotestwaf

    14 5 1,658 5.7 Go

    An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

    

17. urlhunter

    15 2 1,587 4.6 Go

    a recon tool that allows searching on URLs that are exposed via shortener services

    

18. metabigor

    16 1 1,322 6.4 Go

    OSINT tools and more but without API key

    

19. git-hound

    17 2 1,293 7.8 Go

    Recon tool leveraging GitHub Code Search API. Scans for exposed API keys across all of GitHub, not just known repos and orgs.

    

20. nomore403

    18 1 1,243 6.8 Go

    🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.

    

21. go-dork

    19 4 1,196 3.3 Go

    The fastest dork scanner written in Go.

    

22. scilla

    20 4 1,007 6.4 Go

    Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

    

23. CloudBrute

    21 1 1,004 2.7 Go

    Awesome cloud enumerator

    

    Project mention: ⛈️ Cloud Penetration Testing: A Practical Guide to Securing Your Cloud Infrastructure | dev.to | 2024-12-03

    # Clone and setup CloudBrute git clone https://github.com/0xsha/CloudBrute cd CloudBrute # Run a scan against a target domain ./CloudBrute -d target.com -k wordlist.txt -m storage -t 80

24. cent

    22 1 970 4.1 Go

    Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place (by xm1k3)

    

25. shortscan

    23 1 929 3.9 Go

    An IIS short filename enumeration tool

    

26. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Go Bugbounty related posts

• Ask HN: Is there a service that offers Common Crawl as an API?

  1 project | news.ycombinator.com | 9 May 2025

• Recon v2: Um curto update sobre como estou mudando meu processo de recon

  1 project | dev.to | 9 Feb 2025

• Subfinder: Fast passive subdomain enumeration tool

  1 project | news.ycombinator.com | 16 Jan 2025

• Wayurls

  1 project | news.ycombinator.com | 16 Nov 2024

• HTTP toolkit that allows running multiple probes

  1 project | news.ycombinator.com | 2 Apr 2024

• Uncover: Quickly find exposed hosts using multiple search engines

  1 project | news.ycombinator.com | 30 Dec 2023

• Exiflooter has released on Black Arch Linux

  1 project | news.ycombinator.com | 1 Dec 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 13 May 2025

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

www.influxdata.com

Do not miss the trending Go projects with our weekly report!