Top 23 Go Bugbounty Projects

• subfinder

  4 7,613 9.2 Go

  Fast passive subdomain enumeration tool.

  

  Project mention: Subdomain enumeration. | reddit.com/r/bugbounty | 2023-03-21

  Subfinder

• hetty

  1 5,240 0.0 Go

  An HTTP toolkit for security research.

  Project mention: Hetty - An http toolkit for security research. | reddit.com/r/github_trends | 2022-08-12

• ONLYOFFICE

  www.onlyoffice.com

  sponsored

  ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises

  

• httpx

  2 5,144 8.9 Go

  httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. (by projectdiscovery)

  

  Project mention: 5 Awesome Go Projects To Know Before You Die | reddit.com/r/golang | 2023-05-05

  Httpx: https://github.com/projectdiscovery/httpx

• osmedeus

  1 4,452 7.4 Go

  A Workflow Engine for Offensive Security

  Project mention: osmedeus - workflow engine for network osint | reddit.com/r/OSINT | 2023-03-25

• hakrawler

  2 3,745 0.0 Go

  Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

  Project mention: Find all src img on a public website? | reddit.com/r/webdev | 2023-01-26

  This week i have used https://github.com/hakluke/hakrawler and I think it meets youre requirements.

• scan4all

  1 3,592 9.3 Go

  Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

  Project mention: GitHub - hktalent/scan4all: Vulnerabilities Scan: 15000+PoCs; 20 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty... | reddit.com/r/devopsish | 2022-07-31

• dalfox

  1 2,562 5.8 Go

  🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

  Project mention: xss waf bypass | reddit.com/r/hacking | 2022-07-24

  Dalfox is great: https://github.com/hahwul/dalfox

• CodiumAI

  codium.ai

  sponsored

  TestGPT | Generating meaningful tests for busy devs. Get non-trivial tests (and trivial, too!) suggested right inside your IDE, so you can code smart, create more value, and stay confident when you push.

  

• jaeles

  0 1,839 2.6 Go

  The Swiss Army knife for automated Web Application Testing

  

• urlhunter

  0 1,351 0.0 Go

  a recon tool that allows searching on URLs that are exposed via shortener services

• puredns

  1 1,256 0.0 Go

  Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

  Project mention: Tools for subdomain brute forcing | reddit.com/r/hacking | 2022-12-13

• gotestwaf

  3 1,161 9.3 Go

  An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

  

  Project mention: Open Source Pentest Tool - GoTestWAF (Need Feedback) | reddit.com/r/cybersecurity | 2022-12-08

  Hi guys! On Blackhat Arsenal 2022 I saw this tool: https://github.com/wallarm/gotestwaf

• cariddi

  6 913 4.5 Go

  Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

  Project mention: cariddi v1.3.1 is out🥳 | reddit.com/r/opensource | 2023-03-24

  cariddi is an open source (https://github.com/edoardottt/cariddi) web security tool. It takes as input a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.

• metabigor

  1 913 10.0 Go

  OSINT tools and more but without API ke

  Project mention: Metabigor - An Intelligence tool, its goal is to do OSINT tasks and more but without any API key. | reddit.com/r/CKsTechNews | 2023-03-30

• go-dork

  0 790 0.0 Go

  The fastest dork scanner written in Go.

• dontgo403

  1 628 5.3 Go

  Tool to bypass 40X response codes.

  Project mention: Bypassing 403 Forbidden | reddit.com/r/hacking | 2022-06-28

• scilla

  1 608 0.0 Go

  Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

  Project mention: Cariddi (tool) - Recon + Info disclosure | reddit.com/r/hacking | 2022-07-31

• cent

  1 557 10.0 Go

  Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place (by xm1k3)

  Project mention: cent: Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place | reddit.com/r/blueteamsec | 2022-11-26

• MobileHackersWeapons

  0 507 1.3 Go

  Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

• socialhunter

  0 423 0.0 Go

  crawls the website and finds broken social media links that can be hijacked

• ppmap

  0 404 2.1 Go

  A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

• exifLooter

  20 311 7.3 Go

  ExifLooter finds geolocation on all image urls and directories also integrates with OpenStreetMap

  Project mention: Canthide finds All Locations by looking at a given Social Media account using AI and Exif Metadata. | reddit.com/r/coolgithubprojects | 2022-09-05

  I use ExifLooter by aydinnyunus to analyse metadata : https://github.com/aydinnyunus/exifLooter

• xurlfind3r

  0 296 0.0 Go

  A CLI utility to find domain's known URLs passively from AlienVault's Open Threat Exchange, Common Crawl, Github, Intelligence X, URLScan, and the Wayback Machine.

  

• hijagger

  1 253 5.5 Go

  Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration

  Project mention: hijagger: Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration | reddit.com/r/netsec | 2022-07-11

• SonarQube

  www.sonarqube.org

  sponsored

  Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  

Go Bugbounty related posts

• I built an open-source cloud security tool
  1 project | reddit.com/r/webdev | 2 Apr 2023
• Open-source Cloud Security Platform
  1 project | reddit.com/r/programming | 30 Mar 2023
• Open-source CSPM -- PoLP
  1 project | reddit.com/r/cloudsecurity | 30 Mar 2023
• I'm building an open-source cloud security platform!
  1 project | reddit.com/r/github | 30 Mar 2023
• ZeusCloud
  1 project | reddit.com/r/devopspro | 30 Mar 2023
• ZeusCloud – an open source cloud security platform
  2 projects | news.ycombinator.com | 28 Mar 2023
• cariddi v1.3.1 is out🥳
  1 project | reddit.com/r/opensource | 24 Mar 2023
• A note from our sponsor - ONLYOFFICE
  www.onlyoffice.com | 28 May 2023

  Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises Learn more →

Index

Sponsored

Access the most powerful time series database as a service

Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.

www.influxdata.com

Do not miss the trending Go projects with our weekly report!