Top 23 Go Bugbounty Projects

Bugbounty

• Add a project

1. subfinder

   1 13 13,812 8.7 Go

   Fast passive subdomain enumeration tool.

   

   Project mention: When internal hostnames are leaked to the clown | news.ycombinator.com | 2026-02-04

   Much better. But you still leave traces from dns queries.

   Subfinder has a lot of sources to find subdomains, not only certs: https://github.com/projectdiscovery/subfinder

2. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

3. hetty

   2 3 10,136 5.2 Go

   An HTTP toolkit for security research.

   

4. httpx

   3 4 10,032 9.4 Go

   httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. (by projectdiscovery)

   

   Project mention: Simple Hacking Technique for Beginners (2025 Edition) | dev.to | 2025-12-08

   - [nuclei](https://github.com/projectdiscovery/nuclei): A fast and customizable vulnerability scanner based on simple YAML based DSL. - [nuclei-templates](https://github.com/projectdiscovery/nuclei-templates): Community curated list of templates for the nuclei engine to find security vulnerabilities. - [subfinder](https://github.com/projectdiscovery/subfinder): A fast passive subdomain enumeration tool leveraging dozens of APIs. - [httpx](https://github.com/projectdiscovery/httpx): A fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. - [cvemap](https://github.com/projectdiscovery/cvemap): A CLI to Navigate the CVE jungle with ease. - [katana](https://github.com/projectdiscovery/katana): A next-generation crawling and spidering framework. - [naabu](https://github.com/projectdiscovery/naabu): A fast port scanner written in go with a focus on reliability and simplicity.

5. osmedeus

   4 2 6,412 9.1 Go

   A Modern Orchestration Engine for Security

   

6. scan4all

   5 1 5,987 6.8 Go

   Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

   

7. hakrawler

   6 3 5,007 2.5 Go

   Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

   

8. interactsh

   7 9 4,370 9.1 Go

   An OOB interaction gathering server and client library

   

9. cariddi

   8 8 3,411 7.5 Go

   Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

   

10. OneListForAll

    9 1 3,166 3.6 Go

    Rockyou for web fuzzing

    

11. S3Scanner

    10 7 3,092 4.8 Go

    Scan for misconfigured S3 buckets across S3-compatible APIs!

    

12. uncover

    11 3 2,969 7.5 Go

    Quickly discover exposed hosts on the internet using multiple search engines.

    

13. jaeles

    12 1 2,336 3.2 Go

    The Swiss Army knife for automated Web Application Testing

    

14. puredns

    13 4 2,189 2.5 Go

    Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

    

15. nomore403

    14 1 1,789 6.0 Go

    🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.

    

16. gotestwaf

    15 5 1,789 6.0 Go

    An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

    

17. urlhunter

    16 2 1,677 4.6 Go

    a recon tool that allows searching on URLs that are exposed via shortener services

    

18. metabigor

    17 1 1,542 5.4 Go

    OSINT tools and more but without API key

    

19. git-hound

    18 2 1,427 7.2 Go

    Fast GitHub recon tool. Scans for leaked secrets across all of GitHub, not just known repos and orgs. Support for GitHub dorks.

    

20. go-dork

    19 4 1,280 3.3 Go

    The fastest dork scanner written in Go.

    

21. scilla

    20 4 1,236 5.3 Go

    Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

    

22. shortscan

    21 1 1,162 3.9 Go

    An IIS short filename enumeration tool

    

23. CloudBrute

    22 1 1,127 2.7 Go

    Awesome cloud enumerator

    

24. cent

    23 1 1,044 5.8 Go

    Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place (by xm1k3)

    

Go Bugbounty related posts

• Show HN: I made a tool to strip GPS and EXIF metadata from photos client-side

  1 project | news.ycombinator.com | 3 Jan 2026

• Simple Hacking Technique for Beginners (2025 Edition)

  13 projects | dev.to | 8 Dec 2025

• Show HN: ProjectDiscoverys Subfinder > Android App in <30M – Claude Code

  2 projects | news.ycombinator.com | 15 Oct 2025

• Crawl URLs and scan for endpoints, secrets, file extensions

  1 project | news.ycombinator.com | 9 Jun 2025

• Ask HN: Is there a service that offers Common Crawl as an API?

  1 project | news.ycombinator.com | 9 May 2025

• Recon v2: Um curto update sobre como estou mudando meu processo de recon

  1 project | dev.to | 9 Feb 2025

• Subfinder: Fast passive subdomain enumeration tool

  1 project | news.ycombinator.com | 16 Jan 2025
• A note from our sponsor - SaaSHub
  www.saashub.com | 13 Jun 2026

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Go projects with our weekly report!