Go Infosec

Open-source Go projects categorized as Infosec

Top 23 Go Infosec Projects

  1. ffuf

    Fast web fuzzer written in Go

    Project mention: Bug Bounty Hidden Treasures | dev.to | 2025-03-26

    I utilized ffuf to enumerate directories since it's faster and also has great flags that can help you get the results you want. I discovered quite a number of directories that looked like normal stuff and un interesting. I then discovered one called "/system/ which seemed more interesting and fun to probe further. I fuzzed it, and then I discovered an endpoint "/system/auth" that allowed users to authenticate to the application via a login form, as shown below.

  2. InfluxDB

    InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

    InfluxDB logo
  3. hetty

    An HTTP toolkit for security research.

  4. traitor

    :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

  5. Cameradar

    Cameradar hacks its way into RTSP videosurveillance cameras

  6. S3Scanner

    Scan for misconfigured S3 buckets across S3-compatible APIs!

    Project mention: Hacking misconfigured AWS S3 buckets: A complete guide | news.ycombinator.com | 2024-09-09
  7. jaeles

    The Swiss Army knife for automated Web Application Testing

  8. Adalanche

    Attack Graph Visualizer and Explorer (Active Directory) ...Who's *really* Domain Admin?

  9. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  10. cariddi

    Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

  11. sx

    :vulcan_salute: Fast, modern, easy-to-use network scanner

  12. metabigor

    OSINT tools and more but without API key

  13. go-dork

    The fastest dork scanner written in Go.

  14. CloudBrute

    Awesome cloud enumerator

    Project mention: ⛈️ Cloud Penetration Testing: A Practical Guide to Securing Your Cloud Infrastructure | dev.to | 2024-12-03

    # Clone and setup CloudBrute git clone https://github.com/0xsha/CloudBrute cd CloudBrute # Run a scan against a target domain ./CloudBrute -d target.com -k wordlist.txt -m storage -t 80

  15. Open-Source-Security-Guide

    Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

  16. wiretap

    Wiretap is a transparent, VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.

  17. threagile

    Agile Threat Modeling Toolkit

  18. EDRHunt

    Scan installed EDRs and AVs on Windows

  19. ppmap

    A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

  20. BucketLoot

    BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.

  21. lit-bb-hack-tools

    Little Bug Bounty & Hacking Tools⚔️

  22. favirecon

    Use favicons to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.

  23. linx

    Reveals invisible links within JavaScript files

  24. rpCheckup

    rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.

  25. phatcrack

    Modern web-based distributed hashcracking solution, built on hashcat

  26. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Go Infosec discussion

Log in or Post with

Go Infosec related posts

  • Bug Bounty Hidden Treasures

    1 project | dev.to | 26 Mar 2025
  • How to Explore an Exposed .git

    1 project | dev.to | 22 Aug 2024
  • Active Directory ACL Visualizer and Explorer

    1 project | news.ycombinator.com | 30 Jan 2024
  • Show HN: Pfuzz, a web fuzzer following the Unix philosophy

    6 projects | news.ycombinator.com | 21 Jan 2024
  • Fast web fuzzer written in Go

    1 project | news.ycombinator.com | 24 Dec 2023
  • Threagile – Agile Threat Modeling Toolkit

    1 project | news.ycombinator.com | 17 Nov 2023
  • Adalanche v2023.5.3 released

    1 project | /r/activedirectory | 3 May 2023
  • A note from our sponsor - InfluxDB
    www.influxdata.com | 17 May 2025
    InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →

Index

What are some of the best open-source Infosec projects in Go? This list will help you:

# Project Stars
1 ffuf 13,953
2 hetty 6,888
3 traitor 6,824
4 Cameradar 4,342
5 S3Scanner 2,767
6 jaeles 2,231
7 Adalanche 1,920
8 cariddi 1,668
9 sx 1,491
10 metabigor 1,322
11 go-dork 1,196
12 CloudBrute 1,004
13 Open-Source-Security-Guide 955
14 wiretap 943
15 threagile 666
16 EDRHunt 577
17 ppmap 502
18 BucketLoot 411
19 lit-bb-hack-tools 353
20 favirecon 210
21 linx 209
22 rpCheckup 160
23 phatcrack 138

Sponsored
InfluxDB – Built for High-Performance Time Series Workloads
InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
www.influxdata.com

Did you know that Go is
the 4th most popular programming language
based on number of references?