Top 23 Go Infosec Projects

Infosec

• Add a project

1. ffuf

   1 20 13,953 3.2 Go

   Fast web fuzzer written in Go

   

   Project mention: Bug Bounty Hidden Treasures | dev.to | 2025-03-26

   I utilized ffuf to enumerate directories since it's faster and also has great flags that can help you get the results you want. I discovered quite a number of directories that looked like normal stuff and un interesting. I then discovered one called "/system/ which seemed more interesting and fun to probe further. I fuzzed it, and then I discovered an endpoint "/system/auth" that allowed users to authenticate to the application via a login form, as shown below.

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. hetty

   2 3 6,888 5.2 Go

   An HTTP toolkit for security research.

   

4. traitor

   3 17 6,824 0.0 Go

   :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

   

5. Cameradar

   4 3 4,342 3.0 Go

   Cameradar hacks its way into RTSP videosurveillance cameras

   

6. S3Scanner

   5 7 2,767 5.1 Go

   Scan for misconfigured S3 buckets across S3-compatible APIs!

   

   Project mention: Hacking misconfigured AWS S3 buckets: A complete guide | news.ycombinator.com | 2024-09-09

7. jaeles

   6 1 2,231 3.2 Go

   The Swiss Army knife for automated Web Application Testing

   

8. Adalanche

   7 17 1,920 9.3 Go

   Attack Graph Visualizer and Explorer (Active Directory) ...Who's *really* Domain Admin?

   

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. cariddi

    8 7 1,668 8.6 Go

    Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

    

11. sx

    9 7 1,491 0.0 Go

    :vulcan_salute: Fast, modern, easy-to-use network scanner

    

12. metabigor

    10 1 1,322 6.4 Go

    OSINT tools and more but without API key

    

13. go-dork

    11 4 1,196 3.3 Go

    The fastest dork scanner written in Go.

    

14. CloudBrute

    12 1 1,004 2.7 Go

    Awesome cloud enumerator

    

    Project mention: ⛈️ Cloud Penetration Testing: A Practical Guide to Securing Your Cloud Infrastructure | dev.to | 2024-12-03

    # Clone and setup CloudBrute git clone https://github.com/0xsha/CloudBrute cd CloudBrute # Run a scan against a target domain ./CloudBrute -d target.com -k wordlist.txt -m storage -t 80

15. Open-Source-Security-Guide

    13 23 955 6.4 Go

    Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

    

16. wiretap

    14 7 943 6.3 Go

    Wiretap is a transparent, VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.

    

17. threagile

    15 5 666 9.0 Go

    Agile Threat Modeling Toolkit

    

18. EDRHunt

    16 2 577 3.1 Go

    Scan installed EDRs and AVs on Windows

    

19. ppmap

    17 3 502 0.0 Go

    A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

    

20. BucketLoot

    18 3 411 4.2 Go

    BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.

    

21. lit-bb-hack-tools

    19 1 353 4.9 Go

    Little Bug Bounty & Hacking Tools⚔️

    

22. favirecon

    20 8 210 9.0 Go

    Use favicons to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.

    

23. linx

    21 5 209 5.2 Go

    Reveals invisible links within JavaScript files

    

24. rpCheckup

    22 7 160 0.0 Go

    rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.

    

25. phatcrack

    23 1 138 9.2 Go

    Modern web-based distributed hashcracking solution, built on hashcat

    

26. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Go Infosec related posts

• Bug Bounty Hidden Treasures

  1 project | dev.to | 26 Mar 2025

• How to Explore an Exposed .git

  1 project | dev.to | 22 Aug 2024

• Active Directory ACL Visualizer and Explorer

  1 project | news.ycombinator.com | 30 Jan 2024

• Show HN: Pfuzz, a web fuzzer following the Unix philosophy

  6 projects | news.ycombinator.com | 21 Jan 2024

• Fast web fuzzer written in Go

  1 project | news.ycombinator.com | 24 Dec 2023

• Threagile – Agile Threat Modeling Toolkit

  1 project | news.ycombinator.com | 17 Nov 2023

• Adalanche v2023.5.3 released

  1 project | /r/activedirectory | 3 May 2023
• A note from our sponsor - InfluxDB
  www.influxdata.com | 17 May 2025

  InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →

Index

Sponsored

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

www.influxdata.com

Do not miss the trending Go projects with our weekly report!