InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →
Top 23 Go Infosec Projects
-
I utilized ffuf to enumerate directories since it's faster and also has great flags that can help you get the results you want. I discovered quite a number of directories that looked like normal stuff and un interesting. I then discovered one called "/system/ which seemed more interesting and fun to probe further. I fuzzed it, and then I discovered an endpoint "/system/auth" that allowed users to authenticate to the application via a login form, as shown below.
-
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
-
traitor
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
-
-
Project mention: Hacking misconfigured AWS S3 buckets: A complete guide | news.ycombinator.com | 2024-09-09
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
cariddi
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
-
-
-
-
Project mention: ⛈️ Cloud Penetration Testing: A Practical Guide to Securing Your Cloud Infrastructure | dev.to | 2024-12-03
# Clone and setup CloudBrute git clone https://github.com/0xsha/CloudBrute cd CloudBrute # Run a scan against a target domain ./CloudBrute -d target.com -k wordlist.txt -m storage -t 80
-
Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
-
wiretap
Wiretap is a transparent, VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.
-
-
-
ppmap
A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
-
BucketLoot
BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.
-
-
favirecon
Use favicons to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.
-
-
rpCheckup
rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Go Infosec discussion
Go Infosec related posts
-
Bug Bounty Hidden Treasures
-
How to Explore an Exposed .git
-
Active Directory ACL Visualizer and Explorer
-
Show HN: Pfuzz, a web fuzzer following the Unix philosophy
-
Fast web fuzzer written in Go
-
Threagile – Agile Threat Modeling Toolkit
-
Adalanche v2023.5.3 released
-
A note from our sponsor - InfluxDB
www.influxdata.com | 17 May 2025
Index
What are some of the best open-source Infosec projects in Go? This list will help you:
# | Project | Stars |
---|---|---|
1 | ffuf | 13,953 |
2 | hetty | 6,888 |
3 | traitor | 6,824 |
4 | Cameradar | 4,342 |
5 | S3Scanner | 2,767 |
6 | jaeles | 2,231 |
7 | Adalanche | 1,920 |
8 | cariddi | 1,668 |
9 | sx | 1,491 |
10 | metabigor | 1,322 |
11 | go-dork | 1,196 |
12 | CloudBrute | 1,004 |
13 | Open-Source-Security-Guide | 955 |
14 | wiretap | 943 |
15 | threagile | 666 |
16 | EDRHunt | 577 |
17 | ppmap | 502 |
18 | BucketLoot | 411 |
19 | lit-bb-hack-tools | 353 |
20 | favirecon | 210 |
21 | linx | 209 |
22 | rpCheckup | 160 |
23 | phatcrack | 138 |