Go Infosec

Open-source Go projects categorized as Infosec

Top 23 Go Infosec Projects

  • ffuf

    Fast web fuzzer written in Go

    Project mention: Show HN: Pfuzz, a web fuzzer following the Unix philosophy | news.ycombinator.com | 2024-01-21

    It seems to me like "fuzzing" has a different meaning in web application penetration testing. Here, "fuzzer" is a term for tools that just generate different request using wordlists, without adding any mutations. For example, the two popular web fuzzers ffuf [1] and wfuzz [2] also call themselves fuzzers.

    I see how reusing a term for a different concept is bothersome, but I feel like "fuzzer" is the term that people learning about bug bounty hunting are familiar with.

    [1] https://github.com/ffuf/ffuf

    [2] https://wfuzz.readthedocs.io/en/latest/

  • traitor

    :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

    Project mention: Traitor – Automatic Linux privesc via exploitation of low-hanging fruits | news.ycombinator.com | 2023-06-12
  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • hetty

    An HTTP toolkit for security research.

  • Cameradar

    Cameradar hacks its way into RTSP videosurveillance cameras

    Project mention: Hacking ip cameras | /r/Hacking_Tutorials | 2023-04-29

    You might want to try this tool https://github.com/Ullaakut/cameradar , as most of the webcams are based on RTSP( Real-Time Streaming Protocol ) protocol.

  • S3Scanner

    Scan for misconfigured S3 buckets across S3-compatible APIs!

  • jaeles

    The Swiss Army knife for automated Web Application Testing

  • Adalanche

    Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)

    Project mention: Active Directory ACL Visualizer and Explorer | news.ycombinator.com | 2024-01-30
  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • sx

    :vulcan_salute: Fast, modern, easy-to-use network scanner

  • cariddi

    Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

  • metabigor

    OSINT tools and more but without API key

    Project mention: Metabigor - An Intelligence tool, its goal is to do OSINT tasks and more but without any API key. | /r/CKsTechNews | 2023-03-30
  • go-dork

    The fastest dork scanner written in Go.

  • Open-Source-Security-Guide

    Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

  • wiretap

    Wiretap is a transparent, VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.

  • threagile

    Agile Threat Modeling Toolkit

    Project mention: Threagile – Agile Threat Modeling Toolkit | news.ycombinator.com | 2023-11-17
  • EDRHunt

    Scan installed EDRs and AVs on Windows

  • ppmap

    A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

  • BucketLoot

    BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.

    Project mention: Open source S3 bucket scanner for secrets and assets | news.ycombinator.com | 2023-10-11
  • lit-bb-hack-tools

    Little Bug Bounty & Hacking Tools⚔️

  • linx

    Reveals invisible links within JavaScript files

  • rpCheckup

    rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.

  • favirecon

    Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.

  • notionterm

    🖥️📖 Embed reverse shell in Notion pages

  • sgCheckup

    sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-01-30.

Go Infosec related posts

Index

What are some of the best open-source Infosec projects in Go? This list will help you:

Project Stars
1 ffuf 11,264
2 traitor 6,474
3 hetty 5,906
4 Cameradar 3,849
5 S3Scanner 2,352
6 jaeles 2,055
7 Adalanche 1,473
8 sx 1,402
9 cariddi 1,327
10 metabigor 1,131
11 go-dork 958
12 Open-Source-Security-Guide 832
13 wiretap 752
14 threagile 551
15 EDRHunt 543
16 ppmap 446
17 BucketLoot 325
18 lit-bb-hack-tools 302
19 linx 196
20 rpCheckup 158
21 favirecon 158
22 notionterm 121
23 sgCheckup 82
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com