Go Pentesting

Open-source Go projects categorized as Pentesting

Top 23 Go Pentesting Projects

  • ffuf

    Fast web fuzzer written in Go

  • Project mention: Show HN: Pfuzz, a web fuzzer following the Unix philosophy | news.ycombinator.com | 2024-01-21

    It seems to me like "fuzzing" has a different meaning in web application penetration testing. Here, "fuzzer" is a term for tools that just generate different request using wordlists, without adding any mutations. For example, the two popular web fuzzers ffuf [1] and wfuzz [2] also call themselves fuzzers.

    I see how reusing a term for a different concept is bothersome, but I feel like "fuzzer" is the term that people learning about bug bounty hunting are familiar with.

    [1] https://github.com/ffuf/ffuf

    [2] https://wfuzz.readthedocs.io/en/latest/

  • gobuster

    Directory/File, DNS and VHost busting tool written in Go

  • Project mention: I need GoBuster on my OpenSUSE VM | /r/openSUSE | 2023-06-11
  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • hetty

    An HTTP toolkit for security research.

  • osmedeus

    A Workflow Engine for Offensive Security

  • pspy

    Monitor linux processes without root permissions

  • Project mention: Ask HN: What's the big deal with Go (Golang)? | news.ycombinator.com | 2023-10-12

    * https://github.com/DominicBreuker/pspy

    When you deploy them they just work. Compare that to compiled C++ code you often face issues with the deployment in my experience. And production machines usually do not ship compilers.

  • hakrawler

    Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

  • Cameradar

    Cameradar hacks its way into RTSP videosurveillance cameras

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • Stowaway

    👻Stowaway -- Multi-hop Proxy Tool for pentesters

  • Project mention: Stowaway -- Multi-hop Proxy Tool for pentesters | /r/hacking | 2023-11-13
  • ligolo-ng

    An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

  • Project mention: Actual SSH over HTTPS | news.ycombinator.com | 2023-12-23

    I learned about chisel in PEN-200 / preparing for the OSCP.

    Then I learned about, Ligolo-ng [1] which is a game-changer. I highly recommend checking it out. It is most applicable to a penetration test. It uses TLS so I'm not sure it could be used to address the issue mentioned in the article.

    [1] https://github.com/nicocha30/ligolo-ng

  • ksubdomain

    无状态子域名爆破工具

  • ruler

    A tool to abuse Exchange services

  • Project mention: Office 365 email account with 2FA - Hacked. | /r/sysadmin | 2023-06-29

    Obviously I cannot tell you what happened from just a reddit post, but from what you wrote it seems that the attacker might have discovered your executive's password from some leak and modified the user's outlook rules through the (I assume) publicly exposed MAPI functionality. Even with MFA enabled you can still bypass it with tools like Ruler.

  • gitjacker

    🔪 :octocat: Leak git repositories from misconfigured websites

  • cariddi

    Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

  • metabigor

    OSINT tools and more but without API key

  • nomore403

    Tool to bypass 403/40X response codes.

  • pretender

    Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing. (by RedTeamPentesting)

  • reverse_ssh

    SSH based reverse shell

  • cent

    Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place (by xm1k3)

  • scilla

    Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

  • nmap-formatter

    A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot) or sqlite. Simply put it's nmap converter.

  • Project mention: NMAP-formatter: convert NMAP results to HTML, CSV, JSON, graphviz (dot), SQLite | news.ycombinator.com | 2024-01-26
  • firefly

    Black box fuzzer for web applications (by Brum3ns)

  • BucketLoot

    BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.

  • Project mention: Open source S3 bucket scanner for secrets and assets | news.ycombinator.com | 2023-10-11
  • KittyStager

    KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant, called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Go Pentesting related posts

  • Show HN: Pfuzz, a web fuzzer following the Unix philosophy

    6 projects | news.ycombinator.com | 21 Jan 2024
  • Fast web fuzzer written in Go

    1 project | news.ycombinator.com | 24 Dec 2023
  • Stowaway -- Multi-hop Proxy Tool for pentesters

    1 project | /r/hacking | 13 Nov 2023
  • Ask HN: What's the big deal with Go (Golang)?

    3 projects | news.ycombinator.com | 12 Oct 2023
  • Stowaway -- Multi-hop Proxy Tool for pentesters

    1 project | /r/cybersecurity | 11 Sep 2023
  • Office 365 email account with 2FA - Hacked.

    1 project | /r/sysadmin | 29 Jun 2023
  • Multi-hop proxy tool for pentesters XD

    1 project | /r/netsec | 12 Jun 2023
  • A note from our sponsor - InfluxDB
    www.influxdata.com | 25 May 2024
    Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

What are some of the best open-source Pentesting projects in Go? This list will help you:

Project Stars
1 ffuf 11,570
2 gobuster 9,080
3 hetty 5,906
4 osmedeus 5,119
5 pspy 4,510
6 hakrawler 4,257
7 Cameradar 3,913
8 Stowaway 2,434
9 ligolo-ng 2,221
10 ksubdomain 2,086
11 ruler 2,095
12 gitjacker 1,529
13 cariddi 1,373
14 metabigor 1,151
15 nomore403 974
16 pretender 911
17 reverse_ssh 833
18 cent 791
19 scilla 751
20 nmap-formatter 613
21 firefly 379
22 BucketLoot 343
23 KittyStager 204

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com