Top 23 Go Pentesting Projects

Pentesting

• Add a project

1. ffuf

   1 20 13,743 2.4 Go

   Fast web fuzzer written in Go

   

   Project mention: Bug Bounty Hidden Treasures | dev.to | 2025-03-26

   I utilized ffuf to enumerate directories since it's faster and also has great flags that can help you get the results you want. I discovered quite a number of directories that looked like normal stuff and un interesting. I then discovered one called "/system/ which seemed more interesting and fun to probe further. I fuzzed it, and then I discovered an endpoint "/system/auth" that allowed users to authenticate to the application via a login form, as shown below.

2. CodeRabbit

   coderabbit.ai featured

   CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

   

3. gobuster

   2 15 11,361 0.0 Go

   Directory/File, DNS and VHost busting tool written in Go

   

   Project mention: Ask HN: How to find subdomains and paths for a website | news.ycombinator.com | 2024-06-01

   Are you looking for something like Gobuster?

   https://github.com/OJ/gobuster

4. hetty

   3 3 6,840 5.2 Go

   An HTTP toolkit for security research.

   

5. osmedeus

   4 2 5,549 4.1 Go

   A Workflow Engine for Offensive Security

   

6. pspy

   5 8 5,346 0.0 Go

   Monitor linux processes without root permissions

   

7. hakrawler

   6 3 4,641 2.5 Go

   Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

   

8. Cameradar

   7 3 4,291 3.0 Go

   Cameradar hacks its way into RTSP videosurveillance cameras

   

9. InfluxDB

   influxdata.com featured

   InfluxDB high-performance time series database. Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems.

   

10. ligolo-ng

    8 5 3,344 6.7 Go

    An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

    

11. Stowaway

    9 33 2,978 6.7 Go

    👻Stowaway -- Multi-hop Proxy Tool for pentesters

    

12. ksubdomain

    10 1 2,289 0.0 Go

    无状态子域名爆破工具

    

13. ruler

    11 2 2,220 4.8 Go

    A tool to abuse Exchange services

    

14. cariddi

    12 7 1,643 8.6 Go

    Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

    

15. gitjacker

    13 1 1,563 0.0 Go

    🔪 :octocat: Leak git repositories from misconfigured websites

    

16. metabigor

    14 1 1,317 6.4 Go

    OSINT tools and more but without API key

    

17. nomore403

    15 1 1,231 6.8 Go

    Tool to bypass 403/40X response codes.

    

18. pretender

    16 1 1,088 7.4 Go

    Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing. (by RedTeamPentesting)

    

19. reverse_ssh

    17 3 1,064 9.1 Go

    SSH based reverse shell

    

    Project mention: Reverse SSH – Have your SSH daemon connect back to you | news.ycombinator.com | 2024-05-29

20. scilla

    18 4 1,006 6.6 Go

    Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

    

21. CloudBrute

    19 1 999 2.7 Go

    Awesome cloud enumerator

    

    Project mention: ⛈️ Cloud Penetration Testing: A Practical Guide to Securing Your Cloud Infrastructure | dev.to | 2024-12-03

    # Clone and setup CloudBrute git clone https://github.com/0xsha/CloudBrute cd CloudBrute # Run a scan against a target domain ./CloudBrute -d target.com -k wordlist.txt -m storage -t 80

22. cent

    20 1 972 3.8 Go

    Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place (by xm1k3)

    

23. gosearch

    21 1 958 9.7 Go

    🔍 Search anyone's digital footprint across 300+ websites (by ibnaleem)

    

    Project mention: Show HN: Osint tool for searching people's digital footprint | news.ycombinator.com | 2025-01-11

24. shortscan

    22 1 910 3.9 Go

    An IIS short filename enumeration tool

    

25. nmap-formatter

    23 1 677 5.9 Go

    A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot), sqlite, excel and d2-lang. Simply put it's nmap converter.

    

26. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Go Pentesting related posts

• Bug Bounty Hidden Treasures

  1 project | dev.to | 26 Mar 2025

• How to Explore an Exposed .git

  1 project | dev.to | 22 Aug 2024

• Ask HN: How to find subdomains and paths for a website

  3 projects | news.ycombinator.com | 1 Jun 2024

• Show HN: Pfuzz, a web fuzzer following the Unix philosophy

  6 projects | news.ycombinator.com | 21 Jan 2024

• Fast web fuzzer written in Go

  1 project | news.ycombinator.com | 24 Dec 2023

• Stowaway -- Multi-hop Proxy Tool for pentesters

  1 project | /r/hacking | 13 Nov 2023

• Ask HN: What's the big deal with Go (Golang)?

  3 projects | news.ycombinator.com | 12 Oct 2023
• A note from our sponsor - InfluxDB
  influxdata.com | 17 Apr 2025

  Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems. Learn more →

Index

Sponsored

CodeRabbit: AI Code Reviews for Developers

Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

coderabbit.ai

Do not miss the trending Go projects with our weekly report!