Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 Go Pentesting Projects
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
hakrawler
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
-
-
cariddi
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
-
pretender
Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing. (by RedTeamPentesting)
-
cent
Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place (by xm1k3)
-
nmap-formatter
A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot) or sqlite. Simply put it's nmap converter.
-
BucketLoot
BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.
-
KittyStager
KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant, called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Show HN: Pfuzz, a web fuzzer following the Unix philosophy | news.ycombinator.com | 2024-01-21It seems to me like "fuzzing" has a different meaning in web application penetration testing. Here, "fuzzer" is a term for tools that just generate different request using wordlists, without adding any mutations. For example, the two popular web fuzzers ffuf [1] and wfuzz [2] also call themselves fuzzers.
I see how reusing a term for a different concept is bothersome, but I feel like "fuzzer" is the term that people learning about bug bounty hunting are familiar with.
[1] https://github.com/ffuf/ffuf
[2] https://wfuzz.readthedocs.io/en/latest/
* https://github.com/DominicBreuker/pspy
When you deploy them they just work. Compare that to compiled C++ code you often face issues with the deployment in my experience. And production machines usually do not ship compilers.
I learned about chisel in PEN-200 / preparing for the OSCP.
Then I learned about, Ligolo-ng [1] which is a game-changer. I highly recommend checking it out. It is most applicable to a penetration test. It uses TLS so I'm not sure it could be used to address the issue mentioned in the article.
[1] https://github.com/nicocha30/ligolo-ng
Obviously I cannot tell you what happened from just a reddit post, but from what you wrote it seems that the attacker might have discovered your executive's password from some leak and modified the user's outlook rules through the (I assume) publicly exposed MAPI functionality. Even with MFA enabled you can still bypass it with tools like Ruler.
Project mention: NMAP-formatter: convert NMAP results to HTML, CSV, JSON, graphviz (dot), SQLite | news.ycombinator.com | 2024-01-26
Project mention: Open source S3 bucket scanner for secrets and assets | news.ycombinator.com | 2023-10-11
Project mention: KittyStager: KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant, called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode. | /r/blueteamsec | 2023-05-25
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
Go Pentesting related posts
-
Show HN: Pfuzz, a web fuzzer following the Unix philosophy
-
Fast web fuzzer written in Go
-
Stowaway -- Multi-hop Proxy Tool for pentesters
-
Ask HN: What's the big deal with Go (Golang)?
-
Stowaway -- Multi-hop Proxy Tool for pentesters
-
Office 365 email account with 2FA - Hacked.
-
Multi-hop proxy tool for pentesters XD
-
A note from our sponsor - InfluxDB
www.influxdata.com | 5 May 2024
Index
What are some of the best open-source Pentesting projects in Go? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | ffuf | 11,444 |
| 2 | gobuster | 9,019 |
| 3 | hetty | 5,906 |
| 4 | osmedeus | 5,090 |
| 5 | pspy | 4,510 |
| 6 | hakrawler | 4,236 |
| 7 | Cameradar | 3,891 |
| 8 | Stowaway | 2,417 |
| 9 | ligolo-ng | 2,160 |
| 10 | ksubdomain | 2,086 |
| 11 | ruler | 2,032 |
| 12 | gitjacker | 1,529 |
| 13 | cariddi | 1,352 |
| 14 | metabigor | 1,141 |
| 15 | nomore403 | 954 |
| 16 | pretender | 903 |
| 17 | reverse_ssh | 819 |
| 18 | cent | 775 |
| 19 | scilla | 746 |
| 20 | nmap-formatter | 602 |
| 21 | firefly | 371 |
| 22 | BucketLoot | 335 |
| 23 | KittyStager | 201 |
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com