151 Resources
Golang cve-scanner Libraries
🔎 scan the internet to find "private" proxies.
🔎 scan the internet to find "private" proxies. 🧠 HTTP/SOCKS4/SOCKS5 Proxies. 📌 Installation: - sudo apt-get install git zmap golang
Scan systems and docker images for potential spring4shell vulnerabilities.
Scan systems and docker images for potential spring4shell vulnerabilities. Will detect in-depth (layered archives jar/zip/tar/war and scans for vulnerable Spring4shell versions. Binaries for Windows, Linux and OsX, but can be build on each platform supported by supported Golang.
Simple webhook to block exploitation of CVE-2022-0811
webhook-cve-2022-0811 This is a really simple webhook that just blocks pod creation if malicious sysctl values are configured. Build go test CGO_ENABL
Vulnerability scanner for Spring4Shell (CVE-2022-22965)
go-scan-spring Vulnerability scanner to find Spring4Shell (CVE-2022-22965) vulnerabilities For more information: https://www.fracturelabs.com/posts/ef
A golang based exp for CVE-2021-4034 dubbed pwnkit (more features added......)
PwnKit-go-LPE (CVE-2021-4034) A golang based exp for CVE-2021-4034 dubbed pwnkit @@@@@@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@@
GONET-Scanner - Golang network scanner with arp discovery and own parser
GO/NET Scanner ScreenShots Install chmod +x install.sh ./install.sh [as root] U
Search running process for a given dll/function. Exposes a bufio.Scanner-like interface for walking a process' PEB
Search running process for a given dll/function. Exposes a bufio.Scanner-like interface for walking a process' PEB
Crimson prober - Asynchronous TCP scanner through SOCKS5 proxies
Crimson Prober v1 Alpha version of Asynchronous TCP scanner through SOCKS5 proxi
A pure-Go implementation of the CVE-2021-4034 PwnKit exploit
go-PwnKit A pure-Go implementation of the CVE-2021-4034 PwnKit exploit. Installation git clone [email protected]:OXDBXKXO/go-PwnKit.git cd go-PwnKit make
This project is mostly a fancy wrapper around the Extract Table (github) API
Knockout-City-Stat-Scanner Credits This project is mostly a fancy wrapper around the Extract Table (github) API, they did all the heavy lifting here a
A Minecraft scanner written in Golang (first Golang project)
__ __/ \__ Gothyc A Minecraft port scanner written in Go. 🐹 / \__/ \__ \__/ \__/ \ Version 0.3.0 \__/ \__/ Author @toas
The fastest dork scanner written in Go.
go-dork The fastest dork scanner written in Go. There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yaho
Pwnkit-go - Exploit for the PwnKit vulnerability, CVE-2021-4034, written in Go
Pwnkit-go This is a working exploit for the pwnkit vulnerability, CVE-2021-4034,
GoScan is a port-scanner made entirely in Go-lang. The purpose of the tool is to be fast, dynamic and simple so that a professional in the CyberSecurity area can make an optimized list of ports
🦫 GoScan GoScan is a port-scanner made entirely in Go-lang. The purpose of the tool is to be fast, dynamic and simple so that a professional in the C
CVE-2021-4034 - A Golang implementation of clubby789's implementation of CVE-2021-4034
CVE-2021-4034 January 25, 2022 | An00bRektn This is a golang implementation of C
Poc-cve-2021-4034 - PoC for CVE-2021-4034 dubbed pwnkit
poc-cve-2021-4034 PoC for CVE-2021-4034 dubbed pwnkit Compile exploit.go go buil
Go-basic-port-scanner: Scanning of TCP ports only
go-basic-port-scanner Scanning of TCP ports only. Usage git clone https://git
Finds an identifiable hash value for each version of GitLab vulnerable to CVE-2021-22205
Finds an identifiable hash value for each version of GitLab vulnerable to CVE-2021-22205
Integrate Snyk into Harbor
Harbor Snyk Scanner Harbor Snyk Scanner is a scanner adaptor for Harbor to integrate scan results from Snyk. The project is currently work in progress
Openstack Invalid HTTPS Cert Scanner
Openstack Invalid HTTPS Cert Scanner Scans all OpenStack API endpoints in a given catalog and warns about legacy HTTPS certificates that do not list t
🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URL and Role.
Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URL and Role. URLs and Roles are managed as YAML-based
A multi-pass compiler written in Go comprised of scanner, recursive-descent parser, generation of AST, intermediate representation (ILOC), and code generation (Armv8).
GoLite Project - Go Huskies! This is a project conducted and led in the course MPCS 51300 Compilers at the University of Chicago. In a group of two, w
A quick and dirty concurrent Golang-based port scanner
go-scan-ports A quick and dirty concurrent Golang-based port scanner, this will scan ports 1 through 1024 Usage: Requires 1 command line argument of U
Gbu-scanner - Go Blog Updates (Scanner service)
Go Blog Updates - Scanner This service scans go blog (go.dev) and publishes new posts to message broker (rabbitmq). It uses mongodb as a storage for a
A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
log4jscanner A log4j vulnerability filesystem scanner and Go package for analyzing JAR files. Command line tool This project includes a scanner that w
Network Port Scanner created with Go language
Golang Network Port Scanner Simple command line tool to scan network ports. Command line tool was done as part of technical interview and as example f
A vulnerability scanner for container images and filesystems
A vulnerability scanner for container images and filesystems. Easily install the
Discover and remediate Log4Shell vulnerability [CVE-2021-45105]
sakuraji_log4j This tool is used to discover and remedidate the Log4Shell vulnerability [CVE-2021-45105] by removing the 'JndiLookup.class' file from
A Smart Log4Shell/Log4j/CVE-2021-44228 Scanner
Log4Shell Sentinel - A Smart CVE-2021-44228 Scanner Introduction While there have some excellent tools released to help organizations scan their envir
Detect and fix log4j log4shell vulnerability (CVE-2021-44228)
log4fix This tool is to detect and fix the log4j log4shell vulnerability (CVE-2021-44228) by looking and removing the JndiLookup class from .jar/.war/
Log4j-scanner tools - Support for multiple scan method
Log4j-scanner URL mode (fuzzing url with header, payload) go run . url -h Usage
Yet another log4j vulnerability scanner
k-amon-k - Yet another log4j scanner Quick-n-Dirty installation Assuming you hav
log4jshell vulnerability scanner for bug bounty
log4shell-looker a log4jshell vulnerability scanner for bug bounty (Written in G
A Log4J Version 2 Detector written in golang
Installation From source: go install github.com/juergenhoetzel/log4j2go/cmd/log4
Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228)
Look4jar Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228) Objectives It differs from some other tools that scan for vulnerable remote
A simple port scanner script.
A-simple-port-scanner Description: A basic port scanner which checks if a port is opened, closed, or filtered. This scanner can be improved in many wa
Check and exploit log4j2 vulnerability with single Go program.
Log4Shell Check and exploit log4j2 vulnerability with single Go program. You don't need to install anything except develop it. It supports ldaps and h
Ugly Duckling is a lightweight scanner built specifically for our Crowdsource community to submit proof-of-concept modules
ugly-duckling What It Is ugly-duckling is a very basic (and currently alpha-quality) vulnerability scanner built by the reasearch team at Detectify. I
sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.
sgCheckup - Check your Security Groups for Unexpected Open Ports & Generate nmap Output sgCheckup is a tool to scan your AWS Security Groups for a com
Tools for remediating the recent log4j2 RCE vulnerability (CVE-2021-44228)
log4j-remediation-tools Tools for finding and reproducing the CVE-2021-44228 log4j2 vulnerability Tools find-vulnerabilities: determine heuristically
A scanning tool to check if the system is vuln and report it to the log4j-collector
log4j-scanner A scanning tool to check if the system is vuln and report it to the log4j-collector which will display the data at the log4j-collector-f
A scanner similar to bufio.Scanner, but it reads and returns lines in reverse order, starting at a given position and going backward.
backscanner Ever needed or wondered how to efficiently search for something in a log file, but starting at the end and going backward? Here's your sol
Snugger is a light weight but fast network recon scanner that is written from pure golang
Snugger is a light weight but fast network recon scanner that is written from pure golang. with this scann you can ARP your network, port scan hosts and host lists, as well as scan for BSSId
Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam
Minecraft Log4j Honeypot This honeypots runs fake Minecraft server (1.7.2 - 1.16.5 without snapshots) waiting to be exploited. Payload classes are sav
A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
LogMePwn A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability. With enough amo
Just simple log4j scanner With Golang
Summary Yesterdy which is Decemeber 12, 2021. One of my friend send me a message on twitter that he want me to write a script that brute force list of
Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228
log4shell.tools log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j:
Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability (CVE-2021-44228)
scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability CVE-2021-4
Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS
log4j-scanner Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS. Example Usage Usage .\log4j-scanner.exe Terminal is used to output resul
Dockerized Go app for testing the CVE-2021-44228 vulnerability
docker-log4shell Simple Go app / Docker image for playing with the CVE-2021-44228 vulnerability. Hosts a simple file server and an ldap server that pr
Divd 2021 00038 log4j scanner
divd-2021-00038--log4j-scanner This scanner will recursively scan paths including archives for vulnerable log4j versions and org/apache/logging/log4j/
Simple local scanner for vulnerable log4j instances
Simple local log4j vulnerability scanner (Written in Go because, you know, "write once, run anywhere.") This is a simple tool that can be used to find
A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.
jndi-ldap-test-server This is a minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2
Scans files for .jars potentially vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths inside the .jar.
log4shelldetect Scans a file or folder recursively for jar files that may be vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths in
PoC for CVE-2021-41277
CVE-2021-41277 PoC Metabase is an open source data analytics platform. Local File Inclusion issue has been discovered in some versions of metabase. He
A small server for verifing if a given java program is succeptibel to CVE-2021-44228
CVE-2021-44228-Test-Server A small server for verifing if a given java program is succeptibel to CVE-2021-44228 Usage Build the program using go build
Parser / Scanner Generator
New Have a look at https://github.com/goccmack/gogll for scannerless GLL parser generation. Gocc Introduction Gocc is a compiler kit for Go written in
Grafana Unauthorized arbitrary file reading vulnerability
CVE-2021-43798 Grafana Unauthorized arbitrary file reading vulnerability 8.3.1 (2021-12-07) Security: Fixes CVE-2021-43798 . For more information, see
Grafana Arbitrary File Reading Vulnerability
GrafanaArbitraryFileRead Usage 1. show info ❯ go run main.go -s [INF] VulnInfo: { "Name": "Grafana Ar
Simple Golang HTTPS/TLS Examples
Generate private key (.key) # Key considerations for algorithm "RSA" ≥ 2048-bit openssl genrsa -out server.key 2048 # Key considerations for algorith
CVE-2021-43798 - Grafana 8.x Path Traversal (Pre-Auth)
CVE-2021-43798 Grafana 8.x Path Traversal (Pre-Auth) All credits go to j0v and his tweet https://twitter.com/j0v0x0/status/1466845212626542607 Disclai
A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.
PewSWITCH A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157. Related blog: https://0xinfection.github.io/p
CVE 2021 41277
CVE-2021-41277 Usage 1. show help info ~/CVE-2021-41277 ❯ go run main.go -h Usage of main: -f string File containing li
A compact, cross-platform scanner that scans ports and recognizes fingerprints.
portscan A compact, cross-platform scanner that scans ports and recognizes fingerprints. Usage: Usage of ./portscan: -H headers request headers
CVE-2021-22205 RCE
CVE-2021-22205 CVE-2021-22205 RCE 工具仅用于分享交流,切勿用于非授权测试,否则与作者无关 -R string VPS to load tools eg: -R 127.0.0.1:8083 -T string Tool nam
Analyse binaries for missing security features, information disclosure and more.
extrude Analyse binaries for missing security features, information disclosure and more. 🚧 Extrude is in the early stages of development, and current
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Table of contents 1. About 2. Getting started 2.1. Requirements 2.2. Installation 3. Usage 3.1. CLI Usage 3.2. Using Docker 3.3. Older versions 3.4. U
A high-performance concurrent scanner written by go, which can be used for survival detection, tcp port detection, and web service detection.
aScan A high-performance concurrent scanner written by go, which can be used for survival detection, tcp port detection, and web service detection. Fu
A CVE-2021-22205 Gitlab RCE POC written in Golang
Golang-CVE-2021-22205-POC A bare bones CVE-2021-22205 Gitlab RCE POC written in Golang which affects Gitlab CE/EE 13.10.3 Gitlab CE/EE 13.9.6 Gitl
A document scanner that creates a graph of the analogy between documents.
Social Analogizer The idea is that this program scans documents for keyword that correspond to other documents. Starting point is that a user has a pr
Get subdomain list and check whether they are active or not by each response code. Using API by c99.nl
getsubdomain Get subdomain list and check whether they are active or not by each response code. Using API by c99.nl Installation ▶ go install github.c
Network scanner for Netbox IPAM with VRF support
Installation git clone https://github.com/axxyhtrx/netbox-rollcall.git cd netbox-rollcall Pre-requirements Create config.yaml file in a root of the pr
A vulnerability scanner for container images and filesystems
A vulnerability scanner for container images and filesystems
A scanner for running security-related configuration checks such as CIS benchmarks
Localtoast Localtoast is a scanner for running security-related configuration checks such as CIS benchmarks in an easily configurable manner. The scan
High-performance port scanner.
go-portScan 高性能端口扫描器 High-performance port scanner. Feature Syn stateless scan Syn Automatic ARP detection on the Intranet Scanning for large address
PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS
CVE-2015-1635 PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS ./MS15-034 URL RESOURCE FLAG [0 or 18] Note
Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.
CVE-2021-29156 Proof-of-Concept (c) 2021 GuidePoint Security Charlton Trezevant [email protected] Background Today GuidePoint
Unofficial but convenient Go wrapper around the NVD API
NVD API The NVD API is an unofficial Go wrapper around the NVD API. Supports: CVE CPE How to use The following shows how to basically use the wrapper
mesh-kridik is an open-source security scanner that performs various security checks on a Kubernetes cluster with istio service mesh and is leveraged by OPA (Open Policy Agent) to enforce security rules.
mesh-kridik Enhance your Kubernetes service mesh security !! mesh-kridik is an open-source security scanner that performs various security checks on a
Subdomain scanner, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second
ksubdomain是一款基于无状态的子域名爆破工具,类似无状态端口扫描,支持在Windows/Linux/Mac上进行快速的DNS爆破,在Mac和Windows上理论最大发包速度在30w/s,linux上为160w/s。 hacking8信息流的src资产收集 https://i.hacking8
Port scanner written in Go
The result will be similar to that: Result of function ScanPort (scan specific port): 1024 Port result: {tcp/1024 Closed} Result of function InitialS
Carbon Black Harbor Adapter is a scanner to scan images in Harbor Registry with the help of Carbon Black Cloud.
carbon-black-adapter-for-harbor Overview Carbon Black adapter for Harbor integrates your Harbor Registry with the Carbon Black Cloud. It leverages Har
A basic port scanner written in go
go-port-scanner A ultra basic port scanner written in go, written for the advanced Go course in Platzi. Compilation Just as any go program go build ma
Harness Drone/CIE SonarQube Plugin with Quality Gateway
Harness Drone/CIE SonarQube Plugin with Quality Gateway The plugin of Harness Drone/CIE to integrate with SonarQube (previously called Sonar), which i
Akuma Scan comes with the purpose of scanning/detecting WAF (Web Application Firewall) on a certain website. Made to be easy, accurate and agile.
.m. ,_ ' ;M; ,;m ` ;M;.
The NVD API is an unofficial Go wrapper around the NVD API.
NVD API The NVD API is an unofficial Go wrapper around the NVD API. Supports: CVE CPE How to use The following shows how to basically use the wrapper
Example mini project golang scanner application
Golang Scanner Contoh pembuatan aplikasi Java menggunakan BlueJ cek disini, tetapi berikut ini adalah versi rebuild dari Java ke Golang, dengan menggu
Exploit for remote command execution in Golang go get command.
CVE-2018-6574 Exploit for remote command execution in Golang go get command. Introduction When you go get a package, Go is designed to build and insta
Open Source runtime scanner for OpenShift cluster and perform security audit checks based on CIS RedHat OpenShift Benchmark specification
OpenShift-Ordeal Scan your Openshift cluster !! OpenShift-Ordeal is an open source audit scanner who perform audit check on OpenShift Cluster and outp
A port scanner written in go
GoScanner A poor mans port scanner written in go Why? To help learn go Try and build something "somewhat" functional from the command line 🤷 To not s
A API scanner written in GOLANG to scan files recursively and look for API keys and IDs.
GO FIND APIS _____ ____ ______ _____ _ _ _____ _____ _____ _____ / ____|/ __ \ | ____|_ _| \ | | __ \ /\ | __ \_
crawlergo is a browser crawler that uses chrome headless mode for URL collection.
A powerful browser crawler for web vulnerability scanners
Exploitation of CVE-2018-18925 a Remote Code Execution against the Git self hosted tool: Gogs.
CVE-2018-18925 Exploitation of CVE-2018-18925 a Remote Code Execution against the Git self hosted tool: Gogs. Gogs is based on the Macaron framework.
CVE-2021-26084 - Confluence Server Webwork OGNL injection (Pre-Auth RCE)
CVE-2021-26084 Proof of concept for CVE-2021-26084. Confluence Server Webwork OGNL injection (Pre-Auth RCE) Disclaimer This is for educational purpose
Confluence OGNL Injection [CVE-2021-26084].
CVE-2021-26084 this is a script written in golang to exploit Confluence OGNL Injection [CVE-2021-26084]. git clone https://github.com/march0s1as/CVE-
CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻💻
CVE-2021-3449 OpenSSL 1.1.1k DoS exploit Usage: go run . -host hostname:port This program implements a proof-of-concept exploit of CVE-2021-3449 affe
Port Scanner & Banner Identify From TianXiang
TXPortMap Port Scanner & Banner Identify From TianXiang ./TxPortMap -h 新增加彩色文字输出格式 对http/https协议进行title以及报文长度打印,获取title失败打印报文前20字节 新增日志文件以及扫描结果文件 T
check-cert: Go-based tooling to check/verify certs
check-cert: Go-based tooling to check/verify certs
Super Java Vulnerability Scanner
XiuScan 不完善,正在开发中 介绍 一个纯Golang编写基于命令行的Java框架漏洞扫描工具 致力于参考xray打造一款高效方便的漏扫神器 计划支持Fastjson、Shiro、Struts2、Spring、WebLogic等框架 PS: 取名为XiuScan因为带我入安全的大哥是修君 特点
TCP Port Scanner in GO lang
Port-Scanner-GO Simple TCP port scanner in golang. Installation & Build You have to have GO version 1.13 run: go build port-scanner-go.go Run single