25 Resources
Golang pentest Libraries
Automated penetration and auxiliary systems, providing XSS, XXE, DNS log, SSRF, RCE, web netcat and other Servers,gin-vue-admin
Simple DNS log Server,easy to ACME DNS challenge log easy send to elasticsearch https://github.com/hktalent/DNS_Server go4Hacker Automated penetration
CLi tools helping to forge HTTP smuggling attack and others
HTTPCustomHouse CLi tools helping to forge HTTP smuggling attack and others (httpcustomhouse) Analyze smuggled request without interacting with remote
Volana - Shell command obfuscation to avoid detection systems
volana (moon in malagasy) { Use it ; 🌚(hide from); 🌞(detected by) } Shell comm
Gichidan - CLI wrapper for Ichidan deep-web search engine.
gichidan gichidan - command line wrapper with enhanced pentest features for (onion link) Ichidan - deep-web search engine. ███ ██
RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.
RevSuit - A Flexible and Powerful Reverse Connection Platform English |简体中文 Overview RevSuit is a flexible and powerful reverse connection platform de
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Stowaway English Stowaway是一个利用go语言编写、专为渗透测试工作者制作的多级代理工具 用户可使用此程序将外部流量通过多个节点代理至内网,突破内网访问限制,构造树状节点网络,并轻松实现管理功能 PS:谢谢大家的star,同时欢迎大家使用后提出问题&&Bug 😘 。 PPS:
csg ("Credential Storage with Go") - a tool to organize the storage of credentials found during a CTF or Pentest.
csg csg ("Credential Storage with Go") - a tool to organize the storage of credentials found during a CTF or Pentest. Check out my blog on csg for mor
🎸 Make file exchange more Rock'N'Roll during pentest/ctf ➳ No requirement & Simple shortcuts
🎸 gitar ⇆ ~ Have the simplest possible shortcuts to upload/download file to/from the target machine ~ No installation needed on target machine ~ F
skweez spiders web pages and extracts words for wordlist generation.
skweez skweez (pronounced like "squeeze") spiders web pages and extracts words for wordlist generation. It is basically an attempt to make a more oper
htf (Host That File) is a tool to make serving up your favorite pentest tools simpler and faster.
htf htf (Host That File) is a tool to make serving up your favorite pentest tools simpler and faster. All you need to do is populate the htf configura
kdigger is a context discovery tool for Kubernetes penetration testing.
kdigger kdigger, short for "Kubernetes digger", is a context discovery tool for Kubernetes penetration testing. This tool is a compilation of various
A simple HTTP server for exfiltrating files/data during, for example, CTFs.
HTTPUploadExfil HTTPUploadExfil is a (very) simple HTTP server written in Go that's useful for getting files (and other information) off a machine usi
Curl & exec binary file in one step. Also a kind of stealth dropper.
curlNexec 👋 Certainly useful , mainly for fun, rougly inspired by 0x00 article Short story curlNexec enable us to execute a remote binary on a local
Golang binary for data exfiltration with ICMP protocol
QueenSono ICMP Data Exfiltration A Golang Package for Data Exfiltration with ICMP protocol. QueenSono tool only relies on the fact that ICMP protocol
An easy-to-use SHA-1 hash-cracker written in Golang.
wrench - An easy-to-use SHA-1 hash-cracker. Wrench is an SHA-1 hash-cracker that relies on wordlists for comparing hashes, and cracking them. Before W
🌀 Dismap - Asset discovery and identification tool
🌀 Dismap - Asset discovery and identification tool [English readme Click Me] Dismap 定位是一个资产发现和识别工具;其特色功能在于快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Ligolo-ng : Tunneling like a VPN An advanced, yet simple, tunneling tool that uses a TUN interface. by TNP IT Security Table of Contents Introduction
Ladon Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介 LadonGo一款开源内网渗透扫描器框架,使用它可轻松一键探测C段、B段、A段存活主机、指纹识别、端口扫描、密码爆破、远程执行、高危漏洞检测等。3.6版本包含2
使用Golang编写简易版Sqlmap
Go-Sqlmap 介绍 sqlmap是渗透测试界的神器,于是想尝试写一个简单的sqlmap,深入理解sql注入 使用Golang重写的原因:高效、生成可执行文件直接运行、无需搭建环境等 图片 效果如图,目前能够完成基于报错的注入,sqli-lab前三关没问题 直接使用 指定数据库 指定表名 指定字
httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
Features • Installation • Usage • Running httpx • Notes • Join Discord httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers us
Automatically spawn a reverse shell fully interactive for Linux or Windows victim
Girsh (Golang Interactive Reverse SHell) Who didn't get bored of manually typing the few lines to upgrade a reverse shell to a full interactive revers
Router socks. One port socks for all the others.
Router socks The next step after compromising a machine is to enumerate the network behind. Many tools exist to expose a socks port on the attacker's
ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
ServerScan ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗ ███████╗ ██████╗ █████╗ ███╗ ██╗ ██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗
360公司的Quake是与Fofa、Shodan类似的搜索引擎,而且效果更好
360 Quake API / Fofa API 项目介绍 360公司的Quake是与Fofa、Shodan类似的搜索引擎,而且效果更好,全名是360网络空间测绘系统 该项目起初是为了做QuakeAPI,后续发现实际工作中也有对FofaAPI的需求,所以最终打算兼容FofaAPI 具体如何使用可以参
Decrypt passwords/cookies/history/bookmarks from the browser.
hack-browser-data is an open-source tool that could help you decrypt data ( passwords|bookmarks|cookies|history ) from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux.