28 Resources
Golang pentesting Libraries
Cloud IP address ranges lookup tool + DNS subdomain enumeration + Certificate Transparency
Cloud edge Lookup an IP to find the cloud provider and other details based on the provider's published JSON data Cloud edge is a recon tool focused on
Active Directory & Red-Team Cheat-Sheet in constant expansion.
This AD attacks CheatSheet, made by RistBS is inspired by the Active-Directory-Exploitation-Cheat-Sheet repo. Edit : Thanks for 100 stars :D it is the
GONET-Scanner - Golang network scanner with arp discovery and own parser
GO/NET Scanner ScreenShots Install chmod +x install.sh ./install.sh [as root] U
🔎🪲 Malleable C2 profiles parser and assembler written in golang
goMalleable 🔎 🪲 Malleable C2 profiles parser and assembler written in golang Table of Contents Introduction Installation Usage Examples Introduction
Savoir - A tool to perform tasks during internal security assessment
Savoir Savoir is a tool to perform tasks during internal security assessment. Th
SSH based reverse shell
Reverse SSH Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote for
Ffind - A tool to find files of interest on a compromised host during a penetration test
ffind ffind is a tool to find files of interest on a compromised host during a p
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Stowaway English Stowaway是一个利用go语言编写、专为渗透测试工作者制作的多级代理工具 用户可使用此程序将外部流量通过多个节点代理至内网,突破内网访问限制,构造树状节点网络,并轻松实现管理功能 PS:谢谢大家的star,同时欢迎大家使用后提出问题&&Bug 😘 。 PPS:
Fast, zero config web endpoint change monitor
web monitor fast, zero config web endpoint change monitor. for comparing responses, a selected list of http headers and the full response body is stor
🍳 The most delicious pentesting tool
Misterchef Framework 👨🍳 The most delicious pentesting tool 👩🍳 Under development... Misterchef is a graphical vulnerability exploitation and vali
A simple HTTP server for exfiltrating files/data during, for example, CTFs.
HTTPUploadExfil HTTPUploadExfil is a (very) simple HTTP server written in Go that's useful for getting files (and other information) off a machine usi
Scan Fastjson Use Golang Only
SuperFastjsonScan 该工具仅是Demo版,并不完善,给各位提供一个思路 参考工具:https://github.com/EmYiQing/XiuScan/ 该工具的核心是:不搭建JNDI Server或LDAP Server,也不用Dnslog平台,即可进行无回显Java反序列化漏洞
Dynamically Generates Ysoserial's Payload by Golang
Gososerial 介绍 ysoserial是java反序列化安全方面著名的工具 无需java环境,无需下载ysoserial.jar文件 输入命令直接获得payload,方便编写安全工具 目前已支持CC1-CC7,K1-K4和CB1链 Introduce Ysoserial is a well-
Super Java Vulnerability Scanner
XiuScan 不完善,正在开发中 介绍 一个纯Golang编写基于命令行的Java框架漏洞扫描工具 致力于参考xray打造一款高效方便的漏扫神器 计划支持Fastjson、Shiro、Struts2、Spring、WebLogic等框架 PS: 取名为XiuScan因为带我入安全的大哥是修君 特点
TProx is a fast reverse proxy path traversal detector and directory bruteforcer.
TProx is a fast reverse proxy path traversal detector and directory bruteforcer Install • Usage • Examples • Join Discord Install Options From Source
An easy-to-use SHA-1 hash-cracker written in Golang.
wrench - An easy-to-use SHA-1 hash-cracker. Wrench is an SHA-1 hash-cracker that relies on wordlists for comparing hashes, and cracking them. Before W
Small utility package for stealing tokens from other processes and using them in current threads, or duplicating them and starting other processes
getsystem small utility for impersonating a user in the current thread or starting a new process with a duplicated token. must already be in a high in
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Ligolo-ng : Tunneling like a VPN An advanced, yet simple, tunneling tool that uses a TUN interface. by TNP IT Security Table of Contents Introduction
Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
cent Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place Inst
Fast web fuzzer written in Go
/'___\ /'___\ /'___\ /\ \__/ /\ \__/ __ __ /\ \__/ \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\ \ \ \_/ \ \ \_/\ \ \_\ \ \ \
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
Minimal HTTP File Server for pentesting written in Go
Golang implementation of simple HTTP server with upload feature.
Gorsair hacks its way into remote docker containers that expose their APIs
Gorsair Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access
Idiomatic nmap library for go developers
nmap This library aims at providing idiomatic nmap bindings for go developers, in order to make it easier to write security audit tools using golang.
Hetty is an HTTP toolkit for security research.
Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful
Gorsair hacks its way into remote docker containers that expose their APIs
Gorsair Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access
360公司的Quake是与Fofa、Shodan类似的搜索引擎,而且效果更好
360 Quake API / Fofa API 项目介绍 360公司的Quake是与Fofa、Shodan类似的搜索引擎,而且效果更好,全名是360网络空间测绘系统 该项目起初是为了做QuakeAPI,后续发现实际工作中也有对FofaAPI的需求,所以最终打算兼容FofaAPI 具体如何使用可以参
Cameradar hacks its way into RTSP videosurveillance cameras
Cameradar An RTSP stream access tool that comes with its library Cameradar allows you to Detect open RTSP hosts on any accessible target host Detect w