69 Resources
Golang vulnerability-assessment Libraries
Golang distributed Slowloris attack 🦥
slowloris - Golang distributed Slowloris attack How it works Read the article 🦷 How to protect from it TBD Installation Run go install github.com/its
Vulnerability scanner for Spring4Shell (CVE-2022-22965)
go-scan-spring Vulnerability scanner to find Spring4Shell (CVE-2022-22965) vulnerabilities For more information: https://www.fracturelabs.com/posts/ef
Proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability.
proto-find proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability. How it works proto-find open URL in
Govuln - How to patch a vulnerability indirectly lifted into a Go Lang application in a manner which satsfies Twistlock scanning
govuln Desire to learn how to patch a vulnerability indirectly lifted into a Go
🍷 Find exploits and vulnerabilities in the most important databases.
🍷 Dionisio Dionisio is a tool that can automate the search for exploits and vulnerabilities. Written in Go and open source, Dionisio has an advanced
An app that fetches a random name and joke, and combines them.
Wildfire Backend Assessment An app that fetches a random name and joke, and combines them.
Pwnkit-go - Exploit for the PwnKit vulnerability, CVE-2021-4034, written in Go
Pwnkit-go This is a working exploit for the pwnkit vulnerability, CVE-2021-4034,
Iphelper - Cyderes/Fishtech golang assessment
Cyderes/Fishtech golang assessment iphelper: IP enrichment serverless function f
Vulnerability-exporter - A Prometheus Exporter for managing vulnerabilities in kubernetes by using trivy
Kubernetes Vulnerability Exporter A Prometheus Exporter for managing vulnerabili
Savoir - A tool to perform tasks during internal security assessment
Savoir Savoir is a tool to perform tasks during internal security assessment. Th
Go-sec-code is a project for learning Go vulnerability code.
Welcome to go-sec-code 👋 Go-sec-code is a project for learning Go vulnerability code. 🏠 Homepage Introduction 用beego作为后端框架开发的go语言靶场,目前已经完成 commandIn
Myretail-target-case-study - Case study assessment for Target.com
myRetail This project contains two solutions to the Target myRetail case study. The prompt is copied over to PROMPT.md for convenience, but the TLDR i
A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
log4jscanner A log4j vulnerability filesystem scanner and Go package for analyzing JAR files. Command line tool This project includes a scanner that w
A software supply chain security inspection tool.
README.md murphysec 一款专注于软件供应链安全的开源工具,包含开源组件依赖分析、漏洞检测及漏洞修复等功能。 安装 macOS 使用Homebrew安装 // TODO Windows 使用scoop安装 scoop bucket add murphysec https://gith
A vulnerability scanner for container images and filesystems
A vulnerability scanner for container images and filesystems. Easily install the
Discover and remediate Log4Shell vulnerability [CVE-2021-45105]
sakuraji_log4j This tool is used to discover and remedidate the Log4Shell vulnerability [CVE-2021-45105] by removing the 'JndiLookup.class' file from
This is Reperio Health's GoLang backend assessment
reperio-backend-assessment This is Reperio Health's GoLang backend assessment. N
🔥 🔥 Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more. 🔥 🔥
CVE-2021-44228 Log4J Vulnerability can be detected at runtime and attack paths can be visualized by ThreatMapper. Live demo of Log4J Vulnerability her
Detect and fix log4j log4shell vulnerability (CVE-2021-44228)
log4fix This tool is to detect and fix the log4j log4shell vulnerability (CVE-2021-44228) by looking and removing the JndiLookup class from .jar/.war/
Yet another log4j vulnerability scanner
k-amon-k - Yet another log4j scanner Quick-n-Dirty installation Assuming you hav
log4jshell vulnerability scanner for bug bounty
log4shell-looker a log4jshell vulnerability scanner for bug bounty (Written in G
log4jshell vulnerability checker tool
Description log4j-checker tool helps identify whether a certain system is running a vulnerable version of the log4j library. Download and run the tool
Check and exploit log4j2 vulnerability with single Go program.
Log4Shell Check and exploit log4j2 vulnerability with single Go program. You don't need to install anything except develop it. It supports ldaps and h
Check and exploit log4j2 vulnerability with single Go program.
log4j2-exp Check and exploit log4j2 vulnerability with single Go program. You don't need to install anything except develop it. It supports ldaps and
Ghec vulnerability alerts report for golang
ghec-vulnerability-alerts-report TODO Install $ go get github.com/stoe/ghec-vulnerability-alerts-report Usage $ ghec-vulnerability-alerts-report [opti
Tools for remediating the recent log4j2 RCE vulnerability (CVE-2021-44228)
log4j-remediation-tools Tools for finding and reproducing the CVE-2021-44228 log4j2 vulnerability Tools find-vulnerabilities: determine heuristically
A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
LogMePwn A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability. With enough amo
Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228
log4shell.tools log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j:
Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability (CVE-2021-44228)
scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability CVE-2021-4
Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS
log4j-scanner Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS. Example Usage Usage .\log4j-scanner.exe Terminal is used to output resul
A tool for checking log4shell vulnerability mitigations
log4shell-ldap A tool for checking log4shell vulnerability mitigations. Usage: Build a container image: docker build . -t log4shell Run it: docker run
Dockerized Go app for testing the CVE-2021-44228 vulnerability
docker-log4shell Simple Go app / Docker image for playing with the CVE-2021-44228 vulnerability. Hosts a simple file server and an ldap server that pr
A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.
jndi-ldap-test-server This is a minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2
Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers.
Log4ShellScanner Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers. Very Beta Warning!
A standalone exporter for vulnerability reports and other CRs created by Starboard.
starboard-exporter Exposes Prometheus metrics from Starboard's VulnerabilityReport custom resources (CRs). Metrics This exporter exposes two types of
Grafana Unauthorized arbitrary file reading vulnerability
CVE-2021-43798 Grafana Unauthorized arbitrary file reading vulnerability 8.3.1 (2021-12-07) Security: Fixes CVE-2021-43798 . For more information, see
Grafana Arbitrary File Reading Vulnerability
GrafanaArbitraryFileRead Usage 1. show info ❯ go run main.go -s [INF] VulnInfo: { "Name": "Grafana Ar
GoVWA is a vulnerable web application designed for pentester or programmers to learn the web application vulnerability that often occur in web applications
GoVWA GoVWA (Go Vulnerable Web Application) is a vulnerable web application designed for pentester or programmers to learn the web application vulnera
PoC for Grafana 8.x Local File Inclusion (Pre-Auth)
Grafana 8.x Local File Inclusion (Pre-Auth) CVE: Pending All credits go to j0v and his tweet https://twitter.com/j0v0x0/status/1466845212626542607 Dis
Assessment challenge for tuimusement
TUI Musement Assessment Challenge Based on this Gist I created the following solution. Installation The repository already contains the external packa
A vulnerability scanner for container images and filesystems
A vulnerability scanner for container images and filesystems
Generate vulnerability data from Github API
gen-vulnerability-data-from-api Generate vulnerability data from Github API Usage Run go build && ./gen-vulnerability-data-from-api Github Username
🔎 Help find Trojan Source vulnerability in code 👀 . Useful for code review in project with multiple collaborators
TrojanSourceFinder TrojanSourceFinder helps developers detect "Trojan Source" vulnerability in source code. Trojan Source vulnerability allows an atta
Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.
CVE-2021-29156 Proof-of-Concept (c) 2021 GuidePoint Security Charlton Trezevant [email protected] Background Today GuidePoint
[mirror] the database client and tools for the Go vulnerability database
The Go Vulnerability Database golang.org/x/vulndb This repository is a prototype of the Go Vulnerability Database. Read the Draft Design. Neither the
Coding assessment to create Todo app given by Percipia
Coding assessment to create Todo app given by Percipia
crawlergo is a browser crawler that uses chrome headless mode for URL collection.
A powerful browser crawler for web vulnerability scanners
Dynamically Generates Ysoserial's Payload by Golang
Gososerial 介绍 ysoserial是java反序列化安全方面著名的工具 无需java环境,无需下载ysoserial.jar文件 输入命令直接获得payload,方便编写安全工具 目前已支持CC1-CC7,K1-K4和CB1链 Introduce Ysoserial is a well-
Super Java Vulnerability Scanner
XiuScan 不完善,正在开发中 介绍 一个纯Golang编写基于命令行的Java框架漏洞扫描工具 致力于参考xray打造一款高效方便的漏扫神器 计划支持Fastjson、Shiro、Struts2、Spring、WebLogic等框架 PS: 取名为XiuScan因为带我入安全的大哥是修君 特点
DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
🔭 Kubernetes out-cluster vulnerability scanner
Kubnerable Kubnerable is an out-cluster vulnerability scanner tool for Kubernetes resources. It comes with a predefined vulnerability database (vulner
全新的开源漏洞测试框架,实现poc在线编辑、运行、批量测试。使用文档:
pocassist是一个 Golang 编写的全新开源漏洞测试框架。 简单易用 只需要在前端编辑,即可生成poc对批量目标进行测试 单二进制文件,无依赖,也无需安装 性能优秀 支持高并发,通过使用 ants实例化协程池,复用 goroutine 多重内存复用,尽可能小的内存占用 规则体系 完全兼容x
Kubei is a flexible Kubernetes runtime scanner, scanning images of worker and Kubernetes nodes providing accurate vulnerabilities assessment, for more information checkout:
Kubei is a vulnerabilities scanning and CIS Docker benchmark tool that allows users to get an accurate and immediate risk assessment of their kubernet
A Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CI
A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Abstract Trivy (tri pronounced like trigger, vy
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Finder Of XSS, and Dal(달) is the Korean pronunciation of moon. What is DalFox 🌘 🦊 DalFox is a fast, powerful parameter analysis and XSS scanner, bas
The Go Vulnerability Database
The Go Vulnerability Database golang.org/x/vulndb This repository is a prototype of the Go Vulnerability Database. Read the Draft Design. Neither the
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
Welcome to xray 👋 一款功能强大的安全评估工具 ✨ Demo 🏠 使用文档 ⬇️ 下载地址 注意:xray 不开源,直接下载构建的二进制文件即可,仓库内主要为社区贡献的 poc,每次 xray 发布将自动打包。 🚀 快速使用 在使用之前,请务必阅读并同意 License 文件中
Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.
Fast and customisable vulnerability scanner based on simple YAML based DSL. How • Install • For Security Engineers • For Developers • Documentation •
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Vuls: VULnerability Scanner Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go. We have a slack team. Join slack team Twitter: @vuls_e
Vulnerability Static Analysis for Containers
Clair Note: The main branch may be in an unstable or even broken state during development. Please use releases instead of the main branch in order to
kunpeng是一个Golang编写的开源POC框架/库,以动态链接库的形式提供各种语言调用,通过此项目可快速开发漏洞检测类的系统。
Kunpeng 简介 Kunpeng是一个Golang编写的开源POC检测框架,集成了包括数据库、中间件、web组件、cms等等的漏洞POC(查看已收录POC列表),可检测弱口令、SQL注入、XSS、RCE等漏洞类型,以动态链接库的形式提供调用,通过此项目可快速开发漏洞检测类的系统,比攻击者快一步发
A port of Rebecca Murphey's js-assessment for Go
go-assessment Your Job Is To Make The Tests Pass! What is this? This is a tool for assessing or practicing beginner level programming in Golang. It is
A fast tool to scan CRLF vulnerability written in Go
CRLFuzz A fast tool to scan CRLF vulnerability written in Go Resources Installation from Binary from Source from GitHub Usage Basic Usage Flags Target
The fastest dork scanner written in Go.
go-dork The fastest dork scanner written in Go. There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yaho
A Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CI
A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Table of Contents Abstract Features Installation
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).
proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson
Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.
Vilicus Table of Contents Overview How does it work? Architecture Development Run deployment manually Usage Example of analysis Overview Vilicus is an
Find secrets and passwords in container images and file systems
Find secrets and passwords in container images and file systems
Wprecon, is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.
WPrecon (Wordpress Recon) Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go. Featu