114 Resources
Golang vulnerability-detection Libraries
A soothing face filter where you can appreciate the beauty but not fully identify the person.
⭐ the project to show your appreciation. ↗️ Showerglass A soothing face filter where you can appreciate the beauty but not fully identify the person.
A lib for monitoring runtime goroutine stack
Overview A lib for monitoring runtime goroutine stack. Such as wait for goroutines to exit, leak detection, etc. Features context.Context first design
Goroutine Leak Detector
Leaktest Refactored, tested variant of the goroutine leak detector found in both net/http tests and the cockroachdb source tree. Takes a snapshot of r
💧 Visual Data Preparation (VDP) is an open-source tool to seamlessly integrate Vision AI with the modern data stack
Website | Community | Blog Get Early Access Visual Data Preparation (VDP) is an open-source tool to streamline the end-to-end visual data processing p
Golang distributed Slowloris attack 🦥
slowloris - Golang distributed Slowloris attack How it works Read the article 🦷 How to protect from it TBD Installation Run go install github.com/its
Vulnerability scanner for Spring4Shell (CVE-2022-22965)
go-scan-spring Vulnerability scanner to find Spring4Shell (CVE-2022-22965) vulnerabilities For more information: https://www.fracturelabs.com/posts/ef
Proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability.
proto-find proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability. How it works proto-find open URL in
Govuln - How to patch a vulnerability indirectly lifted into a Go Lang application in a manner which satsfies Twistlock scanning
govuln Desire to learn how to patch a vulnerability indirectly lifted into a Go
🍷 Find exploits and vulnerabilities in the most important databases.
🍷 Dionisio Dionisio is a tool that can automate the search for exploits and vulnerabilities. Written in Go and open source, Dionisio has an advanced
Stratus-red-team - Granular, Actionable Adversary Emulation for the Cloud
Stratus Red team Stratus Red Team is "Atomic Red Team™" for the cloud, allowing
Pwnkit-go - Exploit for the PwnKit vulnerability, CVE-2021-4034, written in Go
Pwnkit-go This is a working exploit for the pwnkit vulnerability, CVE-2021-4034,
Memberlist - Golang package for gossip based membership and failure detection
memberlist memberlist 是一个 Go 库,它使用基于 gossip 的协议来管理集群成员和成员故障检测。 这种库的用例影响深远:所有分布式系
Vulnerability-exporter - A Prometheus Exporter for managing vulnerabilities in kubernetes by using trivy
Kubernetes Vulnerability Exporter A Prometheus Exporter for managing vulnerabili
Experimental detection, and proof-of-concept, of Discord Nitro phishing/scam links via analyzing images.
Experimental detection, and proof-of-concept, of Discord Nitro phishing/scam links via analyzing images.
Volana - Shell command obfuscation to avoid detection systems
volana (moon in malagasy) { Use it ; 🌚(hide from); 🌞(detected by) } Shell comm
Proof of concept/experimental detection of Discord Nitro phishing links via image analyzation
discord-scam-detection Experimental detection, and proof-of-concept, of Discord Nitro phishing/scam links via analyzing images. This repository is not
Adaptive Accrual Failure Detector
Adaptive Accrual Failure Detector There is NO perfect failure detector. It's a trade-off between completeness and accuracy. Failure detection is not a
OpenSCA is a Software Composition Analysis (SCA) solution that supports detection of open source component dependencies and vulnerabilities.
OpenSCA-Cli 项目介绍 OpenSCA 用来扫描项目的第三方组件依赖及漏洞信息。 下载安装 从 releases 下载对应系统架构的可执行文件压缩包 或者下载源码编译(需要 go 1.11 及以上版本) git clone https://github.com/XmirrorSecurit
Detect Language API Go Client
Detect Language API Go Client Detects language of the given text. Returns detected language codes and scores. Before using Detect Language API client
Log4j detector and reporting server for scalable detection of vulnerable running processes.
Log4j Detector A client and reporting server to identify systems vulnerable to Log4j at scale. This work is based on Stripe's Remediation Tools, but w
Go-sec-code is a project for learning Go vulnerability code.
Welcome to go-sec-code 👋 Go-sec-code is a project for learning Go vulnerability code. 🏠 Homepage Introduction 用beego作为后端框架开发的go语言靶场,目前已经完成 commandIn
Resolv - A Simple 2D Golang collision detection and resolution library for games
Resolv v0.5.1 pkg.go.dev What is Resolv? Resolv is a 2D collision detection and resolution library, specifically created for simpler, arcade-y (non-re
Static analyser for finding Deadlocks in Go
dingo-hunter Static analyser for finding Deadlocks in Go This is a static analyser to model concurrency and find deadlocks in Go code. The main purpos
A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
log4jscanner A log4j vulnerability filesystem scanner and Go package for analyzing JAR files. Command line tool This project includes a scanner that w
A software supply chain security inspection tool.
README.md murphysec 一款专注于软件供应链安全的开源工具,包含开源组件依赖分析、漏洞检测及漏洞修复等功能。 安装 macOS 使用Homebrew安装 // TODO Windows 使用scoop安装 scoop bucket add murphysec https://gith
A vulnerability scanner for container images and filesystems
A vulnerability scanner for container images and filesystems. Easily install the
Discover and remediate Log4Shell vulnerability [CVE-2021-45105]
sakuraji_log4j This tool is used to discover and remedidate the Log4Shell vulnerability [CVE-2021-45105] by removing the 'JndiLookup.class' file from
face detction/recognization golang lib using tensorflow facenet
Golang lib for detect/recognize by tensorflow facenet Prerequest libtensorfow 1.x Follow the instruction Install TensorFlow for C facenet tenorflow sa
🔥 🔥 Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more. 🔥 🔥
CVE-2021-44228 Log4J Vulnerability can be detected at runtime and attack paths can be visualized by ThreatMapper. Live demo of Log4J Vulnerability her
Detect and fix log4j log4shell vulnerability (CVE-2021-44228)
log4fix This tool is to detect and fix the log4j log4shell vulnerability (CVE-2021-44228) by looking and removing the JndiLookup class from .jar/.war/
Simple reverse shell to avoid Windows defender and kaspersky detection
Windows-ReverseShell Simple reverse shell to avoid Windows defender, kaspersky d
Yet another log4j vulnerability scanner
k-amon-k - Yet another log4j scanner Quick-n-Dirty installation Assuming you hav
log4jshell vulnerability scanner for bug bounty
log4shell-looker a log4jshell vulnerability scanner for bug bounty (Written in G
log4jshell vulnerability checker tool
Description log4j-checker tool helps identify whether a certain system is running a vulnerable version of the log4j library. Download and run the tool
Check and exploit log4j2 vulnerability with single Go program.
Log4Shell Check and exploit log4j2 vulnerability with single Go program. You don't need to install anything except develop it. It supports ldaps and h
Check and exploit log4j2 vulnerability with single Go program.
log4j2-exp Check and exploit log4j2 vulnerability with single Go program. You don't need to install anything except develop it. It supports ldaps and
Ghec vulnerability alerts report for golang
ghec-vulnerability-alerts-report TODO Install $ go get github.com/stoe/ghec-vulnerability-alerts-report Usage $ ghec-vulnerability-alerts-report [opti
Tools for remediating the recent log4j2 RCE vulnerability (CVE-2021-44228)
log4j-remediation-tools Tools for finding and reproducing the CVE-2021-44228 log4j2 vulnerability Tools find-vulnerabilities: determine heuristically
A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
LogMePwn A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability. With enough amo
Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228
log4shell.tools log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j:
Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability (CVE-2021-44228)
scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability CVE-2021-4
Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS
log4j-scanner Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS. Example Usage Usage .\log4j-scanner.exe Terminal is used to output resul
A fast Golang library for media type and file extension detection, based on magic numbers
mimetype A package for detecting MIME types and extensions based on magic numbers Goroutine safe, extensible, no C bindings Features fast and precise
A tool for checking log4shell vulnerability mitigations
log4shell-ldap A tool for checking log4shell vulnerability mitigations. Usage: Build a container image: docker build . -t log4shell Run it: docker run
Dockerized Go app for testing the CVE-2021-44228 vulnerability
docker-log4shell Simple Go app / Docker image for playing with the CVE-2021-44228 vulnerability. Hosts a simple file server and an ldap server that pr
A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.
jndi-ldap-test-server This is a minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2
Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers.
Log4ShellScanner Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers. Very Beta Warning!
A standalone exporter for vulnerability reports and other CRs created by Starboard.
starboard-exporter Exposes Prometheus metrics from Starboard's VulnerabilityReport custom resources (CRs). Metrics This exporter exposes two types of
Grafana Unauthorized arbitrary file reading vulnerability
CVE-2021-43798 Grafana Unauthorized arbitrary file reading vulnerability 8.3.1 (2021-12-07) Security: Fixes CVE-2021-43798 . For more information, see
Grafana Arbitrary File Reading Vulnerability
GrafanaArbitraryFileRead Usage 1. show info ❯ go run main.go -s [INF] VulnInfo: { "Name": "Grafana Ar
GoVWA is a vulnerable web application designed for pentester or programmers to learn the web application vulnerability that often occur in web applications
GoVWA GoVWA (Go Vulnerable Web Application) is a vulnerable web application designed for pentester or programmers to learn the web application vulnera
PoC for Grafana 8.x Local File Inclusion (Pre-Auth)
Grafana 8.x Local File Inclusion (Pre-Auth) CVE: Pending All credits go to j0v and his tweet https://twitter.com/j0v0x0/status/1466845212626542607 Dis
Lightweight and dead-simple CI detection.
is-ci Lightweight and dead-simple CI detection for golang. This mod is based on the @npmcli/ci-detect package. Install go get -u github.com/wesleimp/i
donLoader is a shellcode loader creation tool that uses donut to convert executable payloads into shellcode to evade detection on disk.
donLoader WARNING: This is WIP, barely anything was tested properly. Use at your own risk. Description donLoader is a shellcode loader creation tool t
A Go library for terminal background color detection
go-termbg A Go library for terminal background color detection. The detected color is provided by RGB or theme ( dark or light ). Based on https://git
A high-performance concurrent scanner written by go, which can be used for survival detection, tcp port detection, and web service detection.
aScan A high-performance concurrent scanner written by go, which can be used for survival detection, tcp port detection, and web service detection. Fu
A vulnerability scanner for container images and filesystems
A vulnerability scanner for container images and filesystems
Generate vulnerability data from Github API
gen-vulnerability-data-from-api Generate vulnerability data from Github API Usage Run go build && ./gen-vulnerability-data-from-api Github Username
🔎 Help find Trojan Source vulnerability in code 👀 . Useful for code review in project with multiple collaborators
TrojanSourceFinder TrojanSourceFinder helps developers detect "Trojan Source" vulnerability in source code. Trojan Source vulnerability allows an atta
Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.
CVE-2021-29156 Proof-of-Concept (c) 2021 GuidePoint Security Charlton Trezevant [email protected] Background Today GuidePoint
[mirror] the database client and tools for the Go vulnerability database
The Go Vulnerability Database golang.org/x/vulndb This repository is a prototype of the Go Vulnerability Database. Read the Draft Design. Neither the
Dangling DNS entries detection tool.
dnscheck Introduction dnscheck is a tool that reads a list of domains from a file and checks them for the following issues: CNAMEs pointing to an uncl
crawlergo is a browser crawler that uses chrome headless mode for URL collection.
A powerful browser crawler for web vulnerability scanners
Dynamically Generates Ysoserial's Payload by Golang
Gososerial 介绍 ysoserial是java反序列化安全方面著名的工具 无需java环境,无需下载ysoserial.jar文件 输入命令直接获得payload,方便编写安全工具 目前已支持CC1-CC7,K1-K4和CB1链 Introduce Ysoserial is a well-
Super Java Vulnerability Scanner
XiuScan 不完善,正在开发中 介绍 一个纯Golang编写基于命令行的Java框架漏洞扫描工具 致力于参考xray打造一款高效方便的漏扫神器 计划支持Fastjson、Shiro、Struts2、Spring、WebLogic等框架 PS: 取名为XiuScan因为带我入安全的大哥是修君 特点
DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.
Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.
🌀 Dismap - Asset discovery and identification tool
🌀 Dismap - Asset discovery and identification tool [English readme Click Me] Dismap 定位是一个资产发现和识别工具;其特色功能在于快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑
A discord server guard which uses emojis and bot detection (WIP)
server-guard A discord server guard which uses emojis and bot detection (WIP) Config options SusLevel: how many checks the account has to fail before
🔭 Kubernetes out-cluster vulnerability scanner
Kubnerable Kubnerable is an out-cluster vulnerability scanner tool for Kubernetes resources. It comes with a predefined vulnerability database (vulner
👄 The most accurate natural language detection library in the Go ecosystem, suitable for long and short text alike
Its task is simple: It tells you which language some provided textual data is written in. This is very useful as a preprocessing step for linguistic data in natural language processing applications such as text classification and spell checking. Other use cases, for instance, might include routing e-mails to the right geographically located customer service department, based on the e-mails' languages.
👄 The most accurate natural language detection library in the Go ecosystem, suitable for long and short text alike
👄 The most accurate natural language detection library in the Go ecosystem, suitable for long and short text alike
Ladon Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介 LadonGo一款开源内网渗透扫描器框架,使用它可轻松一键探测C段、B段、A段存活主机、指纹识别、端口扫描、密码爆破、远程执行、高危漏洞检测等。3.6版本包含2
全新的开源漏洞测试框架,实现poc在线编辑、运行、批量测试。使用文档:
pocassist是一个 Golang 编写的全新开源漏洞测试框架。 简单易用 只需要在前端编辑,即可生成poc对批量目标进行测试 单二进制文件,无依赖,也无需安装 性能优秀 支持高并发,通过使用 ants实例化协程池,复用 goroutine 多重内存复用,尽可能小的内存占用 规则体系 完全兼容x
Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...
Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more... Coded with 💙 by edoardottt. Share on Twitter! P
CrowdSec - an open-source massively multiplayer firewall able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global IP reputation database to protect the user network.
📚 Documentation 💠 Configuration Hub 💬 Discourse (Forum) 💬 Gitter (Live chat) 💃 This is a community driven project, we need your feedback. TL;DR
Chronos - A static race detector for the go language
Chronos Chronos is a static race detector for the Go language written in Go. Quick Start: Download the package go get -v github.com/amit-davidson/Chro
Go implementation of the yolo v3 object detection system
Go YOLO V3 This repository provides a plug and play implementation of the Yolo V3 object detection system in Go, leveraging gocv. Prerequisites Since
A Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CI
A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Abstract Trivy (tri pronounced like trigger, vy
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Finder Of XSS, and Dal(달) is the Korean pronunciation of moon. What is DalFox 🌘 🦊 DalFox is a fast, powerful parameter analysis and XSS scanner, bas
The Go Vulnerability Database
The Go Vulnerability Database golang.org/x/vulndb This repository is a prototype of the Go Vulnerability Database. Read the Draft Design. Neither the
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Introduction Microsoft Application Inspector is a software source code characterization tool that helps identify coding features of first or third par
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
Welcome to xray 👋 一款功能强大的安全评估工具 ✨ Demo 🏠 使用文档 ⬇️ 下载地址 注意:xray 不开源,直接下载构建的二进制文件即可,仓库内主要为社区贡献的 poc,每次 xray 发布将自动打包。 🚀 快速使用 在使用之前,请务必阅读并同意 License 文件中
A high performance go implementation of Wappalyzer Technology Detection Library
wappalyzergo A high performance port of the Wappalyzer Technology Detection Library to Go. Inspired by https://github.com/rverton/webanalyze. Features
Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.
Fast and customisable vulnerability scanner based on simple YAML based DSL. How • Install • For Security Engineers • For Developers • Documentation •
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Vuls: VULnerability Scanner Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go. We have a slack team. Join slack team Twitter: @vuls_e
Vulnerability Static Analysis for Containers
Clair Note: The main branch may be in an unstable or even broken state during development. Please use releases instead of the main branch in order to
Cross platform locale detection for Golang
go-locale go-locale is a Golang lib for cross platform locale detection. OS Support Support all OS that Golang supported, except android: aix: IBM AIX
kunpeng是一个Golang编写的开源POC框架/库,以动态链接库的形式提供各种语言调用,通过此项目可快速开发漏洞检测类的系统。
Kunpeng 简介 Kunpeng是一个Golang编写的开源POC检测框架,集成了包括数据库、中间件、web组件、cms等等的漏洞POC(查看已收录POC列表),可检测弱口令、SQL注入、XSS、RCE等漏洞类型,以动态链接库的形式提供调用,通过此项目可快速开发漏洞检测类的系统,比攻击者快一步发
Content aware image resize library
Caire is a content aware image resize library based on Seam Carving for Content-Aware Image Resizing paper. How does it work An energy map (edge detec
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptograp
Real-time HTTP Intrusion Detection
teler Real-time HTTP Intrusion Detection Contribute · What's new · Report Bug · Request Feature teler is an real-time intrusion detection and threat a
A fast tool to scan CRLF vulnerability written in Go
CRLFuzz A fast tool to scan CRLF vulnerability written in Go Resources Installation from Binary from Source from GitHub Usage Basic Usage Flags Target
The fastest dork scanner written in Go.
go-dork The fastest dork scanner written in Go. There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yaho
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
shhgit helps secure forward-thinking development, operations, and security teams by finding secrets across their code before it leads to a security br
Cross platform locale detection for Golang
go-locale go-locale is a Golang lib for cross platform locale detection. OS Support Support all OS that Golang supported, except android: aix: IBM AIX
A Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CI
A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Table of Contents Abstract Features Installation
Fast face detection, pupil/eyes localization and facial landmark points detection library in pure Go.
Pigo is a pure Go face detection, pupil/eyes localization and facial landmark points detection library based on Pixel Intensity Comparison-based Objec
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).
proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson
Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.
Vilicus Table of Contents Overview How does it work? Architecture Development Run deployment manually Usage Example of analysis Overview Vilicus is an